summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorArne Schwabe <arne@rfc2549.org>2012-06-17 17:48:52 +0200
committerArne Schwabe <arne@rfc2549.org>2012-06-17 17:48:52 +0200
commit39197a456562402ad42c5d78deafbbcefa024582 (patch)
tree3649b57711229c91e4f028bd6b42b9567d6ea255
parent5cd8e4b40aab5512c7e9c1d606b841df39ae8c81 (diff)
- Fix last commit
- Implement reading extra CA cert from file to fix keystore error on some mobile phones
-rw-r--r--res/layout/basic_settings.xml6
-rw-r--r--res/layout/file_dialog_main.xml2
-rw-r--r--res/layout/keystore_selector.xml2
-rw-r--r--res/values-de/strings.xml6
-rw-r--r--res/values/strings.xml8
-rw-r--r--src/de/blinkt/openvpn/LaunchVPN.java2
-rw-r--r--src/de/blinkt/openvpn/OpenVPN.java11
-rw-r--r--src/de/blinkt/openvpn/Settings_Basic.java6
-rw-r--r--src/de/blinkt/openvpn/VpnProfile.java30
9 files changed, 64 insertions, 9 deletions
diff --git a/res/layout/basic_settings.xml b/res/layout/basic_settings.xml
index d47ba207..409936e1 100644
--- a/res/layout/basic_settings.xml
+++ b/res/layout/basic_settings.xml
@@ -106,6 +106,12 @@
android:visibility="gone" >
<include layout="@layout/keystore_selector" />
+
+ <TextView
+ style="@style/item"
+ android:singleLine="false"
+ android:text="@string/extracahint"
+ android:textAppearance="?android:attr/textAppearanceSmall" />
</LinearLayout>
<LinearLayout
diff --git a/res/layout/file_dialog_main.xml b/res/layout/file_dialog_main.xml
index 2f88ffb7..68af9b18 100644
--- a/res/layout/file_dialog_main.xml
+++ b/res/layout/file_dialog_main.xml
@@ -23,7 +23,7 @@
android:id="@+id/fdButtonSelect"
android:layout_width="wrap_content"
android:layout_height="wrap_content"
- android:text="@string/select" >
+ android:text="@string/select_file" >
</Button>
</LinearLayout>
diff --git a/res/layout/keystore_selector.xml b/res/layout/keystore_selector.xml
index 21945104..211e977b 100644
--- a/res/layout/keystore_selector.xml
+++ b/res/layout/keystore_selector.xml
@@ -28,7 +28,7 @@
android:layout_width="wrap_content"
android:layout_height="wrap_content"
android:layout_alignParentRight="true"
- android:text="@string/select_certificate" />
+ android:text="@string/select" />
<TextView
android:id="@+id/title"
diff --git a/res/values-de/strings.xml b/res/values-de/strings.xml
index be0a518d..aebfe351 100644
--- a/res/values-de/strings.xml
+++ b/res/values-de/strings.xml
@@ -14,7 +14,7 @@
<string name="client_certificate_title">Clientzertifikat</string>
<string name="client_key_title">Clientzertifikatsschlüssel</string>
<string name="ca_title">CA Zertifikat</string>
- <string name="select_certificate">Auswählen</string>
+ <string name="select_file">Auswählen</string>
<string name="no_certificate">Nichts ausgewählt</string>
<string name="about">Über</string>
<string name="vpn_type">Typ</string>
@@ -171,5 +171,9 @@
<string name="building_configration">Generiere OpenVPN Konfigration…</string>
<string name="netchange_summary">Aktivieren dieser Option zwingt OpenVPN dazu beim Wechsel des Netzwerkes (WLAN zu Mobilfunk und umgekehrt) neu zu verbinden.</string>
<string name="netchange">Netzwerkänderungen beachten</string>
+ <string name="netstatus">Netzwerkstatus: %s</string>
+ <string name="keychain_nocacert">Beim Abfragen des Android KeyStore wurde kein CA Zertifikat zurückgegeben. Überprüfen des Serverzertifikat wird warscheinlich fehlschlagen. Geben Sie manuell ein CA Zertifikat an.</string>
+ <string name="cert_from_keystore">Zertifikat (KeyStore): \'%s\' </string>
+ <string name="extracahint">Das CA Zertifikat wird meist aus dem Zertifikatsspeicher automatisch ausgewählt. Sollte dies nicht funktionieren und Sie Verifizierungsprobleme erhalten(self signed certificate), wählen Sie manuell ein Zertifikat aus.</string>
</resources> \ No newline at end of file
diff --git a/res/values/strings.xml b/res/values/strings.xml
index 08bb0a27..f7c9817f 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -24,7 +24,6 @@
<string name="defaultport" translatable="false">1194</string>
<string name="location">Location</string>
<string name="cant_read_folder">folder can\'t be read!</string>
- <string name="select">Select</string>
<string name="cancel">Cancel</string>
<string name="no_data">No Data</string>
<string name="useLZO">LZO Compression</string>
@@ -33,7 +32,6 @@
<string name="client_key_title">Client Certificate Key</string>
<string name="client_pkcs12_title">PKCS12 File</string>
<string name="ca_title">CA Certificate</string>
- <string name="select_certificate">Select</string>
<string name="no_certificate">Nothing selected</string>
<string name="opevpn_copyright" translatable="false">Copyright © 2002–2010 OpenVPN Technologies, Inc. &lt;sales@openvpn.net>\n
@@ -57,6 +55,7 @@
<string name="vpn_list_title">All your precious VPNs</string>
<string name="vpn_type">Type</string>
<string name="pkcs12pwquery">PKCS12 Password</string>
+ <string name="select">Select…</string>
<string name="file_select">Select…</string>
<string name="file_nothing_selected">Nothing Selected</string>
<string name="useTLSAuth">Use TLS Authentication</string>
@@ -209,7 +208,10 @@
<string name="building_configration">Building configration…</string>
<string name="netchange_summary">Turning this option on will force a reconnet if the network state is change (WIFI to/from mobile)</string>
<string name="netchange">Reconnect on Network change</string>
- <string name="keychain_nocacert">No CA Certificate returned while reading from Android keystore. Auhtentication will probably fail.</string>
<string name="cert_from_keystore">Got certificate \'%s\' from Keystore</string>
<string name="netstatus">Network Status: %s</string>
+ <string name="extracahint">The CA cert is usually returned from the Android Keystore. Specify a seperate certificate if you get certificate verification errors.</string>
+ <string name="select_file">Select</string>
+ <string name="keychain_nocacert">No CA Certificate returned while reading from Android keystore. Auhtentication will probably fail.</string>
+
</resources>
diff --git a/src/de/blinkt/openvpn/LaunchVPN.java b/src/de/blinkt/openvpn/LaunchVPN.java
index b4151c24..e76057d7 100644
--- a/src/de/blinkt/openvpn/LaunchVPN.java
+++ b/src/de/blinkt/openvpn/LaunchVPN.java
@@ -105,7 +105,7 @@ public class LaunchVPN extends ListActivity implements OnItemClickListener {
if(Intent.ACTION_MAIN.equals(action)) {
// we got called to be the starting point, most likely a shortcut
String shortcutUUID = intent.getStringExtra( EXTRA_KEY);
- String shortcutName = intent.getStringExtra( EXTRA_KEY);
+ String shortcutName = intent.getStringExtra( EXTRA_NAME);
VpnProfile profileToConnect = ProfileManager.get(shortcutUUID);
if(shortcutName != null && profileToConnect ==null)
diff --git a/src/de/blinkt/openvpn/OpenVPN.java b/src/de/blinkt/openvpn/OpenVPN.java
index 39533db3..b09eb60e 100644
--- a/src/de/blinkt/openvpn/OpenVPN.java
+++ b/src/de/blinkt/openvpn/OpenVPN.java
@@ -35,6 +35,12 @@ public class OpenVPN {
mMessage = message;
}
+ public LogItem(int loglevel, String msg) {
+ mLevel = loglevel;
+ mMessage = msg;
+ }
+
+
String getString(Context c) {
if(mMessage !=null) {
return mMessage;
@@ -144,6 +150,11 @@ public class OpenVPN {
}
}
+ public static void logError(String msg) {
+ newlogItem(new LogItem(LogItem.ERROR, msg));
+
+ }
+
}
diff --git a/src/de/blinkt/openvpn/Settings_Basic.java b/src/de/blinkt/openvpn/Settings_Basic.java
index bafee229..1b82b579 100644
--- a/src/de/blinkt/openvpn/Settings_Basic.java
+++ b/src/de/blinkt/openvpn/Settings_Basic.java
@@ -200,7 +200,7 @@ public class Settings_Basic extends Fragment implements View.OnClickListener, On
mView.findViewById(R.id.userpassword).setVisibility(View.GONE);
mView.findViewById(R.id.key_password_layout).setVisibility(View.GONE);
- // Fallthroughs are by desing
+ // Fall through are by design
switch(type) {
case VpnProfile.TYPE_USERPASS_CERTIFICATES:
mView.findViewById(R.id.userpassword).setVisibility(View.VISIBLE);
@@ -210,18 +210,22 @@ public class Settings_Basic extends Fragment implements View.OnClickListener, On
if(mProfile.requireTLSKeyPassword())
mView.findViewById(R.id.key_password_layout).setVisibility(View.VISIBLE);
break;
+
case VpnProfile.TYPE_USERPASS_PKCS12:
mView.findViewById(R.id.userpassword).setVisibility(View.VISIBLE);
case VpnProfile.TYPE_PKCS12:
mView.findViewById(R.id.pkcs12).setVisibility(View.VISIBLE);
break;
+
case VpnProfile.TYPE_STATICKEYS:
mView.findViewById(R.id.statickeys).setVisibility(View.VISIBLE);
break;
+
case VpnProfile.TYPE_USERPASS_KEYSTORE:
mView.findViewById(R.id.userpassword).setVisibility(View.VISIBLE);
case VpnProfile.TYPE_KEYSTORE:
mView.findViewById(R.id.keystore).setVisibility(View.VISIBLE);
+ mView.findViewById(R.id.cacert).setVisibility(View.VISIBLE);
break;
case VpnProfile.TYPE_USERPASS:
diff --git a/src/de/blinkt/openvpn/VpnProfile.java b/src/de/blinkt/openvpn/VpnProfile.java
index e9cb994a..7ca75723 100644
--- a/src/de/blinkt/openvpn/VpnProfile.java
+++ b/src/de/blinkt/openvpn/VpnProfile.java
@@ -1,17 +1,22 @@
package de.blinkt.openvpn;
+import java.io.ByteArrayInputStream;
import java.io.File;
+import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.IOException;
+import java.io.InputStream;
import java.io.Serializable;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
+import java.security.cert.Certificate;
import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Random;
@@ -474,7 +479,7 @@ public class VpnProfile implements Serializable{
try {
privateKey = KeyChain.getPrivateKey(context,mAlias);
cachain = KeyChain.getCertificateChain(context, mAlias);
- if(cachain.length <= 1)
+ if(cachain.length <= 1 && !nonNull(mCaFilename))
OpenVPN.logMessage(0, "", context.getString(R.string.keychain_nocacert));
@@ -484,6 +489,15 @@ public class VpnProfile implements Serializable{
KeyStore ks = KeyStore.getInstance("PKCS12");
ks.load(null, null);
+ if(nonNull(mCaFilename)) {
+ try {
+ Certificate cacert = getCacertFromFile();
+
+ ks.setCertificateEntry("cacert", cacert);
+ } catch (Exception e) {
+ OpenVPN.logError("Could not read CA certificate" + e.getLocalizedMessage());
+ }
+ }
ks.setKeyEntry("usercert", privateKey, null, cachain);
String mypw = getTemporaryPKCS12Password();
FileOutputStream fout = new FileOutputStream(context.getCacheDir().getAbsolutePath() + "/" + VpnProfile.OVPNCONFIGPKCS12);
@@ -507,6 +521,20 @@ public class VpnProfile implements Serializable{
}
}
+ private Certificate getCacertFromFile() throws FileNotFoundException, CertificateException {
+ CertificateFactory certFact = CertificateFactory.getInstance("X.509");
+
+ InputStream inStream;
+
+ if(mCaFilename.startsWith(INLINE_TAG))
+ inStream = new ByteArrayInputStream(mCaFilename.replace(INLINE_TAG,"").getBytes());
+ else
+ inStream = new FileInputStream(mCaFilename);
+
+ return certFact.generateCertificate(inStream);
+ }
+
+
//! Return an error if somethign is wrong
int checkProfile() {
if((mAuthenticationType==TYPE_KEYSTORE || mAuthenticationType==TYPE_USERPASS_KEYSTORE) && mAlias==null)