From b8087831f7db9fbc7806c58e632bda448b3b9e3b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Parm=C3=A9nides=20GV?= Date: Wed, 12 Nov 2014 03:44:14 +0100 Subject: More refactoring, fixed problems from previous commit. --- .../bitmaskclient/eip/VpnCertificateValidator.java | 59 ++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java (limited to 'app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java') diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java b/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java new file mode 100644 index 00000000..a5f04368 --- /dev/null +++ b/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java @@ -0,0 +1,59 @@ +/** + * Copyright (c) 2013 LEAP Encryption Access Project and contributers + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ +package se.leap.bitmaskclient.eip; + +import android.util.Log; +import java.util.*; +import java.security.cert.*; +import java.text.*; + +import se.leap.bitmaskclient.ConfigHelper; +import static se.leap.bitmaskclient.eip.Constants.*; + +public class VpnCertificateValidator { + public final static String TAG = VpnCertificateValidator.class.getSimpleName(); + + public boolean isValid(String certificate) { + if(!certificate.isEmpty()) { + X509Certificate certificate_x509 = ConfigHelper.parseX509CertificateFromString(certificate); + return isValid(certificate_x509); + } else return false; + } + + private boolean isValid(X509Certificate certificate) { + Calendar offset_date = calculateOffsetCertificateValidity(certificate); + try { + Log.d(TAG, "offset_date = " + offset_date.getTime().toString()); + certificate.checkValidity(offset_date.getTime()); + return true; + } catch(CertificateExpiredException e) { + return false; + } catch(CertificateNotYetValidException e) { + return false; + } + } + + private Calendar calculateOffsetCertificateValidity(X509Certificate certificate) { + Log.d(TAG, "certificate not after = " + certificate.getNotAfter()); + long preventive_time = Math.abs(certificate.getNotBefore().getTime() - certificate.getNotAfter().getTime())/2; + long current_date_millis = Calendar.getInstance().getTimeInMillis(); + + Calendar limit_date = Calendar.getInstance(); + limit_date.setTimeInMillis(current_date_millis + preventive_time); + return limit_date; + } +} -- cgit v1.2.3 From 5d28fc6602a214da51931e428112825117b2509f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Parm=C3=A9nides=20GV?= Date: Mon, 17 Nov 2014 19:54:51 +0100 Subject: An empty certificate is valid. If there is no certificate, there is no need to fix it. Right now, we use this class just to know if we need to update the certificate or redownload it. In case the certificate is corrupted, then it won't be empty but will contain an error message. If there is no certificate (e.g., because the user hasn't logged in and the provider doesn't provide anon vpn), then the "certificate" is ok but an upper layer of the code will have to handle the situation (in this case, eip will detect that there is no certificate and that the user needs to log in, prompting it to do so). --- .../main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java') diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java b/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java index a5f04368..16ae6a85 100644 --- a/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java +++ b/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java @@ -31,7 +31,7 @@ public class VpnCertificateValidator { if(!certificate.isEmpty()) { X509Certificate certificate_x509 = ConfigHelper.parseX509CertificateFromString(certificate); return isValid(certificate_x509); - } else return false; + } else return true; } private boolean isValid(X509Certificate certificate) { -- cgit v1.2.3 From 2fc73d6bfe8d86464571258f008d8bcf6db0cc2d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Parm=C3=A9nides=20GV?= Date: Thu, 27 Nov 2014 20:09:05 +0100 Subject: Removed unused imports and unused .eip variables --- .../java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java') diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java b/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java index 16ae6a85..6487f6c1 100644 --- a/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java +++ b/app/src/main/java/se/leap/bitmaskclient/eip/VpnCertificateValidator.java @@ -17,12 +17,13 @@ package se.leap.bitmaskclient.eip; import android.util.Log; -import java.util.*; -import java.security.cert.*; -import java.text.*; + +import java.security.cert.CertificateExpiredException; +import java.security.cert.CertificateNotYetValidException; +import java.security.cert.X509Certificate; +import java.util.Calendar; import se.leap.bitmaskclient.ConfigHelper; -import static se.leap.bitmaskclient.eip.Constants.*; public class VpnCertificateValidator { public final static String TAG = VpnCertificateValidator.class.getSimpleName(); -- cgit v1.2.3