Allow setting a certificate alias via restriction API.

3 files changed, 39 insertions, 6 deletions

diff --git a/main/src/main/java/de/blinkt/openvpn/api/AppRestrictions.java b/main/src/main/java/de/blinkt/openvpn/api/AppRestrictions.java
index c06b01b3..573dd070 100644
--- a/main/src/main/java/de/blinkt/openvpn/api/AppRestrictions.java
+++ b/main/src/main/java/de/blinkt/openvpn/api/AppRestrictions.java
@@ -33,7 +33,6 @@ public class AppRestrictions {
     final static int CONFIG_VERSION = 1;
     static boolean alreadyChecked = false;
     private static AppRestrictions mInstance;
-    private RestrictionsManager mRestrictionsMgr;
     private BroadcastReceiver mRestrictionsReceiver;
 
     private AppRestrictions(Context c) {
@@ -76,10 +75,10 @@ public class AppRestrictions {
     }
 
     private void applyRestrictions(Context c) {
-        mRestrictionsMgr = (RestrictionsManager) c.getSystemService(Context.RESTRICTIONS_SERVICE);
-        if (mRestrictionsMgr == null)
+        RestrictionsManager restrictionsMgr = (RestrictionsManager) c.getSystemService(Context.RESTRICTIONS_SERVICE);
+        if (restrictionsMgr == null)
             return;
-        Bundle restrictions = mRestrictionsMgr.getApplicationRestrictions();
+        Bundle restrictions = restrictionsMgr.getApplicationRestrictions();
         if (restrictions == null)
             return;
 
@@ -116,6 +115,7 @@ public class AppRestrictions {
             String uuid = p.getString("uuid");
             String ovpn = p.getString("ovpn");
             String name = p.getString("name");
+            String certAlias = p.getString("certificate_alias");
 
             if (uuid == null || ovpn == null || name == null) {
                 VpnStatus.logError("App restriction profile misses uuid, ovpn or name key");
@@ -134,12 +134,15 @@ public class AppRestrictions {
 
             if (vpnProfile != null) {
                 // Profile exists, check if need to update it
-                if (ovpnHash.equals(vpnProfile.importedProfileHash))
+                if (ovpnHash.equals(vpnProfile.importedProfileHash)) {
+                    addCertificateAlias(vpnProfile, certAlias);
+
                     // not modified skip to next profile
                     continue;
-
+                }
             }
             addProfile(c, ovpn, uuid, name, vpnProfile);
+            addCertificateAlias(vpnProfile, certAlias);
         }
 
         Vector<VpnProfile> profilesToRemove = new Vector<>();
@@ -181,6 +184,28 @@ public class AppRestrictions {
         }
     }
 
+    /**
+     * If certAlias is non-null will modify the profile type to use the keystore variant of
+     * the authentication method and will also set the keystore alias
+     */
+    private void addCertificateAlias(VpnProfile vpnProfile, String certAlias) {
+        if (certAlias == null)
+            return;
+
+        switch (vpnProfile.mAuthenticationType)
+        {
+            case VpnProfile.TYPE_PKCS12:
+            case VpnProfile.TYPE_CERTIFICATES:
+                vpnProfile.mAuthenticationType = VpnProfile.TYPE_KEYSTORE;
+                break;
+            case VpnProfile.TYPE_USERPASS_CERTIFICATES:
+            case VpnProfile.TYPE_USERPASS_PKCS12:
+                vpnProfile.mAuthenticationType = VpnProfile.TYPE_USERPASS_KEYSTORE;
+                break;
+        }
+        vpnProfile.mAlias = certAlias;
+    }
+
     private String prepare(String config) {
         String newLine = System.getProperty("line.separator");
         if (!config.contains(newLine) && !config.contains(" ")) {
diff --git a/main/src/main/res/values/untranslatable.xml b/main/src/main/res/values/untranslatable.xml
index cde0d8a5..651af1d3 100644
--- a/main/src/main/res/values/untranslatable.xml
+++ b/main/src/main/res/values/untranslatable.xml
@@ -73,6 +73,8 @@
     <string name="apprest_name">Name</string>
     <string name="apprest_vpnlist">List of VPN configurations</string>
     <string name="apprest_vpnconf">VPN configuration</string>
+    <string name="apprest_certalias">Certificate Alias</string>
+    <string name="apprest_certalias_desc">Alias of a certificate in the Android keystore to use. Leave empty to not use the certificate store.</string>
     <string name="apprest_ver">Version of the managed configuration schema (Currently always 1)</string>
     <string name="apprest_defprof">UUID of the profile that should be selected as default profile in the app</string>
     <string name="privacy_policy">The app OpenVPN for Android does not communicate to any server other than the OpenVPN servers provided in configuration files. The author himself does not collect any data and no therefore also no data is saved. For the privacy policy for the OpenVPN server/VPN service you are using (or other services related to the project like GitHub), please refer to their respective privacy policy.</string>
diff --git a/main/src/main/res/xml/app_restrictions.xml b/main/src/main/res/xml/app_restrictions.xml
index 167e48e8..0451fd25 100644
--- a/main/src/main/res/xml/app_restrictions.xml
+++ b/main/src/main/res/xml/app_restrictions.xml
@@ -44,6 +44,12 @@
                     android:description="@string/apprest_ovpn_desc"
                     android:restrictionType="string"/>
 
+            <restriction
+                    android:key="certificate_alias"
+                    android:title="@string/apprest_certalias"
+                    android:defaultValue=""
+                    android:description="@string/apprest_certalias_desc"
+                    android:restrictionType="string"/>
             <!--
             <restriction
                     android:key="ovpn_list"