Release 1.2, adds a couple additional sanity checks

jp-bennett · Jan 9, 2016 · 6524b52 · 6524b52
1 parent b06c75f
commit 6524b52
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 9 deletions.
diff --git a/app/build.gradle b/app/build.gradle
@@ -18,8 +18,8 @@ model {
             applicationId = "org.cipherdyne.fwknop2"
             minSdkVersion.apiLevel = 15
             targetSdkVersion.apiLevel = 23
-            versionCode = 21
-            versionName = "1.2-RC.1"
+            versionCode = 22
+            versionName = "1.2"
         }
     }
     android.buildTypes {

diff --git a/app/src/main/java/biz/incomsystems/fwknop2/Config.java b/app/src/main/java/biz/incomsystems/fwknop2/Config.java
@@ -43,7 +43,15 @@ public int Is_Valid(){
                 this.SERVER_PORT = String.valueOf(62201);
             }
         }
-
+        if (this.MESSAGE_TYPE.contains("Nat")) {
+            try {
+                if (Integer.parseInt(this.NAT_PORT) < 1 || Integer.parseInt(this.NAT_PORT) > 65535) {
+                    return (R.string.NotValidNatPort);
+                }
+            } catch (NumberFormatException ex) {
+                return (R.string.NotValidNatPort);
+            }
+        }
         if (this.NICK_NAME.equalsIgnoreCase("")) { // Need to create a new Nick
             return(R.string.unique_nick); // choosing a used nick will just overwrite it. So really
         } else if ((this.LEGACY && this.HMAC_BASE64) || (this.LEGACY && !this.HMAC.equalsIgnoreCase(""))) {
@@ -59,12 +67,13 @@ public int Is_Valid(){
         } else if (!(this.PORTS.matches("tcp/\\d.*") || this.PORTS.matches("udp/\\d.*") || this.MESSAGE_TYPE.equalsIgnoreCase("Server Command"))) {
             return(R.string.port_format);
         } else if (!(this.ACCESS_IP.equalsIgnoreCase("Allow IP") || this.ACCESS_IP.equalsIgnoreCase("Resolve IP") || this.ACCESS_IP.equalsIgnoreCase("Prompt IP") || (ipValidate.isValid(this.ACCESS_IP)))){ //Have to have a valid ip to allow, if using allow ip
-            Log.e("fwknop2", this.ACCESS_IP);
             return(R.string.valid_ip);
         }  else if (!ipValidate.isValid(this.SERVER_IP) && !DomainValidator.getInstance().isValid(this.SERVER_IP)) { // check server entry. Must be a valid url or ip.
             return(R.string.valid_server);
         } else if (this.juice_uuid == null) { //This one might have to go in the main function
-            return(R.string.juice_first);
+            return (R.string.juice_first);
+        } else if (this.MESSAGE_TYPE.equalsIgnoreCase("NAT Access") && !ipValidate.isValid(this.NAT_IP)){
+            return (R.string.NotValidNatIP);
         } else {
             return 0;
         }

diff --git a/app/src/main/res/values/strings.xml b/app/src/main/res/values/strings.xml
@@ -73,14 +73,35 @@
  If you are using luci-app-fwknop on an Openwrt router, you can select the "Capture qr" option from the menu,
  and use a qr code generated on the router to auto fill the encryption and HMAC keys.
   </p>
-<p>If Juicessh is installed, you can autostart a saved Juicessh connection by selecting Juicessh from the
+ <p>
+ If Juicessh is installed, you can autostart a saved Juicessh connection by selecting Juicessh from the
  "Run External App" menu, and after a brief delay, choosing the desired connection. If you want to use a different
-  app, select "SSH Uri", and then type in your desired Username to connect as. This will use the system\'s
-  default ssh client to try to connect to the port you are opening.
+ app, select "SSH Uri", and then type in your desired Username to connect as. This will use the system\'s
+ default ssh client to try to connect to the port you are opening.
+ </p>
+ <p>
+ Another option in the External App menu is "OpenVPN for Android".  Selecting this option and
+ filling in a profile name will automatically launch that profile after sending a successful knock.
+ </p>
+ <p>
+ The "Allow IP" option specifies what IP to send as the source address.  The "prompt" option will ask
+ for the IP to allow when a knock is sent.  This prompt has an option to scan a qr code containing an
+ IP address.  This service is provided at <a href="https://incomsystems.biz/fwknop-gui/qr.php">https://incomsystems.biz/fwknop-gui/qr.php</a>.
  </p>
  <p>
   Once the data is filled in, select "Save Config" from the menu. Then, to send a SPA knock, select the
-   Saved config you want to use, and tap the "Send Knock" button at the bottom of the list.
+  Saved config you want to use, and tap the "Send Knock" button at the bottom of the list.
+ </p>
+ <p>
+ From the list of saved configs, a long tap launches a context menu.  This contains the options to edit or delete a config.
+ If the device contains NFC capabilities, the option to write a config to an NFC tag will also be present.
+ Note that only the nickname is written to the NFC tag, which avoids exposing any credentials in the NFC tag.
+ There is an option in the general configuration menu to enable sending knocks via NFC tags.  This option defaults
+ to false, and any scanned NFC tag will be ignored by fwknop2 while this option is disabled.
+ </p>
+ <p>
+ Once sending knocks via NFC is enabled, scanning an NFC token sends the associated knock.
+ This process will work even if Fwknop2 is not currently opened.
  </p>
  <p>This app is open source software, Licensed GPLv2+. The source can be found  <a href="https://github.com/oneru/Fwknop2">on github</a>. Please report any bugs here.</p>
  <p>Credits: Based on fwknop and libfko written by <a href="https://www.cipherdyne.org/fwknop/"> Michael Rash</a></p>
@@ -137,4 +158,6 @@
     <string name="nfcDisabled">NFC-Fwknop2 disabled</string>
     <string name="nfcError">NFC Tag parsing error</string>
     <string name="SendingSPATo">"Sending SPA to "</string>
+    <string name="NotValidNatIP">You must supply a valid NAT IP</string>
+    <string name="NotValidNatPort">You must provide a valid NAT port</string>
 </resources>