From: Markus Pfeiffer Date: Tue, 21 Nov 2023 14:37:24 +0000 (+0100) Subject: android: Add manager for managed user certificates X-Git-Tag: android-2.5.0^2~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b0ba845e271e1f1d6bd5e016a3b23d402d7e2def;p=thirdparty%2Fstrongswan.git android: Add manager for managed user certificates This can be used to install, replace or delete currently installed user certificates based on the app's current managed configuration. --- diff --git a/src/frontends/android/app/src/main/java/org/strongswan/android/logic/ManagedUserCertificateManager.java b/src/frontends/android/app/src/main/java/org/strongswan/android/logic/ManagedUserCertificateManager.java new file mode 100644 index 0000000000..78424e2aa9 --- /dev/null +++ b/src/frontends/android/app/src/main/java/org/strongswan/android/logic/ManagedUserCertificateManager.java @@ -0,0 +1,97 @@ +/* + * Copyright (C) 2023 Relution GmbH + * + * Copyright (C) secunet Security Networks AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +package org.strongswan.android.logic; + +import android.app.admin.DevicePolicyManager; +import android.content.Context; +import android.util.Log; + +import org.strongswan.android.data.DatabaseHelper; +import org.strongswan.android.data.ManagedConfigurationService; +import org.strongswan.android.data.ManagedUserCertificate; +import org.strongswan.android.data.ManagedUserCertificateRepository; +import org.strongswan.android.utils.Difference; + +import java.util.List; + +import androidx.annotation.NonNull; +import androidx.core.util.Pair; + +public class ManagedUserCertificateManager +{ + private static final String TAG = ManagedUserCertificateManager.class.getSimpleName(); + + @NonNull + private final ManagedUserCertificateRepository certificateRepository; + @NonNull + private final ManagedUserCertificateInstaller certificateInstaller; + + public ManagedUserCertificateManager( + @NonNull final Context context, + @NonNull final ManagedConfigurationService managedConfigurationService, + @NonNull final DatabaseHelper databaseHelper) + { + final DevicePolicyManager devicePolicyManager = (DevicePolicyManager)context.getSystemService(Context.DEVICE_POLICY_SERVICE); + + this.certificateRepository = new ManagedUserCertificateRepository(managedConfigurationService, devicePolicyManager, databaseHelper); + this.certificateInstaller = new ManagedUserCertificateInstaller(context); + } + + public void update() + { + final List configured = certificateRepository.getConfiguredCertificates(); + final List installed = certificateRepository.getInstalledCertificates(); + + final Difference diff = Difference.between(installed, configured, ManagedUserCertificate::getVpnProfileUuid); + if (diff.isEmpty()) + { + Log.d(TAG, "No key pairs changed, nothing to do"); + return; + } + Log.d(TAG, "Key pairs changed " + diff); + + for (final ManagedUserCertificate delete : diff.getDeletes()) + { + remove(delete); + } + + for (final Pair update : diff.getUpdates()) + { + remove(update.first); + install(update.second); + } + + for (final ManagedUserCertificate insert : diff.getInserts()) + { + install(insert); + } + } + + private void install(@NonNull final ManagedUserCertificate userCertificate) + { + if (certificateInstaller.tryInstall(userCertificate)) + { + certificateRepository.addInstalledCertificate(userCertificate); + } + } + + private void remove(@NonNull final ManagedUserCertificate userCertificate) + { + certificateInstaller.tryRemove(userCertificate); + certificateRepository.removeInstalledCertificate(userCertificate); + } +}