Fix KeyChain crash (#530)

This happens due to a race condition in background threads that use an activity context to call long-running RPCs in keychain and keystore. If the activity goes away while services are still bound, its context will be disposed of and any attempts to unbind those services will raise an IllegalStateException. The right thing to do is make these calls using an application context instead.
author: Robin Lee <hex539@users.noreply.github.com> 2016-07-26 16:16:22 +0100
committer: Arne Schwabe <arne@rfc2549.org> 2016-07-26 17:16:22 +0200
commit: 3315ceaa78a45c39196a99d1dda35b1a9b59ec00 (patch)
tree: 1fcd68b7b75e99a8a3e553a4852a9299183ed9de
parent: 7ec9538b67c30bdc1a88e68a251fb03a4c65923e (diff)
3 files changed, 6 insertions, 32 deletions
diff --git a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java
index a082ce8e..fe8cb19a 100644
--- a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java
+++ b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java
@@ -747,6 +747,10 @@ public class VpnProfile implements Serializable, Cloneable {
     }
 
     synchronized String[] getKeyStoreCertificates(Context context, int tries) {
+        // Force application context- KeyChain methods will block long enough that by the time they
+        // are finished and try to unbind, the original activity context might have been destroyed.
+        context = context.getApplicationContext();
+
         try {
             PrivateKey privateKey = KeyChain.getPrivateKey(context, mAlias);
             mPrivateKey = privateKey;
diff --git a/main/src/main/java/de/blinkt/openvpn/fragments/Settings_Basic.java b/main/src/main/java/de/blinkt/openvpn/fragments/Settings_Basic.java
index 78976c44..ea8768d3 100644
--- a/main/src/main/java/de/blinkt/openvpn/fragments/Settings_Basic.java
+++ b/main/src/main/java/de/blinkt/openvpn/fragments/Settings_Basic.java
@@ -81,7 +81,7 @@ public class Settings_Basic extends Settings_Fragment implements View.OnClickLis
             public void run() {
                 String certstr="";
                 try {
-                    X509Certificate cert = KeyChain.getCertificateChain(getActivity(), mProfile.mAlias)[0];
+                    X509Certificate cert = KeyChain.getCertificateChain(getActivity().getApplicationContext(), mProfile.mAlias)[0];
 
                     if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR2) {
                         {
@@ -111,7 +111,7 @@ public class Settings_Basic extends Settings_Fragment implements View.OnClickLis
 
     @TargetApi(Build.VERSION_CODES.JELLY_BEAN_MR2)
     private boolean isInHardwareKeystore() throws KeyChainException, InterruptedException {
-        String algorithm = KeyChain.getPrivateKey(getActivity(), mProfile.mAlias).getAlgorithm();
+        String algorithm = KeyChain.getPrivateKey(getActivity().getApplicationContext(), mProfile.mAlias).getAlgorithm();
         return KeyChain.isBoundKeyAlgorithm(algorithm);
     }
 
diff --git a/misc/todo-keychain-crash.txt b/misc/todo-keychain-crash.txt
deleted file mode 100644
index 04ac32e1..00000000
--- a/misc/todo-keychain-crash.txt
+++ /dev/null
@@ -1,30 +0,0 @@
-V/TEEKeyMaster(  131): Closing subsession 0x404fd468: 0x0
-E/ActivityThread(18919): Activity de.blinkt.openvpn.LaunchVPN has leaked ServiceConnection android.security.KeyChain$1@42145e30 that was originally bound here
-E/ActivityThread(18919): android.app.ServiceConnectionLeaked: Activity de.blinkt.openvpn.LaunchVPN has leaked ServiceConnection android.security.KeyChain$1@42145e30 that was originally bound here
-E/ActivityThread(18919):                                      at android.app.LoadedApk$ServiceDispatcher.<init>(LoadedApk.java:974)
-E/ActivityThread(18919):                                      at android.app.LoadedApk.getServiceDispatcher(LoadedApk.java:868)
-E/ActivityThread(18919):                                      at android.app.ContextImpl.bindServiceAsUser(ContextImpl.java:1452)
-E/ActivityThread(18919):                                      at android.app.ContextImpl.bindService(ContextImpl.java:1440)
-E/ActivityThread(18919):                                      at android.security.KeyChain.bind(KeyChain.java:444)
-E/ActivityThread(18919):                                      at android.security.KeyChain.getCertificateChain(KeyChain.java:336)
-E/ActivityThread(18919):                                      at de.blinkt.openvpn.VpnProfile.getKeyStoreCertificates(VpnProfile.java:562)
-E/ActivityThread(18919):                                      at de.blinkt.openvpn.VpnProfile.getKeyStoreCertificates(VpnProfile.java:549)
-E/ActivityThread(18919):                                      at de.blinkt.openvpn.VpnProfile.getConfigFile(VpnProfile.java:251)
-E/ActivityThread(18919):                                      at de.blinkt.openvpn.VpnProfile.prepareIntent(VpnProfile.java:538)
-E/ActivityThread(18919):                                      at de.blinkt.openvpn.core.VPNLaunchHelper.startOpenVpn(VPNLaunchHelper.java:71)
-E/ActivityThread(18919):                                      at de.blinkt.openvpn.LaunchVPN$startOpenVpnThread.run(LaunchVPN.java:374)
-W/ActivityManager(  443): Unbind failed: could not find connection for android.os.BinderProxy@4277f580
-W/dalvikvm(18919): threadid=16: thread exiting with uncaught exception (group=0x419bd700)
-E/AndroidRuntime(18919): FATAL EXCEPTION: Thread-738
-E/AndroidRuntime(18919): java.lang.IllegalArgumentException: Service not registered: android.security.KeyChain$1@42145e30
-E/AndroidRuntime(18919):                                     at android.app.LoadedApk.forgetServiceDispatcher(LoadedApk.java:926)
-E/AndroidRuntime(18919):                                     at android.app.ContextImpl.unbindService(ContextImpl.java:1485)
-E/AndroidRuntime(18919):                                     at android.security.KeyChain$KeyChainConnection.close(KeyChain.java:412)
-E/AndroidRuntime(18919):                                     at android.security.KeyChain.getCertificateChain(KeyChain.java:355)
-E/AndroidRuntime(18919):                                     at de.blinkt.openvpn.VpnProfile.getKeyStoreCertificates(VpnProfile.java:562)
-E/AndroidRuntime(18919):                                     at de.blinkt.openvpn.VpnProfile.getKeyStoreCertificates(VpnProfile.java:549)
-E/AndroidRuntime(18919):                                     at de.blinkt.openvpn.VpnProfile.getConfigFile(VpnProfile.java:251)
-E/AndroidRuntime(18919):                                     at de.blinkt.openvpn.VpnProfile.prepareIntent(VpnProfile.java:538)
-E/AndroidRuntime(18919):                                     at de.blinkt.openvpn.core.VPNLaunchHelper.startOpenVpn(VPNLaunchHelper.java:71)
-E/AndroidRuntime(18919):                                     at de.blinkt.openvpn.LaunchVPN$startOpenVpnThread.run(LaunchVPN.java:374)
-W/ActivityManager(  443):   Force finishing activity de.blinkt.openvpn/.LogWindow
author	Robin Lee <hex539@users.noreply.github.com>	2016-07-26 16:16:22 +0100
committer	Arne Schwabe <arne@rfc2549.org>	2016-07-26 17:16:22 +0200
commit	3315ceaa78a45c39196a99d1dda35b1a9b59ec00 (patch)
tree	1fcd68b7b75e99a8a3e553a4852a9299183ed9de
parent	7ec9538b67c30bdc1a88e68a251fb03a4c65923e (diff)