summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorArne Schwabe <arne@rfc2549.org>2015-03-19 11:30:12 +0100
committerArne Schwabe <arne@rfc2549.org>2015-03-19 11:30:12 +0100
commitc59e17ec3979728e6d9e24308e509d9273f2d230 (patch)
treed877898c6890085b415e68708476bd0bfee6229a
parenta2c989301f36be28ffa2ca2991076171afba1a77 (diff)
Fix importing of auth-user-pass (closes #334), add support for finding the absolute path of a crl file (closes #264)
-rw-r--r--main/build.gradle4
-rw-r--r--main/src/main/java/de/blinkt/openvpn/activities/ConfigConverter.java42
-rw-r--r--main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java38
-rw-r--r--main/src/main/java/de/blinkt/openvpn/fragments/Utils.java5
-rwxr-xr-xmain/src/main/res/values/strings.xml1
5 files changed, 76 insertions, 14 deletions
diff --git a/main/build.gradle b/main/build.gradle
index 0ee30500..1dda9d2a 100644
--- a/main/build.gradle
+++ b/main/build.gradle
@@ -12,12 +12,12 @@ dependencies {
}
android {
- compileSdkVersion 21
+ compileSdkVersion 22
buildToolsVersion "21.1.2"
defaultConfig {
minSdkVersion 14
- targetSdkVersion 21
+ targetSdkVersion 22
versionCode = 110
versionName = "0.6.29"
}
diff --git a/main/src/main/java/de/blinkt/openvpn/activities/ConfigConverter.java b/main/src/main/java/de/blinkt/openvpn/activities/ConfigConverter.java
index a7789c52..262c6e9b 100644
--- a/main/src/main/java/de/blinkt/openvpn/activities/ConfigConverter.java
+++ b/main/src/main/java/de/blinkt/openvpn/activities/ConfigConverter.java
@@ -71,6 +71,7 @@ public class ConfigConverter extends Activity implements FileSelectCallback {
private Map<Utils.FileType, FileSelectLayout> fileSelectMap = new HashMap<Utils.FileType, FileSelectLayout>();
private String mEmbeddedPwFile;
private Vector<String> mLogEntries = new Vector<String>();
+ private String mCrlFileName;
@Override
public boolean onOptionsItemSelected(MenuItem item) {
@@ -118,6 +119,7 @@ public class ConfigConverter extends Activity implements FileSelectCallback {
}
outState.putIntArray("fileselects", fileselects);
outState.putString("pwfile",mEmbeddedPwFile);
+ outState.putString("crlfile", mCrlFileName);
}
@Override
@@ -154,6 +156,9 @@ public class ConfigConverter extends Activity implements FileSelectCallback {
case KEYFILE:
mResult.mClientKeyFilename = data;
break;
+ case CRL_FILE:
+ mCrlFileName = data;
+ break;
default:
Assert.fail();
}
@@ -169,6 +174,13 @@ public class ConfigConverter extends Activity implements FileSelectCallback {
if (!TextUtils.isEmpty(mEmbeddedPwFile))
ConfigParser.useEmbbedUserAuth(mResult, mEmbeddedPwFile);
+ if (!TextUtils.isEmpty(mCrlFileName))
+ {
+ // TODO: COnvert this to a real config option that is parsed
+ ConfigParser.removeCRLCustomOption(mResult);
+ mResult.mCustomConfigOptions += "crl-verify " + mCrlFileName;
+ }
+
vpl.addProfile(mResult);
vpl.saveProfile(this, mResult);
vpl.saveProfileList(this);
@@ -279,7 +291,7 @@ public class ConfigConverter extends Activity implements FileSelectCallback {
return true;
}
- private String embedFile(String filename, Utils.FileType type) {
+ private String embedFile(String filename, Utils.FileType type, boolean onlyFindFile) {
if (filename == null)
return null;
@@ -290,6 +302,8 @@ public class ConfigConverter extends Activity implements FileSelectCallback {
File possibleFile = findFile(filename, type);
if (possibleFile == null)
return filename;
+ else if (onlyFindFile)
+ return possibleFile.getAbsolutePath();
else
return readFileContent(possibleFile, type == Utils.FileType.PKCS12);
@@ -300,7 +314,8 @@ public class ConfigConverter extends Activity implements FileSelectCallback {
if (foundfile == null && filename != null && !filename.equals("")) {
log(R.string.import_could_not_open, filename);
- addFileSelectDialog(fileType);
+ if (fileType != Utils.FileType.CRL_FILE)
+ addFileSelectDialog(fileType);
}
@@ -342,6 +357,10 @@ public class ConfigConverter extends Activity implements FileSelectCallback {
value = mEmbeddedPwFile;
break;
+ case CRL_FILE:
+ titleRes = R.string.crl_file;
+ value = mCrlFileName;
+ break;
}
boolean isCert = type == Utils.FileType.CA_CERTIFICATE || type == Utils.FileType.CLIENT_CERTIFICATE;
@@ -462,7 +481,7 @@ public class ConfigConverter extends Activity implements FileSelectCallback {
return bytes;
}
- void embedFiles() {
+ void embedFiles(ConfigParser cp) {
// This where I would like to have a c++ style
// void embedFile(std::string & option)
@@ -476,12 +495,14 @@ public class ConfigConverter extends Activity implements FileSelectCallback {
}
- mResult.mCaFilename = embedFile(mResult.mCaFilename, Utils.FileType.CA_CERTIFICATE);
- mResult.mClientCertFilename = embedFile(mResult.mClientCertFilename, Utils.FileType.CLIENT_CERTIFICATE);
- mResult.mClientKeyFilename = embedFile(mResult.mClientKeyFilename, Utils.FileType.KEYFILE);
- mResult.mTLSAuthFilename = embedFile(mResult.mTLSAuthFilename, Utils.FileType.TLS_AUTH_FILE);
- mResult.mPKCS12Filename = embedFile(mResult.mPKCS12Filename, Utils.FileType.PKCS12);
- mEmbeddedPwFile = embedFile(mResult.mPassword, Utils.FileType.USERPW_FILE);
+ mResult.mCaFilename = embedFile(mResult.mCaFilename, Utils.FileType.CA_CERTIFICATE, false);
+ mResult.mClientCertFilename = embedFile(mResult.mClientCertFilename, Utils.FileType.CLIENT_CERTIFICATE, false);
+ mResult.mClientKeyFilename = embedFile(mResult.mClientKeyFilename, Utils.FileType.KEYFILE, false);
+ mResult.mTLSAuthFilename = embedFile(mResult.mTLSAuthFilename, Utils.FileType.TLS_AUTH_FILE, false);
+ mResult.mPKCS12Filename = embedFile(mResult.mPKCS12Filename, Utils.FileType.PKCS12, false);
+ mEmbeddedPwFile = cp.getAuthUserPassFile();
+ mEmbeddedPwFile = embedFile(cp.getAuthUserPassFile(), Utils.FileType.USERPW_FILE, false);
+ mCrlFileName = embedFile(cp.getCrlVerifyFile(), Utils.FileType.CRL_FILE, true);
}
@Override
@@ -494,6 +515,7 @@ public class ConfigConverter extends Activity implements FileSelectCallback {
mResult = (VpnProfile) savedInstanceState.getSerializable(VPNPROFILE);
mAliasName = savedInstanceState.getString("mAliasName");
mEmbeddedPwFile = savedInstanceState.getString("pwfile");
+ mCrlFileName = savedInstanceState.getString("crlfile");
if (savedInstanceState.containsKey("logentries")) {
//noinspection ConstantConditions
@@ -599,7 +621,7 @@ public class ConfigConverter extends Activity implements FileSelectCallback {
cp.parseConfig(isr);
mResult = cp.convertProfile();
- embedFiles();
+ embedFiles(cp);
displayWarnings();
mResult.mName = getUniqueProfileName(newName);
diff --git a/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java b/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java
index fe51aff2..232c454b 100644
--- a/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java
+++ b/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java
@@ -31,6 +31,9 @@ public class ConfigParser {
public static final String CONVERTED_PROFILE = "converted Profile";
private HashMap<String, Vector<Vector<String>>> options = new HashMap<String, Vector<Vector<String>>>();
private HashMap<String, Vector<String>> meta = new HashMap<String, Vector<String>>();
+ private String auth_user_pass_file;
+ private String crl_verify_file;
+
public void parseConfig(Reader reader) throws IOException, ConfigParseError {
@@ -114,6 +117,14 @@ public class ConfigParser {
}
+ public String getAuthUserPassFile() {
+ return auth_user_pass_file;
+ }
+
+ public String getCrlVerifyFile() {
+ return crl_verify_file;
+ }
+
enum linestate {
initial,
readin_single_quote, reading_quoted, reading_unquoted, done
@@ -572,6 +583,7 @@ public class ConfigParser {
options.put("remotetls", remotetls);
Vector<String> authuser = getOption("auth-user-pass", 0, 1);
+
if (authuser != null) {
if (noauthtypeset) {
np.mAuthenticationType = VpnProfile.TYPE_USERPASS;
@@ -581,11 +593,24 @@ public class ConfigParser {
np.mAuthenticationType = VpnProfile.TYPE_USERPASS_KEYSTORE;
}
if (authuser.size() > 1) {
+ if (!authuser.get(1).startsWith(VpnProfile.INLINE_TAG))
+ auth_user_pass_file = authuser.get(1);
np.mUsername = null;
useEmbbedUserAuth(np, authuser.get(1));
}
}
+ Vector<String> crlfile = getOption("crl-verify", 1, 2);
+ if (crlfile != null) {
+ // If the 'dir' parameter is present just add it as custom option ..
+ np.mCustomConfigOptions += TextUtils.join(" ", crlfile) + "\n";
+ if (crlfile.size() == 2) {
+ // Save the filename for the config converter to add later
+ crl_verify_file = crlfile.get(1);
+ }
+ }
+
+
Pair<Connection, Connection[]> conns = parseConnectionOptions(null);
np.mConnections = conns.second;
@@ -760,6 +785,16 @@ public class ConfigParser {
}
}
+ public static void removeCRLCustomOption(VpnProfile np) {
+ String lines[] = np.mCustomConfigOptions.split("\\r?\\n");
+ Vector<String> keeplines = new Vector<>();
+ for (String l : lines) {
+ if (!l.startsWith("crl-verify "))
+ keeplines.add(l);
+ }
+ np.mCustomConfigOptions = TextUtils.join("\n", keeplines);
+ }
+
private void checkIgnoreAndInvalidOptions(VpnProfile np) throws ConfigParseError {
for (String option : unsupportedOptions)
if (options.containsKey(option))
@@ -771,7 +806,8 @@ public class ConfigParser {
if (options.size() > 0) {
- np.mCustomConfigOptions += "# These Options were found in the config file do not map to config settings:\n";
+ np.mCustomConfigOptions = "# These options found in the config file do not map to config settings:\n"
+ + np.mCustomConfigOptions;
for (Vector<Vector<String>> option : options.values()) {
diff --git a/main/src/main/java/de/blinkt/openvpn/fragments/Utils.java b/main/src/main/java/de/blinkt/openvpn/fragments/Utils.java
index 8676ccaf..606ea5f2 100644
--- a/main/src/main/java/de/blinkt/openvpn/fragments/Utils.java
+++ b/main/src/main/java/de/blinkt/openvpn/fragments/Utils.java
@@ -155,7 +155,8 @@ public class Utils {
OVPN_CONFIG(3),
KEYFILE(4),
TLS_AUTH_FILE(5),
- USERPW_FILE(6);
+ USERPW_FILE(6),
+ CRL_FILE(7);
private int value;
@@ -179,6 +180,8 @@ public class Utils {
return TLS_AUTH_FILE;
case 6:
return USERPW_FILE;
+ case 7:
+ return CRL_FILE;
default:
return null;
}
diff --git a/main/src/main/res/values/strings.xml b/main/src/main/res/values/strings.xml
index f552cb3d..7eb1c66c 100755
--- a/main/src/main/res/values/strings.xml
+++ b/main/src/main/res/values/strings.xml
@@ -379,5 +379,6 @@
<string name="tls_cipher_alert_title">Connections fails with SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure</string>
<string name="tls_cipher_alert">Newer OpenVPN for Android versions (0.6.29/March 2015) use a more secure default for the allowed cipher suites (tls-cipher \"DEFAULT:!EXP:!PSK:!SRP:!kRSA\"). Unfortunately, omitting the less secure cipher suites and export cipher suites, especially the omission of cipher suites that do not support Perfect Forward Secrecy (Diffie-Hellman) causes some problems. This usually caused by an well-intentioned but poorly executed attempts to strengthen TLS security by setting tls-cipher on the server.\nTo solve this problem the problem, set the tls-cipher settings on the server to reasonable default like tls-cipher \"DEFAULT:!EXP:!PSK:!SRP:!kRSA\". To work around the problem on the client add the custom option tls-cipher DEFAULT on the Android client.</string>
<string name="message_no_user_edit">This profile has been added from an external app (%s) and has been marked as not user editable.</string>
+ <string name="crl_file">Certificate Revocation List</string>
</resources>