Number of miscellenous fixes and clean ups

7 files changed, 65 insertions, 43 deletions

diff --git a/main/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java b/main/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java
index d37f34ed..22d451eb 100644
--- a/main/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java
+++ b/main/src/main/java/de/blinkt/openvpn/core/OpenVPNService.java
@@ -891,7 +891,7 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac
         VpnStatus.logInfo(R.string.dns_server_info, TextUtils.join(", ", mDnslist), mDomain);
         VpnStatus.logInfo(R.string.routes_info_incl, TextUtils.join(", ", mRoutes.getNetworks(true)), TextUtils.join(", ", mRoutesv6.getNetworks(true)));
         VpnStatus.logInfo(R.string.routes_info_excl, TextUtils.join(", ", mRoutes.getNetworks(false)), TextUtils.join(", ", mRoutesv6.getNetworks(false)));
-        if (mProxyInfo != null) {
+        if (mProxyInfo != null && Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP) {
             VpnStatus.logInfo(R.string.proxy_info, mProxyInfo.getHost(), mProxyInfo.getPort());
         }
         VpnStatus.logDebug(R.string.routes_debug, TextUtils.join(", ", positiveIPv4Routes), TextUtils.join(", ", positiveIPv6Routes));
@@ -1087,6 +1087,9 @@ public class OpenVPNService extends VpnService implements StateListener, Callbac
     }
 
     public boolean addHttpProxy(String proxy, int port) {
+        if (Build.VERSION.SDK_INT < Build.VERSION_CODES.LOLLIPOP)
+            return false;
+
         try {
             mProxyInfo = ProxyInfo.buildDirectProxy(proxy, port);
         } catch (Exception e)
diff --git a/main/src/ui/java/de/blinkt/openvpn/activities/ConfigConverter.kt b/main/src/ui/java/de/blinkt/openvpn/activities/ConfigConverter.kt
index 199c7819..5a42599f 100644
--- a/main/src/ui/java/de/blinkt/openvpn/activities/ConfigConverter.kt
+++ b/main/src/ui/java/de/blinkt/openvpn/activities/ConfigConverter.kt
@@ -73,6 +73,7 @@ class ConfigConverter : BaseActivity(), FileSelectCallback, View.OnClickListener
     }
 
     override fun onRequestPermissionsResult(requestCode: Int, permissions: Array<String>, grantResults: IntArray) {
+        super.onRequestPermissionsResult(requestCode, permissions, grantResults);
         // Permission declined, do nothing
         if (grantResults.size == 0 || grantResults[0] == PackageManager.PERMISSION_DENIED)
             return
diff --git a/main/src/ui/java/de/blinkt/openvpn/activities/MainActivity.java b/main/src/ui/java/de/blinkt/openvpn/activities/MainActivity.java
index fa6c4159..58698ea3 100644
--- a/main/src/ui/java/de/blinkt/openvpn/activities/MainActivity.java
+++ b/main/src/ui/java/de/blinkt/openvpn/activities/MainActivity.java
@@ -14,6 +14,8 @@ import android.view.MenuItem;
 import androidx.appcompat.app.ActionBar;
 import androidx.viewpager.widget.ViewPager;
 
+import com.google.android.material.tabs.TabLayout;
+
 import de.blinkt.openvpn.R;
 import de.blinkt.openvpn.fragments.AboutFragment;
 import de.blinkt.openvpn.fragments.FaqFragment;
@@ -29,7 +31,7 @@ public class MainActivity extends BaseActivity {
 
     private static final String FEATURE_TELEVISION = "android.hardware.type.television";
     private static final String FEATURE_LEANBACK = "android.software.leanback";
-    //private TabLayout mTabs;
+    private TabLayout mTabs;
     private ViewPager mPager;
     private ScreenSlidePagerAdapter mPagerAdapter;
 
@@ -58,19 +60,11 @@ public class MainActivity extends BaseActivity {
         }
 
 
-        if (isDirectToTV())
+        if (isAndroidTV())
             mPagerAdapter.addTab(R.string.openvpn_log, LogFragment.class);
 
         mPagerAdapter.addTab(R.string.about, AboutFragment.class);
         mPager.setAdapter(mPagerAdapter);
-
-        //mTabs =  findViewById(R.id.sliding_tabs);
-        //mTabs.setViewPager(mPager);
-    }
-
-    private boolean isDirectToTV() {
-        return (getPackageManager().hasSystemFeature(FEATURE_TELEVISION)
-                || getPackageManager().hasSystemFeature(FEATURE_LEANBACK));
     }
 
 
diff --git a/main/src/ui/java/de/blinkt/openvpn/fragments/Settings_Allowed_Apps.kt b/main/src/ui/java/de/blinkt/openvpn/fragments/Settings_Allowed_Apps.kt
index 9ad32a47..c6712251 100644
--- a/main/src/ui/java/de/blinkt/openvpn/fragments/Settings_Allowed_Apps.kt
+++ b/main/src/ui/java/de/blinkt/openvpn/fragments/Settings_Allowed_Apps.kt
@@ -90,7 +90,7 @@ class Settings_Allowed_Apps : Fragment(), AdapterView.OnItemClickListener, View.
         mListView.adapter = packageAdapter
 
         Thread(Runnable {
-            packageAdapter.populateList(activity!!)
+            packageAdapter.populateList(requireActivity())
             activity?.runOnUiThread({
                 (v.findViewById<View>(R.id.loading_container)).visibility = View.GONE
                 (v.findViewById<View>(R.id.app_recycler_view)).visibility = View.VISIBLE
diff --git a/tlsexternalcertprovider/src/main/aidl/de/blinkt/openvpn/api/ExternalCertificateProvider.aidl b/tlsexternalcertprovider/src/main/aidl/de/blinkt/openvpn/api/ExternalCertificateProvider.aidl
index c6db965b..951cff96 100644
--- a/tlsexternalcertprovider/src/main/aidl/de/blinkt/openvpn/api/ExternalCertificateProvider.aidl
+++ b/tlsexternalcertprovider/src/main/aidl/de/blinkt/openvpn/api/ExternalCertificateProvider.aidl
@@ -1,16 +1,16 @@
 // ExternalCertificateProvider.aidl
 package de.blinkt.openvpn.api;
 
-
 /*
  * This is very simple interface that is specialised to have only the minimal set of crypto
  * operation that are needed for OpenVPN to authenticate with an external certificate
  */
 interface ExternalCertificateProvider {
     /**
+     * @deprecated use {@link #getSignedDataWithExtra} instead
      * Requests signing the data with RSA/ECB/PKCS1PADDING
      * for RSA certficate and with NONEwithECDSA for EC certificates
-     * @parm alias the parameter that
+     * @param alias user certificate identifier
      */
     byte[] getSignedData(in String alias, in byte[] data);
 
@@ -36,4 +36,21 @@ interface ExternalCertificateProvider {
      *
      */
     Bundle getCertificateMetaData(in String alias);
+
+    /**
+     * Requests signing the data with RSA/ECB/PKCS1PADDING or RSA/ECB/nopadding
+     * for RSA certficate and with NONEwithECDSA for EC certificates
+     * @param alias user certificate identifier
+     * @param data the data to be signed
+     * @param extra additional information.
+     * Should contain the following keys:
+     * <p><ul>
+       * <li>int key "de.blinkt.openvpn.api.RSA_PADDING_TYPE", may be set as:
+       * <p><ul>
+         * <li>0 - for RSA/ECB/nopadding
+         * <li>1 - for RSA/ECB/PKCS1PADDING
+         * </ul><p>
+       * </ul><p>
+     */
+    byte[] getSignedDataWithExtra(in String alias, in byte[] data, in Bundle extra);
 }
diff --git a/tlsexternalcertprovider/src/main/java/de/blinkt/externalcertprovider/ExternalCertService.java b/tlsexternalcertprovider/src/main/java/de/blinkt/externalcertprovider/ExternalCertService.java
index caf382dd..a0e66456 100644
--- a/tlsexternalcertprovider/src/main/java/de/blinkt/externalcertprovider/ExternalCertService.java
+++ b/tlsexternalcertprovider/src/main/java/de/blinkt/externalcertprovider/ExternalCertService.java
@@ -12,21 +12,14 @@ import android.os.IBinder;
 import android.os.RemoteException;
 import android.text.TextUtils;
 import de.blinkt.openvpn.api.ExternalCertificateProvider;
-import org.bouncycastle.openssl.PEMKeyPair;
-import org.bouncycastle.openssl.PEMParser;
 
 import javax.crypto.BadPaddingException;
-import javax.crypto.Cipher;
 import javax.crypto.IllegalBlockSizeException;
 import javax.crypto.NoSuchPaddingException;
 import java.io.IOException;
-import java.io.StringReader;
 import java.security.InvalidKeyException;
-import java.security.KeyFactory;
 import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
 import java.security.spec.InvalidKeySpecException;
-import java.security.spec.PKCS8EncodedKeySpec;
 
 import static de.blinkt.externalcertprovider.SelectCertificateActivity.EXTRA_ALIAS;
 import static de.blinkt.externalcertprovider.SelectCertificateActivity.EXTRA_DESCRIPTION;
@@ -37,31 +30,37 @@ import static de.blinkt.externalcertprovider.SelectCertificateActivity.EXTRA_DES
  * see ExternalOpenVPNService for an example of checking caller's creditionals
  */
 public class ExternalCertService extends Service {
+    private byte[] doSign(byte[] data)
+    {
+        try {
+            return SimpleSigner.signData(data, false);
+
+        } catch (IOException e) {
+            e.printStackTrace();
+        } catch (NoSuchPaddingException e) {
+            e.printStackTrace();
+        } catch (NoSuchAlgorithmException e) {
+            e.printStackTrace();
+        } catch (IllegalBlockSizeException e) {
+            e.printStackTrace();
+        } catch (BadPaddingException e) {
+            e.printStackTrace();
+        } catch (InvalidKeySpecException e) {
+            e.printStackTrace();
+        } catch (InvalidKeyException e) {
+            e.printStackTrace();
+        }
+        // Something failed, return null
+        return null;
+    }
 
     private final ExternalCertificateProvider.Stub mBinder = new ExternalCertificateProvider.Stub() {
 
+
+
         @Override
         public byte[] getSignedData(String alias, byte[] data) throws RemoteException {
-            try {
-                return SimpleSigner.signData(data);
-
-
-            } catch (IOException e) {
-                e.printStackTrace();
-            } catch (NoSuchPaddingException e) {
-                e.printStackTrace();
-            } catch (NoSuchAlgorithmException e) {
-                e.printStackTrace();
-            } catch (IllegalBlockSizeException e) {
-                e.printStackTrace();
-            } catch (BadPaddingException e) {
-                e.printStackTrace();
-            } catch (InvalidKeySpecException e) {
-                e.printStackTrace();
-            } catch (InvalidKeyException e) {
-                e.printStackTrace();
-            }
-            // Something failed, return null
+
             return null;
 
         }
@@ -79,6 +78,11 @@ public class ExternalCertService extends Service {
             b.putString(EXTRA_DESCRIPTION, "Super secret example key!");
             return b;
         }
+
+        @Override
+        public byte[] getSignedDataWithExtra(String alias, byte[] data, Bundle extra) throws RemoteException {
+            return new byte[0];
+        }
     };
 
 
diff --git a/tlsexternalcertprovider/src/main/java/de/blinkt/externalcertprovider/SimpleSigner.java b/tlsexternalcertprovider/src/main/java/de/blinkt/externalcertprovider/SimpleSigner.java
index 7d2f6786..ecce2c84 100644
--- a/tlsexternalcertprovider/src/main/java/de/blinkt/externalcertprovider/SimpleSigner.java
+++ b/tlsexternalcertprovider/src/main/java/de/blinkt/externalcertprovider/SimpleSigner.java
@@ -120,7 +120,7 @@ public class SimpleSigner {
                     "hEi44aHbPXt9opdssz/hdGfd8Wo7vEJrbg7c6zR6C/Akav1Rzy9oohIdgOw=\n" +
                     "-----END CERTIFICATE-----\n"};
 
-    public static byte[] signData(byte[] data) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
+    public static byte[] signData(byte[] data, boolean pkcs1padding) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
         // This is more or less code that has been just modified long enough that it works
         // Don't take it as good example how to get a Privatekey
         StringReader keyreader = new StringReader(SimpleSigner.certchain[0] + SimpleSigner.pemkey);
@@ -136,7 +136,10 @@ public class SimpleSigner {
         // The actual signing
 
         Cipher signer;
-        signer = Cipher.getInstance("RSA/ECB/PKCS1PADDING");
+        if (pkcs1padding)
+            signer = Cipher.getInstance("RSA/ECB/PKCS1PADDING");
+        else
+            signer = Cipher.getInstance("RSA/ECB/nopadding");
 
 
         signer.init(Cipher.ENCRYPT_MODE, key);