From fb302d967cc0032288d7237aa30d115e1390600f Mon Sep 17 00:00:00 2001 From: Markus Pfeiffer Date: Tue, 21 Nov 2023 15:37:23 +0100 Subject: [PATCH] android: Add installer for managed trusted certificates This installs a configured CA or server certificate into the app's local key store. --- .../ManagedTrustedCertificateInstaller.java | 87 +++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 src/frontends/android/app/src/main/java/org/strongswan/android/logic/ManagedTrustedCertificateInstaller.java diff --git a/src/frontends/android/app/src/main/java/org/strongswan/android/logic/ManagedTrustedCertificateInstaller.java b/src/frontends/android/app/src/main/java/org/strongswan/android/logic/ManagedTrustedCertificateInstaller.java new file mode 100644 index 0000000000..ed774133f9 --- /dev/null +++ b/src/frontends/android/app/src/main/java/org/strongswan/android/logic/ManagedTrustedCertificateInstaller.java @@ -0,0 +1,87 @@ +/* + * Copyright (C) 2023 Relution GmbH + * + * Copyright (C) secunet Security Networks AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +package org.strongswan.android.logic; + +import android.content.Context; +import android.util.Log; + +import org.strongswan.android.data.ManagedTrustedCertificate; +import org.strongswan.android.utils.Certificates; + +import java.io.IOException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; + +import androidx.annotation.NonNull; + +public class ManagedTrustedCertificateInstaller +{ + private static final String TAG = ManagedTrustedCertificateInstaller.class.getSimpleName(); + + public ManagedTrustedCertificateInstaller(@NonNull final Context context) + { + } + + private boolean installTrustedCert(@NonNull ManagedTrustedCertificate trustedCertificate) + throws CertificateException, IOException, KeyStoreException, NoSuchAlgorithmException + { + Log.d(TAG, "Install trusted certificate " + trustedCertificate); + final X509Certificate certificate = Certificates.from(trustedCertificate.getData()); + + KeyStore store = KeyStore.getInstance("LocalCertificateStore"); + store.load(null, null); + store.setCertificateEntry(trustedCertificate.getAlias(), certificate); + return true; + } + + private void uninstallTrustedCert(@NonNull ManagedTrustedCertificate trustedCertificate) + throws CertificateException, IOException, NoSuchAlgorithmException, KeyStoreException + { + Log.d(TAG, "Remove trusted certificate " + trustedCertificate); + KeyStore store = KeyStore.getInstance("LocalCertificateStore"); + store.load(null, null); + store.deleteEntry(trustedCertificate.getAlias()); + } + + public synchronized boolean tryInstall(@NonNull ManagedTrustedCertificate trustedCertificate) + { + try + { + return installTrustedCert(trustedCertificate); + } + catch (final Exception e) + { + Log.e(TAG, "Could not install trusted certificate " + trustedCertificate, e); + return false; + } + } + + public synchronized void tryRemove(@NonNull ManagedTrustedCertificate trustedCertificate) + { + try + { + uninstallTrustedCert(trustedCertificate); + } + catch (final Exception e) + { + Log.e(TAG, "Could not remove trusted certificate " + trustedCertificate, e); + } + } +}