Better (but more complicated) method for (dis)connecting OpenVPN

Author: comp500

app/src/main/AndroidManifest.xml

@@ -48,6 +48,7 @@
         <service
             android:name=".service.StunnelIntentService"
             android:exported="false" />
+        <service android:name=".service.ServiceStopReceiver$OpenVPNIntentService" />
 
         <receiver
             android:name=".service.BootReceiver"

app/src/main/aidl/de/blinkt/openvpn/api/APIVpnProfile.aidl

@@ -0,0 +1,3 @@
+package de.blinkt.openvpn.api;
+
+parcelable APIVpnProfile;

app/src/main/aidl/de/blinkt/openvpn/api/IOpenVPNAPIService.aidl

@@ -0,0 +1,66 @@
+// IOpenVPNAPIService.aidl
+package de.blinkt.openvpn.api;
+
+import de.blinkt.openvpn.api.APIVpnProfile;
+import de.blinkt.openvpn.api.IOpenVPNStatusCallback; 
+
+import android.content.Intent;
+import android.os.ParcelFileDescriptor;
+
+interface IOpenVPNAPIService {
+	List<APIVpnProfile> getProfiles();
+	
+	void startProfile (String profileUUID);
+	
+	/** Use a profile with all certificates etc. embedded,
+	 * old version which does not return the UUID of the addded profile, see
+	 * below for a version that return the UUID on add */
+	boolean addVPNProfile (String name, String config);
+	
+	/** start a profile using a config as inline string. Make sure that all needed data is inlined,
+	 * e.g., using <ca>...</ca> or <auth-user-pass>...</auth-user-pass>
+	 * See the OpenVPN manual page for more on inlining files */
+	void startVPN (in String inlineconfig);
+	
+	/** This permission framework is used  to avoid confused deputy style attack to the VPN
+	 * calling this will give null if the app is allowed to use the external API and an Intent
+	 * that can be launched to request permissions otherwise */
+	Intent prepare (in String packagename);
+	
+	/** Used to trigger to the Android VPN permission dialog (VPNService.prepare()) in advance,
+	 * if this return null OpenVPN for ANdroid already has the permissions otherwise you can start the returned Intent
+	 * to let OpenVPN for Android request the permission */
+	Intent prepareVPNService ();
+
+	/* Disconnect the VPN */
+    void disconnect();
+
+    /* Pause the VPN (same as using the pause feature in the notifcation bar) */
+    void pause();
+
+    /* Resume the VPN (same as using the pause feature in the notifcation bar) */
+    void resume();
+    
+    /**
+      * Registers to receive OpenVPN Status Updates
+      */
+    void registerStatusCallback(in IOpenVPNStatusCallback cb);
+    
+    /**
+     * Remove a previously registered callback interface.
+     */
+    void unregisterStatusCallback(in IOpenVPNStatusCallback cb);
+
+	/** Remove a profile by UUID */
+	void removeProfile (in String profileUUID);
+
+	/** Request a socket to be protected as a VPN socket would be. Useful for creating
+	  * a helper socket for an app controlling OpenVPN
+	  * Before calling this function you should make sure OpenVPN for Android may actually
+	  * this function by checking if prepareVPNService returns null; */
+	boolean protectSocket(in ParcelFileDescriptor fd);
+
+
+    /** Use a profile with all certificates etc. embedded */
+    APIVpnProfile addNewVPNProfile (String name, boolean userEditable, String config);
+}

app/src/main/aidl/de/blinkt/openvpn/api/IOpenVPNStatusCallback.aidl

@@ -0,0 +1,13 @@
+package de.blinkt.openvpn.api;
+
+/**
+ * Example of a callback interface used by IRemoteService to send
+ * synchronous notifications back to its clients.  Note that this is a
+ * one-way interface so the server does not block waiting for the client.
+ */
+interface IOpenVPNStatusCallback {
+    /**
+     * Called when the service has a new status for you.
+     */
+    oneway void newStatus(in String uuid, in String state, in String message, in String level);
+}

app/src/main/java/de/blinkt/openvpn/api/APIVpnProfile.java

@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 2012-2016 Arne Schwabe
+ * Distributed under the GNU GPL v2 with additional terms. For full terms see the file doc/LICENSE.txt
+ */
+
+package de.blinkt.openvpn.api;
+
+import android.os.Parcel;
+import android.os.Parcelable;
+
+public class APIVpnProfile implements Parcelable {
+
+    public final String mUUID;
+    public final String mName;
+    public final boolean mUserEditable;
+    //public final String mProfileCreator;
+
+    public APIVpnProfile(Parcel in) {
+        mUUID = in.readString();
+        mName = in.readString();
+        mUserEditable = in.readInt() != 0;
+        //mProfileCreator = in.readString();
+    }
+
+    public APIVpnProfile(String uuidString, String name, boolean userEditable, String profileCreator) {
+        mUUID = uuidString;
+        mName = name;
+        mUserEditable = userEditable;
+        //mProfileCreator = profileCreator;
+    }
+
+    @Override
+    public int describeContents() {
+        return 0;
+    }
+
+    @Override
+    public void writeToParcel(Parcel dest, int flags) {
+        dest.writeString(mUUID);
+        dest.writeString(mName);
+        if (mUserEditable)
+            dest.writeInt(0);
+        else
+            dest.writeInt(1);
+        //dest.writeString(mProfileCreator);
+    }
+
+    public static final Parcelable.Creator<APIVpnProfile> CREATOR
+            = new Parcelable.Creator<APIVpnProfile>() {
+        public APIVpnProfile createFromParcel(Parcel in) {
+            return new APIVpnProfile(in);
+        }
+
+        public APIVpnProfile[] newArray(int size) {
+            return new APIVpnProfile[size];
+        }
+    };
+
+
+}

app/src/main/java/link/infra/sslsocks/gui/OpenVPNIntegrationHandler.java

@@ -0,0 +1,134 @@
+package link.infra.sslsocks.gui;
+
+import android.app.Activity;
+import android.content.ComponentName;
+import android.content.Context;
+import android.content.Intent;
+import android.content.ServiceConnection;
+import android.os.IBinder;
+import android.os.RemoteException;
+import android.util.Log;
+
+import java.lang.ref.WeakReference;
+import java.util.List;
+import java.util.Objects;
+
+import de.blinkt.openvpn.api.APIVpnProfile;
+import de.blinkt.openvpn.api.IOpenVPNAPIService;
+
+public class OpenVPNIntegrationHandler {
+	private IOpenVPNAPIService srv = null;
+	public static final int PERMISSION_REQUEST = 100;
+	public static final int VPN_PERMISSION_REQUEST = 101;
+
+	private static final String TAG = OpenVPNIntegrationHandler.class.getSimpleName();
+	private WeakReference<Context> ctxRef;
+	private boolean isActivity = true;
+	private final Runnable doneCallback;
+	private final String profileName;
+	private final boolean shouldDisconnect;
+
+	public OpenVPNIntegrationHandler(Activity ctx, Runnable doneCallback, String profile, boolean shouldDisconnect) {
+		this.ctxRef = new WeakReference<Context>(ctx);
+		this.doneCallback = doneCallback;
+		this.profileName = profile;
+		this.shouldDisconnect = shouldDisconnect;
+		Log.d(TAG, "created");
+	}
+
+	public OpenVPNIntegrationHandler(Context ctx, Runnable doneCallback, String profile, boolean shouldDisconnect) {
+		isActivity = false;
+		this.ctxRef = new WeakReference<>(ctx);
+		this.doneCallback = doneCallback;
+		this.profileName = profile;
+		this.shouldDisconnect = shouldDisconnect;
+		Log.d(TAG, "created");
+	}
+
+	private final ServiceConnection mConnection = new ServiceConnection() {
+		public void onServiceConnected(ComponentName className, IBinder service) {
+			srv = IOpenVPNAPIService.Stub.asInterface(service);
+
+			try {
+				Intent intent = srv.prepare(ctxRef.get().getPackageName());
+				if (intent != null && isActivity) {
+					Log.d(TAG, "requesting permission");
+					((Activity)ctxRef.get()).startActivityForResult(intent, PERMISSION_REQUEST);
+				} else {
+					doVpnPermissionRequest();
+				}
+			} catch (RemoteException e) {
+				Log.e(TAG, "Failed to connect to OpenVPN", e);
+			}
+		}
+
+		public void onServiceDisconnected(ComponentName className) {
+			srv = null;
+		}
+	};
+
+	public void bind() {
+		if (srv != null || ctxRef.get() == null) return;
+		Intent intent = new Intent(IOpenVPNAPIService.class.getName());
+		intent.setPackage("de.blinkt.openvpn");
+		ctxRef.get().bindService(intent, mConnection, Context.BIND_AUTO_CREATE);
+		Log.d(TAG, "bound");
+	}
+
+	public void unbind() {
+		if (ctxRef.get() == null) return;
+		ctxRef.get().unbindService(mConnection);
+	}
+
+	public void doVpnPermissionRequest() {
+		try {
+			Intent intent = srv.prepareVPNService();
+			if (intent != null && isActivity) {
+				Log.d(TAG, "requesting vpn perms");
+				((Activity)ctxRef.get()).startActivityForResult(intent, VPN_PERMISSION_REQUEST);
+			} else {
+				if (shouldDisconnect) {
+					disconnect();
+				} else {
+					connectProfile();
+				}
+			}
+		} catch (RemoteException e) {
+			Log.e(TAG, "Failed to connect to OpenVPN", e);
+		}
+	}
+
+	public void connectProfile() {
+		try {
+			List<APIVpnProfile> profiles = srv.getProfiles();
+			APIVpnProfile foundProfile = null;
+			for (APIVpnProfile profile : profiles) {
+				if (Objects.equals(profile.mName, profileName)) {
+					foundProfile = profile;
+					break;
+				}
+			}
+			if (foundProfile == null) {
+				Log.e(TAG, "Failed to find profile");
+				return;
+			}
+			Log.d(TAG, "starting profile");
+			srv.startProfile(foundProfile.mUUID);
+		} catch (RemoteException e) {
+			Log.e(TAG, "Failed to connect to OpenVPN", e);
+		}
+		doneCallback.run();
+	}
+
+	public void disconnect() {
+		try {
+			srv.disconnect();
+		} catch (RemoteException e) {
+			Log.e(TAG, "Failed to connect to OpenVPN", e);
+		}
+		if (shouldDisconnect) {
+			doneCallback.run();
+		}
+	}
+
+}

app/src/main/java/link/infra/sslsocks/gui/ServiceShortcutActivity.java

@@ -1,17 +1,55 @@
 package link.infra.sslsocks.gui;
 
 import android.app.Activity;
+import android.content.Intent;
 import android.os.Bundle;
 
+import androidx.preference.PreferenceManager;
+
 import link.infra.sslsocks.service.StunnelIntentService;
 
 public class ServiceShortcutActivity extends Activity {
+	OpenVPNIntegrationHandler openVPNIntegrationHandler;
 
 	@Override
 	protected void onCreate(Bundle savedInstanceState) {
 		super.onCreate(savedInstanceState);
 
 		StunnelIntentService.start(this);
-		finish();
+		String openVpnProfile = PreferenceManager.getDefaultSharedPreferences(this).getString("open_vpn_profile", "");
+		if (openVpnProfile != null && openVpnProfile.trim().length() > 0) {
+			openVPNIntegrationHandler = new OpenVPNIntegrationHandler(this, new Runnable() {
+				@Override
+				public void run() {
+					ServiceShortcutActivity.this.finish();
+				}
+			}, openVpnProfile, false);
+			openVPNIntegrationHandler.bind();
+		}
+		if (openVPNIntegrationHandler == null) {
+			finish();
+		}
+	}
+
+	@Override
+	protected void onActivityResult(int requestCode, int resultCode, Intent data) {
+		super.onActivityResult(requestCode, resultCode, data);
+		if (requestCode == OpenVPNIntegrationHandler.PERMISSION_REQUEST) {
+			if (resultCode == RESULT_OK && openVPNIntegrationHandler != null) {
+				openVPNIntegrationHandler.doVpnPermissionRequest();
+			}
+		} else if (requestCode == OpenVPNIntegrationHandler.VPN_PERMISSION_REQUEST) {
+			if (resultCode == RESULT_OK && openVPNIntegrationHandler != null) {
+				openVPNIntegrationHandler.connectProfile();
+			}
+		}
+	}
+
+	@Override
+	protected void onDestroy() {
+		super.onDestroy();
+		if (openVPNIntegrationHandler != null) {
+			openVPNIntegrationHandler.unbind();
+		}
 	}
 }