Skip to content

Commit

Permalink
Merge pull request Jigsaw-Code#210 from Jigsaw-Code/bemasc-remote-config
Browse files Browse the repository at this point in the history
Add remote config and disable TLS probes by default
  • Loading branch information
Benjamin M. Schwartz authored Aug 15, 2019
2 parents 3f23c61 + 581e494 commit 583b583
Show file tree
Hide file tree
Showing 8 changed files with 77 additions and 17 deletions.
1 change: 1 addition & 0 deletions Android/app/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -125,6 +125,7 @@ dependencies {
implementation 'com.google.firebase:firebase-perf:16.2.5' // Last version to support API <17
implementation 'com.crashlytics.sdk.android:crashlytics:2.10.1'
implementation 'com.crashlytics.sdk.android:crashlytics-ndk:2.1.0'
implementation 'com.google.firebase:firebase-config:16.5.0' // Last version to support API <16
// For Sockslib
implementation 'org.slf4j:slf4j-api:1.7.25'
implementation 'org.slf4j:slf4j-android:1.7.25'
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,7 @@ public void run() {

// The TLS probe could be slow, so we run it asynchronously to avoid delaying VPN setup.
new Thread(() -> {
Result r = TLSProbe.run(context, TLSProbe.DEFAULT_URL);
Result r = TLSProbe.run(context);
LogWrapper.log(Log.INFO, LOG_TAG, "TLS probe result: " + r.name());
proxy.enableTlsWorkaround(r == Result.TLS_FAILED);
}).start();
Expand Down
34 changes: 24 additions & 10 deletions Android/app/src/main/java/app/intra/net/socks/TLSProbe.java
Original file line number Diff line number Diff line change
Expand Up @@ -19,17 +19,17 @@
import android.os.Bundle;
import app.intra.sys.Names;
import com.google.firebase.analytics.FirebaseAnalytics;
import com.google.firebase.remoteconfig.FirebaseRemoteConfig;
import java.io.IOException;
import java.net.URL;
import javax.net.ssl.SSLHandshakeException;

// Static utility to check whether the user's connection supports standard TLS sockets.
class TLSProbe {
static final String DEFAULT_URL = "https://www.google.com/";
enum Result {SUCCESS, TLS_FAILED, OTHER_FAILED}
private static Result probe(String spec) {
private static Result probe(String target) {
try {
URL url = new URL(spec);
URL url = new URL("https://" + target);
url.openConnection().connect();
} catch (SSLHandshakeException e) {
if (e.getMessage().toLowerCase().contains("cert")) {
Expand All @@ -43,13 +43,27 @@ private static Result probe(String spec) {
return Result.SUCCESS;
}

static Result run(Context context, String url) {
Result r = probe(url);
if (context != null) {
Bundle b = new Bundle();
b.putString(Names.RESULT.name(), r.name());
FirebaseAnalytics.getInstance(context).logEvent(Names.TLS_PROBE.name(), b);
static Result run(Context context, String[] targets) {
Result worstResult = Result.SUCCESS;
for (String target : targets) {
Result r = probe(target);
if (context != null) {
Bundle b = new Bundle();
b.putString(Names.RESULT.name(), r.name());
b.putString(Names.SERVER.name(), target);
FirebaseAnalytics.getInstance(context).logEvent(Names.TLS_PROBE.name(), b);
}
if (r == Result.TLS_FAILED ||
(r == Result.OTHER_FAILED && worstResult == Result.SUCCESS)) {
worstResult = r;
}
}
return r;
return worstResult;
}

static Result run(Context context) {
String[] domains = FirebaseRemoteConfig.getInstance()
.getString("tls_probe_servers").split(",");
return run(context, domains);
}
}
3 changes: 2 additions & 1 deletion Android/app/src/main/java/app/intra/sys/AutoStarter.java
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,8 @@ public void onReceive(Context context, Intent intent) {
context.startActivity(startIntent);
return;
}
controller.start(context);
// Fetch remote config, then start the VPN.
RemoteConfig.update().addOnCompleteListener(task -> controller.start(context));
}
}
}
33 changes: 33 additions & 0 deletions Android/app/src/main/java/app/intra/sys/RemoteConfig.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
/*
Copyright 2019 Jigsaw Operations LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package app.intra.sys;

import app.intra.R;
import com.google.android.gms.tasks.Task;
import com.google.firebase.remoteconfig.FirebaseRemoteConfig;

/**
* Utility class for initializing Firebase Remote Config. Remote Configuration allows us to conduct
* A/B tests of experimental functionality, and to enable or disable features without having to
* release a new version of the app.
*/
public class RemoteConfig {
public static Task<Boolean> update() {
FirebaseRemoteConfig config = FirebaseRemoteConfig.getInstance();
config.setDefaults(R.xml.remote_config_defaults);
return config.fetchAndActivate();
}
}
4 changes: 4 additions & 0 deletions Android/app/src/main/java/app/intra/ui/MainActivity.java
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,7 @@
import app.intra.sys.Names;
import app.intra.sys.PersistentState;
import app.intra.sys.QueryTracker;
import app.intra.sys.RemoteConfig;
import app.intra.sys.VpnController;
import app.intra.sys.VpnState;
import app.intra.ui.settings.ServerApprovalDialogFragment;
Expand Down Expand Up @@ -159,6 +160,9 @@ protected void onCreate(Bundle savedInstanceState) {
// Sync old settings into new preferences if necessary.
PersistentState.syncLegacyState(this);

// Start an asynchronous fetch for the Firebase remote configuration.
RemoteConfig.update();

// Export defaults into preferences. See https://developer.android.com/guide/topics/ui/settings#Defaults
PreferenceManager.setDefaultValues(this, R.xml.preferences, false);

Expand Down
7 changes: 7 additions & 0 deletions Android/app/src/main/res/xml/remote_config_defaults.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
<?xml version="1.0" encoding="utf-8"?>
<defaultsMap>
<entry>
<key>tls_probe_servers</key>
<value></value>
</entry>
</defaultsMap>
10 changes: 5 additions & 5 deletions Android/app/src/test/java/app/intra/net/socks/TLSProbeTest.java
Original file line number Diff line number Diff line change
Expand Up @@ -25,26 +25,26 @@ public class TLSProbeTest {
@Test
public void success() {
assertEquals(Result.SUCCESS,
TLSProbe.run(null, TLSProbe.DEFAULT_URL));
TLSProbe.run(null, new String[]{"www.google.com"}));
}

@Test
public void tlsFailed() {
assertEquals(Result.TLS_FAILED,
TLSProbe.run(null, "https://untrusted-root.badssl.com/"));
TLSProbe.run(null, new String[]{"untrusted-root.badssl.com"}));
assertEquals(Result.TLS_FAILED,
TLSProbe.run(null, "https://self-signed.badssl.com/"));
TLSProbe.run(null, new String[]{"self-signed.badssl.com"}));
}

@Test
public void otherFailedDNS() {
assertEquals(Result.OTHER_FAILED,
TLSProbe.run(null, "https://bad-domain.bad-tld/"));
TLSProbe.run(null, new String[]{"bad-domain.bad-tld"}));
}

@Test
public void otherFailedEmpty() {
assertEquals(Result.OTHER_FAILED,
TLSProbe.run(null, "https://dns.google:53/"));
TLSProbe.run(null, new String[]{"dns.google:53"}));
}
}

0 comments on commit 583b583

Please sign in to comment.