From b9e1f2354520e37f0e2784f156f1288e55e1a993 Mon Sep 17 00:00:00 2001 From: cyBerta Date: Mon, 18 Jul 2022 18:29:15 +0200 Subject: update soon expiring vpn certificates after connecting to the VPN --- .../leap/bitmaskclient/base/models/Provider.java | 10 +++ .../main/java/se/leap/bitmaskclient/eip/EIP.java | 19 +++++ .../leap/bitmaskclient/eip/EipSetupObserver.java | 8 ++ .../bitmaskclient/eip/VpnCertificateValidator.java | 27 +++++-- .../bitmaskclient/providersetup/ProviderAPI.java | 6 ++ .../providersetup/ProviderApiManagerBase.java | 21 +++++ .../bitmaskclient/eip/ProviderApiManagerTest.java | 47 ++++++----- app/src/test/resources/v4/riseup.net.cert | 94 +++++++++++----------- 8 files changed, 158 insertions(+), 74 deletions(-) diff --git a/app/src/main/java/se/leap/bitmaskclient/base/models/Provider.java b/app/src/main/java/se/leap/bitmaskclient/base/models/Provider.java index 974aef80..02a9694a 100644 --- a/app/src/main/java/se/leap/bitmaskclient/base/models/Provider.java +++ b/app/src/main/java/se/leap/bitmaskclient/base/models/Provider.java @@ -63,6 +63,7 @@ public final class Provider implements Parcelable { private String vpnCertificate = ""; private long lastEipServiceUpdate = 0L; private long lastGeoIpUpdate = 0L; + private boolean shouldUpdateVpnCertificate; private boolean allowAnonymous; private boolean allowRegistered; @@ -361,6 +362,7 @@ public final class Provider implements Parcelable { parcel.writeString(getVpnCertificate()); parcel.writeLong(lastEipServiceUpdate); parcel.writeLong(lastGeoIpUpdate); + parcel.writeInt(shouldUpdateVpnCertificate ? 0 : 1); } @@ -407,6 +409,7 @@ public final class Provider implements Parcelable { } this.lastEipServiceUpdate = in.readLong(); this.lastGeoIpUpdate = in.readLong(); + this.shouldUpdateVpnCertificate = in.readInt() == 0; } catch (MalformedURLException | JSONException e) { e.printStackTrace(); } @@ -492,6 +495,13 @@ public final class Provider implements Parcelable { return System.currentTimeMillis() - lastEipServiceUpdate >= EIP_SERVICE_TIMEOUT; } + public void setShouldUpdateVpnCertificate(Boolean update) { + shouldUpdateVpnCertificate = update; + } + + public boolean shouldUpdateVpnCertificate() { + return shouldUpdateVpnCertificate; + } public void setLastGeoIpUpdate(long timestamp) { lastGeoIpUpdate = timestamp; diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/EIP.java b/app/src/main/java/se/leap/bitmaskclient/eip/EIP.java index cf4dc9bf..46f91781 100644 --- a/app/src/main/java/se/leap/bitmaskclient/eip/EIP.java +++ b/app/src/main/java/se/leap/bitmaskclient/eip/EIP.java @@ -56,6 +56,7 @@ import de.blinkt.openvpn.core.VpnStatus; import de.blinkt.openvpn.core.connection.Connection; import se.leap.bitmaskclient.R; import se.leap.bitmaskclient.base.OnBootReceiver; +import se.leap.bitmaskclient.base.models.Provider; import se.leap.bitmaskclient.base.models.ProviderObservable; import se.leap.bitmaskclient.base.utils.PreferenceHelper; @@ -242,6 +243,12 @@ public final class EIP extends JobIntentService implements Observer { return; } + if (shouldUpdateVPNCertificate()) { + Provider p = ProviderObservable.getInstance().getCurrentProvider(); + p.setShouldUpdateVpnCertificate(true); + ProviderObservable.getInstance().updateProvider(p); + } + GatewaysManager gatewaysManager = new GatewaysManager(getApplicationContext()); if (gatewaysManager.isEmpty()) { setErrorResult(result, warning_client_parsing_error_gateways, null); @@ -267,6 +274,12 @@ public final class EIP extends JobIntentService implements Observer { Gateway gateway = gatewaysManager.select(0); Bundle result = new Bundle(); + if (shouldUpdateVPNCertificate()) { + Provider p = ProviderObservable.getInstance().getCurrentProvider(); + p.setShouldUpdateVpnCertificate(true); + ProviderObservable.getInstance().updateProvider(p); + } + launchActiveGateway(gateway, 0, result); if (result.containsKey(BROADCAST_RESULT_KEY) && !result.getBoolean(BROADCAST_RESULT_KEY)){ VpnStatus.logWarning("ALWAYS-ON VPN: " + getString(R.string.no_vpn_profiles_defined)); @@ -415,6 +428,12 @@ public final class EIP extends JobIntentService implements Observer { return validator.isValid(); } + private boolean shouldUpdateVPNCertificate() { + VpnCertificateValidator validator = new VpnCertificateValidator(preferences.getString(PROVIDER_VPN_CERTIFICATE, "")); + return validator.shouldBeUpdated(); + } + + /** * helper function to add error to result bundle * diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/EipSetupObserver.java b/app/src/main/java/se/leap/bitmaskclient/eip/EipSetupObserver.java index 9d67340e..56350703 100644 --- a/app/src/main/java/se/leap/bitmaskclient/eip/EipSetupObserver.java +++ b/app/src/main/java/se/leap/bitmaskclient/eip/EipSetupObserver.java @@ -39,12 +39,14 @@ import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_PROFILE; import static se.leap.bitmaskclient.providersetup.ProviderAPI.CORRECTLY_DOWNLOADED_EIP_SERVICE; import static se.leap.bitmaskclient.providersetup.ProviderAPI.CORRECTLY_DOWNLOADED_GEOIP_JSON; import static se.leap.bitmaskclient.providersetup.ProviderAPI.CORRECTLY_UPDATED_INVALID_VPN_CERTIFICATE; +import static se.leap.bitmaskclient.providersetup.ProviderAPI.DELAY; import static se.leap.bitmaskclient.providersetup.ProviderAPI.INCORRECTLY_DOWNLOADED_EIP_SERVICE; import static se.leap.bitmaskclient.providersetup.ProviderAPI.INCORRECTLY_DOWNLOADED_GEOIP_JSON; import static se.leap.bitmaskclient.providersetup.ProviderAPI.INCORRECTLY_DOWNLOADED_VPN_CERTIFICATE; import static se.leap.bitmaskclient.providersetup.ProviderAPI.INCORRECTLY_UPDATED_INVALID_VPN_CERTIFICATE; import static se.leap.bitmaskclient.providersetup.ProviderAPI.PROVIDER_NOK; import static se.leap.bitmaskclient.providersetup.ProviderAPI.PROVIDER_OK; +import static se.leap.bitmaskclient.providersetup.ProviderAPI.QUIETLY_UPDATE_VPN_CERTIFICATE; import static se.leap.bitmaskclient.providersetup.ProviderAPI.TOR_EXCEPTION; import static se.leap.bitmaskclient.providersetup.ProviderAPI.TOR_TIMEOUT; import static se.leap.bitmaskclient.providersetup.ProviderAPI.UPDATE_INVALID_VPN_CERTIFICATE; @@ -373,6 +375,12 @@ public class EipSetupObserver extends BroadcastReceiver implements VpnStatus.Sta if (shouldCheckAppUpdate()) { DownloadServiceCommand.execute(appContext, CHECK_VERSION_FILE); } + + if (provider.shouldUpdateVpnCertificate()) { + Bundle parameters = new Bundle(); + parameters.putLong(DELAY, 500); + ProviderAPICommand.execute(appContext, QUIETLY_UPDATE_VPN_CERTIFICATE, parameters, provider); + } finishGatewaySetup(false); } else if ("TCP_CONNECT".equals(state)) { changingGateway.set(false); diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java b/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java index 16d1c5ad..8841ae94 100644 --- a/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java +++ b/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java @@ -45,9 +45,22 @@ public class VpnCertificateValidator { /** * - * @return true if all certificates are valid for more than 15 more days + * @return true if all certificates are valid for 1 more day */ public boolean isValid() { + return isValid(1); + } + + /** + * + * @return return true if certificates will expire in 8 days or less + */ + public boolean shouldBeUpdated() { + return !isValid(8); + } + + + private boolean isValid(int offsetDays) { if (certificate.isEmpty()) { return false; } @@ -57,7 +70,7 @@ public class VpnCertificateValidator { return false; } for (X509Certificate cert : x509Certificates) { - if (!isValid(cert)) { + if (!isValid(cert, offsetDays)) { return false; } } @@ -65,12 +78,12 @@ public class VpnCertificateValidator { } - private boolean isValid(X509Certificate certificate) { + private boolean isValid(X509Certificate certificate, int offsetDays) { if (certificate == null) { return false; } - Calendar offsetDate = calculateOffsetCertificateValidity(certificate); + Calendar offsetDate = calculateOffsetCertificateValidity(certificate, offsetDays); try { certificate.checkValidity(offsetDate.getTime()); return true; @@ -81,15 +94,15 @@ public class VpnCertificateValidator { } } - private Calendar calculateOffsetCertificateValidity(X509Certificate certificate) { + private Calendar calculateOffsetCertificateValidity(X509Certificate certificate, int offsetDays) { Calendar limitDate = calendarProvider.getCalendar(); Date startDate = certificate.getNotBefore(); // if certificates start date is before current date just return the current date without an offset if (startDate.getTime() >= limitDate.getTime().getTime()) { return limitDate; } - // else add an offset of 15 days to the current date - limitDate.add(Calendar.DAY_OF_YEAR, 15); + // else add an offset to the current date + limitDate.add(Calendar.DAY_OF_YEAR, offsetDays); return limitDate; } diff --git a/app/src/main/java/se/leap/bitmaskclient/providersetup/ProviderAPI.java b/app/src/main/java/se/leap/bitmaskclient/providersetup/ProviderAPI.java index da77af2f..063c9e00 100644 --- a/app/src/main/java/se/leap/bitmaskclient/providersetup/ProviderAPI.java +++ b/app/src/main/java/se/leap/bitmaskclient/providersetup/ProviderAPI.java @@ -63,9 +63,15 @@ public class ProviderAPI extends JobIntentService implements ProviderApiManagerB SIGN_UP = "srpRegister", LOG_IN = "srpAuth", LOG_OUT = "logOut", + // all vpn certificate download commands are used in different scenarios with different error handling + // command key used for the initial vpn certificate download during the provider setup DOWNLOAD_VPN_CERTIFICATE = "downloadUserAuthedVPNCertificate", + // command key used to update soon expiring but yet valid certificates after connecting to the vpn + QUIETLY_UPDATE_VPN_CERTIFICATE = "ProviderAPI.QUIETLY_UPDATE_VPN_CERTIFICATE", + // command key used to update invalid certificates, connecting to the vpn is impossible UPDATE_INVALID_VPN_CERTIFICATE = "ProviderAPI.UPDATE_INVALID_VPN_CERTIFICATE", PARAMETERS = "parameters", + DELAY = "delay", RECEIVER_KEY = "receiver", ERRORS = "errors", ERRORID = "errorId", diff --git a/app/src/main/java/se/leap/bitmaskclient/providersetup/ProviderApiManagerBase.java b/app/src/main/java/se/leap/bitmaskclient/providersetup/ProviderApiManagerBase.java index ecddb9c7..607339fd 100644 --- a/app/src/main/java/se/leap/bitmaskclient/providersetup/ProviderApiManagerBase.java +++ b/app/src/main/java/se/leap/bitmaskclient/providersetup/ProviderApiManagerBase.java @@ -52,6 +52,7 @@ import static se.leap.bitmaskclient.providersetup.ProviderAPI.CORRECTLY_DOWNLOAD import static se.leap.bitmaskclient.providersetup.ProviderAPI.CORRECTLY_DOWNLOADED_GEOIP_JSON; import static se.leap.bitmaskclient.providersetup.ProviderAPI.CORRECTLY_DOWNLOADED_VPN_CERTIFICATE; import static se.leap.bitmaskclient.providersetup.ProviderAPI.CORRECTLY_UPDATED_INVALID_VPN_CERTIFICATE; +import static se.leap.bitmaskclient.providersetup.ProviderAPI.DELAY; import static se.leap.bitmaskclient.providersetup.ProviderAPI.DOWNLOAD_GEOIP_JSON; import static se.leap.bitmaskclient.providersetup.ProviderAPI.DOWNLOAD_SERVICE_JSON; import static se.leap.bitmaskclient.providersetup.ProviderAPI.DOWNLOAD_VPN_CERTIFICATE; @@ -71,6 +72,7 @@ import static se.leap.bitmaskclient.providersetup.ProviderAPI.MISSING_NETWORK_CO import static se.leap.bitmaskclient.providersetup.ProviderAPI.PARAMETERS; import static se.leap.bitmaskclient.providersetup.ProviderAPI.PROVIDER_NOK; import static se.leap.bitmaskclient.providersetup.ProviderAPI.PROVIDER_OK; +import static se.leap.bitmaskclient.providersetup.ProviderAPI.QUIETLY_UPDATE_VPN_CERTIFICATE; import static se.leap.bitmaskclient.providersetup.ProviderAPI.RECEIVER_KEY; import static se.leap.bitmaskclient.providersetup.ProviderAPI.SET_UP_PROVIDER; import static se.leap.bitmaskclient.providersetup.ProviderAPI.SIGN_UP; @@ -193,6 +195,14 @@ public abstract class ProviderApiManagerBase { return; } + if (parameters.containsKey(DELAY)) { + try { + Thread.sleep(parameters.getLong(DELAY)); + } catch (InterruptedException e) { + e.printStackTrace(); + } + } + if (!serviceCallback.hasNetworkConnection()) { Bundle result = new Bundle(); setErrorResult(result, R.string.error_network_connection, null); @@ -277,6 +287,17 @@ public abstract class ProviderApiManagerBase { } ProviderObservable.getInstance().setProviderForDns(null); break; + case QUIETLY_UPDATE_VPN_CERTIFICATE: + ProviderObservable.getInstance().setProviderForDns(provider); + result = updateVpnCertificate(provider); + if (result.getBoolean(BROADCAST_RESULT_KEY)) { + Log.d(TAG, "successfully downloaded VPN certificate"); + provider.setShouldUpdateVpnCertificate(false); + PreferenceHelper.storeProviderInPreferences(preferences, provider); + ProviderObservable.getInstance().updateProvider(provider); + } + ProviderObservable.getInstance().setProviderForDns(null); + break; case UPDATE_INVALID_VPN_CERTIFICATE: ProviderObservable.getInstance().setProviderForDns(provider); result = updateVpnCertificate(provider); diff --git a/app/src/test/java/se/leap/bitmaskclient/eip/ProviderApiManagerTest.java b/app/src/test/java/se/leap/bitmaskclient/eip/ProviderApiManagerTest.java index cb1e1f73..2b1615da 100644 --- a/app/src/test/java/se/leap/bitmaskclient/eip/ProviderApiManagerTest.java +++ b/app/src/test/java/se/leap/bitmaskclient/eip/ProviderApiManagerTest.java @@ -186,6 +186,7 @@ public class ProviderApiManagerTest { providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER); providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(PROVIDER_NOK, expectedResult)); providerApiCommand.putExtra(PROVIDER_KEY, provider); + providerApiCommand.putExtra(PARAMETERS, mockBundle()); providerApiManager.handleIntent(providerApiCommand); } @@ -207,6 +208,7 @@ public class ProviderApiManagerTest { providerApiCommand.putExtra(PROVIDER_KEY, provider); providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER); providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(PROVIDER_OK, expectedResult)); + providerApiCommand.putExtra(PARAMETERS, mockBundle()); providerApiManager.handleIntent(providerApiCommand); } @@ -228,6 +230,7 @@ public class ProviderApiManagerTest { providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER); providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(PROVIDER_OK, expectedResult)); providerApiCommand.putExtra(PROVIDER_KEY, provider); + providerApiCommand.putExtra(PARAMETERS, mockBundle()); providerApiManager.handleIntent(providerApiCommand); } @@ -249,7 +252,7 @@ public class ProviderApiManagerTest { Intent providerApiCommand = mockIntent(); providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER); providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(PROVIDER_OK, expectedResult)); - + providerApiCommand.putExtra(PARAMETERS, mockBundle()); providerApiCommand.putExtra(PROVIDER_KEY, provider); providerApiManager.handleIntent(providerApiCommand); @@ -270,6 +273,7 @@ public class ProviderApiManagerTest { providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER); providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(PROVIDER_NOK, expectedResult)); + providerApiCommand.putExtra(PARAMETERS, mockBundle()); providerApiCommand.putExtra(PROVIDER_KEY, provider); @@ -292,6 +296,7 @@ public class ProviderApiManagerTest { providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER); providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(PROVIDER_NOK, expectedResult)); + providerApiCommand.putExtra(PARAMETERS, mockBundle()); providerApiCommand.putExtra(PROVIDER_KEY, provider); @@ -318,7 +323,7 @@ public class ProviderApiManagerTest { providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER); providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(PROVIDER_NOK, expectedResult)); - + providerApiCommand.putExtra(PARAMETERS, mockBundle()); providerApiCommand.putExtra(PROVIDER_KEY, provider); providerApiManager.handleIntent(providerApiCommand); @@ -341,7 +346,7 @@ public class ProviderApiManagerTest { providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER); providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(PROVIDER_NOK, expectedResult)); - + providerApiCommand.putExtra(PARAMETERS, mockBundle()); providerApiCommand.putExtra(PROVIDER_KEY, provider); providerApiManager.handleIntent(providerApiCommand); @@ -365,7 +370,7 @@ public class ProviderApiManagerTest { providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER); providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(PROVIDER_NOK, expectedResult)); - + providerApiCommand.putExtra(PARAMETERS, mockBundle()); providerApiCommand.putExtra(PROVIDER_KEY, provider); providerApiManager.handleIntent(providerApiCommand); @@ -388,6 +393,7 @@ public class ProviderApiManagerTest { providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER); providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(PROVIDER_NOK, expectedResult)); + providerApiCommand.putExtra(PARAMETERS, mockBundle()); providerApiCommand.putExtra(PROVIDER_KEY, provider); @@ -413,6 +419,7 @@ public class ProviderApiManagerTest { providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER); providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(PROVIDER_NOK, expectedResult)); + providerApiCommand.putExtra(PARAMETERS, mockBundle()); providerApiCommand.putExtra(PROVIDER_KEY, provider); @@ -433,12 +440,12 @@ public class ProviderApiManagerTest { expectedResult.putString(ERRORS, "{\"errors\":\"There was an error configuring Bitmask with your chosen provider.\"}"); expectedResult.putParcelable(PROVIDER_KEY, provider); - Intent providerApiCommand = mockIntent(); providerApiCommand.putExtra(PROVIDER_KEY, provider); providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER); providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(PROVIDER_NOK, expectedResult)); + providerApiCommand.putExtra(PARAMETERS, mockBundle()); providerApiManager.handleIntent(providerApiCommand); } @@ -461,12 +468,12 @@ public class ProviderApiManagerTest { expectedResult.putString(ERRORS, "{\"errors\":\"There was an error configuring RiseupVPN.\"}"); expectedResult.putParcelable(PROVIDER_KEY, provider); - Intent providerApiCommand = mockIntent(); providerApiCommand.putExtra(PROVIDER_KEY, provider); providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER); providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(PROVIDER_NOK, expectedResult)); + providerApiCommand.putExtra(PARAMETERS, mockBundle()); providerApiManager.handleIntent(providerApiCommand); } @@ -484,12 +491,12 @@ public class ProviderApiManagerTest { expectedResult.putBoolean(BROADCAST_RESULT_KEY, true); expectedResult.putParcelable(PROVIDER_KEY, provider); - Intent providerApiCommand = mockIntent(); providerApiCommand.putExtra(PROVIDER_KEY, provider); providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER); providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(PROVIDER_OK, expectedResult)); + providerApiCommand.putExtra(PARAMETERS, mockBundle()); providerApiManager.handleIntent(providerApiCommand); } @@ -510,12 +517,12 @@ public class ProviderApiManagerTest { expectedResult.putBoolean(BROADCAST_RESULT_KEY, false); expectedResult.putParcelable(PROVIDER_KEY, provider); expectedResult.putString(ERRORS, "This is not a trusted Bitmask provider."); - Intent providerApiCommand = mockIntent(); providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER); providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(PROVIDER_NOK, expectedResult)); providerApiCommand.putExtra(PROVIDER_KEY, provider); + providerApiCommand.putExtra(PARAMETERS, mockBundle()); providerApiManager.handleIntent(providerApiCommand); } @@ -685,12 +692,12 @@ public class ProviderApiManagerTest { expectedResult.putBoolean(BROADCAST_RESULT_KEY, true); expectedResult.putParcelable(PROVIDER_KEY, provider); - Intent providerApiCommand = mockIntent(); providerApiCommand.putExtra(PROVIDER_KEY, provider); providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER); providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(PROVIDER_OK, expectedResult)); + providerApiCommand.putExtra(PARAMETERS, mockBundle()); providerApiManager.handleIntent(providerApiCommand); } @@ -707,7 +714,7 @@ public class ProviderApiManagerTest { providerApiCommand.putExtra(PROVIDER_KEY, provider); providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER); providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(PROVIDER_OK)); - + providerApiCommand.putExtra(PARAMETERS, mockBundle()); mockTorStatusObservable(null); providerApiManager.handleIntent(providerApiCommand); @@ -727,7 +734,7 @@ public class ProviderApiManagerTest { providerApiCommand.putExtra(PROVIDER_KEY, provider); providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER); providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(PROVIDER_NOK)); - + providerApiCommand.putExtra(PARAMETERS, mockBundle()); mockTorStatusObservable(null); providerApiManager.handleIntent(providerApiCommand); @@ -746,7 +753,7 @@ public class ProviderApiManagerTest { providerApiCommand.putExtra(PROVIDER_KEY, provider); providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER); providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(PROVIDER_NOK)); - + providerApiCommand.putExtra(PARAMETERS, mockBundle()); mockTorStatusObservable(new TimeoutException("Tor took too long to start.")); providerApiManager.handleIntent(providerApiCommand); @@ -767,7 +774,7 @@ public class ProviderApiManagerTest { providerApiCommand.putExtra(PROVIDER_KEY, provider); providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER); providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(PROVIDER_OK)); - + providerApiCommand.putExtra(PARAMETERS, mockBundle()); mockTorStatusObservable(null); providerApiManager.handleIntent(providerApiCommand); @@ -788,7 +795,7 @@ public class ProviderApiManagerTest { providerApiCommand.putExtra(PROVIDER_KEY, provider); providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER); providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(PROVIDER_OK)); - + providerApiCommand.putExtra(PARAMETERS, mockBundle()); mockTorStatusObservable(new TimeoutException("This timeout exception is never thrown")); providerApiManager.handleIntent(providerApiCommand); @@ -809,7 +816,7 @@ public class ProviderApiManagerTest { providerApiCommand.putExtra(PROVIDER_KEY, provider); providerApiCommand.setAction(ProviderAPI.UPDATE_INVALID_VPN_CERTIFICATE); providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(CORRECTLY_UPDATED_INVALID_VPN_CERTIFICATE)); - + providerApiCommand.putExtra(PARAMETERS, mockBundle()); mockTorStatusObservable(null); providerApiManager.handleIntent(providerApiCommand); @@ -831,7 +838,7 @@ public class ProviderApiManagerTest { providerApiCommand.putExtra(PROVIDER_KEY, provider); providerApiCommand.setAction(ProviderAPI.UPDATE_INVALID_VPN_CERTIFICATE); providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(INCORRECTLY_UPDATED_INVALID_VPN_CERTIFICATE)); - + providerApiCommand.putExtra(PARAMETERS, mockBundle()); mockTorStatusObservable(new TimeoutException("This timeout exception is never thrown")); providerApiManager.handleIntent(providerApiCommand); @@ -853,7 +860,7 @@ public class ProviderApiManagerTest { providerApiCommand.putExtra(PROVIDER_KEY, provider); providerApiCommand.setAction(ProviderAPI.UPDATE_INVALID_VPN_CERTIFICATE); providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(CORRECTLY_UPDATED_INVALID_VPN_CERTIFICATE)); - + providerApiCommand.putExtra(PARAMETERS, mockBundle()); mockTorStatusObservable(null); providerApiManager.handleIntent(providerApiCommand); @@ -880,7 +887,7 @@ public class ProviderApiManagerTest { providerApiCommand.putExtra(PROVIDER_KEY, provider); providerApiCommand.setAction(ProviderAPI.UPDATE_INVALID_VPN_CERTIFICATE); providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(TOR_EXCEPTION, expectedResult)); - + providerApiCommand.putExtra(PARAMETERS, mockBundle()); mockTorStatusObservable(new InterruptedException("Tor thread was interrupted.")); providerApiManager.handleIntent(providerApiCommand); @@ -903,7 +910,7 @@ public class ProviderApiManagerTest { providerApiCommand.putExtra(PROVIDER_KEY, provider); providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER); providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(TOR_TIMEOUT, expectedResult)); - + providerApiCommand.putExtra(PARAMETERS, mockBundle()); mockTorStatusObservable(new TimeoutException("Tor took too long to start.")); providerApiManager.handleIntent(providerApiCommand); @@ -928,7 +935,7 @@ public class ProviderApiManagerTest { providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER); providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(MISSING_NETWORK_CONNECTION, expectedResult)); providerApiCommand.putExtra(PROVIDER_KEY, provider); - + providerApiCommand.putExtra(PARAMETERS, mockBundle()); providerApiManager.handleIntent(providerApiCommand); } diff --git a/app/src/test/resources/v4/riseup.net.cert b/app/src/test/resources/v4/riseup.net.cert index b689c033..86bc0b55 100644 --- a/app/src/test/resources/v4/riseup.net.cert +++ b/app/src/test/resources/v4/riseup.net.cert @@ -1,54 +1,54 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAvXvOGBJeNZfzvkLgEbunA29j/zrxGtDxQwHQ2oAElpQyZfzF -smHza6Q4o1audAH/hrLF4Z3I3jRbGsuh81pq7GCMsaL1/C2xWlOOHH6+zljdLHvr -/COwVOuKIUR19yIIozcBaCp3mvDCMAH+cF0uLPw/cfs4Le0gaptN3n3f5jFnFxEs -3fDXnAgUP7QPvxm5Wl5MM2HBNKcwPNLA29VrgRtJ6OJWtK3raB1S1D3Iv9OMAYtA -5dCpRMYbV0gBcxc0YRsmlLy8s3ZKdKF3aqiZfN4R/dLzqmysIAVSgfvp8vZpRZDz -uStE+fiTH4MEFpUTQ6bwbjV9hh6+M5UO1aPYUwIDAQABAoIBAGPgDhHCHMZDAccX -mOO/9Zhp7ltpxgxMdd7L5jpFoCV+l9IKGmqcFqJ2PSRbXDjplLZ7JLJ3aJk3H45Q -J10OG63cdkxriR0TOJhT0mRSqmA5ltsLtqeAaEFapcRDQaqx1buyEpvFRqX0oWaM -poCznNM5YnfB4yrSAnQuyCyuTIYYO5n4baOWR97vbpfwPtznyt2vsVhsP6hj2+4u -Jv4cgDtvap/yXpCcQdfoAKavDRKDd9Ig+6ZirfNZv8nMShQqQj3WWzDY9FxWb2kG -BjKRURS5CD/4FRTY4CIQ9sGvhTvcY7WxgQ6uESuM2YBTEFygEtB9tyIMdPDTz9qg -43eqA4ECgYEA6YbVqnZPxGK2TTqJw0yV/UPDhXy0gViOX+eMwQpfQySd1wqBabeh -hS0ntMMcgZHNQ9IsBZDSkfVFA51+x97kQeoF5kvM3PYLBBvP6NBBaR/rlofkz/4z -4CIEFoFMUFplF4tyJOm+QQx7A8njG8oIJ0MI8zEjglJk4//yHF8AfU8CgYEAz7fs -uGKevL7Ha6n9qiQ08cLunWPP0CEUobf4afgXMVBl7R9hDiq80YImK0wuh8prOt0E -TWtL9i8ToEvHaubuXT1kgoOZoeyIAEYpi1aF/a/+AZ562Ts8jeWwa6ZJVqLfG0lR -gdrQvJgDgqsF4B6oynEjrvtanW48g+ROLmXwG70CgYBAF7yey1f7O2hza8SRsHxe -BXItOdvEwExbMA7mkHUy1WLouT5piHexOIJ0TzSMrzqaCZ4BbQ0N+DYX1usL6jXV -jWhPG7C/WFwPpZ57dGTveE5Ng0CegVM1icB7eMM8LoMeYixSy0BnVAiTMp69asaw -F+rl7C+lvf1owj9t3/kfawKBgQCxvqFB5qIOwPHEn2IBBZqIhlXJOG/LmYMeH17i -zviJqlKN5hwXE1sfrE8dHcNzTzMS262i0f3eW8pfkHjEcXfnMXGgfRwqA00dbux9 -3zwpKUAiAor8+EOI6NNeSpzXFef0YXjttWCJAUt/tPkCHzowgUAXq96OeJYwBl0g -NvqPwQKBgDpV8An1JZAjcUNc9IP6GvubYpsTwyEjSHYteEdBtahLrh0G4gjLNgg7 -PvhHxni5UvjeRiNPwb3cWVYL7v7YVTRyDvRmZ7FrLWJ0q3P0S8Ww4ar+ZWw8sQhQ -zaoY20NYypde+K9RRamnUw6GvoS+o7pF0c+hXaup/jGAwszcLJr3 +MIIEpAIBAAKCAQEAwtqqSbTsB/JchPr41KdSyTWfG+qBxRfbqYw5hx8VxzuVNPn4 +nEmKm4KbtEhZLT3Kk0yJa+9X3UBVkeTrI6IZQmsK1s1lq9YTcwjsryza//xtw6gM +7Wd8X8FaMnaYPBBRpaWWi//RsrLmztm0kSU1pJbgSL1VJsngGImWPcnAPvhPS4IG +6XD/4DLyog7Hyg0yuZyBf6DzvQUMFh/B9Sm+ogY8nG+vEaoN/RaKn25M+uC6NC2v +X+9wcqLyQeh0JsIA23foyyWlA2sW2+ad4VWfI3DpXwYCnCuJZlD3JZoLP8OoQacl +PsBIll+n6KeVcE7H7af2CkNinFa+0CgMYtvpgQIDAQABAoIBAQC5ufkkRinQLUfY +jOuOrmovVUfyMOU+es4qXnka/RsiCv3eQAGi3koajjRhc7BkeghTvFkkIz9pqX+m +jz89eK2A7Eypj5/AWU2ykSgglK2t3+qz2sNvqfsXvlF91iKm5ZsdO6cyjEVRgkqT +kVkWHBR0bEcdrjGyxisu2D33aQ0wNo1ENoJYJEe+F+fcm3IhVsSCMWEoYeX+RXXq +scwGgwNSn3V4fEqQA7Hs77ri+gjbuIf6KZ3DPcQTpJ4ST6UcJkyXowLLYFmPgVJt +XOqJ5sjDUNLgX2F6LJj8r0C2V0UmRoed/ZONmB2AVr/e/BmGB4zLVOFv4NLK52CP +m3B4SrPNAoGBAPEJcfFPAOAHIW51xz2l61W4d4rqvu54IuHYMGWRJjtNx/zqIxwE +I4hTHz9jz++JZaJH9anOliosIqzmieds57JX0MBEOIVG8wb0BgxziIO8E5hdfptr +DWtfmnFnCiz2qEb38UU8GiifiwCrU6NkEniAaoCVkMMx+B0cycLfeeUHAoGBAM7z +SOUbZooN7ZAz/KFe05wHOwngb7ikEuENXFLziyaOa+0zXyv0PitWese0GdGbU1nH +Alkw/qA8kozGobmfSWrLxBCjJDtz4wuDilwI4OT0hO6+VZlF89C84BjAVA/RXjzo +CcIUrIvZv8OaopESicuC67KB1ujB4p+XFTEmlmM3AoGABSNTZ3ZsqVndj5I5JgpE +YvZkrfRlD4ZGEBRgq7mVXAxDaBPBndZEv6It91b0VsHSBcyM4wrBTrLUJmVfqSw8 +ICQZEhAiOE0T3yESg+9uiIhYzpWnnj6A8bn++83bfKvhWGnunbAzSoxkFSaRyNjY +P/NU0dreVBrblBtJ/bpvyb8CgYBOX13kvdq4P4wPB1EN/65dsXNPSzqkDybDKd8j +3u18nYUL4F+Tcry0htyakn8QnSUUo8Qk6OQU5LuPKo4GkOcp1Z8budy30yxRqPAV +6Jrauis5isU59X7fNxga54MuNljc8fb4FAJAOCdiOUaFcCLU+nCuOnOb1Akx7PJu +mbFsQwKBgQCfOLsXqDHMRTnyRCwGOx9aIbYt0qW5ZE08f8vbqKMz2KeX9uN7G/7s +NO36Zakppn9IS9nQVPmBDQhQ+8VQYqX7VaB1ug7d1OhuP+dbvXGBq4nN9f2iqy6Z +G5PyYZpI8Qo+Cr04TkXacz9Lc4NFOxyqw/Ln1tuOLYAZY8dSaTHOsg== -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- -MIIEmzCCAoOgAwIBAgIQfhZuQF/HQWNj4bY/2E0R1zANBgkqhkiG9w0BAQsFADB1 +MIIEmzCCAoOgAwIBAgIQdYL065go8MY1TA6uhbuzrzANBgkqhkiG9w0BAQsFADB1 MRgwFgYDVQQKDA9SaXNldXAgTmV0d29ya3MxGzAZBgNVBAsMEmh0dHBzOi8vcmlz ZXVwLm5ldDE8MDoGA1UEAwwzUmlzZXVwIE5ldHdvcmtzIFJvb3QgQ0EgKGNsaWVu -dCBjZXJ0aWZpY2F0ZXMgb25seSEpMB4XDTIyMDQxNzAwMDAwMFoXDTIyMDcxNzAw -MDAwMFowLTErMCkGA1UEAwwiVU5MSU1JVEVEN2ZsNjdmcmZ6NnF3aWs2eG95emht -bzV2eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL17zhgSXjWX875C -4BG7pwNvY/868RrQ8UMB0NqABJaUMmX8xbJh82ukOKNWrnQB/4ayxeGdyN40WxrL -ofNaauxgjLGi9fwtsVpTjhx+vs5Y3Sx76/wjsFTriiFEdfciCKM3AWgqd5rwwjAB -/nBdLiz8P3H7OC3tIGqbTd593+YxZxcRLN3w15wIFD+0D78ZuVpeTDNhwTSnMDzS -wNvVa4EbSejiVrSt62gdUtQ9yL/TjAGLQOXQqUTGG1dIAXMXNGEbJpS8vLN2SnSh -d2qomXzeEf3S86psrCAFUoH76fL2aUWQ87krRPn4kx+DBBaVE0Om8G41fYYevjOV -DtWj2FMCAwEAAaNvMG0wHQYDVR0OBBYEFASbEXiXvCseE07xGzDXVzZqRWYkMAsG +dCBjZXJ0aWZpY2F0ZXMgb25seSEpMB4XDTIyMDYxODAwMDAwMFoXDTIyMDkxODAw +MDAwMFowLTErMCkGA1UEAwwiVU5MSU1JVEVENnZteWZ1MHpsdmlucmprdTN3Y2hp +OTZsbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLaqkm07AfyXIT6 ++NSnUsk1nxvqgcUX26mMOYcfFcc7lTT5+JxJipuCm7RIWS09ypNMiWvvV91AVZHk +6yOiGUJrCtbNZavWE3MI7K8s2v/8bcOoDO1nfF/BWjJ2mDwQUaWllov/0bKy5s7Z +tJElNaSW4Ei9VSbJ4BiJlj3JwD74T0uCBulw/+Ay8qIOx8oNMrmcgX+g870FDBYf +wfUpvqIGPJxvrxGqDf0Wip9uTPrgujQtr1/vcHKi8kHodCbCANt36MslpQNrFtvm +neFVnyNw6V8GApwriWZQ9yWaCz/DqEGnJT7ASJZfp+inlXBOx+2n9gpDYpxWvtAo +DGLb6YECAwEAAaNvMG0wHQYDVR0OBBYEFGy9LFCeTCtyoVbQYY18zgpX0N98MAsG A1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAjAJBgNVHRMEAjAAMB8GA1Ud -IwQYMBaAFBf0G9XlKgEBTWuiXTYKKQmWZYBGMA0GCSqGSIb3DQEBCwUAA4ICAQA6 -P4z8srFEo/LhaAdOTHjvi4t8OVR7WuD6Tit68UabZpbFwPmXVbzYATKmNepYjXqR -TDW416M7QWja5nyFSXaLzk95osE1IxqcqgZ5vKHLPFE5J8eBtkVoFN6+9F6olx6s -8UYbewU1Cm2rN2Y1xXNxAFz9wNqLjGdhuExdfxE+4/Y2uh40yC2rhiJLiSrsdfCU -QsBQJy7Z76dAtbp2087aqikHmiqm/lkIKXE3jNgb8JCT3oJutedBA/CknDyM/7N/ -x83mS5Iu6vRQIBFN6wfsxxUWOh9oSnivcWBF5IO7a71nuiEEaZpG1tSsQTYk9ENW -Sx5cP4NnF7uZyMhYASWpVRBsx0gz6cmGWTIO8v9CX4D8HMK7uKeJkMenmwiwnhkI -+H+9U8sHCX0UGUZqiJshM7ySf7lhHI+UgrE2qCR0GFoRfP9Yz6tsJ0bNKBUkl6UH -BmXtH1Z7QVSfbkheNA3LNaFB2Gz20+s1kF6N0VGE1DQCsgM2gkciEhYAz13OBT70 -j6PPargWi51B/hsg9b3LE44dk052/vVnklnJ+rjdgrrmwIlN4xyEbc851knLOqxn -7Xjnl1Qx4sJkm06E+AuKy0OXy2f/mIOiTmA0jlXtYPSV6rYxtUzJeOlqwsu3ImNg -x3DRSmjZfW1BOCSqLvlJyKeFKxwJlWFGsKk7uBonwA== +IwQYMBaAFBf0G9XlKgEBTWuiXTYKKQmWZYBGMA0GCSqGSIb3DQEBCwUAA4ICAQBy +MezxBB08bn5L5ye3pTOvENyM0DLGdoy1N+oEHhjMW/QmxPuXzKviyxNEtFCbyZeT +n+uQPY3zwhj4vF5PZoUXI22USISMo+bPHHo4dTfXfzln7CuPuXnUR1bFKSFGU7+B +6TZb5qmFkWfCiZ8KE1ogKXLX2mwmnIKVpPiu07pp6msR+pxfQHBBbrzafLs5PSa8 +kTxW900eozF4KJYwcryu6A/tdkTrQqsji/NrwqJRnFqzzDV0x7iFpnp0J9xRi1oa +nkETZXMSHkDkqL3RdTwg11RX+bnYS/GK+//z3G17iwB/rGIi9O2qN6uMhX/ZFwom +AAqbSAzOnSU2ERaSuc7a0t9c9cNnusbYiDaNISAi7bOGs5tCbLRBwSznvIo9Dfx8 +aRnDucYp+I6Vl7xW2mM155/44laemiWn4SPRbvBgZgBWObptnuIqu9Nipwp69z/Q +x/BBcnNu+PbdkuC9zO+OtwosK3WVkL+QiKWbT4fxXNqJV90NM1R+CteDWvixs+Bn +xVGCH4c6+svnBmyRhDYID7ZmoeE/gnPkceh63igZ6V+w0UAnGtT9cfLK9cLawfZO +GnO7P8YTawjRoVz9FmhUnirghq8xk0MCdGHWzT+FqGS+l270F+bbD4eUD2nQhV4J +QJ0J3BGyzELKzFtIBIpnzPVDJDSIQkPTT/yP7gAEPg== -----END CERTIFICATE----- \ No newline at end of file -- cgit v1.2.3 From e9afdcda3e10c9cb86a39f4c1da1702e07597ef6 Mon Sep 17 00:00:00 2001 From: cyBerta Date: Mon, 18 Jul 2022 18:33:26 +0200 Subject: only allow already established network connections when trying to call the provider API --- app/src/main/java/se/leap/bitmaskclient/providersetup/ProviderAPI.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/src/main/java/se/leap/bitmaskclient/providersetup/ProviderAPI.java b/app/src/main/java/se/leap/bitmaskclient/providersetup/ProviderAPI.java index 063c9e00..cada516d 100644 --- a/app/src/main/java/se/leap/bitmaskclient/providersetup/ProviderAPI.java +++ b/app/src/main/java/se/leap/bitmaskclient/providersetup/ProviderAPI.java @@ -162,7 +162,7 @@ public class ProviderAPI extends JobIntentService implements ProviderApiManagerB if (Build.VERSION.SDK_INT < Build.VERSION_CODES.Q) { NetworkInfo activeNetwork = cm.getActiveNetworkInfo(); return activeNetwork != null && - activeNetwork.isConnectedOrConnecting(); + activeNetwork.isConnected(); } else { NetworkCapabilities capabilities = cm.getNetworkCapabilities(cm.getActiveNetwork()); if (capabilities != null) { -- cgit v1.2.3 From ea0e8e4d5ef61af57ef5826d7526f0bfc4c459b2 Mon Sep 17 00:00:00 2001 From: cyBerta Date: Mon, 18 Jul 2022 18:37:02 +0200 Subject: update eip-service.json every 3 days or after a unsuccessful connection attempt, use a small delay to ensure the VPN is ready for the first network request --- app/src/main/java/se/leap/bitmaskclient/eip/EipSetupObserver.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/EipSetupObserver.java b/app/src/main/java/se/leap/bitmaskclient/eip/EipSetupObserver.java index 56350703..a523f440 100644 --- a/app/src/main/java/se/leap/bitmaskclient/eip/EipSetupObserver.java +++ b/app/src/main/java/se/leap/bitmaskclient/eip/EipSetupObserver.java @@ -373,7 +373,9 @@ public class EipSetupObserver extends BroadcastReceiver implements VpnStatus.Sta } if (shouldCheckAppUpdate()) { - DownloadServiceCommand.execute(appContext, CHECK_VERSION_FILE); + Bundle parameters = new Bundle(); + parameters.putLong(DELAY, 500); + DownloadServiceCommand.execute(appContext, CHECK_VERSION_FILE, parameters); } if (provider.shouldUpdateVpnCertificate()) { -- cgit v1.2.3 From 958c93974d5fd81e882e61bd30fa13ac89868106 Mon Sep 17 00:00:00 2001 From: cyBerta Date: Mon, 18 Jul 2022 18:40:57 +0200 Subject: removed unused ServiceConnection --- app/src/main/java/se/leap/bitmaskclient/providersetup/ProviderAPI.java | 1 - 1 file changed, 1 deletion(-) diff --git a/app/src/main/java/se/leap/bitmaskclient/providersetup/ProviderAPI.java b/app/src/main/java/se/leap/bitmaskclient/providersetup/ProviderAPI.java index cada516d..e45add50 100644 --- a/app/src/main/java/se/leap/bitmaskclient/providersetup/ProviderAPI.java +++ b/app/src/main/java/se/leap/bitmaskclient/providersetup/ProviderAPI.java @@ -103,7 +103,6 @@ public class ProviderAPI extends JobIntentService implements ProviderApiManagerB TOR_EXCEPTION = 21; ProviderApiManager providerApiManager; - private volatile TorServiceConnection torServiceConnection; //TODO: refactor me, please! //used in insecure flavor only -- cgit v1.2.3 From 512030e22fda6eadb69d4f486241490670d7bab1 Mon Sep 17 00:00:00 2001 From: cyBerta Date: Mon, 18 Jul 2022 18:46:46 +0200 Subject: implement small delay to check for version updates after a successful connection setup --- .../appUpdate/DownloadServiceCommand.java | 29 ++++++++++++++++++---- .../appUpdate/UpdateDownloadManager.java | 11 ++++++++ .../leap/bitmaskclient/eip/EipSetupObserver.java | 4 ++- 3 files changed, 38 insertions(+), 6 deletions(-) diff --git a/app/src/fatweb/java/se.leap.bitmaskclient/appUpdate/DownloadServiceCommand.java b/app/src/fatweb/java/se.leap.bitmaskclient/appUpdate/DownloadServiceCommand.java index 4e0d9079..41efd621 100644 --- a/app/src/fatweb/java/se.leap.bitmaskclient/appUpdate/DownloadServiceCommand.java +++ b/app/src/fatweb/java/se.leap.bitmaskclient/appUpdate/DownloadServiceCommand.java @@ -18,6 +18,7 @@ package se.leap.bitmaskclient.appUpdate; import android.content.Context; import android.content.Intent; +import android.os.Bundle; import android.os.ResultReceiver; import androidx.annotation.NonNull; @@ -31,18 +32,27 @@ public class DownloadServiceCommand { CHECK_VERSION_FILE = "checkVersionFile", DOWNLOAD_UPDATE = "downloadUpdate"; - private Context context; - private String action; - private ResultReceiver resultReceiver; + private final Context context; + private final String action; + private Bundle parameters; + private final ResultReceiver resultReceiver; private DownloadServiceCommand(@NonNull Context context, @NonNull String action) { - this(context.getApplicationContext(), action, null); + this(context.getApplicationContext(), action, null, null); } + private DownloadServiceCommand(@NonNull Context context, @NonNull String action, @Nullable Bundle parameters) { + this(context.getApplicationContext(), action, parameters, null); + } private DownloadServiceCommand(@NonNull Context context, @NonNull String action, @Nullable ResultReceiver resultReceiver) { + this(context.getApplicationContext(), action, null, resultReceiver); + } + + private DownloadServiceCommand(@NonNull Context context, @NonNull String action, @Nullable Bundle parameters, @Nullable ResultReceiver resultReceiver) { super(); this.context = context; this.action = action; + this.parameters = parameters; this.resultReceiver = resultReceiver; } @@ -53,6 +63,10 @@ public class DownloadServiceCommand { if (resultReceiver != null) { command.putExtra(ProviderAPI.RECEIVER_KEY, resultReceiver); } + if (parameters == null) { + parameters = Bundle.EMPTY; + } + command.putExtra(ProviderAPI.PARAMETERS, parameters); return command; } @@ -73,7 +87,12 @@ public class DownloadServiceCommand { command.execute(); } - public static void execute(Context context, String action, ResultReceiver resultReceiver) { + public static void execute(Context context, String action, Bundle parameters) { + DownloadServiceCommand command = new DownloadServiceCommand(context, action, parameters); + command.execute(); + } + + public static void execute(Context context, String action, Bundle parameters, ResultReceiver resultReceiver) { DownloadServiceCommand command = new DownloadServiceCommand(context, action, resultReceiver); command.execute(); } diff --git a/app/src/fatweb/java/se.leap.bitmaskclient/appUpdate/UpdateDownloadManager.java b/app/src/fatweb/java/se.leap.bitmaskclient/appUpdate/UpdateDownloadManager.java index b50c587c..109164c5 100644 --- a/app/src/fatweb/java/se.leap.bitmaskclient/appUpdate/UpdateDownloadManager.java +++ b/app/src/fatweb/java/se.leap.bitmaskclient/appUpdate/UpdateDownloadManager.java @@ -48,6 +48,8 @@ import static se.leap.bitmaskclient.base.models.Constants.BROADCAST_DOWNLOAD_SER import static se.leap.bitmaskclient.base.models.Constants.BROADCAST_RESULT_CODE; import static se.leap.bitmaskclient.base.models.Constants.BROADCAST_RESULT_KEY; import static se.leap.bitmaskclient.base.utils.FileHelper.readPublicKey; +import static se.leap.bitmaskclient.providersetup.ProviderAPI.DELAY; +import static se.leap.bitmaskclient.providersetup.ProviderAPI.PARAMETERS; import static se.leap.bitmaskclient.providersetup.ProviderAPI.RECEIVER_KEY; public class UpdateDownloadManager implements Logger, DownloadConnector.DownloadProgress { @@ -93,6 +95,15 @@ public class UpdateDownloadManager implements Logger, DownloadConnector.Download receiver = command.getParcelableExtra(RECEIVER_KEY); } String action = command.getAction(); + Bundle parameters = command.getBundleExtra(PARAMETERS); + + if (parameters.containsKey(DELAY)) { + try { + Thread.sleep(parameters.getLong(DELAY)); + } catch (InterruptedException e) { + e.printStackTrace(); + } + } Bundle result = new Bundle(); switch (action) { diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/EipSetupObserver.java b/app/src/main/java/se/leap/bitmaskclient/eip/EipSetupObserver.java index a523f440..05991390 100644 --- a/app/src/main/java/se/leap/bitmaskclient/eip/EipSetupObserver.java +++ b/app/src/main/java/se/leap/bitmaskclient/eip/EipSetupObserver.java @@ -369,7 +369,9 @@ public class EipSetupObserver extends BroadcastReceiver implements VpnStatus.Sta Provider provider = ProviderObservable.getInstance().getCurrentProvider(); if (setupNClosestGateway.get() > 0 || provider.shouldUpdateEipServiceJson()) { //setupNClostestGateway > 0: at least one failed gateway -> did the provider change it's gateways? - ProviderAPICommand.execute(appContext, ProviderAPI.DOWNLOAD_SERVICE_JSON, provider); + Bundle parameters = new Bundle(); + parameters.putLong(DELAY, 500); + ProviderAPICommand.execute(appContext, ProviderAPI.DOWNLOAD_SERVICE_JSON, parameters, provider); } if (shouldCheckAppUpdate()) { -- cgit v1.2.3 From 4e688086e0a57858ff4581ed34e652dc677ff4fd Mon Sep 17 00:00:00 2001 From: cyBerta Date: Mon, 18 Jul 2022 18:47:30 +0200 Subject: fix app update download notification sound bug on pre Android 8 devices --- .../se.leap.bitmaskclient/appUpdate/DownloadNotificationManager.java | 1 + 1 file changed, 1 insertion(+) diff --git a/app/src/fatweb/java/se.leap.bitmaskclient/appUpdate/DownloadNotificationManager.java b/app/src/fatweb/java/se.leap.bitmaskclient/appUpdate/DownloadNotificationManager.java index 1a88000b..336802c6 100644 --- a/app/src/fatweb/java/se.leap.bitmaskclient/appUpdate/DownloadNotificationManager.java +++ b/app/src/fatweb/java/se.leap.bitmaskclient/appUpdate/DownloadNotificationManager.java @@ -84,6 +84,7 @@ public class DownloadNotificationManager { notificationBuilder .setDefaults(Notification.DEFAULT_ALL) .setAutoCancel(false) + .setNotificationSilent() .setOngoing(true) .setSmallIcon(android.R.drawable.stat_sys_download) .setContentTitle(context.getString(R.string.version_update_apk_description, context.getString(R.string.app_name))) -- cgit v1.2.3 From 8da92b90abaa39c1c66e305c61907eadb0ec1269 Mon Sep 17 00:00:00 2001 From: cyBerta Date: Mon, 18 Jul 2022 18:47:51 +0200 Subject: add missing static import for string in EipFragment --- app/src/main/java/se/leap/bitmaskclient/base/fragments/EipFragment.java | 1 + 1 file changed, 1 insertion(+) diff --git a/app/src/main/java/se/leap/bitmaskclient/base/fragments/EipFragment.java b/app/src/main/java/se/leap/bitmaskclient/base/fragments/EipFragment.java index a61680a1..d993a119 100644 --- a/app/src/main/java/se/leap/bitmaskclient/base/fragments/EipFragment.java +++ b/app/src/main/java/se/leap/bitmaskclient/base/fragments/EipFragment.java @@ -17,6 +17,7 @@ package se.leap.bitmaskclient.base.fragments; import static de.blinkt.openvpn.core.ConnectionStatus.LEVEL_NONETWORK; +import static se.leap.bitmaskclient.R.string.vpn_certificate_user_message; import static se.leap.bitmaskclient.base.models.Constants.ASK_TO_CANCEL_VPN; import static se.leap.bitmaskclient.base.models.Constants.EIP_ACTION_START; import static se.leap.bitmaskclient.base.models.Constants.EIP_EARLY_ROUTES; -- cgit v1.2.3 From 12797d89623adb34425cea6cb7de1057083d1cf7 Mon Sep 17 00:00:00 2001 From: cyBerta Date: Mon, 18 Jul 2022 21:34:59 +0200 Subject: add missing empty DownloadServiceCommand method for non-web-downloaded apks --- .../se/leap/bitmaskclient/appUpdate/DownloadServiceCommand.java | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/app/src/notFatweb/java/se/leap/bitmaskclient/appUpdate/DownloadServiceCommand.java b/app/src/notFatweb/java/se/leap/bitmaskclient/appUpdate/DownloadServiceCommand.java index 157f04fe..02a830ca 100644 --- a/app/src/notFatweb/java/se/leap/bitmaskclient/appUpdate/DownloadServiceCommand.java +++ b/app/src/notFatweb/java/se/leap/bitmaskclient/appUpdate/DownloadServiceCommand.java @@ -1,6 +1,10 @@ package se.leap.bitmaskclient.appUpdate; import android.content.Context; +import android.os.Bundle; + +import androidx.annotation.NonNull; +import androidx.annotation.Nullable; /** * DownloadServiceCommand is only implemented in Fatweb builds @@ -16,4 +20,8 @@ public class DownloadServiceCommand { public static void execute(Context context, String action) { // DO NOTHING. } + + public static void execute(@NonNull Context context, @NonNull String action, @Nullable Bundle parameters) { + // DO NOTHING. + } } -- cgit v1.2.3 From 6ad47f6665312cfbc5c9b9e9bae1088d91b8dc99 Mon Sep 17 00:00:00 2001 From: cyBerta Date: Mon, 18 Jul 2022 22:06:35 +0200 Subject: adapt and add tests --- .../eip/VpnCertificateValidatorTest.java | 30 ++++++++++++++++++---- 1 file changed, 25 insertions(+), 5 deletions(-) diff --git a/app/src/test/java/se/leap/bitmaskclient/eip/VpnCertificateValidatorTest.java b/app/src/test/java/se/leap/bitmaskclient/eip/VpnCertificateValidatorTest.java index 32c0d0e4..1cb47f43 100644 --- a/app/src/test/java/se/leap/bitmaskclient/eip/VpnCertificateValidatorTest.java +++ b/app/src/test/java/se/leap/bitmaskclient/eip/VpnCertificateValidatorTest.java @@ -38,9 +38,9 @@ public class VpnCertificateValidatorTest { } @Test - public void test_isValid_lessThan15days_returnFalse() throws NoSuchAlgorithmException, CertificateEncodingException, IOException { + public void test_isValid_lessThan1day_returnFalse() throws NoSuchAlgorithmException, CertificateEncodingException, IOException { String cert = getInputAsString(getClass().getClassLoader().getResourceAsStream("riseup.net.pem")); - Calendar c = new Calendar.Builder().setDate(2024, 4, 14).setCalendarType("gregorian").build(); + Calendar c = new Calendar.Builder().setDate(2024, 3, 28).setCalendarType("gregorian").build(); mockConfigHelper("falseFingerPrint"); VpnCertificateValidator validator = new VpnCertificateValidator(cert); validator.setCalendarProvider(new TestCalendarProvider(c.getTimeInMillis())); @@ -50,7 +50,7 @@ public class VpnCertificateValidatorTest { @Test public void test_isValid_multipleCerts_failIfOneExpires() throws NoSuchAlgorithmException, CertificateEncodingException, IOException { String cert = getInputAsString(getClass().getClassLoader().getResourceAsStream("float.hexacab.org.pem")); - Calendar c = new Calendar.Builder().setDate(2024, 4, 14).setCalendarType("gregorian").build(); + Calendar c = new Calendar.Builder().setDate(2024, 3, 28).setCalendarType("gregorian").build(); mockConfigHelper("falseFingerPrint"); VpnCertificateValidator validator = new VpnCertificateValidator(cert); validator.setCalendarProvider(new TestCalendarProvider(c.getTimeInMillis())); @@ -60,10 +60,30 @@ public class VpnCertificateValidatorTest { @Test public void test_isValid_multipleCerts_allValid() throws NoSuchAlgorithmException, CertificateEncodingException, IOException { String cert = getInputAsString(getClass().getClassLoader().getResourceAsStream("float.hexacab.org.pem")); - Calendar c = new Calendar.Builder().setDate(2024, 4, 13).setCalendarType("gregorian").build(); + Calendar c = new Calendar.Builder().setDate(2024, 3, 27).setCalendarType("gregorian").build(); mockConfigHelper("falseFingerPrint"); VpnCertificateValidator validator = new VpnCertificateValidator(cert); validator.setCalendarProvider(new TestCalendarProvider(c.getTimeInMillis())); - assertFalse(validator.isValid()); + assertTrue(validator.isValid()); + } + + @Test + public void test_shouldBeUpdated_lessThan8days_returnTrue() throws NoSuchAlgorithmException, CertificateEncodingException, IOException { + String cert = getInputAsString(getClass().getClassLoader().getResourceAsStream("float.hexacab.org.pem")); + Calendar c = new Calendar.Builder().setDate(2024, 3, 21).setCalendarType("gregorian").build(); + mockConfigHelper("falseFingerPrint"); + VpnCertificateValidator validator = new VpnCertificateValidator(cert); + validator.setCalendarProvider(new TestCalendarProvider(c.getTimeInMillis())); + assertTrue(validator.shouldBeUpdated()); + } + + @Test + public void test_shouldBeUpdated_moreThan8days_returnFalse() throws NoSuchAlgorithmException, CertificateEncodingException, IOException { + String cert = getInputAsString(getClass().getClassLoader().getResourceAsStream("float.hexacab.org.pem")); + Calendar c = new Calendar.Builder().setDate(2024, 3, 20).setCalendarType("gregorian").build(); + mockConfigHelper("falseFingerPrint"); + VpnCertificateValidator validator = new VpnCertificateValidator(cert); + validator.setCalendarProvider(new TestCalendarProvider(c.getTimeInMillis())); + assertFalse(validator.shouldBeUpdated()); } } \ No newline at end of file -- cgit v1.2.3