android: Added JNI method to retrieve user certificate and private key
[strongswan.git] / src / frontends / android / jni / libandroidbridge / charonservice.c
1 /*
2 * Copyright (C) 2012 Giuliano Grassi
3 * Copyright (C) 2012 Ralf Sager
4 * Copyright (C) 2012 Tobias Brunner
5 * Hochschule fuer Technik Rapperswil
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 */
17
18 #include <signal.h>
19 #include <string.h>
20 #include <sys/utsname.h>
21 #include <android/log.h>
22 #include <errno.h>
23
24 #include "charonservice.h"
25 #include "android_jni.h"
26 #include "backend/android_attr.h"
27 #include "backend/android_creds.h"
28 #include "backend/android_service.h"
29 #include "kernel/android_ipsec.h"
30 #include "kernel/android_net.h"
31
32 #include <daemon.h>
33 #include <hydra.h>
34 #include <ipsec.h>
35 #include <library.h>
36 #include <threading/thread.h>
37
38 #define ANDROID_DEBUG_LEVEL 1
39 #define ANDROID_RETRASNMIT_TRIES 3
40 #define ANDROID_RETRANSMIT_TIMEOUT 3.0
41 #define ANDROID_RETRANSMIT_BASE 1.4
42
43 typedef struct private_charonservice_t private_charonservice_t;
44
45 /**
46 * private data of charonservice
47 */
48 struct private_charonservice_t {
49
50 /**
51 * public interface
52 */
53 charonservice_t public;
54
55 /**
56 * android_attr instance
57 */
58 android_attr_t *attr;
59
60 /**
61 * android_creds instance
62 */
63 android_creds_t *creds;
64
65 /**
66 * android_service instance
67 */
68 android_service_t *service;
69
70 /**
71 * VpnService builder (accessed via JNI)
72 */
73 vpnservice_builder_t *builder;
74
75 /**
76 * CharonVpnService reference
77 */
78 jobject vpn_service;
79 };
80
81 /**
82 * Single instance of charonservice_t.
83 */
84 charonservice_t *charonservice;
85
86 /**
87 * hook in library for debugging messages
88 */
89 extern void (*dbg)(debug_t group, level_t level, char *fmt, ...);
90
91 /**
92 * Logging hook for library logs, using android specific logging
93 */
94 static void dbg_android(debug_t group, level_t level, char *fmt, ...)
95 {
96 va_list args;
97
98 if (level <= ANDROID_DEBUG_LEVEL)
99 {
100 char sgroup[16], buffer[8192];
101 char *current = buffer, *next;
102
103 snprintf(sgroup, sizeof(sgroup), "%N", debug_names, group);
104 va_start(args, fmt);
105 vsnprintf(buffer, sizeof(buffer), fmt, args);
106 va_end(args);
107 while (current)
108 { /* log each line separately */
109 next = strchr(current, '\n');
110 if (next)
111 {
112 *(next++) = '\0';
113 }
114 __android_log_print(ANDROID_LOG_INFO, "charon", "00[%s] %s\n",
115 sgroup, current);
116 current = next;
117 }
118 }
119 }
120
121 /**
122 * Initialize file logger
123 */
124 static void initialize_logger(char *logfile)
125 {
126 file_logger_t *file_logger;
127 debug_t group;
128 FILE *file;
129
130 /* truncate an existing file */
131 file = fopen(logfile, "w");
132 if (!file)
133 {
134 DBG1(DBG_DMN, "opening file %s for logging failed: %s",
135 logfile, strerror(errno));
136 return;
137 }
138 /* flush each line */
139 setlinebuf(file);
140
141 file_logger = file_logger_create(file, "%b %e %T", FALSE);
142 for (group = 0; group < DBG_MAX; group++)
143 {
144 file_logger->set_level(file_logger, group, ANDROID_DEBUG_LEVEL);
145 }
146 charon->file_loggers->insert_last(charon->file_loggers, file_logger);
147 charon->bus->add_logger(charon->bus, &file_logger->logger);
148 }
149
150 METHOD(charonservice_t, update_status, bool,
151 private_charonservice_t *this, android_vpn_state_t code)
152 {
153 JNIEnv *env;
154 jmethodID method_id;
155 bool success = FALSE;
156
157 androidjni_attach_thread(&env);
158
159 method_id = (*env)->GetMethodID(env, android_charonvpnservice_class,
160 "updateStatus", "(I)V");
161 if (!method_id)
162 {
163 goto failed;
164 }
165 (*env)->CallVoidMethod(env, this->vpn_service, method_id, (jint)code);
166 success = !androidjni_exception_occurred(env);
167
168 failed:
169 androidjni_exception_occurred(env);
170 androidjni_detach_thread();
171 return success;
172 }
173
174 METHOD(charonservice_t, bypass_socket, bool,
175 private_charonservice_t *this, int fd, int family)
176 {
177 JNIEnv *env;
178 jmethodID method_id;
179
180 androidjni_attach_thread(&env);
181
182 method_id = (*env)->GetMethodID(env, android_charonvpnservice_class,
183 "protect", "(I)Z");
184 if (!method_id)
185 {
186 goto failed;
187 }
188 if (!(*env)->CallBooleanMethod(env, this->vpn_service, method_id, fd))
189 {
190 DBG1(DBG_CFG, "VpnService.protect() failed");
191 goto failed;
192 }
193 androidjni_detach_thread();
194 return TRUE;
195
196 failed:
197 androidjni_exception_occurred(env);
198 androidjni_detach_thread();
199 return FALSE;
200 }
201
202 /**
203 * Converts the given Java array of byte arrays (byte[][]) to a linked list
204 * of chunk_t objects.
205 */
206 static linked_list_t *convert_array_of_byte_arrays(JNIEnv *env,
207 jobjectArray jarray)
208 {
209 linked_list_t *list;
210 jsize i;
211
212 list = linked_list_create();
213 for (i = 0; i < (*env)->GetArrayLength(env, jarray); ++i)
214 {
215 chunk_t *chunk;
216 jbyteArray jbytearray;
217
218 chunk = malloc_thing(chunk_t);
219 list->insert_last(list, chunk);
220
221 jbytearray = (*env)->GetObjectArrayElement(env, jarray, i);
222 *chunk = chunk_alloc((*env)->GetArrayLength(env, jbytearray));
223 (*env)->GetByteArrayRegion(env, jbytearray, 0, chunk->len, chunk->ptr);
224 (*env)->DeleteLocalRef(env, jbytearray);
225 }
226 return list;
227 }
228
229 METHOD(charonservice_t, get_trusted_certificates, linked_list_t*,
230 private_charonservice_t *this)
231 {
232 JNIEnv *env;
233 jmethodID method_id;
234 jobjectArray jcerts;
235 linked_list_t *list;
236
237 androidjni_attach_thread(&env);
238
239 method_id = (*env)->GetMethodID(env,
240 android_charonvpnservice_class,
241 "getTrustedCertificates", "(Ljava/lang/String;)[[B");
242 if (!method_id)
243 {
244 goto failed;
245 }
246 jcerts = (*env)->CallObjectMethod(env, this->vpn_service, method_id, NULL);
247 if (!jcerts)
248 {
249 goto failed;
250 }
251 list = convert_array_of_byte_arrays(env, jcerts);
252 androidjni_detach_thread();
253 return list;
254
255 failed:
256 androidjni_exception_occurred(env);
257 androidjni_detach_thread();
258 return NULL;
259 }
260
261 METHOD(charonservice_t, get_user_certificate, linked_list_t*,
262 private_charonservice_t *this)
263 {
264 JNIEnv *env;
265 jmethodID method_id;
266 jobjectArray jencodings;
267 linked_list_t *list;
268
269 androidjni_attach_thread(&env);
270
271 method_id = (*env)->GetMethodID(env,
272 android_charonvpnservice_class,
273 "getUserCertificate", "()[[B");
274 if (!method_id)
275 {
276 goto failed;
277 }
278 jencodings = (*env)->CallObjectMethod(env, this->vpn_service, method_id, NULL);
279 if (!jencodings)
280 {
281 goto failed;
282 }
283 list = convert_array_of_byte_arrays(env, jencodings);
284 androidjni_detach_thread();
285 return list;
286
287 failed:
288 androidjni_exception_occurred(env);
289 androidjni_detach_thread();
290 return NULL;
291 }
292
293 METHOD(charonservice_t, get_vpnservice_builder, vpnservice_builder_t*,
294 private_charonservice_t *this)
295 {
296 return this->builder;
297 }
298
299 /**
300 * Initiate a new connection
301 *
302 * @param local local ip address (gets owned)
303 * @param gateway gateway address (gets owned)
304 * @param username username (gets owned)
305 * @param password password (gets owned)
306 */
307 static void initiate(char *type, char *local, char *gateway,
308 char *username, char *password)
309 {
310 private_charonservice_t *this = (private_charonservice_t*)charonservice;
311
312 this->creds->clear(this->creds);
313 this->creds->add_username_password(this->creds, username, password);
314 memwipe(password, strlen(password));
315 free(password);
316
317 DESTROY_IF(this->service);
318 this->service = android_service_create(local, gateway, username);
319 free(type);
320 }
321
322 /**
323 * Initialize/deinitialize Android backend
324 */
325 static bool charonservice_register(void *plugin, plugin_feature_t *feature,
326 bool reg, void *data)
327 {
328 private_charonservice_t *this = (private_charonservice_t*)charonservice;
329 if (reg)
330 {
331 lib->credmgr->add_set(lib->credmgr, &this->creds->set);
332 hydra->attributes->add_handler(hydra->attributes,
333 &this->attr->handler);
334 }
335 else
336 {
337 lib->credmgr->remove_set(lib->credmgr, &this->creds->set);
338 hydra->attributes->remove_handler(hydra->attributes,
339 &this->attr->handler);
340 if (this->service)
341 {
342 this->service->destroy(this->service);
343 this->service = NULL;
344 }
345 }
346 return TRUE;
347 }
348
349 /**
350 * Initialize the charonservice object
351 */
352 static void charonservice_init(JNIEnv *env, jobject service, jobject builder)
353 {
354 private_charonservice_t *this;
355 static plugin_feature_t features[] = {
356 PLUGIN_CALLBACK(kernel_net_register, kernel_android_net_create),
357 PLUGIN_PROVIDE(CUSTOM, "kernel-net"),
358 PLUGIN_CALLBACK(kernel_ipsec_register, kernel_android_ipsec_create),
359 PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"),
360 PLUGIN_CALLBACK((plugin_feature_callback_t)charonservice_register, NULL),
361 PLUGIN_PROVIDE(CUSTOM, "Android backend"),
362 PLUGIN_DEPENDS(CUSTOM, "libcharon"),
363 };
364
365 INIT(this,
366 .public = {
367 .update_status = _update_status,
368 .bypass_socket = _bypass_socket,
369 .get_trusted_certificates = _get_trusted_certificates,
370 .get_user_certificate = _get_user_certificate,
371 .get_vpnservice_builder = _get_vpnservice_builder,
372 },
373 .attr = android_attr_create(),
374 .creds = android_creds_create(),
375 .builder = vpnservice_builder_create(builder),
376 .vpn_service = (*env)->NewGlobalRef(env, service),
377 );
378 charonservice = &this->public;
379
380 lib->plugins->add_static_features(lib->plugins, "androidbridge", features,
381 countof(features), TRUE);
382
383 lib->settings->set_int(lib->settings,
384 "charon.plugins.android_log.loglevel", ANDROID_DEBUG_LEVEL);
385 lib->settings->set_int(lib->settings,
386 "charon.retransmit_tries", ANDROID_RETRASNMIT_TRIES);
387 lib->settings->set_double(lib->settings,
388 "charon.retransmit_timeout", ANDROID_RETRANSMIT_TIMEOUT);
389 lib->settings->set_double(lib->settings,
390 "charon.retransmit_base", ANDROID_RETRANSMIT_BASE);
391 lib->settings->set_bool(lib->settings,
392 "charon.close_ike_on_child_failure", TRUE);
393 /* setting the source address breaks the VpnService.protect() function which
394 * uses SO_BINDTODEVICE internally. the addresses provided to the kernel as
395 * auxiliary data have precedence over this option causing a routing loop if
396 * the gateway is contained in the VPN routes. alternatively, providing an
397 * explicit device (in addition or instead of the source address) in the
398 * auxiliary data would also work, but we currently don't have that
399 * information */
400 lib->settings->set_bool(lib->settings,
401 "charon.plugins.socket-default.set_source", FALSE);
402 }
403
404 /**
405 * Deinitialize the charonservice object
406 */
407 static void charonservice_deinit(JNIEnv *env)
408 {
409 private_charonservice_t *this = (private_charonservice_t*)charonservice;
410
411 this->builder->destroy(this->builder);
412 this->creds->destroy(this->creds);
413 this->attr->destroy(this->attr);
414 (*env)->DeleteGlobalRef(env, this->vpn_service);
415 free(this);
416 charonservice = NULL;
417 }
418
419 /**
420 * Handle SIGSEGV/SIGILL signals raised by threads
421 */
422 static void segv_handler(int signal)
423 {
424 dbg_android(DBG_DMN, 1, "thread %u received %d", thread_current_id(),
425 signal);
426 exit(1);
427 }
428
429 /**
430 * Initialize charon and the libraries via JNI
431 */
432 JNI_METHOD(CharonVpnService, initializeCharon, void,
433 jobject builder, jstring jlogfile)
434 {
435 struct sigaction action;
436 struct utsname utsname;
437 char *logfile;
438
439 /* logging for library during initialization, as we have no bus yet */
440 dbg = dbg_android;
441
442 /* initialize library */
443 if (!library_init(NULL))
444 {
445 library_deinit();
446 return;
447 }
448
449 if (!libhydra_init("charon"))
450 {
451 libhydra_deinit();
452 library_deinit();
453 return;
454 }
455
456 if (!libipsec_init())
457 {
458 libipsec_deinit();
459 libhydra_deinit();
460 library_deinit();
461 return;
462 }
463
464 if (!libcharon_init("charon"))
465 {
466 libcharon_deinit();
467 libipsec_deinit();
468 libhydra_deinit();
469 library_deinit();
470 return;
471 }
472
473 logfile = androidjni_convert_jstring(env, jlogfile);
474 initialize_logger(logfile);
475 free(logfile);
476
477 charonservice_init(env, this, builder);
478
479 if (uname(&utsname) != 0)
480 {
481 memset(&utsname, 0, sizeof(utsname));
482 }
483 DBG1(DBG_DMN, "Starting IKE charon daemon (strongSwan "VERSION", %s %s, %s)",
484 utsname.sysname, utsname.release, utsname.machine);
485
486 if (!charon->initialize(charon, PLUGINS))
487 {
488 libcharon_deinit();
489 charonservice_deinit(env);
490 libipsec_deinit();
491 libhydra_deinit();
492 library_deinit();
493 return;
494 }
495
496 /* add handler for SEGV and ILL etc. */
497 action.sa_handler = segv_handler;
498 action.sa_flags = 0;
499 sigemptyset(&action.sa_mask);
500 sigaction(SIGSEGV, &action, NULL);
501 sigaction(SIGILL, &action, NULL);
502 sigaction(SIGBUS, &action, NULL);
503 action.sa_handler = SIG_IGN;
504 sigaction(SIGPIPE, &action, NULL);
505
506 /* start daemon (i.e. the threads in the thread-pool) */
507 charon->start(charon);
508 }
509
510 /**
511 * Deinitialize charon and all libraries
512 */
513 JNI_METHOD(CharonVpnService, deinitializeCharon, void)
514 {
515 /* deinitialize charon before we destroy our own objects */
516 libcharon_deinit();
517 charonservice_deinit(env);
518 libipsec_deinit();
519 libhydra_deinit();
520 library_deinit();
521 }
522
523 /**
524 * Initiate SA
525 */
526 JNI_METHOD(CharonVpnService, initiate, void,
527 jstring jtype, jstring jlocal_address, jstring jgateway, jstring jusername,
528 jstring jpassword)
529 {
530 char *type, *local_address, *gateway, *username, *password;
531
532 type = androidjni_convert_jstring(env, jtype);
533 local_address = androidjni_convert_jstring(env, jlocal_address);
534 gateway = androidjni_convert_jstring(env, jgateway);
535 username = androidjni_convert_jstring(env, jusername);
536 password = androidjni_convert_jstring(env, jpassword);
537
538 initiate(type, local_address, gateway, username, password);
539 }