From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 9 Aug 2012 14:00:35 +0000 (+0200)
Subject: Load single certificates directly from the KeyStore if we cannot get the read lock
X-Git-Tag: 5.0.1~210^2~14
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=496e096e7ba420fc1c7feba43157691fdf030c85;p=thirdparty%2Fstrongswan.git

Load single certificates directly from the KeyStore if we cannot get the read lock

This helps when running in the emulator as loading the certificates
takes quite a while there.  This way a configured CA certificates is loaded
directly without having to wait for all certificates being cached.
---

diff --git a/src/frontends/android/src/org/strongswan/android/logic/TrustedCertificateManager.java b/src/frontends/android/src/org/strongswan/android/logic/TrustedCertificateManager.java
index 04a292a003..74868dc447 100644
--- a/src/frontends/android/src/org/strongswan/android/logic/TrustedCertificateManager.java
+++ b/src/frontends/android/src/org/strongswan/android/logic/TrustedCertificateManager.java
@@ -147,9 +147,32 @@ public class TrustedCertificateManager
 	 */
 	public X509Certificate getCACertificateFromAlias(String alias)
 	{
-		this.mLock.readLock().lock();
-		X509Certificate certificate = this.mCACerts.get(alias);
-		this.mLock.readLock().unlock();
+		X509Certificate certificate = null;
+
+		if (this.mLock.readLock().tryLock())
+		{
+			certificate = this.mCACerts.get(alias);
+			this.mLock.readLock().unlock();
+		}
+		else
+		{	/* if we cannot get the lock load it directly from the KeyStore,
+			 * should be fast for a single certificate */
+			try
+			{
+				KeyStore store = KeyStore.getInstance("AndroidCAStore");
+				store.load(null, null);
+				Certificate cert = store.getCertificate(alias);
+				if (cert != null && cert instanceof X509Certificate)
+				{
+					certificate = (X509Certificate)cert;
+				}
+			}
+			catch (Exception e)
+			{
+				e.printStackTrace();
+			}
+
+		}
 		return certificate;
 	}