From 3a409ed35f0f26644d99b8704801103de8783864 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Parm=C3=A9nides=20GV?= Date: Sat, 2 Apr 2016 12:40:10 +0200 Subject: Update ics-openvpn --- .../main/java/de/blinkt/openvpn/VpnProfile.java | 159 +++++++++++---------- 1 file changed, 84 insertions(+), 75 deletions(-) (limited to 'app/src/main/java/de/blinkt/openvpn/VpnProfile.java') diff --git a/app/src/main/java/de/blinkt/openvpn/VpnProfile.java b/app/src/main/java/de/blinkt/openvpn/VpnProfile.java index dbe4b440..38d76f68 100644 --- a/app/src/main/java/de/blinkt/openvpn/VpnProfile.java +++ b/app/src/main/java/de/blinkt/openvpn/VpnProfile.java @@ -64,7 +64,7 @@ public class VpnProfile implements Serializable, Cloneable { // The Serializable documentation mentions that class name change are possible // but the how is unclear // - transient public static final long MAX_EMBED_FILE_SIZE = 2048*1024; // 2048kB + transient public static final long MAX_EMBED_FILE_SIZE = 2048 * 1024; // 2048kB // Don't change this, not all parts of the program use this constant public static final String EXTRA_PROFILEUUID = "de.blinkt.openvpn.profileUUID"; public static final String INLINE_TAG = "[[INLINE]]"; @@ -150,18 +150,23 @@ public class VpnProfile implements Serializable, Cloneable { private int mProfileVersion; public String mExcludedRoutes; public String mExcludedRoutesv6; - public int mMssFix =0; // -1 is default, + public int mMssFix = 0; // -1 is default, public Connection[] mConnections = new Connection[0]; - public boolean mRemoteRandom=false; + public boolean mRemoteRandom = false; public HashSet mAllowedAppsVpn = new HashSet<>(); public boolean mAllowedAppsVpnAreDisallowed = true; + + public String mCrlFilename; public String mProfileCreator; - /* Options no long used in new profiles */ + + public boolean mPushPeerInfo = false; + public static final boolean mIsOpenVPN22 = false; + + /* Options no longer used in new profiles */ public String mServerName = "openvpn.blinkt.de"; public String mServerPort = "1194"; public boolean mUseUdp = true; - public boolean mPushPeerInfo=false; public VpnProfile(String name) { mUuid = UUID.randomUUID(); @@ -169,7 +174,7 @@ public class VpnProfile implements Serializable, Cloneable { mProfileVersion = CURRENT_PROFILE_VERSION; mConnections = new Connection[1]; - mConnections[0] = new Connection(); + mConnections[0] = new Connection(); } public static String openVpnEscape(String unescaped) { @@ -197,7 +202,7 @@ public class VpnProfile implements Serializable, Cloneable { mCheckRemoteCN = false; mPersistTun = false; mAllowLocalLAN = true; - mPushPeerInfo =false; + mPushPeerInfo = false; mMssFix = 0; } @@ -207,33 +212,33 @@ public class VpnProfile implements Serializable, Cloneable { } public String getName() { - if (mName==null) + if (mName == null) return "No profile name"; return mName; } - public void upgradeProfile(){ - if(mProfileVersion< 2) { + public void upgradeProfile() { + if (mProfileVersion < 2) { /* default to the behaviour the OS used */ mAllowLocalLAN = Build.VERSION.SDK_INT < Build.VERSION_CODES.KITKAT; } if (mProfileVersion < 4) { moveOptionsToConnection(); - mAllowedAppsVpnAreDisallowed=true; + mAllowedAppsVpnAreDisallowed = true; } - if (mAllowedAppsVpn==null) + if (mAllowedAppsVpn == null) mAllowedAppsVpn = new HashSet<>(); - if (mConnections ==null) + if (mConnections == null) mConnections = new Connection[0]; if (mProfileVersion < 6) { if (TextUtils.isEmpty(mProfileCreator)) - mUserEditable=true; + mUserEditable = true; } - mProfileVersion= CURRENT_PROFILE_VERSION; + mProfileVersion = CURRENT_PROFILE_VERSION; } @@ -271,7 +276,7 @@ public class VpnProfile implements Serializable, Cloneable { cfg += String.format("setenv IV_GUI_VER %s \n", openVpnEscape(getVersionEnvString(context))); String versionString = String.format("%d %s %s %s %s %s", Build.VERSION.SDK_INT, Build.VERSION.RELEASE, NativeUtils.getNativeAPI(), Build.BRAND, Build.BOARD, Build.MODEL); - cfg += String.format("setenv IV_PLAT_VER %s\n", openVpnEscape(versionString)) ; + cfg += String.format("setenv IV_PLAT_VER %s\n", openVpnEscape(versionString)); } cfg += "machine-readable-output\n"; @@ -304,7 +309,8 @@ public class VpnProfile implements Serializable, Cloneable { mConnectRetry = "5"; - cfg += "connect-retry " + mConnectRetry + "\n"; + if (!mIsOpenVPN22 || !mUseUdp) + cfg += "connect-retry " + mConnectRetry + "\n"; cfg += "resolv-retry 60\n"; @@ -315,7 +321,7 @@ public class VpnProfile implements Serializable, Cloneable { boolean canUsePlainRemotes = true; - if (mConnections.length==1) { + if (mConnections.length == 1) { cfg += mConnections[0].getConnectionBlock(); } else { for (Connection conn : mConnections) { @@ -323,7 +329,7 @@ public class VpnProfile implements Serializable, Cloneable { } if (mRemoteRandom) - cfg+="remote-random\n"; + cfg += "remote-random\n"; if (canUsePlainRemotes) { for (Connection conn : mConnections) { @@ -378,6 +384,9 @@ public class VpnProfile implements Serializable, Cloneable { cfg += insertFileData("ca", mCaFilename); } + if (!TextUtils.isEmpty(mCrlFilename)) + cfg += insertFileData("crl-verify", mCrlFilename); + if (mUseLzo) { cfg += "comp-lzo\n"; } @@ -411,13 +420,12 @@ public class VpnProfile implements Serializable, Cloneable { if (mUseDefaultRoute) routes += "route 0.0.0.0 0.0.0.0 vpn_gateway\n"; - else - { + else { for (String route : getCustomRoutes(mCustomRoutes)) { routes += "route " + route + " vpn_gateway\n"; } - for (String route: getCustomRoutes(mExcludedRoutes)) { + for (String route : getCustomRoutes(mExcludedRoutes)) { routes += "route " + route + " net_gateway\n"; } } @@ -442,11 +450,11 @@ public class VpnProfile implements Serializable, Cloneable { } - if (mMssFix !=0){ - if (mMssFix!=1450) { + if (mMssFix != 0) { + if (mMssFix != 1450) { cfg += String.format("mssfix %d\n", mMssFix, Locale.US); } else - cfg+="mssfix\n"; + cfg += "mssfix\n"; } if (mNobind) @@ -507,11 +515,11 @@ public class VpnProfile implements Serializable, Cloneable { } if (mPushPeerInfo) - cfg+="push-peer-info\n"; + cfg += "push-peer-info\n"; SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(context); boolean usesystemproxy = prefs.getBoolean("usesystemproxy", true); - if (usesystemproxy) { + if (usesystemproxy && !mIsOpenVPN22) { cfg += "# Use system proxy setting\n"; cfg += "management-query-proxy\n"; } @@ -537,8 +545,6 @@ public class VpnProfile implements Serializable, Cloneable { } - - return cfg; } @@ -557,8 +563,7 @@ public class VpnProfile implements Serializable, Cloneable { //! Put inline data inline and other data as normal escaped filename public static String insertFileData(String cfgentry, String filedata) { if (filedata == null) { - // TODO: generate good error - return String.format("%s %s\n", cfgentry, "missing"); + return String.format("%s %s\n", cfgentry, "file missing in config profile"); } else if (isEmbedded(filedata)) { String dataWithOutHeader = getEmbeddedContent(filedata); return String.format(Locale.ENGLISH, "<%s>\n%s\n\n", cfgentry, dataWithOutHeader, cfgentry); @@ -629,39 +634,32 @@ public class VpnProfile implements Serializable, Cloneable { } - - public Intent prepareStartService(Context context) { Intent intent = getStartServiceIntent(context); + // TODO: Handle this?! +// if (mAuthenticationType == VpnProfile.TYPE_KEYSTORE || mAuthenticationType == VpnProfile.TYPE_USERPASS_KEYSTORE) { +// if (getKeyStoreCertificates(context) == null) +// return null; +// } - if (mAuthenticationType == VpnProfile.TYPE_KEYSTORE || mAuthenticationType == VpnProfile.TYPE_USERPASS_KEYSTORE) { - if (getKeyStoreCertificates(context) == null) - return null; - } - + return intent; + } - try { - FileWriter cfg = new FileWriter(VPNLaunchHelper.getConfigFilePath(context)); - cfg.write(getConfigFile(context, false)); - cfg.flush(); - cfg.close(); - } catch (IOException e) { - VpnStatus.logException(e); - } + public void writeConfigFile(Context context) throws IOException { + FileWriter cfg = new FileWriter(VPNLaunchHelper.getConfigFilePath(context)); + cfg.write(getConfigFile(context, false)); + cfg.flush(); + cfg.close(); - return intent; } public Intent getStartServiceIntent(Context context) { String prefix = context.getPackageName(); Intent intent = new Intent(context, OpenVPNService.class); - intent.putExtra(prefix + ".ARGV", VPNLaunchHelper.buildOpenvpnArgv(context)); intent.putExtra(prefix + ".profileUUID", mUuid.toString()); - ApplicationInfo info = context.getApplicationInfo(); - intent.putExtra(prefix + ".nativelib", info.nativeLibraryDir); return intent; } @@ -672,11 +670,10 @@ public class VpnProfile implements Serializable, Cloneable { public static String getDisplayName(String embeddedFile) { int start = DISPLAYNAME_TAG.length(); int end = embeddedFile.indexOf(INLINE_TAG); - return embeddedFile.substring(start,end); + return embeddedFile.substring(start, end); } - public static String getEmbeddedContent(String data) - { + public static String getEmbeddedContent(String data) { if (!data.contains(INLINE_TAG)) return data; @@ -685,7 +682,7 @@ public class VpnProfile implements Serializable, Cloneable { } public static boolean isEmbedded(String data) { - if (data==null) + if (data == null) return false; if (data.startsWith(INLINE_TAG) || data.startsWith(DISPLAYNAME_TAG)) return true; @@ -697,8 +694,8 @@ public class VpnProfile implements Serializable, Cloneable { /* This method is called when OpenVPNService is restarted */ if ((mAuthenticationType == VpnProfile.TYPE_KEYSTORE || mAuthenticationType == VpnProfile.TYPE_USERPASS_KEYSTORE) - && mPrivateKey==null) { - new Thread( new Runnable() { + && mPrivateKey == null) { + new Thread(new Runnable() { @Override public void run() { getKeyStoreCertificates(context); @@ -713,9 +710,9 @@ public class VpnProfile implements Serializable, Cloneable { VpnProfile copy = (VpnProfile) super.clone(); copy.mUuid = UUID.randomUUID(); copy.mConnections = new Connection[mConnections.length]; - int i=0; - for (Connection conn: mConnections) { - copy.mConnections[i++]=conn.clone(); + int i = 0; + for (Connection conn : mConnections) { + copy.mConnections[i++] = conn.clone(); } copy.mAllowedAppsVpn = (HashSet) mAllowedAppsVpn.clone(); return copy; @@ -735,12 +732,12 @@ public class VpnProfile implements Serializable, Cloneable { class NoCertReturnedException extends Exception { - public NoCertReturnedException (String msg) { + public NoCertReturnedException(String msg) { super(msg); } } - synchronized String[] getKeyStoreCertificates(Context context,int tries) { + synchronized String[] getKeyStoreCertificates(Context context, int tries) { try { PrivateKey privateKey = KeyChain.getPrivateKey(context, mAlias); mPrivateKey = privateKey; @@ -749,7 +746,7 @@ public class VpnProfile implements Serializable, Cloneable { X509Certificate[] caChain = KeyChain.getCertificateChain(context, mAlias); - if(caChain == null) + if (caChain == null) throw new NoCertReturnedException("No certificate returned from Keystore"); if (caChain.length <= 1 && TextUtils.isEmpty(mCaFilename)) { @@ -774,10 +771,10 @@ public class VpnProfile implements Serializable, Cloneable { StringWriter caoutWriter = new StringWriter(); PemWriter pw = new PemWriter(caoutWriter); - for (Certificate cert: cacerts) + for (Certificate cert : cacerts) pw.writeObject(new PemObject("CERTIFICATE", cert.getEncoded())); pw.close(); - caout= caoutWriter.toString(); + caout = caoutWriter.toString(); } catch (Exception e) { VpnStatus.logError("Could not read CA certificate" + e.getLocalizedMessage()); @@ -800,12 +797,12 @@ public class VpnProfile implements Serializable, Cloneable { String ca, extra; - if(caout==null) { - ca =keystoreChain; - extra=null; + if (caout == null) { + ca = keystoreChain; + extra = null; } else { ca = caout; - extra=keystoreChain; + extra = keystoreChain; } return new String[]{ca, extra, user}; @@ -823,15 +820,15 @@ public class VpnProfile implements Serializable, Cloneable { return null; } catch (AssertionError e) { - if (tries ==0) + if (tries == 0) return null; - VpnStatus.logError(String.format("Failure getting Keystore Keys (%s), retrying",e.getLocalizedMessage())); + VpnStatus.logError(String.format("Failure getting Keystore Keys (%s), retrying", e.getLocalizedMessage())); try { Thread.sleep(3000); } catch (InterruptedException e1) { VpnStatus.logException(e1); } - return getKeyStoreCertificates(context, tries-1); + return getKeyStoreCertificates(context, tries - 1); } } @@ -848,20 +845,32 @@ public class VpnProfile implements Serializable, Cloneable { return R.string.ipv4_format_error; } if (!mUseDefaultRoute) { - if (!TextUtils.isEmpty(mCustomRoutes) && getCustomRoutes(mCustomRoutes).size() == 0 ) + if (!TextUtils.isEmpty(mCustomRoutes) && getCustomRoutes(mCustomRoutes).size() == 0) return R.string.custom_route_format_error; - if (!TextUtils.isEmpty(mExcludedRoutes) && getCustomRoutes(mExcludedRoutes).size() == 0 ) + if (!TextUtils.isEmpty(mExcludedRoutes) && getCustomRoutes(mExcludedRoutes).size() == 0) return R.string.custom_route_format_error; } + if (mUseTLSAuth && TextUtils.isEmpty(mTLSAuthFilename)) + return R.string.missing_tlsauth; + + if ((mAuthenticationType == TYPE_USERPASS_CERTIFICATES || mAuthenticationType == TYPE_CERTIFICATES) + && (TextUtils.isEmpty(mClientCertFilename) || TextUtils.isEmpty(mClientKeyFilename))) + return R.string.missing_certificates; + + if ((mAuthenticationType == TYPE_CERTIFICATES || mAuthenticationType == TYPE_USERPASS_CERTIFICATES) + && TextUtils.isEmpty(mCaFilename)) + return R.string.missing_ca_certificate; + + boolean noRemoteEnabled = true; for (Connection c : mConnections) if (c.mEnabled) noRemoteEnabled = false; - if(noRemoteEnabled) + if (noRemoteEnabled) return R.string.remote_no_server_selected; // Everything okay @@ -956,7 +965,7 @@ public class VpnProfile implements Serializable, Cloneable { if (isUserPWAuth() && (TextUtils.isEmpty(mUsername) || - (TextUtils.isEmpty(mPassword) && (mTransientPW == null || ignoreTransient)))) { + (TextUtils.isEmpty(mPassword) && (mTransientPW == null || ignoreTransient)))) { return R.string.password; } return 0; -- cgit v1.2.3