android: Catch NullPointerException when parsing invalid certificates
authorTobias Brunner <tobias@strongswan.org>
Thu, 6 Jul 2017 13:40:42 +0000 (15:40 +0200)
committerTobias Brunner <tobias@strongswan.org>
Mon, 4 Sep 2017 08:41:24 +0000 (10:41 +0200)
src/frontends/android/app/src/main/java/org/strongswan/android/security/TrustedCertificateEntry.java

index 5e9873d..4a1dc8e 100644 (file)
@@ -43,29 +43,38 @@ public class TrustedCertificateEntry implements Comparable<TrustedCertificateEnt
                mCert = cert;
                mAlias = alias;
 
-               SslCertificate ssl = new SslCertificate(mCert);
-               String o = ssl.getIssuedTo().getOName();
-               String ou = ssl.getIssuedTo().getUName();
-               String cn = ssl.getIssuedTo().getCName();
-               if (!o.isEmpty())
+               try
                {
-                       mSubjectPrimary = o;
-                       if (!cn.isEmpty())
+                       SslCertificate ssl = new SslCertificate(mCert);
+                       String o = ssl.getIssuedTo().getOName();
+                       String ou = ssl.getIssuedTo().getUName();
+                       String cn = ssl.getIssuedTo().getCName();
+                       if (!o.isEmpty())
                        {
-                               mSubjectSecondary = cn;
+                               mSubjectPrimary = o;
+                               if (!cn.isEmpty())
+                               {
+                                       mSubjectSecondary = cn;
+                               }
+                               else if (!ou.isEmpty())
+                               {
+                                       mSubjectSecondary = ou;
+                               }
                        }
-                       else if (!ou.isEmpty())
+                       else if (!cn.isEmpty())
                        {
-                               mSubjectSecondary = ou;
+                               mSubjectPrimary = cn;
+                       }
+                       else
+                       {
+                               mSubjectPrimary = ssl.getIssuedTo().getDName();
                        }
                }
-               else if (!cn.isEmpty())
-               {
-                       mSubjectPrimary = cn;
-               }
-               else
+               catch (NullPointerException ex)
                {
-                       mSubjectPrimary = ssl.getIssuedTo().getDName();
+                       /* this has been seen in Play Console for certificates for which notBefore apparently
+                        * can't be parsed (which SslCertificate() does) */
+                       mSubjectPrimary = cert.getSubjectDN().getName();
                }
        }