From 1fbdec744ea40b9ce330e6170c6bb863b69b2e05 Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Fri, 4 Mar 2016 15:34:34 +0100 Subject: Support crl file inlining (also requires newer OpenVPN version) --- .../src/main/java/de/blinkt/openvpn/LaunchVPN.java | 1 - .../main/java/de/blinkt/openvpn/VpnProfile.java | 5 ++++ .../blinkt/openvpn/activities/ConfigConverter.java | 34 +++++++--------------- .../java/de/blinkt/openvpn/core/ConfigParser.java | 25 ++++------------ .../blinkt/openvpn/fragments/Settings_Basic.java | 11 +++++-- main/src/main/res/layout/basic_settings.xml | 7 +++++ main/src/main/res/values/strings.xml | 1 + 7 files changed, 36 insertions(+), 48 deletions(-) diff --git a/main/src/main/java/de/blinkt/openvpn/LaunchVPN.java b/main/src/main/java/de/blinkt/openvpn/LaunchVPN.java index 26135eac..df19565c 100644 --- a/main/src/main/java/de/blinkt/openvpn/LaunchVPN.java +++ b/main/src/main/java/de/blinkt/openvpn/LaunchVPN.java @@ -18,7 +18,6 @@ import android.preference.PreferenceManager; import android.text.InputType; import android.text.TextUtils; import android.text.method.PasswordTransformationMethod; -import android.util.Log; import android.view.View; import android.widget.CheckBox; import android.widget.CompoundButton; diff --git a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java index 3f87bf8b..44de090f 100644 --- a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java +++ b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java @@ -153,6 +153,8 @@ public class VpnProfile implements Serializable, Cloneable { public boolean mRemoteRandom = false; public HashSet mAllowedAppsVpn = new HashSet<>(); public boolean mAllowedAppsVpnAreDisallowed = true; + + public String mCrlFilename; public String mProfileCreator; @@ -380,6 +382,9 @@ public class VpnProfile implements Serializable, Cloneable { cfg += insertFileData("ca", mCaFilename); } + if (!TextUtils.isEmpty(mCrlFilename)) + insertFileData("crl-verify",mCrlFilename); + if (mUseLzo) { cfg += "comp-lzo\n"; } diff --git a/main/src/main/java/de/blinkt/openvpn/activities/ConfigConverter.java b/main/src/main/java/de/blinkt/openvpn/activities/ConfigConverter.java index 930faecd..d3dd0f20 100644 --- a/main/src/main/java/de/blinkt/openvpn/activities/ConfigConverter.java +++ b/main/src/main/java/de/blinkt/openvpn/activities/ConfigConverter.java @@ -69,7 +69,7 @@ public class ConfigConverter extends BaseActivity implements FileSelectCallback, private static final int CHOOSE_FILE_OFFSET = 1000; public static final String VPNPROFILE = "vpnProfile"; private static final int PERMISSION_REQUEST_EMBED_FILES = 37231; - private static final int PERMISSION_REQUEST_READ_URL = PERMISSION_REQUEST_EMBED_FILES+1; + private static final int PERMISSION_REQUEST_READ_URL = PERMISSION_REQUEST_EMBED_FILES + 1; private VpnProfile mResult; @@ -81,7 +81,6 @@ public class ConfigConverter extends BaseActivity implements FileSelectCallback, private Map fileSelectMap = new HashMap<>(); private String mEmbeddedPwFile; private Vector mLogEntries = new Vector<>(); - private String mCrlFileName; private Uri mSourceUri; @Override @@ -119,7 +118,7 @@ public class ConfigConverter extends BaseActivity implements FileSelectCallback, embedFiles(null); else if (requestCode == PERMISSION_REQUEST_READ_URL) { - if(mSourceUri!=null) + if (mSourceUri != null) doImportUri(mSourceUri); } } @@ -174,8 +173,6 @@ public class ConfigConverter extends BaseActivity implements FileSelectCallback, } outState.putIntArray("fileselects", fileselects); outState.putString("pwfile", mEmbeddedPwFile); - outState.putString("crlfile", mCrlFileName); - outState.putParcelable("mSourceUri", mSourceUri); } @@ -214,7 +211,7 @@ public class ConfigConverter extends BaseActivity implements FileSelectCallback, mResult.mClientKeyFilename = data; break; case CRL_FILE: - mCrlFileName = data; + mResult.mCrlFilename = data; break; default: Assert.fail(); @@ -241,6 +238,7 @@ public class ConfigConverter extends BaseActivity implements FileSelectCallback, public void showCertDialog() { try { + //noinspection WrongConstant KeyChain.choosePrivateKeyAlias(this, new KeyChainAliasCallback() { @@ -400,7 +398,7 @@ public class ConfigConverter extends BaseActivity implements FileSelectCallback, case CRL_FILE: titleRes = R.string.crl_file; - value = mCrlFileName; + value = mResult.mCrlFilename; break; } @@ -415,8 +413,7 @@ public class ConfigConverter extends BaseActivity implements FileSelectCallback, log(R.string.import_could_not_open, filename); } - if (fileType != Utils.FileType.CRL_FILE) - addFileSelectDialog(fileType); + addFileSelectDialog(fileType); return foundfile; } @@ -570,19 +567,10 @@ public class ConfigConverter extends BaseActivity implements FileSelectCallback, mResult.mClientKeyFilename = embedFile(mResult.mClientKeyFilename, Utils.FileType.KEYFILE, false); mResult.mTLSAuthFilename = embedFile(mResult.mTLSAuthFilename, Utils.FileType.TLS_AUTH_FILE, false); mResult.mPKCS12Filename = embedFile(mResult.mPKCS12Filename, Utils.FileType.PKCS12, false); + mResult.mCrlFilename = embedFile(mResult.mCrlFilename, Utils.FileType.CRL_FILE, true); if (cp != null) { mEmbeddedPwFile = cp.getAuthUserPassFile(); mEmbeddedPwFile = embedFile(cp.getAuthUserPassFile(), Utils.FileType.USERPW_FILE, false); - mCrlFileName = embedFile(cp.getCrlVerifyFile(), Utils.FileType.CRL_FILE, true); - - ConfigParser.removeCRLCustomOption(mResult); - if (!TextUtils.isEmpty(mCrlFileName)) { - // TODO: Convert this to a real config option that is parsed - ConfigParser.removeCRLCustomOption(mResult); - mResult.mCustomConfigOptions += "\ncrl-verify " + VpnProfile.openVpnEscape(mCrlFileName); - } else if (!TextUtils.isEmpty(cp.getCrlVerifyFile())) { - mResult.mCustomConfigOptions += "\n#crl-verify " + VpnProfile.openVpnEscape(cp.getCrlVerifyFile()); - } } updateFileSelectDialogs(); @@ -610,7 +598,6 @@ public class ConfigConverter extends BaseActivity implements FileSelectCallback, mResult = (VpnProfile) savedInstanceState.getSerializable(VPNPROFILE); mAliasName = savedInstanceState.getString("mAliasName"); mEmbeddedPwFile = savedInstanceState.getString("pwfile"); - mCrlFileName = savedInstanceState.getString("crlfile"); mSourceUri = savedInstanceState.getParcelable("mSourceUri"); if (savedInstanceState.containsKey("logentries")) { @@ -666,8 +653,7 @@ public class ConfigConverter extends BaseActivity implements FileSelectCallback, mPathsegments = data.getPathSegments(); - Cursor cursor = null; - cursor = getContentResolver().query(data, null, null, null, null); + Cursor cursor = getContentResolver().query(data, null, null, null, null); try { @@ -709,12 +695,12 @@ public class ConfigConverter extends BaseActivity implements FileSelectCallback, @TargetApi(Build.VERSION_CODES.M) private void checkMarschmallowFileImportError(Uri data) { // Permission already granted, not the source of the error - if(checkSelfPermission(Manifest.permission.READ_EXTERNAL_STORAGE) == PackageManager.PERMISSION_GRANTED) + if (checkSelfPermission(Manifest.permission.READ_EXTERNAL_STORAGE) == PackageManager.PERMISSION_GRANTED) return; // We got a file:/// URL and have no permission to read it. Technically an error of the calling app since // it makes an assumption about other apps being able to read the url but well ... - if (data !=null && "file".equals(data.getScheme())) + if (data != null && "file".equals(data.getScheme())) doRequestSDCardPermission(PERMISSION_REQUEST_READ_URL); } diff --git a/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java b/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java index 80a15c54..7ef33107 100644 --- a/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java +++ b/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java @@ -32,8 +32,6 @@ public class ConfigParser { private HashMap>> options = new HashMap>>(); private HashMap> meta = new HashMap>(); private String auth_user_pass_file; - private String crl_verify_file; - public void parseConfig(Reader reader) throws IOException, ConfigParseError { @@ -132,10 +130,6 @@ public class ConfigParser { return auth_user_pass_file; } - public String getCrlVerifyFile() { - return crl_verify_file; - } - enum linestate { initial, readin_single_quote, reading_quoted, reading_unquoted, done @@ -621,11 +615,12 @@ public class ConfigParser { Vector crlfile = getOption("crl-verify", 1, 2); if (crlfile != null) { // If the 'dir' parameter is present just add it as custom option .. - np.mCustomConfigOptions += TextUtils.join(" ", crlfile) + "\n"; - if (crlfile.size() == 2) { + if (crlfile.size() == 3 && crlfile.get(2).equals("dir")) + np.mCustomConfigOptions += TextUtils.join(" ", crlfile) + "\n"; + else // Save the filename for the config converter to add later - crl_verify_file = crlfile.get(1); - } + np.mCrlFilename = crlfile.get(1); + } @@ -813,16 +808,6 @@ public class ConfigParser { } } - public static void removeCRLCustomOption(VpnProfile np) { - String lines[] = np.mCustomConfigOptions.split("\\r?\\n"); - Vector keeplines = new Vector<>(); - for (String l : lines) { - if (!l.startsWith("crl-verify ")) - keeplines.add(l); - } - np.mCustomConfigOptions = TextUtils.join("\n", keeplines); - } - private void checkIgnoreAndInvalidOptions(VpnProfile np) throws ConfigParseError { for (String option : unsupportedOptions) if (options.containsKey(option)) diff --git a/main/src/main/java/de/blinkt/openvpn/fragments/Settings_Basic.java b/main/src/main/java/de/blinkt/openvpn/fragments/Settings_Basic.java index 71ba3d8a..78976c44 100644 --- a/main/src/main/java/de/blinkt/openvpn/fragments/Settings_Basic.java +++ b/main/src/main/java/de/blinkt/openvpn/fragments/Settings_Basic.java @@ -51,6 +51,7 @@ public class Settings_Basic extends Settings_Fragment implements View.OnClickLis private CheckBox mUseLzo; private Spinner mType; private FileSelectLayout mpkcs12; + private FileSelectLayout mCrlFile; private TextView mPKCS12Password; private Handler mHandler; private EditText mUserName; @@ -62,8 +63,7 @@ public class Settings_Basic extends Settings_Fragment implements View.OnClickLis private SparseArray fileselects = new SparseArray<>(); - - private void addFileSelectLayout (FileSelectLayout fsl, Utils.FileType type) { + private void addFileSelectLayout (FileSelectLayout fsl, Utils.FileType type) { int i = fileselects.size() + CHOOSE_FILE_OFFSET; fileselects.put(i, fsl); fsl.setCaller(this, i, type); @@ -126,6 +126,7 @@ public class Settings_Basic extends Settings_Fragment implements View.OnClickLis mClientKey = (FileSelectLayout) mView.findViewById(R.id.keyselect); mCaCert = (FileSelectLayout) mView.findViewById(R.id.caselect); mpkcs12 = (FileSelectLayout) mView.findViewById(R.id.pkcs12select); + mCrlFile = (FileSelectLayout) mView.findViewById(id.crlfile); mUseLzo = (CheckBox) mView.findViewById(R.id.lzo); mType = (Spinner) mView.findViewById(R.id.type); mPKCS12Password = (TextView) mView.findViewById(R.id.pkcs12password); @@ -140,6 +141,7 @@ public class Settings_Basic extends Settings_Fragment implements View.OnClickLis addFileSelectLayout(mClientCert, Utils.FileType.CLIENT_CERTIFICATE); addFileSelectLayout(mClientKey, Utils.FileType.KEYFILE); addFileSelectLayout(mpkcs12, Utils.FileType.PKCS12); + addFileSelectLayout(mCrlFile, Utils.FileType.CRL_FILE); mCaCert.setShowClear(); mType.setOnItemSelectedListener(this); @@ -244,6 +246,7 @@ public class Settings_Basic extends Settings_Fragment implements View.OnClickLis mClientCert.setData(mProfile.mClientCertFilename, getActivity()); mClientKey.setData(mProfile.mClientKeyFilename, getActivity()); mCaCert.setData(mProfile.mCaFilename, getActivity()); + mCrlFile.setData(mProfile.mCrlFilename, getActivity()); mUseLzo.setChecked(mProfile.mUseLzo); mType.setSelection(mProfile.mAuthenticationType); @@ -263,6 +266,7 @@ public class Settings_Basic extends Settings_Fragment implements View.OnClickLis mProfile.mCaFilename = mCaCert.getData(); mProfile.mClientCertFilename = mClientCert.getData(); mProfile.mClientKeyFilename = mClientKey.getData(); + mProfile.mCrlFilename = mCrlFile.getData(); mProfile.mUseLzo = mUseLzo.isChecked(); mProfile.mAuthenticationType = mType.getSelectedItemPosition(); @@ -287,7 +291,8 @@ public class Settings_Basic extends Settings_Fragment implements View.OnClickLis } } - public void showCertDialog () { + @SuppressWarnings("WrongConstant") + public void showCertDialog () { try { KeyChain.choosePrivateKeyAlias(getActivity(), new KeyChainAliasCallback() { diff --git a/main/src/main/res/layout/basic_settings.xml b/main/src/main/res/layout/basic_settings.xml index 8a4d290f..94963d9e 100644 --- a/main/src/main/res/layout/basic_settings.xml +++ b/main/src/main/res/layout/basic_settings.xml @@ -203,6 +203,13 @@ android:singleLine="false" android:text="@string/static_keys_info" /> + diff --git a/main/src/main/res/values/strings.xml b/main/src/main/res/values/strings.xml index b685c3eb..ec3449eb 100755 --- a/main/src/main/res/values/strings.xml +++ b/main/src/main/res/values/strings.xml @@ -403,4 +403,5 @@ tls-auth file is missing Missing user certificate or user certifcate key file Missing CA certificate + Certifcate Revoke List (optional) -- cgit v1.2.3