From 08fb1d8c20604c25d1e6424e2dcb0d93d81a14e4 Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Sun, 13 May 2012 23:00:27 +0200 Subject: If you think having cought all things that are broken in images one images tries harder to break things... --- res/values/strings.xml | 4 +- src/de/blinkt/openvpn/Settings_Basic.java | 96 +++++++++++++++++-------------- 2 files changed, 57 insertions(+), 43 deletions(-) diff --git a/res/values/strings.xml b/res/values/strings.xml index 9b0c8f23..85ed7620 100644 --- a/res/values/strings.xml +++ b/res/values/strings.xml @@ -214,5 +214,7 @@ Import configuration file Security considerations "As openvpn is security sensitive a few notes about security are sensible. All data on the sdcard is inherently unsecure. Every app can read it (for example this program requires no special sd card rights). The data of this application can only be read by the application itself. By using the import option for cacert/cert/key in the file dialog the data is stored in the vpn profile. The vpn profiles are only accessable by this application. (Do not forget to delte the copies on the sdcard afterwards). Even though accessible only by this application the data is stil unecrypted. By rooting the telephone or other exploits it may be possible to retrieve the data. Saved passwords are stored in plain text as well. For pkcs12 files it is highly recommended that you import them into the android keystore." - Import + Import + Error showing certificate selection + Got an excption trying to show the Android 4.0+ certificate selction dialog. This should never happens as this a standard feature of Android 4.0+. Maybe your Android ROM support for certificate storage is broken diff --git a/src/de/blinkt/openvpn/Settings_Basic.java b/src/de/blinkt/openvpn/Settings_Basic.java index 00663173..6e829228 100644 --- a/src/de/blinkt/openvpn/Settings_Basic.java +++ b/src/de/blinkt/openvpn/Settings_Basic.java @@ -19,7 +19,10 @@ package de.blinkt.openvpn; import java.util.HashMap; import android.app.Activity; +import android.app.AlertDialog; +import android.app.AlertDialog.Builder; import android.app.Fragment; +import android.content.ActivityNotFoundException; import android.content.Intent; import android.os.Bundle; import android.os.Handler; @@ -36,6 +39,7 @@ import android.widget.CheckBox; import android.widget.EditText; import android.widget.Spinner; import android.widget.TextView; +import android.widget.Toast; import android.widget.ToggleButton; @@ -45,7 +49,7 @@ public class Settings_Basic extends Fragment implements View.OnClickListener, On private static final int CHOOSE_FILE_OFFSET = 1000; private static final int UPDATE_ALIAS = 20; - + private TextView mServerAddress; private TextView mServerPort; @@ -63,7 +67,7 @@ public class Settings_Basic extends Fragment implements View.OnClickListener, On - + private HashMap fileselects = new HashMap(); @@ -87,8 +91,8 @@ public class Settings_Basic extends Fragment implements View.OnClickListener, On fileselects.put(i, fsl); fsl.setFragment(this,i); } - - + + public void onCreate(Bundle savedInstanceState) { String profileuuid =getArguments().getString(getActivity().getPackageName() + ".profileUUID"); mProfile=ProfileManager.get(profileuuid); @@ -97,10 +101,10 @@ public class Settings_Basic extends Fragment implements View.OnClickListener, On @Override public View onCreateView(LayoutInflater inflater, ViewGroup container, Bundle savedInstanceState) { - - + + mView = inflater.inflate(R.layout.basic_settings,container,false); - + mProfileName = (EditText) mView.findViewById(R.id.profilename); mServerAddress = (TextView) mView.findViewById(R.id.address); mServerPort = (TextView) mView.findViewById(R.id.port); @@ -116,9 +120,9 @@ public class Settings_Basic extends Fragment implements View.OnClickListener, On mUserName = (EditText) mView.findViewById(R.id.auth_username); mPassword = (EditText) mView.findViewById(R.id.auth_password); - - - + + + addFileSelectLayout(mCaCert); addFileSelectLayout(mClientCert); @@ -131,26 +135,26 @@ public class Settings_Basic extends Fragment implements View.OnClickListener, On mType.setOnItemSelectedListener(this); mView.findViewById(R.id.select_keystore_button).setOnClickListener(this); - + if (mHandler == null) { mHandler = new Handler(this); } - + return mView; } - - - @Override + + + @Override public void onActivityResult(int request, int result, Intent data) { - if (result == Activity.RESULT_OK && request >= CHOOSE_FILE_OFFSET) { - String filedata = data.getStringExtra(FileSelect.RESULT_DATA); - FileSelectLayout fsl = fileselects.get(request); - fsl.setData(filedata); - } - savePreferences(); - } - + if (result == Activity.RESULT_OK && request >= CHOOSE_FILE_OFFSET) { + String filedata = data.getStringExtra(FileSelect.RESULT_DATA); + FileSelectLayout fsl = fileselects.get(request); + fsl.setData(filedata); + } + savePreferences(); + } + @Override public void onActivityCreated(Bundle savedInstanceState) { @@ -197,7 +201,7 @@ public class Settings_Basic extends Fragment implements View.OnClickListener, On case VpnProfile.TYPE_KEYSTORE: mView.findViewById(R.id.keystore).setVisibility(View.VISIBLE); break; - + case VpnProfile.TYPE_USERPASS: mView.findViewById(R.id.userpassword).setVisibility(View.VISIBLE); mView.findViewById(R.id.cacert).setVisibility(View.VISIBLE); @@ -222,7 +226,7 @@ public class Settings_Basic extends Fragment implements View.OnClickListener, On mPKCS12Password.setText(mProfile.mPKCS12Password); mUserName.setText(mProfile.mUsername); mPassword.setText(mProfile.mPassword); - + setAlias(); } @@ -258,22 +262,30 @@ public class Settings_Basic extends Fragment implements View.OnClickListener, On } public void showCertDialog () { - KeyChain.choosePrivateKeyAlias(getActivity(), - new KeyChainAliasCallback() { - - public void alias(String alias) { - // Credential alias selected. Remember the alias selection for future use. - mProfile.mAlias=alias; - mHandler.sendEmptyMessage(UPDATE_ALIAS); - } - - - }, - new String[] {"RSA", "DSA"}, // List of acceptable key types. null for any - null, // issuer, null for any - "internal.example.com", // host name of server requesting the cert, null if unavailable - 443, // port of server requesting the cert, -1 if unavailable - null); // alias to preselect, null if unavailable + try { + KeyChain.choosePrivateKeyAlias(getActivity(), + new KeyChainAliasCallback() { + + public void alias(String alias) { + // Credential alias selected. Remember the alias selection for future use. + mProfile.mAlias=alias; + mHandler.sendEmptyMessage(UPDATE_ALIAS); + } + + + }, + new String[] {"RSA", "DSA"}, // List of acceptable key types. null for any + null, // issuer, null for any + "internal.example.com", // host name of server requesting the cert, null if unavailable + 443, // port of server requesting the cert, -1 if unavailable + null); // alias to preselect, null if unavailable + } catch (ActivityNotFoundException anf) { + Builder ab = new AlertDialog.Builder(getActivity()); + ab.setTitle(R.string.broken_image_cert_title); + ab.setMessage(R.string.broken_image_cert); + ab.setPositiveButton(android.R.string.ok, null); + ab.show(); + } } @Override @@ -282,7 +294,7 @@ public class Settings_Basic extends Fragment implements View.OnClickListener, On showCertDialog(); } } - + @Override public void onSaveInstanceState(Bundle outState) { super.onSaveInstanceState(outState); -- cgit v1.2.3