Support crl file inlining (also requires newer OpenVPN version)

author: Arne Schwabe <arne@rfc2549.org> 2016-03-04 15:34:34 +0100
committer: Arne Schwabe <arne@rfc2549.org> 2016-03-07 09:10:57 +0100
commit: 1fbdec744ea40b9ce330e6170c6bb863b69b2e05 (patch)
tree: c936f6b8e5c14a1fb1b5c77231572ea304e7654c
parent: dbb0ec2e3428970c29bd5693da11228415bc813c (diff)
7 files changed, 36 insertions, 48 deletions
diff --git a/main/src/main/java/de/blinkt/openvpn/LaunchVPN.java b/main/src/main/java/de/blinkt/openvpn/LaunchVPN.java
index 26135eac..df19565c 100644
--- a/main/src/main/java/de/blinkt/openvpn/LaunchVPN.java
+++ b/main/src/main/java/de/blinkt/openvpn/LaunchVPN.java
@@ -18,7 +18,6 @@ import android.preference.PreferenceManager;
 import android.text.InputType;
 import android.text.TextUtils;
 import android.text.method.PasswordTransformationMethod;
-import android.util.Log;
 import android.view.View;
 import android.widget.CheckBox;
 import android.widget.CompoundButton;
diff --git a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java
index 3f87bf8b..44de090f 100644
--- a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java
+++ b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java
@@ -153,6 +153,8 @@ public class VpnProfile implements Serializable, Cloneable {
     public boolean mRemoteRandom = false;
     public HashSet<String> mAllowedAppsVpn = new HashSet<>();
     public boolean mAllowedAppsVpnAreDisallowed = true;
+
+    public String mCrlFilename;
     public String mProfileCreator;
 
 
@@ -380,6 +382,9 @@ public class VpnProfile implements Serializable, Cloneable {
                 cfg += insertFileData("ca", mCaFilename);
         }
 
+        if (!TextUtils.isEmpty(mCrlFilename))
+            insertFileData("crl-verify",mCrlFilename);
+
         if (mUseLzo) {
             cfg += "comp-lzo\n";
         }
diff --git a/main/src/main/java/de/blinkt/openvpn/activities/ConfigConverter.java b/main/src/main/java/de/blinkt/openvpn/activities/ConfigConverter.java
index 930faecd..d3dd0f20 100644
--- a/main/src/main/java/de/blinkt/openvpn/activities/ConfigConverter.java
+++ b/main/src/main/java/de/blinkt/openvpn/activities/ConfigConverter.java
@@ -69,7 +69,7 @@ public class ConfigConverter extends BaseActivity implements FileSelectCallback,
     private static final int CHOOSE_FILE_OFFSET = 1000;
     public static final String VPNPROFILE = "vpnProfile";
     private static final int PERMISSION_REQUEST_EMBED_FILES = 37231;
-    private static final int PERMISSION_REQUEST_READ_URL = PERMISSION_REQUEST_EMBED_FILES+1;
+    private static final int PERMISSION_REQUEST_READ_URL = PERMISSION_REQUEST_EMBED_FILES + 1;
 
     private VpnProfile mResult;
 
@@ -81,7 +81,6 @@ public class ConfigConverter extends BaseActivity implements FileSelectCallback,
     private Map<Utils.FileType, FileSelectLayout> fileSelectMap = new HashMap<>();
     private String mEmbeddedPwFile;
     private Vector<String> mLogEntries = new Vector<>();
-    private String mCrlFileName;
     private Uri mSourceUri;
 
     @Override
@@ -119,7 +118,7 @@ public class ConfigConverter extends BaseActivity implements FileSelectCallback,
             embedFiles(null);
 
         else if (requestCode == PERMISSION_REQUEST_READ_URL) {
-            if(mSourceUri!=null)
+            if (mSourceUri != null)
                 doImportUri(mSourceUri);
         }
     }
@@ -174,8 +173,6 @@ public class ConfigConverter extends BaseActivity implements FileSelectCallback,
         }
         outState.putIntArray("fileselects", fileselects);
         outState.putString("pwfile", mEmbeddedPwFile);
-        outState.putString("crlfile", mCrlFileName);
-
         outState.putParcelable("mSourceUri", mSourceUri);
     }
 
@@ -214,7 +211,7 @@ public class ConfigConverter extends BaseActivity implements FileSelectCallback,
                     mResult.mClientKeyFilename = data;
                     break;
                 case CRL_FILE:
-                    mCrlFileName = data;
+                    mResult.mCrlFilename = data;
                     break;
                 default:
                     Assert.fail();
@@ -241,6 +238,7 @@ public class ConfigConverter extends BaseActivity implements FileSelectCallback,
 
     public void showCertDialog() {
         try {
+            //noinspection WrongConstant
             KeyChain.choosePrivateKeyAlias(this,
                     new KeyChainAliasCallback() {
 
@@ -400,7 +398,7 @@ public class ConfigConverter extends BaseActivity implements FileSelectCallback,
 
             case CRL_FILE:
                 titleRes = R.string.crl_file;
-                value = mCrlFileName;
+                value = mResult.mCrlFilename;
                 break;
         }
 
@@ -415,8 +413,7 @@ public class ConfigConverter extends BaseActivity implements FileSelectCallback,
             log(R.string.import_could_not_open, filename);
         }
 
-        if (fileType != Utils.FileType.CRL_FILE)
-            addFileSelectDialog(fileType);
+        addFileSelectDialog(fileType);
 
         return foundfile;
     }
@@ -570,19 +567,10 @@ public class ConfigConverter extends BaseActivity implements FileSelectCallback,
         mResult.mClientKeyFilename = embedFile(mResult.mClientKeyFilename, Utils.FileType.KEYFILE, false);
         mResult.mTLSAuthFilename = embedFile(mResult.mTLSAuthFilename, Utils.FileType.TLS_AUTH_FILE, false);
         mResult.mPKCS12Filename = embedFile(mResult.mPKCS12Filename, Utils.FileType.PKCS12, false);
+        mResult.mCrlFilename = embedFile(mResult.mCrlFilename, Utils.FileType.CRL_FILE, true);
         if (cp != null) {
             mEmbeddedPwFile = cp.getAuthUserPassFile();
             mEmbeddedPwFile = embedFile(cp.getAuthUserPassFile(), Utils.FileType.USERPW_FILE, false);
-            mCrlFileName = embedFile(cp.getCrlVerifyFile(), Utils.FileType.CRL_FILE, true);
-
-            ConfigParser.removeCRLCustomOption(mResult);
-            if (!TextUtils.isEmpty(mCrlFileName)) {
-                // TODO: Convert this to a real config option that is parsed
-                ConfigParser.removeCRLCustomOption(mResult);
-                mResult.mCustomConfigOptions += "\ncrl-verify " + VpnProfile.openVpnEscape(mCrlFileName);
-            } else if (!TextUtils.isEmpty(cp.getCrlVerifyFile())) {
-                mResult.mCustomConfigOptions += "\n#crl-verify " + VpnProfile.openVpnEscape(cp.getCrlVerifyFile());
-            }
         }
 
         updateFileSelectDialogs();
@@ -610,7 +598,6 @@ public class ConfigConverter extends BaseActivity implements FileSelectCallback,
             mResult = (VpnProfile) savedInstanceState.getSerializable(VPNPROFILE);
             mAliasName = savedInstanceState.getString("mAliasName");
             mEmbeddedPwFile = savedInstanceState.getString("pwfile");
-            mCrlFileName = savedInstanceState.getString("crlfile");
             mSourceUri = savedInstanceState.getParcelable("mSourceUri");
 
             if (savedInstanceState.containsKey("logentries")) {
@@ -666,8 +653,7 @@ public class ConfigConverter extends BaseActivity implements FileSelectCallback,
 
             mPathsegments = data.getPathSegments();
 
-            Cursor cursor = null;
-            cursor = getContentResolver().query(data, null, null, null, null);
+            Cursor cursor = getContentResolver().query(data, null, null, null, null);
 
             try {
 
@@ -709,12 +695,12 @@ public class ConfigConverter extends BaseActivity implements FileSelectCallback,
     @TargetApi(Build.VERSION_CODES.M)
     private void checkMarschmallowFileImportError(Uri data) {
         // Permission already granted, not the source of the error
-        if(checkSelfPermission(Manifest.permission.READ_EXTERNAL_STORAGE) == PackageManager.PERMISSION_GRANTED)
+        if (checkSelfPermission(Manifest.permission.READ_EXTERNAL_STORAGE) == PackageManager.PERMISSION_GRANTED)
             return;
 
         // We got a file:/// URL and have no permission to read it. Technically an error of the calling app since
         // it makes an assumption about other apps being able to read the url but well ...
-        if (data !=null && "file".equals(data.getScheme()))
+        if (data != null && "file".equals(data.getScheme()))
             doRequestSDCardPermission(PERMISSION_REQUEST_READ_URL);
 
     }
diff --git a/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java b/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java
index 80a15c54..7ef33107 100644
--- a/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java
+++ b/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java
@@ -32,8 +32,6 @@ public class ConfigParser {
     private HashMap<String, Vector<Vector<String>>> options = new HashMap<String, Vector<Vector<String>>>();
     private HashMap<String, Vector<String>> meta = new HashMap<String, Vector<String>>();
     private String auth_user_pass_file;
-    private String crl_verify_file;
-
 
     public void parseConfig(Reader reader) throws IOException, ConfigParseError {
 
@@ -132,10 +130,6 @@ public class ConfigParser {
         return auth_user_pass_file;
     }
 
-    public String getCrlVerifyFile() {
-        return crl_verify_file;
-    }
-
     enum linestate {
         initial,
         readin_single_quote, reading_quoted, reading_unquoted, done
@@ -621,11 +615,12 @@ public class ConfigParser {
         Vector<String> crlfile = getOption("crl-verify", 1, 2);
         if (crlfile != null) {
             // If the 'dir' parameter is present just add it as custom option ..
-            np.mCustomConfigOptions += TextUtils.join(" ", crlfile) + "\n";
-            if (crlfile.size() == 2) {
+            if (crlfile.size() == 3 && crlfile.get(2).equals("dir"))
+                np.mCustomConfigOptions += TextUtils.join(" ", crlfile) + "\n";
+            else
                 // Save the filename for the config converter to add later
-                crl_verify_file = crlfile.get(1);
-            }
+                np.mCrlFilename = crlfile.get(1);
+
         }
 
 
@@ -813,16 +808,6 @@ public class ConfigParser {
         }
     }
 
-    public static void removeCRLCustomOption(VpnProfile np) {
-        String lines[] = np.mCustomConfigOptions.split("\\r?\\n");
-        Vector<String> keeplines = new Vector<>();
-        for (String l : lines) {
-            if (!l.startsWith("crl-verify "))
-                keeplines.add(l);
-        }
-        np.mCustomConfigOptions = TextUtils.join("\n", keeplines);
-    }
-
     private void checkIgnoreAndInvalidOptions(VpnProfile np) throws ConfigParseError {
         for (String option : unsupportedOptions)
             if (options.containsKey(option))
diff --git a/main/src/main/java/de/blinkt/openvpn/fragments/Settings_Basic.java b/main/src/main/java/de/blinkt/openvpn/fragments/Settings_Basic.java
index 71ba3d8a..78976c44 100644
--- a/main/src/main/java/de/blinkt/openvpn/fragments/Settings_Basic.java
+++ b/main/src/main/java/de/blinkt/openvpn/fragments/Settings_Basic.java
@@ -51,6 +51,7 @@ public class Settings_Basic extends Settings_Fragment implements View.OnClickLis
 	private CheckBox mUseLzo;
 	private Spinner mType;
 	private FileSelectLayout mpkcs12;
+	private FileSelectLayout mCrlFile;
 	private TextView mPKCS12Password;
 	private Handler mHandler;
 	private EditText mUserName;
@@ -62,8 +63,7 @@ public class Settings_Basic extends Settings_Fragment implements View.OnClickLis
 	private SparseArray<FileSelectLayout> fileselects = new SparseArray<>();
 
 
-
-    private void addFileSelectLayout (FileSelectLayout fsl, Utils.FileType type) {
+	private void addFileSelectLayout (FileSelectLayout fsl, Utils.FileType type) {
 		int i = fileselects.size() + CHOOSE_FILE_OFFSET;
 		fileselects.put(i, fsl);
 		fsl.setCaller(this, i, type);
@@ -126,6 +126,7 @@ public class Settings_Basic extends Settings_Fragment implements View.OnClickLis
 		mClientKey = (FileSelectLayout) mView.findViewById(R.id.keyselect);
 		mCaCert = (FileSelectLayout) mView.findViewById(R.id.caselect);
 		mpkcs12 = (FileSelectLayout) mView.findViewById(R.id.pkcs12select);
+		mCrlFile = (FileSelectLayout) mView.findViewById(id.crlfile);
 		mUseLzo = (CheckBox) mView.findViewById(R.id.lzo);
 		mType = (Spinner) mView.findViewById(R.id.type);
 		mPKCS12Password = (TextView) mView.findViewById(R.id.pkcs12password);
@@ -140,6 +141,7 @@ public class Settings_Basic extends Settings_Fragment implements View.OnClickLis
 		addFileSelectLayout(mClientCert, Utils.FileType.CLIENT_CERTIFICATE);
 		addFileSelectLayout(mClientKey, Utils.FileType.KEYFILE);
 		addFileSelectLayout(mpkcs12, Utils.FileType.PKCS12);
+		addFileSelectLayout(mCrlFile, Utils.FileType.CRL_FILE);
 		mCaCert.setShowClear();
 
 		mType.setOnItemSelectedListener(this);
@@ -244,6 +246,7 @@ public class Settings_Basic extends Settings_Fragment implements View.OnClickLis
 		mClientCert.setData(mProfile.mClientCertFilename, getActivity());
 		mClientKey.setData(mProfile.mClientKeyFilename, getActivity());
 		mCaCert.setData(mProfile.mCaFilename, getActivity());
+        mCrlFile.setData(mProfile.mCrlFilename, getActivity());
 
 		mUseLzo.setChecked(mProfile.mUseLzo);
 		mType.setSelection(mProfile.mAuthenticationType);
@@ -263,6 +266,7 @@ public class Settings_Basic extends Settings_Fragment implements View.OnClickLis
 		mProfile.mCaFilename = mCaCert.getData();
 		mProfile.mClientCertFilename = mClientCert.getData();
 		mProfile.mClientKeyFilename = mClientKey.getData();
+        mProfile.mCrlFilename = mCrlFile.getData();
 
 		mProfile.mUseLzo = mUseLzo.isChecked();
 		mProfile.mAuthenticationType = mType.getSelectedItemPosition();
@@ -287,7 +291,8 @@ public class Settings_Basic extends Settings_Fragment implements View.OnClickLis
 		}
 	}
 
-	public void showCertDialog () {
+	@SuppressWarnings("WrongConstant")
+    public void showCertDialog () {
 		try	{
 			KeyChain.choosePrivateKeyAlias(getActivity(),
 					new KeyChainAliasCallback() {
diff --git a/main/src/main/res/layout/basic_settings.xml b/main/src/main/res/layout/basic_settings.xml
index 8a4d290f..94963d9e 100644
--- a/main/src/main/res/layout/basic_settings.xml
+++ b/main/src/main/res/layout/basic_settings.xml
@@ -203,6 +203,13 @@
                 android:singleLine="false"
                 android:text="@string/static_keys_info" />
         </LinearLayout>
+        <de.blinkt.openvpn.views.FileSelectLayout
+            android:id="@+id/crlfile"
+            android:layout_width="match_parent"
+            android:layout_height="wrap_content"
+            blinkt:certificate="false"
+            blinkt:showClear="true"
+            blinkt:fileTitle="@string/crl_title" />
     </LinearLayout>
 
 </ScrollView>
diff --git a/main/src/main/res/values/strings.xml b/main/src/main/res/values/strings.xml
index b685c3eb..ec3449eb 100755
--- a/main/src/main/res/values/strings.xml
+++ b/main/src/main/res/values/strings.xml
@@ -403,4 +403,5 @@
     <string name="missing_tlsauth">tls-auth file is missing</string>
     <string name="missing_certificates">Missing user certificate or user certifcate key file</string>
     <string name="missing_ca_certificate">Missing CA certificate</string>
+    <string name="crl_title">Certifcate Revoke List (optional)</string>
 </resources>
author	Arne Schwabe <arne@rfc2549.org>	2016-03-04 15:34:34 +0100
committer	Arne Schwabe <arne@rfc2549.org>	2016-03-07 09:10:57 +0100
commit	1fbdec744ea40b9ce330e6170c6bb863b69b2e05 (patch)
tree	c936f6b8e5c14a1fb1b5c77231572ea304e7654c
parent	dbb0ec2e3428970c29bd5693da11228415bc813c (diff)