summaryrefslogtreecommitdiff
path: root/main/src
diff options
context:
space:
mode:
authorArne Schwabe <arne@rfc2549.org>2023-05-05 16:48:44 +0200
committerArne Schwabe <arne@rfc2549.org>2023-05-05 16:48:44 +0200
commit8bb986f5149f1efdece68eec329b693795d8cf75 (patch)
treea0ba11b046142cf74d12c52d1d8926918af41feb /main/src
parent4c0e72f7a213b5204f10cc030155fa26f65e9865 (diff)
Fix hash comparison when profile is base64 encoded. Allow going back to non-Alias config
Diffstat (limited to 'main/src')
-rw-r--r--main/src/main/java/de/blinkt/openvpn/api/AppRestrictions.java48
1 files changed, 37 insertions, 11 deletions
diff --git a/main/src/main/java/de/blinkt/openvpn/api/AppRestrictions.java b/main/src/main/java/de/blinkt/openvpn/api/AppRestrictions.java
index c2f539ae..bdab3be3 100644
--- a/main/src/main/java/de/blinkt/openvpn/api/AppRestrictions.java
+++ b/main/src/main/java/de/blinkt/openvpn/api/AppRestrictions.java
@@ -60,7 +60,8 @@ public class AppRestrictions {
c.unregisterReceiver(mRestrictionsReceiver);
}
- private String hashConfig(String config) {
+ private String hashConfig(String rawconfig) {
+ String config = prepare(rawconfig);
MessageDigest digest;
try {
digest = MessageDigest.getInstance("SHA1");
@@ -121,6 +122,10 @@ public class AppRestrictions {
continue;
}
+ /* we always use lower case uuid since Android UUID class will use present
+ * them that way */
+ uuid = uuid.toLowerCase(Locale.US);
+
if (uuid.equals(defaultprofile))
defaultprofileProvisioned = true;
@@ -188,22 +193,43 @@ public class AppRestrictions {
* the authentication method and will also set the keystore alias
*/
private void addCertificateAlias(VpnProfile vpnProfile, String certAlias, Context c) {
- if (certAlias == null || vpnProfile == null)
+ if (vpnProfile == null)
return;
int oldType = vpnProfile.mAuthenticationType;
String oldAlias = vpnProfile.mAlias;
- switch (vpnProfile.mAuthenticationType)
+ if (!TextUtils.isEmpty(certAlias)) {
+ switch (vpnProfile.mAuthenticationType)
+ {
+ case VpnProfile.TYPE_PKCS12:
+ case VpnProfile.TYPE_CERTIFICATES:
+ vpnProfile.mAuthenticationType = VpnProfile.TYPE_KEYSTORE;
+ break;
+ case VpnProfile.TYPE_USERPASS_CERTIFICATES:
+ case VpnProfile.TYPE_USERPASS_PKCS12:
+ vpnProfile.mAuthenticationType = VpnProfile.TYPE_USERPASS_KEYSTORE;
+ break;
+ }
+
+ } else
{
- case VpnProfile.TYPE_PKCS12:
- case VpnProfile.TYPE_CERTIFICATES:
- vpnProfile.mAuthenticationType = VpnProfile.TYPE_KEYSTORE;
- break;
- case VpnProfile.TYPE_USERPASS_CERTIFICATES:
- case VpnProfile.TYPE_USERPASS_PKCS12:
- vpnProfile.mAuthenticationType = VpnProfile.TYPE_USERPASS_KEYSTORE;
- break;
+ /* Alias is null, return to non keystore method */
+ boolean pkcs12present = !TextUtils.isEmpty(vpnProfile.mPKCS12Filename);
+ switch (vpnProfile.mAuthenticationType) {
+ case VpnProfile.TYPE_USERPASS_KEYSTORE:
+ if (pkcs12present)
+ vpnProfile.mAuthenticationType = VpnProfile.TYPE_USERPASS_PKCS12;
+ else
+ vpnProfile.mAuthenticationType = VpnProfile.TYPE_USERPASS_CERTIFICATES;
+ break;
+ case VpnProfile.TYPE_KEYSTORE:
+ if (pkcs12present)
+ vpnProfile.mAuthenticationType = VpnProfile.TYPE_PKCS12;
+ else
+ vpnProfile.mAuthenticationType = VpnProfile.TYPE_CERTIFICATES;
+ break;
+ }
}
vpnProfile.mAlias = certAlias;