summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorArne Schwabe <arne@rfc2549.org>2021-06-15 16:45:45 +0200
committerArne Schwabe <arne@rfc2549.org>2021-06-15 16:45:45 +0200
commit0d5277d7380ed5ae61216c7041bbafe934827613 (patch)
tree239e7b6daa3017a213be72b93a7e47826aac8b43
parent8e42e5cbc54c820f2b39082289d7257413eeafc3 (diff)
Number of miscellenous fixes and clean ups
-rw-r--r--main/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java5
-rw-r--r--main/src/ui/java/de/blinkt/openvpn/activities/ConfigConverter.kt1
-rw-r--r--main/src/ui/java/de/blinkt/openvpn/activities/MainActivity.java14
-rw-r--r--main/src/ui/java/de/blinkt/openvpn/fragments/Settings_Allowed_Apps.kt2
-rw-r--r--tlsexternalcertprovider/src/main/aidl/de/blinkt/openvpn/api/ExternalCertificateProvider.aidl21
-rw-r--r--tlsexternalcertprovider/src/main/java/de/blinkt/externalcertprovider/ExternalCertService.java58
-rw-r--r--tlsexternalcertprovider/src/main/java/de/blinkt/externalcertprovider/SimpleSigner.java7
7 files changed, 65 insertions, 43 deletions
diff --git a/main/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java b/main/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java
index d37f34ed..22d451eb 100644
--- a/main/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java
+++ b/main/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java
@@ -891,7 +891,7 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac
VpnStatus.logInfo(R.string.dns_server_info, TextUtils.join(", ", mDnslist), mDomain);
VpnStatus.logInfo(R.string.routes_info_incl, TextUtils.join(", ", mRoutes.getNetworks(true)), TextUtils.join(", ", mRoutesv6.getNetworks(true)));
VpnStatus.logInfo(R.string.routes_info_excl, TextUtils.join(", ", mRoutes.getNetworks(false)), TextUtils.join(", ", mRoutesv6.getNetworks(false)));
- if (mProxyInfo != null) {
+ if (mProxyInfo != null && Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP) {
VpnStatus.logInfo(R.string.proxy_info, mProxyInfo.getHost(), mProxyInfo.getPort());
}
VpnStatus.logDebug(R.string.routes_debug, TextUtils.join(", ", positiveIPv4Routes), TextUtils.join(", ", positiveIPv6Routes));
@@ -1087,6 +1087,9 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac
}
public boolean addHttpProxy(String proxy, int port) {
+ if (Build.VERSION.SDK_INT < Build.VERSION_CODES.LOLLIPOP)
+ return false;
+
try {
mProxyInfo = ProxyInfo.buildDirectProxy(proxy, port);
} catch (Exception e)
diff --git a/main/src/ui/java/de/blinkt/openvpn/activities/ConfigConverter.kt b/main/src/ui/java/de/blinkt/openvpn/activities/ConfigConverter.kt
index 199c7819..5a42599f 100644
--- a/main/src/ui/java/de/blinkt/openvpn/activities/ConfigConverter.kt
+++ b/main/src/ui/java/de/blinkt/openvpn/activities/ConfigConverter.kt
@@ -73,6 +73,7 @@ class ConfigConverter : BaseActivity(), FileSelectCallback, View.OnClickListener
}
override fun onRequestPermissionsResult(requestCode: Int, permissions: Array<String>, grantResults: IntArray) {
+ super.onRequestPermissionsResult(requestCode, permissions, grantResults);
// Permission declined, do nothing
if (grantResults.size == 0 || grantResults[0] == PackageManager.PERMISSION_DENIED)
return
diff --git a/main/src/ui/java/de/blinkt/openvpn/activities/MainActivity.java b/main/src/ui/java/de/blinkt/openvpn/activities/MainActivity.java
index fa6c4159..58698ea3 100644
--- a/main/src/ui/java/de/blinkt/openvpn/activities/MainActivity.java
+++ b/main/src/ui/java/de/blinkt/openvpn/activities/MainActivity.java
@@ -14,6 +14,8 @@ import android.view.MenuItem;
import androidx.appcompat.app.ActionBar;
import androidx.viewpager.widget.ViewPager;
+import com.google.android.material.tabs.TabLayout;
+
import de.blinkt.openvpn.R;
import de.blinkt.openvpn.fragments.AboutFragment;
import de.blinkt.openvpn.fragments.FaqFragment;
@@ -29,7 +31,7 @@ public class MainActivity extends BaseActivity {
private static final String FEATURE_TELEVISION = "android.hardware.type.television";
private static final String FEATURE_LEANBACK = "android.software.leanback";
- //private TabLayout mTabs;
+ private TabLayout mTabs;
private ViewPager mPager;
private ScreenSlidePagerAdapter mPagerAdapter;
@@ -58,19 +60,11 @@ public class MainActivity extends BaseActivity {
}
- if (isDirectToTV())
+ if (isAndroidTV())
mPagerAdapter.addTab(R.string.openvpn_log, LogFragment.class);
mPagerAdapter.addTab(R.string.about, AboutFragment.class);
mPager.setAdapter(mPagerAdapter);
-
- //mTabs = findViewById(R.id.sliding_tabs);
- //mTabs.setViewPager(mPager);
- }
-
- private boolean isDirectToTV() {
- return (getPackageManager().hasSystemFeature(FEATURE_TELEVISION)
- || getPackageManager().hasSystemFeature(FEATURE_LEANBACK));
}
diff --git a/main/src/ui/java/de/blinkt/openvpn/fragments/Settings_Allowed_Apps.kt b/main/src/ui/java/de/blinkt/openvpn/fragments/Settings_Allowed_Apps.kt
index 9ad32a47..c6712251 100644
--- a/main/src/ui/java/de/blinkt/openvpn/fragments/Settings_Allowed_Apps.kt
+++ b/main/src/ui/java/de/blinkt/openvpn/fragments/Settings_Allowed_Apps.kt
@@ -90,7 +90,7 @@ class Settings_Allowed_Apps : Fragment(), AdapterView.OnItemClickListener, View.
mListView.adapter = packageAdapter
Thread(Runnable {
- packageAdapter.populateList(activity!!)
+ packageAdapter.populateList(requireActivity())
activity?.runOnUiThread({
(v.findViewById<View>(R.id.loading_container)).visibility = View.GONE
(v.findViewById<View>(R.id.app_recycler_view)).visibility = View.VISIBLE
diff --git a/tlsexternalcertprovider/src/main/aidl/de/blinkt/openvpn/api/ExternalCertificateProvider.aidl b/tlsexternalcertprovider/src/main/aidl/de/blinkt/openvpn/api/ExternalCertificateProvider.aidl
index c6db965b..951cff96 100644
--- a/tlsexternalcertprovider/src/main/aidl/de/blinkt/openvpn/api/ExternalCertificateProvider.aidl
+++ b/tlsexternalcertprovider/src/main/aidl/de/blinkt/openvpn/api/ExternalCertificateProvider.aidl
@@ -1,16 +1,16 @@
// ExternalCertificateProvider.aidl
package de.blinkt.openvpn.api;
-
/*
* This is very simple interface that is specialised to have only the minimal set of crypto
* operation that are needed for OpenVPN to authenticate with an external certificate
*/
interface ExternalCertificateProvider {
/**
+ * @deprecated use {@link #getSignedDataWithExtra} instead
* Requests signing the data with RSA/ECB/PKCS1PADDING
* for RSA certficate and with NONEwithECDSA for EC certificates
- * @parm alias the parameter that
+ * @param alias user certificate identifier
*/
byte[] getSignedData(in String alias, in byte[] data);
@@ -36,4 +36,21 @@ interface ExternalCertificateProvider {
*
*/
Bundle getCertificateMetaData(in String alias);
+
+ /**
+ * Requests signing the data with RSA/ECB/PKCS1PADDING or RSA/ECB/nopadding
+ * for RSA certficate and with NONEwithECDSA for EC certificates
+ * @param alias user certificate identifier
+ * @param data the data to be signed
+ * @param extra additional information.
+ * Should contain the following keys:
+ * <p><ul>
+ * <li>int key "de.blinkt.openvpn.api.RSA_PADDING_TYPE", may be set as:
+ * <p><ul>
+ * <li>0 - for RSA/ECB/nopadding
+ * <li>1 - for RSA/ECB/PKCS1PADDING
+ * </ul><p>
+ * </ul><p>
+ */
+ byte[] getSignedDataWithExtra(in String alias, in byte[] data, in Bundle extra);
}
diff --git a/tlsexternalcertprovider/src/main/java/de/blinkt/externalcertprovider/ExternalCertService.java b/tlsexternalcertprovider/src/main/java/de/blinkt/externalcertprovider/ExternalCertService.java
index caf382dd..a0e66456 100644
--- a/tlsexternalcertprovider/src/main/java/de/blinkt/externalcertprovider/ExternalCertService.java
+++ b/tlsexternalcertprovider/src/main/java/de/blinkt/externalcertprovider/ExternalCertService.java
@@ -12,21 +12,14 @@ import android.os.IBinder;
import android.os.RemoteException;
import android.text.TextUtils;
import de.blinkt.openvpn.api.ExternalCertificateProvider;
-import org.bouncycastle.openssl.PEMKeyPair;
-import org.bouncycastle.openssl.PEMParser;
import javax.crypto.BadPaddingException;
-import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import java.io.IOException;
-import java.io.StringReader;
import java.security.InvalidKeyException;
-import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
import java.security.spec.InvalidKeySpecException;
-import java.security.spec.PKCS8EncodedKeySpec;
import static de.blinkt.externalcertprovider.SelectCertificateActivity.EXTRA_ALIAS;
import static de.blinkt.externalcertprovider.SelectCertificateActivity.EXTRA_DESCRIPTION;
@@ -37,31 +30,37 @@ import static de.blinkt.externalcertprovider.SelectCertificateActivity.EXTRA_DES
* see ExternalOpenVPNService for an example of checking caller's creditionals
*/
public class ExternalCertService extends Service {
+ private byte[] doSign(byte[] data)
+ {
+ try {
+ return SimpleSigner.signData(data, false);
+
+ } catch (IOException e) {
+ e.printStackTrace();
+ } catch (NoSuchPaddingException e) {
+ e.printStackTrace();
+ } catch (NoSuchAlgorithmException e) {
+ e.printStackTrace();
+ } catch (IllegalBlockSizeException e) {
+ e.printStackTrace();
+ } catch (BadPaddingException e) {
+ e.printStackTrace();
+ } catch (InvalidKeySpecException e) {
+ e.printStackTrace();
+ } catch (InvalidKeyException e) {
+ e.printStackTrace();
+ }
+ // Something failed, return null
+ return null;
+ }
private final ExternalCertificateProvider.Stub mBinder = new ExternalCertificateProvider.Stub() {
+
+
@Override
public byte[] getSignedData(String alias, byte[] data) throws RemoteException {
- try {
- return SimpleSigner.signData(data);
-
-
- } catch (IOException e) {
- e.printStackTrace();
- } catch (NoSuchPaddingException e) {
- e.printStackTrace();
- } catch (NoSuchAlgorithmException e) {
- e.printStackTrace();
- } catch (IllegalBlockSizeException e) {
- e.printStackTrace();
- } catch (BadPaddingException e) {
- e.printStackTrace();
- } catch (InvalidKeySpecException e) {
- e.printStackTrace();
- } catch (InvalidKeyException e) {
- e.printStackTrace();
- }
- // Something failed, return null
+
return null;
}
@@ -79,6 +78,11 @@ public class ExternalCertService extends Service {
b.putString(EXTRA_DESCRIPTION, "Super secret example key!");
return b;
}
+
+ @Override
+ public byte[] getSignedDataWithExtra(String alias, byte[] data, Bundle extra) throws RemoteException {
+ return new byte[0];
+ }
};
diff --git a/tlsexternalcertprovider/src/main/java/de/blinkt/externalcertprovider/SimpleSigner.java b/tlsexternalcertprovider/src/main/java/de/blinkt/externalcertprovider/SimpleSigner.java
index 7d2f6786..ecce2c84 100644
--- a/tlsexternalcertprovider/src/main/java/de/blinkt/externalcertprovider/SimpleSigner.java
+++ b/tlsexternalcertprovider/src/main/java/de/blinkt/externalcertprovider/SimpleSigner.java
@@ -120,7 +120,7 @@ public class SimpleSigner {
"hEi44aHbPXt9opdssz/hdGfd8Wo7vEJrbg7c6zR6C/Akav1Rzy9oohIdgOw=\n" +
"-----END CERTIFICATE-----\n"};
- public static byte[] signData(byte[] data) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
+ public static byte[] signData(byte[] data, boolean pkcs1padding) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
// This is more or less code that has been just modified long enough that it works
// Don't take it as good example how to get a Privatekey
StringReader keyreader = new StringReader(SimpleSigner.certchain[0] + SimpleSigner.pemkey);
@@ -136,7 +136,10 @@ public class SimpleSigner {
// The actual signing
Cipher signer;
- signer = Cipher.getInstance("RSA/ECB/PKCS1PADDING");
+ if (pkcs1padding)
+ signer = Cipher.getInstance("RSA/ECB/PKCS1PADDING");
+ else
+ signer = Cipher.getInstance("RSA/ECB/nopadding");
signer.init(Cipher.ENCRYPT_MODE, key);