From 13e05504181d87958af95365876a53e5015fafde Mon Sep 17 00:00:00 2001
From: Arne Schwabe <arne@rfc2549.org>
Date: Sun, 17 Jun 2012 17:48:52 +0200
Subject: - Fix last commit - Implement reading extra CA cert from file to fix
 keystore error on some mobile phones

---
 res/layout/basic_settings.xml             |  6 ++++++
 res/layout/file_dialog_main.xml           |  2 +-
 res/layout/keystore_selector.xml          |  2 +-
 res/values-de/strings.xml                 |  6 +++++-
 res/values/strings.xml                    |  8 +++++---
 src/de/blinkt/openvpn/LaunchVPN.java      |  2 +-
 src/de/blinkt/openvpn/OpenVPN.java        | 11 +++++++++++
 src/de/blinkt/openvpn/Settings_Basic.java |  6 +++++-
 src/de/blinkt/openvpn/VpnProfile.java     | 30 +++++++++++++++++++++++++++++-
 9 files changed, 64 insertions(+), 9 deletions(-)

diff --git a/res/layout/basic_settings.xml b/res/layout/basic_settings.xml
index d47ba207..409936e1 100644
--- a/res/layout/basic_settings.xml
+++ b/res/layout/basic_settings.xml
@@ -106,6 +106,12 @@
             android:visibility="gone" >
 
             <include layout="@layout/keystore_selector" />
+
+            <TextView
+                style="@style/item"
+                android:singleLine="false"
+                android:text="@string/extracahint"
+                android:textAppearance="?android:attr/textAppearanceSmall" />
         </LinearLayout>
 
         <LinearLayout
diff --git a/res/layout/file_dialog_main.xml b/res/layout/file_dialog_main.xml
index 2f88ffb7..68af9b18 100644
--- a/res/layout/file_dialog_main.xml
+++ b/res/layout/file_dialog_main.xml
@@ -23,7 +23,7 @@
             android:id="@+id/fdButtonSelect"
             android:layout_width="wrap_content"
             android:layout_height="wrap_content"
-            android:text="@string/select" >
+            android:text="@string/select_file" >
         </Button>
     </LinearLayout>
 
diff --git a/res/layout/keystore_selector.xml b/res/layout/keystore_selector.xml
index 21945104..211e977b 100644
--- a/res/layout/keystore_selector.xml
+++ b/res/layout/keystore_selector.xml
@@ -28,7 +28,7 @@
         android:layout_width="wrap_content"
         android:layout_height="wrap_content"
         android:layout_alignParentRight="true"
-        android:text="@string/select_certificate" />
+        android:text="@string/select" />
 
     <TextView
         android:id="@+id/title"
diff --git a/res/values-de/strings.xml b/res/values-de/strings.xml
index be0a518d..aebfe351 100644
--- a/res/values-de/strings.xml
+++ b/res/values-de/strings.xml
@@ -14,7 +14,7 @@
     <string name="client_certificate_title">Clientzertifikat</string>
     <string name="client_key_title">Clientzertifikatsschlüssel</string>
     <string name="ca_title">CA Zertifikat</string>
-    <string name="select_certificate">Auswählen</string>
+    <string name="select_file">Auswählen</string>
     <string name="no_certificate">Nichts ausgewählt</string>
     <string name="about">Über</string>
     <string name="vpn_type">Typ</string>
@@ -171,5 +171,9 @@
     <string name="building_configration">Generiere OpenVPN Konfigration…</string>
     <string name="netchange_summary">Aktivieren dieser Option zwingt OpenVPN dazu beim Wechsel des Netzwerkes (WLAN zu Mobilfunk und umgekehrt) neu zu verbinden.</string>
     <string name="netchange">Netzwerkänderungen beachten</string>
+    <string name="netstatus">Netzwerkstatus: %s</string>
+    <string name="keychain_nocacert">Beim Abfragen des Android KeyStore wurde kein CA Zertifikat zurückgegeben. Überprüfen des Serverzertifikat wird warscheinlich fehlschlagen. Geben Sie manuell ein CA Zertifikat an.</string>
+    <string name="cert_from_keystore">Zertifikat (KeyStore): \'%s\' </string>
+    <string name="extracahint">Das CA Zertifikat wird meist aus dem Zertifikatsspeicher automatisch ausgewählt. Sollte dies nicht funktionieren und Sie Verifizierungsprobleme erhalten(self signed certificate), wählen Sie manuell ein Zertifikat aus.</string>
 
 </resources>
\ No newline at end of file
diff --git a/res/values/strings.xml b/res/values/strings.xml
index 08bb0a27..f7c9817f 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -24,7 +24,6 @@
     <string name="defaultport" translatable="false">1194</string>
     <string name="location">Location</string>
     <string name="cant_read_folder">folder can\'t be read!</string>
-    <string name="select">Select</string>
     <string name="cancel">Cancel</string>
     <string name="no_data">No Data</string>
     <string name="useLZO">LZO Compression</string>
@@ -33,7 +32,6 @@
     <string name="client_key_title">Client Certificate Key</string>
     <string name="client_pkcs12_title">PKCS12 File</string>
     <string name="ca_title">CA Certificate</string>
-    <string name="select_certificate">Select</string>
     <string name="no_certificate">Nothing selected</string>
     <string name="opevpn_copyright" translatable="false">Copyright © 2002–2010 OpenVPN Technologies, Inc. &lt;sales@openvpn.net>\n
 
@@ -57,6 +55,7 @@
     <string name="vpn_list_title">All your precious VPNs</string>
     <string name="vpn_type">Type</string>
     <string name="pkcs12pwquery">PKCS12 Password</string>
+    <string name="select">Select…</string>
     <string name="file_select">Select…</string>
     <string name="file_nothing_selected">Nothing Selected</string>
     <string name="useTLSAuth">Use TLS Authentication</string>
@@ -209,7 +208,10 @@
     <string name="building_configration">Building configration…</string>
     <string name="netchange_summary">Turning this option on will force a reconnet if the network state is change (WIFI to/from mobile)</string>
     <string name="netchange">Reconnect on Network change</string>
-    <string name="keychain_nocacert">No CA Certificate returned while reading from Android keystore. Auhtentication will probably fail.</string>
     <string name="cert_from_keystore">Got certificate \'%s\' from Keystore</string>
     <string name="netstatus">Network Status: %s</string>
+    <string name="extracahint">The CA cert is usually returned from the Android Keystore. Specify a seperate certificate if you get certificate verification errors.</string>
+    <string name="select_file">Select</string>
+        <string name="keychain_nocacert">No CA Certificate returned while reading from Android keystore. Auhtentication will probably fail.</string>
+    
 </resources>
diff --git a/src/de/blinkt/openvpn/LaunchVPN.java b/src/de/blinkt/openvpn/LaunchVPN.java
index b4151c24..e76057d7 100644
--- a/src/de/blinkt/openvpn/LaunchVPN.java
+++ b/src/de/blinkt/openvpn/LaunchVPN.java
@@ -105,7 +105,7 @@ public class LaunchVPN extends ListActivity implements OnItemClickListener {
 		if(Intent.ACTION_MAIN.equals(action)) {
 			// we got called to be the starting point, most likely a shortcut
 			String shortcutUUID = intent.getStringExtra( EXTRA_KEY);
-			String shortcutName = intent.getStringExtra( EXTRA_KEY);
+			String shortcutName = intent.getStringExtra( EXTRA_NAME);
 
 			VpnProfile profileToConnect = ProfileManager.get(shortcutUUID);
 			if(shortcutName != null && profileToConnect ==null)
diff --git a/src/de/blinkt/openvpn/OpenVPN.java b/src/de/blinkt/openvpn/OpenVPN.java
index 39533db3..b09eb60e 100644
--- a/src/de/blinkt/openvpn/OpenVPN.java
+++ b/src/de/blinkt/openvpn/OpenVPN.java
@@ -35,6 +35,12 @@ public class OpenVPN {
 			mMessage = message;
 		}
 
+		public LogItem(int loglevel, String msg) {
+			mLevel = loglevel;
+			mMessage = msg;
+		}
+
+
 		String getString(Context c) {
 			if(mMessage !=null) {
 				return mMessage;
@@ -144,6 +150,11 @@ public class OpenVPN {
 		}
 	}
 
+	public static void logError(String msg) {
+		newlogItem(new LogItem(LogItem.ERROR, msg));
+		
+	}
+
 	
 	
 }
diff --git a/src/de/blinkt/openvpn/Settings_Basic.java b/src/de/blinkt/openvpn/Settings_Basic.java
index bafee229..1b82b579 100644
--- a/src/de/blinkt/openvpn/Settings_Basic.java
+++ b/src/de/blinkt/openvpn/Settings_Basic.java
@@ -200,7 +200,7 @@ public class Settings_Basic extends Fragment implements View.OnClickListener, On
 		mView.findViewById(R.id.userpassword).setVisibility(View.GONE);
 		mView.findViewById(R.id.key_password_layout).setVisibility(View.GONE);
 
-		// Fallthroughs are by desing
+		// Fall through are by design
 		switch(type) {
 		case VpnProfile.TYPE_USERPASS_CERTIFICATES:
 			mView.findViewById(R.id.userpassword).setVisibility(View.VISIBLE);
@@ -210,18 +210,22 @@ public class Settings_Basic extends Fragment implements View.OnClickListener, On
 			if(mProfile.requireTLSKeyPassword())
 				mView.findViewById(R.id.key_password_layout).setVisibility(View.VISIBLE);
 			break;
+			
 		case VpnProfile.TYPE_USERPASS_PKCS12:
 			mView.findViewById(R.id.userpassword).setVisibility(View.VISIBLE);
 		case VpnProfile.TYPE_PKCS12:
 			mView.findViewById(R.id.pkcs12).setVisibility(View.VISIBLE);
 			break;
+			
 		case VpnProfile.TYPE_STATICKEYS:
 			mView.findViewById(R.id.statickeys).setVisibility(View.VISIBLE);
 			break;
+
 		case VpnProfile.TYPE_USERPASS_KEYSTORE:
 			mView.findViewById(R.id.userpassword).setVisibility(View.VISIBLE);
 		case VpnProfile.TYPE_KEYSTORE:
 			mView.findViewById(R.id.keystore).setVisibility(View.VISIBLE);
+			mView.findViewById(R.id.cacert).setVisibility(View.VISIBLE);
 			break;
 
 		case VpnProfile.TYPE_USERPASS:
diff --git a/src/de/blinkt/openvpn/VpnProfile.java b/src/de/blinkt/openvpn/VpnProfile.java
index e9cb994a..7ca75723 100644
--- a/src/de/blinkt/openvpn/VpnProfile.java
+++ b/src/de/blinkt/openvpn/VpnProfile.java
@@ -1,17 +1,22 @@
 package de.blinkt.openvpn;
 
+import java.io.ByteArrayInputStream;
 import java.io.File;
+import java.io.FileInputStream;
 import java.io.FileNotFoundException;
 import java.io.FileOutputStream;
 import java.io.FileReader;
 import java.io.FileWriter;
 import java.io.IOException;
+import java.io.InputStream;
 import java.io.Serializable;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.PrivateKey;
+import java.security.cert.Certificate;
 import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import java.util.Collection;
 import java.util.Random;
@@ -474,7 +479,7 @@ public class VpnProfile implements  Serializable{
 		try {
 			privateKey = KeyChain.getPrivateKey(context,mAlias);
 			cachain = KeyChain.getCertificateChain(context, mAlias);
-			if(cachain.length <= 1)
+			if(cachain.length <= 1 && !nonNull(mCaFilename))
 				OpenVPN.logMessage(0, "", context.getString(R.string.keychain_nocacert));
 
 			
@@ -484,6 +489,15 @@ public class VpnProfile implements  Serializable{
 			
 			KeyStore ks = KeyStore.getInstance("PKCS12");
 			ks.load(null, null);
+			if(nonNull(mCaFilename)) {
+				try {
+				Certificate cacert = getCacertFromFile();
+				
+				ks.setCertificateEntry("cacert", cacert);
+				} catch (Exception e) {
+					OpenVPN.logError("Could not read CA certificate" + e.getLocalizedMessage());
+				}
+			}
 			ks.setKeyEntry("usercert", privateKey, null, cachain);
 			String mypw = getTemporaryPKCS12Password();
 			FileOutputStream fout = new FileOutputStream(context.getCacheDir().getAbsolutePath() + "/" + VpnProfile.OVPNCONFIGPKCS12);
@@ -507,6 +521,20 @@ public class VpnProfile implements  Serializable{
 		}
 
 	}
+	private Certificate getCacertFromFile() throws FileNotFoundException, CertificateException {
+		 CertificateFactory certFact = CertificateFactory.getInstance("X.509");
+		 
+		 InputStream inStream;
+		
+		 if(mCaFilename.startsWith(INLINE_TAG))
+			 inStream = new ByteArrayInputStream(mCaFilename.replace(INLINE_TAG,"").getBytes());
+		else 
+			inStream = new FileInputStream(mCaFilename);
+		 
+		 return certFact.generateCertificate(inStream);
+	}
+
+
 	//! Return an error if somethign is wrong
 	int checkProfile() {
 		if((mAuthenticationType==TYPE_KEYSTORE || mAuthenticationType==TYPE_USERPASS_KEYSTORE) && mAlias==null) 
-- 
cgit v1.2.3