From f8932f11321fe2fac70edc9827f6a3517ee990c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Parm=C3=A9nides=20GV?= Date: Fri, 27 Jun 2014 19:51:57 +0200 Subject: Download certificate if expired. --- app/src/main/java/se/leap/bitmaskclient/EIP.java | 25 ++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'app/src/main/java/se/leap/bitmaskclient/EIP.java') diff --git a/app/src/main/java/se/leap/bitmaskclient/EIP.java b/app/src/main/java/se/leap/bitmaskclient/EIP.java index 21a573fe..ea5d7ab6 100644 --- a/app/src/main/java/se/leap/bitmaskclient/EIP.java +++ b/app/src/main/java/se/leap/bitmaskclient/EIP.java @@ -27,6 +27,9 @@ import java.util.NoSuchElementException; import java.util.Set; import java.util.TreeMap; import java.util.Vector; +import java.security.cert.X509Certificate; +import java.security.cert.CertificateExpiredException; +import java.security.cert.CertificateNotYetValidException; import org.json.JSONArray; import org.json.JSONException; @@ -72,6 +75,7 @@ import android.util.Log; public final class EIP extends IntentService { public final static String AUTHED_EIP = "authed eip"; + public final static String ACTION_CHECK_CERT_VALIDITY = "se.leap.bitmaskclient.CHECK_CERT_VALIDITY"; public final static String ACTION_START_EIP = "se.leap.bitmaskclient.START_EIP"; public final static String ACTION_STOP_EIP = "se.leap.bitmaskclient.STOP_EIP"; public final static String ACTION_UPDATE_EIP_SERVICE = "se.leap.bitmaskclient.UPDATE_EIP_SERVICE"; @@ -138,6 +142,8 @@ public final class EIP extends IntentService { this.startEIP(); else if ( action == ACTION_STOP_EIP ) this.stopEIP(); + else if ( action == ACTION_CHECK_CERT_VALIDITY ) + this.checkCertValidity(); } /** @@ -408,6 +414,25 @@ public final class EIP extends IntentService { getSharedPreferences(Dashboard.SHARED_PREFERENCES, MODE_PRIVATE).edit().putInt(PARSED_SERIAL, eipDefinition.optInt(Provider.API_RETURN_SERIAL)).commit(); } + private void checkCertValidity() { + Log.d(TAG, "check cert validity"); + String certificate_string = getSharedPreferences(Dashboard.SHARED_PREFERENCES, MODE_PRIVATE).getString(CERTIFICATE, ""); + X509Certificate certificate_x509 = ConfigHelper.parseX509CertificateFromString(certificate_string); + // Fetch a new certificate if the current one is going to expire in less than 7 days + Calendar offset_date = Calendar.getInstance(); + offset_date.add(Calendar.DATE, 10); + Bundle result_data = new Bundle(); + result_data.putString(REQUEST_TAG, ACTION_CHECK_CERT_VALIDITY); + try { + certificate_x509.checkValidity(offset_date.getTime()); + mReceiver.send(Activity.RESULT_OK, result_data); + } catch(CertificateExpiredException e) { + mReceiver.send(Activity.RESULT_CANCELED, result_data); + } catch(CertificateNotYetValidException e) { + mReceiver.send(Activity.RESULT_CANCELED, result_data); + } + } + /** * OVPNGateway provides objects defining gateways and their options and metadata. * Each instance contains a VpnProfile for OpenVPN specific data and member -- cgit v1.2.3 From ca9952b324d153d1580f73ce8c999542ec1883c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Parm=C3=A9nides=20GV?= Date: Wed, 2 Jul 2014 19:48:34 +0200 Subject: Fetch new certificate and restart EIP. --- app/src/main/java/se/leap/bitmaskclient/EIP.java | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'app/src/main/java/se/leap/bitmaskclient/EIP.java') diff --git a/app/src/main/java/se/leap/bitmaskclient/EIP.java b/app/src/main/java/se/leap/bitmaskclient/EIP.java index ea5d7ab6..19625ba1 100644 --- a/app/src/main/java/se/leap/bitmaskclient/EIP.java +++ b/app/src/main/java/se/leap/bitmaskclient/EIP.java @@ -279,7 +279,7 @@ public final class EIP extends IntentService { disconnect_vpn.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK); startActivity(disconnect_vpn); } - + if (mReceiver != null){ Bundle resultData = new Bundle(); resultData.putString(REQUEST_TAG, ACTION_STOP_EIP); @@ -415,19 +415,21 @@ public final class EIP extends IntentService { } private void checkCertValidity() { - Log.d(TAG, "check cert validity"); String certificate_string = getSharedPreferences(Dashboard.SHARED_PREFERENCES, MODE_PRIVATE).getString(CERTIFICATE, ""); X509Certificate certificate_x509 = ConfigHelper.parseX509CertificateFromString(certificate_string); // Fetch a new certificate if the current one is going to expire in less than 7 days Calendar offset_date = Calendar.getInstance(); - offset_date.add(Calendar.DATE, 10); + offset_date.add(Calendar.DATE, 7); + Bundle result_data = new Bundle(); result_data.putString(REQUEST_TAG, ACTION_CHECK_CERT_VALIDITY); try { certificate_x509.checkValidity(offset_date.getTime()); mReceiver.send(Activity.RESULT_OK, result_data); + Log.d(TAG, "Valid certificate"); } catch(CertificateExpiredException e) { mReceiver.send(Activity.RESULT_CANCELED, result_data); + Log.d(TAG, "Updating certificate"); } catch(CertificateNotYetValidException e) { mReceiver.send(Activity.RESULT_CANCELED, result_data); } -- cgit v1.2.3 From a23c12674abd836b3abd4feeaf057236cfd0ca27 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Parm=C3=A9nides=20GV?= Date: Mon, 7 Jul 2014 19:28:13 +0200 Subject: New certificate if half of its lifetime passed. It takes for granted that the certificate is valid from the very same date it's downloaded. --- app/src/main/java/se/leap/bitmaskclient/EIP.java | 80 ++++++++++++++---------- 1 file changed, 47 insertions(+), 33 deletions(-) (limited to 'app/src/main/java/se/leap/bitmaskclient/EIP.java') diff --git a/app/src/main/java/se/leap/bitmaskclient/EIP.java b/app/src/main/java/se/leap/bitmaskclient/EIP.java index 19625ba1..75c6ada8 100644 --- a/app/src/main/java/se/leap/bitmaskclient/EIP.java +++ b/app/src/main/java/se/leap/bitmaskclient/EIP.java @@ -16,38 +16,9 @@ */ package se.leap.bitmaskclient; -import java.io.StringReader; -import java.io.IOException; -import java.util.Calendar; -import java.util.Collection; -import java.util.HashMap; -import java.util.HashSet; -import java.util.Iterator; -import java.util.NoSuchElementException; -import java.util.Set; -import java.util.TreeMap; -import java.util.Vector; -import java.security.cert.X509Certificate; -import java.security.cert.CertificateExpiredException; -import java.security.cert.CertificateNotYetValidException; -import org.json.JSONArray; -import org.json.JSONException; -import org.json.JSONObject; -import se.leap.bitmaskclient.R; -import se.leap.bitmaskclient.Dashboard; -import se.leap.bitmaskclient.Provider; -import de.blinkt.openvpn.activities.DisconnectVPN; -import de.blinkt.openvpn.core.ConfigParser; -import de.blinkt.openvpn.core.ConfigParser.ConfigParseError; -import de.blinkt.openvpn.LaunchVPN; -import de.blinkt.openvpn.core.OpenVpnManagementThread; -import de.blinkt.openvpn.core.OpenVpnService; -import de.blinkt.openvpn.core.OpenVpnService.LocalBinder; -import de.blinkt.openvpn.core.ProfileManager; -import de.blinkt.openvpn.VpnProfile; import android.app.Activity; import android.app.IntentService; @@ -61,6 +32,38 @@ import android.os.Bundle; import android.os.IBinder; import android.os.ResultReceiver; import android.util.Log; +import de.blinkt.openvpn.LaunchVPN; +import de.blinkt.openvpn.VpnProfile; +import de.blinkt.openvpn.activities.DisconnectVPN; +import de.blinkt.openvpn.core.ConfigParser.ConfigParseError; +import de.blinkt.openvpn.core.ConfigParser; +import de.blinkt.openvpn.core.OpenVpnManagementThread; +import de.blinkt.openvpn.core.OpenVpnService.LocalBinder; +import de.blinkt.openvpn.core.OpenVpnService; +import de.blinkt.openvpn.core.ProfileManager; +import java.io.IOException; +import java.io.StringReader; +import java.security.cert.CertificateExpiredException; +import java.security.cert.CertificateNotYetValidException; +import java.security.cert.X509Certificate; +import java.text.ParseException; +import java.text.SimpleDateFormat; +import java.util.Calendar; +import java.util.Collection; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Iterator; +import java.util.Locale; +import java.util.NoSuchElementException; +import java.util.Set; +import java.util.TreeMap; +import java.util.Vector; +import org.json.JSONArray; +import org.json.JSONException; +import org.json.JSONObject; +import se.leap.bitmaskclient.Dashboard; +import se.leap.bitmaskclient.Provider; +import se.leap.bitmaskclient.R; /** * EIP is the abstract base class for interacting with and managing the Encrypted @@ -82,6 +85,7 @@ public final class EIP extends IntentService { public final static String ACTION_IS_EIP_RUNNING = "se.leap.bitmaskclient.IS_RUNNING"; public final static String EIP_NOTIFICATION = "EIP_NOTIFICATION"; public final static String STATUS = "eip status"; + public final static String DATE_FROM_CERTIFICATE = "date from certificate"; public final static String ALLOWED_ANON = "allow_anonymous"; public final static String CERTIFICATE = "cert"; public final static String PRIVATE_KEY = "private_key"; @@ -91,8 +95,9 @@ public final class EIP extends IntentService { public final static String RECEIVER_TAG = "receiverTag"; public final static String REQUEST_TAG = "requestTag"; public final static String TAG = "se.leap.bitmaskclient.EIP"; - - + + public final static SimpleDateFormat certificate_date_format = new SimpleDateFormat("yyyy-MM-dd HH:mm", Locale.US); + private static Context context; private static ResultReceiver mReceiver; private static OpenVpnService mVpnService; @@ -416,14 +421,23 @@ public final class EIP extends IntentService { private void checkCertValidity() { String certificate_string = getSharedPreferences(Dashboard.SHARED_PREFERENCES, MODE_PRIVATE).getString(CERTIFICATE, ""); + String date_from_certificate_string = getSharedPreferences(Dashboard.SHARED_PREFERENCES, MODE_PRIVATE).getString(DATE_FROM_CERTIFICATE, Calendar.getInstance().getTime().toString()); X509Certificate certificate_x509 = ConfigHelper.parseX509CertificateFromString(certificate_string); - // Fetch a new certificate if the current one is going to expire in less than 7 days + Calendar offset_date = Calendar.getInstance(); - offset_date.add(Calendar.DATE, 7); + try { + long difference = Math.abs(certificate_date_format.parse(date_from_certificate_string).getTime() - certificate_x509.getNotAfter().getTime())/2; + long current_date_millis = offset_date.getTimeInMillis(); + offset_date.setTimeInMillis(current_date_millis + difference); + Log.d(TAG, "certificate not after = " + certificate_x509.getNotAfter()); + } catch(ParseException e) { + e.printStackTrace(); + } Bundle result_data = new Bundle(); result_data.putString(REQUEST_TAG, ACTION_CHECK_CERT_VALIDITY); try { + Log.d(TAG, "offset_date = " + offset_date.getTime().toString()); certificate_x509.checkValidity(offset_date.getTime()); mReceiver.send(Activity.RESULT_OK, result_data); Log.d(TAG, "Valid certificate"); -- cgit v1.2.3