diff options
Diffstat (limited to 'app/src/main/java/se/leap')
4 files changed, 116 insertions, 162 deletions
diff --git a/app/src/main/java/se/leap/bitmaskclient/Dashboard.java b/app/src/main/java/se/leap/bitmaskclient/Dashboard.java index 473cd5ec..e4e575e4 100644 --- a/app/src/main/java/se/leap/bitmaskclient/Dashboard.java +++ b/app/src/main/java/se/leap/bitmaskclient/Dashboard.java @@ -42,6 +42,7 @@ public class Dashboard extends Activity implements LogInDialog.LogInDialogInterf protected static final int CONFIGURE_LEAP = 0; protected static final int SWITCH_PROVIDER = 1; + final public static String TAG = Dashboard.class.getSimpleName(); final public static String SHARED_PREFERENCES = "LEAPPreferences"; final public static String ACTION_QUIT = "quit"; public static final String REQUEST_CODE = "request_code"; @@ -49,21 +50,19 @@ public class Dashboard extends Activity implements LogInDialog.LogInDialogInterf public static final String START_ON_BOOT = "dashboard start on boot"; final public static String ON_BOOT = "dashboard on boot"; public static final String APP_VERSION = "bitmask version"; - final public static String TAG = Dashboard.class.getSimpleName(); - + private static Context app; + protected static SharedPreferences preferences; + private FragmentManagerEnhanced fragment_manager; + private EipServiceFragment eipFragment; - private ProgressBar mProgressBar; - private TextView eipStatus; - private static Context app; - protected static SharedPreferences preferences; - private static Provider provider; - - private boolean authed_eip = false; - + private ProgressBar mProgressBar; + private TextView eipStatus; public ProviderAPIResultReceiver providerAPI_result_receiver; - private FragmentManagerEnhanced fragment_manager; + private static Provider provider; + private static boolean authed_eip; + @Override protected void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); @@ -78,11 +77,11 @@ public class Dashboard extends Activity implements LogInDialog.LogInDialogInterf fragment_manager = new FragmentManagerEnhanced(getFragmentManager()); handleVersion(); - authed_eip = preferences.getBoolean(Constants.AUTHED_EIP, false); - if (preferences.getString(Provider.KEY, "").isEmpty()) - startActivityForResult(new Intent(this,ConfigurationWizard.class),CONFIGURE_LEAP); - else - buildDashboard(getIntent().getBooleanExtra(ON_BOOT, false)); + boolean provider_configured = preferences.getString(Constants.KEY, "").isEmpty(); + if (provider_configured) + startActivityForResult(new Intent(this,ConfigurationWizard.class),CONFIGURE_LEAP); + else + buildDashboard(getIntent().getBooleanExtra(ON_BOOT, false)); } private void handleVersion() { diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/Constants.java b/app/src/main/java/se/leap/bitmaskclient/eip/Constants.java index 719fff6d..3b43282b 100644 --- a/app/src/main/java/se/leap/bitmaskclient/eip/Constants.java +++ b/app/src/main/java/se/leap/bitmaskclient/eip/Constants.java @@ -37,9 +37,9 @@ public interface Constants { public final static String EIP_NOTIFICATION = TAG + ".EIP_NOTIFICATION"; public final static String STATUS = TAG + ".STATUS"; public final static String DATE_FROM_CERTIFICATE = TAG + ".DATE_FROM_CERTIFICATE"; - public final static String ALLOWED_ANON = TAG + ".ALLOW_ANONYMOUS"; - public final static String ALLOWED_REGISTERED = TAG + ".ALLOW_REGISTRATION"; - public final static String CERTIFICATE = TAG + ".CERTIFICATE"; + public final static String ALLOWED_ANON = "allow_anonymous"; + public final static String ALLOWED_REGISTERED = "allow_registration"; + public final static String CERTIFICATE = "cert"; public final static String PRIVATE_KEY = TAG + ".PRIVATE_KEY"; public final static String KEY = TAG + ".KEY"; public final static String PARSED_SERIAL = TAG + ".PARSED_SERIAL"; diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/EIP.java b/app/src/main/java/se/leap/bitmaskclient/eip/EIP.java index b668ce64..92eba23c 100644 --- a/app/src/main/java/se/leap/bitmaskclient/eip/EIP.java +++ b/app/src/main/java/se/leap/bitmaskclient/eip/EIP.java @@ -51,20 +51,19 @@ public final class EIP extends IntentService { private static SharedPreferences preferences; - private static Context context; - private static ResultReceiver mReceiver; - private static boolean mBound = false; + private static Context context; + private static ResultReceiver mReceiver; + private static boolean mBound = false; - private static JSONObject eipDefinition = null; + private static int parsedEipSerial; + private static JSONObject eip_definition = null; - private static OVPNGateway activeGateway = null; + private static OVPNGateway activeGateway = null; public static VpnStatus.ConnectionStatus lastConnectionStatusLevel; public static boolean mIsDisconnecting = false; public static boolean mIsStarting = false; - public static SimpleDateFormat certificate_date_format = new SimpleDateFormat("yyyy-MM-dd HH:mm", Locale.US); - public EIP(){ super("LEAPEIP"); } @@ -76,6 +75,7 @@ public final class EIP extends IntentService { context = getApplicationContext(); preferences = getSharedPreferences(Dashboard.SHARED_PREFERENCES, MODE_PRIVATE); + refreshEipDefinition(); } @Override @@ -113,8 +113,10 @@ public final class EIP extends IntentService { */ private void startEIP() { earlyRoutes(); - activeGateway = selectGateway(); - + GatewaySelector gateway_selector = new GatewaySelector(eip_definition); + String selected_gateway = gateway_selector.select(); + + activeGateway = new OVPNGateway(selected_gateway); if(activeGateway != null && activeGateway.mVpnProfile != null) { mReceiver = EipServiceFragment.getReceiver(); launchActiveGateway(); @@ -131,93 +133,6 @@ public final class EIP extends IntentService { startActivity(void_vpn_launcher); } - /** - * Choose a gateway to connect to based on timezone from system locale data - * - * @return The gateway to connect to - */ - private OVPNGateway selectGateway() { - String closest_location = closestGateway(); - String chosen_host = chooseHost(closest_location); - - return new OVPNGateway(chosen_host); - } - - private String closestGateway() { - TreeMap<Integer, Set<String>> offsets = calculateOffsets(); - return offsets.isEmpty() ? "" : offsets.firstEntry().getValue().iterator().next(); - } - - private TreeMap<Integer, Set<String>> calculateOffsets() { - TreeMap<Integer, Set<String>> offsets = new TreeMap<Integer, Set<String>>(); - - int localOffset = Calendar.getInstance().get(Calendar.ZONE_OFFSET) / 3600000; - - JSONObject locations = availableLocations(); - Iterator<String> locations_names = locations.keys(); - while(locations_names.hasNext()) { - try { - String location_name = locations_names.next(); - JSONObject location = locations.getJSONObject(location_name); - - int dist = timezoneDistance(localOffset, location.optInt("timezone")); - - Set<String> set = (offsets.get(dist) != null) ? - offsets.get(dist) : new HashSet<String>(); - - set.add(location_name); - offsets.put(dist, set); - } catch (JSONException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - } - - return offsets; - } - - private JSONObject availableLocations() { - JSONObject locations = null; - try { - if(eipDefinition == null) updateEIPService(); - locations = eipDefinition.getJSONObject("locations"); - } catch (JSONException e1) { - // TODO Auto-generated catch block - e1.printStackTrace(); - } - - return locations; - } - - private int timezoneDistance(int local_timezone, int remote_timezone) { - // Distance along the numberline of Prime Meridian centric, assumes UTC-11 through UTC+12 - int dist = Math.abs(local_timezone - remote_timezone); - - // Farther than 12 timezones and it's shorter around the "back" - if (dist > 12) - dist = 12 - (dist -12); // Well i'll be. Absolute values make equations do funny things. - - return dist; - } - - private String chooseHost(String location) { - String chosen_host = ""; - try { - JSONArray gateways = eipDefinition.getJSONArray("gateways"); - for (int i = 0; i < gateways.length(); i++) { - JSONObject gw = gateways.getJSONObject(i); - if ( gw.getString("location").equalsIgnoreCase(location) || location.isEmpty()){ - chosen_host = eipDefinition.getJSONObject("locations").getJSONObject(gw.getString("location")).getString("name"); - break; - } - } - } catch (JSONException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - return chosen_host; - } - private void launchActiveGateway() { Intent intent = new Intent(this,LaunchVPN.class); intent.setAction(Intent.ACTION_MAIN); @@ -292,7 +207,22 @@ public final class EIP extends IntentService { e.printStackTrace(); } } + if (eip_definition != null && eip_definition.optInt("serial") >= parsedEipSerial) + updateGateways(); + } + private void refreshEipDefinition() { + try { + String eip_definition_string = preferences.getString(KEY, ""); + if(!eip_definition_string.isEmpty()) { + eip_definition = new JSONObject(eip_definition_string); + } + } catch (JSONException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + } + private void deleteAllVpnProfiles() { ProfileManager vpl = ProfileManager.getInstance(context); Collection<VpnProfile> profiles = vpl.getProfiles(); @@ -307,8 +237,8 @@ public final class EIP extends IntentService { private void updateGateways(){ JSONArray gatewaysDefined = null; try { - if(eipDefinition == null) updateEIPService(); - gatewaysDefined = eipDefinition.getJSONArray("gateways"); + if(eip_definition == null) updateEIPService(); + gatewaysDefined = eip_definition.getJSONArray("gateways"); for ( int i=0 ; i < gatewaysDefined.length(); i++ ){ JSONObject gw = null; gw = gatewaysDefined.getJSONObject(i); @@ -320,52 +250,18 @@ public final class EIP extends IntentService { // TODO Auto-generated catch block e.printStackTrace(); } - preferences.edit().putInt(PARSED_SERIAL, eipDefinition.optInt(Provider.API_RETURN_SERIAL)).commit(); + preferences.edit().putInt(PARSED_SERIAL, eip_definition.optInt(Provider.API_RETURN_SERIAL)).commit(); } private void checkCertValidity() { - String certificate = preferences.getString(CERTIFICATE, ""); - checkCertValidity(certificate); - } - - private void checkCertValidity(String certificate_string) { - if(!certificate_string.isEmpty()) { - X509Certificate certificate = ConfigHelper.parseX509CertificateFromString(certificate_string); - - Calendar offset_date = calculateOffsetCertificateValidity(certificate); - Bundle result = new Bundle(); - result.putString(REQUEST_TAG, ACTION_CHECK_CERT_VALIDITY); - try { - Log.d(TAG, "offset_date = " + offset_date.getTime().toString()); - certificate.checkValidity(offset_date.getTime()); - mReceiver.send(Activity.RESULT_OK, result); - Log.d(TAG, "Valid certificate"); - } catch(CertificateExpiredException e) { - mReceiver.send(Activity.RESULT_CANCELED, result); - Log.d(TAG, "Updating certificate"); - } catch(CertificateNotYetValidException e) { - mReceiver.send(Activity.RESULT_CANCELED, result); - } - } - } - - private Calendar calculateOffsetCertificateValidity(X509Certificate certificate) { - String current_date = certificate_date_format.format(Calendar.getInstance().getTime()).toString(); - - String date_string = preferences.getString(DATE_FROM_CERTIFICATE, current_date); - - Calendar offset_date = Calendar.getInstance(); - try { - Date date = certificate_date_format.parse(date_string); - long difference = Math.abs(date.getTime() - certificate.getNotAfter().getTime())/2; - long current_date_millis = offset_date.getTimeInMillis(); - offset_date.setTimeInMillis(current_date_millis + difference); - Log.d(TAG, "certificate not after = " + certificate.getNotAfter()); - } catch(ParseException e) { - e.printStackTrace(); - } - - return offset_date; + Bundle result = new Bundle(); + result.putString(REQUEST_TAG, ACTION_CHECK_CERT_VALIDITY); + + VpnCertificateValidator validator = new VpnCertificateValidator(); + if(validator.isValid(preferences.getString(CERTIFICATE, ""))) + mReceiver.send(Activity.RESULT_OK, result); + else + mReceiver.send(Activity.RESULT_CANCELED, result); } /** @@ -449,7 +345,7 @@ public final class EIP extends IntentService { try { ConfigParser cp = new ConfigParser(); - JSONObject openvpn_configuration = eipDefinition.getJSONObject("openvpn_configuration"); + JSONObject openvpn_configuration = eip_definition.getJSONObject("openvpn_configuration"); VpnConfigGenerator vpn_configuration_generator = new VpnConfigGenerator(preferences, openvpn_configuration, mGateway); String configuration = vpn_configuration_generator.generate(); @@ -475,7 +371,7 @@ public final class EIP extends IntentService { public String locationAsName() { try { - return eipDefinition.getJSONObject("locations").getJSONObject(mGateway.getString("location")).getString("name"); + return eip_definition.getJSONObject("locations").getJSONObject(mGateway.getString("location")).getString("name"); } catch (JSONException e) { Log.v(TAG,"Couldn't read gateway name for profile creation! Returning original name = " + mName); e.printStackTrace(); diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java b/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java new file mode 100644 index 00000000..a5f04368 --- /dev/null +++ b/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java @@ -0,0 +1,59 @@ +/** + * Copyright (c) 2013 LEAP Encryption Access Project and contributers + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ +package se.leap.bitmaskclient.eip; + +import android.util.Log; +import java.util.*; +import java.security.cert.*; +import java.text.*; + +import se.leap.bitmaskclient.ConfigHelper; +import static se.leap.bitmaskclient.eip.Constants.*; + +public class VpnCertificateValidator { + public final static String TAG = VpnCertificateValidator.class.getSimpleName(); + + public boolean isValid(String certificate) { + if(!certificate.isEmpty()) { + X509Certificate certificate_x509 = ConfigHelper.parseX509CertificateFromString(certificate); + return isValid(certificate_x509); + } else return false; + } + + private boolean isValid(X509Certificate certificate) { + Calendar offset_date = calculateOffsetCertificateValidity(certificate); + try { + Log.d(TAG, "offset_date = " + offset_date.getTime().toString()); + certificate.checkValidity(offset_date.getTime()); + return true; + } catch(CertificateExpiredException e) { + return false; + } catch(CertificateNotYetValidException e) { + return false; + } + } + + private Calendar calculateOffsetCertificateValidity(X509Certificate certificate) { + Log.d(TAG, "certificate not after = " + certificate.getNotAfter()); + long preventive_time = Math.abs(certificate.getNotBefore().getTime() - certificate.getNotAfter().getTime())/2; + long current_date_millis = Calendar.getInstance().getTimeInMillis(); + + Calendar limit_date = Calendar.getInstance(); + limit_date.setTimeInMillis(current_date_millis + preventive_time); + return limit_date; + } +} |