summaryrefslogtreecommitdiff
path: root/main
diff options
context:
space:
mode:
authorArne Schwabe <arne@rfc2549.org>2016-01-14 00:35:10 +0100
committerArne Schwabe <arne@rfc2549.org>2016-01-14 00:35:10 +0100
commite5a67778838b7a8ff9a61e59e1add239ceed1caa (patch)
tree932afe233ac9fe1cda57287ba26dbb6baa14013b /main
parent84112714f61796145148b32382a8b725d5349ba4 (diff)
Parse multiple ca certs in <ca> for android device key configurations (closes #426)
Diffstat (limited to 'main')
-rw-r--r--main/src/main/java/de/blinkt/openvpn/VpnProfile.java15
-rw-r--r--main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java3
-rw-r--r--main/src/main/java/de/blinkt/openvpn/core/X509Utils.java28
3 files changed, 29 insertions, 17 deletions
diff --git a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java
index 09fc21ae..ebcf9342 100644
--- a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java
+++ b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java
@@ -768,11 +768,12 @@ public class VpnProfile implements Serializable, Cloneable {
String caout = null;
if (!TextUtils.isEmpty(mCaFilename)) {
try {
- Certificate cacert = X509Utils.getCertificateFromFile(mCaFilename);
+ Certificate[] cacerts = X509Utils.getCertificatesFromFile(mCaFilename);
StringWriter caoutWriter = new StringWriter();
PemWriter pw = new PemWriter(caoutWriter);
- pw.writeObject(new PemObject("CERTIFICATE", cacert.getEncoded()));
+ for (Certificate cert: cacerts)
+ pw.writeObject(new PemObject("CERTIFICATE", cert.getEncoded()));
pw.close();
caout= caoutWriter.toString();
@@ -844,8 +845,14 @@ public class VpnProfile implements Serializable, Cloneable {
if (mIPv4Address == null || cidrToIPAndNetmask(mIPv4Address) == null)
return R.string.ipv4_format_error;
}
- if (!mUseDefaultRoute && (getCustomRoutes(mCustomRoutes).size() == 0|| getCustomRoutes(mExcludedRoutes).size() == 0))
- return R.string.custom_route_format_error;
+ if (!mUseDefaultRoute) {
+ if (!TextUtils.isEmpty(mCustomRoutes) && getCustomRoutes(mCustomRoutes).size() == 0 )
+ return R.string.custom_route_format_error;
+
+ if (!TextUtils.isEmpty(mExcludedRoutes) && getCustomRoutes(mExcludedRoutes).size() == 0 )
+ return R.string.custom_route_format_error;
+
+ }
boolean noRemoteEnabled = true;
for (Connection c : mConnections)
diff --git a/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java b/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java
index 5b8cb2dd..86230a52 100644
--- a/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java
+++ b/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java
@@ -400,7 +400,8 @@ public class ConfigParser {
}
Vector<String> routeNoPull = getOption("route-nopull", 1, 1);
- np.mRoutenopull=true;
+ if (routeNoPull!=null)
+ np.mRoutenopull=true;
// Also recognize tls-auth [inline] direction ...
Vector<Vector<String>> tlsauthoptions = getAllOption("tls-auth", 1, 2);
diff --git a/main/src/main/java/de/blinkt/openvpn/core/X509Utils.java b/main/src/main/java/de/blinkt/openvpn/core/X509Utils.java
index 9bc5ac97..7d72e33f 100644
--- a/main/src/main/java/de/blinkt/openvpn/core/X509Utils.java
+++ b/main/src/main/java/de/blinkt/openvpn/core/X509Utils.java
@@ -25,31 +25,35 @@ import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
-import java.text.DateFormat;
-import java.util.Calendar;
+import java.util.ArrayList;
import java.util.Date;
import java.util.Hashtable;
+import java.util.Vector;
public class X509Utils {
- public static Certificate getCertificateFromFile(String certfilename) throws FileNotFoundException, CertificateException {
+ public static Certificate[] getCertificatesFromFile(String certfilename) throws FileNotFoundException, CertificateException {
CertificateFactory certFact = CertificateFactory.getInstance("X.509");
- InputStream inStream;
-
+ Vector<Certificate> certificates = new Vector<>();
if(VpnProfile.isEmbedded(certfilename)) {
- // The java certifcate reader is ... kind of stupid
- // It does NOT ignore chars before the --BEGIN ...
int subIndex = certfilename.indexOf("-----BEGIN CERTIFICATE-----");
- subIndex = Math.max(0,subIndex);
- inStream = new ByteArrayInputStream(certfilename.substring(subIndex).getBytes());
+ do {
+ // The java certifcate reader is ... kind of stupid
+ // It does NOT ignore chars before the --BEGIN ...
+ subIndex = Math.max(0, subIndex);
+ InputStream inStream = new ByteArrayInputStream(certfilename.substring(subIndex).getBytes());
+ certificates.add(certFact.generateCertificate(inStream));
+ subIndex = certfilename.indexOf("-----BEGIN CERTIFICATE-----", subIndex+1);
+ } while (subIndex > 0);
+ return certificates.toArray(new Certificate[certificates.size()]);
} else {
- inStream = new FileInputStream(certfilename);
+ InputStream inStream = new FileInputStream(certfilename);
+ return new Certificate[] {certFact.generateCertificate(inStream)};
}
- return certFact.generateCertificate(inStream);
}
public static PemObject readPemObjectFromFile (String keyfilename) throws IOException {
@@ -73,7 +77,7 @@ public class X509Utils {
public static String getCertificateFriendlyName (Context c, String filename) {
if(!TextUtils.isEmpty(filename)) {
try {
- X509Certificate cert = (X509Certificate) getCertificateFromFile(filename);
+ X509Certificate cert = (X509Certificate) getCertificatesFromFile(filename)[0];
String friendlycn = getCertificateFriendlyName(cert);
friendlycn = getCertificateValidityString(cert, c.getResources()) + friendlycn;
return friendlycn;