summaryrefslogtreecommitdiff
path: root/app/src/main/java/de/blinkt/openvpn/core/X509Utils.java
diff options
context:
space:
mode:
Diffstat (limited to 'app/src/main/java/de/blinkt/openvpn/core/X509Utils.java')
-rw-r--r--app/src/main/java/de/blinkt/openvpn/core/X509Utils.java71
1 files changed, 58 insertions, 13 deletions
diff --git a/app/src/main/java/de/blinkt/openvpn/core/X509Utils.java b/app/src/main/java/de/blinkt/openvpn/core/X509Utils.java
index 0786967b..4048f0e0 100644
--- a/app/src/main/java/de/blinkt/openvpn/core/X509Utils.java
+++ b/app/src/main/java/de/blinkt/openvpn/core/X509Utils.java
@@ -1,11 +1,12 @@
/*
- * Copyright (c) 2012-2014 Arne Schwabe
+ * Copyright (c) 2012-2016 Arne Schwabe
* Distributed under the GNU GPL v2 with additional terms. For full terms see the file doc/LICENSE.txt
*/
package de.blinkt.openvpn.core;
import android.content.Context;
+import android.content.res.Resources;
import android.text.TextUtils;
import se.leap.bitmaskclient.R;
@@ -20,30 +21,39 @@ import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
+import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
+import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Date;
import java.util.Hashtable;
+import java.util.Vector;
public class X509Utils {
- public static Certificate getCertificateFromFile(String certfilename) throws FileNotFoundException, CertificateException {
+ public static Certificate[] getCertificatesFromFile(String certfilename) throws FileNotFoundException, CertificateException {
CertificateFactory certFact = CertificateFactory.getInstance("X.509");
- InputStream inStream;
-
+ Vector<Certificate> certificates = new Vector<>();
if(VpnProfile.isEmbedded(certfilename)) {
- // The java certifcate reader is ... kind of stupid
- // It does NOT ignore chars before the --BEGIN ...
int subIndex = certfilename.indexOf("-----BEGIN CERTIFICATE-----");
- subIndex = Math.max(0,subIndex);
- inStream = new ByteArrayInputStream(certfilename.substring(subIndex).getBytes());
+ do {
+ // The java certifcate reader is ... kind of stupid
+ // It does NOT ignore chars before the --BEGIN ...
+ subIndex = Math.max(0, subIndex);
+ InputStream inStream = new ByteArrayInputStream(certfilename.substring(subIndex).getBytes());
+ certificates.add(certFact.generateCertificate(inStream));
+ subIndex = certfilename.indexOf("-----BEGIN CERTIFICATE-----", subIndex+1);
+ } while (subIndex > 0);
+ return certificates.toArray(new Certificate[certificates.size()]);
} else {
- inStream = new FileInputStream(certfilename);
+ InputStream inStream = new FileInputStream(certfilename);
+ return new Certificate[] {certFact.generateCertificate(inStream)};
}
- return certFact.generateCertificate(inStream);
}
public static PemObject readPemObjectFromFile (String keyfilename) throws IOException {
@@ -67,9 +77,10 @@ public class X509Utils {
public static String getCertificateFriendlyName (Context c, String filename) {
if(!TextUtils.isEmpty(filename)) {
try {
- X509Certificate cert = (X509Certificate) getCertificateFromFile(filename);
-
- return getCertificateFriendlyName(cert);
+ X509Certificate cert = (X509Certificate) getCertificatesFromFile(filename)[0];
+ String friendlycn = getCertificateFriendlyName(cert);
+ friendlycn = getCertificateValidityString(cert, c.getResources()) + friendlycn;
+ return friendlycn;
} catch (Exception e) {
VpnStatus.logError("Could not read certificate" + e.getLocalizedMessage());
@@ -78,6 +89,40 @@ public class X509Utils {
return c.getString(R.string.cannotparsecert);
}
+ public static String getCertificateValidityString(X509Certificate cert, Resources res) {
+ try {
+ cert.checkValidity();
+ } catch (CertificateExpiredException ce) {
+ return "EXPIRED: ";
+ } catch (CertificateNotYetValidException cny) {
+ return "NOT YET VALID: ";
+ }
+
+ Date certNotAfter = cert.getNotAfter();
+ Date now = new Date();
+ long timeLeft = certNotAfter.getTime() - now.getTime(); // Time left in ms
+
+ // More than 72h left, display days
+ // More than 3 months display months
+ if (timeLeft > 90l* 24 * 3600 * 1000) {
+ long months = getMonthsDifference(now, certNotAfter);
+ return res.getString(R.string.months_left, months);
+ } else if (timeLeft > 72 * 3600 * 1000) {
+ long days = timeLeft / (24 * 3600 * 1000);
+ return res.getString(R.string.days_left, days);
+ } else {
+ long hours = timeLeft / (3600 * 1000);
+
+ return res.getString(R.string.hours_left, hours);
+ }
+ }
+
+ public static int getMonthsDifference(Date date1, Date date2) {
+ int m1 = date1.getYear() * 12 + date1.getMonth();
+ int m2 = date2.getYear() * 12 + date2.getMonth();
+ return m2 - m1 + 1;
+ }
+
public static String getCertificateFriendlyName(X509Certificate cert) {
X500Principal principal = cert.getSubjectX500Principal();
byte[] encodedSubject = principal.getEncoded();
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-01 11:29:03 +0000