android: Encode connection settings as single Java string argument
[strongswan.git] / src / frontends / android / jni / libandroidbridge / backend / android_creds.c
index ee9549d..ddc0326 100644 (file)
@@ -34,7 +34,7 @@ struct private_android_creds_t {
        android_creds_t public;
 
        /**
-        * Credential set storing trusted certificates
+        * Credential set storing trusted certificates and user credentials
         */
        mem_cred_t *creds;
 
@@ -50,6 +50,15 @@ struct private_android_creds_t {
 };
 
 /**
+ * Free allocated DER encoding
+ */
+static void free_encoding(chunk_t *chunk)
+{
+       chunk_free(chunk);
+       free(chunk);
+}
+
+/**
  * Load trusted certificates via charonservice (JNI).
  */
 static void load_trusted_certificates(private_android_creds_t *this)
@@ -71,8 +80,7 @@ static void load_trusted_certificates(private_android_creds_t *this)
                                         cert->get_subject(cert));
                                this->creds->add_cert(this->creds, TRUE, cert);
                        }
-                       chunk_free(current);
-                       free(current);
+                       free_encoding(current);
                }
                certs->destroy(certs);
        }
@@ -84,7 +92,7 @@ METHOD(credential_set_t, create_cert_enumerator, enumerator_t*,
 {
        enumerator_t *enumerator;
 
-       if (!trusted || (cert != CERT_ANY && cert != CERT_X509))
+       if (cert != CERT_ANY && cert != CERT_X509)
        {
                return NULL;
        }
@@ -108,6 +116,99 @@ METHOD(credential_set_t, create_cert_enumerator, enumerator_t*,
                                                                         this->lock);
 }
 
+METHOD(android_creds_t, add_username_password, void,
+       private_android_creds_t *this, char *username, char *password)
+{
+       shared_key_t *shared_key;
+       identification_t *id;
+       chunk_t secret;
+
+       secret = chunk_create(password, strlen(password));
+       shared_key = shared_key_create(SHARED_EAP, chunk_clone(secret));
+       id = identification_create_from_string(username);
+
+       this->creds->add_shared(this->creds, shared_key, id, NULL);
+}
+
+METHOD(credential_set_t, create_shared_enumerator, enumerator_t*,
+       private_android_creds_t *this, shared_key_type_t type,
+       identification_t *me, identification_t *other)
+{
+       return this->creds->set.create_shared_enumerator(&this->creds->set,
+                                                                                                        type, me, other);
+}
+
+METHOD(android_creds_t, load_user_certificate, certificate_t*,
+       private_android_creds_t *this)
+{
+       linked_list_t *encodings;
+       certificate_t *cert = NULL, *ca_cert;
+       chunk_t *current;
+
+       encodings = charonservice->get_user_certificate(charonservice);
+       if (!encodings)
+       {
+               return NULL;
+       }
+
+       while (encodings->remove_first(encodings, (void**)&current) == SUCCESS)
+       {
+               if (!cert)
+               {       /* the first element is the user certificate */
+                       cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
+                                                                         BUILD_BLOB_ASN1_DER, *current, BUILD_END);
+                       if (!cert)
+                       {
+                               DBG1(DBG_CFG, "failed to load user certificate");
+                               free_encoding(current);
+                               break;
+                       }
+                       DBG1(DBG_CFG, "loaded user certificate '%Y' and private key",
+                                cert->get_subject(cert));
+                       cert = this->creds->add_cert_ref(this->creds, TRUE, cert);
+                       free_encoding(current);
+                       continue;
+               }
+               /* the rest are CA certificates, we ignore failures */
+               ca_cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
+                                                                        BUILD_BLOB_ASN1_DER, *current, BUILD_END);
+               if (ca_cert)
+               {
+                       DBG1(DBG_CFG, "loaded CA certificate '%Y'",
+                                ca_cert->get_subject(ca_cert));
+                       this->creds->add_cert(this->creds, TRUE, ca_cert);
+               }
+               free_encoding(current);
+       }
+       encodings->destroy_function(encodings, (void*)free_encoding);
+
+       if (cert)
+       {
+               private_key_t *key;
+
+               key = charonservice->get_user_key(charonservice,
+                                                                                 cert->get_public_key(cert));
+               if (key)
+               {
+                       this->creds->add_key(this->creds, key);
+               }
+               else
+               {
+                       DBG1(DBG_CFG, "failed to load private key");
+                       cert->destroy(cert);
+                       cert = NULL;
+               }
+       }
+       return cert;
+}
+
+METHOD(credential_set_t, create_private_enumerator, enumerator_t*,
+       private_android_creds_t *this, key_type_t type, identification_t *id)
+{
+       return this->creds->set.create_private_enumerator(&this->creds->set,
+                                                                                                         type, id);
+}
+
 METHOD(android_creds_t, clear, void,
        private_android_creds_t *this)
 {
@@ -137,11 +238,13 @@ android_creds_t *android_creds_create()
                .public = {
                        .set = {
                                .create_cert_enumerator = _create_cert_enumerator,
-                               .create_shared_enumerator = (void*)return_null,
-                               .create_private_enumerator = (void*)return_null,
+                               .create_shared_enumerator = _create_shared_enumerator,
+                               .create_private_enumerator = _create_private_enumerator,
                                .create_cdp_enumerator = (void*)return_null,
                                .cache_cert = (void*)nop,
                        },
+                       .add_username_password = _add_username_password,
+                       .load_user_certificate = _load_user_certificate,
                        .clear = _clear,
                        .destroy = _destroy,
                },