From 8301b4bc5b24561b77d3381ea2e8ff8c72368669 Mon Sep 17 00:00:00 2001 From: cyBerta Date: Tue, 17 May 2022 15:54:22 +0200 Subject: use snowflake if necessary to update invalid vpn cert. Show cert update message in UI --- .../bitmaskclient/base/fragments/EipFragment.java | 59 ++++++++++-------- .../leap/bitmaskclient/eip/EipSetupObserver.java | 10 ++- .../java/se/leap/bitmaskclient/eip/EipStatus.java | 10 +++ .../providersetup/ProviderApiManager.java | 46 +++++++------- .../bitmaskclient/eip/ProviderApiManagerTest.java | 72 +++++++++++++++++++++- .../NoErrorBackendResponseAPIv4.java | 3 + .../TorFallbackBackendResponse.java | 8 +++ .../leap/bitmaskclient/testutils/MockHelper.java | 71 +++++++++++++++------ app/src/test/resources/v4/riseup.net.cert | 54 ++++++++++++++++ 9 files changed, 265 insertions(+), 68 deletions(-) create mode 100644 app/src/test/resources/v4/riseup.net.cert (limited to 'app/src') diff --git a/app/src/main/java/se/leap/bitmaskclient/base/fragments/EipFragment.java b/app/src/main/java/se/leap/bitmaskclient/base/fragments/EipFragment.java index dfa45614..e654b18c 100644 --- a/app/src/main/java/se/leap/bitmaskclient/base/fragments/EipFragment.java +++ b/app/src/main/java/se/leap/bitmaskclient/base/fragments/EipFragment.java @@ -16,6 +16,27 @@ */ package se.leap.bitmaskclient.base.fragments; +import static de.blinkt.openvpn.core.ConnectionStatus.LEVEL_NONETWORK; +import static se.leap.bitmaskclient.R.string.vpn_certificate_user_message; +import static se.leap.bitmaskclient.base.models.Constants.ASK_TO_CANCEL_VPN; +import static se.leap.bitmaskclient.base.models.Constants.EIP_ACTION_START; +import static se.leap.bitmaskclient.base.models.Constants.EIP_EARLY_ROUTES; +import static se.leap.bitmaskclient.base.models.Constants.EIP_RESTART_ON_BOOT; +import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_KEY; +import static se.leap.bitmaskclient.base.models.Constants.REQUEST_CODE_CONFIGURE_LEAP; +import static se.leap.bitmaskclient.base.models.Constants.REQUEST_CODE_LOG_IN; +import static se.leap.bitmaskclient.base.models.Constants.REQUEST_CODE_SWITCH_PROVIDER; +import static se.leap.bitmaskclient.base.models.Constants.SHARED_PREFERENCES; +import static se.leap.bitmaskclient.base.utils.ConfigHelper.isDefaultBitmask; +import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getPreferredCity; +import static se.leap.bitmaskclient.base.utils.ViewHelper.convertDimensionToPx; +import static se.leap.bitmaskclient.eip.EipSetupObserver.gatewayOrder; +import static se.leap.bitmaskclient.eip.EipSetupObserver.reconnectingWithDifferentGateway; +import static se.leap.bitmaskclient.eip.GatewaysManager.Load.UNKNOWN; +import static se.leap.bitmaskclient.providersetup.ProviderAPI.DOWNLOAD_GEOIP_JSON; +import static se.leap.bitmaskclient.providersetup.ProviderAPI.UPDATE_INVALID_VPN_CERTIFICATE; +import static se.leap.bitmaskclient.providersetup.ProviderAPI.USER_MESSAGE; + import android.app.Activity; import android.content.ComponentName; import android.content.Context; @@ -27,18 +48,15 @@ import android.graphics.ColorMatrixColorFilter; import android.os.Bundle; import android.os.IBinder; import android.os.Vibrator; -import android.text.TextUtils; import android.util.Log; import android.view.Gravity; import android.view.LayoutInflater; import android.view.View; import android.view.ViewGroup; -import android.widget.TextView; import android.widget.Toast; import androidx.annotation.NonNull; import androidx.appcompat.app.AlertDialog; -import androidx.appcompat.widget.AppCompatButton; import androidx.appcompat.widget.AppCompatImageView; import androidx.appcompat.widget.AppCompatTextView; import androidx.fragment.app.DialogFragment; @@ -75,29 +93,6 @@ import se.leap.bitmaskclient.providersetup.activities.CustomProviderSetupActivit import se.leap.bitmaskclient.providersetup.activities.LoginActivity; import se.leap.bitmaskclient.providersetup.models.LeapSRPSession; -import static android.view.View.INVISIBLE; -import static android.view.View.VISIBLE; -import static de.blinkt.openvpn.core.ConnectionStatus.LEVEL_NONETWORK; -import static se.leap.bitmaskclient.R.string.vpn_certificate_user_message; -import static se.leap.bitmaskclient.base.models.Constants.ASK_TO_CANCEL_VPN; -import static se.leap.bitmaskclient.base.models.Constants.EIP_ACTION_START; -import static se.leap.bitmaskclient.base.models.Constants.EIP_EARLY_ROUTES; -import static se.leap.bitmaskclient.base.models.Constants.EIP_RESTART_ON_BOOT; -import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_KEY; -import static se.leap.bitmaskclient.base.models.Constants.REQUEST_CODE_CONFIGURE_LEAP; -import static se.leap.bitmaskclient.base.models.Constants.REQUEST_CODE_LOG_IN; -import static se.leap.bitmaskclient.base.models.Constants.REQUEST_CODE_SWITCH_PROVIDER; -import static se.leap.bitmaskclient.base.models.Constants.SHARED_PREFERENCES; -import static se.leap.bitmaskclient.base.utils.ConfigHelper.isDefaultBitmask; -import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getPreferredCity; -import static se.leap.bitmaskclient.base.utils.ViewHelper.convertDimensionToPx; -import static se.leap.bitmaskclient.eip.EipSetupObserver.gatewayOrder; -import static se.leap.bitmaskclient.eip.EipSetupObserver.reconnectingWithDifferentGateway; -import static se.leap.bitmaskclient.eip.GatewaysManager.Load.UNKNOWN; -import static se.leap.bitmaskclient.providersetup.ProviderAPI.DOWNLOAD_GEOIP_JSON; -import static se.leap.bitmaskclient.providersetup.ProviderAPI.UPDATE_INVALID_VPN_CERTIFICATE; -import static se.leap.bitmaskclient.providersetup.ProviderAPI.USER_MESSAGE; - public class EipFragment extends Fragment implements Observer { public final static String TAG = EipFragment.class.getSimpleName(); @@ -416,7 +411,16 @@ public class EipFragment extends Fragment implements Observer { } Log.d(TAG, "eip fragment eipStatus state: " + eipStatus.getState() + " - level: " + eipStatus.getLevel() + " - is reconnecting: " + eipStatus.isReconnecting()); - if (eipStatus.isConnecting()) { + if (eipStatus.isUpdatingVpnCert()) { + setMainButtonEnabled(false); + showConnectionTransitionLayout(true); + locationButton.setText(getString(R.string.eip_status_start_pending)); + locationButton.setLocationLoad(UNKNOWN); + locationButton.showBridgeIndicator(false); + locationButton.showRecommendedIndicator(false); + mainDescription.setText(null); + subDescription.setText(getString(R.string.updating_certificate_message)); + } else if (eipStatus.isConnecting()) { setMainButtonEnabled(true); showConnectionTransitionLayout(true); locationButton.setText(getString(R.string.eip_status_start_pending)); @@ -574,6 +578,7 @@ public class EipFragment extends Fragment implements Observer { } private void updateInvalidVpnCertificate() { + EipStatus.getInstance().setUpdatingVpnCert(true); ProviderAPICommand.execute(getContext(), UPDATE_INVALID_VPN_CERTIFICATE, provider); } diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/EipSetupObserver.java b/app/src/main/java/se/leap/bitmaskclient/eip/EipSetupObserver.java index 813b8b62..c71a028d 100644 --- a/app/src/main/java/se/leap/bitmaskclient/eip/EipSetupObserver.java +++ b/app/src/main/java/se/leap/bitmaskclient/eip/EipSetupObserver.java @@ -201,6 +201,10 @@ public class EipSetupObserver extends BroadcastReceiver implements VpnStatus.Sta ProviderObservable.getInstance().updateProvider(provider); PreferenceHelper.storeProviderInPreferences(preferences, provider); EipCommand.startVPN(context, false); + EipStatus.getInstance().setUpdatingVpnCert(false); + if (TorStatusObservable.getStatus() != OFF) { + TorServiceCommand.stopTorServiceAsync(context); + } break; case CORRECTLY_DOWNLOADED_GEOIP_JSON: provider = resultData.getParcelable(PROVIDER_KEY); @@ -211,8 +215,12 @@ public class EipSetupObserver extends BroadcastReceiver implements VpnStatus.Sta case INCORRECTLY_DOWNLOADED_GEOIP_JSON: maybeStartEipService(resultData); break; - case PROVIDER_NOK: case INCORRECTLY_UPDATED_INVALID_VPN_CERTIFICATE: + EipStatus.getInstance().setUpdatingVpnCert(false); + if (TorStatusObservable.getStatus() != OFF) { + TorServiceCommand.stopTorServiceAsync(context); + } + case PROVIDER_NOK: case INCORRECTLY_DOWNLOADED_EIP_SERVICE: case INCORRECTLY_DOWNLOADED_VPN_CERTIFICATE: if (TorStatusObservable.getStatus() != OFF) { diff --git a/app/src/main/java/se/leap/bitmaskclient/eip/EipStatus.java b/app/src/main/java/se/leap/bitmaskclient/eip/EipStatus.java index bc123683..003e396f 100644 --- a/app/src/main/java/se/leap/bitmaskclient/eip/EipStatus.java +++ b/app/src/main/java/se/leap/bitmaskclient/eip/EipStatus.java @@ -56,6 +56,7 @@ public class EipStatus extends Observable implements VpnStatus.StateListener { private int lastErrorLine = 0; private String state, logMessage; private int localizedResId; + private boolean isUpdatingVPNCertificate; public static EipStatus getInstance() { if (currentStatus == null) { @@ -178,6 +179,15 @@ public class EipStatus extends Observable implements VpnStatus.StateListener { } } + public void setUpdatingVpnCert(boolean isUpdating) { + isUpdatingVPNCertificate = isUpdating; + refresh(); + } + + public boolean isUpdatingVpnCert() { + return isUpdatingVPNCertificate; + } + public boolean isConnecting() { return currentEipLevel == EipLevel.CONNECTING; } diff --git a/app/src/production/java/se/leap/bitmaskclient/providersetup/ProviderApiManager.java b/app/src/production/java/se/leap/bitmaskclient/providersetup/ProviderApiManager.java index d1de62a0..63b24ea2 100644 --- a/app/src/production/java/se/leap/bitmaskclient/providersetup/ProviderApiManager.java +++ b/app/src/production/java/se/leap/bitmaskclient/providersetup/ProviderApiManager.java @@ -199,29 +199,22 @@ public class ProviderApiManager extends ProviderApiManagerBase { @Override protected Bundle updateVpnCertificate(Provider provider) { Bundle result = new Bundle(); - try { - URL newCertStringUrl = new URL(provider.getApiUrlWithVersion() + "/" + PROVIDER_VPN_CERTIFICATE); - - String certString = downloadWithProviderCA(provider.getCaCert(), newCertStringUrl.toString()); - if (DEBUG_MODE) { - VpnStatus.logDebug("[API] VPN CERT: " + certString); - } - if (ConfigHelper.checkErroneousDownload(certString)) { - if (certString == null || certString.isEmpty()) { - // probably 204 - setErrorResult(result, error_io_exception_user_message, null); - } else { - setErrorResult(result, certString); - return result; - } + String certString = downloadFromVersionedApiUrlWithProviderCA("/" + PROVIDER_VPN_CERTIFICATE, provider); + if (DEBUG_MODE) { + VpnStatus.logDebug("[API] VPN CERT: " + certString); + } + if (ConfigHelper.checkErroneousDownload(certString)) { + if (TorStatusObservable.getStatus() != OFF && TorStatusObservable.getProxyPort() != -1) { + setErrorResult(result, downloading_vpn_certificate_failed, null); + } else if (certString == null || certString.isEmpty() ){ + // probably 204 + setErrorResult(result, error_io_exception_user_message, null); + } else { + setErrorResult(result, certString); } - return loadCertificate(provider, certString); - } catch (IOException e) { - // TODO try to get Provider Json - setErrorResult(result, downloading_vpn_certificate_failed, null); - e.printStackTrace(); + return result; } - return result; + return loadCertificate(provider, certString); } /** @@ -352,6 +345,17 @@ public class ProviderApiManager extends ProviderApiManagerBase { return downloadFromUrlWithProviderCA(urlString, provider); } + /** + * Tries to download the contents of $base_url/$version/$path using not commercially validated CA certificate from chosen provider. + * + * @return an empty string if it fails, the response body if not. + */ + private String downloadFromVersionedApiUrlWithProviderCA(String path, Provider provider) { + String baseUrl = provider.getApiUrlWithVersion(); + String urlString = baseUrl + path; + return downloadFromUrlWithProviderCA(urlString, provider); + } + private String downloadFromUrlWithProviderCA(String urlString, Provider provider) { return downloadFromUrlWithProviderCA(urlString, provider, true); } diff --git a/app/src/test/java/se/leap/bitmaskclient/eip/ProviderApiManagerTest.java b/app/src/test/java/se/leap/bitmaskclient/eip/ProviderApiManagerTest.java index c3ee344f..b7a4fa7c 100644 --- a/app/src/test/java/se/leap/bitmaskclient/eip/ProviderApiManagerTest.java +++ b/app/src/test/java/se/leap/bitmaskclient/eip/ProviderApiManagerTest.java @@ -54,6 +54,7 @@ import se.leap.bitmaskclient.testutils.MockSharedPreferences; import se.leap.bitmaskclient.tor.TorStatusObservable; import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotEquals; import static org.mockito.Mockito.when; import static se.leap.bitmaskclient.base.models.Constants.BROADCAST_RESULT_KEY; import static se.leap.bitmaskclient.base.models.Constants.EIP_ACTION_START; @@ -61,8 +62,11 @@ import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_KEY; import static se.leap.bitmaskclient.base.models.Constants.USE_BRIDGES; import static se.leap.bitmaskclient.base.models.Constants.USE_SNOWFLAKE; import static se.leap.bitmaskclient.providersetup.ProviderAPI.CORRECTLY_DOWNLOADED_GEOIP_JSON; +import static se.leap.bitmaskclient.providersetup.ProviderAPI.CORRECTLY_UPDATED_INVALID_VPN_CERTIFICATE; import static se.leap.bitmaskclient.providersetup.ProviderAPI.ERRORS; import static se.leap.bitmaskclient.providersetup.ProviderAPI.INCORRECTLY_DOWNLOADED_GEOIP_JSON; +import static se.leap.bitmaskclient.providersetup.ProviderAPI.INCORRECTLY_DOWNLOADED_VPN_CERTIFICATE; +import static se.leap.bitmaskclient.providersetup.ProviderAPI.INCORRECTLY_UPDATED_INVALID_VPN_CERTIFICATE; import static se.leap.bitmaskclient.providersetup.ProviderAPI.MISSING_NETWORK_CONNECTION; import static se.leap.bitmaskclient.providersetup.ProviderAPI.PARAMETERS; import static se.leap.bitmaskclient.providersetup.ProviderAPI.PROVIDER_NOK; @@ -76,6 +80,7 @@ import static se.leap.bitmaskclient.testutils.BackendMockResponses.BackendMockPr import static se.leap.bitmaskclient.testutils.BackendMockResponses.BackendMockProvider.TestBackendErrorCase.ERROR_GEOIP_SERVICE_IS_DOWN_TOR_FALLBACK; import static se.leap.bitmaskclient.testutils.BackendMockResponses.BackendMockProvider.TestBackendErrorCase.NO_ERROR; import static se.leap.bitmaskclient.testutils.BackendMockResponses.BackendMockProvider.TestBackendErrorCase.NO_ERROR_API_V4; +import static se.leap.bitmaskclient.testutils.MockHelper.mockBase64; import static se.leap.bitmaskclient.testutils.MockHelper.mockBundle; import static se.leap.bitmaskclient.testutils.MockHelper.mockClientGenerator; import static se.leap.bitmaskclient.testutils.MockHelper.mockConfigHelper; @@ -98,7 +103,7 @@ import static se.leap.bitmaskclient.testutils.TestSetupHelper.getProvider; */ @RunWith(PowerMockRunner.class) -@PrepareForTest({ProviderApiManager.class, TextUtils.class, ConfigHelper.class, ProviderApiConnector.class, PreferenceHelper.class, TorStatusObservable.class}) +@PrepareForTest({ProviderApiManager.class, TextUtils.class, ConfigHelper.class, ProviderApiConnector.class, PreferenceHelper.class, TorStatusObservable.class, android.util.Base64.class}) public class ProviderApiManagerTest { private SharedPreferences mockPreferences; @@ -789,6 +794,71 @@ public class ProviderApiManagerTest { assertEquals(-1, TorStatusObservable.getProxyPort()); } + @Test + public void test_handleIntentUpdateVPNCertificate_TorBridgesPreferencesNotConfigured_TorStartedAndSuccess() throws IOException, CertificateEncodingException, NoSuchAlgorithmException, TimeoutException, InterruptedException { + Provider provider = getConfiguredProviderAPIv4(); + + mockConfigHelper(" a5244308a1374709a9afce95e3ae47c1b44bc2398c0a70ccbf8b3a8a97f29494"); + mockBase64(); + mockProviderApiConnector(ERROR_DNS_RESUOLUTION_TOR_FALLBACK); + + providerApiManager = new ProviderApiManager(mockPreferences, mockResources, mockClientGenerator(), new TestProviderApiServiceCallback()); + + Intent providerApiCommand = mockIntent(); + providerApiCommand.putExtra(PROVIDER_KEY, provider); + providerApiCommand.setAction(ProviderAPI.UPDATE_INVALID_VPN_CERTIFICATE); + providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(CORRECTLY_UPDATED_INVALID_VPN_CERTIFICATE)); + + mockTorStatusObservable(null); + + providerApiManager.handleIntent(providerApiCommand); + assertNotEquals(-1, TorStatusObservable.getProxyPort()); + } + + @Test + public void test_handleIntentUpdateVPNCertificate_TorBridgesPreferencesFalse_TorNotStartedAndFailure() throws IOException, CertificateEncodingException, NoSuchAlgorithmException, TimeoutException, InterruptedException { + Provider provider = getConfiguredProviderAPIv4(); + + mockConfigHelper(" a5244308a1374709a9afce95e3ae47c1b44bc2398c0a70ccbf8b3a8a97f29494"); + mockBase64(); + mockProviderApiConnector(ERROR_DNS_RESUOLUTION_TOR_FALLBACK); + mockPreferences.edit().putBoolean(USE_BRIDGES, false).putBoolean(USE_SNOWFLAKE, false).commit(); + + providerApiManager = new ProviderApiManager(mockPreferences, mockResources, mockClientGenerator(), new TestProviderApiServiceCallback()); + + Intent providerApiCommand = mockIntent(); + providerApiCommand.putExtra(PROVIDER_KEY, provider); + providerApiCommand.setAction(ProviderAPI.UPDATE_INVALID_VPN_CERTIFICATE); + providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(INCORRECTLY_UPDATED_INVALID_VPN_CERTIFICATE)); + + mockTorStatusObservable(new TimeoutException("This timeout exception is never thrown")); + + providerApiManager.handleIntent(providerApiCommand); + assertEquals(-1, TorStatusObservable.getProxyPort()); + } + + @Test + public void test_handleIntentUpdateVPNCertificate_TorBridgesPreferencesTrue_TorStartedAndSuccess() throws IOException, CertificateEncodingException, NoSuchAlgorithmException, TimeoutException, InterruptedException { + Provider provider = getConfiguredProviderAPIv4(); + + mockConfigHelper(" a5244308a1374709a9afce95e3ae47c1b44bc2398c0a70ccbf8b3a8a97f29494"); + mockBase64(); + mockProviderApiConnector(NO_ERROR_API_V4); + mockPreferences.edit().putBoolean(USE_BRIDGES, true).putBoolean(USE_SNOWFLAKE, true).commit(); + + providerApiManager = new ProviderApiManager(mockPreferences, mockResources, mockClientGenerator(), new TestProviderApiServiceCallback()); + + Intent providerApiCommand = mockIntent(); + providerApiCommand.putExtra(PROVIDER_KEY, provider); + providerApiCommand.setAction(ProviderAPI.UPDATE_INVALID_VPN_CERTIFICATE); + providerApiCommand.putExtra(ProviderAPI.RECEIVER_KEY, mockResultReceiver(CORRECTLY_UPDATED_INVALID_VPN_CERTIFICATE)); + + mockTorStatusObservable(null); + + providerApiManager.handleIntent(providerApiCommand); + assertNotEquals(-1, TorStatusObservable.getProxyPort()); + } + @Test public void test_handleIntentSetupProvider_TorBridgesPreferencesEnabledTimeout_TimeoutError() throws IOException, CertificateEncodingException, NoSuchAlgorithmException, TimeoutException, InterruptedException { Provider provider = getConfiguredProviderAPIv4(); diff --git a/app/src/test/java/se/leap/bitmaskclient/testutils/BackendMockResponses/NoErrorBackendResponseAPIv4.java b/app/src/test/java/se/leap/bitmaskclient/testutils/BackendMockResponses/NoErrorBackendResponseAPIv4.java index 3b77834f..b9dc26b1 100644 --- a/app/src/test/java/se/leap/bitmaskclient/testutils/BackendMockResponses/NoErrorBackendResponseAPIv4.java +++ b/app/src/test/java/se/leap/bitmaskclient/testutils/BackendMockResponses/NoErrorBackendResponseAPIv4.java @@ -53,6 +53,9 @@ public class NoErrorBackendResponseAPIv4 extends BaseBackendResponse { } else if (url.contains(":9001/json")) { // download geoip json, containing a sorted list of gateways return getInputAsString(getClass().getClassLoader().getResourceAsStream("riseup.geoip.json")); + } else if (url.contains("/cert")) { + // download vpn key and cert + return getInputAsString(getClass().getClassLoader().getResourceAsStream("v4/riseup.net.cert")); } else if (url.contains("/users.json")) { //create new user //TODO: implement me diff --git a/app/src/test/java/se/leap/bitmaskclient/testutils/BackendMockResponses/TorFallbackBackendResponse.java b/app/src/test/java/se/leap/bitmaskclient/testutils/BackendMockResponses/TorFallbackBackendResponse.java index dc12ae89..c3779a21 100644 --- a/app/src/test/java/se/leap/bitmaskclient/testutils/BackendMockResponses/TorFallbackBackendResponse.java +++ b/app/src/test/java/se/leap/bitmaskclient/testutils/BackendMockResponses/TorFallbackBackendResponse.java @@ -49,6 +49,14 @@ public class TorFallbackBackendResponse extends BaseBackendResponse { } // download geoip json, containing a sorted list of gateways return getInputAsString(getClass().getClassLoader().getResourceAsStream("riseup.geoip.json")); + } else if (url.contains("/cert")) { + if (requestAttempt == 0) { + requestAttempt++; + throw new UnknownHostException("DNS blocked by censor ;)"); + } + // download vpn certificate for authentication + return getInputAsString(getClass().getClassLoader().getResourceAsStream("v4/riseup.net.cert")); + } return null; diff --git a/app/src/test/java/se/leap/bitmaskclient/testutils/MockHelper.java b/app/src/test/java/se/leap/bitmaskclient/testutils/MockHelper.java index 8d76fd41..61d42f58 100644 --- a/app/src/test/java/se/leap/bitmaskclient/testutils/MockHelper.java +++ b/app/src/test/java/se/leap/bitmaskclient/testutils/MockHelper.java @@ -1,5 +1,23 @@ package se.leap.bitmaskclient.testutils; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertThat; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.ArgumentMatchers.anyBoolean; +import static org.mockito.ArgumentMatchers.anyInt; +import static org.mockito.ArgumentMatchers.anyString; +import static org.mockito.ArgumentMatchers.eq; +import static org.mockito.Mockito.RETURNS_DEEP_STUBS; +import static org.mockito.Mockito.doAnswer; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; +import static org.powermock.api.mockito.PowerMockito.mockStatic; +import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_PRIVATE_KEY; +import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_VPN_CERTIFICATE; +import static se.leap.bitmaskclient.base.utils.FileHelper.createFile; +import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getEipDefinitionFromPreferences; +import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getFromPersistedProvider; + import android.content.Context; import android.content.Intent; import android.content.SharedPreferences; @@ -18,16 +36,21 @@ import org.json.JSONException; import org.json.JSONObject; import org.mockito.invocation.InvocationOnMock; import org.mockito.stubbing.Answer; +import org.powermock.api.mockito.PowerMockito; import java.io.File; import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; +import java.math.BigInteger; import java.net.UnknownHostException; import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; +import java.security.interfaces.RSAPrivateKey; import java.util.ArrayList; +import java.util.Arrays; +import java.util.Base64; import java.util.HashMap; import java.util.HashSet; import java.util.Iterator; @@ -51,24 +74,6 @@ import se.leap.bitmaskclient.testutils.BackendMockResponses.BackendMockProvider; import se.leap.bitmaskclient.testutils.matchers.BundleMatcher; import se.leap.bitmaskclient.tor.TorStatusObservable; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertThat; -import static org.mockito.ArgumentMatchers.any; -import static org.mockito.ArgumentMatchers.anyBoolean; -import static org.mockito.ArgumentMatchers.anyInt; -import static org.mockito.ArgumentMatchers.anyString; -import static org.mockito.ArgumentMatchers.eq; -import static org.mockito.Mockito.RETURNS_DEEP_STUBS; -import static org.mockito.Mockito.doAnswer; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.when; -import static org.powermock.api.mockito.PowerMockito.mockStatic; -import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_PRIVATE_KEY; -import static se.leap.bitmaskclient.base.models.Constants.PROVIDER_VPN_CERTIFICATE; -import static se.leap.bitmaskclient.base.utils.FileHelper.createFile; -import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getEipDefinitionFromPreferences; -import static se.leap.bitmaskclient.base.utils.PreferenceHelper.getFromPersistedProvider; - /** * Created by cyberta on 29.01.18. */ @@ -408,6 +413,10 @@ public class MockHelper { when(createFile(any(File.class), anyString())).thenReturn(mockedFile); } + public static void mockBase64() { + mockStatic(android.util.Base64.class); + when(android.util.Base64.encodeToString(any(), anyInt())).thenAnswer(invocation -> Arrays.toString(Base64.getEncoder().encode((byte[]) invocation.getArguments()[0]))); + } public static void mockConfigHelper(String mockedFingerprint) throws CertificateEncodingException, NoSuchAlgorithmException { mockStatic(ConfigHelper.class); when(ConfigHelper.getFingerprintFromCertificate(any(X509Certificate.class), anyString())).thenReturn(mockedFingerprint); @@ -417,6 +426,32 @@ public class MockHelper { when(ConfigHelper.timezoneDistance(anyInt(), anyInt())).thenCallRealMethod(); when(ConfigHelper.isIPv4(anyString())).thenCallRealMethod(); when(ConfigHelper.isDefaultBitmask()).thenReturn(true); + when(ConfigHelper.parseRsaKeyFromString(anyString())).thenReturn(new RSAPrivateKey() { + @Override + public BigInteger getPrivateExponent() { + return BigInteger.TEN; + } + + @Override + public String getAlgorithm() { + return "RSA"; + } + + @Override + public String getFormat() { + return null; + } + + @Override + public byte[] getEncoded() { + return new byte[0]; + } + + @Override + public BigInteger getModulus() { + return BigInteger.ONE; + } + }); } public static void mockPreferenceHelper(final Provider providerFromPrefs) { diff --git a/app/src/test/resources/v4/riseup.net.cert b/app/src/test/resources/v4/riseup.net.cert new file mode 100644 index 00000000..b689c033 --- /dev/null +++ b/app/src/test/resources/v4/riseup.net.cert @@ -0,0 +1,54 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAvXvOGBJeNZfzvkLgEbunA29j/zrxGtDxQwHQ2oAElpQyZfzF +smHza6Q4o1audAH/hrLF4Z3I3jRbGsuh81pq7GCMsaL1/C2xWlOOHH6+zljdLHvr +/COwVOuKIUR19yIIozcBaCp3mvDCMAH+cF0uLPw/cfs4Le0gaptN3n3f5jFnFxEs +3fDXnAgUP7QPvxm5Wl5MM2HBNKcwPNLA29VrgRtJ6OJWtK3raB1S1D3Iv9OMAYtA +5dCpRMYbV0gBcxc0YRsmlLy8s3ZKdKF3aqiZfN4R/dLzqmysIAVSgfvp8vZpRZDz +uStE+fiTH4MEFpUTQ6bwbjV9hh6+M5UO1aPYUwIDAQABAoIBAGPgDhHCHMZDAccX +mOO/9Zhp7ltpxgxMdd7L5jpFoCV+l9IKGmqcFqJ2PSRbXDjplLZ7JLJ3aJk3H45Q +J10OG63cdkxriR0TOJhT0mRSqmA5ltsLtqeAaEFapcRDQaqx1buyEpvFRqX0oWaM +poCznNM5YnfB4yrSAnQuyCyuTIYYO5n4baOWR97vbpfwPtznyt2vsVhsP6hj2+4u +Jv4cgDtvap/yXpCcQdfoAKavDRKDd9Ig+6ZirfNZv8nMShQqQj3WWzDY9FxWb2kG +BjKRURS5CD/4FRTY4CIQ9sGvhTvcY7WxgQ6uESuM2YBTEFygEtB9tyIMdPDTz9qg +43eqA4ECgYEA6YbVqnZPxGK2TTqJw0yV/UPDhXy0gViOX+eMwQpfQySd1wqBabeh +hS0ntMMcgZHNQ9IsBZDSkfVFA51+x97kQeoF5kvM3PYLBBvP6NBBaR/rlofkz/4z +4CIEFoFMUFplF4tyJOm+QQx7A8njG8oIJ0MI8zEjglJk4//yHF8AfU8CgYEAz7fs +uGKevL7Ha6n9qiQ08cLunWPP0CEUobf4afgXMVBl7R9hDiq80YImK0wuh8prOt0E +TWtL9i8ToEvHaubuXT1kgoOZoeyIAEYpi1aF/a/+AZ562Ts8jeWwa6ZJVqLfG0lR +gdrQvJgDgqsF4B6oynEjrvtanW48g+ROLmXwG70CgYBAF7yey1f7O2hza8SRsHxe +BXItOdvEwExbMA7mkHUy1WLouT5piHexOIJ0TzSMrzqaCZ4BbQ0N+DYX1usL6jXV +jWhPG7C/WFwPpZ57dGTveE5Ng0CegVM1icB7eMM8LoMeYixSy0BnVAiTMp69asaw +F+rl7C+lvf1owj9t3/kfawKBgQCxvqFB5qIOwPHEn2IBBZqIhlXJOG/LmYMeH17i +zviJqlKN5hwXE1sfrE8dHcNzTzMS262i0f3eW8pfkHjEcXfnMXGgfRwqA00dbux9 +3zwpKUAiAor8+EOI6NNeSpzXFef0YXjttWCJAUt/tPkCHzowgUAXq96OeJYwBl0g +NvqPwQKBgDpV8An1JZAjcUNc9IP6GvubYpsTwyEjSHYteEdBtahLrh0G4gjLNgg7 +PvhHxni5UvjeRiNPwb3cWVYL7v7YVTRyDvRmZ7FrLWJ0q3P0S8Ww4ar+ZWw8sQhQ +zaoY20NYypde+K9RRamnUw6GvoS+o7pF0c+hXaup/jGAwszcLJr3 +-----END RSA PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIEmzCCAoOgAwIBAgIQfhZuQF/HQWNj4bY/2E0R1zANBgkqhkiG9w0BAQsFADB1 +MRgwFgYDVQQKDA9SaXNldXAgTmV0d29ya3MxGzAZBgNVBAsMEmh0dHBzOi8vcmlz +ZXVwLm5ldDE8MDoGA1UEAwwzUmlzZXVwIE5ldHdvcmtzIFJvb3QgQ0EgKGNsaWVu +dCBjZXJ0aWZpY2F0ZXMgb25seSEpMB4XDTIyMDQxNzAwMDAwMFoXDTIyMDcxNzAw +MDAwMFowLTErMCkGA1UEAwwiVU5MSU1JVEVEN2ZsNjdmcmZ6NnF3aWs2eG95emht +bzV2eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL17zhgSXjWX875C +4BG7pwNvY/868RrQ8UMB0NqABJaUMmX8xbJh82ukOKNWrnQB/4ayxeGdyN40WxrL +ofNaauxgjLGi9fwtsVpTjhx+vs5Y3Sx76/wjsFTriiFEdfciCKM3AWgqd5rwwjAB +/nBdLiz8P3H7OC3tIGqbTd593+YxZxcRLN3w15wIFD+0D78ZuVpeTDNhwTSnMDzS +wNvVa4EbSejiVrSt62gdUtQ9yL/TjAGLQOXQqUTGG1dIAXMXNGEbJpS8vLN2SnSh +d2qomXzeEf3S86psrCAFUoH76fL2aUWQ87krRPn4kx+DBBaVE0Om8G41fYYevjOV +DtWj2FMCAwEAAaNvMG0wHQYDVR0OBBYEFASbEXiXvCseE07xGzDXVzZqRWYkMAsG +A1UdDwQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAjAJBgNVHRMEAjAAMB8GA1Ud +IwQYMBaAFBf0G9XlKgEBTWuiXTYKKQmWZYBGMA0GCSqGSIb3DQEBCwUAA4ICAQA6 +P4z8srFEo/LhaAdOTHjvi4t8OVR7WuD6Tit68UabZpbFwPmXVbzYATKmNepYjXqR +TDW416M7QWja5nyFSXaLzk95osE1IxqcqgZ5vKHLPFE5J8eBtkVoFN6+9F6olx6s +8UYbewU1Cm2rN2Y1xXNxAFz9wNqLjGdhuExdfxE+4/Y2uh40yC2rhiJLiSrsdfCU +QsBQJy7Z76dAtbp2087aqikHmiqm/lkIKXE3jNgb8JCT3oJutedBA/CknDyM/7N/ +x83mS5Iu6vRQIBFN6wfsxxUWOh9oSnivcWBF5IO7a71nuiEEaZpG1tSsQTYk9ENW +Sx5cP4NnF7uZyMhYASWpVRBsx0gz6cmGWTIO8v9CX4D8HMK7uKeJkMenmwiwnhkI ++H+9U8sHCX0UGUZqiJshM7ySf7lhHI+UgrE2qCR0GFoRfP9Yz6tsJ0bNKBUkl6UH +BmXtH1Z7QVSfbkheNA3LNaFB2Gz20+s1kF6N0VGE1DQCsgM2gkciEhYAz13OBT70 +j6PPargWi51B/hsg9b3LE44dk052/vVnklnJ+rjdgrrmwIlN4xyEbc851knLOqxn +7Xjnl1Qx4sJkm06E+AuKy0OXy2f/mIOiTmA0jlXtYPSV6rYxtUzJeOlqwsu3ImNg +x3DRSmjZfW1BOCSqLvlJyKeFKxwJlWFGsKk7uBonwA== +-----END CERTIFICATE----- \ No newline at end of file -- cgit v1.2.3