From caadb236f39b4b6139a697eec57aa2796595422f Mon Sep 17 00:00:00 2001 From: cyBerta Date: Tue, 21 May 2019 11:54:20 +0200 Subject: * show error dialog if provider is misconfigured and has not allowed registration nor anonymous usage * always download provider.json, Use preseeded provider.json only to check if the client can connect with preseeded certificate. Keeps the provider.json updated if provider changes it's config * Tests for both cases --- .../bitmaskclient/eip/ProviderApiManagerTest.java | 51 ++++++++++++- .../BackendMockResponses/BackendMockProvider.java | 4 + .../MisconfiguredProviderBackendResponse.java | 89 ++++++++++++++++++++++ .../leap/bitmaskclient/testutils/MockHelper.java | 2 + .../testutils/matchers/BundleMatcher.java | 20 ++--- app/src/test/resources/error_messages.json | 27 +++---- .../test/resources/riseup_net_invalid_config.json | 37 +++++++++ .../test/resources/riseup_net_outdated_config.json | 37 +++++++++ 8 files changed, 240 insertions(+), 27 deletions(-) create mode 100644 app/src/test/java/se/leap/bitmaskclient/testutils/BackendMockResponses/MisconfiguredProviderBackendResponse.java create mode 100644 app/src/test/resources/riseup_net_invalid_config.json create mode 100644 app/src/test/resources/riseup_net_outdated_config.json (limited to 'app/src/test') diff --git a/app/src/test/java/se/leap/bitmaskclient/eip/ProviderApiManagerTest.java b/app/src/test/java/se/leap/bitmaskclient/eip/ProviderApiManagerTest.java index 7283968b..3070fc0b 100644 --- a/app/src/test/java/se/leap/bitmaskclient/eip/ProviderApiManagerTest.java +++ b/app/src/test/java/se/leap/bitmaskclient/eip/ProviderApiManagerTest.java @@ -38,14 +38,13 @@ import java.io.IOException; import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateEncodingException; -import se.leap.bitmaskclient.testutils.MockHelper; -import se.leap.bitmaskclient.utils.ConfigHelper; import se.leap.bitmaskclient.Provider; import se.leap.bitmaskclient.ProviderAPI; import se.leap.bitmaskclient.ProviderApiConnector; import se.leap.bitmaskclient.ProviderApiManager; import se.leap.bitmaskclient.ProviderApiManagerBase; import se.leap.bitmaskclient.testutils.MockSharedPreferences; +import se.leap.bitmaskclient.utils.ConfigHelper; import se.leap.bitmaskclient.utils.PreferenceHelper; import static se.leap.bitmaskclient.Constants.BROADCAST_RESULT_KEY; @@ -53,6 +52,7 @@ import static se.leap.bitmaskclient.Constants.PROVIDER_KEY; import static se.leap.bitmaskclient.ProviderAPI.ERRORS; import static se.leap.bitmaskclient.ProviderAPI.PROVIDER_NOK; import static se.leap.bitmaskclient.ProviderAPI.PROVIDER_OK; +import static se.leap.bitmaskclient.testutils.BackendMockResponses.BackendMockProvider.TestBackendErrorCase.ERROR_CASE_MICONFIGURED_PROVIDER; import static se.leap.bitmaskclient.testutils.BackendMockResponses.BackendMockProvider.TestBackendErrorCase.ERROR_CASE_UPDATED_CERTIFICATE; import static se.leap.bitmaskclient.testutils.BackendMockResponses.BackendMockProvider.TestBackendErrorCase.NO_ERROR; import static se.leap.bitmaskclient.testutils.MockHelper.mockBundle; @@ -356,4 +356,51 @@ public class ProviderApiManagerTest { providerApiManager.handleIntent(providerApiCommand); } + + @Test + public void test_handleIntentSetupProvider_preseededProviderAndCA_failedConfiguration() throws IOException, CertificateEncodingException, NoSuchAlgorithmException, JSONException { + + Provider provider = getConfiguredProvider(); + + mockFingerprintForCertificate(" a5244308a1374709a9afce95e3ae47c1b44bc2398c0a70ccbf8b3a8a97f29494"); + mockProviderApiConnector(ERROR_CASE_MICONFIGURED_PROVIDER); + providerApiManager = new ProviderApiManager(mockPreferences, mockResources, mockClientGenerator(), new TestProviderApiServiceCallback()); + + Bundle expectedResult = mockBundle(); + expectedResult.putBoolean(BROADCAST_RESULT_KEY, false); + expectedResult.putString(ERRORS, "{\"errors\":\"There was an error configuring Bitmask with your chosen provider.\"}"); + expectedResult.putParcelable(PROVIDER_KEY, provider); + + + Intent providerApiCommand = mockIntent(); + + providerApiCommand.putExtra(PROVIDER_KEY, provider); + providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER); + providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(PROVIDER_NOK, expectedResult)); + + providerApiManager.handleIntent(providerApiCommand); + } + + @Test + public void test_handleIntentSetupProvider_outdatedPreseededProviderAndCA_successfulConfiguration() throws IOException, CertificateEncodingException, NoSuchAlgorithmException, JSONException { + + Provider provider = getProvider(null, null, "riseup_net_outdated_config.json"); + + mockFingerprintForCertificate(" a5244308a1374709a9afce95e3ae47c1b44bc2398c0a70ccbf8b3a8a97f29494"); + mockProviderApiConnector(NO_ERROR); + providerApiManager = new ProviderApiManager(mockPreferences, mockResources, mockClientGenerator(), new TestProviderApiServiceCallback()); + + Bundle expectedResult = mockBundle(); + expectedResult.putBoolean(BROADCAST_RESULT_KEY, true); + expectedResult.putParcelable(PROVIDER_KEY, provider); + + + Intent providerApiCommand = mockIntent(); + + providerApiCommand.putExtra(PROVIDER_KEY, provider); + providerApiCommand.setAction(ProviderAPI.SET_UP_PROVIDER); + providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(PROVIDER_OK, expectedResult)); + + providerApiManager.handleIntent(providerApiCommand); + } } diff --git a/app/src/test/java/se/leap/bitmaskclient/testutils/BackendMockResponses/BackendMockProvider.java b/app/src/test/java/se/leap/bitmaskclient/testutils/BackendMockResponses/BackendMockProvider.java index 9069661f..307b61fc 100644 --- a/app/src/test/java/se/leap/bitmaskclient/testutils/BackendMockResponses/BackendMockProvider.java +++ b/app/src/test/java/se/leap/bitmaskclient/testutils/BackendMockResponses/BackendMockProvider.java @@ -30,6 +30,7 @@ public class BackendMockProvider { public enum TestBackendErrorCase { NO_ERROR, ERROR_CASE_UPDATED_CERTIFICATE, + ERROR_CASE_MICONFIGURED_PROVIDER, ERROR_NO_RESPONSE_BODY, // => NullPointerException ERROR_DNS_RESOLUTION_ERROR, // => UnkownHostException ERROR_SOCKET_TIMEOUT, // => SocketTimeoutException @@ -55,6 +56,9 @@ public class BackendMockProvider { case ERROR_CASE_UPDATED_CERTIFICATE: new UpdatedCertificateBackendResponse(); break; + case ERROR_CASE_MICONFIGURED_PROVIDER: + new MisconfiguredProviderBackendResponse(); + break; case ERROR_NO_RESPONSE_BODY: break; case ERROR_DNS_RESOLUTION_ERROR: diff --git a/app/src/test/java/se/leap/bitmaskclient/testutils/BackendMockResponses/MisconfiguredProviderBackendResponse.java b/app/src/test/java/se/leap/bitmaskclient/testutils/BackendMockResponses/MisconfiguredProviderBackendResponse.java new file mode 100644 index 00000000..4600e879 --- /dev/null +++ b/app/src/test/java/se/leap/bitmaskclient/testutils/BackendMockResponses/MisconfiguredProviderBackendResponse.java @@ -0,0 +1,89 @@ +/** + * Copyright (c) 2018 LEAP Encryption Access Project and contributers + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ +package se.leap.bitmaskclient.testutils.BackendMockResponses; + +import org.mockito.invocation.InvocationOnMock; +import org.mockito.stubbing.Answer; + +import java.io.IOException; + +import static se.leap.bitmaskclient.testutils.TestSetupHelper.getInputAsString; + +/** + * Created by cyberta on 10.01.18. + */ + +public class MisconfiguredProviderBackendResponse extends BaseBackendResponse { + public MisconfiguredProviderBackendResponse() throws IOException { + super(); + } + + @Override + public Answer getAnswerForRequestStringFromServer() { + return new Answer() { + @Override + public String answer(InvocationOnMock invocation) throws Throwable { + String url = (String) invocation.getArguments()[0]; + String requestMethod = (String) invocation.getArguments()[1]; + String jsonPayload = (String) invocation.getArguments()[2]; + + if (url.contains("/provider.json")) { + //download provider json + return getInputAsString(getClass().getClassLoader().getResourceAsStream("riseup_net_invalid_config.json")); + } else if (url.contains("/ca.crt")) { + //download provider ca cert + return getInputAsString(getClass().getClassLoader().getResourceAsStream("riseup.net.pem")); + } else if (url.contains("config/eip-service.json")) { + // download provider service json containing gateways, locations and openvpn settings + return getInputAsString(getClass().getClassLoader().getResourceAsStream("riseup.service.json")); + } else if (url.contains("/users.json")) { + //create new user + //TODO: implement me + } else if (url.contains("/sessions.json")) { + //srp auth: sendAToSRPServer + //TODO: implement me + } else if (url.contains("/sessions/parmegvtest10.json")){ + //srp auth: sendM1ToSRPServer + //TODO: implement me + } + + return null; + } + }; + } + + @Override + public Answer getAnswerForCanConnect() { + return new Answer() { + @Override + public Boolean answer(InvocationOnMock invocation) throws Throwable { + return true; + } + }; + } + + @Override + public Answer getAnswerForDelete() { + return new Answer() { + @Override + public Boolean answer(InvocationOnMock invocation) throws Throwable { + return true; + } + }; + } + +} diff --git a/app/src/test/java/se/leap/bitmaskclient/testutils/MockHelper.java b/app/src/test/java/se/leap/bitmaskclient/testutils/MockHelper.java index d68296a8..c765ab1b 100644 --- a/app/src/test/java/se/leap/bitmaskclient/testutils/MockHelper.java +++ b/app/src/test/java/se/leap/bitmaskclient/testutils/MockHelper.java @@ -451,6 +451,8 @@ public class MockHelper { thenReturn(errorMessages.getString("warning_corrupted_provider_cert")); when(mockedResources.getString(R.string.warning_expired_provider_cert)). thenReturn(errorMessages.getString("warning_expired_provider_cert")); + when(mockedResources.getString(R.string.setup_error_text)). + thenReturn(errorMessages.getString("setup_error_text")); return mockedResources; } } diff --git a/app/src/test/java/se/leap/bitmaskclient/testutils/matchers/BundleMatcher.java b/app/src/test/java/se/leap/bitmaskclient/testutils/matchers/BundleMatcher.java index d2d2a102..49a44038 100644 --- a/app/src/test/java/se/leap/bitmaskclient/testutils/matchers/BundleMatcher.java +++ b/app/src/test/java/se/leap/bitmaskclient/testutils/matchers/BundleMatcher.java @@ -73,7 +73,7 @@ public class BundleMatcher extends BaseMatcher { if (unfoundExpectedInteger.get(key) == null) { description.appendText("\n unfound Integer in actual Bundle: ").appendValue(iterator.next()); } else { - description.appendText("\n expected Integer for key " + key).appendValue(expectedIntegers.get(key)). + description.appendText("\n expected Integer for key " + key + ": ").appendValue(expectedIntegers.get(key)). appendText("\n found Integer was: ").appendValue(unfoundExpectedInteger.get(key)); } } @@ -85,7 +85,7 @@ public class BundleMatcher extends BaseMatcher { if (unfoundExpectedBoolean.get(key) == null) { description.appendText("\n unfound Boolean in actual Bundle: ").appendValue(iterator.next()); } else { - description.appendText("\n expected Boolean for key " + key).appendValue(expectedBooleans.get(key)). + description.appendText("\n expected Boolean for key " + key + ": ").appendValue(expectedBooleans.get(key)). appendText("\n found Boolean was: ").appendValue(unfoundExpectedBoolean.get(key)); } } @@ -97,7 +97,7 @@ public class BundleMatcher extends BaseMatcher { if (unfoundExpectedString.get(key) == null) { description.appendText("\n unfound String in actual Bundle: ").appendValue(iterator.next()); } else { - description.appendText("\n expected String for key " + key).appendValue(expectedStrings.get(key)). + description.appendText("\n expected String for key " + key + ": ").appendValue(expectedStrings.get(key)). appendText("\n found String was: ").appendValue(unfoundExpectedString.get(key)); } } @@ -109,7 +109,7 @@ public class BundleMatcher extends BaseMatcher { if (unfoundExpectedParcelable.get(key) == null) { description.appendText("\n unfound Parcelable in actual Bundle: ").appendValue(iterator.next()); } else { - description.appendText("\n expected Parcelable or key " + key).appendValue(expectedParcelables.get(key)). + description.appendText("\n expected Parcelable or key " + key + ": ").appendValue(expectedParcelables.get(key)). appendText("\n found Parcelable was: ").appendValue(unfoundExpectedParcelable.get(key)); } } @@ -139,8 +139,7 @@ public class BundleMatcher extends BaseMatcher { Set booleanKeys = expectedBooleans.keySet(); for (String key : booleanKeys) { Object valueObject = actualBundle.get(key); - if (valueObject == null || - !(valueObject instanceof Boolean) || + if (!(valueObject instanceof Boolean) || valueObject != expectedBooleans.get(key)) { unfoundExpectedBoolean.put(key, (Boolean) valueObject); return false; @@ -153,8 +152,7 @@ public class BundleMatcher extends BaseMatcher { Set stringKeys = expectedStrings.keySet(); for (String key : stringKeys) { Object valueObject = actualBundle.get(key); - if (valueObject == null || - !(valueObject instanceof String) || + if (!(valueObject instanceof String) || !valueObject.equals(expectedStrings.get(key))) { unfoundExpectedString.put(key, (String) valueObject); return false; @@ -167,8 +165,7 @@ public class BundleMatcher extends BaseMatcher { Set stringKeys = expectedIntegers.keySet(); for (String key : stringKeys) { Object valueObject = actualBundle.get(key); - if (valueObject == null || - !(valueObject instanceof Integer) || + if (!(valueObject instanceof Integer) || ((Integer) valueObject).compareTo(expectedIntegers.get(key)) != 0) { unfoundExpectedInteger.put(key, (Integer) valueObject); return false; @@ -181,8 +178,7 @@ public class BundleMatcher extends BaseMatcher { Set stringKeys = expectedParcelables.keySet(); for (String key : stringKeys) { Object valueObject = actualBundle.get(key); - if (valueObject == null || - !(valueObject instanceof Parcelable) || + if (!(valueObject instanceof Parcelable) || !valueObject.equals(expectedParcelables.get(key))) { unfoundExpectedParcelable.put(key, (Parcelable) valueObject); return false; diff --git a/app/src/test/resources/error_messages.json b/app/src/test/resources/error_messages.json index 4d72b074..8430d9e0 100644 --- a/app/src/test/resources/error_messages.json +++ b/app/src/test/resources/error_messages.json @@ -1,16 +1,17 @@ { "server_unreachable_message": "Server is unreachable, please try again.", -"error.security.pinnedcertificate": "Security error, update the app or choose another provider.", -"malformed_url": "It doesn't seem to be a Bitmask provider.", -"certificate_error": "This is not a trusted Bitmask provider.", -"error_srp_math_error_user_message": "Try again: server math error.", -"error_bad_user_password_user_message": "Incorrect username or password.", -"error_not_valid_password_user_message": "It should have at least 8 characters.", -"error_client_http_user_message": "Try again: Client HTTP error", -"error_io_exception_user_message": "Try again: I/O error", -"error_json_exception_user_message": "Try again: Bad response from the server", -"error_no_such_algorithm_exception_user_message": "Encryption algorithm not found. Please update your OS!", -"warning_corrupted_provider_details": "Stored provider details are corrupted. You can either update Bitmask (recommended) or update the provider details using a commercial CA certificate.", -"warning_corrupted_provider_cert": "Stored provider certificate is invalid. You can either update Bitmask (recommended) or update the provider certificate using a commercial CA certificate.", -"warning_expired_provider_cert": "Stored provider certificate is expired. You can either update Bitmask (recommended) or update the provider certificate using a commercial CA certificate." + "error.security.pinnedcertificate": "Security error, update the app or choose another provider.", + "malformed_url": "It doesn't seem to be a Bitmask provider.", + "certificate_error": "This is not a trusted Bitmask provider.", + "error_srp_math_error_user_message": "Try again: server math error.", + "error_bad_user_password_user_message": "Incorrect username or password.", + "error_not_valid_password_user_message": "It should have at least 8 characters.", + "error_client_http_user_message": "Try again: Client HTTP error", + "error_io_exception_user_message": "Try again: I/O error", + "error_json_exception_user_message": "Try again: Bad response from the server", + "error_no_such_algorithm_exception_user_message": "Encryption algorithm not found. Please update your OS!", + "warning_corrupted_provider_details": "Stored provider details are corrupted. You can either update Bitmask (recommended) or update the provider details using a commercial CA certificate.", + "warning_corrupted_provider_cert": "Stored provider certificate is invalid. You can either update Bitmask (recommended) or update the provider certificate using a commercial CA certificate.", + "warning_expired_provider_cert": "Stored provider certificate is expired. You can either update Bitmask (recommended) or update the provider certificate using a commercial CA certificate.", + "setup_error_text": "There was an error configuring Bitmask with your chosen provider." } \ No newline at end of file diff --git a/app/src/test/resources/riseup_net_invalid_config.json b/app/src/test/resources/riseup_net_invalid_config.json new file mode 100644 index 00000000..b91b4d51 --- /dev/null +++ b/app/src/test/resources/riseup_net_invalid_config.json @@ -0,0 +1,37 @@ +{ + "api_uri": "https://api.black.riseup.net:443", + "api_version": "1", + "ca_cert_fingerprint": "SHA256: a5244308a1374709a9afce95e3ae47c1b44bc2398c0a70ccbf8b3a8a97f29494", + "ca_cert_uri": "https://black.riseup.net/ca.crt", + "default_language": "en", + "description": { + "en": "Riseup is a non-profit collective in Seattle that provides online communication tools for people and groups working toward liberatory social change." + }, + "domain": "riseup.net", + "enrollment_policy": "open", + "languages": [ + "en" + ], + "name": { + "en": "Riseup Networks" + }, + "service": { + "allow_anonymous": false, + "allow_free": true, + "allow_limited_bandwidth": false, + "allow_paid": false, + "allow_registration": false, + "allow_unlimited_bandwidth": true, + "bandwidth_limit": 102400, + "default_service_level": 1, + "levels": { + "1": { + "description": "Please donate.", + "name": "free" + } + } + }, + "services": [ + "openvpn" + ] +} \ No newline at end of file diff --git a/app/src/test/resources/riseup_net_outdated_config.json b/app/src/test/resources/riseup_net_outdated_config.json new file mode 100644 index 00000000..82290ecd --- /dev/null +++ b/app/src/test/resources/riseup_net_outdated_config.json @@ -0,0 +1,37 @@ +{ + "api_uri": "https://api.black.riseup.net:443", + "api_version": "1", + "ca_cert_fingerprint": "SHA256: a5244308a1374709a9afce95e3ae47c1b44bc2398c0a70ccbf8b3a8a97f29494", + "ca_cert_uri": "https://black.riseup.net/ca.crt", + "default_language": "en", + "description": { + "en": "Riseup is a non-profit collective in Seattle that provides online communication tools for people and groups working toward liberatory social change." + }, + "domain": "riseup.net", + "enrollment_policy": "open", + "languages": [ + "en" + ], + "name": { + "en": "Riseup Networks" + }, + "service": { + "allow_anonymous": true, + "allow_free": true, + "allow_limited_bandwidth": false, + "allow_paid": false, + "allow_registration": true, + "allow_unlimited_bandwidth": true, + "bandwidth_limit": 102400, + "default_service_level": 1, + "levels": { + "1": { + "description": "Please donate.", + "name": "free" + } + } + }, + "services": [ + "openvpn" + ] +} \ No newline at end of file -- cgit v1.2.3