From 39197a456562402ad42c5d78deafbbcefa024582 Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Sun, 17 Jun 2012 17:48:52 +0200 Subject: - Fix last commit - Implement reading extra CA cert from file to fix keystore error on some mobile phones --- src/de/blinkt/openvpn/LaunchVPN.java | 2 +- src/de/blinkt/openvpn/OpenVPN.java | 11 +++++++++++ src/de/blinkt/openvpn/Settings_Basic.java | 6 +++++- src/de/blinkt/openvpn/VpnProfile.java | 30 +++++++++++++++++++++++++++++- 4 files changed, 46 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/de/blinkt/openvpn/LaunchVPN.java b/src/de/blinkt/openvpn/LaunchVPN.java index b4151c24..e76057d7 100644 --- a/src/de/blinkt/openvpn/LaunchVPN.java +++ b/src/de/blinkt/openvpn/LaunchVPN.java @@ -105,7 +105,7 @@ public class LaunchVPN extends ListActivity implements OnItemClickListener { if(Intent.ACTION_MAIN.equals(action)) { // we got called to be the starting point, most likely a shortcut String shortcutUUID = intent.getStringExtra( EXTRA_KEY); - String shortcutName = intent.getStringExtra( EXTRA_KEY); + String shortcutName = intent.getStringExtra( EXTRA_NAME); VpnProfile profileToConnect = ProfileManager.get(shortcutUUID); if(shortcutName != null && profileToConnect ==null) diff --git a/src/de/blinkt/openvpn/OpenVPN.java b/src/de/blinkt/openvpn/OpenVPN.java index 39533db3..b09eb60e 100644 --- a/src/de/blinkt/openvpn/OpenVPN.java +++ b/src/de/blinkt/openvpn/OpenVPN.java @@ -35,6 +35,12 @@ public class OpenVPN { mMessage = message; } + public LogItem(int loglevel, String msg) { + mLevel = loglevel; + mMessage = msg; + } + + String getString(Context c) { if(mMessage !=null) { return mMessage; @@ -144,6 +150,11 @@ public class OpenVPN { } } + public static void logError(String msg) { + newlogItem(new LogItem(LogItem.ERROR, msg)); + + } + } diff --git a/src/de/blinkt/openvpn/Settings_Basic.java b/src/de/blinkt/openvpn/Settings_Basic.java index bafee229..1b82b579 100644 --- a/src/de/blinkt/openvpn/Settings_Basic.java +++ b/src/de/blinkt/openvpn/Settings_Basic.java @@ -200,7 +200,7 @@ public class Settings_Basic extends Fragment implements View.OnClickListener, On mView.findViewById(R.id.userpassword).setVisibility(View.GONE); mView.findViewById(R.id.key_password_layout).setVisibility(View.GONE); - // Fallthroughs are by desing + // Fall through are by design switch(type) { case VpnProfile.TYPE_USERPASS_CERTIFICATES: mView.findViewById(R.id.userpassword).setVisibility(View.VISIBLE); @@ -210,18 +210,22 @@ public class Settings_Basic extends Fragment implements View.OnClickListener, On if(mProfile.requireTLSKeyPassword()) mView.findViewById(R.id.key_password_layout).setVisibility(View.VISIBLE); break; + case VpnProfile.TYPE_USERPASS_PKCS12: mView.findViewById(R.id.userpassword).setVisibility(View.VISIBLE); case VpnProfile.TYPE_PKCS12: mView.findViewById(R.id.pkcs12).setVisibility(View.VISIBLE); break; + case VpnProfile.TYPE_STATICKEYS: mView.findViewById(R.id.statickeys).setVisibility(View.VISIBLE); break; + case VpnProfile.TYPE_USERPASS_KEYSTORE: mView.findViewById(R.id.userpassword).setVisibility(View.VISIBLE); case VpnProfile.TYPE_KEYSTORE: mView.findViewById(R.id.keystore).setVisibility(View.VISIBLE); + mView.findViewById(R.id.cacert).setVisibility(View.VISIBLE); break; case VpnProfile.TYPE_USERPASS: diff --git a/src/de/blinkt/openvpn/VpnProfile.java b/src/de/blinkt/openvpn/VpnProfile.java index e9cb994a..7ca75723 100644 --- a/src/de/blinkt/openvpn/VpnProfile.java +++ b/src/de/blinkt/openvpn/VpnProfile.java @@ -1,17 +1,22 @@ package de.blinkt.openvpn; +import java.io.ByteArrayInputStream; import java.io.File; +import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.FileOutputStream; import java.io.FileReader; import java.io.FileWriter; import java.io.IOException; +import java.io.InputStream; import java.io.Serializable; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; +import java.security.cert.Certificate; import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.util.Collection; import java.util.Random; @@ -474,7 +479,7 @@ public class VpnProfile implements Serializable{ try { privateKey = KeyChain.getPrivateKey(context,mAlias); cachain = KeyChain.getCertificateChain(context, mAlias); - if(cachain.length <= 1) + if(cachain.length <= 1 && !nonNull(mCaFilename)) OpenVPN.logMessage(0, "", context.getString(R.string.keychain_nocacert)); @@ -484,6 +489,15 @@ public class VpnProfile implements Serializable{ KeyStore ks = KeyStore.getInstance("PKCS12"); ks.load(null, null); + if(nonNull(mCaFilename)) { + try { + Certificate cacert = getCacertFromFile(); + + ks.setCertificateEntry("cacert", cacert); + } catch (Exception e) { + OpenVPN.logError("Could not read CA certificate" + e.getLocalizedMessage()); + } + } ks.setKeyEntry("usercert", privateKey, null, cachain); String mypw = getTemporaryPKCS12Password(); FileOutputStream fout = new FileOutputStream(context.getCacheDir().getAbsolutePath() + "/" + VpnProfile.OVPNCONFIGPKCS12); @@ -507,6 +521,20 @@ public class VpnProfile implements Serializable{ } } + private Certificate getCacertFromFile() throws FileNotFoundException, CertificateException { + CertificateFactory certFact = CertificateFactory.getInstance("X.509"); + + InputStream inStream; + + if(mCaFilename.startsWith(INLINE_TAG)) + inStream = new ByteArrayInputStream(mCaFilename.replace(INLINE_TAG,"").getBytes()); + else + inStream = new FileInputStream(mCaFilename); + + return certFact.generateCertificate(inStream); + } + + //! Return an error if somethign is wrong int checkProfile() { if((mAuthenticationType==TYPE_KEYSTORE || mAuthenticationType==TYPE_USERPASS_KEYSTORE) && mAlias==null) -- cgit v1.2.3