main/src/main/java/de/blinkt/openvpn/fragments/KeyChainSettingsFragment.java


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146

/*
 * Copyright (c) 2012-2018 Arne Schwabe
 * Distributed under the GNU GPL v2 with additional terms. For full terms see the file doc/LICENSE.txt
 */

package de.blinkt.openvpn.fragments;

import android.annotation.TargetApi;
import android.app.AlertDialog;
import android.content.ActivityNotFoundException;
import android.os.Build;
import android.os.Handler;
import android.os.Message;
import android.security.KeyChain;
import android.security.KeyChainException;
import android.view.View;
import android.widget.TextView;
import de.blinkt.openvpn.R;
import de.blinkt.openvpn.VpnProfile;
import de.blinkt.openvpn.core.ProfileManager;
import de.blinkt.openvpn.core.X509Utils;

import java.security.cert.X509Certificate;

abstract class KeyChainSettingsFragment extends Settings_Fragment implements View.OnClickListener, Handler.Callback {
    private static final int UPDATE_ALIAS = 20;


    private TextView mAliasCertificate;
    private TextView mAliasName;
    private Handler mHandler;


    private void setAlias() {
        if(mProfile.mAlias == null) {
            mAliasName.setText(R.string.client_no_certificate);
            mAliasCertificate.setText("");
        } else {
            mAliasCertificate.setText("Loading certificate from Keystore...");
            mAliasName.setText(mProfile.mAlias);
            setKeystoreCertficate();
        }
    }

    protected void setKeystoreCertficate()
    {
        new Thread() {
            public void run() {
                String certstr="";
                try {
                    X509Certificate cert = KeyChain.getCertificateChain(getActivity().getApplicationContext(), mProfile.mAlias)[0];

                    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR2) {
                        {
                            if (isInHardwareKeystore())
                                certstr+=getString(R.string.hwkeychain);
                        }
                    }
                    certstr+= X509Utils.getCertificateValidityString(cert, getResources());
                    certstr+=X509Utils.getCertificateFriendlyName(cert);

                } catch (Exception e) {
                    certstr="Could not get certificate from Keystore: " +e.getLocalizedMessage();
                }

                final String certStringCopy=certstr;
                getActivity().runOnUiThread(new Runnable() {

                    @Override
                    public void run() {
                        mAliasCertificate.setText(certStringCopy);
                    }
                });

            }
        }.start();
    }

    @TargetApi(Build.VERSION_CODES.JELLY_BEAN_MR2)
    private boolean isInHardwareKeystore() throws KeyChainException, InterruptedException {
        String algorithm = KeyChain.getPrivateKey(getActivity().getApplicationContext(), mProfile.mAlias).getAlgorithm();
        return KeyChain.isBoundKeyAlgorithm(algorithm);
    }

    protected void initKeychainViews(View v) {
        v.findViewById(R.id.select_keystore_button).setOnClickListener(this);
        mAliasCertificate = v.findViewById(R.id.alias_certificate);
        mAliasName = v.findViewById(R.id.aliasname);
        if (mHandler == null) {
            mHandler = new Handler(this);
        }
    }

    @Override
    public void onClick(View v) {
        if (v == v.findViewById(R.id.select_keystore_button)) {
            showCertDialog();
        }
    }

    @Override
    protected void savePreferences() {

    }

    @Override
    public void onStart() {
        super.onStart();
        loadPreferences();
    }

    @SuppressWarnings("WrongConstant")
    public void showCertDialog () {
        try	{
            KeyChain.choosePrivateKeyAlias(getActivity(),
                    alias -> {
                        // Credential alias selected.  Remember the alias selection for future use.
                        mProfile.mAlias=alias;
                        mHandler.sendEmptyMessage(UPDATE_ALIAS);
                    },
                    new String[] {"RSA"}, // List of acceptable key types. null for any
                    null,                        // issuer, null for any
                    mProfile.mServerName,      // host name of server requesting the cert, null if unavailable
                    -1,                         // port of server requesting the cert, -1 if unavailable
                    mProfile.mAlias);                       // alias to preselect, null if unavailable
        } catch (ActivityNotFoundException anf) {
            AlertDialog.Builder ab = new AlertDialog.Builder(getActivity());
            ab.setTitle(R.string.broken_image_cert_title);
            ab.setMessage(R.string.broken_image_cert);
            ab.setPositiveButton(android.R.string.ok, null);
            ab.show();
        }
    }

    protected void loadPreferences()
    {
        setAlias();
    }

    @Override
    public boolean handleMessage(Message msg) {
        setAlias();
        return true;
    }
}