From 4989dad67b68b38e75416916df406dcec908b399 Mon Sep 17 00:00:00 2001 From: pacien Date: Thu, 7 Sep 2017 14:27:37 +0200 Subject: Implement encrypted private keys support --- .../java/org/pacien/tincapp/commands/TincApp.kt | 24 ++++++++++++++++++++++ .../main/java/org/pacien/tincapp/commands/Tincd.kt | 6 ++++-- 2 files changed, 28 insertions(+), 2 deletions(-) (limited to 'app/src/main/java/org/pacien/tincapp/commands') diff --git a/app/src/main/java/org/pacien/tincapp/commands/TincApp.kt b/app/src/main/java/org/pacien/tincapp/commands/TincApp.kt index b18a39b..b564b6a 100644 --- a/app/src/main/java/org/pacien/tincapp/commands/TincApp.kt +++ b/app/src/main/java/org/pacien/tincapp/commands/TincApp.kt @@ -1,9 +1,14 @@ package org.pacien.tincapp.commands import java8.util.concurrent.CompletableFuture +import org.pacien.tincapp.R import org.pacien.tincapp.commands.Executor.runAsyncTask +import org.pacien.tincapp.context.App import org.pacien.tincapp.context.AppPaths +import org.pacien.tincapp.data.TincConfiguration import org.pacien.tincapp.data.VpnInterfaceConfiguration +import org.pacien.tincapp.utils.PemUtils +import java.io.FileNotFoundException /** * @author pacien @@ -16,6 +21,16 @@ object TincApp { private fun listScripts(netName: String) = AppPaths.confDir(netName).listFiles { f -> f.name in STATIC_SCRIPTS } + AppPaths.hostsDir(netName).listFiles { f -> SCRIPT_SUFFIXES.any { f.name.endsWith(it) } } + fun listPrivateKeys(netName: String) = try { + TincConfiguration.fromTincConfiguration(AppPaths.existing(AppPaths.tincConfFile(netName))).let { + listOf( + it.privateKeyFile ?: AppPaths.defaultRsaPrivateKeyFile(netName), + it.ed25519PrivateKeyFile ?: AppPaths.defaultEd25519PrivateKeyFile(netName)) + } + } catch (e: FileNotFoundException) { + throw FileNotFoundException(App.getResources().getString(R.string.message_network_config_not_found_format, e.message!!)) + } + fun removeScripts(netName: String): CompletableFuture = runAsyncTask { listScripts(netName).forEach { it.delete() } } @@ -26,4 +41,13 @@ object TincApp { .write(AppPaths.netConfFile(netName)) } + fun setPassphrase(netName: String, currentPassphrase: String? = null, newPassphrase: String?): CompletableFuture = runAsyncTask { + listPrivateKeys(netName) + .filter { it.exists() } + .map { Pair(PemUtils.read(it), it) } + .map { Pair(PemUtils.decrypt(it.first, currentPassphrase), it.second) } + .map { Pair(if (newPassphrase?.isNotEmpty() == true) PemUtils.encrypt(it.first, newPassphrase) else it.first, it.second) } + .forEach { PemUtils.write(it.first, it.second.writer()) } + } + } diff --git a/app/src/main/java/org/pacien/tincapp/commands/Tincd.kt b/app/src/main/java/org/pacien/tincapp/commands/Tincd.kt index db113cc..d44d930 100644 --- a/app/src/main/java/org/pacien/tincapp/commands/Tincd.kt +++ b/app/src/main/java/org/pacien/tincapp/commands/Tincd.kt @@ -7,14 +7,16 @@ import org.pacien.tincapp.context.AppPaths */ object Tincd { - fun start(netName: String, fd: Int) { + fun start(netName: String, deviceFd: Int, ed25519PrivateKeyFd: Int? = null, rsaPrivateKeyFd: Int? = null) { Executor.forkExec(Command(AppPaths.tincd().absolutePath) .withOption("no-detach") .withOption("config", AppPaths.confDir(netName).absolutePath) .withOption("pidfile", AppPaths.pidFile(netName).absolutePath) .withOption("logfile", AppPaths.logFile(netName).absolutePath) .withOption("option", "DeviceType=fd") - .withOption("option", "Device=" + fd)) + .withOption("option", "Device=" + deviceFd) + .apply { if (ed25519PrivateKeyFd != null) withOption("option", "Ed25519PrivateKeyFile=/proc/self/fd/$ed25519PrivateKeyFd") } + .apply { if (rsaPrivateKeyFd != null) withOption("option", "PrivateKeyFile=/proc/self/fd/$rsaPrivateKeyFd") }) } } -- cgit v1.2.3