]> git.ipfire.org Git - thirdparty/strongswan.git/blob
projects / thirdparty / strongswan.git / blob
? search:


4e1e39e2dd4c19cdebbe9d7b2d50066bc03b2130
[thirdparty/strongswan.git] /
1 /*
2 * Copyright (C) 2014 Tobias Brunner
3 *
4 * Copyright (C) secunet Security Networks AG
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 package org.strongswan.android.ui;
18
19 import android.annotation.TargetApi;
20 import android.app.Dialog;
21 import android.content.ActivityNotFoundException;
22 import android.content.DialogInterface;
23 import android.content.Intent;
24 import android.net.Uri;
25 import android.os.Build;
26 import android.os.Bundle;
27 import android.widget.Toast;
28
29 import org.strongswan.android.R;
30 import org.strongswan.android.data.VpnProfileDataSource;
31 import org.strongswan.android.logic.TrustedCertificateManager;
32
33 import java.io.FileNotFoundException;
34 import java.io.InputStream;
35 import java.security.KeyStore;
36 import java.security.cert.CertificateException;
37 import java.security.cert.CertificateFactory;
38 import java.security.cert.X509Certificate;
39
40 import androidx.activity.result.ActivityResultLauncher;
41 import androidx.activity.result.contract.ActivityResultContracts;
42 import androidx.appcompat.app.AlertDialog;
43 import androidx.appcompat.app.AppCompatActivity;
44 import androidx.appcompat.app.AppCompatDialogFragment;
45 import androidx.fragment.app.FragmentTransaction;
46
47 public class TrustedCertificateImportActivity extends AppCompatActivity
48 {
49 private static final String DIALOG_TAG = "Dialog";
50 private Uri mCertificateUri;
51
52 private final ActivityResultLauncher<Intent> mOpenDocument = registerForActivityResult(
53 new ActivityResultContracts.StartActivityForResult(),
54 result -> {
55 if (result.getResultCode() == RESULT_OK && result.getData() != null)
56 {
57 mCertificateUri = result.getData().getData();
58 return;
59 }
60 finish();
61 }
62 );
63
64 @TargetApi(Build.VERSION_CODES.KITKAT)
65 @Override
66 public void onCreate(Bundle savedInstanceState)
67 {
68 super.onCreate(savedInstanceState);
69
70 if (savedInstanceState != null)
71 { /* do nothing when we are restoring */
72 return;
73 }
74
75 Intent intent = getIntent();
76 String action = intent.getAction();
77 if (Intent.ACTION_VIEW.equals(action))
78 {
79 importCertificate(intent.getData());
80 }
81 else
82 {
83 Intent openIntent = new Intent(Intent.ACTION_OPEN_DOCUMENT);
84 openIntent.setType("*/*");
85 try
86 {
87 mOpenDocument.launch(openIntent);
88 }
89 catch (ActivityNotFoundException e)
90 { /* some devices are unable to browse for files */
91 finish();
92 }
93 }
94 }
95
96 @Override
97 protected void onPostResume()
98 {
99 super.onPostResume();
100 if (mCertificateUri != null)
101 {
102 importCertificate(mCertificateUri);
103 mCertificateUri = null;
104 }
105 }
106
107 /**
108 * Import the file pointed to by the given URI as a certificate.
109 *
110 * @param uri
111 */
112 private void importCertificate(Uri uri)
113 {
114 X509Certificate certificate = parseCertificate(uri);
115 if (certificate == null)
116 {
117 Toast.makeText(this, R.string.cert_import_failed, Toast.LENGTH_LONG).show();
118 finish();
119 return;
120 }
121 /* Ask the user whether to import the certificate. This is particularly
122 * necessary because the import activity can be triggered by any app on
123 * the system. Also, if our app is the only one that is registered to
124 * open certificate files by MIME type the user would have no idea really
125 * where the file was imported just by reading the Toast we display. */
126 ConfirmImportDialog dialog = new ConfirmImportDialog();
127 Bundle args = new Bundle();
128 args.putSerializable(VpnProfileDataSource.KEY_CERTIFICATE, certificate);
129 dialog.setArguments(args);
130 FragmentTransaction ft = getSupportFragmentManager().beginTransaction();
131 ft.add(dialog, DIALOG_TAG);
132 ft.commit();
133 }
134
135 /**
136 * Load the file from the given URI and try to parse it as X.509 certificate.
137 *
138 * @param uri
139 * @return certificate or null
140 */
141 private X509Certificate parseCertificate(Uri uri)
142 {
143 X509Certificate certificate = null;
144 try
145 {
146 CertificateFactory factory = CertificateFactory.getInstance("X.509");
147 InputStream in = getContentResolver().openInputStream(uri);
148 certificate = (X509Certificate)factory.generateCertificate(in);
149 /* we don't check whether it's actually a CA certificate or not */
150 }
151 catch (CertificateException e)
152 {
153 e.printStackTrace();
154 }
155 catch (FileNotFoundException e)
156 {
157 e.printStackTrace();
158 }
159 return certificate;
160 }
161
162
163 /**
164 * Try to store the given certificate in the KeyStore.
165 *
166 * @param certificate
167 * @return whether it was successfully stored
168 */
169 private boolean storeCertificate(X509Certificate certificate)
170 {
171 try
172 {
173 KeyStore store = KeyStore.getInstance("LocalCertificateStore");
174 store.load(null, null);
175 store.setCertificateEntry(null, certificate);
176 TrustedCertificateManager.getInstance().reset();
177 return true;
178 }
179 catch (Exception e)
180 {
181 e.printStackTrace();
182 return false;
183 }
184 }
185
186 /**
187 * Class that displays a confirmation dialog when a certificate should get
188 * imported. If the user confirms the import we try to store it.
189 */
190 public static class ConfirmImportDialog extends AppCompatDialogFragment
191 {
192 @Override
193 public Dialog onCreateDialog(Bundle savedInstanceState)
194 {
195 final X509Certificate certificate;
196
197 certificate = (X509Certificate)getArguments().getSerializable(VpnProfileDataSource.KEY_CERTIFICATE);
198
199 return new AlertDialog.Builder(getActivity())
200 .setIcon(R.mipmap.ic_app)
201 .setTitle(R.string.import_certificate)
202 .setMessage(certificate.getSubjectDN().toString())
203 .setPositiveButton(R.string.import_certificate, new DialogInterface.OnClickListener()
204 {
205 @Override
206 public void onClick(DialogInterface dialog, int whichButton)
207 {
208 TrustedCertificateImportActivity activity = (TrustedCertificateImportActivity)getActivity();
209 if (activity.storeCertificate(certificate))
210 {
211 Toast.makeText(getActivity(), R.string.cert_imported_successfully, Toast.LENGTH_LONG).show();
212 getActivity().setResult(RESULT_OK);
213 }
214 else
215 {
216 Toast.makeText(getActivity(), R.string.cert_import_failed, Toast.LENGTH_LONG).show();
217 }
218 getActivity().finish();
219 }
220 })
221 .setNegativeButton(android.R.string.cancel, new DialogInterface.OnClickListener()
222 {
223 @Override
224 public void onClick(DialogInterface dialog, int which)
225 {
226 getActivity().finish();
227 }
228 }).create();
229 }
230
231 @Override
232 public void onCancel(DialogInterface dialog)
233 {
234 getActivity().finish();
235 }
236 }
237 }
Unnamed repository; edit this file 'description' to name the repository.