From 496e096e7ba420fc1c7feba43157691fdf030c85 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 9 Aug 2012 16:00:35 +0200
Subject: [PATCH] Load single certificates directly from the KeyStore if we
 cannot get the read lock

This helps when running in the emulator as loading the certificates
takes quite a while there.  This way a configured CA certificates is loaded
directly without having to wait for all certificates being cached.
---
 .../logic/TrustedCertificateManager.java      | 29 +++++++++++++++++--
 1 file changed, 26 insertions(+), 3 deletions(-)

diff --git a/src/frontends/android/src/org/strongswan/android/logic/TrustedCertificateManager.java b/src/frontends/android/src/org/strongswan/android/logic/TrustedCertificateManager.java
index 04a292a003..74868dc447 100644
--- a/src/frontends/android/src/org/strongswan/android/logic/TrustedCertificateManager.java
+++ b/src/frontends/android/src/org/strongswan/android/logic/TrustedCertificateManager.java
@@ -147,9 +147,32 @@ public class TrustedCertificateManager
 	 */
 	public X509Certificate getCACertificateFromAlias(String alias)
 	{
-		this.mLock.readLock().lock();
-		X509Certificate certificate = this.mCACerts.get(alias);
-		this.mLock.readLock().unlock();
+		X509Certificate certificate = null;
+
+		if (this.mLock.readLock().tryLock())
+		{
+			certificate = this.mCACerts.get(alias);
+			this.mLock.readLock().unlock();
+		}
+		else
+		{	/* if we cannot get the lock load it directly from the KeyStore,
+			 * should be fast for a single certificate */
+			try
+			{
+				KeyStore store = KeyStore.getInstance("AndroidCAStore");
+				store.load(null, null);
+				Certificate cert = store.getCertificate(alias);
+				if (cert != null && cert instanceof X509Certificate)
+				{
+					certificate = (X509Certificate)cert;
+				}
+			}
+			catch (Exception e)
+			{
+				e.printStackTrace();
+			}
+
+		}
 		return certificate;
 	}
 
-- 
2.47.2