From 8e5ce3e312f03035314b6ab036c625f83a515fc7 Mon Sep 17 00:00:00 2001 From: cyBerta Date: Mon, 13 Dec 2021 10:11:52 +0100 Subject: add hexacab config testwise --- app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/src/main/java/se/leap/bitmaskclient/base') diff --git a/app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java b/app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java index 6c242e5a..dccb5678 100644 --- a/app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java +++ b/app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java @@ -105,7 +105,7 @@ public class ConfigHelper { try { cf = CertificateFactory.getInstance("X.509"); - certificateString = certificateString.replaceFirst("-----BEGIN CERTIFICATE-----", "").replaceFirst("-----END CERTIFICATE-----", "").trim(); + certificateString = certificateString.replaceAll("-----BEGIN CERTIFICATE-----", "").trim().replaceAll("-----END CERTIFICATE-----", "").trim(); byte[] cert_bytes = Base64.decode(certificateString); InputStream caInput = new ByteArrayInputStream(cert_bytes); try { -- cgit v1.2.3 From 8411cd82c0572e0e871c1cf93e0d4c05b35fb999 Mon Sep 17 00:00:00 2001 From: cyBerta Date: Thu, 16 Dec 2021 23:45:41 +0100 Subject: allow to parse and handle multiple certs in a pem file --- .../bitmaskclient/base/utils/ConfigHelper.java | 32 +++++---- .../bitmaskclient/base/utils/KeyStoreHelper.java | 78 ---------------------- 2 files changed, 20 insertions(+), 90 deletions(-) delete mode 100644 app/src/main/java/se/leap/bitmaskclient/base/utils/KeyStoreHelper.java (limited to 'app/src/main/java/se/leap/bitmaskclient/base') diff --git a/app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java b/app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java index dccb5678..0a81b9cb 100644 --- a/app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java +++ b/app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java @@ -20,6 +20,7 @@ import android.content.Context; import android.content.res.Resources; import android.os.Build; import android.os.Looper; +import android.util.Log; import androidx.annotation.NonNull; import androidx.annotation.Nullable; @@ -37,6 +38,7 @@ import java.security.KeyFactory; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; +import java.security.cert.Certificate; import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; @@ -44,10 +46,13 @@ import java.security.cert.X509Certificate; import java.security.interfaces.RSAPrivateKey; import java.security.spec.InvalidKeySpecException; import java.security.spec.PKCS8EncodedKeySpec; +import java.util.ArrayList; import java.util.Calendar; +import java.util.Collection; import java.util.regex.Matcher; import java.util.regex.Pattern; +import de.blinkt.openvpn.core.VpnStatus; import se.leap.bitmaskclient.BuildConfig; import se.leap.bitmaskclient.R; import se.leap.bitmaskclient.providersetup.ProviderAPI; @@ -99,25 +104,28 @@ public class ConfigHelper { return ret; } - public static X509Certificate parseX509CertificateFromString(String certificateString) { - java.security.cert.Certificate certificate = null; + public static ArrayList parseX509CertificatesFromString(String certificateString) { + Collection certificates; CertificateFactory cf; try { cf = CertificateFactory.getInstance("X.509"); certificateString = certificateString.replaceAll("-----BEGIN CERTIFICATE-----", "").trim().replaceAll("-----END CERTIFICATE-----", "").trim(); - byte[] cert_bytes = Base64.decode(certificateString); - InputStream caInput = new ByteArrayInputStream(cert_bytes); - try { - certificate = cf.generateCertificate(caInput); - System.out.println("ca=" + ((X509Certificate) certificate).getSubjectDN()); - } finally { - caInput.close(); + byte[] certBytes = Base64.decode(certificateString); + try (InputStream caInput = new ByteArrayInputStream(certBytes)) { + certificates = cf.generateCertificates(caInput); + if (certificates != null) { + for (Certificate cert : certificates) { + System.out.println("ca=" + ((X509Certificate) cert).getSubjectDN()); + } + return (ArrayList) certificates; + } } - } catch (NullPointerException | CertificateException | IOException | IllegalArgumentException e) { - return null; + } catch (NullPointerException | CertificateException | IOException | IllegalArgumentException | ClassCastException e) { + e.printStackTrace(); } - return (X509Certificate) certificate; + + return null; } public static RSAPrivateKey parseRsaKeyFromString(String rsaKeyString) { diff --git a/app/src/main/java/se/leap/bitmaskclient/base/utils/KeyStoreHelper.java b/app/src/main/java/se/leap/bitmaskclient/base/utils/KeyStoreHelper.java deleted file mode 100644 index b0b28993..00000000 --- a/app/src/main/java/se/leap/bitmaskclient/base/utils/KeyStoreHelper.java +++ /dev/null @@ -1,78 +0,0 @@ -package se.leap.bitmaskclient.base.utils; - -import java.io.IOException; -import java.io.InputStream; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; -import java.security.cert.X509Certificate; - -/** - * Created by cyberta on 18.03.18. - */ - -public class KeyStoreHelper { - private static KeyStore trustedKeystore; - - /** - * Adds a new X509 certificate given its input stream and its provider name - * - * @param provider used to store the certificate in the keystore - * @param inputStream from which X509 certificate must be generated. - */ - public static void addTrustedCertificate(String provider, InputStream inputStream) { - CertificateFactory cf; - try { - cf = CertificateFactory.getInstance("X.509"); - X509Certificate cert = - (X509Certificate) cf.generateCertificate(inputStream); - trustedKeystore.setCertificateEntry(provider, cert); - } catch (CertificateException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (KeyStoreException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - } - - /** - * Adds a new X509 certificate given in its string from and using its provider name - * - * @param provider used to store the certificate in the keystore - * @param certificate - */ - public static void addTrustedCertificate(String provider, String certificate) { - - try { - X509Certificate cert = ConfigHelper.parseX509CertificateFromString(certificate); - if (trustedKeystore == null) { - trustedKeystore = KeyStore.getInstance("BKS"); - trustedKeystore.load(null); - } - trustedKeystore.setCertificateEntry(provider, cert); - } catch (KeyStoreException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (NoSuchAlgorithmException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (CertificateException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } catch (IOException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - } - - /** - * @return class wide keystore - */ - public static KeyStore getKeystore() { - return trustedKeystore; - } - -} -- cgit v1.2.3 From d5e64c8c71f188df4e25715231179c979e8ab7a9 Mon Sep 17 00:00:00 2001 From: cyBerta Date: Fri, 17 Dec 2021 02:12:35 +0100 Subject: cleanup imports --- app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java | 2 -- 1 file changed, 2 deletions(-) (limited to 'app/src/main/java/se/leap/bitmaskclient/base') diff --git a/app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java b/app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java index 0a81b9cb..27943022 100644 --- a/app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java +++ b/app/src/main/java/se/leap/bitmaskclient/base/utils/ConfigHelper.java @@ -20,7 +20,6 @@ import android.content.Context; import android.content.res.Resources; import android.os.Build; import android.os.Looper; -import android.util.Log; import androidx.annotation.NonNull; import androidx.annotation.Nullable; @@ -52,7 +51,6 @@ import java.util.Collection; import java.util.regex.Matcher; import java.util.regex.Pattern; -import de.blinkt.openvpn.core.VpnStatus; import se.leap.bitmaskclient.BuildConfig; import se.leap.bitmaskclient.R; import se.leap.bitmaskclient.providersetup.ProviderAPI; -- cgit v1.2.3