allow to parse and handle multiple certs in a pem file

2 files changed, 20 insertions, 90 deletions

diff --git a/app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java b/app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java
index dccb5678..0a81b9cb 100644
--- a/app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java
+++ b/app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java
@@ -20,6 +20,7 @@ import android.content.Context;
 import android.content.res.Resources;
 import android.os.Build;
 import android.os.Looper;
+import android.util.Log;
 
 import androidx.annotation.NonNull;
 import androidx.annotation.Nullable;
@@ -37,6 +38,7 @@ import java.security.KeyFactory;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
+import java.security.cert.Certificate;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
@@ -44,10 +46,13 @@ import java.security.cert.X509Certificate;
 import java.security.interfaces.RSAPrivateKey;
 import java.security.spec.InvalidKeySpecException;
 import java.security.spec.PKCS8EncodedKeySpec;
+import java.util.ArrayList;
 import java.util.Calendar;
+import java.util.Collection;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
+import de.blinkt.openvpn.core.VpnStatus;
 import se.leap.bitmaskclient.BuildConfig;
 import se.leap.bitmaskclient.R;
 import se.leap.bitmaskclient.providersetup.ProviderAPI;
@@ -99,25 +104,28 @@ public class ConfigHelper {
         return ret;
     }
 
-    public static X509Certificate parseX509CertificateFromString(String certificateString) {
-        java.security.cert.Certificate certificate = null;
+    public static ArrayList<X509Certificate> parseX509CertificatesFromString(String certificateString) {
+        Collection<? extends Certificate> certificates;
         CertificateFactory cf;
         try {
             cf = CertificateFactory.getInstance("X.509");
 
             certificateString = certificateString.replaceAll("-----BEGIN CERTIFICATE-----", "").trim().replaceAll("-----END CERTIFICATE-----", "").trim();
-            byte[] cert_bytes = Base64.decode(certificateString);
-            InputStream caInput = new ByteArrayInputStream(cert_bytes);
-            try {
-                certificate = cf.generateCertificate(caInput);
-                System.out.println("ca=" + ((X509Certificate) certificate).getSubjectDN());
-            } finally {
-                caInput.close();
+            byte[] certBytes = Base64.decode(certificateString);
+            try (InputStream caInput = new ByteArrayInputStream(certBytes)) {
+                certificates = cf.generateCertificates(caInput);
+                if (certificates != null) {
+                    for (Certificate cert : certificates) {
+                        System.out.println("ca=" + ((X509Certificate) cert).getSubjectDN());
+                    }
+                    return (ArrayList<X509Certificate>) certificates;
+                }
             }
-        } catch (NullPointerException | CertificateException | IOException | IllegalArgumentException e) {
-            return null;
+        } catch (NullPointerException | CertificateException | IOException | IllegalArgumentException | ClassCastException e) {
+            e.printStackTrace();
         }
-        return (X509Certificate) certificate;
+
+        return null;
     }
 
     public static RSAPrivateKey parseRsaKeyFromString(String rsaKeyString) {
diff --git a/app/src/main/java/se/leap/bitmaskclient/base/utils/KeyStoreHelper.java b/app/src/main/java/se/leap/bitmaskclient/base/utils/KeyStoreHelper.java
deleted file mode 100644
index b0b28993..00000000
--- a/app/src/main/java/se/leap/bitmaskclient/base/utils/KeyStoreHelper.java
+++ /dev/null
@@ -1,78 +0,0 @@
-package se.leap.bitmaskclient.base.utils;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-
-/**
- * Created by cyberta on 18.03.18.
- */
-
-public class KeyStoreHelper {
-    private static KeyStore trustedKeystore;
-
-    /**
-     * Adds a new X509 certificate given its input stream and its provider name
-     *
-     * @param provider    used to store the certificate in the keystore
-     * @param inputStream from which X509 certificate must be generated.
-     */
-    public static void addTrustedCertificate(String provider, InputStream inputStream) {
-        CertificateFactory cf;
-        try {
-            cf = CertificateFactory.getInstance("X.509");
-            X509Certificate cert =
-                    (X509Certificate) cf.generateCertificate(inputStream);
-            trustedKeystore.setCertificateEntry(provider, cert);
-        } catch (CertificateException e) {
-            // TODO Auto-generated catch block
-            e.printStackTrace();
-        } catch (KeyStoreException e) {
-            // TODO Auto-generated catch block
-            e.printStackTrace();
-        }
-    }
-
-    /**
-     * Adds a new X509 certificate given in its string from and using its provider name
-     *
-     * @param provider    used to store the certificate in the keystore
-     * @param certificate
-     */
-    public static void addTrustedCertificate(String provider, String certificate) {
-
-        try {
-            X509Certificate cert = ConfigHelper.parseX509CertificateFromString(certificate);
-            if (trustedKeystore == null) {
-                trustedKeystore = KeyStore.getInstance("BKS");
-                trustedKeystore.load(null);
-            }
-            trustedKeystore.setCertificateEntry(provider, cert);
-        } catch (KeyStoreException e) {
-            // TODO Auto-generated catch block
-            e.printStackTrace();
-        } catch (NoSuchAlgorithmException e) {
-            // TODO Auto-generated catch block
-            e.printStackTrace();
-        } catch (CertificateException e) {
-            // TODO Auto-generated catch block
-            e.printStackTrace();
-        } catch (IOException e) {
-            // TODO Auto-generated catch block
-            e.printStackTrace();
-        }
-    }
-
-    /**
-     * @return class wide keystore
-     */
-    public static KeyStore getKeystore() {
-        return trustedKeystore;
-    }
-
-}