From 3c160282b4a4d450810baa28f1a757bba82ce6bb Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Thu, 13 Apr 2023 13:40:57 +0200 Subject: [PATCH] Allow setting a certificate alias via restriction API. --- .../blinkt/openvpn/api/AppRestrictions.java | 37 ++++++++++++++++--- main/src/main/res/values/untranslatable.xml | 2 + main/src/main/res/xml/app_restrictions.xml | 6 +++ 3 files changed, 39 insertions(+), 6 deletions(-) diff --git a/main/src/main/java/de/blinkt/openvpn/api/AppRestrictions.java b/main/src/main/java/de/blinkt/openvpn/api/AppRestrictions.java index c06b01b3b..573dd0706 100644 --- a/main/src/main/java/de/blinkt/openvpn/api/AppRestrictions.java +++ b/main/src/main/java/de/blinkt/openvpn/api/AppRestrictions.java @@ -33,7 +33,6 @@ public class AppRestrictions { final static int CONFIG_VERSION = 1; static boolean alreadyChecked = false; private static AppRestrictions mInstance; - private RestrictionsManager mRestrictionsMgr; private BroadcastReceiver mRestrictionsReceiver; private AppRestrictions(Context c) { @@ -76,10 +75,10 @@ private String hashConfig(String config) { } private void applyRestrictions(Context c) { - mRestrictionsMgr = (RestrictionsManager) c.getSystemService(Context.RESTRICTIONS_SERVICE); - if (mRestrictionsMgr == null) + RestrictionsManager restrictionsMgr = (RestrictionsManager) c.getSystemService(Context.RESTRICTIONS_SERVICE); + if (restrictionsMgr == null) return; - Bundle restrictions = mRestrictionsMgr.getApplicationRestrictions(); + Bundle restrictions = restrictionsMgr.getApplicationRestrictions(); if (restrictions == null) return; @@ -116,6 +115,7 @@ private void applyRestrictions(Context c) { String uuid = p.getString("uuid"); String ovpn = p.getString("ovpn"); String name = p.getString("name"); + String certAlias = p.getString("certificate_alias"); if (uuid == null || ovpn == null || name == null) { VpnStatus.logError("App restriction profile misses uuid, ovpn or name key"); @@ -134,12 +134,15 @@ private void applyRestrictions(Context c) { if (vpnProfile != null) { // Profile exists, check if need to update it - if (ovpnHash.equals(vpnProfile.importedProfileHash)) + if (ovpnHash.equals(vpnProfile.importedProfileHash)) { + addCertificateAlias(vpnProfile, certAlias); + // not modified skip to next profile continue; - + } } addProfile(c, ovpn, uuid, name, vpnProfile); + addCertificateAlias(vpnProfile, certAlias); } Vector profilesToRemove = new Vector<>(); @@ -181,6 +184,28 @@ private void applyRestrictions(Context c) { } } + /** + * If certAlias is non-null will modify the profile type to use the keystore variant of + * the authentication method and will also set the keystore alias + */ + private void addCertificateAlias(VpnProfile vpnProfile, String certAlias) { + if (certAlias == null) + return; + + switch (vpnProfile.mAuthenticationType) + { + case VpnProfile.TYPE_PKCS12: + case VpnProfile.TYPE_CERTIFICATES: + vpnProfile.mAuthenticationType = VpnProfile.TYPE_KEYSTORE; + break; + case VpnProfile.TYPE_USERPASS_CERTIFICATES: + case VpnProfile.TYPE_USERPASS_PKCS12: + vpnProfile.mAuthenticationType = VpnProfile.TYPE_USERPASS_KEYSTORE; + break; + } + vpnProfile.mAlias = certAlias; + } + private String prepare(String config) { String newLine = System.getProperty("line.separator"); if (!config.contains(newLine) && !config.contains(" ")) { diff --git a/main/src/main/res/values/untranslatable.xml b/main/src/main/res/values/untranslatable.xml index cde0d8a5a..651af1d3f 100644 --- a/main/src/main/res/values/untranslatable.xml +++ b/main/src/main/res/values/untranslatable.xml @@ -73,6 +73,8 @@ Name List of VPN configurations VPN configuration + Certificate Alias + Alias of a certificate in the Android keystore to use. Leave empty to not use the certificate store. Version of the managed configuration schema (Currently always 1) UUID of the profile that should be selected as default profile in the app The app OpenVPN for Android does not communicate to any server other than the OpenVPN servers provided in configuration files. The author himself does not collect any data and no therefore also no data is saved. For the privacy policy for the OpenVPN server/VPN service you are using (or other services related to the project like GitHub), please refer to their respective privacy policy. diff --git a/main/src/main/res/xml/app_restrictions.xml b/main/src/main/res/xml/app_restrictions.xml index 167e48e81..0451fd250 100644 --- a/main/src/main/res/xml/app_restrictions.xml +++ b/main/src/main/res/xml/app_restrictions.xml @@ -44,6 +44,12 @@ android:description="@string/apprest_ovpn_desc" android:restrictionType="string"/> +