1
0
mirror of https://github.com/moparisthebest/k-9 synced 2024-11-30 13:12:25 -05:00

Synchronize access to sClientCertificateReferenceWorkaround

Also, refactor for easier readability.
This commit is contained in:
cketti 2014-08-18 04:33:56 +02:00
parent c8f6c4d625
commit 4ce2a56b0c

View File

@ -13,6 +13,7 @@ import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.security.auth.x500.X500Principal;
import android.content.Context;
import android.os.Build;
import android.security.KeyChain;
import android.security.KeyChainException;
@ -31,12 +32,19 @@ public class KeyChainKeyManager extends X509ExtendedKeyManager {
private static PrivateKey sClientCertificateReferenceWorkaround;
private static synchronized void savePrivateKeyReference(PrivateKey privateKey) {
if (sClientCertificateReferenceWorkaround == null) {
sClientCertificateReferenceWorkaround = privateKey;
}
}
private String mAlias;
private X509Certificate[] mChain;
private PrivateKey mPrivateKey;
/**
* @param alias Must not be null nor empty
* @throws MessagingException
@ -46,28 +54,10 @@ public class KeyChainKeyManager extends X509ExtendedKeyManager {
public KeyChainKeyManager(String alias) throws MessagingException {
mAlias = alias;
Context context = K9.app;
try {
mChain = KeyChain.getCertificateChain(K9.app, alias);
if (mChain == null || mChain.length == 0) {
throw new MessagingException("No certificate chain found for: " + alias);
}
/*
* We need to keep reference to the first private key retrieved so
* it won't get garbage collected. If it will then the whole app
* will crash on Android < 4.2 with "Fatal signal 11 code=1". See
* https://code.google.com/p/android/issues/detail?id=62319
*/
if (sClientCertificateReferenceWorkaround == null
&& Build.VERSION.SDK_INT < Build.VERSION_CODES.JELLY_BEAN_MR1) {
mPrivateKey = retrieveFirstPrivateKey(alias);
} else {
mPrivateKey = KeyChain.getPrivateKey(K9.app, alias);
}
if (mPrivateKey == null) {
throw new MessagingException("No private key found for: " + alias);
}
mChain = fetchCertificateChain(context, alias);
mPrivateKey = fetchPrivateKey(context, alias);
} catch (KeyChainException e) {
// The certificate was possibly deleted. Notify user of error.
throw new CertificateValidationException(K9.app.getString(
@ -78,6 +68,38 @@ public class KeyChainKeyManager extends X509ExtendedKeyManager {
}
}
private X509Certificate[] fetchCertificateChain(Context context, String alias)
throws KeyChainException, InterruptedException, MessagingException {
X509Certificate[] chain = KeyChain.getCertificateChain(context, alias);
if (chain == null || chain.length == 0) {
throw new MessagingException("No certificate chain found for: " + alias);
}
return chain;
}
private PrivateKey fetchPrivateKey(Context context, String alias) throws KeyChainException,
InterruptedException, MessagingException {
PrivateKey privateKey = KeyChain.getPrivateKey(context, alias);
if (privateKey == null) {
throw new MessagingException("No private key found for: " + alias);
}
/*
* We need to keep reference to the first private key retrieved so
* it won't get garbage collected. If it will then the whole app
* will crash on Android < 4.2 with "Fatal signal 11 code=1". See
* https://code.google.com/p/android/issues/detail?id=62319
*/
if (Build.VERSION.SDK_INT < Build.VERSION_CODES.JELLY_BEAN_MR1) {
savePrivateKeyReference(privateKey);
}
return privateKey;
}
@Override
public String chooseClientAlias(String[] keyTypes, Principal[] issuers, Socket socket) {
return chooseAlias(keyTypes, issuers);
@ -93,15 +115,6 @@ public class KeyChainKeyManager extends X509ExtendedKeyManager {
return (mAlias.equals(alias) ? mPrivateKey : null);
}
private synchronized PrivateKey retrieveFirstPrivateKey(String alias)
throws KeyChainException, InterruptedException {
PrivateKey key = KeyChain.getPrivateKey(K9.app, alias);
if (sClientCertificateReferenceWorkaround == null) {
sClientCertificateReferenceWorkaround = key;
}
return key;
}
@Override
public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) {
return chooseAlias(new String[] { keyType }, issuers);