From 87446cbc0c818a374c057894b57e93156443a270 Mon Sep 17 00:00:00 2001
From: cyBerta <cyberta@riseup.net>
Date: Sun, 31 Jul 2022 04:07:47 +0200
Subject: implement obfuscation pinning

---
 .../base/fragments/ObfuscationProxyDialog.java     | 119 ++++++++++++++++++++-
 .../base/fragments/SettingsFragment.java           |  53 ++++++++-
 2 files changed, 169 insertions(+), 3 deletions(-)

(limited to 'app/src/main/java/se/leap/bitmaskclient/base/fragments')

diff --git a/app/src/main/java/se/leap/bitmaskclient/base/fragments/ObfuscationProxyDialog.java b/app/src/main/java/se/leap/bitmaskclient/base/fragments/ObfuscationProxyDialog.java
index b7f16fa4..df78214d 100644
--- a/app/src/main/java/se/leap/bitmaskclient/base/fragments/ObfuscationProxyDialog.java
+++ b/app/src/main/java/se/leap/bitmaskclient/base/fragments/ObfuscationProxyDialog.java
@@ -1,2 +1,119 @@
-package se.leap.bitmaskclient.base.fragments;public class ObfuscationProxyDialog {
+package se.leap.bitmaskclient.base.fragments;
+
+import static android.view.View.GONE;
+import static android.view.View.VISIBLE;
+
+import android.app.Dialog;
+import android.os.Bundle;
+import android.text.TextUtils;
+import android.view.View;
+import android.widget.ArrayAdapter;
+
+import androidx.annotation.NonNull;
+import androidx.annotation.Nullable;
+import androidx.appcompat.app.AlertDialog;
+import androidx.appcompat.app.AppCompatDialogFragment;
+import androidx.appcompat.widget.AppCompatButton;
+import androidx.appcompat.widget.AppCompatEditText;
+import androidx.appcompat.widget.AppCompatSpinner;
+
+import java.util.ArrayList;
+
+import se.leap.bitmaskclient.base.utils.ConfigHelper.ObfsVpnHelper;
+import se.leap.bitmaskclient.base.utils.PreferenceHelper;
+import se.leap.bitmaskclient.base.views.IconSwitchEntry;
+import se.leap.bitmaskclient.databinding.DObfuscationProxyBinding;
+import se.leap.bitmaskclient.eip.GatewaysManager;
+
+public class ObfuscationProxyDialog extends AppCompatDialogFragment {
+    public static final String TAG = ObfuscationProxyDialog.class.getSimpleName();
+    DObfuscationProxyBinding binding;
+    AppCompatEditText ipField;
+    AppCompatEditText portField;
+    AppCompatEditText certificateField;
+    AppCompatSpinner gatewayHost;
+    AppCompatButton saveButton;
+    AppCompatButton useDefaultsButton;
+    AppCompatButton cancelButton;
+    IconSwitchEntry kcpSwitch;
+    ArrayAdapter<String> gatewayHosts;
+
+    @NonNull
+    @Override
+    public Dialog onCreateDialog(@Nullable Bundle savedInstanceState) {
+        super.onCreate(savedInstanceState);
+        binding = DObfuscationProxyBinding.inflate(getLayoutInflater());
+        View view = binding.getRoot();
+        AlertDialog.Builder builder = new AlertDialog.Builder(getActivity());
+        builder.setView(view);
+        ipField = binding.ipField;
+        portField = binding.portField;
+        certificateField = binding.certField;
+        gatewayHost = binding.gatewayHost;
+        saveButton = binding.buttonSave;
+        useDefaultsButton = binding.buttonDefaults;
+        cancelButton = binding.buttonCancel;
+        kcpSwitch = binding.kcpSwitch;
+
+        ipField.setText(PreferenceHelper.getObfuscationPinningIP(getContext()));
+        portField.setText(PreferenceHelper.getObfuscationPinningPort(getContext()));
+        certificateField.setText(PreferenceHelper.getObfuscationPinningCert(getContext()));
+        kcpSwitch.setChecked(PreferenceHelper.getObfuscationPinningKCP(getContext()));
+
+        GatewaysManager gatewaysManager = new GatewaysManager(getContext());
+        ArrayList<String> hostsList = gatewaysManager.getHosts();
+
+        hostsList.add(0, "Select a Gateway");
+        gatewayHosts = new ArrayAdapter<>(getContext(), android.R.layout.simple_spinner_item, hostsList);
+        gatewayHosts.setDropDownViewResource(android.R.layout.simple_spinner_dropdown_item);
+        gatewayHost.setAdapter(gatewayHosts);
+        String selectedHost = PreferenceHelper.getObfuscationPinningGatewayHost(getContext());
+        if (selectedHost != null) {
+            gatewayHost.setSelection(gatewayHosts.getPosition(selectedHost));
+        }
+
+        saveButton.setOnClickListener(v -> {
+            String ip = TextUtils.isEmpty(ipField.getText()) ? null : ipField.getText().toString();
+            PreferenceHelper.setObfuscationPinningIP(v.getContext(), ip);
+            String port = TextUtils.isEmpty(portField.getText()) ? null : portField.getText().toString();
+            PreferenceHelper.setObfuscationPinningPort(v.getContext(), port);
+            String cert = TextUtils.isEmpty(certificateField.getText()) ? null : certificateField.getText().toString();
+            PreferenceHelper.setObfuscationPinningCert(v.getContext(), cert);
+            String gatewayHostName = gatewayHost.getSelectedItemPosition() == 0 ? null : gatewayHosts.getItem(gatewayHost.getSelectedItemPosition());
+            PreferenceHelper.setObfuscationPinningGatewayHost(v.getContext(), gatewayHostName);
+            PreferenceHelper.setObfuscationPinningGatewayIP(v.getContext(), gatewaysManager.getIpForHost(gatewayHostName));
+            PreferenceHelper.setObfuscationPinningKCP(v.getContext(), kcpSwitch.isChecked());
+            PreferenceHelper.setUseObfuscationPinning(v.getContext(), ip != null && port != null && cert != null && gatewayHostName != null);
+            PreferenceHelper.setObfuscationPinningGatewayLocation(v.getContext(), gatewaysManager.getLocationNameForHost(gatewayHostName));
+            dismiss();
+        });
+
+        useDefaultsButton.setVisibility(ObfsVpnHelper.hasObfuscationPinningDefaults() ? VISIBLE : GONE);
+        useDefaultsButton.setOnClickListener(v -> {
+           ipField.setText(ObfsVpnHelper.obfsvpnIP());
+           portField.setText(ObfsVpnHelper.obfsvpnPort());
+           certificateField.setText(ObfsVpnHelper.obfsvpnCert());
+           int position = gatewayHosts.getPosition(ObfsVpnHelper.gatewayHost());
+           if (position == -1) {
+               position = 0;
+           }
+           gatewayHost.setSelection(position);
+           kcpSwitch.setChecked(ObfsVpnHelper.useKcp());
+        });
+
+        cancelButton.setOnClickListener(v -> {
+            boolean allowPinning = !TextUtils.isEmpty(ipField.getText()) && !TextUtils.isEmpty(portField.getText()) && !TextUtils.isEmpty(certificateField.getText());
+            PreferenceHelper.setUseObfuscationPinning(
+                    v.getContext(), allowPinning);
+            dismiss();
+        });
+
+        return builder.create();
+    }
+
+    @Override
+    public void onDestroyView() {
+        super.onDestroyView();
+        binding = null;
+    }
 }
diff --git a/app/src/main/java/se/leap/bitmaskclient/base/fragments/SettingsFragment.java b/app/src/main/java/se/leap/bitmaskclient/base/fragments/SettingsFragment.java
index 9d15f839..f7d20aa9 100644
--- a/app/src/main/java/se/leap/bitmaskclient/base/fragments/SettingsFragment.java
+++ b/app/src/main/java/se/leap/bitmaskclient/base/fragments/SettingsFragment.java
@@ -9,9 +9,10 @@ import static se.leap.bitmaskclient.base.models.Constants.PREFER_UDP;
 import static se.leap.bitmaskclient.base.models.Constants.SHARED_PREFERENCES;
 import static se.leap.bitmaskclient.base.models.Constants.USE_BRIDGES;
 import static se.leap.bitmaskclient.base.models.Constants.USE_IPv6_FIREWALL;
+import static se.leap.bitmaskclient.base.models.Constants.USE_OBFUSCATION_PINNING;
 import static se.leap.bitmaskclient.base.utils.ConfigHelper.ObfsVpnHelper.useObfsVpn;
-import static se.leap.bitmaskclient.base.utils.PreferenceHelper.allowExperimentalTransports;
 import static se.leap.bitmaskclient.base.utils.ConfigHelper.isCalyxOSWithTetheringSupport;
+import static se.leap.bitmaskclient.base.utils.PreferenceHelper.allowExperimentalTransports;
 import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getPreferUDP;
 import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getShowAlwaysOnDialog;
 import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getUseBridges;
@@ -19,7 +20,9 @@ import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getUseSnowflake;
 import static se.leap.bitmaskclient.base.utils.PreferenceHelper.hasSnowflakePrefs;
 import static se.leap.bitmaskclient.base.utils.PreferenceHelper.preferUDP;
 import static se.leap.bitmaskclient.base.utils.PreferenceHelper.setAllowExperimentalTransports;
+import static se.leap.bitmaskclient.base.utils.PreferenceHelper.setUseObfuscationPinning;
 import static se.leap.bitmaskclient.base.utils.PreferenceHelper.useBridges;
+import static se.leap.bitmaskclient.base.utils.PreferenceHelper.useObfuscationPinning;
 import static se.leap.bitmaskclient.base.utils.PreferenceHelper.useSnowflake;
 import static se.leap.bitmaskclient.base.utils.ViewHelper.setActionBarTitle;
 
@@ -86,6 +89,7 @@ public class SettingsFragment extends Fragment implements SharedPreferences.OnSh
         initTetheringEntry(view);
         initGatewayPinningEntry(view);
         initExperimentalTransportsEntry(view);
+        initObfuscationPinningEntry(view);
         setActionBarTitle(this, advanced_settings);
         return view;
     }
@@ -260,6 +264,47 @@ public class SettingsFragment extends Fragment implements SharedPreferences.OnSh
         });
     }
 
+    public void initObfuscationPinningEntry(View rootView) {
+        IconSwitchEntry obfuscationPinning = rootView.findViewById(R.id.obfuscation_proxy_pinning);
+        if (useObfsVpn()) {
+            obfuscationPinning.setVisibility(VISIBLE);
+            boolean useBridges = getUseBridges(getContext());
+            obfuscationPinning.setEnabled(useBridges);
+            obfuscationPinning.setSubtitle(useBridges ? "Connect to a specific obfuscation proxy for debugging purposes" : "Enable Bridges to use this option");
+            obfuscationPinning.setChecked(useObfuscationPinning(getContext()));
+            obfuscationPinning.setOnCheckedChangeListener((buttonView, isChecked) -> {
+                if (!buttonView.isPressed()) {
+                    return;
+                }
+                if (!isChecked) {
+                    setUseObfuscationPinning(getContext(), false);
+                } else {
+                    showObfuscationPinningDialog();
+                }
+            });
+            obfuscationPinning.setOnClickListener(v -> {
+                if (obfuscationPinning.isChecked()) {
+                    showObfuscationPinningDialog();
+                }
+            });
+        } else {
+            obfuscationPinning.setVisibility(GONE);
+        }
+    }
+
+    public void showObfuscationPinningDialog() {
+        try {
+            FragmentTransaction fragmentTransaction = new FragmentManagerEnhanced(
+                    getActivity().getSupportFragmentManager()).removePreviousFragment(
+                    ObfuscationProxyDialog.TAG);
+            DialogFragment newFragment = new ObfuscationProxyDialog();
+            newFragment.setCancelable(false);
+            newFragment.show(fragmentTransaction, ObfuscationProxyDialog.TAG);
+        } catch (IllegalStateException | NullPointerException e) {
+            e.printStackTrace();
+        }
+    }
+
     public void initExperimentalTransportsEntry(View rootView) {
         IconSwitchEntry experimentalTransports = rootView.findViewById(R.id.experimental_transports);
         if (useObfsVpn() && ProviderObservable.getInstance().getCurrentProvider().supportsExperimentalPluggableTransports()) {
@@ -315,9 +360,13 @@ public class SettingsFragment extends Fragment implements SharedPreferences.OnSh
             initPreferUDPEntry(rootView);
         } else if (key.equals(USE_IPv6_FIREWALL)) {
             initFirewallEntry(getView());
-        } if (key.equals(GATEWAY_PINNING)) {
+        } else if (key.equals(GATEWAY_PINNING)) {
             initGatewayPinningEntry(rootView);
         }
+
+        if (key.equals(USE_OBFUSCATION_PINNING) || key.equals(USE_BRIDGES)) {
+            initObfuscationPinningEntry(rootView);
+        }
     }
 
 }
-- 
cgit v1.2.3