android: Add helper function to TrustedCertificateEntry to get subjectAltNames
[strongswan.git] / src / frontends / android / app / src / main / java / org / strongswan / android / security / TrustedCertificateEntry.java
1 /*
2 * Copyright (C) 2012-2016 Tobias Brunner
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 package org.strongswan.android.security;
17
18 import android.net.http.SslCertificate;
19
20 import java.security.cert.CertificateParsingException;
21 import java.security.cert.X509Certificate;
22 import java.util.ArrayList;
23 import java.util.Collection;
24 import java.util.Collections;
25 import java.util.List;
26
27 public class TrustedCertificateEntry implements Comparable<TrustedCertificateEntry>
28 {
29 private final X509Certificate mCert;
30 private final String mAlias;
31 private String mSubjectPrimary;
32 private String mSubjectSecondary = "";
33 private String mString;
34
35 /**
36 * Create an entry for certificate lists.
37 *
38 * @param alias alias of the certificate (as used in the KeyStore)
39 * @param cert certificate associated with that alias
40 */
41 public TrustedCertificateEntry(String alias, X509Certificate cert)
42 {
43 mCert = cert;
44 mAlias = alias;
45
46 SslCertificate ssl = new SslCertificate(mCert);
47 String o = ssl.getIssuedTo().getOName();
48 String ou = ssl.getIssuedTo().getUName();
49 String cn = ssl.getIssuedTo().getCName();
50 if (!o.isEmpty())
51 {
52 mSubjectPrimary = o;
53 if (!cn.isEmpty())
54 {
55 mSubjectSecondary = cn;
56 }
57 else if (!ou.isEmpty())
58 {
59 mSubjectSecondary = ou;
60 }
61 }
62 else if (!cn.isEmpty())
63 {
64 mSubjectPrimary = cn;
65 }
66 else
67 {
68 mSubjectPrimary = ssl.getIssuedTo().getDName();
69 }
70 }
71
72 /**
73 * The main subject of this certificate (O, CN or the complete DN, whatever
74 * is found first).
75 *
76 * @return the main subject
77 */
78 public String getSubjectPrimary()
79 {
80 return mSubjectPrimary;
81 }
82
83 /**
84 * Get the secondary subject of this certificate (either CN or OU if primary
85 * subject is O, empty otherwise)
86 *
87 * @return the secondary subject
88 */
89 public String getSubjectSecondary()
90 {
91 return mSubjectSecondary;
92 }
93
94 /**
95 * Get a sorted list of all rfc822Name, dnSName and iPAddress subjectAltNames
96 *
97 * @return sorted list of selected SANs
98 */
99 public List<String> getSubjectAltNames()
100 {
101 List<String> list = new ArrayList<>();
102 try
103 {
104 Collection<List<?>> sans = mCert.getSubjectAlternativeNames();
105 if (sans != null)
106 {
107 for (List<?> san : sans)
108 {
109 switch ((Integer)san.get(0))
110 {
111 case 1: /* rfc822Name */
112 case 2: /* dnSName */
113 case 7: /* iPAddress */
114 list.add((String)san.get(1));
115 break;
116 }
117 }
118 }
119 Collections.sort(list);
120 }
121 catch(CertificateParsingException ex)
122 {
123 ex.printStackTrace();
124 }
125 return list;
126 }
127
128 /**
129 * The alias associated with this certificate.
130 *
131 * @return KeyStore alias of this certificate
132 */
133 public String getAlias()
134 {
135 return mAlias;
136 }
137
138 /**
139 * The certificate.
140 *
141 * @return certificate
142 */
143 public X509Certificate getCertificate()
144 {
145 return mCert;
146 }
147
148 @Override
149 public String toString()
150 { /* combination of both subject lines, used for filtering lists */
151 if (mString == null)
152 {
153 mString = mSubjectPrimary;
154 if (!mSubjectSecondary.isEmpty())
155 {
156 mString += ", " + mSubjectSecondary;
157 }
158 }
159 return mString;
160 }
161
162 @Override
163 public int compareTo(TrustedCertificateEntry another)
164 {
165 int diff = mSubjectPrimary.compareToIgnoreCase(another.mSubjectPrimary);
166 if (diff == 0)
167 {
168 diff = mSubjectSecondary.compareToIgnoreCase(another.mSubjectSecondary);
169 }
170 return diff;
171 }
172 }