mirror of
https://github.com/moparisthebest/SSLDroid
synced 2024-11-30 04:42:17 -05:00
Added a bunch of input validation at the tunnel details screen
Signed-off-by: Balint Kovacs <blint@blint.hu>
This commit is contained in:
parent
e33cf5dc17
commit
8d35c15a02
@ -1,7 +1,17 @@
|
|||||||
package hu.blint.ssldroid;
|
package hu.blint.ssldroid;
|
||||||
|
|
||||||
import java.io.File;
|
import java.io.File;
|
||||||
|
import java.io.FileInputStream;
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.net.InetAddress;
|
||||||
|
import java.net.UnknownHostException;
|
||||||
|
import java.security.KeyStore;
|
||||||
|
import java.security.KeyStoreException;
|
||||||
|
import java.security.NoSuchAlgorithmException;
|
||||||
|
import java.security.UnrecoverableKeyException;
|
||||||
|
import java.security.cert.CertificateException;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
|
import java.util.Enumeration;
|
||||||
import java.util.LinkedList;
|
import java.util.LinkedList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
@ -63,28 +73,79 @@ public class SSLDroidTunnelDetails extends Activity {
|
|||||||
populateFields();
|
populateFields();
|
||||||
confirmButton.setOnClickListener(new View.OnClickListener() {
|
confirmButton.setOnClickListener(new View.OnClickListener() {
|
||||||
public void onClick(View view) {
|
public void onClick(View view) {
|
||||||
//TODO: put input validation here
|
|
||||||
//TODO: put local port collision check here
|
//TODO: put local port collision check here
|
||||||
if (name.getText().length() == 0) {
|
if (name.getText().length() == 0) {
|
||||||
Toast.makeText(getBaseContext(), "Required tunnel name parameter not setup, skipping save", 5).show();
|
Toast.makeText(getBaseContext(), "Required tunnel name parameter not setup, skipping save", 5).show();
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
if (localport.getText().length() == 0) {
|
//local port validation
|
||||||
Toast.makeText(getBaseContext(), "Required local port parameter not setup, skipping save", 5).show();
|
if (localport.getText().length() == 0) {
|
||||||
return;
|
Toast.makeText(getBaseContext(), "Required local port parameter not setup, skipping save", 5).show();
|
||||||
}
|
return;
|
||||||
if (remotehost.getText().length() == 0){
|
}
|
||||||
Toast.makeText(getBaseContext(), "Required remote host parameter not setup, skipping save", 5).show();
|
else {
|
||||||
return;
|
//local port should be between 1025-65535
|
||||||
}
|
int cPort = 0;
|
||||||
if (remoteport.getText().length() == 0){
|
try {
|
||||||
Toast.makeText(getBaseContext(), "Required remote port parameter not setup, skipping save", 5).show();
|
cPort = Integer.parseInt(localport.getText().toString());
|
||||||
return;
|
} catch (NumberFormatException e){
|
||||||
}
|
Toast.makeText(getBaseContext(), "Local port parameter has invalid number format", 5).show();
|
||||||
if (pkcsfile.getText().length() == 0){
|
return;
|
||||||
Toast.makeText(getBaseContext(), "Required PKCS12 file parameter not setup, skipping save", 5).show();
|
}
|
||||||
return;
|
if (cPort < 1025 || cPort > 65535) {
|
||||||
}
|
Toast.makeText(getBaseContext(), "Local port parameter not in valid range (1025-65535)", 5).show();
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
//remote host validation
|
||||||
|
if (remotehost.getText().length() == 0){
|
||||||
|
Toast.makeText(getBaseContext(), "Required remote host parameter not setup, skipping save", 5).show();
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
//remote host should exist
|
||||||
|
try {
|
||||||
|
InetAddress.getByName(remotehost.getText().toString());
|
||||||
|
} catch (UnknownHostException e){
|
||||||
|
Toast.makeText(getBaseContext(), "Remote host not found, please recheck...", 5).show();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
//remote port validation
|
||||||
|
if (remoteport.getText().length() == 0){
|
||||||
|
Toast.makeText(getBaseContext(), "Required remote port parameter not setup, skipping save", 5).show();
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
//remote port should be between 1025-65535
|
||||||
|
int cPort = 0;
|
||||||
|
try {
|
||||||
|
cPort = Integer.parseInt(remoteport.getText().toString());
|
||||||
|
} catch (NumberFormatException e){
|
||||||
|
Toast.makeText(getBaseContext(), "Remote port parameter has invalid number format", 5).show();
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
if (cPort < 1 || cPort > 65535) {
|
||||||
|
Toast.makeText(getBaseContext(), "Remote port parameter not in valid range (1-65535)", 5).show();
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (pkcsfile.getText().length() == 0){
|
||||||
|
Toast.makeText(getBaseContext(), "Required PKCS12 file parameter not setup, skipping save", 5).show();
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
// try to open pkcs12 file with password
|
||||||
|
String cPkcsFile = pkcsfile.getText().toString();
|
||||||
|
String cPkcsPass = pkcspass.getText().toString();
|
||||||
|
try {
|
||||||
|
if (checkKeys(cPkcsFile, cPkcsPass) == false){
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
} catch (Exception e) {
|
||||||
|
Toast.makeText(getBaseContext(), "PKCS12 problem: "+e.getMessage(), 5).show();
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
saveState();
|
saveState();
|
||||||
setResult(RESULT_OK);
|
setResult(RESULT_OK);
|
||||||
finish();
|
finish();
|
||||||
@ -156,6 +217,42 @@ public class SSLDroidTunnelDetails extends Activity {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public boolean checkKeys(String inCertPath, String passw) throws Exception {
|
||||||
|
try {
|
||||||
|
FileInputStream in_cert = new FileInputStream(inCertPath);
|
||||||
|
KeyStore myStore = KeyStore.getInstance("PKCS12");
|
||||||
|
myStore.load(in_cert, passw.toCharArray());
|
||||||
|
Enumeration<String> eAliases = myStore.aliases();
|
||||||
|
while (eAliases.hasMoreElements()) {
|
||||||
|
String strAlias = (String) eAliases.nextElement();
|
||||||
|
if (myStore.isKeyEntry(strAlias)) {
|
||||||
|
// try to retrieve the private key part from PKCS12 certificate
|
||||||
|
myStore.getKey(strAlias, passw.toCharArray());
|
||||||
|
// try to retrieve the certificate part from PKCS12 certificate
|
||||||
|
myStore.getCertificate(strAlias);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
} catch (KeyStoreException e) {
|
||||||
|
Toast.makeText(getBaseContext(), "PKCS12 problem: "+e.getMessage(), 10).show();
|
||||||
|
return false;
|
||||||
|
} catch (NoSuchAlgorithmException e) {
|
||||||
|
Toast.makeText(getBaseContext(), "PKCS12 problem: "+e.getMessage(), 10).show();
|
||||||
|
return false;
|
||||||
|
} catch (CertificateException e) {
|
||||||
|
Toast.makeText(getBaseContext(), "PKCS12 problem: "+e.getMessage(), 10).show();
|
||||||
|
return false;
|
||||||
|
} catch (IOException e) {
|
||||||
|
Toast.makeText(getBaseContext(), "PKCS12 problem: "+e.getMessage(), 10).show();
|
||||||
|
return false;
|
||||||
|
} catch (UnrecoverableKeyException e) {
|
||||||
|
Toast.makeText(getBaseContext(), "PKCS12 problem: "+e.getMessage(), 10).show();
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
protected void onSaveInstanceState(Bundle outState) {
|
protected void onSaveInstanceState(Bundle outState) {
|
||||||
super.onSaveInstanceState(outState);
|
super.onSaveInstanceState(outState);
|
||||||
saveState();
|
saveState();
|
||||||
|
@ -145,6 +145,7 @@ public class TcpProxyServerThread extends Thread {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public void run() {
|
public void run() {
|
||||||
|
//TODO: logging session ID
|
||||||
while (true) {
|
while (true) {
|
||||||
try {
|
try {
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user