Initial commit

This commit is contained in:
Nate Brown 2020-07-27 15:43:58 -05:00
commit b546dd1c9d
134 changed files with 10907 additions and 0 deletions

47
.gitignore vendored Normal file
View File

@ -0,0 +1,47 @@
# Miscellaneous
*.class
*.log
*.pyc
*.swp
.DS_Store
.atom/
.buildlog/
.history
.svn/
# IntelliJ related
*.iml
*.ipr
*.iws
.idea/
# The .vscode folder contains launch configuration and tasks you configure in
# VS Code which you may wish to be included in version control, so this line
# is commented out by default.
#.vscode/
# Flutter/Dart/Pub related
**/doc/api/
.dart_tool/
.flutter-plugins
.flutter-plugins-dependencies
.packages
.pub-cache/
.pub/
/build/
# Web related
lib/generated_plugin_registrant.dart
# Exceptions to above rules.
!/packages/flutter_tools/test/data/dart_dependencies_test/**/.packages
/nebula/local.settings
/nebula/MobileNebula.framework/
/nebula/mobileNebula-sources.jar
/nebula/vendor/
/android/app/src/main/libs/mobileNebula.aar
/nebula/mobileNebula.aar
/android/key.properties
/env.sh
/lib/gen.versions.dart
/lib/.gen.versions.dart

10
.metadata Normal file
View File

@ -0,0 +1,10 @@
# This file tracks properties of this Flutter project.
# Used by Flutter tool to assess capabilities and perform upgrades etc.
#
# This file should be version controlled and should not be manually edited.
version:
revision: 0b8abb4724aa590dd0f429683339b1e045a1594d
channel: stable
project_type: app

8
android/.gitignore vendored Normal file
View File

@ -0,0 +1,8 @@
gradle-wrapper.jar
/.gradle
/captures/
/gradlew
/gradlew.bat
/local.properties
GeneratedPluginRegistrant.java
/build/build-attribution/

102
android/app/build.gradle Normal file
View File

@ -0,0 +1,102 @@
def localProperties = new Properties()
def localPropertiesFile = rootProject.file('local.properties')
if (localPropertiesFile.exists()) {
localPropertiesFile.withReader('UTF-8') { reader ->
localProperties.load(reader)
}
}
def flutterRoot = localProperties.getProperty('flutter.sdk')
if (flutterRoot == null) {
throw new GradleException("Flutter SDK not found. Define location with flutter.sdk in the local.properties file.")
}
def flutterVersionCode = localProperties.getProperty('flutter.versionCode')
if (flutterVersionCode == null) {
flutterVersionCode = '1'
}
def flutterVersionName = localProperties.getProperty('flutter.versionName')
if (flutterVersionName == null) {
flutterVersionName = '1.0'
}
apply plugin: 'com.android.application'
apply plugin: 'kotlin-android'
apply from: "$flutterRoot/packages/flutter_tools/gradle/flutter.gradle"
def keystoreProperties = new Properties()
def keystorePropertiesFile = rootProject.file('key.properties')
if (keystorePropertiesFile.exists()) {
keystoreProperties.load(new FileInputStream(keystorePropertiesFile))
}
android {
compileSdkVersion 28
sourceSets {
main.java.srcDirs += 'src/main/kotlin'
}
lintOptions {
disable 'InvalidPackage'
}
defaultConfig {
applicationId "net.defined.mobile_nebula"
minSdkVersion 25
targetSdkVersion 28
versionCode flutterVersionCode.toInteger()
versionName flutterVersionName
testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
}
signingConfigs {
release {
keyAlias keystoreProperties['keyAlias']
keyPassword keystoreProperties['password']
storeFile keystoreProperties['storeFile'] ? file(keystoreProperties['storeFile']) : null
storePassword keystoreProperties['password']
}
}
buildTypes {
release {
signingConfig signingConfigs.release
// We are disabling minification and proguard because it wrecks the crypto for storing keys
// Ideally we would turn these on. We had issues with gson as well but resolved those with proguardFiles
minifyEnabled false
useProguard false
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
}
}
}
flutter {
source '../..'
}
repositories {
flatDir {
dirs 'src/main/libs'
}
}
dependencies {
implementation "org.jetbrains.kotlin:kotlin-stdlib-jdk7:$kotlin_version"
implementation "androidx.security:security-crypto:1.0.0-rc02"
implementation 'com.google.code.gson:gson:2.8.6'
testImplementation 'junit:junit:4.12'
androidTestImplementation 'androidx.test:runner:1.1.1'
androidTestImplementation 'androidx.test.espresso:espresso-core:3.1.1'
implementation (name:'mobileNebula', ext:'aar') {
exec {
workingDir '../../'
environment("ANDROID_NDK_HOME", android.ndkDirectory)
environment("ANDROID_HOME", android.sdkDirectory)
commandLine './gen-artifacts.sh', 'android'
}
}
}

11
android/app/proguard-rules.pro vendored Normal file
View File

@ -0,0 +1,11 @@
# Flutter Wrapper - this came from guidance at https://medium.com/@swav.kulinski/flutter-and-android-obfuscation-8768ac544421
-keep class io.flutter.app.** { *; }
-keep class io.flutter.plugin.** { *; }
-keep class io.flutter.util.** { *; }
-keep class io.flutter.view.** { *; }
-keep class io.flutter.** { *; }
-keep class io.flutter.plugins.** { *; }
# Keep our class names for gson
-keep class net.defined.mobile_nebula.** { *; }
-keep class androidx.security.crypto.** { *; }

View File

@ -0,0 +1,7 @@
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="net.defined.mobile_nebula">
<!-- Flutter needs it to communicate with the running application
to allow setting breakpoints, to provide hot reload, etc.
-->
<uses-permission android:name="android.permission.INTERNET"/>
</manifest>

View File

@ -0,0 +1,49 @@
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="net.defined.mobile_nebula">
<!-- io.flutter.app.FlutterApplication is an android.app.Application that
calls FlutterMain.startInitialization(this); in its onCreate method.
In most cases you can leave this as-is, but you if you want to provide
additional functionality it is fine to subclass or reimplement
FlutterApplication and put your custom class here. -->
<uses-permission android:name="android.permission.INTERNET"/>
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-feature android:name="android.hardware.camera" android:required="false" />
<application
android:name="io.flutter.app.FlutterApplication"
android:label="Nebula"
android:icon="@mipmap/ic_launcher">
<service android:name=".NebulaVpnService"
android:permission="android.permission.BIND_VPN_SERVICE"
android:process=":nebulaVpnBg">
<intent-filter>
<action android:name="android.net.VpnService"/>
</intent-filter>
</service>
<activity
android:name=".MainActivity"
android:launchMode="singleTop"
android:theme="@style/LaunchTheme"
android:configChanges="orientation|keyboardHidden|keyboard|screenSize|smallestScreenSize|locale|layoutDirection|fontScale|screenLayout|density|uiMode"
android:hardwareAccelerated="true"
android:windowSoftInputMode="adjustResize">
<intent-filter>
<action android:name="android.intent.action.MAIN"/>
<category android:name="android.intent.category.LAUNCHER"/>
</intent-filter>
</activity>
<provider
android:name="androidx.core.content.FileProvider"
android:authorities="${applicationId}.provider"
android:exported="false"
android:grantUriPermissions="true">
<meta-data
android:name="android.support.FILE_PROVIDER_PATHS"
android:resource="@xml/provider_paths"/>
</provider>
<!-- Don't delete the meta-data below.
This is used by the Flutter tool to generate GeneratedPluginRegistrant.java -->
<meta-data
android:name="flutterEmbedding"
android:value="2" />
</application>
</manifest>

View File

@ -0,0 +1,22 @@
package net.defined.mobile_nebula
import android.content.Context
import androidx.security.crypto.EncryptedFile
import androidx.security.crypto.MasterKeys
import java.io.*
class EncFile(var context: Context) {
private val scheme = EncryptedFile.FileEncryptionScheme.AES256_GCM_HKDF_4KB
private val master: String = MasterKeys.getOrCreate(MasterKeys.AES256_GCM_SPEC)
fun openRead(file: File): BufferedReader {
val eFile = EncryptedFile.Builder(file, context, master, scheme).build()
return eFile.openFileInput().bufferedReader()
}
fun openWrite(file: File): BufferedWriter {
val eFile = EncryptedFile.Builder(file, context, master, scheme).build()
return eFile.openFileOutput().bufferedWriter()
}
}

View File

@ -0,0 +1,402 @@
package net.defined.mobile_nebula
import android.app.Activity
import android.content.ComponentName
import android.content.Intent
import android.content.ServiceConnection
import android.net.VpnService
import android.os.*
import androidx.annotation.NonNull;
import com.google.gson.Gson
import io.flutter.embedding.android.FlutterActivity
import io.flutter.embedding.engine.FlutterEngine
import io.flutter.plugin.common.MethodCall
import io.flutter.plugin.common.MethodChannel
import io.flutter.plugins.GeneratedPluginRegistrant
const val TAG = "nebula"
const val VPN_PERMISSIONS_CODE = 0x0F
const val VPN_START_CODE = 0x10
const val CHANNEL = "net.defined.mobileNebula/NebulaVpnService"
class MainActivity: FlutterActivity() {
private var sites: Sites? = null
private var permResult: MethodChannel.Result? = null
private var inMessenger: Messenger? = Messenger(IncomingHandler())
private var outMessenger: Messenger? = null
private var activeSiteId: String? = null
override fun configureFlutterEngine(@NonNull flutterEngine: FlutterEngine) {
//TODO: Initializing in the constructor leads to a context lacking info we need, figure out the right way to do this
sites = Sites(context, flutterEngine)
// Bind against our service to detect which site is running on app boot
val intent = Intent(this, NebulaVpnService::class.java)
bindService(intent, connection, 0)
GeneratedPluginRegistrant.registerWith(flutterEngine);
MethodChannel(flutterEngine.dartExecutor.binaryMessenger, CHANNEL).setMethodCallHandler { call, result ->
when(call.method) {
"android.requestPermissions" -> androidPermissions(result)
"nebula.parseCerts" -> nebulaParseCerts(call, result)
"nebula.generateKeyPair" -> nebulaGenerateKeyPair(result)
"nebula.renderConfig" -> nebulaRenderConfig(call, result)
"listSites" -> listSites(result)
"deleteSite" -> deleteSite(call, result)
"saveSite" -> saveSite(call, result)
"startSite" -> startSite(call, result)
"stopSite" -> stopSite()
"active.listHostmap" -> activeListHostmap(call, result)
"active.listPendingHostmap" -> activeListPendingHostmap(call, result)
"active.getHostInfo" -> activeGetHostInfo(call, result)
"active.setRemoteForTunnel" -> activeSetRemoteForTunnel(call, result)
"active.closeTunnel" -> activeCloseTunnel(call, result)
else -> result.notImplemented()
}
}
}
private fun nebulaParseCerts(call: MethodCall, result: MethodChannel.Result) {
val certs = call.argument<String>("certs")
if (certs == "") {
return result.error("required_argument", "certs is a required argument", null)
}
return try {
val json = mobileNebula.MobileNebula.parseCerts(certs)
result.success(json)
} catch (err: Exception) {
result.error("unhandled_error", err.message, null)
}
}
private fun nebulaGenerateKeyPair(result: MethodChannel.Result) {
val kp = mobileNebula.MobileNebula.generateKeyPair()
return result.success(kp)
}
private fun nebulaRenderConfig(call: MethodCall, result: MethodChannel.Result) {
val config = call.arguments as String
val yaml = mobileNebula.MobileNebula.renderConfig(config, "<hidden>")
return result.success(yaml)
}
private fun listSites(result: MethodChannel.Result) {
sites!!.refreshSites(activeSiteId)
val sites = sites!!.getSites()
val gson = Gson()
val json = gson.toJson(sites)
result.success(json)
}
private fun deleteSite(call: MethodCall, result: MethodChannel.Result) {
val id = call.arguments as String
if (activeSiteId == id) {
stopSite()
}
sites!!.deleteSite(id)
result.success(null)
}
private fun saveSite(call: MethodCall, result: MethodChannel.Result) {
val site: IncomingSite
try {
val gson = Gson()
site = gson.fromJson(call.arguments as String, IncomingSite::class.java)
site.save(context)
} catch (err: Exception) {
//TODO: is toString the best or .message?
return result.error("failure", err.toString(), null)
}
val siteDir = context.filesDir.resolve("sites").resolve(site.id)
try {
// Try to render a full site, if this fails the config was bad somehow
Site(siteDir)
} catch (err: Exception) {
siteDir.deleteRecursively()
return result.error("failure", "Site config was incomplete, please review and try again", null)
}
result.success(null)
}
private fun startSite(call: MethodCall, result: MethodChannel.Result) {
val id = call.argument<String>("id")
if (id == "") {
return result.error("required_argument", "id is a required argument", null)
}
var siteContainer: SiteContainer = sites!!.getSite(id!!) ?: return result.error("unknown_site", "No site with that id exists", null)
siteContainer.site.connected = true
siteContainer.site.status = "Initializing..."
val intent = VpnService.prepare(this)
if (intent != null) {
//TODO: ensure this boots the correct bit, I bet it doesn't and we need to go back to the active symlink
intent.putExtra("path", siteContainer.site.path)
intent.putExtra("id", siteContainer.site.id)
startActivityForResult(intent, VPN_START_CODE)
} else {
val intent = Intent(this, NebulaVpnService::class.java)
intent.putExtra("path", siteContainer.site.path)
intent.putExtra("id", siteContainer.site.id)
onActivityResult(VPN_START_CODE, Activity.RESULT_OK, intent)
}
result.success(null)
}
private fun stopSite() {
val intent = Intent(this, NebulaVpnService::class.java)
intent.putExtra("COMMAND", "STOP")
//This is odd but stopService goes nowhere in my tests and this is correct
// according to the official example https://android.googlesource.com/platform/development/+/master/samples/ToyVpn/src/com/example/android/toyvpn/ToyVpnClient.java#116
startService(intent)
//TODO: why doesn't this work!?!?
// if (serviceIntent != null) {
// Log.e(TAG, "stopping ${serviceIntent.toString()}")
// stopService(serviceIntent)
// }
}
private fun activeListHostmap(call: MethodCall, result: MethodChannel.Result) {
val id = call.argument<String>("id")
if (id == "") {
return result.error("required_argument", "id is a required argument", null)
}
if (outMessenger == null || activeSiteId == null || activeSiteId != id) {
return result.success(null)
}
var msg = Message.obtain()
msg.what = NebulaVpnService.MSG_LIST_HOSTMAP
msg.replyTo = Messenger(object: Handler() {
override fun handleMessage(msg: Message) {
result.success(msg.data.getString("data"))
}
})
outMessenger?.send(msg)
}
private fun activeListPendingHostmap(call: MethodCall, result: MethodChannel.Result) {
val id = call.argument<String>("id")
if (id == "") {
return result.error("required_argument", "id is a required argument", null)
}
if (outMessenger == null || activeSiteId == null || activeSiteId != id) {
return result.success(null)
}
var msg = Message.obtain()
msg.what = NebulaVpnService.MSG_LIST_PENDING_HOSTMAP
msg.replyTo = Messenger(object: Handler() {
override fun handleMessage(msg: Message) {
result.success(msg.data.getString("data"))
}
})
outMessenger?.send(msg)
}
private fun activeGetHostInfo(call: MethodCall, result: MethodChannel.Result) {
val id = call.argument<String>("id")
if (id == "") {
return result.error("required_argument", "id is a required argument", null)
}
val vpnIp = call.argument<String>("vpnIp")
if (vpnIp == "") {
return result.error("required_argument", "vpnIp is a required argument", null)
}
val pending = call.argument<Boolean>("pending") ?: false
if (outMessenger == null || activeSiteId == null || activeSiteId != id) {
return result.success(null)
}
var msg = Message.obtain()
msg.what = NebulaVpnService.MSG_GET_HOSTINFO
msg.data.putString("vpnIp", vpnIp)
msg.data.putBoolean("pending", pending)
msg.replyTo = Messenger(object: Handler() {
override fun handleMessage(msg: Message) {
result.success(msg.data.getString("data"))
}
})
outMessenger?.send(msg)
}
private fun activeSetRemoteForTunnel(call: MethodCall, result: MethodChannel.Result) {
val id = call.argument<String>("id")
if (id == "") {
return result.error("required_argument", "id is a required argument", null)
}
val vpnIp = call.argument<String>("vpnIp")
if (vpnIp == "") {
return result.error("required_argument", "vpnIp is a required argument", null)
}
val addr = call.argument<String>("addr")
if (vpnIp == "") {
return result.error("required_argument", "addr is a required argument", null)
}
if (outMessenger == null || activeSiteId == null || activeSiteId != id) {
return result.success(null)
}
var msg = Message.obtain()
msg.what = NebulaVpnService.MSG_SET_REMOTE_FOR_TUNNEL
msg.data.putString("vpnIp", vpnIp)
msg.data.putString("addr", addr)
msg.replyTo = Messenger(object: Handler() {
override fun handleMessage(msg: Message) {
result.success(msg.data.getString("data"))
}
})
outMessenger?.send(msg)
}
private fun activeCloseTunnel(call: MethodCall, result: MethodChannel.Result) {
val id = call.argument<String>("id")
if (id == "") {
return result.error("required_argument", "id is a required argument", null)
}
val vpnIp = call.argument<String>("vpnIp")
if (vpnIp == "") {
return result.error("required_argument", "vpnIp is a required argument", null)
}
if (outMessenger == null || activeSiteId == null || activeSiteId != id) {
return result.success(null)
}
var msg = Message.obtain()
msg.what = NebulaVpnService.MSG_CLOSE_TUNNEL
msg.data.putString("vpnIp", vpnIp)
msg.replyTo = Messenger(object: Handler() {
override fun handleMessage(msg: Message) {
result.success(msg.data.getBoolean("data"))
}
})
outMessenger?.send(msg)
}
private fun androidPermissions(result: MethodChannel.Result) {
val intent = VpnService.prepare(this)
if (intent != null) {
permResult = result
return startActivityForResult(intent, VPN_PERMISSIONS_CODE)
}
// We already have the permission
result.success(null)
}
override fun onActivityResult(requestCode: Int, resultCode: Int, data: Intent?) {
// This is where activity results come back to us (startActivityForResult)
if (requestCode == VPN_PERMISSIONS_CODE && permResult != null) {
// We are processing a response for vpn permissions and the UI is waiting for feedback
//TODO: unlikely we ever register multiple attempts but this could be a trouble spot if we did
val result = permResult!!
permResult = null
if (resultCode == Activity.RESULT_OK) {
return result.success(null)
}
return result.error("denied", "User did not grant permission", null)
} else if (requestCode == VPN_START_CODE) {
// We are processing a response for permissions while starting the VPN (or reusing code in the event we already have perms)
startService(data)
if (outMessenger == null) {
bindService(data, connection, 0)
}
return
}
// The file picker needs us to super
super.onActivityResult(requestCode, resultCode, data)
}
/** Defines callbacks for service binding, passed to bindService() */
val connection = object : ServiceConnection {
override fun onServiceConnected(className: ComponentName, service: IBinder) {
outMessenger = Messenger(service)
// We want to monitor the service for as long as we are connected to it.
try {
val msg = Message.obtain(null, NebulaVpnService.MSG_REGISTER_CLIENT)
msg.replyTo = inMessenger
outMessenger?.send(msg)
} catch (e: RemoteException) {
// In this case the service has crashed before we could even
// do anything with it; we can count on soon being
// disconnected (and then reconnected if it can be restarted)
// so there is no need to do anything here.
//TODO:
}
val msg = Message.obtain(null, NebulaVpnService.MSG_IS_RUNNING)
outMessenger?.send(msg)
}
override fun onServiceDisconnected(arg0: ComponentName) {
outMessenger = null
if (activeSiteId != null) {
//TODO: this indicates the service died, notify that it is disconnected
}
activeSiteId = null
}
}
// Handle and route messages coming from the vpn service
inner class IncomingHandler: Handler() {
override fun handleMessage(msg: Message) {
val id = msg.data.getString("id")
//TODO: If the elvis hits then we had a deleted site running, which shouldn't happen
val site = sites!!.getSite(id) ?: return
when (msg.what) {
NebulaVpnService.MSG_IS_RUNNING -> isRunning(site, msg)
NebulaVpnService.MSG_EXIT -> serviceExited(site, msg)
else -> super.handleMessage(msg)
}
}
private fun isRunning(site: SiteContainer, msg: Message) {
var status = "Disconnected"
var connected = false
if (msg.arg1 == 1) {
status = "Connected"
connected = true
}
activeSiteId = site.site.id
site.updater.setState(connected, status)
}
private fun serviceExited(site: SiteContainer, msg: Message) {
activeSiteId = null
site.updater.setState(false, "Disconnected", msg.data.getString("error"))
}
}
}

View File

@ -0,0 +1,209 @@
package net.defined.mobile_nebula
import android.app.Service
import android.content.Context
import android.content.Intent
import android.net.ConnectivityManager
import android.net.VpnService
import android.os.*
import android.util.Log
import mobileNebula.CIDR
import java.io.File
class NebulaVpnService : VpnService() {
companion object {
private const val TAG = "NebulaVpnService"
const val MSG_REGISTER_CLIENT = 1
const val MSG_UNREGISTER_CLIENT = 2
const val MSG_IS_RUNNING = 3
const val MSG_LIST_HOSTMAP = 4
const val MSG_LIST_PENDING_HOSTMAP = 5
const val MSG_GET_HOSTINFO = 6
const val MSG_SET_REMOTE_FOR_TUNNEL = 7
const val MSG_CLOSE_TUNNEL = 8
const val MSG_EXIT = 9
}
/**
* Target we publish for clients to send messages to IncomingHandler.
*/
private lateinit var messenger: Messenger
private val mClients = ArrayList<Messenger>()
private var running: Boolean = false
private var site: Site? = null
private var nebula: mobileNebula.Nebula? = null
private var vpnInterface: ParcelFileDescriptor? = null
//TODO: bindService seems to be how to do IPC
override fun onStartCommand(intent: Intent?, flags: Int, startId: Int): Int {
if (intent?.getStringExtra("COMMAND") == "STOP") {
stopVpn()
return Service.START_NOT_STICKY
}
startVpn(intent?.getStringExtra("path"), intent?.getStringExtra("id"))
return super.onStartCommand(intent, flags, startId)
}
private fun startVpn(path: String?, id: String?) {
if (running) {
return announceExit(id, "Trying to run nebula but it is already running")
}
//TODO: if we fail to start, android will attempt a restart lacking all the intent data we need.
// Link active site config in Main to avoid this
site = Site(File(path))
var ipNet: CIDR
if (site!!.cert == null) {
return announceExit(id, "Site is missing a certificate")
}
try {
ipNet = mobileNebula.MobileNebula.parseCIDR(site!!.cert!!.cert.details.ips[0])
} catch (err: Exception) {
return announceExit(id, err.message ?: "$err")
}
val builder = Builder()
.addAddress(ipNet.ip, ipNet.maskSize.toInt())
.addRoute(ipNet.network, ipNet.maskSize.toInt())
.setMtu(site!!.mtu)
.setSession(TAG)
// Add our unsafe routes
site!!.unsafeRoutes.forEach { unsafeRoute ->
val ipNet = mobileNebula.MobileNebula.parseCIDR(unsafeRoute.route)
builder.addRoute(ipNet.network, ipNet.maskSize.toInt())
}
val cm = getSystemService(Context.CONNECTIVITY_SERVICE) as ConnectivityManager
cm.allNetworks.forEach { network ->
cm.getLinkProperties(network).dnsServers.forEach { builder.addDnsServer(it) }
}
try {
vpnInterface = builder.establish()
nebula = mobileNebula.MobileNebula.newNebula(site!!.config, site!!.getKey(this), site!!.logFile, vpnInterface!!.fd.toLong())
} catch (e: Exception) {
Log.e(TAG, "Got an error $e")
vpnInterface?.close()
announceExit(id, e.message)
return stopSelf()
}
nebula!!.start()
running = true
sendSimple(MSG_IS_RUNNING, if (running) 1 else 0)
}
private fun stopVpn() {
nebula?.stop()
vpnInterface?.close()
running = false
announceExit(site?.id, null)
}
override fun onDestroy() {
stopVpn()
//TODO: wait for the thread to exit
super.onDestroy()
}
private fun announceExit(id: String?, err: String?) {
val msg = Message.obtain(null, MSG_EXIT)
if (err != null) {
msg.data.putString("error", err)
Log.e(TAG, "$err")
}
send(msg, id)
}
/**
* Handler of incoming messages from clients.
*/
inner class IncomingHandler(context: Context, private val applicationContext: Context = context.applicationContext) : Handler() {
override fun handleMessage(msg: Message) {
//TODO: how do we limit what can talk to us?
//TODO: Make sure replyTo is actually a messenger
when (msg.what) {
MSG_REGISTER_CLIENT -> mClients.add(msg.replyTo)
MSG_UNREGISTER_CLIENT -> mClients.remove(msg.replyTo)
MSG_IS_RUNNING -> isRunning()
MSG_LIST_HOSTMAP -> listHostmap(msg)
MSG_LIST_PENDING_HOSTMAP -> listHostmap(msg)
MSG_GET_HOSTINFO -> getHostInfo(msg)
MSG_CLOSE_TUNNEL -> closeTunnel(msg)
MSG_SET_REMOTE_FOR_TUNNEL -> setRemoteForTunnel(msg)
else -> super.handleMessage(msg)
}
}
private fun isRunning() {
sendSimple(MSG_IS_RUNNING, if (running) 1 else 0)
}
private fun listHostmap(msg: Message) {
val res = nebula!!.listHostmap(msg.what == MSG_LIST_PENDING_HOSTMAP)
var m = Message.obtain(null, msg.what)
m.data.putString("data", res)
msg.replyTo.send(m)
}
private fun getHostInfo(msg: Message) {
val res = nebula!!.getHostInfoByVpnIp(msg.data.getString("vpnIp"), msg.data.getBoolean("pending"))
var m = Message.obtain(null, msg.what)
m.data.putString("data", res)
msg.replyTo.send(m)
}
private fun setRemoteForTunnel(msg: Message) {
val res = nebula!!.setRemoteForTunnel(msg.data.getString("vpnIp"), msg.data.getString("addr"))
var m = Message.obtain(null, msg.what)
m.data.putString("data", res)
msg.replyTo.send(m)
}
private fun closeTunnel(msg: Message) {
val res = nebula!!.closeTunnel(msg.data.getString("vpnIp"))
var m = Message.obtain(null, msg.what)
m.data.putBoolean("data", res)
msg.replyTo.send(m)
}
}
private fun sendSimple(type: Int, arg1: Int = 0, arg2: Int = 0) {
send(Message.obtain(null, type, arg1, arg2))
}
private fun sendObj(type: Int, obj: Any?) {
send(Message.obtain(null, type, obj))
}
private fun send(msg: Message, id: String? = null) {
msg.data.putString("id", id ?: site?.id)
mClients.forEach { m ->
try {
m.send(msg)
} catch (e: RemoteException) {
// The client is dead. Remove it from the list;
// we are going through the list from back to front
// so this is safe to do inside the loop.
//TODO: seems bad to remove in loop, double check this is ok
// mClients.remove(m)
}
}
}
override fun onBind(intent: Intent?): IBinder? {
if (intent != null && SERVICE_INTERFACE == intent.action) {
return super.onBind(intent)
}
messenger = Messenger(IncomingHandler(this))
return messenger.binder
}
}

View File

@ -0,0 +1,267 @@
package net.defined.mobile_nebula
import android.content.Context
import android.util.Log
import com.google.gson.Gson
import com.google.gson.annotations.Expose
import com.google.gson.annotations.SerializedName
import io.flutter.embedding.engine.FlutterEngine
import io.flutter.plugin.common.EventChannel
import java.io.File
import kotlin.collections.HashMap
data class SiteContainer(
val site: Site,
val updater: SiteUpdater
)
class Sites(private var context: Context, private var engine: FlutterEngine) {
private var sites: HashMap<String, SiteContainer> = HashMap()
init {
refreshSites()
}
fun refreshSites(activeSite: String? = null) {
val sitesDir = context.filesDir.resolve("sites")
if (!sitesDir.isDirectory) {
sitesDir.delete()
sitesDir.mkdir()
}
sites = HashMap()
sitesDir.listFiles().forEach { siteDir ->
try {
val site = Site(siteDir)
// Make sure we can load the private key
site.getKey(context)
val updater = SiteUpdater(site, engine)
if (site.id == activeSite) {
updater.setState(true, "Connected")
}
this.sites[site.id] = SiteContainer(site, updater)
} catch (err: Exception) {
siteDir.deleteRecursively()
Log.e(TAG, "Deleting non conforming site ${siteDir.absolutePath}", err)
}
}
}
fun getSites(): Map<String, Site> {
return sites.mapValues { it.value.site }
}
fun deleteSite(id: String) {
sites.remove(id)
val siteDir = context.filesDir.resolve("sites").resolve(id)
siteDir.deleteRecursively()
//TODO: make sure you stop the vpn
//TODO: make sure you relink the active site if this is the active site
}
fun getSite(id: String): SiteContainer? {
return sites[id]
}
}
class SiteUpdater(private var site: Site, engine: FlutterEngine): EventChannel.StreamHandler {
// eventSink is how we send info back up to flutter
private var eventChannel: EventChannel = EventChannel(engine.dartExecutor.binaryMessenger, "net.defined.nebula/${site.id}")
private var eventSink: EventChannel.EventSink? = null
fun setState(connected: Boolean, status: String, err: String? = null) {
site.connected = connected
site.status = status
val d = mapOf("connected" to site.connected, "status" to site.status)
if (err != null) {
eventSink?.error("", err, d)
} else {
eventSink?.success(d)
}
}
init {
eventChannel.setStreamHandler(this)
}
// Methods for EventChannel.StreamHandler
override fun onListen(p0: Any?, p1: EventChannel.EventSink?) {
eventSink = p1
}
override fun onCancel(p0: Any?) {
eventSink = null
}
}
data class CertificateInfo(
@SerializedName("Cert") val cert: Certificate,
@SerializedName("RawCert") val rawCert: String,
@SerializedName("Validity") val validity: CertificateValidity
)
data class Certificate(
val fingerprint: String,
val signature: String,
val details: CertificateDetails
)
data class CertificateDetails(
val name: String,
val notBefore: String,
val notAfter: String,
val publicKey: String,
val groups: List<String>,
val ips: List<String>,
val subnets: List<String>,
val isCa: Boolean,
val issuer: String
)
data class CertificateValidity(
@SerializedName("Valid") val valid: Boolean,
@SerializedName("Reason") val reason: String
)
class Site {
val name: String
val id: String
val staticHostmap: HashMap<String, StaticHosts>
val unsafeRoutes: List<UnsafeRoute>
var cert: CertificateInfo? = null
var ca: Array<CertificateInfo>
val lhDuration: Int
val port: Int
val mtu: Int
val cipher: String
val sortKey: Int
var logVerbosity: String
var connected: Boolean?
var status: String?
val logFile: String?
var errors: ArrayList<String> = ArrayList()
// Path to this site on disk
@Expose(serialize = false)
val path: String
// Strong representation of the site config
@Expose(serialize = false)
val config: String
constructor(siteDir: File) {
val gson = Gson()
config = siteDir.resolve("config.json").readText()
val incomingSite = gson.fromJson(config, IncomingSite::class.java)
path = siteDir.absolutePath
name = incomingSite.name
id = incomingSite.id
staticHostmap = incomingSite.staticHostmap
unsafeRoutes = incomingSite.unsafeRoutes ?: ArrayList()
lhDuration = incomingSite.lhDuration
port = incomingSite.port
mtu = incomingSite.mtu ?: 1300
cipher = incomingSite.cipher
sortKey = incomingSite.sortKey ?: 0
logFile = siteDir.resolve("log").absolutePath
logVerbosity = incomingSite.logVerbosity ?: "info"
connected = false
status = "Disconnected"
try {
val rawDetails = mobileNebula.MobileNebula.parseCerts(incomingSite.cert)
val certs = gson.fromJson(rawDetails, Array<CertificateInfo>::class.java)
if (certs.isEmpty()) {
throw IllegalArgumentException("No certificate found")
}
cert = certs[0]
if (!cert!!.validity.valid) {
errors.add("Certificate is invalid: ${cert!!.validity.reason}")
}
} catch (err: Exception) {
errors.add("Error while loading certificate: ${err.message}")
}
try {
val rawCa = mobileNebula.MobileNebula.parseCerts(incomingSite.ca)
ca = gson.fromJson(rawCa, Array<CertificateInfo>::class.java)
var hasErrors = false
ca.forEach {
if (!it.validity.valid) {
hasErrors = true
}
}
if (hasErrors) {
errors.add("There are issues with 1 or more ca certificates")
}
} catch (err: Exception) {
ca = arrayOf()
errors.add("Error while loading certificate authorities: ${err.message}")
}
}
fun getKey(context: Context): String? {
val f = EncFile(context).openRead(File(path).resolve("key"))
val k = f.readText()
f.close()
return k
}
}
data class StaticHosts(
val lighthouse: Boolean,
val destinations: List<String>
)
data class UnsafeRoute(
val route: String,
val via: String,
val mtu: Int?
)
class IncomingSite(
val name: String,
val id: String,
val staticHostmap: HashMap<String, StaticHosts>,
val unsafeRoutes: List<UnsafeRoute>?,
val cert: String,
val ca: String,
val lhDuration: Int,
val port: Int,
val mtu: Int?,
val cipher: String,
val sortKey: Int?,
var logVerbosity: String?,
@Expose(serialize = false)
var key: String?
) {
fun save(context: Context) {
val siteDir = context.filesDir.resolve("sites").resolve(id)
if (!siteDir.exists()) {
siteDir.mkdir()
}
if (key != null) {
val f = EncFile(context).openWrite(siteDir.resolve("key"))
f.use { it.write(key) }
f.close()
}
key = null
val gson = Gson()
val confFile = siteDir.resolve("config.json")
confFile.writeText(gson.toJson(this))
}
}

View File

@ -0,0 +1,12 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Modify this file to customize your launch splash screen -->
<layer-list xmlns:android="http://schemas.android.com/apk/res/android">
<item android:drawable="@android:color/white" />
<!-- You can insert your own image assets here -->
<!-- <item>
<bitmap
android:gravity="center"
android:src="@mipmap/launch_image" />
</item> -->
</layer-list>

Binary file not shown.

After

Width:  |  Height:  |  Size: 544 B

Binary file not shown.

After

Width:  |  Height:  |  Size: 442 B

Binary file not shown.

After

Width:  |  Height:  |  Size: 721 B

Binary file not shown.

After

Width:  |  Height:  |  Size: 1.0 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 1.4 KiB

View File

@ -0,0 +1,8 @@
<?xml version="1.0" encoding="utf-8"?>
<resources>
<style name="LaunchTheme" parent="@android:style/Theme.Black.NoTitleBar">
<!-- Show a splash screen on the activity. Automatically removed when
Flutter draws its first frame -->
<item name="android:windowBackground">@drawable/launch_background</item>
</style>
</resources>

View File

@ -0,0 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<paths>
<files-path name="sites" path="."/>
<external-path name="external-sites" path="." />
</paths>

View File

@ -0,0 +1,7 @@
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="net.defined.mobile_nebula">
<!-- Flutter needs it to communicate with the running application
to allow setting breakpoints, to provide hot reload, etc.
-->
<uses-permission android:name="android.permission.INTERNET"/>
</manifest>

31
android/build.gradle Normal file
View File

@ -0,0 +1,31 @@
buildscript {
ext.kotlin_version = '1.3.61'
repositories {
google()
jcenter()
}
dependencies {
classpath 'com.android.tools.build:gradle:4.0.0'
classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:$kotlin_version"
}
}
allprojects {
repositories {
google()
jcenter()
}
}
rootProject.buildDir = '../build'
subprojects {
project.buildDir = "${rootProject.buildDir}/${project.name}"
}
subprojects {
project.evaluationDependsOn(':app')
}
task clean(type: Delete) {
delete rootProject.buildDir
}

View File

@ -0,0 +1,4 @@
org.gradle.jvmargs=-Xmx1536M
android.enableR8=true
android.useAndroidX=true
android.enableJetifier=true

View File

@ -0,0 +1,6 @@
#Fri Jun 05 14:55:48 CDT 2020
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-6.1.1-all.zip

15
android/settings.gradle Normal file
View File

@ -0,0 +1,15 @@
include ':app'
def flutterProjectRoot = rootProject.projectDir.parentFile.toPath()
def plugins = new Properties()
def pluginsFile = new File(flutterProjectRoot.toFile(), '.flutter-plugins')
if (pluginsFile.exists()) {
pluginsFile.withReader('UTF-8') { reader -> plugins.load(reader) }
}
plugins.each { name, path ->
def pluginDirectory = flutterProjectRoot.resolve(path).resolve('android').toFile()
include ":$name"
project(":$name").projectDir = pluginDirectory
}

View File

@ -0,0 +1 @@
include ':app'

4
env.sh.example Normal file
View File

@ -0,0 +1,4 @@
#!/bin/sh
# Ensure your go and flutter bin folders are here
export PATH="$PATH:/path/to/go/bin:/path/to/flutter/bin"

Binary file not shown.

51
gen-artifacts.sh Executable file
View File

@ -0,0 +1,51 @@
#!/bin/sh
set -e
. env.sh
# Generate gomobile nebula bindings
cd nebula
if [ "$1" = "ios" ]; then
# Build for nebula for iOS
make MobileNebula.framework
rm -rf ../ios/NebulaNetworkExtension/MobileNebula.framework
cp -r MobileNebula.framework ../ios/NebulaNetworkExtension/
elif [ "$1" = "android" ]; then
# Build nebula for android
make mobileNebula.aar
rm -rf ../android/app/src/main/libs/mobileNebula.aar
cp mobileNebula.aar ../android/app/src/main/libs/mobileNebula.aar
else
echo "Error: unsupported target os $1"
exit 1
fi
cd ..
# Generate version info to display in about
{
# Get the flutter and dart versions
printf "const flutterVersion = <String, String>"
flutter --version --machine
echo ";"
# Get our current git sha
git rev-parse --short HEAD | sed -e "s/\(.*\)/const gitSha = '\1';/"
# Get the nebula version
cd nebula
NEBULA_VERSION="$(go list -m -f "{{.Version}}" github.com/slackhq/nebula | cut -f1 -d'-' | cut -c2-)"
echo "const nebulaVersion = '$NEBULA_VERSION';"
cd ..
# Get our golang version
echo "const goVersion = '$(go version | awk '{print $3}')';"
} > lib/.gen.versions.dart
# Try and avoid issues with building by moving into place after we are complete
#TODO: this might be a parallel build of deps issue in kotlin, might need to solve there
mv lib/.gen.versions.dart lib/gen.versions.dart

33
ios/.gitignore vendored Normal file
View File

@ -0,0 +1,33 @@
*.mode1v3
*.mode2v3
*.moved-aside
*.pbxuser
*.perspectivev3
**/*sync/
.sconsign.dblite
.tags*
**/.vagrant/
**/DerivedData/
Icon?
**/Pods/
**/.symlinks/
profile
xcuserdata
**/.generated/
Flutter/App.framework
Flutter/Flutter.framework
Flutter/Flutter.podspec
Flutter/Generated.xcconfig
Flutter/app.flx
Flutter/app.zip
Flutter/flutter_assets/
Flutter/flutter_export_environment.sh
ServiceDefinitions.json
Runner/GeneratedPluginRegistrant.*
# Exceptions to above rules.
!default.mode1v3
!default.mode2v3
!default.pbxuser
!default.perspectivev3
/NebulaNetworkExtension/MobileNebula.framework/

View File

@ -0,0 +1,26 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CFBundleDevelopmentRegion</key>
<string>$(DEVELOPMENT_LANGUAGE)</string>
<key>CFBundleExecutable</key>
<string>App</string>
<key>CFBundleIdentifier</key>
<string>io.flutter.flutter.app</string>
<key>CFBundleInfoDictionaryVersion</key>
<string>6.0</string>
<key>CFBundleName</key>
<string>App</string>
<key>CFBundlePackageType</key>
<string>FMWK</string>
<key>CFBundleShortVersionString</key>
<string>1.0</string>
<key>CFBundleSignature</key>
<string>????</string>
<key>CFBundleVersion</key>
<string>1.0</string>
<key>MinimumOSVersion</key>
<string>8.0</string>
</dict>
</plist>

View File

@ -0,0 +1,2 @@
#include "Pods/Target Support Files/Pods-Runner/Pods-Runner.debug.xcconfig"
#include "Generated.xcconfig"

View File

@ -0,0 +1,2 @@
#include "Pods/Target Support Files/Pods-Runner/Pods-Runner.release.xcconfig"
#include "Generated.xcconfig"

View File

@ -0,0 +1,31 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CFBundleDevelopmentRegion</key>
<string>$(DEVELOPMENT_LANGUAGE)</string>
<key>CFBundleDisplayName</key>
<string>NebulaNetworkExtension</string>
<key>CFBundleExecutable</key>
<string>$(EXECUTABLE_NAME)</string>
<key>CFBundleIdentifier</key>
<string>$(PRODUCT_BUNDLE_IDENTIFIER)</string>
<key>CFBundleInfoDictionaryVersion</key>
<string>6.0</string>
<key>CFBundleName</key>
<string>$(PRODUCT_NAME)</string>
<key>CFBundlePackageType</key>
<string>$(PRODUCT_BUNDLE_PACKAGE_TYPE)</string>
<key>CFBundleShortVersionString</key>
<string>$(MARKETING_VERSION)</string>
<key>CFBundleVersion</key>
<string>$(CURRENT_PROJECT_VERSION)</string>
<key>NSExtension</key>
<dict>
<key>NSExtensionPointIdentifier</key>
<string>com.apple.networkextension.packet-tunnel</string>
<key>NSExtensionPrincipalClass</key>