From 8f7146a89fba31bcb9a204415a38e796cfa7d403 Mon Sep 17 00:00:00 2001 From: cyBerta Date: Fri, 14 Jun 2019 18:18:18 +0200 Subject: * refactor vpn profile generation * fix lzo-comp flag parsing in ConfigParser --- .../main/java/de/blinkt/openvpn/VpnProfile.java | 25 ++++---- .../java/de/blinkt/openvpn/core/ConfigParser.java | 43 +++++++------ .../de/blinkt/openvpn/core/OpenVPNService.java | 9 +-- .../blinkt/openvpn/core/connection/Connection.java | 16 ++++- .../openvpn/core/connection/Obfs4Connection.java | 74 ++++++++-------------- 5 files changed, 77 insertions(+), 90 deletions(-) (limited to 'app/src/main/java/de/blinkt/openvpn') diff --git a/app/src/main/java/de/blinkt/openvpn/VpnProfile.java b/app/src/main/java/de/blinkt/openvpn/VpnProfile.java index 9f18b8ed..dc12c6a8 100644 --- a/app/src/main/java/de/blinkt/openvpn/VpnProfile.java +++ b/app/src/main/java/de/blinkt/openvpn/VpnProfile.java @@ -5,11 +5,6 @@ package de.blinkt.openvpn; -import de.blinkt.openvpn.core.connection.Connection; -import de.blinkt.openvpn.core.connection.OpenvpnConnection; -import se.leap.bitmaskclient.R; -import se.leap.bitmaskclient.BuildConfig; - import android.annotation.SuppressLint; import android.content.Context; import android.content.Intent; @@ -58,7 +53,6 @@ import javax.crypto.Cipher; import javax.crypto.IllegalBlockSizeException; import javax.crypto.NoSuchPaddingException; -import de.blinkt.openvpn.core.Connection; import de.blinkt.openvpn.core.ExtAuthHelper; import de.blinkt.openvpn.core.NativeUtils; import de.blinkt.openvpn.core.OpenVPNService; @@ -68,9 +62,13 @@ import de.blinkt.openvpn.core.Preferences; import de.blinkt.openvpn.core.VPNLaunchHelper; import de.blinkt.openvpn.core.VpnStatus; import de.blinkt.openvpn.core.X509Utils; +import de.blinkt.openvpn.core.connection.Connection; +import de.blinkt.openvpn.core.connection.Obfs4Connection; +import de.blinkt.openvpn.core.connection.OpenvpnConnection; import se.leap.bitmaskclient.BuildConfig; import se.leap.bitmaskclient.R; +import static de.blinkt.openvpn.core.connection.Connection.TransportType.OBFS4; import static se.leap.bitmaskclient.Constants.PROVIDER_PROFILE; public class VpnProfile implements Serializable, Cloneable { @@ -121,7 +119,7 @@ public class VpnProfile implements Serializable, Cloneable { public String mTLSAuthFilename; public String mClientKeyFilename; public String mCaFilename; - public boolean mUseLzo = true; + public boolean mUseLzo = false; public String mPKCS12Filename; public String mPKCS12Password; public boolean mUseTLSAuth = false; @@ -186,16 +184,16 @@ public class VpnProfile implements Serializable, Cloneable { // set members to default values private UUID mUuid; private int mProfileVersion; + public boolean mUsePluggableTransports; - - public VpnProfile(String name) { + public VpnProfile(String name, Connection.TransportType transportType) { mUuid = UUID.randomUUID(); mName = name; mProfileVersion = CURRENT_PROFILE_VERSION; mConnections = new Connection[1]; - mConnections[0] = new OpenvpnConnection(); mLastUsed = System.currentTimeMillis(); + mUsePluggableTransports = transportType == OBFS4; } public static String openVpnEscape(String unescaped) { @@ -297,6 +295,7 @@ public class VpnProfile implements Serializable, Cloneable { return mName; } + @Deprecated public void upgradeProfile() { if (mProfileVersion < 2) { /* default to the behaviour the OS used */ @@ -327,9 +326,10 @@ public class VpnProfile implements Serializable, Cloneable { } + @Deprecated private void moveOptionsToConnection() { mConnections = new Connection[1]; - Connection conn = new OpenvpnConnection(); + Connection conn = mUsePluggableTransports ? new Obfs4Connection() : new OpenvpnConnection(); conn.setServerName(mServerName); conn.setServerPort(mServerPort); @@ -499,7 +499,8 @@ public class VpnProfile implements Serializable, Cloneable { if (!TextUtils.isEmpty(mCrlFilename)) cfg.append(insertFileData("crl-verify", mCrlFilename)); - if (mUseLzo) { + // compression does not work in conjunction with shapeshifter-dispatcher so far + if (mUseLzo && !mUsePluggableTransports) { cfg.append("comp-lzo\n"); } diff --git a/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java b/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java index 0e9b1bc4..4c53087f 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java +++ b/app/src/main/java/de/blinkt/openvpn/core/ConfigParser.java @@ -6,8 +6,8 @@ package de.blinkt.openvpn.core; import android.os.Build; -import android.text.TextUtils; import android.support.v4.util.Pair; +import android.text.TextUtils; import java.io.BufferedReader; import java.io.IOException; @@ -23,7 +23,11 @@ import java.util.Vector; import de.blinkt.openvpn.VpnProfile; import de.blinkt.openvpn.core.connection.Connection; +import de.blinkt.openvpn.core.connection.Obfs4Connection; import de.blinkt.openvpn.core.connection.OpenvpnConnection; +import se.leap.bitmaskclient.pluggableTransports.DispatcherOptions; + +import static de.blinkt.openvpn.core.connection.Connection.TransportType.OBFS4; //! Openvpn Config FIle Parser, probably not 100% accurate but close enough @@ -136,6 +140,7 @@ public class ConfigParser { private HashMap>> options = new HashMap<>(); private HashMap> meta = new HashMap>(); private String auth_user_pass_file; + private DispatcherOptions dispatcherOptions; static public void useEmbbedUserAuth(VpnProfile np, String inlinedata) { String data = VpnProfile.getEmbeddedContent(inlinedata); @@ -346,9 +351,9 @@ public class ConfigParser { // This method is far too long @SuppressWarnings("ConstantConditions") - public VpnProfile convertProfile() throws ConfigParseError, IOException { + public VpnProfile convertProfile(Connection.TransportType transportType) throws ConfigParseError, IOException { boolean noauthtypeset = true; - VpnProfile np = new VpnProfile(CONVERTED_PROFILE); + VpnProfile np = new VpnProfile(CONVERTED_PROFILE, transportType); // Pull, client, tls-client np.clearDefaults(); @@ -451,6 +456,7 @@ public class ConfigParser { if (redirectPrivate != null) { checkRedirectParameters(np, redirectPrivate, false); } + Vector dev = getOption("dev", 1, 1); Vector devtype = getOption("dev-type", 1, 1); @@ -476,7 +482,6 @@ public class ConfigParser { } } - Vector tunmtu = getOption("tun-mtu", 1, 1); if (tunmtu != null) { @@ -487,14 +492,12 @@ public class ConfigParser { } } - Vector mode = getOption("mode", 1, 1); if (mode != null) { if (!mode.get(1).equals("p2p")) throw new ConfigParseError("Invalid mode for --mode specified, need p2p"); } - Vector> dhcpoptions = getAllOption("dhcp-option", 2, 2); if (dhcpoptions != null) { for (Vector dhcpoption : dhcpoptions) { @@ -529,8 +532,10 @@ public class ConfigParser { if (getOption("float", 0, 0) != null) np.mUseFloat = true; - if (getOption("comp-lzo", 0, 1) != null) - np.mUseLzo = true; + Vector useLzo = getOption("comp-lzo", 0, 1); + if (useLzo != null) { + np.mUseLzo = Boolean.valueOf(useLzo.get(1)); + } Vector cipher = getOption("cipher", 1, 1); if (cipher != null) @@ -540,7 +545,6 @@ public class ConfigParser { if (auth != null) np.mAuth = auth.get(1); - Vector ca = getOption("ca", 1, 1); if (ca != null) { np.mCaFilename = ca.get(1); @@ -552,6 +556,7 @@ public class ConfigParser { np.mAuthenticationType = VpnProfile.TYPE_CERTIFICATES; noauthtypeset = false; } + Vector key = getOption("key", 1, 1); if (key != null) np.mClientKeyFilename = key.get(1); @@ -612,7 +617,6 @@ public class ConfigParser { np.mVerb = verb.get(1); } - if (getOption("nobind", 0, 1) != null) np.mNobind = true; @@ -682,8 +686,7 @@ public class ConfigParser { } - - Pair conns = parseConnectionOptions(null); + Pair conns = parseConnectionOptions(null, transportType); np.mConnections = conns.second; Vector> connectionBlocks = getAllOption("connection", 1, 1); @@ -706,6 +709,7 @@ public class ConfigParser { connIndex++; } } + if (getOption("remote-random", 0, 0) != null) np.mRemoteRandom = true; @@ -748,20 +752,21 @@ public class ConfigParser { return TextUtils.join(s, str); } + public void setDispatcherOptions(DispatcherOptions dispatcherOptions) { + this.dispatcherOptions = dispatcherOptions; + } + private Pair parseConnection(String connection, Connection defaultValues) throws IOException, ConfigParseError { // Parse a connection Block as a new configuration file - ConfigParser connectionParser = new ConfigParser(); StringReader reader = new StringReader(connection.substring(VpnProfile.INLINE_TAG.length())); connectionParser.parseConfig(reader); - Pair conn = connectionParser.parseConnectionOptions(defaultValues); - - return conn; + return connectionParser.parseConnectionOptions(defaultValues, defaultValues.getTransportType()); } - private Pair parseConnectionOptions(Connection connDefault) throws ConfigParseError { + private Pair parseConnectionOptions(Connection connDefault, Connection.TransportType transportType) throws ConfigParseError { Connection conn; if (connDefault != null) try { @@ -771,7 +776,7 @@ public class ConfigParser { return null; } else - conn = new OpenvpnConnection(); + conn = transportType == OBFS4 ? new Obfs4Connection(dispatcherOptions) : new OpenvpnConnection(); Vector port = getOption("port", 1, 1); if (port != null) { @@ -825,8 +830,6 @@ public class ConfigParser { // Parse remote config Vector> remotes = getAllOption("remote", 1, 3); - - Vector optionsToRemove = new Vector<>(); // Assume that we need custom options if connectionDefault are set or in the connection specific set for (Map.Entry>> option : options.entrySet()) { diff --git a/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java b/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java index b775921c..4a33fd49 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java +++ b/app/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java @@ -48,7 +48,6 @@ import se.leap.bitmaskclient.VpnNotificationManager; import se.leap.bitmaskclient.pluggableTransports.Dispatcher; import de.blinkt.openvpn.core.connection.Obfs4Connection; -import static de.blinkt.openvpn.core.connection.Connection.TransportType.OBFS4; import static de.blinkt.openvpn.core.ConnectionStatus.LEVEL_CONNECTED; import static de.blinkt.openvpn.core.ConnectionStatus.LEVEL_WAITING_FOR_USER_INPUT; import static de.blinkt.openvpn.core.NetworkSpace.IpAddress; @@ -386,13 +385,9 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac VpnStatus.logInfo("Setting up dispatcher."); Connection connection = mProfile.mConnections[0]; - if (connection.getTransportType() == OBFS4) { + if (mProfile.mUsePluggableTransports) { Obfs4Connection obfs4Connection = (Obfs4Connection) connection; - dispatcher = new Dispatcher(this, - obfs4Connection.getmObfs4RemoteProxyName(), - obfs4Connection.getmObfs4RemoteProxyPort(), - obfs4Connection.getmObfs4Certificate(), - obfs4Connection.getmObfs4IatMode()); + dispatcher = new Dispatcher(this, obfs4Connection.getDispatcherOptions()); dispatcher.initSync(); if (dispatcher.isRunning()) { diff --git a/app/src/main/java/de/blinkt/openvpn/core/connection/Connection.java b/app/src/main/java/de/blinkt/openvpn/core/connection/Connection.java index f333a13e..a318e55d 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/connection/Connection.java +++ b/app/src/main/java/de/blinkt/openvpn/core/connection/Connection.java @@ -35,10 +35,22 @@ public abstract class Connection implements Serializable, Cloneable { } public enum TransportType { - OBFS4, - OPENVPN + OBFS4("obfs4"), + OPENVPN("openvpn"); + + String transport; + + TransportType(String transportType) { + this.transport = transportType; + } + + @Override + public String toString() { + return transport; + } } + private static final long serialVersionUID = 92031902903829089L; diff --git a/app/src/main/java/de/blinkt/openvpn/core/connection/Obfs4Connection.java b/app/src/main/java/de/blinkt/openvpn/core/connection/Obfs4Connection.java index 790b8b1a..4f6be276 100644 --- a/app/src/main/java/de/blinkt/openvpn/core/connection/Obfs4Connection.java +++ b/app/src/main/java/de/blinkt/openvpn/core/connection/Obfs4Connection.java @@ -1,6 +1,9 @@ package de.blinkt.openvpn.core.connection; -import org.json.JSONObject; +import se.leap.bitmaskclient.pluggableTransports.DispatcherOptions; + +import static se.leap.bitmaskclient.pluggableTransports.Dispatcher.DISPATCHER_IP; +import static se.leap.bitmaskclient.pluggableTransports.Dispatcher.DISPATCHER_PORT; /** * Created by cyberta on 08.03.19. @@ -9,46 +12,38 @@ import org.json.JSONObject; public class Obfs4Connection extends Connection { private static final String TAG = Obfs4Connection.class.getName(); + private DispatcherOptions options; - - private String mObfs4RemoteProxyName = ""; - private String mObfs4RemoteProxyPort = ""; - private String mObfs4Certificate = ""; - private String mObfs4IatMode = ""; - - public Obfs4Connection() { - setDefaults(); - } - - public Obfs4Connection(Connection connection) { - mObfs4RemoteProxyName = connection.getServerName(); - setConnectTimeout(connection.getConnectTimeout()); - setCustomConfiguration(connection.getCustomConfiguration()); - setUseCustomConfig(connection.isUseCustomConfig()); - - setDefaults(); - } - - private void setDefaults() { + public Obfs4Connection(DispatcherOptions options) { setUseUdp(false); - setServerName("127.0.0.1"); - setServerPort(""); + setServerName(DISPATCHER_IP); + setServerPort(DISPATCHER_PORT); setProxyName(""); setProxyPort(""); setProxyAuthUser(null); setProxyAuthPassword(null); setProxyType(ProxyType.NONE); setUseProxyAuth(false); + this.options = options; } - public void setTransportOptions(JSONObject jsonObject) { - mObfs4Certificate = jsonObject.optString("cert"); - mObfs4IatMode = jsonObject.optString("iat-mode"); - } + @Deprecated + public Obfs4Connection() { + setUseUdp(false); + setServerName(DISPATCHER_IP); + setServerPort(DISPATCHER_PORT); + setProxyName(""); + setProxyPort(""); + setProxyAuthUser(null); + setProxyAuthPassword(null); + setProxyType(ProxyType.NONE); + setUseProxyAuth(false); } @Override public Connection clone() throws CloneNotSupportedException { - return super.clone(); + Obfs4Connection connection = (Obfs4Connection) super.clone(); + connection.options = this.options; + return connection; } @Override @@ -56,28 +51,9 @@ public class Obfs4Connection extends Connection { return TransportType.OBFS4; } - public String getmObfs4RemoteProxyName() { - return mObfs4RemoteProxyName; - } - - public void setObfs4RemoteProxyName(String mObfs4RemoteProxyName) { - this.mObfs4RemoteProxyName = mObfs4RemoteProxyName; - } - - public String getmObfs4RemoteProxyPort() { - return mObfs4RemoteProxyPort; - } - - public void setObfs4RemoteProxyPort(String mObfs4RemoteProxyPort) { - this.mObfs4RemoteProxyPort = mObfs4RemoteProxyPort; - } - - public String getmObfs4Certificate() { - return mObfs4Certificate; - } - public String getmObfs4IatMode() { - return mObfs4IatMode; + public DispatcherOptions getDispatcherOptions() { + return options; } } -- cgit v1.2.3