1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
|
/*
* Copyright (c) 2012-2018 Arne Schwabe
* Distributed under the GNU GPL v2 with additional terms. For full terms see the file doc/LICENSE.txt
*/
package de.blinkt.openvpn.fragments;
import android.annotation.TargetApi;
import android.app.AlertDialog;
import android.content.ActivityNotFoundException;
import android.os.Build;
import android.os.Handler;
import android.os.Message;
import android.security.KeyChain;
import android.security.KeyChainException;
import android.view.View;
import android.widget.TextView;
import de.blinkt.openvpn.R;
import de.blinkt.openvpn.VpnProfile;
import de.blinkt.openvpn.core.ProfileManager;
import de.blinkt.openvpn.core.X509Utils;
import java.security.cert.X509Certificate;
abstract class KeyChainSettingsFragment extends Settings_Fragment implements View.OnClickListener, Handler.Callback {
private static final int UPDATE_ALIAS = 20;
private TextView mAliasCertificate;
private TextView mAliasName;
private Handler mHandler;
private void setAlias() {
if(mProfile.mAlias == null) {
mAliasName.setText(R.string.client_no_certificate);
mAliasCertificate.setText("");
} else {
mAliasCertificate.setText("Loading certificate from Keystore...");
mAliasName.setText(mProfile.mAlias);
setKeystoreCertficate();
}
}
protected void setKeystoreCertficate()
{
new Thread() {
public void run() {
String certstr="";
try {
X509Certificate cert = KeyChain.getCertificateChain(getActivity().getApplicationContext(), mProfile.mAlias)[0];
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR2) {
{
if (isInHardwareKeystore())
certstr+=getString(R.string.hwkeychain);
}
}
certstr+= X509Utils.getCertificateValidityString(cert, getResources());
certstr+=X509Utils.getCertificateFriendlyName(cert);
} catch (Exception e) {
certstr="Could not get certificate from Keystore: " +e.getLocalizedMessage();
}
final String certStringCopy=certstr;
getActivity().runOnUiThread(new Runnable() {
@Override
public void run() {
mAliasCertificate.setText(certStringCopy);
}
});
}
}.start();
}
@TargetApi(Build.VERSION_CODES.JELLY_BEAN_MR2)
private boolean isInHardwareKeystore() throws KeyChainException, InterruptedException {
String algorithm = KeyChain.getPrivateKey(getActivity().getApplicationContext(), mProfile.mAlias).getAlgorithm();
return KeyChain.isBoundKeyAlgorithm(algorithm);
}
protected void initKeychainViews(View v) {
v.findViewById(R.id.select_keystore_button).setOnClickListener(this);
mAliasCertificate = v.findViewById(R.id.alias_certificate);
mAliasName = v.findViewById(R.id.aliasname);
if (mHandler == null) {
mHandler = new Handler(this);
}
}
@Override
public void onClick(View v) {
if (v == v.findViewById(R.id.select_keystore_button)) {
showCertDialog();
}
}
@Override
protected void savePreferences() {
}
@Override
public void onStart() {
super.onStart();
loadPreferences();
}
@SuppressWarnings("WrongConstant")
public void showCertDialog () {
try {
KeyChain.choosePrivateKeyAlias(getActivity(),
alias -> {
// Credential alias selected. Remember the alias selection for future use.
mProfile.mAlias=alias;
mHandler.sendEmptyMessage(UPDATE_ALIAS);
},
new String[] {"RSA"}, // List of acceptable key types. null for any
null, // issuer, null for any
mProfile.mServerName, // host name of server requesting the cert, null if unavailable
-1, // port of server requesting the cert, -1 if unavailable
mProfile.mAlias); // alias to preselect, null if unavailable
} catch (ActivityNotFoundException anf) {
AlertDialog.Builder ab = new AlertDialog.Builder(getActivity());
ab.setTitle(R.string.broken_image_cert_title);
ab.setMessage(R.string.broken_image_cert);
ab.setPositiveButton(android.R.string.ok, null);
ab.show();
}
}
protected void loadPreferences()
{
setAlias();
}
@Override
public boolean handleMessage(Message msg) {
setAlias();
return true;
}
}
|