Added an Android specific credential set that provides CA certificates via JNI
[strongswan.git] / src / frontends / android / jni / libandroidbridge / charonservice.c
1 /*
2 * Copyright (C) 2012 Giuliano Grassi
3 * Copyright (C) 2012 Ralf Sager
4 * Copyright (C) 2012 Tobias Brunner
5 * Hochschule fuer Technik Rapperswil
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 */
17
18 #include <signal.h>
19 #include <string.h>
20 #include <android/log.h>
21
22 #include "charonservice.h"
23 #include "android_jni.h"
24 #include "backend/android_creds.h"
25 #include "kernel/android_ipsec.h"
26 #include "kernel/android_net.h"
27
28 #include <daemon.h>
29 #include <hydra.h>
30 #include <ipsec.h>
31 #include <library.h>
32 #include <threading/thread.h>
33
34 #define ANDROID_DEBUG_LEVEL 1
35
36 typedef struct private_charonservice_t private_charonservice_t;
37
38 /**
39 * private data of charonservice
40 */
41 struct private_charonservice_t {
42
43 /**
44 * public interface
45 */
46 charonservice_t public;
47
48 /**
49 * android_creds instance
50 */
51 android_creds_t *creds;
52
53 /**
54 * CharonVpnService reference
55 */
56 jobject vpn_service;
57 };
58
59 /**
60 * Single instance of charonservice_t.
61 */
62 charonservice_t *charonservice;
63
64 /**
65 * hook in library for debugging messages
66 */
67 extern void (*dbg)(debug_t group, level_t level, char *fmt, ...);
68
69 /**
70 * Logging hook for library logs, using android specific logging
71 */
72 static void dbg_android(debug_t group, level_t level, char *fmt, ...)
73 {
74 va_list args;
75
76 if (level <= ANDROID_DEBUG_LEVEL)
77 {
78 char sgroup[16], buffer[8192];
79 char *current = buffer, *next;
80
81 snprintf(sgroup, sizeof(sgroup), "%N", debug_names, group);
82 va_start(args, fmt);
83 vsnprintf(buffer, sizeof(buffer), fmt, args);
84 va_end(args);
85 while (current)
86 { /* log each line separately */
87 next = strchr(current, '\n');
88 if (next)
89 {
90 *(next++) = '\0';
91 }
92 __android_log_print(ANDROID_LOG_INFO, "charon", "00[%s] %s\n",
93 sgroup, current);
94 current = next;
95 }
96 }
97 }
98
99 METHOD(charonservice_t, update_status, bool,
100 private_charonservice_t *this, android_vpn_state_t code)
101 {
102 JNIEnv *env;
103 jmethodID method_id;
104 bool success = FALSE;
105
106 androidjni_attach_thread(&env);
107
108 method_id = (*env)->GetMethodID(env, android_charonvpnservice_class,
109 "updateStatus", "(I)V");
110 if (!method_id)
111 {
112 goto failed;
113 }
114 (*env)->CallVoidMethod(env, this->vpn_service, method_id, (jint)code);
115 success = !androidjni_exception_occurred(env);
116
117 failed:
118 androidjni_exception_occurred(env);
119 androidjni_detach_thread();
120 return success;
121 }
122
123 METHOD(charonservice_t, bypass_socket, bool,
124 private_charonservice_t *this, int fd, int family)
125 {
126 JNIEnv *env;
127 jmethodID method_id;
128
129 androidjni_attach_thread(&env);
130
131 method_id = (*env)->GetMethodID(env, android_charonvpnservice_class,
132 "protect", "(I)Z");
133 if (!method_id)
134 {
135 goto failed;
136 }
137 if (!(*env)->CallBooleanMethod(env, this->vpn_service, method_id, fd))
138 {
139 DBG1(DBG_CFG, "VpnService.protect() failed");
140 goto failed;
141 }
142 androidjni_detach_thread();
143 return TRUE;
144
145 failed:
146 androidjni_exception_occurred(env);
147 androidjni_detach_thread();
148 return FALSE;
149 }
150
151 METHOD(charonservice_t, get_trusted_certificates, linked_list_t*,
152 private_charonservice_t *this)
153 {
154 JNIEnv *env;
155 jmethodID method_id;
156 jobjectArray jcerts;
157 linked_list_t *list;
158 jsize i;
159
160 androidjni_attach_thread(&env);
161
162 method_id = (*env)->GetMethodID(env,
163 android_charonvpnservice_class,
164 "getTrustedCertificates", "(Ljava/lang/String;)[[B");
165 if (!method_id)
166 {
167 goto failed;
168 }
169 jcerts = (*env)->CallObjectMethod(env, this->vpn_service, method_id, NULL);
170 if (!jcerts)
171 {
172 goto failed;
173 }
174 list = linked_list_create();
175 for (i = 0; i < (*env)->GetArrayLength(env, jcerts); ++i)
176 {
177 chunk_t *ca_cert;
178 jbyteArray jcert;
179
180 ca_cert = malloc_thing(chunk_t);
181 list->insert_last(list, ca_cert);
182
183 jcert = (*env)->GetObjectArrayElement(env, jcerts, i);
184 *ca_cert = chunk_alloc((*env)->GetArrayLength(env, jcert));
185 (*env)->GetByteArrayRegion(env, jcert, 0, ca_cert->len, ca_cert->ptr);
186 (*env)->DeleteLocalRef(env, jcert);
187 }
188 (*env)->DeleteLocalRef(env, jcerts);
189 androidjni_detach_thread();
190 return list;
191
192 failed:
193 androidjni_exception_occurred(env);
194 androidjni_detach_thread();
195 return NULL;
196 }
197
198 /**
199 * Initialize/deinitialize Android backend
200 */
201 static bool charonservice_register(void *plugin, plugin_feature_t *feature,
202 bool reg, void *data)
203 {
204 private_charonservice_t *this = (private_charonservice_t*)charonservice;
205 if (reg)
206 {
207 lib->credmgr->add_set(lib->credmgr, &this->creds->set);
208 }
209 else
210 {
211 lib->credmgr->remove_set(lib->credmgr, &this->creds->set);
212 }
213 return TRUE;
214 }
215
216 /**
217 * Initialize the charonservice object
218 */
219 static void charonservice_init(JNIEnv *env, jobject service)
220 {
221 private_charonservice_t *this;
222 static plugin_feature_t features[] = {
223 PLUGIN_CALLBACK(kernel_net_register, kernel_android_net_create),
224 PLUGIN_PROVIDE(CUSTOM, "kernel-net"),
225 PLUGIN_CALLBACK(kernel_ipsec_register, kernel_android_ipsec_create),
226 PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"),
227 PLUGIN_CALLBACK((plugin_feature_callback_t)charonservice_register, NULL),
228 PLUGIN_PROVIDE(CUSTOM, "Android backend"),
229 PLUGIN_DEPENDS(CUSTOM, "libcharon"),
230 };
231
232 INIT(this,
233 .public = {
234 .update_status = _update_status,
235 .bypass_socket = _bypass_socket,
236 .get_trusted_certificates = _get_trusted_certificates,
237 },
238 .creds = android_creds_create(),
239 .vpn_service = (*env)->NewGlobalRef(env, service),
240 );
241 charonservice = &this->public;
242
243 lib->plugins->add_static_features(lib->plugins, "androidbridge", features,
244 countof(features), TRUE);
245
246 lib->settings->set_int(lib->settings,
247 "charon.plugins.android_log.loglevel", ANDROID_DEBUG_LEVEL);
248 }
249
250 /**
251 * Deinitialize the charonservice object
252 */
253 static void charonservice_deinit(JNIEnv *env)
254 {
255 private_charonservice_t *this = (private_charonservice_t*)charonservice;
256
257 this->creds->destroy(this->creds);
258 (*env)->DeleteGlobalRef(env, this->vpn_service);
259 free(this);
260 charonservice = NULL;
261 }
262
263 /**
264 * Handle SIGSEGV/SIGILL signals raised by threads
265 */
266 static void segv_handler(int signal)
267 {
268 dbg_android(DBG_DMN, 1, "thread %u received %d", thread_current_id(),
269 signal);
270 exit(1);
271 }
272
273 /**
274 * Initialize charon and the libraries via JNI
275 */
276 JNI_METHOD(CharonVpnService, initializeCharon, void)
277 {
278 struct sigaction action;
279
280 /* logging for library during initialization, as we have no bus yet */
281 dbg = dbg_android;
282
283 /* initialize library */
284 if (!library_init(NULL))
285 {
286 library_deinit();
287 return;
288 }
289
290 if (!libhydra_init("charon"))
291 {
292 libhydra_deinit();
293 library_deinit();
294 return;
295 }
296
297 if (!libipsec_init())
298 {
299 libipsec_deinit();
300 libhydra_deinit();
301 library_deinit();
302 return;
303 }
304
305 charonservice_init(env, this);
306
307 if (!libcharon_init("charon") ||
308 !charon->initialize(charon, PLUGINS))
309 {
310 libcharon_deinit();
311 charonservice_deinit(env);
312 libipsec_deinit();
313 libhydra_deinit();
314 library_deinit();
315 return;
316 }
317
318 /* add handler for SEGV and ILL etc. */
319 action.sa_handler = segv_handler;
320 action.sa_flags = 0;
321 sigemptyset(&action.sa_mask);
322 sigaction(SIGSEGV, &action, NULL);
323 sigaction(SIGILL, &action, NULL);
324 sigaction(SIGBUS, &action, NULL);
325 action.sa_handler = SIG_IGN;
326 sigaction(SIGPIPE, &action, NULL);
327
328 /* start daemon (i.e. the threads in the thread-pool) */
329 charon->start(charon);
330 }
331
332 /**
333 * Deinitialize charon and all libraries
334 */
335 JNI_METHOD(CharonVpnService, deinitializeCharon, void)
336 {
337 libcharon_deinit();
338 charonservice_deinit(env);
339 libipsec_deinit();
340 libhydra_deinit();
341 library_deinit();
342 }
343