Load single certificates directly from the KeyStore if we cannot get the read lock
authorTobias Brunner <tobias@strongswan.org>
Thu, 9 Aug 2012 14:00:35 +0000 (16:00 +0200)
committerTobias Brunner <tobias@strongswan.org>
Mon, 13 Aug 2012 09:22:19 +0000 (11:22 +0200)
This helps when running in the emulator as loading the certificates
takes quite a while there.  This way a configured CA certificates is loaded
directly without having to wait for all certificates being cached.

src/frontends/android/src/org/strongswan/android/logic/TrustedCertificateManager.java

index 04a292a..74868dc 100644 (file)
@@ -147,9 +147,32 @@ public class TrustedCertificateManager
         */
        public X509Certificate getCACertificateFromAlias(String alias)
        {
-               this.mLock.readLock().lock();
-               X509Certificate certificate = this.mCACerts.get(alias);
-               this.mLock.readLock().unlock();
+               X509Certificate certificate = null;
+
+               if (this.mLock.readLock().tryLock())
+               {
+                       certificate = this.mCACerts.get(alias);
+                       this.mLock.readLock().unlock();
+               }
+               else
+               {       /* if we cannot get the lock load it directly from the KeyStore,
+                        * should be fast for a single certificate */
+                       try
+                       {
+                               KeyStore store = KeyStore.getInstance("AndroidCAStore");
+                               store.load(null, null);
+                               Certificate cert = store.getCertificate(alias);
+                               if (cert != null && cert instanceof X509Certificate)
+                               {
+                                       certificate = (X509Certificate)cert;
+                               }
+                       }
+                       catch (Exception e)
+                       {
+                               e.printStackTrace();
+                       }
+
+               }
                return certificate;
        }