From b8087831f7db9fbc7806c58e632bda448b3b9e3b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Parm=C3=A9nides=20GV?= Date: Wed, 12 Nov 2014 03:44:14 +0100 Subject: More refactoring, fixed problems from previous commit. --- .../bitmaskclient/test/testLeapSRPSession.java | 52 ++---- .../java/se/leap/bitmaskclient/ProviderAPI.java | 1 - app/src/main/AndroidManifest.xml | 12 +- .../main/java/se/leap/bitmaskclient/Dashboard.java | 31 ++-- .../java/se/leap/bitmaskclient/eip/Constants.java | 6 +- .../main/java/se/leap/bitmaskclient/eip/EIP.java | 182 +++++---------------- .../bitmaskclient/eip/VpnCertificateValidator.java | 59 +++++++ 7 files changed, 139 insertions(+), 204 deletions(-) create mode 100644 app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java diff --git a/app/src/androidTest/java/se/leap/bitmaskclient/test/testLeapSRPSession.java b/app/src/androidTest/java/se/leap/bitmaskclient/test/testLeapSRPSession.java index 2821373a..d7f4bfb3 100644 --- a/app/src/androidTest/java/se/leap/bitmaskclient/test/testLeapSRPSession.java +++ b/app/src/androidTest/java/se/leap/bitmaskclient/test/testLeapSRPSession.java @@ -33,7 +33,6 @@ public class testLeapSRPSession extends TestCase { public void testExponential() { byte[] expected_A; byte[] a_byte; - SRPParameters params; LeapSRPSession client; /* Test 1: abytes = 4 */ @@ -43,8 +42,7 @@ public class testLeapSRPSession extends TestCase { salt = "64c3289d04a6ecad", a = "3565fdc2"; a_byte = new BigInteger(a, 16).toByteArray(); - params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256"); - client = new LeapSRPSession(username, password, params, a_byte); + client = new LeapSRPSession(username, password, a_byte); byte[] A = client.exponential(); @@ -55,8 +53,7 @@ public class testLeapSRPSession extends TestCase { expected_A = new BigInteger("11acfacc08178d48f95c0e69adb11f6d144dd0980ee6e44b391347592e3bd5e9cb841d243b3d9ac2adb25b367a2558e8829b22dcef96c0934378412383ccf95141c3cb5f17ada20f53a0225f56a07f2b0c0469ed6bbad3646f7b71bdd4bedf5cc6fac244b26d3195d8f55877ff94a925b0c0c8f7273eca733c0355b38360442e", 16).toByteArray(); a_byte = new BigInteger(a, 16).toByteArray(); - params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256"); - client = new LeapSRPSession(username, password, params, a_byte); + client = new LeapSRPSession(username, password, a_byte); A = client.exponential(); @@ -73,8 +70,7 @@ public class testLeapSRPSession extends TestCase { salt = "64c3289d04a6ecad", a = "8c911355"; byte[] a_byte = new BigInteger(a, 16).toByteArray(); - SRPParameters params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256"); - LeapSRPSession client = new LeapSRPSession(username, password, params, a_byte); + LeapSRPSession client = new LeapSRPSession(username, password, a_byte); byte[] x = client.calculatePasswordHash(username, password, new BigInteger(salt, 16).toByteArray()); assertTrue(Arrays.equals(x, expected_x)); @@ -93,8 +89,7 @@ public class testLeapSRPSession extends TestCase { a = "38d5b211"; a_byte = new BigInteger(a, 16).toByteArray(); - params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256"); - client = new LeapSRPSession(username, password, params, a_byte); + client = new LeapSRPSession(username, password, a_byte); x = client.calculatePasswordHash(username, password, new BigInteger(salt, 16).toByteArray()); A = client.exponential(); @@ -110,8 +105,7 @@ public class testLeapSRPSession extends TestCase { a = "36ee80ec"; a_byte = new BigInteger(a, 16).toByteArray(); - params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256"); - client = new LeapSRPSession(username, password, params, a_byte); + client = new LeapSRPSession(username, password, a_byte); x = client.calculatePasswordHash(username, password, new BigInteger(salt, 16).toByteArray()); A = client.exponential(); @@ -321,8 +315,7 @@ public class testLeapSRPSession extends TestCase { salt = "64c3289d04a6ecad", a = "8c911355"; byte[] a_byte = new BigInteger(a, 16).toByteArray(); - SRPParameters params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256"); - LeapSRPSession client = new LeapSRPSession(username, password, params, a_byte); + LeapSRPSession client = new LeapSRPSession(username, password, a_byte); byte[] x = client.calculatePasswordHash(username, password, new BigInteger(salt, 16).toByteArray()); assertTrue(Arrays.equals(x, expected_x)); @@ -345,8 +338,7 @@ public class testLeapSRPSession extends TestCase { expected_M2 = trim(new BigInteger("517278a03a0320a52dcb391caf5264d76149d7d9b71ed2b65536233344c550cf", 16).toByteArray()); a_byte = new BigInteger(a, 16).toByteArray(); - params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256"); - client = new LeapSRPSession(username, password, params, a_byte); + client = new LeapSRPSession(username, password, a_byte); x = client.calculatePasswordHash(username, password, new BigInteger(salt, 16).toByteArray()); A = client.exponential(); @@ -365,8 +357,7 @@ public class testLeapSRPSession extends TestCase { expected_M2 = trim(new BigInteger("3bfb91c7d04b6da6381fe3d2648d992cdc6bc67b8ee16d1cfa733f786d492261", 16).toByteArray()); a_byte = new BigInteger(a, 16).toByteArray(); - params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256"); - client = new LeapSRPSession(username, password, params, a_byte); + client = new LeapSRPSession(username, password, a_byte); x = client.calculatePasswordHash(username, password, new BigInteger(salt, 16).toByteArray()); A = client.exponential(); @@ -390,8 +381,7 @@ public class testLeapSRPSession extends TestCase { expected_M2 = trim(new BigInteger("8f4552b1021a4de621d8f50f0921c4d20651e702d9d71276f8f6c15b838de018", 16).toByteArray()); a_byte = new BigInteger(a, 16).toByteArray(); - params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256"); - client = new LeapSRPSession(username, password, params, a_byte); + client = new LeapSRPSession(username, password, a_byte); x = client.calculatePasswordHash(username, password, trim(new BigInteger(salt, 16).toByteArray())); assertTrue(Arrays.equals(x, expected_x)); @@ -418,8 +408,7 @@ public class testLeapSRPSession extends TestCase { expected_M2 = trim(new BigInteger("04cf3ab3b75dbc4b116ca2fec949bf3deca1e360e016d7ab2b8a49904c534a27", 16).toByteArray()); a_byte = new BigInteger(a, 16).toByteArray(); - params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256"); - client = new LeapSRPSession(username, password, params, a_byte); + client = new LeapSRPSession(username, password, a_byte); x = client.calculatePasswordHash(username, password, trim(new BigInteger(salt, 16).toByteArray())); assertTrue(Arrays.equals(x, expected_x)); @@ -448,8 +437,7 @@ public class testLeapSRPSession extends TestCase { expected_M2 = trim(new BigInteger("082cf49ad5a34cc5ca571e3d063aec4bd96e7b96a6d951295180631650a84587", 16).toByteArray()); a_byte = new BigInteger(a, 16).toByteArray(); - params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256"); - client = new LeapSRPSession(username, password, params, a_byte); + client = new LeapSRPSession(username, password, a_byte); x = client.calculatePasswordHash(username, password, trim(new BigInteger(salt, 16).toByteArray())); assertTrue(Arrays.equals(x, expected_x)); @@ -479,8 +467,7 @@ public class testLeapSRPSession extends TestCase { expected_M2 = trim(new BigInteger("5cc3d7f0077e978c83acdef14a725af01488c1728f0cf32cd7013d24faf5d901", 16).toByteArray()); a_byte = new BigInteger(a, 16).toByteArray(); - params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256"); - client = new LeapSRPSession(username, password, params, a_byte); + client = new LeapSRPSession(username, password, a_byte); x = client.calculatePasswordHash(username, password, trim(new BigInteger(salt, 16).toByteArray())); assertTrue(Arrays.equals(x, expected_x)); @@ -510,8 +497,7 @@ public class testLeapSRPSession extends TestCase { expected_M2 = trim(new BigInteger("d78da7e0a23c9b87a2f09cdee05c510c105b4a8d471b47402c38f4cdfa49fe6d", 16).toByteArray()); a_byte = new BigInteger(a, 16).toByteArray(); - params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256"); - client = new LeapSRPSession(username, password, params, a_byte); + client = new LeapSRPSession(username, password, a_byte); x = client.calculatePasswordHash(username, password, trim(new BigInteger(salt, 16).toByteArray())); assertTrue(Arrays.equals(x, expected_x)); @@ -541,8 +527,7 @@ public class testLeapSRPSession extends TestCase { expected_M2 = trim(new BigInteger("a382025452bad8a6ccd0f703253fda90e7ea7bd0c2d466a389455080a4bd015d", 16).toByteArray()); a_byte = new BigInteger(a, 16).toByteArray(); - params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256"); - client = new LeapSRPSession(username, password, params, a_byte); + client = new LeapSRPSession(username, password, a_byte); x = client.calculatePasswordHash(username, password, trim(new BigInteger(salt, 16).toByteArray())); assertTrue(Arrays.equals(x, expected_x)); @@ -572,8 +557,7 @@ public class testLeapSRPSession extends TestCase { expected_M2 = trim(new BigInteger("9e99f9adfbfaa7add3626ed6e6aea94c9fa60dab6b8d56ad0cc950548f577d32", 16).toByteArray()); a_byte = new BigInteger(a, 16).toByteArray(); - params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256"); - client = new LeapSRPSession(username, password, params, a_byte); + client = new LeapSRPSession(username, password, a_byte); x = client.calculatePasswordHash(username, password, trim(new BigInteger(salt, 16).toByteArray())); assertTrue(Arrays.equals(x, expected_x)); @@ -603,8 +587,7 @@ public class testLeapSRPSession extends TestCase { expected_M2 = trim(new BigInteger("ffccafa0febc1771a428082b30b7ce409856de4581c7d7d986f5b80015aba0d3", 16).toByteArray()); a_byte = new BigInteger(a, 16).toByteArray(); - params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), new BigInteger(salt, 16).toByteArray(), "SHA-256"); - client = new LeapSRPSession(username, password, params, a_byte); + client = new LeapSRPSession(username, password, a_byte); x = client.calculatePasswordHash(username, password, trim(new BigInteger(salt, 16).toByteArray())); assertTrue(Arrays.equals(x, expected_x)); @@ -626,8 +609,7 @@ public class testLeapSRPSession extends TestCase { String password = "holahola2"; byte[] salt = new BigInteger("67e8348d1500d26c", 16).toByteArray(); - SRPParameters params = new SRPParameters(new BigInteger(ConfigHelper.NG_1024, 16).toByteArray(), new BigInteger("2").toByteArray(), salt, "SHA-256"); - LeapSRPSession client = new LeapSRPSession(username, password, params); + LeapSRPSession client = new LeapSRPSession(username, password); String expected_v = "12bea84e588ffa2f8fc5ae47cb5e751a8f2d9e8125268ad9ab483eff83f98cb08484350eb478bee582b8b72363ff8e7b12e9f332e86f7a0bd77689927c609d275471c6ad2cff8b1e7bbfc3664169c3b7bccb0b974154c1f1656b64274568015ca1b849c9d9890ae4437ed686341b432340809b81c30727ed2aadea8bdec6d101"; diff --git a/app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java b/app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java index ddd36d7c..03cbda0c 100644 --- a/app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java +++ b/app/src/debug/java/se/leap/bitmaskclient/ProviderAPI.java @@ -925,7 +925,6 @@ public class ProviderAPI extends IntentService { certificateString = Base64.encodeToString( certCert.getEncoded(), Base64.DEFAULT); preferences.edit().putString(Constants.CERTIFICATE, "-----BEGIN CERTIFICATE-----\n"+certificateString+"-----END CERTIFICATE-----").commit(); - preferences.edit().putString(Constants.DATE_FROM_CERTIFICATE, EIP.certificate_date_format.format(Calendar.getInstance().getTime())).commit(); return true; } catch (CertificateException e) { diff --git a/app/src/main/AndroidManifest.xml b/app/src/main/AndroidManifest.xml index d5081b8d..61f2a63b 100644 --- a/app/src/main/AndroidManifest.xml +++ b/app/src/main/AndroidManifest.xml @@ -36,7 +36,7 @@ android:label="@string/app" > @@ -62,7 +62,7 @@ + android:name="se.leap.bitmaskclient.eip.VoidVpnLauncher" /> @@ -99,11 +99,11 @@ android:label="@string/title_about_activity" > - + - - - + + + diff --git a/app/src/main/java/se/leap/bitmaskclient/Dashboard.java b/app/src/main/java/se/leap/bitmaskclient/Dashboard.java index 473cd5ec..e4e575e4 100644 --- a/app/src/main/java/se/leap/bitmaskclient/Dashboard.java +++ b/app/src/main/java/se/leap/bitmaskclient/Dashboard.java @@ -42,6 +42,7 @@ public class Dashboard extends Activity implements LogInDialog.LogInDialogInterf protected static final int CONFIGURE_LEAP = 0; protected static final int SWITCH_PROVIDER = 1; + final public static String TAG = Dashboard.class.getSimpleName(); final public static String SHARED_PREFERENCES = "LEAPPreferences"; final public static String ACTION_QUIT = "quit"; public static final String REQUEST_CODE = "request_code"; @@ -49,21 +50,19 @@ public class Dashboard extends Activity implements LogInDialog.LogInDialogInterf public static final String START_ON_BOOT = "dashboard start on boot"; final public static String ON_BOOT = "dashboard on boot"; public static final String APP_VERSION = "bitmask version"; - final public static String TAG = Dashboard.class.getSimpleName(); - + private static Context app; + protected static SharedPreferences preferences; + private FragmentManagerEnhanced fragment_manager; + private EipServiceFragment eipFragment; - private ProgressBar mProgressBar; - private TextView eipStatus; - private static Context app; - protected static SharedPreferences preferences; - private static Provider provider; - - private boolean authed_eip = false; - + private ProgressBar mProgressBar; + private TextView eipStatus; public ProviderAPIResultReceiver providerAPI_result_receiver; - private FragmentManagerEnhanced fragment_manager; + private static Provider provider; + private static boolean authed_eip; + @Override protected void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); @@ -78,11 +77,11 @@ public class Dashboard extends Activity implements LogInDialog.LogInDialogInterf fragment_manager = new FragmentManagerEnhanced(getFragmentManager()); handleVersion(); - authed_eip = preferences.getBoolean(Constants.AUTHED_EIP, false); - if (preferences.getString(Provider.KEY, "").isEmpty()) - startActivityForResult(new Intent(this,ConfigurationWizard.class),CONFIGURE_LEAP); - else - buildDashboard(getIntent().getBooleanExtra(ON_BOOT, false)); + boolean provider_configured = preferences.getString(Constants.KEY, "").isEmpty(); + if (provider_configured) + startActivityForResult(new Intent(this,ConfigurationWizard.class),CONFIGURE_LEAP); + else + buildDashboard(getIntent().getBooleanExtra(ON_BOOT, false)); } private void handleVersion() { diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/Constants.java b/app/src/main/java/se/leap/bitmaskclient/eip/Constants.java index 719fff6d..3b43282b 100644 --- a/app/src/main/java/se/leap/bitmaskclient/eip/Constants.java +++ b/app/src/main/java/se/leap/bitmaskclient/eip/Constants.java @@ -37,9 +37,9 @@ public interface Constants { public final static String EIP_NOTIFICATION = TAG + ".EIP_NOTIFICATION"; public final static String STATUS = TAG + ".STATUS"; public final static String DATE_FROM_CERTIFICATE = TAG + ".DATE_FROM_CERTIFICATE"; - public final static String ALLOWED_ANON = TAG + ".ALLOW_ANONYMOUS"; - public final static String ALLOWED_REGISTERED = TAG + ".ALLOW_REGISTRATION"; - public final static String CERTIFICATE = TAG + ".CERTIFICATE"; + public final static String ALLOWED_ANON = "allow_anonymous"; + public final static String ALLOWED_REGISTERED = "allow_registration"; + public final static String CERTIFICATE = "cert"; public final static String PRIVATE_KEY = TAG + ".PRIVATE_KEY"; public final static String KEY = TAG + ".KEY"; public final static String PARSED_SERIAL = TAG + ".PARSED_SERIAL"; diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/EIP.java b/app/src/main/java/se/leap/bitmaskclient/eip/EIP.java index b668ce64..92eba23c 100644 --- a/app/src/main/java/se/leap/bitmaskclient/eip/EIP.java +++ b/app/src/main/java/se/leap/bitmaskclient/eip/EIP.java @@ -51,20 +51,19 @@ public final class EIP extends IntentService { private static SharedPreferences preferences; - private static Context context; - private static ResultReceiver mReceiver; - private static boolean mBound = false; + private static Context context; + private static ResultReceiver mReceiver; + private static boolean mBound = false; - private static JSONObject eipDefinition = null; + private static int parsedEipSerial; + private static JSONObject eip_definition = null; - private static OVPNGateway activeGateway = null; + private static OVPNGateway activeGateway = null; public static VpnStatus.ConnectionStatus lastConnectionStatusLevel; public static boolean mIsDisconnecting = false; public static boolean mIsStarting = false; - public static SimpleDateFormat certificate_date_format = new SimpleDateFormat("yyyy-MM-dd HH:mm", Locale.US); - public EIP(){ super("LEAPEIP"); } @@ -76,6 +75,7 @@ public final class EIP extends IntentService { context = getApplicationContext(); preferences = getSharedPreferences(Dashboard.SHARED_PREFERENCES, MODE_PRIVATE); + refreshEipDefinition(); } @Override @@ -113,8 +113,10 @@ public final class EIP extends IntentService { */ private void startEIP() { earlyRoutes(); - activeGateway = selectGateway(); - + GatewaySelector gateway_selector = new GatewaySelector(eip_definition); + String selected_gateway = gateway_selector.select(); + + activeGateway = new OVPNGateway(selected_gateway); if(activeGateway != null && activeGateway.mVpnProfile != null) { mReceiver = EipServiceFragment.getReceiver(); launchActiveGateway(); @@ -131,93 +133,6 @@ public final class EIP extends IntentService { startActivity(void_vpn_launcher); } - /** - * Choose a gateway to connect to based on timezone from system locale data - * - * @return The gateway to connect to - */ - private OVPNGateway selectGateway() { - String closest_location = closestGateway(); - String chosen_host = chooseHost(closest_location); - - return new OVPNGateway(chosen_host); - } - - private String closestGateway() { - TreeMap> offsets = calculateOffsets(); - return offsets.isEmpty() ? "" : offsets.firstEntry().getValue().iterator().next(); - } - - private TreeMap> calculateOffsets() { - TreeMap> offsets = new TreeMap>(); - - int localOffset = Calendar.getInstance().get(Calendar.ZONE_OFFSET) / 3600000; - - JSONObject locations = availableLocations(); - Iterator locations_names = locations.keys(); - while(locations_names.hasNext()) { - try { - String location_name = locations_names.next(); - JSONObject location = locations.getJSONObject(location_name); - - int dist = timezoneDistance(localOffset, location.optInt("timezone")); - - Set set = (offsets.get(dist) != null) ? - offsets.get(dist) : new HashSet(); - - set.add(location_name); - offsets.put(dist, set); - } catch (JSONException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - } - - return offsets; - } - - private JSONObject availableLocations() { - JSONObject locations = null; - try { - if(eipDefinition == null) updateEIPService(); - locations = eipDefinition.getJSONObject("locations"); - } catch (JSONException e1) { - // TODO Auto-generated catch block - e1.printStackTrace(); - } - - return locations; - } - - private int timezoneDistance(int local_timezone, int remote_timezone) { - // Distance along the numberline of Prime Meridian centric, assumes UTC-11 through UTC+12 - int dist = Math.abs(local_timezone - remote_timezone); - - // Farther than 12 timezones and it's shorter around the "back" - if (dist > 12) - dist = 12 - (dist -12); // Well i'll be. Absolute values make equations do funny things. - - return dist; - } - - private String chooseHost(String location) { - String chosen_host = ""; - try { - JSONArray gateways = eipDefinition.getJSONArray("gateways"); - for (int i = 0; i < gateways.length(); i++) { - JSONObject gw = gateways.getJSONObject(i); - if ( gw.getString("location").equalsIgnoreCase(location) || location.isEmpty()){ - chosen_host = eipDefinition.getJSONObject("locations").getJSONObject(gw.getString("location")).getString("name"); - break; - } - } - } catch (JSONException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - return chosen_host; - } - private void launchActiveGateway() { Intent intent = new Intent(this,LaunchVPN.class); intent.setAction(Intent.ACTION_MAIN); @@ -292,7 +207,22 @@ public final class EIP extends IntentService { e.printStackTrace(); } } + if (eip_definition != null && eip_definition.optInt("serial") >= parsedEipSerial) + updateGateways(); + } + private void refreshEipDefinition() { + try { + String eip_definition_string = preferences.getString(KEY, ""); + if(!eip_definition_string.isEmpty()) { + eip_definition = new JSONObject(eip_definition_string); + } + } catch (JSONException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + } + private void deleteAllVpnProfiles() { ProfileManager vpl = ProfileManager.getInstance(context); Collection profiles = vpl.getProfiles(); @@ -307,8 +237,8 @@ public final class EIP extends IntentService { private void updateGateways(){ JSONArray gatewaysDefined = null; try { - if(eipDefinition == null) updateEIPService(); - gatewaysDefined = eipDefinition.getJSONArray("gateways"); + if(eip_definition == null) updateEIPService(); + gatewaysDefined = eip_definition.getJSONArray("gateways"); for ( int i=0 ; i < gatewaysDefined.length(); i++ ){ JSONObject gw = null; gw = gatewaysDefined.getJSONObject(i); @@ -320,52 +250,18 @@ public final class EIP extends IntentService { // TODO Auto-generated catch block e.printStackTrace(); } - preferences.edit().putInt(PARSED_SERIAL, eipDefinition.optInt(Provider.API_RETURN_SERIAL)).commit(); + preferences.edit().putInt(PARSED_SERIAL, eip_definition.optInt(Provider.API_RETURN_SERIAL)).commit(); } private void checkCertValidity() { - String certificate = preferences.getString(CERTIFICATE, ""); - checkCertValidity(certificate); - } - - private void checkCertValidity(String certificate_string) { - if(!certificate_string.isEmpty()) { - X509Certificate certificate = ConfigHelper.parseX509CertificateFromString(certificate_string); - - Calendar offset_date = calculateOffsetCertificateValidity(certificate); - Bundle result = new Bundle(); - result.putString(REQUEST_TAG, ACTION_CHECK_CERT_VALIDITY); - try { - Log.d(TAG, "offset_date = " + offset_date.getTime().toString()); - certificate.checkValidity(offset_date.getTime()); - mReceiver.send(Activity.RESULT_OK, result); - Log.d(TAG, "Valid certificate"); - } catch(CertificateExpiredException e) { - mReceiver.send(Activity.RESULT_CANCELED, result); - Log.d(TAG, "Updating certificate"); - } catch(CertificateNotYetValidException e) { - mReceiver.send(Activity.RESULT_CANCELED, result); - } - } - } - - private Calendar calculateOffsetCertificateValidity(X509Certificate certificate) { - String current_date = certificate_date_format.format(Calendar.getInstance().getTime()).toString(); - - String date_string = preferences.getString(DATE_FROM_CERTIFICATE, current_date); - - Calendar offset_date = Calendar.getInstance(); - try { - Date date = certificate_date_format.parse(date_string); - long difference = Math.abs(date.getTime() - certificate.getNotAfter().getTime())/2; - long current_date_millis = offset_date.getTimeInMillis(); - offset_date.setTimeInMillis(current_date_millis + difference); - Log.d(TAG, "certificate not after = " + certificate.getNotAfter()); - } catch(ParseException e) { - e.printStackTrace(); - } - - return offset_date; + Bundle result = new Bundle(); + result.putString(REQUEST_TAG, ACTION_CHECK_CERT_VALIDITY); + + VpnCertificateValidator validator = new VpnCertificateValidator(); + if(validator.isValid(preferences.getString(CERTIFICATE, ""))) + mReceiver.send(Activity.RESULT_OK, result); + else + mReceiver.send(Activity.RESULT_CANCELED, result); } /** @@ -449,7 +345,7 @@ public final class EIP extends IntentService { try { ConfigParser cp = new ConfigParser(); - JSONObject openvpn_configuration = eipDefinition.getJSONObject("openvpn_configuration"); + JSONObject openvpn_configuration = eip_definition.getJSONObject("openvpn_configuration"); VpnConfigGenerator vpn_configuration_generator = new VpnConfigGenerator(preferences, openvpn_configuration, mGateway); String configuration = vpn_configuration_generator.generate(); @@ -475,7 +371,7 @@ public final class EIP extends IntentService { public String locationAsName() { try { - return eipDefinition.getJSONObject("locations").getJSONObject(mGateway.getString("location")).getString("name"); + return eip_definition.getJSONObject("locations").getJSONObject(mGateway.getString("location")).getString("name"); } catch (JSONException e) { Log.v(TAG,"Couldn't read gateway name for profile creation! Returning original name = " + mName); e.printStackTrace(); diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java b/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java new file mode 100644 index 00000000..a5f04368 --- /dev/null +++ b/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java @@ -0,0 +1,59 @@ +/** + * Copyright (c) 2013 LEAP Encryption Access Project and contributers + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ +package se.leap.bitmaskclient.eip; + +import android.util.Log; +import java.util.*; +import java.security.cert.*; +import java.text.*; + +import se.leap.bitmaskclient.ConfigHelper; +import static se.leap.bitmaskclient.eip.Constants.*; + +public class VpnCertificateValidator { + public final static String TAG = VpnCertificateValidator.class.getSimpleName(); + + public boolean isValid(String certificate) { + if(!certificate.isEmpty()) { + X509Certificate certificate_x509 = ConfigHelper.parseX509CertificateFromString(certificate); + return isValid(certificate_x509); + } else return false; + } + + private boolean isValid(X509Certificate certificate) { + Calendar offset_date = calculateOffsetCertificateValidity(certificate); + try { + Log.d(TAG, "offset_date = " + offset_date.getTime().toString()); + certificate.checkValidity(offset_date.getTime()); + return true; + } catch(CertificateExpiredException e) { + return false; + } catch(CertificateNotYetValidException e) { + return false; + } + } + + private Calendar calculateOffsetCertificateValidity(X509Certificate certificate) { + Log.d(TAG, "certificate not after = " + certificate.getNotAfter()); + long preventive_time = Math.abs(certificate.getNotBefore().getTime() - certificate.getNotAfter().getTime())/2; + long current_date_millis = Calendar.getInstance().getTimeInMillis(); + + Calendar limit_date = Calendar.getInstance(); + limit_date.setTimeInMillis(current_date_millis + preventive_time); + return limit_date; + } +} -- cgit v1.2.3