diff options
| author | Arne Schwabe <arne@rfc2549.org> | 2023-05-05 16:48:44 +0200 |
|---|---|---|
| committer | Arne Schwabe <arne@rfc2549.org> | 2023-05-05 16:48:44 +0200 |
| commit | 8bb986f5149f1efdece68eec329b693795d8cf75 (patch) | |
| tree | a0ba11b046142cf74d12c52d1d8926918af41feb | |
| parent | 4c0e72f7a213b5204f10cc030155fa26f65e9865 (diff) | |
Fix hash comparison when profile is base64 encoded. Allow going back to non-Alias config
| -rw-r--r-- | main/src/main/java/de/blinkt/openvpn/api/AppRestrictions.java | 48 |
1 files changed, 37 insertions, 11 deletions
diff --git a/main/src/main/java/de/blinkt/openvpn/api/AppRestrictions.java b/main/src/main/java/de/blinkt/openvpn/api/AppRestrictions.java index c2f539ae..bdab3be3 100644 --- a/main/src/main/java/de/blinkt/openvpn/api/AppRestrictions.java +++ b/main/src/main/java/de/blinkt/openvpn/api/AppRestrictions.java @@ -60,7 +60,8 @@ public class AppRestrictions { c.unregisterReceiver(mRestrictionsReceiver); } - private String hashConfig(String config) { + private String hashConfig(String rawconfig) { + String config = prepare(rawconfig); MessageDigest digest; try { digest = MessageDigest.getInstance("SHA1"); @@ -121,6 +122,10 @@ public class AppRestrictions { continue; } + /* we always use lower case uuid since Android UUID class will use present + * them that way */ + uuid = uuid.toLowerCase(Locale.US); + if (uuid.equals(defaultprofile)) defaultprofileProvisioned = true; @@ -188,22 +193,43 @@ public class AppRestrictions { * the authentication method and will also set the keystore alias */ private void addCertificateAlias(VpnProfile vpnProfile, String certAlias, Context c) { - if (certAlias == null || vpnProfile == null) + if (vpnProfile == null) return; int oldType = vpnProfile.mAuthenticationType; String oldAlias = vpnProfile.mAlias; - switch (vpnProfile.mAuthenticationType) + if (!TextUtils.isEmpty(certAlias)) { + switch (vpnProfile.mAuthenticationType) + { + case VpnProfile.TYPE_PKCS12: + case VpnProfile.TYPE_CERTIFICATES: + vpnProfile.mAuthenticationType = VpnProfile.TYPE_KEYSTORE; + break; + case VpnProfile.TYPE_USERPASS_CERTIFICATES: + case VpnProfile.TYPE_USERPASS_PKCS12: + vpnProfile.mAuthenticationType = VpnProfile.TYPE_USERPASS_KEYSTORE; + break; + } + + } else { - case VpnProfile.TYPE_PKCS12: - case VpnProfile.TYPE_CERTIFICATES: - vpnProfile.mAuthenticationType = VpnProfile.TYPE_KEYSTORE; - break; - case VpnProfile.TYPE_USERPASS_CERTIFICATES: - case VpnProfile.TYPE_USERPASS_PKCS12: - vpnProfile.mAuthenticationType = VpnProfile.TYPE_USERPASS_KEYSTORE; - break; + /* Alias is null, return to non keystore method */ + boolean pkcs12present = !TextUtils.isEmpty(vpnProfile.mPKCS12Filename); + switch (vpnProfile.mAuthenticationType) { + case VpnProfile.TYPE_USERPASS_KEYSTORE: + if (pkcs12present) + vpnProfile.mAuthenticationType = VpnProfile.TYPE_USERPASS_PKCS12; + else + vpnProfile.mAuthenticationType = VpnProfile.TYPE_USERPASS_CERTIFICATES; + break; + case VpnProfile.TYPE_KEYSTORE: + if (pkcs12present) + vpnProfile.mAuthenticationType = VpnProfile.TYPE_PKCS12; + else + vpnProfile.mAuthenticationType = VpnProfile.TYPE_CERTIFICATES; + break; + } } vpnProfile.mAlias = certAlias; |