summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorArne Schwabe <arne@rfc2549.org>2016-03-04 15:34:34 +0100
committerArne Schwabe <arne@rfc2549.org>2016-03-07 09:10:57 +0100
commit1fbdec744ea40b9ce330e6170c6bb863b69b2e05 (patch)
treec936f6b8e5c14a1fb1b5c77231572ea304e7654c
parentdbb0ec2e3428970c29bd5693da11228415bc813c (diff)
Support crl file inlining (also requires newer OpenVPN version)
-rw-r--r--main/src/main/java/de/blinkt/openvpn/LaunchVPN.java1
-rw-r--r--main/src/main/java/de/blinkt/openvpn/VpnProfile.java5
-rw-r--r--main/src/main/java/de/blinkt/openvpn/activities/ConfigConverter.java34
-rw-r--r--main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java25
-rw-r--r--main/src/main/java/de/blinkt/openvpn/fragments/Settings_Basic.java11
-rw-r--r--main/src/main/res/layout/basic_settings.xml7
-rwxr-xr-xmain/src/main/res/values/strings.xml1
7 files changed, 36 insertions, 48 deletions
diff --git a/main/src/main/java/de/blinkt/openvpn/LaunchVPN.java b/main/src/main/java/de/blinkt/openvpn/LaunchVPN.java
index 26135eac..df19565c 100644
--- a/main/src/main/java/de/blinkt/openvpn/LaunchVPN.java
+++ b/main/src/main/java/de/blinkt/openvpn/LaunchVPN.java
@@ -18,7 +18,6 @@ import android.preference.PreferenceManager;
import android.text.InputType;
import android.text.TextUtils;
import android.text.method.PasswordTransformationMethod;
-import android.util.Log;
import android.view.View;
import android.widget.CheckBox;
import android.widget.CompoundButton;
diff --git a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java
index 3f87bf8b..44de090f 100644
--- a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java
+++ b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java
@@ -153,6 +153,8 @@ public class VpnProfile implements Serializable, Cloneable {
public boolean mRemoteRandom = false;
public HashSet<String> mAllowedAppsVpn = new HashSet<>();
public boolean mAllowedAppsVpnAreDisallowed = true;
+
+ public String mCrlFilename;
public String mProfileCreator;
@@ -380,6 +382,9 @@ public class VpnProfile implements Serializable, Cloneable {
cfg += insertFileData("ca", mCaFilename);
}
+ if (!TextUtils.isEmpty(mCrlFilename))
+ insertFileData("crl-verify",mCrlFilename);
+
if (mUseLzo) {
cfg += "comp-lzo\n";
}
diff --git a/main/src/main/java/de/blinkt/openvpn/activities/ConfigConverter.java b/main/src/main/java/de/blinkt/openvpn/activities/ConfigConverter.java
index 930faecd..d3dd0f20 100644
--- a/main/src/main/java/de/blinkt/openvpn/activities/ConfigConverter.java
+++ b/main/src/main/java/de/blinkt/openvpn/activities/ConfigConverter.java
@@ -69,7 +69,7 @@ public class ConfigConverter extends BaseActivity implements FileSelectCallback,
private static final int CHOOSE_FILE_OFFSET = 1000;
public static final String VPNPROFILE = "vpnProfile";
private static final int PERMISSION_REQUEST_EMBED_FILES = 37231;
- private static final int PERMISSION_REQUEST_READ_URL = PERMISSION_REQUEST_EMBED_FILES+1;
+ private static final int PERMISSION_REQUEST_READ_URL = PERMISSION_REQUEST_EMBED_FILES + 1;
private VpnProfile mResult;
@@ -81,7 +81,6 @@ public class ConfigConverter extends BaseActivity implements FileSelectCallback,
private Map<Utils.FileType, FileSelectLayout> fileSelectMap = new HashMap<>();
private String mEmbeddedPwFile;
private Vector<String> mLogEntries = new Vector<>();
- private String mCrlFileName;
private Uri mSourceUri;
@Override
@@ -119,7 +118,7 @@ public class ConfigConverter extends BaseActivity implements FileSelectCallback,
embedFiles(null);
else if (requestCode == PERMISSION_REQUEST_READ_URL) {
- if(mSourceUri!=null)
+ if (mSourceUri != null)
doImportUri(mSourceUri);
}
}
@@ -174,8 +173,6 @@ public class ConfigConverter extends BaseActivity implements FileSelectCallback,
}
outState.putIntArray("fileselects", fileselects);
outState.putString("pwfile", mEmbeddedPwFile);
- outState.putString("crlfile", mCrlFileName);
-
outState.putParcelable("mSourceUri", mSourceUri);
}
@@ -214,7 +211,7 @@ public class ConfigConverter extends BaseActivity implements FileSelectCallback,
mResult.mClientKeyFilename = data;
break;
case CRL_FILE:
- mCrlFileName = data;
+ mResult.mCrlFilename = data;
break;
default:
Assert.fail();
@@ -241,6 +238,7 @@ public class ConfigConverter extends BaseActivity implements FileSelectCallback,
public void showCertDialog() {
try {
+ //noinspection WrongConstant
KeyChain.choosePrivateKeyAlias(this,
new KeyChainAliasCallback() {
@@ -400,7 +398,7 @@ public class ConfigConverter extends BaseActivity implements FileSelectCallback,
case CRL_FILE:
titleRes = R.string.crl_file;
- value = mCrlFileName;
+ value = mResult.mCrlFilename;
break;
}
@@ -415,8 +413,7 @@ public class ConfigConverter extends BaseActivity implements FileSelectCallback,
log(R.string.import_could_not_open, filename);
}
- if (fileType != Utils.FileType.CRL_FILE)
- addFileSelectDialog(fileType);
+ addFileSelectDialog(fileType);
return foundfile;
}
@@ -570,19 +567,10 @@ public class ConfigConverter extends BaseActivity implements FileSelectCallback,
mResult.mClientKeyFilename = embedFile(mResult.mClientKeyFilename, Utils.FileType.KEYFILE, false);
mResult.mTLSAuthFilename = embedFile(mResult.mTLSAuthFilename, Utils.FileType.TLS_AUTH_FILE, false);
mResult.mPKCS12Filename = embedFile(mResult.mPKCS12Filename, Utils.FileType.PKCS12, false);
+ mResult.mCrlFilename = embedFile(mResult.mCrlFilename, Utils.FileType.CRL_FILE, true);
if (cp != null) {
mEmbeddedPwFile = cp.getAuthUserPassFile();
mEmbeddedPwFile = embedFile(cp.getAuthUserPassFile(), Utils.FileType.USERPW_FILE, false);
- mCrlFileName = embedFile(cp.getCrlVerifyFile(), Utils.FileType.CRL_FILE, true);
-
- ConfigParser.removeCRLCustomOption(mResult);
- if (!TextUtils.isEmpty(mCrlFileName)) {
- // TODO: Convert this to a real config option that is parsed
- ConfigParser.removeCRLCustomOption(mResult);
- mResult.mCustomConfigOptions += "\ncrl-verify " + VpnProfile.openVpnEscape(mCrlFileName);
- } else if (!TextUtils.isEmpty(cp.getCrlVerifyFile())) {
- mResult.mCustomConfigOptions += "\n#crl-verify " + VpnProfile.openVpnEscape(cp.getCrlVerifyFile());
- }
}
updateFileSelectDialogs();
@@ -610,7 +598,6 @@ public class ConfigConverter extends BaseActivity implements FileSelectCallback,
mResult = (VpnProfile) savedInstanceState.getSerializable(VPNPROFILE);
mAliasName = savedInstanceState.getString("mAliasName");
mEmbeddedPwFile = savedInstanceState.getString("pwfile");
- mCrlFileName = savedInstanceState.getString("crlfile");
mSourceUri = savedInstanceState.getParcelable("mSourceUri");
if (savedInstanceState.containsKey("logentries")) {
@@ -666,8 +653,7 @@ public class ConfigConverter extends BaseActivity implements FileSelectCallback,
mPathsegments = data.getPathSegments();
- Cursor cursor = null;
- cursor = getContentResolver().query(data, null, null, null, null);
+ Cursor cursor = getContentResolver().query(data, null, null, null, null);
try {
@@ -709,12 +695,12 @@ public class ConfigConverter extends BaseActivity implements FileSelectCallback,
@TargetApi(Build.VERSION_CODES.M)
private void checkMarschmallowFileImportError(Uri data) {
// Permission already granted, not the source of the error
- if(checkSelfPermission(Manifest.permission.READ_EXTERNAL_STORAGE) == PackageManager.PERMISSION_GRANTED)
+ if (checkSelfPermission(Manifest.permission.READ_EXTERNAL_STORAGE) == PackageManager.PERMISSION_GRANTED)
return;
// We got a file:/// URL and have no permission to read it. Technically an error of the calling app since
// it makes an assumption about other apps being able to read the url but well ...
- if (data !=null && "file".equals(data.getScheme()))
+ if (data != null && "file".equals(data.getScheme()))
doRequestSDCardPermission(PERMISSION_REQUEST_READ_URL);
}
diff --git a/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java b/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java
index 80a15c54..7ef33107 100644
--- a/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java
+++ b/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java
@@ -32,8 +32,6 @@ public class ConfigParser {
private HashMap<String, Vector<Vector<String>>> options = new HashMap<String, Vector<Vector<String>>>();
private HashMap<String, Vector<String>> meta = new HashMap<String, Vector<String>>();
private String auth_user_pass_file;
- private String crl_verify_file;
-
public void parseConfig(Reader reader) throws IOException, ConfigParseError {
@@ -132,10 +130,6 @@ public class ConfigParser {
return auth_user_pass_file;
}
- public String getCrlVerifyFile() {
- return crl_verify_file;
- }
-
enum linestate {
initial,
readin_single_quote, reading_quoted, reading_unquoted, done
@@ -621,11 +615,12 @@ public class ConfigParser {
Vector<String> crlfile = getOption("crl-verify", 1, 2);
if (crlfile != null) {
// If the 'dir' parameter is present just add it as custom option ..
- np.mCustomConfigOptions += TextUtils.join(" ", crlfile) + "\n";
- if (crlfile.size() == 2) {
+ if (crlfile.size() == 3 && crlfile.get(2).equals("dir"))
+ np.mCustomConfigOptions += TextUtils.join(" ", crlfile) + "\n";
+ else
// Save the filename for the config converter to add later
- crl_verify_file = crlfile.get(1);
- }
+ np.mCrlFilename = crlfile.get(1);
+
}
@@ -813,16 +808,6 @@ public class ConfigParser {
}
}
- public static void removeCRLCustomOption(VpnProfile np) {
- String lines[] = np.mCustomConfigOptions.split("\\r?\\n");
- Vector<String> keeplines = new Vector<>();
- for (String l : lines) {
- if (!l.startsWith("crl-verify "))
- keeplines.add(l);
- }
- np.mCustomConfigOptions = TextUtils.join("\n", keeplines);
- }
-
private void checkIgnoreAndInvalidOptions(VpnProfile np) throws ConfigParseError {
for (String option : unsupportedOptions)
if (options.containsKey(option))
diff --git a/main/src/main/java/de/blinkt/openvpn/fragments/Settings_Basic.java b/main/src/main/java/de/blinkt/openvpn/fragments/Settings_Basic.java
index 71ba3d8a..78976c44 100644
--- a/main/src/main/java/de/blinkt/openvpn/fragments/Settings_Basic.java
+++ b/main/src/main/java/de/blinkt/openvpn/fragments/Settings_Basic.java
@@ -51,6 +51,7 @@ public class Settings_Basic extends Settings_Fragment implements View.OnClickLis
private CheckBox mUseLzo;
private Spinner mType;
private FileSelectLayout mpkcs12;
+ private FileSelectLayout mCrlFile;
private TextView mPKCS12Password;
private Handler mHandler;
private EditText mUserName;
@@ -62,8 +63,7 @@ public class Settings_Basic extends Settings_Fragment implements View.OnClickLis
private SparseArray<FileSelectLayout> fileselects = new SparseArray<>();
-
- private void addFileSelectLayout (FileSelectLayout fsl, Utils.FileType type) {
+ private void addFileSelectLayout (FileSelectLayout fsl, Utils.FileType type) {
int i = fileselects.size() + CHOOSE_FILE_OFFSET;
fileselects.put(i, fsl);
fsl.setCaller(this, i, type);
@@ -126,6 +126,7 @@ public class Settings_Basic extends Settings_Fragment implements View.OnClickLis
mClientKey = (FileSelectLayout) mView.findViewById(R.id.keyselect);
mCaCert = (FileSelectLayout) mView.findViewById(R.id.caselect);
mpkcs12 = (FileSelectLayout) mView.findViewById(R.id.pkcs12select);
+ mCrlFile = (FileSelectLayout) mView.findViewById(id.crlfile);
mUseLzo = (CheckBox) mView.findViewById(R.id.lzo);
mType = (Spinner) mView.findViewById(R.id.type);
mPKCS12Password = (TextView) mView.findViewById(R.id.pkcs12password);
@@ -140,6 +141,7 @@ public class Settings_Basic extends Settings_Fragment implements View.OnClickLis
addFileSelectLayout(mClientCert, Utils.FileType.CLIENT_CERTIFICATE);
addFileSelectLayout(mClientKey, Utils.FileType.KEYFILE);
addFileSelectLayout(mpkcs12, Utils.FileType.PKCS12);
+ addFileSelectLayout(mCrlFile, Utils.FileType.CRL_FILE);
mCaCert.setShowClear();
mType.setOnItemSelectedListener(this);
@@ -244,6 +246,7 @@ public class Settings_Basic extends Settings_Fragment implements View.OnClickLis
mClientCert.setData(mProfile.mClientCertFilename, getActivity());
mClientKey.setData(mProfile.mClientKeyFilename, getActivity());
mCaCert.setData(mProfile.mCaFilename, getActivity());
+ mCrlFile.setData(mProfile.mCrlFilename, getActivity());
mUseLzo.setChecked(mProfile.mUseLzo);
mType.setSelection(mProfile.mAuthenticationType);
@@ -263,6 +266,7 @@ public class Settings_Basic extends Settings_Fragment implements View.OnClickLis
mProfile.mCaFilename = mCaCert.getData();
mProfile.mClientCertFilename = mClientCert.getData();
mProfile.mClientKeyFilename = mClientKey.getData();
+ mProfile.mCrlFilename = mCrlFile.getData();
mProfile.mUseLzo = mUseLzo.isChecked();
mProfile.mAuthenticationType = mType.getSelectedItemPosition();
@@ -287,7 +291,8 @@ public class Settings_Basic extends Settings_Fragment implements View.OnClickLis
}
}
- public void showCertDialog () {
+ @SuppressWarnings("WrongConstant")
+ public void showCertDialog () {
try {
KeyChain.choosePrivateKeyAlias(getActivity(),
new KeyChainAliasCallback() {
diff --git a/main/src/main/res/layout/basic_settings.xml b/main/src/main/res/layout/basic_settings.xml
index 8a4d290f..94963d9e 100644
--- a/main/src/main/res/layout/basic_settings.xml
+++ b/main/src/main/res/layout/basic_settings.xml
@@ -203,6 +203,13 @@
android:singleLine="false"
android:text="@string/static_keys_info" />
</LinearLayout>
+ <de.blinkt.openvpn.views.FileSelectLayout
+ android:id="@+id/crlfile"
+ android:layout_width="match_parent"
+ android:layout_height="wrap_content"
+ blinkt:certificate="false"
+ blinkt:showClear="true"
+ blinkt:fileTitle="@string/crl_title" />
</LinearLayout>
</ScrollView>
diff --git a/main/src/main/res/values/strings.xml b/main/src/main/res/values/strings.xml
index b685c3eb..ec3449eb 100755
--- a/main/src/main/res/values/strings.xml
+++ b/main/src/main/res/values/strings.xml
@@ -403,4 +403,5 @@
<string name="missing_tlsauth">tls-auth file is missing</string>
<string name="missing_certificates">Missing user certificate or user certifcate key file</string>
<string name="missing_ca_certificate">Missing CA certificate</string>
+ <string name="crl_title">Certifcate Revoke List (optional)</string>
</resources>