From 87446cbc0c818a374c057894b57e93156443a270 Mon Sep 17 00:00:00 2001 From: cyBerta Date: Sun, 31 Jul 2022 04:07:47 +0200 Subject: implement obfuscation pinning --- app/build.gradle | 10 +- .../java/de/blinkt/openvpn/core/ConfigParser.java | 9 +- .../base/fragments/ObfuscationProxyDialog.java | 119 +++++++++++++- .../base/fragments/SettingsFragment.java | 53 ++++++- .../leap/bitmaskclient/base/models/Constants.java | 8 + .../leap/bitmaskclient/base/models/Transport.java | 49 ++++++ .../bitmaskclient/base/utils/ConfigHelper.java | 27 ++++ .../bitmaskclient/base/utils/PreferenceHelper.java | 80 ++++++++++ .../java/se/leap/bitmaskclient/eip/Gateway.java | 56 ++++--- .../se/leap/bitmaskclient/eip/GatewaysManager.java | 58 +++++-- .../leap/bitmaskclient/eip/VpnConfigGenerator.java | 173 ++++++++++++++++----- app/src/main/res/layout/d_obfuscation_proxy.xml | 129 +++++++++++++++ app/src/main/res/layout/f_settings.xml | 3 +- .../bitmaskclient/eip/GatewaysManagerTest.java | 36 +++-- .../bitmaskclient/eip/VpnConfigGeneratorTest.java | 163 ++++++++++++++++--- .../ptdemo_misconfigured_kcp_gateways.json | 160 +++++++++++++++++++ .../test/resources/ptdemo_misconfigured_udp2.json | 65 ++++++++ 17 files changed, 1083 insertions(+), 115 deletions(-) create mode 100644 app/src/main/java/se/leap/bitmaskclient/base/models/Transport.java create mode 100644 app/src/main/res/layout/d_obfuscation_proxy.xml create mode 100644 app/src/test/resources/ptdemo_misconfigured_kcp_gateways.json create mode 100644 app/src/test/resources/ptdemo_misconfigured_udp2.json diff --git a/app/build.gradle b/app/build.gradle index 342e3b85..2dfef1b1 100644 --- a/app/build.gradle +++ b/app/build.gradle @@ -50,10 +50,10 @@ android { // decide if we use obfsvpn or shapeshifter as obfs4 lib buildConfigField 'boolean', 'use_obfsvpn', 'true' // obfsvpn Debugging config fields to pin and configure a particular proxy - buildConfigField 'boolean', 'obfsvpn_pinning', 'false' - buildConfigField "String", "obfsvpn_port", '""' - buildConfigField "String", "obfsvpn_ip", '""' - buildConfigField "String", "obfsvpn_cert", '""' + buildConfigField "String", "obfsvpn_port", '"443"' + buildConfigField "String", "obfsvpn_ip", '"163.172.58.132"' + buildConfigField "String", "obfsvpn_cert", '"/ntRNI6JYP7R6kGKldibKWj0aCsv96Hdu/jSGncPy+rcverCLI7Emod+vRkz61hM7F/udA"' + buildConfigField "String", "obfsvpn_gateway_host", '"vpn03-par.float.hexacab.org"' buildConfigField 'boolean', 'obfsvpn_use_kcp', 'false' // static update url pointing to the latest stable release apk @@ -148,10 +148,10 @@ android { // decide if we use obfsvpn or shapeshifter as obfs4 lib buildConfigField 'boolean', 'use_obfsvpn', 'true' // obfsvpn Debugging config fields to pin and configure a particular proxy - buildConfigField 'boolean', 'obfsvpn_pinning', 'false' buildConfigField "String", "obfsvpn_port", '""' buildConfigField "String", "obfsvpn_ip", '""' buildConfigField "String", "obfsvpn_cert", '""' + buildConfigField "String", "obfsvpn_gateway_host", '""' buildConfigField 'boolean', 'obfsvpn_use_kcp', 'false' //Build Config Fields for automatic apk update checks diff --git a/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java b/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java index 10dd7033..6063ea53 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java +++ b/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java @@ -5,10 +5,13 @@ package de.blinkt.openvpn.core; +import static de.blinkt.openvpn.core.connection.Connection.TransportType.PT; + import android.os.Build; -import androidx.core.util.Pair; import android.text.TextUtils; +import androidx.core.util.Pair; + import java.io.BufferedReader; import java.io.IOException; import java.io.Reader; @@ -27,8 +30,6 @@ import de.blinkt.openvpn.core.connection.Obfs4Connection; import de.blinkt.openvpn.core.connection.OpenvpnConnection; import se.leap.bitmaskclient.pluggableTransports.Obfs4Options; -import static de.blinkt.openvpn.core.connection.Connection.TransportType.OBFS4; - //! Openvpn Config FIle Parser, probably not 100% accurate but close enough // And remember, this is valid :) @@ -807,7 +808,7 @@ public class ConfigParser { return null; } else - conn = transportType == OBFS4 ? new Obfs4Connection(obfs4Options) : new OpenvpnConnection(); + conn = transportType.getMetaType() == PT ? new Obfs4Connection(obfs4Options) : new OpenvpnConnection(); Vector port = getOption("port", 1, 1); if (port != null) { diff --git a/app/src/main/java/se/leap/bitmaskclient/base/fragments/ObfuscationProxyDialog.java b/app/src/main/java/se/leap/bitmaskclient/base/fragments/ObfuscationProxyDialog.java index b7f16fa4..df78214d 100644 --- a/app/src/main/java/se/leap/bitmaskclient/base/fragments/ObfuscationProxyDialog.java +++ b/app/src/main/java/se/leap/bitmaskclient/base/fragments/ObfuscationProxyDialog.java @@ -1,2 +1,119 @@ -package se.leap.bitmaskclient.base.fragments;public class ObfuscationProxyDialog { +package se.leap.bitmaskclient.base.fragments; + +import static android.view.View.GONE; +import static android.view.View.VISIBLE; + +import android.app.Dialog; +import android.os.Bundle; +import android.text.TextUtils; +import android.view.View; +import android.widget.ArrayAdapter; + +import androidx.annotation.NonNull; +import androidx.annotation.Nullable; +import androidx.appcompat.app.AlertDialog; +import androidx.appcompat.app.AppCompatDialogFragment; +import androidx.appcompat.widget.AppCompatButton; +import androidx.appcompat.widget.AppCompatEditText; +import androidx.appcompat.widget.AppCompatSpinner; + +import java.util.ArrayList; + +import se.leap.bitmaskclient.base.utils.ConfigHelper.ObfsVpnHelper; +import se.leap.bitmaskclient.base.utils.PreferenceHelper; +import se.leap.bitmaskclient.base.views.IconSwitchEntry; +import se.leap.bitmaskclient.databinding.DObfuscationProxyBinding; +import se.leap.bitmaskclient.eip.GatewaysManager; + +public class ObfuscationProxyDialog extends AppCompatDialogFragment { + public static final String TAG = ObfuscationProxyDialog.class.getSimpleName(); + DObfuscationProxyBinding binding; + AppCompatEditText ipField; + AppCompatEditText portField; + AppCompatEditText certificateField; + AppCompatSpinner gatewayHost; + AppCompatButton saveButton; + AppCompatButton useDefaultsButton; + AppCompatButton cancelButton; + IconSwitchEntry kcpSwitch; + ArrayAdapter gatewayHosts; + + @NonNull + @Override + public Dialog onCreateDialog(@Nullable Bundle savedInstanceState) { + super.onCreate(savedInstanceState); + binding = DObfuscationProxyBinding.inflate(getLayoutInflater()); + View view = binding.getRoot(); + AlertDialog.Builder builder = new AlertDialog.Builder(getActivity()); + builder.setView(view); + ipField = binding.ipField; + portField = binding.portField; + certificateField = binding.certField; + gatewayHost = binding.gatewayHost; + saveButton = binding.buttonSave; + useDefaultsButton = binding.buttonDefaults; + cancelButton = binding.buttonCancel; + kcpSwitch = binding.kcpSwitch; + + ipField.setText(PreferenceHelper.getObfuscationPinningIP(getContext())); + portField.setText(PreferenceHelper.getObfuscationPinningPort(getContext())); + certificateField.setText(PreferenceHelper.getObfuscationPinningCert(getContext())); + kcpSwitch.setChecked(PreferenceHelper.getObfuscationPinningKCP(getContext())); + + GatewaysManager gatewaysManager = new GatewaysManager(getContext()); + ArrayList hostsList = gatewaysManager.getHosts(); + + hostsList.add(0, "Select a Gateway"); + gatewayHosts = new ArrayAdapter<>(getContext(), android.R.layout.simple_spinner_item, hostsList); + gatewayHosts.setDropDownViewResource(android.R.layout.simple_spinner_dropdown_item); + gatewayHost.setAdapter(gatewayHosts); + String selectedHost = PreferenceHelper.getObfuscationPinningGatewayHost(getContext()); + if (selectedHost != null) { + gatewayHost.setSelection(gatewayHosts.getPosition(selectedHost)); + } + + saveButton.setOnClickListener(v -> { + String ip = TextUtils.isEmpty(ipField.getText()) ? null : ipField.getText().toString(); + PreferenceHelper.setObfuscationPinningIP(v.getContext(), ip); + String port = TextUtils.isEmpty(portField.getText()) ? null : portField.getText().toString(); + PreferenceHelper.setObfuscationPinningPort(v.getContext(), port); + String cert = TextUtils.isEmpty(certificateField.getText()) ? null : certificateField.getText().toString(); + PreferenceHelper.setObfuscationPinningCert(v.getContext(), cert); + String gatewayHostName = gatewayHost.getSelectedItemPosition() == 0 ? null : gatewayHosts.getItem(gatewayHost.getSelectedItemPosition()); + PreferenceHelper.setObfuscationPinningGatewayHost(v.getContext(), gatewayHostName); + PreferenceHelper.setObfuscationPinningGatewayIP(v.getContext(), gatewaysManager.getIpForHost(gatewayHostName)); + PreferenceHelper.setObfuscationPinningKCP(v.getContext(), kcpSwitch.isChecked()); + PreferenceHelper.setUseObfuscationPinning(v.getContext(), ip != null && port != null && cert != null && gatewayHostName != null); + PreferenceHelper.setObfuscationPinningGatewayLocation(v.getContext(), gatewaysManager.getLocationNameForHost(gatewayHostName)); + dismiss(); + }); + + useDefaultsButton.setVisibility(ObfsVpnHelper.hasObfuscationPinningDefaults() ? VISIBLE : GONE); + useDefaultsButton.setOnClickListener(v -> { + ipField.setText(ObfsVpnHelper.obfsvpnIP()); + portField.setText(ObfsVpnHelper.obfsvpnPort()); + certificateField.setText(ObfsVpnHelper.obfsvpnCert()); + int position = gatewayHosts.getPosition(ObfsVpnHelper.gatewayHost()); + if (position == -1) { + position = 0; + } + gatewayHost.setSelection(position); + kcpSwitch.setChecked(ObfsVpnHelper.useKcp()); + }); + + cancelButton.setOnClickListener(v -> { + boolean allowPinning = !TextUtils.isEmpty(ipField.getText()) && !TextUtils.isEmpty(portField.getText()) && !TextUtils.isEmpty(certificateField.getText()); + PreferenceHelper.setUseObfuscationPinning( + v.getContext(), allowPinning); + dismiss(); + }); + + return builder.create(); + } + + @Override + public void onDestroyView() { + super.onDestroyView(); + binding = null; + } } diff --git a/app/src/main/java/se/leap/bitmaskclient/base/fragments/SettingsFragment.java b/app/src/main/java/se/leap/bitmaskclient/base/fragments/SettingsFragment.java index 9d15f839..f7d20aa9 100644 --- a/app/src/main/java/se/leap/bitmaskclient/base/fragments/SettingsFragment.java +++ b/app/src/main/java/se/leap/bitmaskclient/base/fragments/SettingsFragment.java @@ -9,9 +9,10 @@ import static se.leap.bitmaskclient.base.models.Constants.PREFER_UDP; import static se.leap.bitmaskclient.base.models.Constants.SHARED_PREFERENCES; import static se.leap.bitmaskclient.base.models.Constants.USE_BRIDGES; import static se.leap.bitmaskclient.base.models.Constants.USE_IPv6_FIREWALL; +import static se.leap.bitmaskclient.base.models.Constants.USE_OBFUSCATION_PINNING; import static se.leap.bitmaskclient.base.utils.ConfigHelper.ObfsVpnHelper.useObfsVpn; -import static se.leap.bitmaskclient.base.utils.PreferenceHelper.allowExperimentalTransports; import static se.leap.bitmaskclient.base.utils.ConfigHelper.isCalyxOSWithTetheringSupport; +import static se.leap.bitmaskclient.base.utils.PreferenceHelper.allowExperimentalTransports; import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getPreferUDP; import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getShowAlwaysOnDialog; import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getUseBridges; @@ -19,7 +20,9 @@ import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getUseSnowflake; import static se.leap.bitmaskclient.base.utils.PreferenceHelper.hasSnowflakePrefs; import static se.leap.bitmaskclient.base.utils.PreferenceHelper.preferUDP; import static se.leap.bitmaskclient.base.utils.PreferenceHelper.setAllowExperimentalTransports; +import static se.leap.bitmaskclient.base.utils.PreferenceHelper.setUseObfuscationPinning; import static se.leap.bitmaskclient.base.utils.PreferenceHelper.useBridges; +import static se.leap.bitmaskclient.base.utils.PreferenceHelper.useObfuscationPinning; import static se.leap.bitmaskclient.base.utils.PreferenceHelper.useSnowflake; import static se.leap.bitmaskclient.base.utils.ViewHelper.setActionBarTitle; @@ -86,6 +89,7 @@ public class SettingsFragment extends Fragment implements SharedPreferences.OnSh initTetheringEntry(view); initGatewayPinningEntry(view); initExperimentalTransportsEntry(view); + initObfuscationPinningEntry(view); setActionBarTitle(this, advanced_settings); return view; } @@ -260,6 +264,47 @@ public class SettingsFragment extends Fragment implements SharedPreferences.OnSh }); } + public void initObfuscationPinningEntry(View rootView) { + IconSwitchEntry obfuscationPinning = rootView.findViewById(R.id.obfuscation_proxy_pinning); + if (useObfsVpn()) { + obfuscationPinning.setVisibility(VISIBLE); + boolean useBridges = getUseBridges(getContext()); + obfuscationPinning.setEnabled(useBridges); + obfuscationPinning.setSubtitle(useBridges ? "Connect to a specific obfuscation proxy for debugging purposes" : "Enable Bridges to use this option"); + obfuscationPinning.setChecked(useObfuscationPinning(getContext())); + obfuscationPinning.setOnCheckedChangeListener((buttonView, isChecked) -> { + if (!buttonView.isPressed()) { + return; + } + if (!isChecked) { + setUseObfuscationPinning(getContext(), false); + } else { + showObfuscationPinningDialog(); + } + }); + obfuscationPinning.setOnClickListener(v -> { + if (obfuscationPinning.isChecked()) { + showObfuscationPinningDialog(); + } + }); + } else { + obfuscationPinning.setVisibility(GONE); + } + } + + public void showObfuscationPinningDialog() { + try { + FragmentTransaction fragmentTransaction = new FragmentManagerEnhanced( + getActivity().getSupportFragmentManager()).removePreviousFragment( + ObfuscationProxyDialog.TAG); + DialogFragment newFragment = new ObfuscationProxyDialog(); + newFragment.setCancelable(false); + newFragment.show(fragmentTransaction, ObfuscationProxyDialog.TAG); + } catch (IllegalStateException | NullPointerException e) { + e.printStackTrace(); + } + } + public void initExperimentalTransportsEntry(View rootView) { IconSwitchEntry experimentalTransports = rootView.findViewById(R.id.experimental_transports); if (useObfsVpn() && ProviderObservable.getInstance().getCurrentProvider().supportsExperimentalPluggableTransports()) { @@ -315,9 +360,13 @@ public class SettingsFragment extends Fragment implements SharedPreferences.OnSh initPreferUDPEntry(rootView); } else if (key.equals(USE_IPv6_FIREWALL)) { initFirewallEntry(getView()); - } if (key.equals(GATEWAY_PINNING)) { + } else if (key.equals(GATEWAY_PINNING)) { initGatewayPinningEntry(rootView); } + + if (key.equals(USE_OBFUSCATION_PINNING) || key.equals(USE_BRIDGES)) { + initObfuscationPinningEntry(rootView); + } } } diff --git a/app/src/main/java/se/leap/bitmaskclient/base/models/Constants.java b/app/src/main/java/se/leap/bitmaskclient/base/models/Constants.java index b34a31eb..8fbac35e 100644 --- a/app/src/main/java/se/leap/bitmaskclient/base/models/Constants.java +++ b/app/src/main/java/se/leap/bitmaskclient/base/models/Constants.java @@ -45,6 +45,14 @@ public interface Constants { String PREFER_UDP = "prefer_UDP"; String GATEWAY_PINNING = "gateway_pinning"; String ALLOW_EXPERIMENTAL_TRANSPORTS = "allow_experimental_transports"; + String USE_OBFUSCATION_PINNING = "use_obfuscation_pinning"; + String OBFUSCATION_PINNING_IP = "obfuscation_pinning_ip"; + String OBFUSCATION_PINNING_PORT = "obfuscation_pinning_port"; + String OBFUSCATION_PINNING_CERT = "obfuscation_pinning_cert"; + String OBFUSCATION_PINNING_KCP = "obfuscation_pinning_udp"; + String OBFUSCATION_PINNING_GW_HOST = "obfuscation_pinning_gw_host"; + String OBFUSCATION_PINNING_GW_IP = "obfuscation_pinning_gw_ip"; + String OBFUSCATION_PINNING_LOCATION = "obfuscation_pinning_location"; ////////////////////////////////////////////// diff --git a/app/src/main/java/se/leap/bitmaskclient/base/models/Transport.java b/app/src/main/java/se/leap/bitmaskclient/base/models/Transport.java new file mode 100644 index 00000000..90a033dd --- /dev/null +++ b/app/src/main/java/se/leap/bitmaskclient/base/models/Transport.java @@ -0,0 +1,49 @@ +package se.leap.bitmaskclient.base.models; + +import com.google.gson.Gson; +import com.google.gson.GsonBuilder; + +import org.json.JSONObject; + +public class Transport { + private String type; + private String[] protocols; + private String[] ports; + private Options options; + + public Transport(String type, String[] protocols, String[] ports, String cert) { + this.type = type; + this.protocols = protocols; + this.ports = ports; + this.options = new Options(cert); + } + + @Override + public String toString() { + return new Gson().toJson(this); + } + + public static Transport fromJson(JSONObject json) { + GsonBuilder builder = new GsonBuilder(); + return builder.create().fromJson(json.toString(), Transport.class); + } + + public static class Options { + private String cert; + private String iatMode; + + public Options(String cert) { + this.cert = cert; + this.iatMode = "0"; + } + + @Override + public String toString() { + return new Gson().toJson(this); + } + } + + +} + + diff --git a/app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java b/app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java index 102756c4..c4e2fb17 100644 --- a/app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java +++ b/app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java @@ -285,5 +285,32 @@ public class ConfigHelper { public static boolean useObfsVpn() { return BuildConfig.use_obfsvpn; } + + public static boolean hasObfuscationPinningDefaults() { + return BuildConfig.obfsvpn_ip != null && + BuildConfig.obfsvpn_port != null && + BuildConfig.obfsvpn_cert != null && + BuildConfig.obfsvpn_gateway_host != null && + !BuildConfig.obfsvpn_ip.isEmpty() && + !BuildConfig.obfsvpn_port.isEmpty() && + !BuildConfig.obfsvpn_cert.isEmpty() && + !BuildConfig.obfsvpn_gateway_host.isEmpty(); + } + public static String obfsvpnIP() { + return BuildConfig.obfsvpn_ip; + } + public static String obfsvpnPort() { + return BuildConfig.obfsvpn_port; + } + public static String obfsvpnCert() { + return BuildConfig.obfsvpn_cert; + } + public static String gatewayHost() { + return BuildConfig.obfsvpn_gateway_host; + } + + public static boolean useKcp() { + return BuildConfig.obfsvpn_use_kcp; + } } } diff --git a/app/src/main/java/se/leap/bitmaskclient/base/utils/PreferenceHelper.java b/app/src/main/java/se/leap/bitmaskclient/base/utils/PreferenceHelper.java index 22fe42ff..d9beffd3 100644 --- a/app/src/main/java/se/leap/bitmaskclient/base/utils/PreferenceHelper.java +++ b/app/src/main/java/se/leap/bitmaskclient/base/utils/PreferenceHelper.java @@ -11,6 +11,13 @@ import static se.leap.bitmaskclient.base.models.Constants.EXCLUDED_APPS; import static se.leap.bitmaskclient.base.models.Constants.GATEWAY_PINNING; import static se.leap.bitmaskclient.base.models.Constants.LAST_UPDATE_CHECK; import static se.leap.bitmaskclient.base.models.Constants.LAST_USED_PROFILE; +import static se.leap.bitmaskclient.base.models.Constants.OBFUSCATION_PINNING_CERT; +import static se.leap.bitmaskclient.base.models.Constants.OBFUSCATION_PINNING_GW_HOST; +import static se.leap.bitmaskclient.base.models.Constants.OBFUSCATION_PINNING_GW_IP; +import static se.leap.bitmaskclient.base.models.Constants.OBFUSCATION_PINNING_IP; +import static se.leap.bitmaskclient.base.models.Constants.OBFUSCATION_PINNING_KCP; +import static se.leap.bitmaskclient.base.models.Constants.OBFUSCATION_PINNING_LOCATION; +import static se.leap.bitmaskclient.base.models.Constants.OBFUSCATION_PINNING_PORT; import static se.leap.bitmaskclient.base.models.Constants.PREFERRED_CITY; import static se.leap.bitmaskclient.base.models.Constants.PREFER_UDP; import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_CONFIGURED; @@ -22,10 +29,12 @@ import static se.leap.bitmaskclient.base.models.Constants.SHARED_PREFERENCES; import static se.leap.bitmaskclient.base.models.Constants.SHOW_EXPERIMENTAL; import static se.leap.bitmaskclient.base.models.Constants.USE_BRIDGES; import static se.leap.bitmaskclient.base.models.Constants.USE_IPv6_FIREWALL; +import static se.leap.bitmaskclient.base.models.Constants.USE_OBFUSCATION_PINNING; import static se.leap.bitmaskclient.base.models.Constants.USE_SNOWFLAKE; import android.content.Context; import android.content.SharedPreferences; +import android.text.TextUtils; import androidx.annotation.NonNull; import androidx.annotation.WorkerThread; @@ -260,6 +269,77 @@ public class PreferenceHelper { return getBoolean(context, ALLOW_EXPERIMENTAL_TRANSPORTS, false); } + public static void setUseObfuscationPinning(Context context, Boolean pinning) { + putBoolean(context, USE_OBFUSCATION_PINNING, pinning); + } + + public static boolean useObfuscationPinning(Context context) { + return ConfigHelper.ObfsVpnHelper.useObfsVpn() && + getUseBridges(context) && + getBoolean(context, USE_OBFUSCATION_PINNING, false) && + !TextUtils.isEmpty(getObfuscationPinningIP(context)) && + !TextUtils.isEmpty(getObfuscationPinningCert(context)) && + !TextUtils.isEmpty(getObfuscationPinningPort(context)) && + !TextUtils.isEmpty(getObfuscationPinningGatewayHost(context)); + } + + public static void setObfuscationPinningIP(Context context, String ip) { + putString(context, OBFUSCATION_PINNING_IP, ip); + } + + public static String getObfuscationPinningIP(Context context) { + return getString(context, OBFUSCATION_PINNING_IP, null); + } + + public static void setObfuscationPinningPort(Context context, String port) { + putString(context, OBFUSCATION_PINNING_PORT, port); + } + + public static String getObfuscationPinningPort(Context context) { + return getString(context, OBFUSCATION_PINNING_PORT, null); + } + + public static void setObfuscationPinningCert(Context context, String cert) { + putString(context, OBFUSCATION_PINNING_CERT, cert); + } + + public static String getObfuscationPinningCert(Context context) { + return getString(context, OBFUSCATION_PINNING_CERT, null); + } + + public static void setObfuscationPinningGatewayHost(Context context, String gatewayIP) { + putString(context, OBFUSCATION_PINNING_GW_HOST, gatewayIP); + } + + public static String getObfuscationPinningGatewayHost(Context context) { + return getString(context, OBFUSCATION_PINNING_GW_HOST, null); + } + + + public static void setObfuscationPinningGatewayIP(Context context, String ipForHost) { + putString(context, OBFUSCATION_PINNING_GW_IP, ipForHost); + } + + public static String getObfuscationPinningGatewayIP(Context context) { + return getString(context, OBFUSCATION_PINNING_GW_IP, null); + } + + public static void setObfuscationPinningGatewayLocation(Context context, String location) { + putString(context, OBFUSCATION_PINNING_LOCATION, location); + } + + public static String getObfuscationPinningGatewayLocation(Context context) { + return getString(context, OBFUSCATION_PINNING_LOCATION, null); + } + + public static Boolean getObfuscationPinningKCP(Context context) { + return getBoolean(context, OBFUSCATION_PINNING_KCP, false); + } + + public static void setObfuscationPinningKCP(Context context, boolean isKCP) { + putBoolean(context, OBFUSCATION_PINNING_KCP, isKCP); + } + public static void setUseIPv6Firewall(Context context, boolean useFirewall) { putBoolean(context, USE_IPv6_FIREWALL, useFirewall); } diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/Gateway.java b/app/src/main/java/se/leap/bitmaskclient/eip/Gateway.java index e9281609..ff1dd05e 100644 --- a/app/src/main/java/se/leap/bitmaskclient/eip/Gateway.java +++ b/app/src/main/java/se/leap/bitmaskclient/eip/Gateway.java @@ -26,6 +26,17 @@ import static se.leap.bitmaskclient.base.models.Constants.OPENVPN_CONFIGURATION; import static se.leap.bitmaskclient.base.models.Constants.OVERLOAD; import static se.leap.bitmaskclient.base.models.Constants.TIMEZONE; import static se.leap.bitmaskclient.base.models.Constants.VERSION; +import static se.leap.bitmaskclient.base.utils.PreferenceHelper.allowExperimentalTransports; +import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getExcludedApps; +import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getObfuscationPinningCert; +import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getObfuscationPinningGatewayHost; +import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getObfuscationPinningGatewayIP; +import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getObfuscationPinningGatewayLocation; +import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getObfuscationPinningIP; +import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getObfuscationPinningKCP; +import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getObfuscationPinningPort; +import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getPreferUDP; +import static se.leap.bitmaskclient.base.utils.PreferenceHelper.useObfuscationPinning; import android.content.Context; @@ -45,7 +56,6 @@ import de.blinkt.openvpn.VpnProfile; import de.blinkt.openvpn.core.ConfigParser; import de.blinkt.openvpn.core.connection.Connection; import se.leap.bitmaskclient.base.utils.ConfigHelper; -import se.leap.bitmaskclient.base.utils.PreferenceHelper; /** * Gateway provides objects defining gateways and their metadata. @@ -87,28 +97,37 @@ public class Gateway { this.secrets = secrets; this.load = load; + apiVersion = getApiVersion(eipDefinition); + VpnConfigGenerator.Configuration configuration = getProfileConfig(context, eipDefinition, apiVersion); generalConfiguration = getGeneralConfiguration(eipDefinition); timezone = getTimezone(eipDefinition); - name = locationAsName(eipDefinition); - apiVersion = getApiVersion(eipDefinition); - vpnProfiles = createVPNProfiles(context); + name = configuration.profileName; + vpnProfiles = createVPNProfiles(configuration); + } + + private VpnConfigGenerator.Configuration getProfileConfig(Context context, JSONObject eipDefinition, int apiVersion) { + VpnConfigGenerator.Configuration config = new VpnConfigGenerator.Configuration(); + config.apiVersion = apiVersion; + config.preferUDP = getPreferUDP(context); + config.experimentalTransports = allowExperimentalTransports(context); + config.excludedApps = getExcludedApps(context); + + config.useObfuscationPinning = useObfuscationPinning(context); + config.profileName = config.useObfuscationPinning ? getObfuscationPinningGatewayLocation(context) : locationAsName(eipDefinition); + config.remoteGatewayIP = config.useObfuscationPinning ? getObfuscationPinningGatewayIP(context) : gateway.optString(IP_ADDRESS); + if (config.useObfuscationPinning) { + config.obfuscationProxyIP = getObfuscationPinningIP(context); + config.obfuscationProxyPort = getObfuscationPinningPort(context); + config.obfuscationProxyCert = getObfuscationPinningCert(context); + config.obfuscationProxyKCP = getObfuscationPinningKCP(context); + } + return config; } public void updateLoad(JSONObject load) { this.load = load; } - private void addProfileInfos(Context context, HashMap profiles) { - Set excludedAppsVpn = PreferenceHelper.getExcludedApps(context); - for (VpnProfile profile : profiles.values()) { - profile.mName = name; - profile.mGatewayIp = gateway.optString(IP_ADDRESS); - if (excludedAppsVpn != null) { - profile.mAllowedAppsVpn = new HashSet<>(excludedAppsVpn); - } - } - } - private JSONObject getGeneralConfiguration(JSONObject eipDefinition) { try { return eipDefinition.getJSONObject(OPENVPN_CONFIGURATION); @@ -172,13 +191,10 @@ public class Gateway { /** * Create and attach the VpnProfile to our gateway object */ - private @NonNull HashMap createVPNProfiles(Context context) + private @NonNull HashMap createVPNProfiles(VpnConfigGenerator.Configuration profileConfig) throws ConfigParser.ConfigParseError, IOException, JSONException { - boolean preferUDP = PreferenceHelper.getPreferUDP(context); - boolean allowExperimentalTransports = PreferenceHelper.allowExperimentalTransports(context); - VpnConfigGenerator vpnConfigurationGenerator = new VpnConfigGenerator(generalConfiguration, secrets, gateway, apiVersion, preferUDP, allowExperimentalTransports); + VpnConfigGenerator vpnConfigurationGenerator = new VpnConfigGenerator(generalConfiguration, secrets, gateway, profileConfig); HashMap profiles = vpnConfigurationGenerator.generateVpnProfiles(); - addProfileInfos(context, profiles); return profiles; } diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/GatewaysManager.java b/app/src/main/java/se/leap/bitmaskclient/eip/GatewaysManager.java index db7dd38c..7bcd0def 100644 --- a/app/src/main/java/se/leap/bitmaskclient/eip/GatewaysManager.java +++ b/app/src/main/java/se/leap/bitmaskclient/eip/GatewaysManager.java @@ -16,6 +16,20 @@ */ package se.leap.bitmaskclient.eip; +import static de.blinkt.openvpn.core.connection.Connection.TransportType.OBFS4; +import static de.blinkt.openvpn.core.connection.Connection.TransportType.OBFS4_KCP; +import static de.blinkt.openvpn.core.connection.Connection.TransportType.OPENVPN; +import static de.blinkt.openvpn.core.connection.Connection.TransportType.PT; +import static se.leap.bitmaskclient.base.models.Constants.GATEWAYS; +import static se.leap.bitmaskclient.base.models.Constants.HOST; +import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_PRIVATE_KEY; +import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_VPN_CERTIFICATE; +import static se.leap.bitmaskclient.base.models.Constants.SORTED_GATEWAYS; +import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getObfuscationPinningKCP; +import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getPreferredCity; +import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getUseBridges; +import static se.leap.bitmaskclient.base.utils.PreferenceHelper.useObfuscationPinning; + import android.content.Context; import android.util.Log; @@ -48,18 +62,6 @@ import se.leap.bitmaskclient.base.models.Provider; import se.leap.bitmaskclient.base.models.ProviderObservable; import se.leap.bitmaskclient.base.utils.PreferenceHelper; -import static de.blinkt.openvpn.core.connection.Connection.TransportType.OBFS4; -import static de.blinkt.openvpn.core.connection.Connection.TransportType.OBFS4_KCP; -import static de.blinkt.openvpn.core.connection.Connection.TransportType.OPENVPN; -import static de.blinkt.openvpn.core.connection.Connection.TransportType.PT; -import static se.leap.bitmaskclient.base.models.Constants.GATEWAYS; -import static se.leap.bitmaskclient.base.models.Constants.HOST; -import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_PRIVATE_KEY; -import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_VPN_CERTIFICATE; -import static se.leap.bitmaskclient.base.models.Constants.SORTED_GATEWAYS; -import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getPreferredCity; -import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getUseBridges; - /** * @author parmegv */ @@ -115,6 +117,13 @@ public class GatewaysManager { * @return the n closest Gateway */ public Pair select(int nClosest) { + if (PreferenceHelper.useObfuscationPinning(context)) { + Gateway gateway = gateways.get(PreferenceHelper.getObfuscationPinningGatewayHost(context)); + if (gateway == null) { + return null; + } + return new Pair<>(gateway, getObfuscationPinningKCP(context) ? OBFS4_KCP : OBFS4); + } String selectedCity = getPreferredCity(context); return select(nClosest, selectedCity); } @@ -135,6 +144,23 @@ public class GatewaysManager { } } + public ArrayList getHosts() { + ArrayList hosts = new ArrayList<>(); + for (Gateway gateway : gateways.values()) { + hosts.add(gateway.getHost()); + } + return hosts; + } + + + public String getIpForHost(String gatewayHostName) { + Gateway gateway = gateways.get(gatewayHostName); + if (gateway == null) { + return null; + } + return gateway.getRemoteIP(); + } + public List getGatewayLocations() { return getSortedGatewayLocations(null); } @@ -202,6 +228,14 @@ public class GatewaysManager { } } + public String getLocationNameForHost(String name) { + Gateway gateway = gateways.get(name); + if (gateway != null) { + return gateway.getName(); + } + return "Unknown Location"; + } + @Nullable public Location getLocation(String name) { List locations = getGatewayLocations(); diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java b/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java index 58732713..a7df99bf 100644 --- a/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java +++ b/app/src/main/java/se/leap/bitmaskclient/eip/VpnConfigGenerator.java @@ -19,6 +19,7 @@ package se.leap.bitmaskclient.eip; import static de.blinkt.openvpn.core.connection.Connection.TransportType.OBFS4; import static de.blinkt.openvpn.core.connection.Connection.TransportType.OBFS4_KCP; import static de.blinkt.openvpn.core.connection.Connection.TransportType.OPENVPN; +import static de.blinkt.openvpn.core.connection.Connection.TransportType.PT; import static se.leap.bitmaskclient.base.models.Constants.CAPABILITIES; import static se.leap.bitmaskclient.base.models.Constants.IP_ADDRESS; import static se.leap.bitmaskclient.base.models.Constants.IP_ADDRESS6; @@ -44,14 +45,17 @@ import org.json.JSONObject; import java.io.IOException; import java.io.StringReader; import java.util.HashMap; +import java.util.HashSet; import java.util.Iterator; +import java.util.Set; import de.blinkt.openvpn.VpnProfile; import de.blinkt.openvpn.core.ConfigParser; import de.blinkt.openvpn.core.VpnStatus; import de.blinkt.openvpn.core.connection.Connection; -import se.leap.bitmaskclient.BuildConfig; +import de.blinkt.openvpn.core.connection.Connection.TransportType; import se.leap.bitmaskclient.base.models.Provider; +import se.leap.bitmaskclient.base.models.Transport; import se.leap.bitmaskclient.base.utils.ConfigHelper; import se.leap.bitmaskclient.pluggableTransports.Obfs4Options; @@ -64,23 +68,65 @@ public class VpnConfigGenerator { private final int apiVersion; private final boolean preferUDP; private final boolean experimentalTransports; + private final boolean useObfuscationPinning; + private final String obfuscationPinningIP; + private final String obfuscationPinningPort; + private final String obfuscationPinningCert; + private final boolean obfuscationPinningKCP; + private final String remoteGatewayIP; + private final String profileName; + private final Set excludedApps; public final static String TAG = VpnConfigGenerator.class.getSimpleName(); private final String newLine = System.getProperty("line.separator"); // Platform new line - public VpnConfigGenerator(JSONObject generalConfiguration, JSONObject secrets, JSONObject gateway, int apiVersion, boolean preferUDP, boolean experimentalTransports) throws ConfigParser.ConfigParseError { + public static class Configuration { + int apiVersion; + boolean preferUDP; + boolean experimentalTransports; + String remoteGatewayIP = ""; + String profileName = ""; + Set excludedApps = null; + + boolean useObfuscationPinning; + boolean obfuscationProxyKCP; + String obfuscationProxyIP = ""; + String obfuscationProxyPort = ""; + String obfuscationProxyCert = ""; + } + + public VpnConfigGenerator(JSONObject generalConfiguration, JSONObject secrets, JSONObject gateway, Configuration config) throws ConfigParser.ConfigParseError { this.generalConfiguration = generalConfiguration; this.gateway = gateway; this.secrets = secrets; - this.apiVersion = apiVersion; - this.preferUDP = preferUDP; - this.experimentalTransports = experimentalTransports; + this.apiVersion = config.apiVersion; + this.preferUDP = config.preferUDP; + this.experimentalTransports = config.experimentalTransports; + this.useObfuscationPinning = config.useObfuscationPinning; + this.obfuscationPinningIP = config.obfuscationProxyIP; + this.obfuscationPinningPort = config.obfuscationProxyPort; + this.obfuscationPinningCert = config.obfuscationProxyCert; + this.obfuscationPinningKCP = config.obfuscationProxyKCP; + this.remoteGatewayIP = config.remoteGatewayIP; + this.profileName = config.profileName; + this.excludedApps = config.excludedApps; checkCapabilities(); } public void checkCapabilities() throws ConfigParser.ConfigParseError { try { + if (useObfuscationPinning) { + if (obfuscationPinningKCP) { + // the protocol TCP refers to the allowed openvpn protocol + obfs4TKcpTransport = new JSONObject(new Transport(OBFS4_KCP.toString(), new String[]{"tcp"}, new String[]{obfuscationPinningPort}, obfuscationPinningCert).toString()); + } else { + String jsonTransportString = new Transport(OBFS4.toString(), new String[]{"tcp"}, new String[]{obfuscationPinningPort}, obfuscationPinningCert).toString(); + obfs4Transport = new JSONObject(jsonTransportString); + } + return; + } + if (apiVersion >= 3) { JSONArray supportedTransports = gateway.getJSONObject(CAPABILITIES).getJSONArray(TRANSPORT); for (int i = 0; i < supportedTransports.length(); i++) { @@ -101,7 +147,7 @@ public class VpnConfigGenerator { } } - public HashMap generateVpnProfiles() throws + public HashMap generateVpnProfiles() throws ConfigParser.ConfigParseError, NumberFormatException, JSONException, @@ -133,7 +179,7 @@ public class VpnConfigGenerator { return obfs4TKcpTransport != null; } - private String getConfigurationString(Connection.TransportType transportType) { + private String getConfigurationString(TransportType transportType) { return generalConfiguration() + newLine + gatewayConfiguration(transportType) @@ -144,7 +190,7 @@ public class VpnConfigGenerator { } @VisibleForTesting - protected VpnProfile createProfile(Connection.TransportType transportType) throws IOException, ConfigParser.ConfigParseError, JSONException { + protected VpnProfile createProfile(TransportType transportType) throws IOException, ConfigParser.ConfigParseError, JSONException { String configuration = getConfigurationString(transportType); ConfigParser icsOpenvpnConfigParser = new ConfigParser(); icsOpenvpnConfigParser.parseConfig(new StringReader(configuration)); @@ -153,22 +199,30 @@ public class VpnConfigGenerator { } else if (transportType == OBFS4_KCP) { icsOpenvpnConfigParser.setObfs4Options(getObfs4Options(obfs4TKcpTransport, true)); } - return icsOpenvpnConfigParser.convertProfile(transportType); + + VpnProfile profile = icsOpenvpnConfigParser.convertProfile(transportType); + profile.mName = profileName; + profile.mGatewayIp = remoteGatewayIP; + if (excludedApps != null) { + profile.mAllowedAppsVpn = new HashSet<>(excludedApps); + } + return profile; } + // TODO: whad does private Obfs4Options getObfs4Options(JSONObject transportJson, boolean useUdp) throws JSONException { JSONObject transportOptions = transportJson.getJSONObject(OPTIONS); String iatMode = transportOptions.getString("iatMode"); String cert = transportOptions.getString("cert"); - String port = obfs4Transport.getJSONArray(PORTS).getString(0); + String port = transportJson.getJSONArray(PORTS).getString(0); String ip = gateway.getString(IP_ADDRESS); boolean udp = useUdp; - if (BuildConfig.obfsvpn_pinning) { - cert = BuildConfig.obfsvpn_cert; - port = BuildConfig.obfsvpn_port; - ip = BuildConfig.obfsvpn_port; - udp = BuildConfig.obfsvpn_use_kcp; + if (useObfuscationPinning) { + cert = obfuscationPinningCert; + port = obfuscationPinningPort; + ip = obfuscationPinningIP; + udp = obfuscationPinningKCP; } return new Obfs4Options(ip, port, cert, iatMode, udp); } @@ -196,7 +250,7 @@ public class VpnConfigGenerator { return commonOptions; } - private String gatewayConfiguration(Connection.TransportType transportType) { + private String gatewayConfiguration(TransportType transportType) { String remotes = ""; StringBuilder stringBuilder = new StringBuilder(); @@ -217,6 +271,7 @@ public class VpnConfigGenerator { String[] ipAddresses = ipAddress6.isEmpty() ? new String[]{ipAddress} : new String[]{ipAddress6, ipAddress}; + JSONArray transports = capabilities.getJSONArray(TRANSPORT); gatewayConfigMinApiv3(transportType, stringBuilder, ipAddresses, transports); break; @@ -234,9 +289,9 @@ public class VpnConfigGenerator { return remotes; } - private void gatewayConfigMinApiv3(Connection.TransportType transportType, StringBuilder stringBuilder, String[] ipAddresses, JSONArray transports) throws JSONException { - if (transportType == OBFS4) { - obfs4GatewayConfigMinApiv3(stringBuilder, ipAddresses, transports); + private void gatewayConfigMinApiv3(TransportType transportType, StringBuilder stringBuilder, String[] ipAddresses, JSONArray transports) throws JSONException { + if (transportType.getMetaType() == PT) { + ptGatewayConfigMinApiv3(stringBuilder, ipAddresses, transportType, transports); } else { ovpnGatewayConfigMinApi3(stringBuilder, ipAddresses, transports); } @@ -296,7 +351,7 @@ public class VpnConfigGenerator { } } - private JSONObject getTransport(JSONArray transports, Connection.TransportType transportType) throws JSONException { + private JSONObject getTransport(JSONArray transports, TransportType transportType) throws JSONException { JSONObject selectedTransport = new JSONObject(); for (int i = 0; i < transports.length(); i++) { JSONObject transport = transports.getJSONObject(i); @@ -308,9 +363,35 @@ public class VpnConfigGenerator { return selectedTransport; } - private void obfs4GatewayConfigMinApiv3(StringBuilder stringBuilder, String[] ipAddresses, JSONArray transports) throws JSONException { - JSONObject obfs4Transport = getTransport(transports, OBFS4); - JSONArray protocols = obfs4Transport.getJSONArray(PROTOCOLS); + private boolean isAllowedProtocol(TransportType transportType, String protocol) { + switch (transportType) { + case OPENVPN: + return "tcp".equals(protocol) || "udp".equals(protocol); + case OBFS4: + case OBFS4_KCP: + return "tcp".equals(protocol); + } + return false; + } + + private void ptGatewayConfigMinApiv3(StringBuilder stringBuilder, String[] ipAddresses, TransportType transportType, JSONArray transports) throws JSONException { + if (useObfuscationPinning) { + JSONArray pinnedTransports = new JSONArray(); + for (int i = 0; i < transports.length(); i++) { + if (OPENVPN.toString().equals(transports.getJSONObject(i).get(TYPE))) { + pinnedTransports.put(transports.getJSONObject(i)); + break; + } + } + pinnedTransports.put(supportsObfs4() ? obfs4Transport : obfs4TKcpTransport); + transports = pinnedTransports; + } + + JSONObject ptTransport = getTransport(transports, transportType); + JSONArray ptProtocols = ptTransport.getJSONArray(PROTOCOLS); + JSONObject openvpnTransport = getTransport(transports, OPENVPN); + JSONArray gatewayProtocols = openvpnTransport.getJSONArray(PROTOCOLS); + //for now only use ipv4 gateway the syntax route remote_host 255.255.255.255 net_gateway is not yet working // https://community.openvpn.net/openvpn/ticket/1161 /*for (String ipAddress : ipAddresses) { @@ -337,41 +418,55 @@ public class VpnConfigGenerator { return; } - // check if at least one protocol is TCP, UDP is currently not supported for obfs4 - boolean hasTcp = false; - for (int i = 0; i < protocols.length(); i++) { - String protocol = protocols.getString(i); + // check if at least one openvpn protocol is TCP, openvpn in UDP is currently not supported for obfs4, + // however on the wire UDP might be used + boolean hasOpenvpnTcp = false; + for (int i = 0; i < gatewayProtocols.length(); i++) { + String protocol = gatewayProtocols.getString(i); if (protocol.contains("tcp")) { - hasTcp = true; + hasOpenvpnTcp = true; + break; + } + } + + if (!hasOpenvpnTcp) { + VpnStatus.logError("obfs4 currently only allows openvpn in TCP mode! Skipping obfs4 config for ip " + ipAddress); + return; + } + + boolean hasAllowedPTProtocol = false; + for (int i = 0; i < ptProtocols.length(); i++) { + String protocol = ptProtocols.getString(i); + if (isAllowedProtocol(transportType, protocol)) { + hasAllowedPTProtocol = true; + break; } } - if (!hasTcp) { - VpnStatus.logError("obfs4 currently only allows TCP! Skipping obfs4 config for ip " + ipAddress); + if (!hasAllowedPTProtocol) { + VpnStatus.logError("Misconfigured provider: wrong protocol defined in " + transportType.toString()+ " transport JSON."); return; } - JSONArray ports = obfs4Transport.getJSONArray(PORTS); + JSONArray ports = ptTransport.getJSONArray(PORTS); if (ports.isNull(0)){ - VpnStatus.logError("Misconfigured provider: no ports defined in obfs4 transport JSON."); + VpnStatus.logError("Misconfigured provider: no ports defined in " + transportType.toString()+ " transport JSON."); return; } String route = "route " + ipAddress + " 255.255.255.255 net_gateway" + newLine; stringBuilder.append(route); + String remote; if (useObfsVpn()) { - String remote; - if (BuildConfig.obfsvpn_pinning) { - remote = REMOTE + " " + BuildConfig.obfsvpn_ip + " " + BuildConfig.obfsvpn_port + newLine; + if (useObfuscationPinning) { + remote = REMOTE + " " + obfuscationPinningIP + " " + obfuscationPinningPort + newLine; } else { remote = REMOTE + " " + ipAddress + " " + ports.getString(0) + newLine; } - - stringBuilder.append(remote); } else { - String remote = REMOTE + " " + DISPATCHER_IP + " " + DISPATCHER_PORT + " tcp" + newLine; - stringBuilder.append(remote); + remote = REMOTE + " " + DISPATCHER_IP + " " + DISPATCHER_PORT + " tcp" + newLine; } + stringBuilder.append(remote); } private String secretsConfiguration() { diff --git a/app/src/main/res/layout/d_obfuscation_proxy.xml b/app/src/main/res/layout/d_obfuscation_proxy.xml new file mode 100644 index 00000000..e8f61ebd --- /dev/null +++ b/app/src/main/res/layout/d_obfuscation_proxy.xml @@ -0,0 +1,129 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/app/src/main/res/layout/f_settings.xml b/app/src/main/res/layout/f_settings.xml index d41126b9..3ce19797 100644 --- a/app/src/main/res/layout/f_settings.xml +++ b/app/src/main/res/layout/f_settings.xml @@ -124,13 +124,14 @@ app:subtitle="These transports might circumvent censorship, but are still in a testing phase" /> - diff --git a/app/src/test/java/se/leap/bitmaskclient/eip/GatewaysManagerTest.java b/app/src/test/java/se/leap/bitmaskclient/eip/GatewaysManagerTest.java index 56242396..3b0d5552 100644 --- a/app/src/test/java/se/leap/bitmaskclient/eip/GatewaysManagerTest.java +++ b/app/src/test/java/se/leap/bitmaskclient/eip/GatewaysManagerTest.java @@ -117,9 +117,11 @@ public class GatewaysManagerTest { MockHelper.mockProviderObservable(provider); GatewaysManager gatewaysManager = new GatewaysManager(mockContext); - VpnConfigGenerator configGenerator = new VpnConfigGenerator(provider.getDefinition(), secrets, gateway1, 3, false, false); + VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration(); + configuration.apiVersion = 3; + configuration.remoteGatewayIP = "37.218.247.60"; + VpnConfigGenerator configGenerator = new VpnConfigGenerator(provider.getDefinition(), secrets, gateway1, configuration); VpnProfile profile = configGenerator.createProfile(OBFS4); - profile.mGatewayIp = "37.218.247.60"; assertEquals(0, gatewaysManager.getPosition(profile)); } @@ -132,9 +134,11 @@ public class GatewaysManagerTest { MockHelper.mockProviderObservable(provider); GatewaysManager gatewaysManager = new GatewaysManager(mockContext); - VpnConfigGenerator configGenerator = new VpnConfigGenerator(provider.getDefinition(), secrets, gateway1, 3, false, false); + VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration(); + configuration.apiVersion = 3; + configuration.remoteGatewayIP = "37.218.247.60"; + VpnConfigGenerator configGenerator = new VpnConfigGenerator(provider.getDefinition(), secrets, gateway1, configuration); VpnProfile profile = configGenerator.createProfile(OPENVPN); - profile.mGatewayIp = "37.218.247.60"; assertEquals(0, gatewaysManager.getPosition(profile)); } @@ -147,9 +151,11 @@ public class GatewaysManagerTest { MockHelper.mockProviderObservable(provider); GatewaysManager gatewaysManager = new GatewaysManager(mockContext); - VpnConfigGenerator configGenerator = new VpnConfigGenerator(provider.getDefinition(), secrets, gateway1, 3, false, false); + VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration(); + configuration.apiVersion = 3; + configuration.remoteGatewayIP = "37.218.247.60"; + VpnConfigGenerator configGenerator = new VpnConfigGenerator(provider.getDefinition(), secrets, gateway1, configuration); VpnProfile profile = configGenerator.createProfile(OBFS4); - profile.mGatewayIp = "37.218.247.60"; assertEquals(1, gatewaysManager.getPosition(profile)); } @@ -162,9 +168,11 @@ public class GatewaysManagerTest { MockHelper.mockProviderObservable(provider); GatewaysManager gatewaysManager = new GatewaysManager(mockContext); - VpnConfigGenerator configGenerator = new VpnConfigGenerator(provider.getDefinition(), secrets, gateway1, 3, false, false); + VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration(); + configuration.apiVersion = 3; + configuration.remoteGatewayIP = "37.218.247.60"; + VpnConfigGenerator configGenerator = new VpnConfigGenerator(provider.getDefinition(), secrets, gateway1, configuration); VpnProfile profile = configGenerator.createProfile(OPENVPN); - profile.mGatewayIp = "37.218.247.60"; assertEquals(2, gatewaysManager.getPosition(profile)); } @@ -177,9 +185,11 @@ public class GatewaysManagerTest { MockHelper.mockProviderObservable(provider); GatewaysManager gatewaysManager = new GatewaysManager(mockContext); - VpnConfigGenerator configGenerator = new VpnConfigGenerator(provider.getDefinition(), secrets, gateway1, 3, false, false); + VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration(); + configuration.apiVersion = 3; + configuration.remoteGatewayIP = "37.218.247.61"; + VpnConfigGenerator configGenerator = new VpnConfigGenerator(provider.getDefinition(), secrets, gateway1, configuration); VpnProfile profile = configGenerator.createProfile(OBFS4); - profile.mGatewayIp = "37.218.247.61"; assertEquals(-1, gatewaysManager.getPosition(profile)); } @@ -192,9 +202,11 @@ public class GatewaysManagerTest { MockHelper.mockProviderObservable(provider); GatewaysManager gatewaysManager = new GatewaysManager(mockContext); - VpnConfigGenerator configGenerator = new VpnConfigGenerator(provider.getDefinition(), secrets, gateway1, 3, false, false); + VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration(); + configuration.apiVersion = 3; + configuration.remoteGatewayIP = "3.21.247.89"; + VpnConfigGenerator configGenerator = new VpnConfigGenerator(provider.getDefinition(), secrets, gateway1, configuration); VpnProfile profile = configGenerator.createProfile(OBFS4); - profile.mGatewayIp = "3.21.247.89"; assertEquals(1, gatewaysManager.getPosition(profile)); } diff --git a/app/src/test/java/se/leap/bitmaskclient/eip/VpnConfigGeneratorTest.java b/app/src/test/java/se/leap/bitmaskclient/eip/VpnConfigGeneratorTest.java index f0db65d9..86a287ad 100644 --- a/app/src/test/java/se/leap/bitmaskclient/eip/VpnConfigGeneratorTest.java +++ b/app/src/test/java/se/leap/bitmaskclient/eip/VpnConfigGeneratorTest.java @@ -1437,7 +1437,9 @@ public class VpnConfigGeneratorTest { @Test public void testGenerateVpnProfile_v1_tcp_udp() throws Exception { gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("gateway_tcp_udp.json"))); - vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 1, false, false); + VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration(); + configuration.apiVersion = 1; + vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration); HashMap vpnProfiles = vpnConfigGenerator.generateVpnProfiles(); assertFalse(vpnProfiles.containsKey(OBFS4)); assertEquals(expectedVPNConfig_v1_tcp_udp.trim(), vpnProfiles.get(OPENVPN).getConfigFile(context, false).trim()); @@ -1446,7 +1448,9 @@ public class VpnConfigGeneratorTest { @Test public void testGenerateVpnProfile_v1_udp_tcp() throws Exception { gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("gateway_udp_tcp.json"))); - vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 1, false, false); + VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration(); + configuration.apiVersion = 1; + vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration); HashMap vpnProfiles = vpnConfigGenerator.generateVpnProfiles(); assertFalse(vpnProfiles.containsKey(OBFS4)); assertEquals(expectedVPNConfig_v1_udp_tcp.trim(), vpnProfiles.get(OPENVPN).getConfigFile(context, false).trim()); @@ -1455,7 +1459,9 @@ public class VpnConfigGeneratorTest { @Test public void testGenerateVpnProfile_v2_tcp_udp() throws Exception { gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("gateway_tcp_udp.json"))); - vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 2, false, false); + VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration(); + configuration.apiVersion = 2; + vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration); HashMap vpnProfiles = vpnConfigGenerator.generateVpnProfiles(); assertFalse(vpnProfiles.containsKey(OBFS4)); assertEquals(expectedVPNConfig_v1_tcp_udp.trim(), vpnProfiles.get(OPENVPN).getConfigFile(context, false).trim()); @@ -1464,7 +1470,9 @@ public class VpnConfigGeneratorTest { @Test public void testGenerateVpnProfile_v2_udp_tcp() throws Exception { gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("gateway_udp_tcp.json"))); - vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 2, false, false); + VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration(); + configuration.apiVersion = 2; + vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration); HashMap vpnProfiles = vpnConfigGenerator.generateVpnProfiles(); assertFalse(vpnProfiles.containsKey(OBFS4)); assertEquals(expectedVPNConfig_v1_udp_tcp.trim(), vpnProfiles.get(OPENVPN).getConfigFile(context, false).trim()); @@ -1475,7 +1483,9 @@ public class VpnConfigGeneratorTest { public void testGenerateVpnProfile_v3_obfs4() throws Exception { when(ConfigHelper.ObfsVpnHelper.useObfsVpn()).thenReturn(false); gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo.bitmask.eip-service.json"))).getJSONArray("gateways").getJSONObject(0); - vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 3, false, false); + VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration(); + configuration.apiVersion = 3; + vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration); HashMap vpnProfiles = vpnConfigGenerator.generateVpnProfiles(); assertTrue(vpnProfiles.containsKey(OBFS4)); assertTrue(vpnProfiles.containsKey(OPENVPN)); @@ -1487,7 +1497,9 @@ public class VpnConfigGeneratorTest { public void testGenerateVpnProfile_v3_obfs4_obfsvpn() throws Exception { when(ConfigHelper.ObfsVpnHelper.useObfsVpn()).thenReturn(true); gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo.bitmask.eip-service.json"))).getJSONArray("gateways").getJSONObject(0); - vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 3, false, false); + VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration(); + configuration.apiVersion = 3; + vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration); HashMap vpnProfiles = vpnConfigGenerator.generateVpnProfiles(); assertTrue(vpnProfiles.containsKey(OBFS4)); assertTrue(vpnProfiles.containsKey(OPENVPN)); @@ -1498,7 +1510,9 @@ public class VpnConfigGeneratorTest { @Test public void testGenerateVpnProfile_v3_ovpn_tcp_udp() throws Exception { gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_pt_tcp_udp.eip-service.json"))).getJSONArray("gateways").getJSONObject(0); - vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 3, false, false); + VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration(); + configuration.apiVersion = 3; + vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration); HashMap vpnProfiles = vpnConfigGenerator.generateVpnProfiles(); assertTrue(vpnProfiles.containsKey(OBFS4)); assertTrue(vpnProfiles.containsKey(OPENVPN)); @@ -1509,7 +1523,9 @@ public class VpnConfigGeneratorTest { @Test public void testGenerateVpnProfile_v3_ovpn_udp_tcp() throws Exception { gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_pt_udp_tcp.eip-service.json"))).getJSONArray("gateways").getJSONObject(0); - vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 3, false, false); + VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration(); + configuration.apiVersion = 3; + vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration); HashMap vpnProfiles = vpnConfigGenerator.generateVpnProfiles(); assertTrue(vpnProfiles.containsKey(OBFS4)); assertTrue(vpnProfiles.containsKey(OPENVPN)); @@ -1522,7 +1538,9 @@ public class VpnConfigGeneratorTest { gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_pt_udp_tcp.eip-service.json"))).getJSONArray("gateways").getJSONObject(0); //delete "data-ciphers" from config to test if the resulting openvpn config file will contain the default value taken from "cipher" flag generalConfig.put("data-ciphers", null); - vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 3, false, false); + VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration(); + configuration.apiVersion = 3; + vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration); HashMap vpnProfiles = vpnConfigGenerator.generateVpnProfiles(); assertTrue(vpnProfiles.containsKey(OBFS4)); assertTrue(vpnProfiles.containsKey(OPENVPN)); @@ -1534,7 +1552,9 @@ public class VpnConfigGeneratorTest { public void testGenerateVpnProfile_v4_ovpn_tcp_udp() throws Exception { gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("v4/ptdemo_pt_tcp_udp.eip-service.json"))).getJSONArray("gateways").getJSONObject(0); generalConfig = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("v4/ptdemo_pt_tcp_udp.eip-service.json"))).getJSONObject(OPENVPN_CONFIGURATION); - vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 4, false, false); + VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration(); + configuration.apiVersion = 4; + vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration); HashMap vpnProfiles = vpnConfigGenerator.generateVpnProfiles(); assertTrue(vpnProfiles.containsKey(OBFS4)); assertTrue(vpnProfiles.containsKey(OPENVPN)); @@ -1546,7 +1566,9 @@ public class VpnConfigGeneratorTest { public void testGenerateVpnProfile_v4_ovpn_udp_tcp() throws Exception { gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("v4/ptdemo_pt_udp_tcp.eip-service.json"))).getJSONArray("gateways").getJSONObject(0); generalConfig = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("v4/ptdemo_pt_udp_tcp.eip-service.json"))).getJSONObject(OPENVPN_CONFIGURATION); - vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 4, false, false); + VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration(); + configuration.apiVersion = 4; + vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration); HashMap vpnProfiles = vpnConfigGenerator.generateVpnProfiles(); assertTrue(vpnProfiles.containsKey(OBFS4)); assertTrue(vpnProfiles.containsKey(OPENVPN)); @@ -1558,7 +1580,9 @@ public class VpnConfigGeneratorTest { public void testGenerateVpnProfile_v3_ipv6only_allowOpenvpnIPv6Only() throws Exception { gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_ipv6.json"))).getJSONArray("gateways").getJSONObject(0); generalConfig = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_ipv6.json"))).getJSONObject(OPENVPN_CONFIGURATION); - vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 3, false, false); + VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration(); + configuration.apiVersion = 3; + vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration); HashMap vpnProfiles = vpnConfigGenerator.generateVpnProfiles(); assertTrue(vpnProfiles.containsKey(OPENVPN)); } @@ -1567,7 +1591,9 @@ public class VpnConfigGeneratorTest { public void testGenerateVpnProfile_v3_obfs4IPv6_skip() throws Exception { gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_ipv6.json"))).getJSONArray("gateways").getJSONObject(0); generalConfig = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_ipv6.json"))).getJSONObject(OPENVPN_CONFIGURATION); - vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 3, false, false); + VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration(); + configuration.apiVersion = 3; + vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration); HashMap vpnProfiles = vpnConfigGenerator.generateVpnProfiles(); assertFalse(vpnProfiles.containsKey(OBFS4)); } @@ -1579,7 +1605,9 @@ public class VpnConfigGeneratorTest { public void testGenerateVpnProfile_v3_obfs4IPv4AndIPv6_skipIPv6() throws Exception { gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_ipv4ipv6.json"))).getJSONArray("gateways").getJSONObject(0); generalConfig = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_ipv4ipv6.json"))).getJSONObject(OPENVPN_CONFIGURATION); - vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 3, false, false); + VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration(); + configuration.apiVersion = 3; + vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration); HashMap vpnProfiles = vpnConfigGenerator.generateVpnProfiles(); assertTrue(vpnProfiles.containsKey(OBFS4)); assertTrue(vpnProfiles.containsKey(OPENVPN)); @@ -1594,7 +1622,24 @@ public class VpnConfigGeneratorTest { public void testGenerateVpnProfile_v3_obfs4udp_skip() throws Exception { gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_udp.json"))).getJSONArray("gateways").getJSONObject(0); generalConfig = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_udp.json"))).getJSONObject(OPENVPN_CONFIGURATION); - vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 3, false, false); + VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration(); + configuration.apiVersion = 3; + vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration); + HashMap vpnProfiles = vpnConfigGenerator.generateVpnProfiles(); + assertFalse(vpnProfiles.containsKey(OBFS4)); + assertTrue(vpnProfiles.containsKey(OPENVPN)); + } + + /** + * obfs4 cannot be used with UDP, openvpn needs to support TCP + */ + @Test + public void testGenerateVpnProfile_v3_obfs4TCP_openvpnUDP_skip() throws Exception { + gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_udp2.json"))).getJSONArray("gateways").getJSONObject(0); + generalConfig = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_udp2.json"))).getJSONObject(OPENVPN_CONFIGURATION); + VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration(); + configuration.apiVersion = 3; + vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration); HashMap vpnProfiles = vpnConfigGenerator.generateVpnProfiles(); assertFalse(vpnProfiles.containsKey(OBFS4)); assertTrue(vpnProfiles.containsKey(OPENVPN)); @@ -1604,7 +1649,9 @@ public class VpnConfigGeneratorTest { public void testGenerateVpnProfile_v3_obfs4UDPAndTCP_skipUDP() throws Exception { gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_udptcp.json"))).getJSONArray("gateways").getJSONObject(0); generalConfig = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_udptcp.json"))).getJSONObject(OPENVPN_CONFIGURATION); - vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 3, false, false); + VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration(); + configuration.apiVersion = 3; + vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration); HashMap vpnProfiles = vpnConfigGenerator.generateVpnProfiles(); assertTrue(vpnProfiles.containsKey(OBFS4)); assertTrue(vpnProfiles.containsKey(OPENVPN)); @@ -1616,7 +1663,10 @@ public class VpnConfigGeneratorTest { public void testGenerateVpnProfile_preferUDP_firstRemotesUDP() throws Exception { gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("v4/multiport_tcpudp_eip-service.json"))).getJSONArray("gateways").getJSONObject(0); generalConfig = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("v4/multiport_tcpudp_eip-service.json"))).getJSONObject(OPENVPN_CONFIGURATION); - vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 3, true, false); + VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration(); + configuration.apiVersion = 3; + configuration.preferUDP = true; + vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration); HashMap vpnProfiles = vpnConfigGenerator.generateVpnProfiles(); assertTrue(vpnProfiles.containsKey(OBFS4)); assertTrue(vpnProfiles.containsKey(OPENVPN)); @@ -1628,16 +1678,23 @@ public class VpnConfigGeneratorTest { public void testGenerateVpnProfile_testNewCiphers() throws Exception { gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("v4/ptdemo_pt_tcp_udp_new_ciphers.eip-service.json"))).getJSONArray("gateways").getJSONObject(0); generalConfig = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("v4/ptdemo_pt_tcp_udp_new_ciphers.eip-service.json"))).getJSONObject(OPENVPN_CONFIGURATION); - vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 4, false, false); + VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration(); + configuration.apiVersion = 4; + vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration); HashMap vpnProfiles = vpnConfigGenerator.generateVpnProfiles(); System.out.println(vpnProfiles.get(OPENVPN).getConfigFile(context, false)); assertEquals(expectedVPNConfig_v4_ovpn_tcp_udp_new_ciphers.trim(), vpnProfiles.get(OPENVPN).getConfigFile(context, false).trim()); } + @Test public void testGenerateVpnProfileExperimentalTransportsEnabled () throws Exception { gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_kcp_gateways.json"))).getJSONArray("gateways").getJSONObject(0); generalConfig = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_kcp_gateways.json"))).getJSONObject(OPENVPN_CONFIGURATION); - vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 3, true, true); + VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration(); + configuration.apiVersion = 3; + configuration.experimentalTransports = true; + configuration.preferUDP = true; + vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration); HashMap vpnProfiles = vpnConfigGenerator.generateVpnProfiles(); assertTrue(vpnProfiles.containsKey(OBFS4)); assertTrue(vpnProfiles.containsKey(OBFS4_KCP)); @@ -1645,4 +1702,72 @@ public class VpnConfigGeneratorTest { } + @Test + public void testGenerateVpnProfile_experimentalTransportsEnabled_KCPMisconfiguredWithUDP_SkippingObfsKCP () throws Exception { + gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_kcp_gateways.json"))).getJSONArray("gateways").getJSONObject(0); + generalConfig = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_kcp_gateways.json"))).getJSONObject(OPENVPN_CONFIGURATION); + VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration(); + configuration.apiVersion = 3; + configuration.experimentalTransports = true; + vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration); + HashMap vpnProfiles = vpnConfigGenerator.generateVpnProfiles(); + assertTrue(vpnProfiles.containsKey(OBFS4)); + assertFalse(vpnProfiles.containsKey(OBFS4_KCP)); + assertTrue(vpnProfiles.containsKey(OPENVPN)); + } + + @Test + public void testGenerateVpnProfile_ObfuscationPinningEnabled_obfs4AndOpenvpnProfile () throws Exception { + gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_kcp_gateways.json"))).getJSONArray("gateways").getJSONObject(0); + generalConfig = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_kcp_gateways.json"))).getJSONObject(OPENVPN_CONFIGURATION); + VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration(); + configuration.apiVersion = 3; + configuration.useObfuscationPinning = true; + configuration.remoteGatewayIP = "1.2.3.4"; + vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration); + HashMap vpnProfiles = vpnConfigGenerator.generateVpnProfiles(); + assertTrue("has openvpn profile", vpnProfiles.containsKey(OPENVPN)); + assertTrue("has obfs4 profile", vpnProfiles.containsKey(OBFS4)); + assertFalse("has no obfs4 kcp profile", vpnProfiles.containsKey(OBFS4_KCP)); + } + + @Test + public void testGenerateVpnProfile_ObfuscationPinningEnabled_obfs4Profile () throws Exception { + gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_kcp_gateways.json"))).getJSONArray("gateways").getJSONObject(0); + generalConfig = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_kcp_gateways.json"))).getJSONObject(OPENVPN_CONFIGURATION); + VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration(); + configuration.apiVersion = 3; + configuration.useObfuscationPinning = true; + configuration.obfuscationProxyKCP = true; + configuration.obfuscationProxyPort = "443"; + configuration.obfuscationProxyIP = "5.6.7.8"; + configuration.obfuscationProxyCert = "asdfasdf"; + configuration.remoteGatewayIP = "1.2.3.4"; + vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration); + HashMap vpnProfiles = vpnConfigGenerator.generateVpnProfiles(); + assertTrue("has obfs4_kcp profile", vpnProfiles.containsKey(OBFS4_KCP)); + assertTrue("has openvpn profile", vpnProfiles.containsKey(OPENVPN)); + assertFalse("has no obfs4 profile", vpnProfiles.containsKey(OBFS4)); + } + + @Test + public void testGenerateVpnProfile_ObfuscationPinningEnabled_kcp_obfs4KcpProfile () throws Exception { + gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_kcp_gateways.json"))).getJSONArray("gateways").getJSONObject(0); + generalConfig = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_kcp_gateways.json"))).getJSONObject(OPENVPN_CONFIGURATION); + VpnConfigGenerator.Configuration configuration = new VpnConfigGenerator.Configuration(); + configuration.apiVersion = 3; + configuration.useObfuscationPinning = true; + configuration.obfuscationProxyKCP = true; + configuration.obfuscationProxyPort = "443"; + configuration.obfuscationProxyIP = "5.6.7.8"; + configuration.obfuscationProxyCert = "asdfasdf"; + configuration.remoteGatewayIP = "1.2.3.4"; + + vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, configuration); + HashMap vpnProfiles = vpnConfigGenerator.generateVpnProfiles(); + assertTrue("has obfs4_kcp profile", vpnProfiles.containsKey(OBFS4_KCP)); + assertTrue("has openvpn profile", vpnProfiles.containsKey(OPENVPN)); + assertFalse("has no obfs4 profile", vpnProfiles.containsKey(OBFS4)); + } + } \ No newline at end of file diff --git a/app/src/test/resources/ptdemo_misconfigured_kcp_gateways.json b/app/src/test/resources/ptdemo_misconfigured_kcp_gateways.json new file mode 100644 index 00000000..94a1eafd --- /dev/null +++ b/app/src/test/resources/ptdemo_misconfigured_kcp_gateways.json @@ -0,0 +1,160 @@ +{ + "gateways":[ + { + "capabilities":{ + "adblock":false, + "filter_dns":false, + "limited":false, + "transport":[ + { + "type":"obfs4", + "protocols":[ + "tcp" + ], + "ports":[ + "23049" + ], + "options": { + "cert": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX1", + "iatMode": "0" + } + }, + { + "type":"obfs4-1", + "protocols":[ + "udp" + ], + "ports":[ + "23050" + ], + "options": { + "cert": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX1", + "iatMode": "0" + } + }, + { + "type":"openvpn", + "protocols":[ + "tcp" + ], + "ports":[ + "1195" + ] + } + ], + "user_ips":false + }, + "host":"pt.demo.bitmask.net", + "ip_address":"37.218.247.60", + "location":"Amsterdam" + }, + { + "capabilities":{ + "adblock":false, + "filter_dns":false, + "limited":false, + "transport":[ + { + "type":"obfs4", + "protocols":[ + "tcp" + ], + "ports":[ + "443" + ], + "options": { + "cert": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX2", + "iatMode": "0" + } + }, + { + "type":"openvpn", + "protocols":[ + "tcp" + ], + "ports":[ + "1195" + ] + } + ], + "user_ips":false + }, + "host":"moscow.bitmask.net", + "ip_address":"3.21.247.89", + "location":"moscow" + }, + { + "capabilities":{ + "adblock":false, + "filter_dns":false, + "limited":false, + "transport":[ + { + "type":"openvpn", + "protocols":[ + "tcp", + "udp" + ], + + "ports":[ + "1195" + ] + }, + { + "type":"obfs4-1", + "protocols":[ + "udp" + ], + "ports":[ + "23050" + ], + "options": { + "cert": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX1", + "iatMode": "0" + } + } + ], + "user_ips":false + }, + "host":"manila.bitmask.net", + "ip_address":"37.12.247.10", + "location":"manila" + } + ], + "locations":{ + "Amsterdam":{ + "country_code":"NL", + "hemisphere":"N", + "name":"Amsterdam", + "timezone":"-1" + }, + "moscow": { + "country_code": "RU", + "hemisphere": "N", + "name": "Moscow", + "timezone": "+3" + }, + "manila": { + "country_code": "PH", + "hemisphere": "N", + "name": "Manila", + "timezone": "+8" + } + }, + "openvpn_configuration":{ + "auth":"SHA1", + "cipher":"AES-256-CBC", + "keepalive":"10 30", + "tls-cipher":"DHE-RSA-AES128-SHA", + "tun-ipv6":true, + "dev" : "tun", + "sndbuf" : "0", + "rcvbuf" : "0", + "nobind" : true, + "persist-key" : true, + "key-direction" : "1", + "verb" : "3" + }, + "serial":2, + "version":3 +} \ No newline at end of file diff --git a/app/src/test/resources/ptdemo_misconfigured_udp2.json b/app/src/test/resources/ptdemo_misconfigured_udp2.json new file mode 100644 index 00000000..d2a54cef --- /dev/null +++ b/app/src/test/resources/ptdemo_misconfigured_udp2.json @@ -0,0 +1,65 @@ +{ + "gateways":[ + { + "capabilities":{ + "adblock":false, + "filter_dns":false, + "limited":false, + "transport":[ + { + "type":"obfs4", + "protocols":[ + "tcp" + ], + "ports":[ + "23049" + ], + "options": { + "cert": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", + "iatMode": "0" + } + }, + { + "type":"openvpn", + "protocols":[ + "udp" + ], + "ports":[ + "1195" + ] + } + ], + "user_ips":false + }, + "host":"pt.demo.bitmask.net", + "ip_address6":"2001:db8:123::1058", + "ip_address":"37.218.247.60", + "location":"Amsterdam" + } + ], + "locations":{ + "Amsterdam":{ + "country_code":"NL", + "hemisphere":"N", + "name":"Amsterdam", + "timezone":"-1" + } + }, + "openvpn_configuration":{ + "auth":"SHA1", + "cipher":"AES-256-CBC", + "keepalive":"10 30", + "tls-cipher":"DHE-RSA-AES128-SHA", + "tun-ipv6":true, + "dev" : "tun", + "sndbuf" : "0", + "rcvbuf" : "0", + "nobind" : true, + "persist-key" : true, + "comp-lzo" : true, + "key-direction" : "1", + "verb" : "3" + }, + "serial":2, + "version":3 +} \ No newline at end of file -- cgit v1.2.3