From: Markus Pfeiffer <markus.pfeiffer@relution.io>
Date: Tue, 21 Nov 2023 14:37:23 +0000 (+0100)
Subject: android: Add entities for CA/server and user certificates
X-Git-Tag: android-2.5.0^2~13
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9cbc03e84f80828068e6f2986eb8fc0a2662547f;p=thirdparty%2Fstrongswan.git

android: Add entities for CA/server and user certificates
---

diff --git a/src/frontends/android/app/src/main/java/org/strongswan/android/data/ManagedCertificate.java b/src/frontends/android/app/src/main/java/org/strongswan/android/data/ManagedCertificate.java
new file mode 100644
index 0000000000..df1b4eac12
--- /dev/null
+++ b/src/frontends/android/app/src/main/java/org/strongswan/android/data/ManagedCertificate.java
@@ -0,0 +1,97 @@
+/*
+ * Copyright (C) 2023 Relution GmbH
+ *
+ * Copyright (C) secunet Security Networks AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+package org.strongswan.android.data;
+
+import android.content.ContentValues;
+import android.database.Cursor;
+
+import androidx.annotation.NonNull;
+
+public abstract class ManagedCertificate
+{
+	public static final String KEY_ID = "_id";
+	public static final String KEY_VPN_PROFILE_UUID = "vpn_profile_uuid";
+	public static final String KEY_ALIAS = "alias";
+	public static final String KEY_DATA = "data";
+
+	long id = -1;
+
+	@NonNull
+	final String vpnProfileUuid;
+
+	@NonNull
+	String alias;
+
+	@NonNull
+	final String data;
+
+	ManagedCertificate(
+		@NonNull final String vpnProfileUuid,
+		@NonNull final String alias,
+		@NonNull final String data)
+	{
+		this.vpnProfileUuid = vpnProfileUuid;
+		this.alias = alias;
+		this.data = data;
+	}
+
+	ManagedCertificate(@NonNull final Cursor cursor)
+	{
+		id = cursor.getLong(cursor.getColumnIndexOrThrow(KEY_ID));
+		vpnProfileUuid = cursor.getString(cursor.getColumnIndexOrThrow(KEY_VPN_PROFILE_UUID));
+		alias = cursor.getString(cursor.getColumnIndexOrThrow(KEY_ALIAS));
+		data = cursor.getString(cursor.getColumnIndexOrThrow(KEY_DATA));
+	}
+
+	@NonNull
+	public ContentValues asContentValues()
+	{
+		final ContentValues values = new ContentValues();
+		values.put(KEY_VPN_PROFILE_UUID, vpnProfileUuid);
+		values.put(KEY_ALIAS, alias);
+		values.put(KEY_DATA, data);
+		return values;
+	}
+
+	public long getId()
+	{
+		return id;
+	}
+
+	public void setId(long id)
+	{
+		this.id = id;
+	}
+
+	@NonNull
+	public String getVpnProfileUuid()
+	{
+		return vpnProfileUuid;
+	}
+
+	@NonNull
+	public String getAlias()
+	{
+		return alias;
+	}
+
+	@NonNull
+	public String getData()
+	{
+		return data;
+	}
+}
diff --git a/src/frontends/android/app/src/main/java/org/strongswan/android/data/ManagedTrustedCertificate.java b/src/frontends/android/app/src/main/java/org/strongswan/android/data/ManagedTrustedCertificate.java
new file mode 100644
index 0000000000..8ccd4021dd
--- /dev/null
+++ b/src/frontends/android/app/src/main/java/org/strongswan/android/data/ManagedTrustedCertificate.java
@@ -0,0 +1,89 @@
+/*
+ * Copyright (C) 2023 Relution GmbH
+ *
+ * Copyright (C) secunet Security Networks AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+package org.strongswan.android.data;
+
+import android.database.Cursor;
+
+import org.strongswan.android.utils.Certificates;
+
+import java.security.KeyStore;
+import java.security.cert.X509Certificate;
+import java.util.Objects;
+
+import androidx.annotation.NonNull;
+
+public class ManagedTrustedCertificate extends ManagedCertificate
+{
+	public ManagedTrustedCertificate(
+		@NonNull final String vpnProfileUuid,
+		@NonNull final String data)
+	{
+		super(vpnProfileUuid, determineAlias(vpnProfileUuid, data), data);
+	}
+
+	public ManagedTrustedCertificate(@NonNull final Cursor cursor)
+	{
+		super(cursor);
+	}
+
+	private static String determineAlias(String vpnProfileUuid, String data)
+	{
+		/* fallback in case the certificate is invalid */
+		String certAlias = "trusted:" + vpnProfileUuid;
+		try
+		{
+			X509Certificate cert = Certificates.from(data);
+			KeyStore store = KeyStore.getInstance("LocalCertificateStore");
+			store.load(null, null);
+			certAlias = store.getCertificateAlias(cert);
+		}
+		catch (Exception e)
+		{
+			e.printStackTrace();
+		}
+		return certAlias;
+	}
+
+	@Override
+	public boolean equals(Object o)
+	{
+		if (this == o)
+		{
+			return true;
+		}
+		if (o == null || getClass() != o.getClass())
+		{
+			return false;
+		}
+		ManagedTrustedCertificate that = (ManagedTrustedCertificate)o;
+		return Objects.equals(vpnProfileUuid, that.vpnProfileUuid) &&
+			   Objects.equals(data, that.data);
+	}
+
+	@Override
+	public int hashCode()
+	{
+		return Objects.hash(vpnProfileUuid, data);
+	}
+
+	@NonNull
+	@Override
+	public String toString()
+	{
+		return "ManagedTrustedCertificate {" + vpnProfileUuid + ", " + alias + "}";
+	}
+}
diff --git a/src/frontends/android/app/src/main/java/org/strongswan/android/data/ManagedUserCertificate.java b/src/frontends/android/app/src/main/java/org/strongswan/android/data/ManagedUserCertificate.java
new file mode 100644
index 0000000000..cad28e884a
--- /dev/null
+++ b/src/frontends/android/app/src/main/java/org/strongswan/android/data/ManagedUserCertificate.java
@@ -0,0 +1,92 @@
+/*
+ * Copyright (C) 2023 Relution GmbH
+ *
+ * Copyright (C) secunet Security Networks AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+package org.strongswan.android.data;
+
+import android.content.ContentValues;
+import android.database.Cursor;
+
+import java.util.Objects;
+
+import androidx.annotation.NonNull;
+import androidx.annotation.Nullable;
+
+public class ManagedUserCertificate extends ManagedCertificate
+{
+	public static final String KEY_PASSWORD = "password";
+
+	private final String privateKeyPassword;
+
+	public ManagedUserCertificate(
+		@NonNull final String vpnProfileUuid,
+		@NonNull final String data,
+		@Nullable final String password)
+	{
+		super(vpnProfileUuid, "user:" + vpnProfileUuid, data);
+		privateKeyPassword = password;
+	}
+
+	public ManagedUserCertificate(@NonNull final Cursor cursor)
+	{
+		super(cursor);
+		privateKeyPassword = cursor.getString(cursor.getColumnIndexOrThrow(KEY_PASSWORD));
+	}
+
+	@NonNull
+	@Override
+	public ContentValues asContentValues()
+	{
+		final ContentValues values = super.asContentValues();
+		values.put(KEY_PASSWORD, privateKeyPassword);
+		return values;
+	}
+
+	@Nullable
+	public String getPrivateKeyPassword()
+	{
+		return privateKeyPassword;
+	}
+
+	@Override
+	public boolean equals(Object o)
+	{
+		if (this == o)
+		{
+			return true;
+		}
+		if (o == null || getClass() != o.getClass())
+		{
+			return false;
+		}
+		ManagedUserCertificate that = (ManagedUserCertificate)o;
+		return Objects.equals(vpnProfileUuid, that.vpnProfileUuid) &&
+			   Objects.equals(data, that.data) &&
+			   Objects.equals(privateKeyPassword, that.privateKeyPassword);
+	}
+
+	@Override
+	public int hashCode()
+	{
+		return Objects.hash(vpnProfileUuid, data);
+	}
+
+	@NonNull
+	@Override
+	public String toString()
+	{
+		return "ManagedUserCertificate {" + vpnProfileUuid + ", " + alias + "}";
+	}
+}