From 87446cbc0c818a374c057894b57e93156443a270 Mon Sep 17 00:00:00 2001 From: cyBerta Date: Sun, 31 Jul 2022 04:07:47 +0200 Subject: implement obfuscation pinning --- .../base/fragments/ObfuscationProxyDialog.java | 119 ++++++++++++++++++++- .../base/fragments/SettingsFragment.java | 53 ++++++++- .../leap/bitmaskclient/base/models/Constants.java | 8 ++ .../leap/bitmaskclient/base/models/Transport.java | 49 +++++++++ .../bitmaskclient/base/utils/ConfigHelper.java | 27 +++++ .../bitmaskclient/base/utils/PreferenceHelper.java | 80 ++++++++++++++ 6 files changed, 333 insertions(+), 3 deletions(-) create mode 100644 app/src/main/java/se/leap/bitmaskclient/base/models/Transport.java (limited to 'app/src/main/java/se/leap/bitmaskclient/base') diff --git a/app/src/main/java/se/leap/bitmaskclient/base/fragments/ObfuscationProxyDialog.java b/app/src/main/java/se/leap/bitmaskclient/base/fragments/ObfuscationProxyDialog.java index b7f16fa4..df78214d 100644 --- a/app/src/main/java/se/leap/bitmaskclient/base/fragments/ObfuscationProxyDialog.java +++ b/app/src/main/java/se/leap/bitmaskclient/base/fragments/ObfuscationProxyDialog.java @@ -1,2 +1,119 @@ -package se.leap.bitmaskclient.base.fragments;public class ObfuscationProxyDialog { +package se.leap.bitmaskclient.base.fragments; + +import static android.view.View.GONE; +import static android.view.View.VISIBLE; + +import android.app.Dialog; +import android.os.Bundle; +import android.text.TextUtils; +import android.view.View; +import android.widget.ArrayAdapter; + +import androidx.annotation.NonNull; +import androidx.annotation.Nullable; +import androidx.appcompat.app.AlertDialog; +import androidx.appcompat.app.AppCompatDialogFragment; +import androidx.appcompat.widget.AppCompatButton; +import androidx.appcompat.widget.AppCompatEditText; +import androidx.appcompat.widget.AppCompatSpinner; + +import java.util.ArrayList; + +import se.leap.bitmaskclient.base.utils.ConfigHelper.ObfsVpnHelper; +import se.leap.bitmaskclient.base.utils.PreferenceHelper; +import se.leap.bitmaskclient.base.views.IconSwitchEntry; +import se.leap.bitmaskclient.databinding.DObfuscationProxyBinding; +import se.leap.bitmaskclient.eip.GatewaysManager; + +public class ObfuscationProxyDialog extends AppCompatDialogFragment { + public static final String TAG = ObfuscationProxyDialog.class.getSimpleName(); + DObfuscationProxyBinding binding; + AppCompatEditText ipField; + AppCompatEditText portField; + AppCompatEditText certificateField; + AppCompatSpinner gatewayHost; + AppCompatButton saveButton; + AppCompatButton useDefaultsButton; + AppCompatButton cancelButton; + IconSwitchEntry kcpSwitch; + ArrayAdapter gatewayHosts; + + @NonNull + @Override + public Dialog onCreateDialog(@Nullable Bundle savedInstanceState) { + super.onCreate(savedInstanceState); + binding = DObfuscationProxyBinding.inflate(getLayoutInflater()); + View view = binding.getRoot(); + AlertDialog.Builder builder = new AlertDialog.Builder(getActivity()); + builder.setView(view); + ipField = binding.ipField; + portField = binding.portField; + certificateField = binding.certField; + gatewayHost = binding.gatewayHost; + saveButton = binding.buttonSave; + useDefaultsButton = binding.buttonDefaults; + cancelButton = binding.buttonCancel; + kcpSwitch = binding.kcpSwitch; + + ipField.setText(PreferenceHelper.getObfuscationPinningIP(getContext())); + portField.setText(PreferenceHelper.getObfuscationPinningPort(getContext())); + certificateField.setText(PreferenceHelper.getObfuscationPinningCert(getContext())); + kcpSwitch.setChecked(PreferenceHelper.getObfuscationPinningKCP(getContext())); + + GatewaysManager gatewaysManager = new GatewaysManager(getContext()); + ArrayList hostsList = gatewaysManager.getHosts(); + + hostsList.add(0, "Select a Gateway"); + gatewayHosts = new ArrayAdapter<>(getContext(), android.R.layout.simple_spinner_item, hostsList); + gatewayHosts.setDropDownViewResource(android.R.layout.simple_spinner_dropdown_item); + gatewayHost.setAdapter(gatewayHosts); + String selectedHost = PreferenceHelper.getObfuscationPinningGatewayHost(getContext()); + if (selectedHost != null) { + gatewayHost.setSelection(gatewayHosts.getPosition(selectedHost)); + } + + saveButton.setOnClickListener(v -> { + String ip = TextUtils.isEmpty(ipField.getText()) ? null : ipField.getText().toString(); + PreferenceHelper.setObfuscationPinningIP(v.getContext(), ip); + String port = TextUtils.isEmpty(portField.getText()) ? null : portField.getText().toString(); + PreferenceHelper.setObfuscationPinningPort(v.getContext(), port); + String cert = TextUtils.isEmpty(certificateField.getText()) ? null : certificateField.getText().toString(); + PreferenceHelper.setObfuscationPinningCert(v.getContext(), cert); + String gatewayHostName = gatewayHost.getSelectedItemPosition() == 0 ? null : gatewayHosts.getItem(gatewayHost.getSelectedItemPosition()); + PreferenceHelper.setObfuscationPinningGatewayHost(v.getContext(), gatewayHostName); + PreferenceHelper.setObfuscationPinningGatewayIP(v.getContext(), gatewaysManager.getIpForHost(gatewayHostName)); + PreferenceHelper.setObfuscationPinningKCP(v.getContext(), kcpSwitch.isChecked()); + PreferenceHelper.setUseObfuscationPinning(v.getContext(), ip != null && port != null && cert != null && gatewayHostName != null); + PreferenceHelper.setObfuscationPinningGatewayLocation(v.getContext(), gatewaysManager.getLocationNameForHost(gatewayHostName)); + dismiss(); + }); + + useDefaultsButton.setVisibility(ObfsVpnHelper.hasObfuscationPinningDefaults() ? VISIBLE : GONE); + useDefaultsButton.setOnClickListener(v -> { + ipField.setText(ObfsVpnHelper.obfsvpnIP()); + portField.setText(ObfsVpnHelper.obfsvpnPort()); + certificateField.setText(ObfsVpnHelper.obfsvpnCert()); + int position = gatewayHosts.getPosition(ObfsVpnHelper.gatewayHost()); + if (position == -1) { + position = 0; + } + gatewayHost.setSelection(position); + kcpSwitch.setChecked(ObfsVpnHelper.useKcp()); + }); + + cancelButton.setOnClickListener(v -> { + boolean allowPinning = !TextUtils.isEmpty(ipField.getText()) && !TextUtils.isEmpty(portField.getText()) && !TextUtils.isEmpty(certificateField.getText()); + PreferenceHelper.setUseObfuscationPinning( + v.getContext(), allowPinning); + dismiss(); + }); + + return builder.create(); + } + + @Override + public void onDestroyView() { + super.onDestroyView(); + binding = null; + } } diff --git a/app/src/main/java/se/leap/bitmaskclient/base/fragments/SettingsFragment.java b/app/src/main/java/se/leap/bitmaskclient/base/fragments/SettingsFragment.java index 9d15f839..f7d20aa9 100644 --- a/app/src/main/java/se/leap/bitmaskclient/base/fragments/SettingsFragment.java +++ b/app/src/main/java/se/leap/bitmaskclient/base/fragments/SettingsFragment.java @@ -9,9 +9,10 @@ import static se.leap.bitmaskclient.base.models.Constants.PREFER_UDP; import static se.leap.bitmaskclient.base.models.Constants.SHARED_PREFERENCES; import static se.leap.bitmaskclient.base.models.Constants.USE_BRIDGES; import static se.leap.bitmaskclient.base.models.Constants.USE_IPv6_FIREWALL; +import static se.leap.bitmaskclient.base.models.Constants.USE_OBFUSCATION_PINNING; import static se.leap.bitmaskclient.base.utils.ConfigHelper.ObfsVpnHelper.useObfsVpn; -import static se.leap.bitmaskclient.base.utils.PreferenceHelper.allowExperimentalTransports; import static se.leap.bitmaskclient.base.utils.ConfigHelper.isCalyxOSWithTetheringSupport; +import static se.leap.bitmaskclient.base.utils.PreferenceHelper.allowExperimentalTransports; import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getPreferUDP; import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getShowAlwaysOnDialog; import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getUseBridges; @@ -19,7 +20,9 @@ import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getUseSnowflake; import static se.leap.bitmaskclient.base.utils.PreferenceHelper.hasSnowflakePrefs; import static se.leap.bitmaskclient.base.utils.PreferenceHelper.preferUDP; import static se.leap.bitmaskclient.base.utils.PreferenceHelper.setAllowExperimentalTransports; +import static se.leap.bitmaskclient.base.utils.PreferenceHelper.setUseObfuscationPinning; import static se.leap.bitmaskclient.base.utils.PreferenceHelper.useBridges; +import static se.leap.bitmaskclient.base.utils.PreferenceHelper.useObfuscationPinning; import static se.leap.bitmaskclient.base.utils.PreferenceHelper.useSnowflake; import static se.leap.bitmaskclient.base.utils.ViewHelper.setActionBarTitle; @@ -86,6 +89,7 @@ public class SettingsFragment extends Fragment implements SharedPreferences.OnSh initTetheringEntry(view); initGatewayPinningEntry(view); initExperimentalTransportsEntry(view); + initObfuscationPinningEntry(view); setActionBarTitle(this, advanced_settings); return view; } @@ -260,6 +264,47 @@ public class SettingsFragment extends Fragment implements SharedPreferences.OnSh }); } + public void initObfuscationPinningEntry(View rootView) { + IconSwitchEntry obfuscationPinning = rootView.findViewById(R.id.obfuscation_proxy_pinning); + if (useObfsVpn()) { + obfuscationPinning.setVisibility(VISIBLE); + boolean useBridges = getUseBridges(getContext()); + obfuscationPinning.setEnabled(useBridges); + obfuscationPinning.setSubtitle(useBridges ? "Connect to a specific obfuscation proxy for debugging purposes" : "Enable Bridges to use this option"); + obfuscationPinning.setChecked(useObfuscationPinning(getContext())); + obfuscationPinning.setOnCheckedChangeListener((buttonView, isChecked) -> { + if (!buttonView.isPressed()) { + return; + } + if (!isChecked) { + setUseObfuscationPinning(getContext(), false); + } else { + showObfuscationPinningDialog(); + } + }); + obfuscationPinning.setOnClickListener(v -> { + if (obfuscationPinning.isChecked()) { + showObfuscationPinningDialog(); + } + }); + } else { + obfuscationPinning.setVisibility(GONE); + } + } + + public void showObfuscationPinningDialog() { + try { + FragmentTransaction fragmentTransaction = new FragmentManagerEnhanced( + getActivity().getSupportFragmentManager()).removePreviousFragment( + ObfuscationProxyDialog.TAG); + DialogFragment newFragment = new ObfuscationProxyDialog(); + newFragment.setCancelable(false); + newFragment.show(fragmentTransaction, ObfuscationProxyDialog.TAG); + } catch (IllegalStateException | NullPointerException e) { + e.printStackTrace(); + } + } + public void initExperimentalTransportsEntry(View rootView) { IconSwitchEntry experimentalTransports = rootView.findViewById(R.id.experimental_transports); if (useObfsVpn() && ProviderObservable.getInstance().getCurrentProvider().supportsExperimentalPluggableTransports()) { @@ -315,9 +360,13 @@ public class SettingsFragment extends Fragment implements SharedPreferences.OnSh initPreferUDPEntry(rootView); } else if (key.equals(USE_IPv6_FIREWALL)) { initFirewallEntry(getView()); - } if (key.equals(GATEWAY_PINNING)) { + } else if (key.equals(GATEWAY_PINNING)) { initGatewayPinningEntry(rootView); } + + if (key.equals(USE_OBFUSCATION_PINNING) || key.equals(USE_BRIDGES)) { + initObfuscationPinningEntry(rootView); + } } } diff --git a/app/src/main/java/se/leap/bitmaskclient/base/models/Constants.java b/app/src/main/java/se/leap/bitmaskclient/base/models/Constants.java index b34a31eb..8fbac35e 100644 --- a/app/src/main/java/se/leap/bitmaskclient/base/models/Constants.java +++ b/app/src/main/java/se/leap/bitmaskclient/base/models/Constants.java @@ -45,6 +45,14 @@ public interface Constants { String PREFER_UDP = "prefer_UDP"; String GATEWAY_PINNING = "gateway_pinning"; String ALLOW_EXPERIMENTAL_TRANSPORTS = "allow_experimental_transports"; + String USE_OBFUSCATION_PINNING = "use_obfuscation_pinning"; + String OBFUSCATION_PINNING_IP = "obfuscation_pinning_ip"; + String OBFUSCATION_PINNING_PORT = "obfuscation_pinning_port"; + String OBFUSCATION_PINNING_CERT = "obfuscation_pinning_cert"; + String OBFUSCATION_PINNING_KCP = "obfuscation_pinning_udp"; + String OBFUSCATION_PINNING_GW_HOST = "obfuscation_pinning_gw_host"; + String OBFUSCATION_PINNING_GW_IP = "obfuscation_pinning_gw_ip"; + String OBFUSCATION_PINNING_LOCATION = "obfuscation_pinning_location"; ////////////////////////////////////////////// diff --git a/app/src/main/java/se/leap/bitmaskclient/base/models/Transport.java b/app/src/main/java/se/leap/bitmaskclient/base/models/Transport.java new file mode 100644 index 00000000..90a033dd --- /dev/null +++ b/app/src/main/java/se/leap/bitmaskclient/base/models/Transport.java @@ -0,0 +1,49 @@ +package se.leap.bitmaskclient.base.models; + +import com.google.gson.Gson; +import com.google.gson.GsonBuilder; + +import org.json.JSONObject; + +public class Transport { + private String type; + private String[] protocols; + private String[] ports; + private Options options; + + public Transport(String type, String[] protocols, String[] ports, String cert) { + this.type = type; + this.protocols = protocols; + this.ports = ports; + this.options = new Options(cert); + } + + @Override + public String toString() { + return new Gson().toJson(this); + } + + public static Transport fromJson(JSONObject json) { + GsonBuilder builder = new GsonBuilder(); + return builder.create().fromJson(json.toString(), Transport.class); + } + + public static class Options { + private String cert; + private String iatMode; + + public Options(String cert) { + this.cert = cert; + this.iatMode = "0"; + } + + @Override + public String toString() { + return new Gson().toJson(this); + } + } + + +} + + diff --git a/app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java b/app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java index 102756c4..c4e2fb17 100644 --- a/app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java +++ b/app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java @@ -285,5 +285,32 @@ public class ConfigHelper { public static boolean useObfsVpn() { return BuildConfig.use_obfsvpn; } + + public static boolean hasObfuscationPinningDefaults() { + return BuildConfig.obfsvpn_ip != null && + BuildConfig.obfsvpn_port != null && + BuildConfig.obfsvpn_cert != null && + BuildConfig.obfsvpn_gateway_host != null && + !BuildConfig.obfsvpn_ip.isEmpty() && + !BuildConfig.obfsvpn_port.isEmpty() && + !BuildConfig.obfsvpn_cert.isEmpty() && + !BuildConfig.obfsvpn_gateway_host.isEmpty(); + } + public static String obfsvpnIP() { + return BuildConfig.obfsvpn_ip; + } + public static String obfsvpnPort() { + return BuildConfig.obfsvpn_port; + } + public static String obfsvpnCert() { + return BuildConfig.obfsvpn_cert; + } + public static String gatewayHost() { + return BuildConfig.obfsvpn_gateway_host; + } + + public static boolean useKcp() { + return BuildConfig.obfsvpn_use_kcp; + } } } diff --git a/app/src/main/java/se/leap/bitmaskclient/base/utils/PreferenceHelper.java b/app/src/main/java/se/leap/bitmaskclient/base/utils/PreferenceHelper.java index 22fe42ff..d9beffd3 100644 --- a/app/src/main/java/se/leap/bitmaskclient/base/utils/PreferenceHelper.java +++ b/app/src/main/java/se/leap/bitmaskclient/base/utils/PreferenceHelper.java @@ -11,6 +11,13 @@ import static se.leap.bitmaskclient.base.models.Constants.EXCLUDED_APPS; import static se.leap.bitmaskclient.base.models.Constants.GATEWAY_PINNING; import static se.leap.bitmaskclient.base.models.Constants.LAST_UPDATE_CHECK; import static se.leap.bitmaskclient.base.models.Constants.LAST_USED_PROFILE; +import static se.leap.bitmaskclient.base.models.Constants.OBFUSCATION_PINNING_CERT; +import static se.leap.bitmaskclient.base.models.Constants.OBFUSCATION_PINNING_GW_HOST; +import static se.leap.bitmaskclient.base.models.Constants.OBFUSCATION_PINNING_GW_IP; +import static se.leap.bitmaskclient.base.models.Constants.OBFUSCATION_PINNING_IP; +import static se.leap.bitmaskclient.base.models.Constants.OBFUSCATION_PINNING_KCP; +import static se.leap.bitmaskclient.base.models.Constants.OBFUSCATION_PINNING_LOCATION; +import static se.leap.bitmaskclient.base.models.Constants.OBFUSCATION_PINNING_PORT; import static se.leap.bitmaskclient.base.models.Constants.PREFERRED_CITY; import static se.leap.bitmaskclient.base.models.Constants.PREFER_UDP; import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_CONFIGURED; @@ -22,10 +29,12 @@ import static se.leap.bitmaskclient.base.models.Constants.SHARED_PREFERENCES; import static se.leap.bitmaskclient.base.models.Constants.SHOW_EXPERIMENTAL; import static se.leap.bitmaskclient.base.models.Constants.USE_BRIDGES; import static se.leap.bitmaskclient.base.models.Constants.USE_IPv6_FIREWALL; +import static se.leap.bitmaskclient.base.models.Constants.USE_OBFUSCATION_PINNING; import static se.leap.bitmaskclient.base.models.Constants.USE_SNOWFLAKE; import android.content.Context; import android.content.SharedPreferences; +import android.text.TextUtils; import androidx.annotation.NonNull; import androidx.annotation.WorkerThread; @@ -260,6 +269,77 @@ public class PreferenceHelper { return getBoolean(context, ALLOW_EXPERIMENTAL_TRANSPORTS, false); } + public static void setUseObfuscationPinning(Context context, Boolean pinning) { + putBoolean(context, USE_OBFUSCATION_PINNING, pinning); + } + + public static boolean useObfuscationPinning(Context context) { + return ConfigHelper.ObfsVpnHelper.useObfsVpn() && + getUseBridges(context) && + getBoolean(context, USE_OBFUSCATION_PINNING, false) && + !TextUtils.isEmpty(getObfuscationPinningIP(context)) && + !TextUtils.isEmpty(getObfuscationPinningCert(context)) && + !TextUtils.isEmpty(getObfuscationPinningPort(context)) && + !TextUtils.isEmpty(getObfuscationPinningGatewayHost(context)); + } + + public static void setObfuscationPinningIP(Context context, String ip) { + putString(context, OBFUSCATION_PINNING_IP, ip); + } + + public static String getObfuscationPinningIP(Context context) { + return getString(context, OBFUSCATION_PINNING_IP, null); + } + + public static void setObfuscationPinningPort(Context context, String port) { + putString(context, OBFUSCATION_PINNING_PORT, port); + } + + public static String getObfuscationPinningPort(Context context) { + return getString(context, OBFUSCATION_PINNING_PORT, null); + } + + public static void setObfuscationPinningCert(Context context, String cert) { + putString(context, OBFUSCATION_PINNING_CERT, cert); + } + + public static String getObfuscationPinningCert(Context context) { + return getString(context, OBFUSCATION_PINNING_CERT, null); + } + + public static void setObfuscationPinningGatewayHost(Context context, String gatewayIP) { + putString(context, OBFUSCATION_PINNING_GW_HOST, gatewayIP); + } + + public static String getObfuscationPinningGatewayHost(Context context) { + return getString(context, OBFUSCATION_PINNING_GW_HOST, null); + } + + + public static void setObfuscationPinningGatewayIP(Context context, String ipForHost) { + putString(context, OBFUSCATION_PINNING_GW_IP, ipForHost); + } + + public static String getObfuscationPinningGatewayIP(Context context) { + return getString(context, OBFUSCATION_PINNING_GW_IP, null); + } + + public static void setObfuscationPinningGatewayLocation(Context context, String location) { + putString(context, OBFUSCATION_PINNING_LOCATION, location); + } + + public static String getObfuscationPinningGatewayLocation(Context context) { + return getString(context, OBFUSCATION_PINNING_LOCATION, null); + } + + public static Boolean getObfuscationPinningKCP(Context context) { + return getBoolean(context, OBFUSCATION_PINNING_KCP, false); + } + + public static void setObfuscationPinningKCP(Context context, boolean isKCP) { + putBoolean(context, OBFUSCATION_PINNING_KCP, isKCP); + } + public static void setUseIPv6Firewall(Context context, boolean useFirewall) { putBoolean(context, USE_IPv6_FIREWALL, useFirewall); } -- cgit v1.2.3