diff options
3 files changed, 36 insertions, 43 deletions
diff --git a/src/frontends/android/jni/libandroidbridge/backend/android_creds.c b/src/frontends/android/jni/libandroidbridge/backend/android_creds.c index 931f22316..e0f6e8e6f 100644 --- a/src/frontends/android/jni/libandroidbridge/backend/android_creds.c +++ b/src/frontends/android/jni/libandroidbridge/backend/android_creds.c @@ -143,7 +143,6 @@ METHOD(android_creds_t, load_user_certificate, certificate_t*, { linked_list_t *encodings; certificate_t *cert = NULL, *ca_cert; - private_key_t *key = NULL; chunk_t *current; encodings = charonservice->get_user_certificate(charonservice); @@ -154,31 +153,21 @@ METHOD(android_creds_t, load_user_certificate, certificate_t*, while (encodings->remove_first(encodings, (void**)¤t) == SUCCESS) { - if (!key) - { /* the first element is the private key, we assume RSA */ - key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, - BUILD_BLOB_ASN1_DER, *current, BUILD_END); - if (key) - { - this->creds->add_key(this->creds, key); - free_encoding(current); - continue; - } - goto failed; - } if (!cert) - { /* the next element is the user certificate */ + { /* the first element is the user certificate */ cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, BUILD_BLOB_ASN1_DER, *current, BUILD_END); - if (cert) + if (!cert) { - DBG1(DBG_CFG, "loaded user certificate '%Y' and private key", - cert->get_subject(cert)); - cert = this->creds->add_cert_ref(this->creds, TRUE, cert); + DBG1(DBG_CFG, "failed to load user certificate"); free_encoding(current); - continue; + break; } - goto failed; + DBG1(DBG_CFG, "loaded user certificate '%Y' and private key", + cert->get_subject(cert)); + cert = this->creds->add_cert_ref(this->creds, TRUE, cert); + free_encoding(current); + continue; } /* the rest are CA certificates, we ignore failures */ ca_cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, @@ -191,14 +180,26 @@ METHOD(android_creds_t, load_user_certificate, certificate_t*, } free_encoding(current); } - encodings->destroy(encodings); - return cert; - -failed: - DBG1(DBG_CFG, "failed to load user certificate and private key"); - free_encoding(current); encodings->destroy_function(encodings, (void*)free_encoding); - return NULL; + + if (cert) + { + private_key_t *key; + + key = charonservice->get_user_key(charonservice, + cert->get_public_key(cert)); + if (key) + { + this->creds->add_key(this->creds, key); + } + else + { + DBG1(DBG_CFG, "failed to load private key"); + cert->destroy(cert); + cert = NULL; + } + } + return cert; } METHOD(credential_set_t, create_private_enumerator, enumerator_t*, diff --git a/src/frontends/android/jni/libandroidbridge/charonservice.h b/src/frontends/android/jni/libandroidbridge/charonservice.h index 367c76cd0..376f55014 100644 --- a/src/frontends/android/jni/libandroidbridge/charonservice.h +++ b/src/frontends/android/jni/libandroidbridge/charonservice.h @@ -86,12 +86,12 @@ struct charonservice_t { linked_list_t *(*get_trusted_certificates)(charonservice_t *this); /** - * Get the configured user certificate chain and private key via JNI + * Get the configured user certificate chain via JNI * - * The first item in the returned list is the private key, followed by the - * user certificate and any remaining elements of the certificate chain. + * The first item in the returned list is the user certificate followed + * by any remaining elements of the certificate chain. * - * @return list of DER encoded objects (as chunk_t*), + * @return list of DER encoded certificates (as chunk_t*), * NULL on failure */ linked_list_t *(*get_user_certificate)(charonservice_t *this); diff --git a/src/frontends/android/src/org/strongswan/android/logic/CharonVpnService.java b/src/frontends/android/src/org/strongswan/android/logic/CharonVpnService.java index 966fdb924..924781948 100644 --- a/src/frontends/android/src/org/strongswan/android/logic/CharonVpnService.java +++ b/src/frontends/android/src/org/strongswan/android/logic/CharonVpnService.java @@ -427,14 +427,13 @@ public class CharonVpnService extends VpnService implements Runnable } /** - * Function called via JNI to get a list containing the DER encoded private key - * and DER encoded certificates of the user selected certificate chain (beginning - * with the user certificate). + * Function called via JNI to get a list containing the DER encoded certificates + * of the user selected certificate chain (beginning with the user certificate). * * Since this method is called from a thread of charon's thread pool we are safe * to call methods on KeyChain directly. * - * @return list containing the private key and certificates (first element is the key) + * @return list containing the certificates (first element is the user certificate) * @throws InterruptedException * @throws KeyChainException * @throws CertificateEncodingException @@ -442,14 +441,7 @@ public class CharonVpnService extends VpnService implements Runnable private byte[][] getUserCertificate() throws KeyChainException, InterruptedException, CertificateEncodingException { ArrayList<byte[]> encodings = new ArrayList<byte[]>(); - String alias = mCurrentUserCertificateAlias; - PrivateKey key = KeyChain.getPrivateKey(getApplicationContext(), alias); - if (key == null) - { - return null; - } - encodings.add(key.getEncoded()); - X509Certificate[] chain = KeyChain.getCertificateChain(getApplicationContext(), alias); + X509Certificate[] chain = KeyChain.getCertificateChain(getApplicationContext(), mCurrentUserCertificateAlias); if (chain == null || chain.length == 0) { return null; |