- Fix last commit

- Implement reading extra CA cert from file to fix keystore error on some mobile phones

4 files changed, 46 insertions, 3 deletions

diff --git a/src/de/blinkt/openvpn/LaunchVPN.java b/src/de/blinkt/openvpn/LaunchVPN.java
index b4151c24..e76057d7 100644
--- a/src/de/blinkt/openvpn/LaunchVPN.java
+++ b/src/de/blinkt/openvpn/LaunchVPN.java
@@ -105,7 +105,7 @@ public class LaunchVPN extends ListActivity implements OnItemClickListener {
 		if(Intent.ACTION_MAIN.equals(action)) {
 			// we got called to be the starting point, most likely a shortcut
 			String shortcutUUID = intent.getStringExtra( EXTRA_KEY);
-			String shortcutName = intent.getStringExtra( EXTRA_KEY);
+			String shortcutName = intent.getStringExtra( EXTRA_NAME);
 
 			VpnProfile profileToConnect = ProfileManager.get(shortcutUUID);
 			if(shortcutName != null && profileToConnect ==null)
diff --git a/src/de/blinkt/openvpn/OpenVPN.java b/src/de/blinkt/openvpn/OpenVPN.java
index 39533db3..b09eb60e 100644
--- a/src/de/blinkt/openvpn/OpenVPN.java
+++ b/src/de/blinkt/openvpn/OpenVPN.java
@@ -35,6 +35,12 @@ public class OpenVPN {
 			mMessage = message;
 		}
 
+		public LogItem(int loglevel, String msg) {
+			mLevel = loglevel;
+			mMessage = msg;
+		}
+
+
 		String getString(Context c) {
 			if(mMessage !=null) {
 				return mMessage;
@@ -144,6 +150,11 @@ public class OpenVPN {
 		}
 	}
 
+	public static void logError(String msg) {
+		newlogItem(new LogItem(LogItem.ERROR, msg));
+		
+	}
+
 	
 	
 }
diff --git a/src/de/blinkt/openvpn/Settings_Basic.java b/src/de/blinkt/openvpn/Settings_Basic.java
index bafee229..1b82b579 100644
--- a/src/de/blinkt/openvpn/Settings_Basic.java
+++ b/src/de/blinkt/openvpn/Settings_Basic.java
@@ -200,7 +200,7 @@ public class Settings_Basic extends Fragment implements View.OnClickListener, On
 		mView.findViewById(R.id.userpassword).setVisibility(View.GONE);
 		mView.findViewById(R.id.key_password_layout).setVisibility(View.GONE);
 
-		// Fallthroughs are by desing
+		// Fall through are by design
 		switch(type) {
 		case VpnProfile.TYPE_USERPASS_CERTIFICATES:
 			mView.findViewById(R.id.userpassword).setVisibility(View.VISIBLE);
@@ -210,18 +210,22 @@ public class Settings_Basic extends Fragment implements View.OnClickListener, On
 			if(mProfile.requireTLSKeyPassword())
 				mView.findViewById(R.id.key_password_layout).setVisibility(View.VISIBLE);
 			break;
+			
 		case VpnProfile.TYPE_USERPASS_PKCS12:
 			mView.findViewById(R.id.userpassword).setVisibility(View.VISIBLE);
 		case VpnProfile.TYPE_PKCS12:
 			mView.findViewById(R.id.pkcs12).setVisibility(View.VISIBLE);
 			break;
+			
 		case VpnProfile.TYPE_STATICKEYS:
 			mView.findViewById(R.id.statickeys).setVisibility(View.VISIBLE);
 			break;
+
 		case VpnProfile.TYPE_USERPASS_KEYSTORE:
 			mView.findViewById(R.id.userpassword).setVisibility(View.VISIBLE);
 		case VpnProfile.TYPE_KEYSTORE:
 			mView.findViewById(R.id.keystore).setVisibility(View.VISIBLE);
+			mView.findViewById(R.id.cacert).setVisibility(View.VISIBLE);
 			break;
 
 		case VpnProfile.TYPE_USERPASS:
diff --git a/src/de/blinkt/openvpn/VpnProfile.java b/src/de/blinkt/openvpn/VpnProfile.java
index e9cb994a..7ca75723 100644
--- a/src/de/blinkt/openvpn/VpnProfile.java
+++ b/src/de/blinkt/openvpn/VpnProfile.java
@@ -1,17 +1,22 @@
 package de.blinkt.openvpn;
 
+import java.io.ByteArrayInputStream;
 import java.io.File;
+import java.io.FileInputStream;
 import java.io.FileNotFoundException;
 import java.io.FileOutputStream;
 import java.io.FileReader;
 import java.io.FileWriter;
 import java.io.IOException;
+import java.io.InputStream;
 import java.io.Serializable;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.PrivateKey;
+import java.security.cert.Certificate;
 import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import java.util.Collection;
 import java.util.Random;
@@ -474,7 +479,7 @@ public class VpnProfile implements  Serializable{
 		try {
 			privateKey = KeyChain.getPrivateKey(context,mAlias);
 			cachain = KeyChain.getCertificateChain(context, mAlias);
-			if(cachain.length <= 1)
+			if(cachain.length <= 1 && !nonNull(mCaFilename))
 				OpenVPN.logMessage(0, "", context.getString(R.string.keychain_nocacert));
 
 			
@@ -484,6 +489,15 @@ public class VpnProfile implements  Serializable{
 			
 			KeyStore ks = KeyStore.getInstance("PKCS12");
 			ks.load(null, null);
+			if(nonNull(mCaFilename)) {
+				try {
+				Certificate cacert = getCacertFromFile();
+				
+				ks.setCertificateEntry("cacert", cacert);
+				} catch (Exception e) {
+					OpenVPN.logError("Could not read CA certificate" + e.getLocalizedMessage());
+				}
+			}
 			ks.setKeyEntry("usercert", privateKey, null, cachain);
 			String mypw = getTemporaryPKCS12Password();
 			FileOutputStream fout = new FileOutputStream(context.getCacheDir().getAbsolutePath() + "/" + VpnProfile.OVPNCONFIGPKCS12);
@@ -507,6 +521,20 @@ public class VpnProfile implements  Serializable{
 		}
 
 	}
+	private Certificate getCacertFromFile() throws FileNotFoundException, CertificateException {
+		 CertificateFactory certFact = CertificateFactory.getInstance("X.509");
+		 
+		 InputStream inStream;
+		
+		 if(mCaFilename.startsWith(INLINE_TAG))
+			 inStream = new ByteArrayInputStream(mCaFilename.replace(INLINE_TAG,"").getBytes());
+		else 
+			inStream = new FileInputStream(mCaFilename);
+		 
+		 return certFact.generateCertificate(inStream);
+	}
+
+
 	//! Return an error if somethign is wrong
 	int checkProfile() {
 		if((mAuthenticationType==TYPE_KEYSTORE || mAuthenticationType==TYPE_USERPASS_KEYSTORE) && mAlias==null)