Fix for PIN-retry on eap-tls

GarethAyres · GarethAyres · commit 5110cb94a4bf · 2018-11-05T18:39:30.000Z
diff --git a/AndroidManifest.xml b/AndroidManifest.xml
@@ -1,8 +1,8 @@
 <?xml version="1.0" encoding="utf-8"?>
 <manifest xmlns:android="http://schemas.android.com/apk/res/android"
     package="uk.ac.swansea.eduroamcat"
-    android:versionCode="48"
-    android:versionName="1.2.3">
+    android:versionCode="49"
+    android:versionName="1.2.4">
 
     <uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
     <uses-permission android:name="android.permission.CHANGE_WIFI_STATE" />
diff --git a/src/uk/ac/swansea/eduroamcat/AuthenticationMethod.java b/src/uk/ac/swansea/eduroamcat/AuthenticationMethod.java
@@ -273,6 +273,7 @@ public boolean loadClientCert(String ausercert, String format, String encoding,S
 		this.setClientCertPass(keypass);
 		//store orignal cypher text
 		this.clientCert=ausercert;
+		Boolean keyError=false;
 
 		if ( format.compareToIgnoreCase("PKCS12")==0) {
 			try {
@@ -295,24 +296,29 @@ public boolean loadClientCert(String ausercert, String format, String encoding,S
                     try {
                         privateKey = (PrivateKey) keyStore.getKey(alias,keypass.toCharArray());
                     } catch (UnrecoverableKeyException e) {
+						keyError=true;
                         e.printStackTrace();
                     }
                 }
 			}
 			catch (java.security.KeyStoreException ke) {
 				eduroamCAT.debug("KeyStore Exception "+ ke);
+				keyError=true;
 			} catch (CertificateException e) {
+				keyError=true;
 				e.printStackTrace();
 			} catch (NoSuchAlgorithmException e) {
+				keyError=true;
 				e.printStackTrace();
 			} catch (IOException e) {
+				keyError=true;
 				e.printStackTrace();
 			}
 
 		}
 
 		//If cert is set
-		if (keyStore!=null)
+		if (keyStore!=null && keyError==false)
 		{
 			eduroamCAT.debug("ClientCert installed:"+ausercert);
 	    //	checks on supported eap types?
@@ -332,6 +338,7 @@ public boolean loadClientCert(String ausercert, String format, String encoding,S
 	//return Client cert key
 	public PrivateKey getClientPrivateKey() {
 		try {
+			if (keyStore!=null)
 			if (keyStore.size() > 0) {
 				Enumeration<String> aliases = keyStore.aliases();
 				while (aliases.hasMoreElements()) {
@@ -375,6 +382,7 @@ public Certificate[] getClientChain() {
 		public X509Certificate getClientCert()
 		{
 			try {
+				if (keyStore!=null)
 				if (keyStore.size() > 0) {
 					Enumeration<String> aliases = keyStore.aliases();
 					while (aliases.hasMoreElements()) {
diff --git a/src/uk/ac/swansea/eduroamcat/ConfigProfile.java b/src/uk/ac/swansea/eduroamcat/ConfigProfile.java
@@ -36,6 +36,13 @@ public void setConfigError(String errorMessage)
 		this.error=true;
 		this.errorMessage=errorMessage;
 	}
+
+	//remove error
+	public void clearConfigError()
+	{
+		this.error=false;
+		this.errorMessage="";
+	}
 	
 	//Return if error or not
 	public boolean isError()
diff --git a/src/uk/ac/swansea/eduroamcat/EAPMetadata.java b/src/uk/ac/swansea/eduroamcat/EAPMetadata.java
@@ -51,6 +51,8 @@ public class EAPMetadata extends Activity {
 	static Button discard,install;
 	ProfilesStorage db = new ProfilesStorage(this);
 	String keyPass=""; //default to nothing to start (optional)
+	//global clietn cert value for retry
+	static NodeList clientCert;
 	
 	public boolean testExternalStorage()
 	{
@@ -428,6 +430,21 @@ public void onClick(DialogInterface dialog, int which) {
 				.show();
 				// finish();
 			}
+
+		if (eduroamCAT.profiles!=null)
+		if (eduroamCAT.profiles.size()>0)
+			if (eduroamCAT.profiles.get(eduroamCAT.profiles.size()-1).isError())
+			{
+				//if eap-tls, request pin again
+				int lastAuthMethod = 0;
+				lastAuthMethod = eduroamCAT.profiles.get(eduroamCAT.profiles.size()-1).getNumberAuthenticationMethods();
+				if (eduroamCAT.profiles.get(eduroamCAT.profiles.size()-1).getAuthenticationMethod(lastAuthMethod-1).getOuterEAPType()==13)
+					if (eduroamCAT.profiles.get(eduroamCAT.profiles.size()-1).getAuthenticationMethod(lastAuthMethod-1).getClientPrivateKey()==null)
+					{
+						requestKeypass(getString(R.string.PinDialog),getString(R.string.PinDialog),this, clientCert);
+						eduroamCAT.debug("No valid auth method in profile. check if tls and req PIN again");
+					}
+			}
 	}
 
 	/**
@@ -439,7 +456,7 @@ private void setupActionBar() {
 
 	}
 
-    public static void requestKeypass(String message, String title, Activity activ, final NodeList clientCert, final AuthenticationMethod newAuthMethod)
+    public static void requestKeypass(String message, String title, Activity activ, final NodeList clientCertx)
     {
 		// Set an EditText view to get user input
 		final EditText input = new EditText(activ);
@@ -453,7 +470,7 @@ public void onClick(DialogInterface dialog, int which) {
 						eduroamCAT.debug("PIN=" + pin);
 						String certstring = "";
 						Element Clientcert = null;
-
+						if (clientCertx.getLength()>0) clientCert = clientCertx;
 						if (clientCert.getLength() > 0) {
 							for (int s = 0; s < clientCert.getLength(); s++) {
 								Clientcert = (Element) clientCert.item(s);
@@ -478,13 +495,16 @@ public void onClick(DialogInterface dialog, int which) {
 													if (aAuthMethod.getOuterEAPType()==13)
 													try {
 													    eduroamCAT.debug("adding client cert:" +tmp + "with pin "+pin);
-														aAuthMethod.loadClientCert(tmp, Clientcert.getAttribute("format"), Clientcert.getAttribute("encoding"), pin);
-														aAuthMethod.setClientCertPass(pin);
-														aProfile.removeAuthenticationMethod(i);
-														aProfile.addAuthenticationMethod(aAuthMethod);
-														eduroamCAT.profiles.set(eduroamCAT.profiles.size() - 1,aProfile);
+														if (aAuthMethod.loadClientCert(tmp, Clientcert.getAttribute("format"), Clientcert.getAttribute("encoding"), pin)) {
+															aAuthMethod.setClientCertPass(pin);
+															aProfile.removeAuthenticationMethod(i);
+															aProfile.addAuthenticationMethod(aAuthMethod);
+															eduroamCAT.profiles.set(eduroamCAT.profiles.size() - 1, aProfile);
+														}
+														else eduroamCAT.profiles.get(eduroamCAT.profiles.size()-1).setConfigError("Client cert error");
 													} catch (KeyStoreException e) {
 														e.printStackTrace();
+														eduroamCAT.profiles.get(eduroamCAT.profiles.size()-1).setConfigError("Client cert error");
 													}
 												}
 											}
@@ -493,6 +513,12 @@ public void onClick(DialogInterface dialog, int which) {
 						}
 					}
                 })
+				.setNegativeButton(R.string.discard_button, new DialogInterface.OnClickListener() {
+					public void onClick(DialogInterface dialog, int which) {
+						//cancel install of
+						eduroamCAT.debug("User discard...");
+					}
+				})
 				.setView(input)
                 .show();
     }
@@ -630,10 +656,8 @@ public ArrayList<ConfigProfile> parseProfile(String config) throws IOException,
 
 						//get Client cert
                         //get keypass from user
-						NodeList clientCert = authElement.getElementsByTagName("ClientCertificate");
-                        if (clientCert.getLength()>0) requestKeypass("Enter PIN","Enter PIN",this,clientCert,newAuthMethod);
-
-
+						clientCert = authElement.getElementsByTagName("ClientCertificate");
+                        if (clientCert.getLength()>0) requestKeypass(getString(R.string.PinDialog),getString(R.string.PinDialog),this,clientCert);
 			    	}
 			    }
 			    
