android: Allow setting the password in managed profiles

To avoid complicated changes in the UI, users can still update it.  But
the default, if they clear the field, will be the managed password.

src/frontends/android/app/src/main/java/org/strongswan/android/data/ManagedVpnProfile.java

@@ -135,6 +135,7 @@ public class ManagedVpnProfile extends VpnProfile
 
 		setLocalId(local.getString(VpnProfileDataSource.KEY_LOCAL_ID));
 		setUsername(local.getString(VpnProfileDataSource.KEY_USERNAME));
+		setPassword(local.getString(VpnProfileDataSource.KEY_PASSWORD));
 
 		final String userCertificateData = local.getString(VpnProfileDataSource.KEY_USER_CERTIFICATE);
 		final String userCertificatePassword = local.getString(VpnProfileDataSource.KEY_USER_CERTIFICATE_PASSWORD, "");

src/frontends/android/app/src/main/java/org/strongswan/android/data/VpnProfileManagedDataSource.java

@@ -1,4 +1,5 @@
 /*
+ * Copyright (C) 2025 Tobias Brunner
  * Copyright (C) 2023 Relution GmbH
  *
  * Copyright (C) secunet Security Networks AG
@@ -75,17 +76,14 @@ public class VpnProfileManagedDataSource implements VpnProfileDataSource
 	@Override
 	public boolean updateVpnProfile(VpnProfile profile)
 	{
-		final VpnProfile existingProfile = getVpnProfile(profile.getUUID());
+		final VpnProfile managedProfile = mManagedConfigurationService.getManagedProfiles().get(profile.getUUID().toString());
-		if (existingProfile == null)
+		if (managedProfile == null)
 		{
 			return false;
 		}
 
-		final String password = profile.getPassword();
-		existingProfile.setPassword(password);
-
 		final SharedPreferences.Editor editor = mSharedPreferences.edit();
-		editor.putString(profile.getUUID().toString(), password);
+		editor.putString(profile.getUUID().toString(), profile.getPassword());
 		return editor.commit();
 	}
 
@@ -95,17 +93,28 @@ public class VpnProfileManagedDataSource implements VpnProfileDataSource
 		return false;
 	}
 
+	/**
+	 * Clone and prepare the given managed profile before handing it out.
+	 * @param managedProfile profile to prepare
+	 */
+	private VpnProfile prepareVpnProfile(VpnProfile managedProfile)
+	{
+		final String password = mSharedPreferences.getString(managedProfile.getUUID().toString(), managedProfile.getPassword());
+		final VpnProfile vpnProfile = managedProfile.clone();
+		vpnProfile.setPassword(password);
+		vpnProfile.setDataSource(this);
+		return vpnProfile;
+	}
+
 	@Override
 	public VpnProfile getVpnProfile(UUID uuid)
 	{
-		final VpnProfile vpnProfile = mManagedConfigurationService.getManagedProfiles().get(uuid.toString());
+		final VpnProfile managedProfile = mManagedConfigurationService.getManagedProfiles().get(uuid.toString());
-		if (vpnProfile != null)
+		if (managedProfile != null)
 		{
-			final String password = mSharedPreferences.getString(uuid.toString(), vpnProfile.getPassword());
+			return prepareVpnProfile(managedProfile);
-			vpnProfile.setPassword(password);
-			vpnProfile.setDataSource(this);
 		}
-		return vpnProfile;
+		return null;
 	}
 
 	@Override
@@ -113,12 +122,9 @@ public class VpnProfileManagedDataSource implements VpnProfileDataSource
 	{
 		final Map<String, ManagedVpnProfile> managedVpnProfiles = mManagedConfigurationService.getManagedProfiles();
 		final List<VpnProfile> vpnProfiles = new ArrayList<>();
-		for (final VpnProfile vpnProfile : managedVpnProfiles.values())
+		for (final VpnProfile managedProfile : managedVpnProfiles.values())
 		{
-			final String password = mSharedPreferences.getString(vpnProfile.getUUID().toString(), vpnProfile.getPassword());
+			vpnProfiles.add(prepareVpnProfile(managedProfile));
-			vpnProfile.setPassword(password);
-			vpnProfile.setDataSource(this);
-			vpnProfiles.add(vpnProfile);
 		}
 		return vpnProfiles;
 	}

src/frontends/android/app/src/main/res/values-de/strings_managed_configuration.xml

@@ -85,6 +85,8 @@
     <string name="managed_config_local_bundle_description">Specifies information about the client</string>
     <string name="managed_config_local_eap_id_title">Identity/username for EAP authentication (Optional)</string>
     <string name="managed_config_local_eap_id_description">If this is required (for username/password-based EAP authentication) but not configured here, the user is prompted for it. If it is set, the user is not able to change it. In both cases the user may optionally enter the password</string>
+    <string name="managed_config_local_eap_password_title">Password for EAP authentication (Optional)</string>
+    <string name="managed_config_local_eap_password_description">If this is required (for username/password-based EAP authentication) but not configured here, the user is prompted for it and may store it locally</string>
     <string name="managed_config_local_id_title">@string/profile_local_id_label</string>
     <string name="managed_config_local_id_description">@string/profile_local_id_hint_user</string>
     <string name="managed_config_local_p12_title">@string/profile_user_certificate_label</string>

src/frontends/android/app/src/main/res/values-pl/strings_managed_configuration.xml

@@ -85,6 +85,8 @@
     <string name="managed_config_local_bundle_description">Specifies information about the client</string>
     <string name="managed_config_local_eap_id_title">Identity/username for EAP authentication (Optional)</string>
     <string name="managed_config_local_eap_id_description">If this is required (for username/password-based EAP authentication) but not configured here, the user is prompted for it. If it is set, the user is not able to change it. In both cases the user may optionally enter the password</string>
+    <string name="managed_config_local_eap_password_title">Password for EAP authentication (Optional)</string>
+    <string name="managed_config_local_eap_password_description">If this is required (for username/password-based EAP authentication) but not configured here, the user is prompted for it and may store it locally</string>
     <string name="managed_config_local_id_title">@string/profile_local_id_label</string>
     <string name="managed_config_local_id_description">@string/profile_local_id_hint_user</string>
     <string name="managed_config_local_p12_title">@string/profile_user_certificate_label</string>

src/frontends/android/app/src/main/res/values-ru/strings_managed_configuration.xml

@@ -85,6 +85,8 @@
     <string name="managed_config_local_bundle_description">Specifies information about the client</string>
     <string name="managed_config_local_eap_id_title">Identity/username for EAP authentication (Optional)</string>
     <string name="managed_config_local_eap_id_description">If this is required (for username/password-based EAP authentication) but not configured here, the user is prompted for it. If it is set, the user is not able to change it. In both cases the user may optionally enter the password</string>
+    <string name="managed_config_local_eap_password_title">Password for EAP authentication (Optional)</string>
+    <string name="managed_config_local_eap_password_description">If this is required (for username/password-based EAP authentication) but not configured here, the user is prompted for it and may store it locally</string>
     <string name="managed_config_local_id_title">@string/profile_local_id_label</string>
     <string name="managed_config_local_id_description">@string/profile_local_id_hint_user</string>
     <string name="managed_config_local_p12_title">@string/profile_user_certificate_label</string>

src/frontends/android/app/src/main/res/values-uk/strings_managed_configuration.xml

@@ -85,6 +85,8 @@
     <string name="managed_config_local_bundle_description">Specifies information about the client</string>
     <string name="managed_config_local_eap_id_title">Identity/username for EAP authentication (Optional)</string>
     <string name="managed_config_local_eap_id_description">If this is required (for username/password-based EAP authentication) but not configured here, the user is prompted for it. If it is set, the user is not able to change it. In both cases the user may optionally enter the password</string>
+    <string name="managed_config_local_eap_password_title">Password for EAP authentication (Optional)</string>
+    <string name="managed_config_local_eap_password_description">If this is required (for username/password-based EAP authentication) but not configured here, the user is prompted for it and may store it locally</string>
     <string name="managed_config_local_id_title">@string/profile_local_id_label</string>
     <string name="managed_config_local_id_description">@string/profile_local_id_hint_user</string>
     <string name="managed_config_local_p12_title">@string/profile_user_certificate_label</string>

src/frontends/android/app/src/main/res/values-zh-rCN/strings_managed_configuration.xml

@@ -85,6 +85,8 @@
     <string name="managed_config_local_bundle_description">Specifies information about the client</string>
     <string name="managed_config_local_eap_id_title">Identity/username for EAP authentication (Optional)</string>
     <string name="managed_config_local_eap_id_description">If this is required (for username/password-based EAP authentication) but not configured here, the user is prompted for it. If it is set, the user is not able to change it. In both cases the user may optionally enter the password</string>
+    <string name="managed_config_local_eap_password_title">Password for EAP authentication (Optional)</string>
+    <string name="managed_config_local_eap_password_description">If this is required (for username/password-based EAP authentication) but not configured here, the user is prompted for it and may store it locally</string>
     <string name="managed_config_local_id_title">@string/profile_local_id_label</string>
     <string name="managed_config_local_id_description">@string/profile_local_id_hint_user</string>
     <string name="managed_config_local_p12_title">@string/profile_user_certificate_label</string>

src/frontends/android/app/src/main/res/values-zh-rTW/strings_managed_configuration.xml

@@ -85,6 +85,8 @@
     <string name="managed_config_local_bundle_description">Specifies information about the client</string>
     <string name="managed_config_local_eap_id_title">Identity/username for EAP authentication (Optional)</string>
     <string name="managed_config_local_eap_id_description">If this is required (for username/password-based EAP authentication) but not configured here, the user is prompted for it. If it is set, the user is not able to change it. In both cases the user may optionally enter the password</string>
+    <string name="managed_config_local_eap_password_title">Password for EAP authentication (Optional)</string>
+    <string name="managed_config_local_eap_password_description">If this is required (for username/password-based EAP authentication) but not configured here, the user is prompted for it and may store it locally</string>
     <string name="managed_config_local_id_title">@string/profile_local_id_label</string>
     <string name="managed_config_local_id_description">@string/profile_local_id_hint_user</string>
     <string name="managed_config_local_p12_title">@string/profile_user_certificate_label</string>

src/frontends/android/app/src/main/res/values/strings_managed_configuration.xml

@@ -85,6 +85,8 @@
     <string name="managed_config_local_bundle_description">Specifies information about the client</string>
     <string name="managed_config_local_eap_id_title">Identity/username for EAP authentication (Optional)</string>
     <string name="managed_config_local_eap_id_description">If this is required (for username/password-based EAP authentication) but not configured here, the user is prompted for it. If it is set, the user is not able to change it. In both cases the user may optionally enter the password</string>
+    <string name="managed_config_local_eap_password_title">Password for EAP authentication (Optional)</string>
+    <string name="managed_config_local_eap_password_description">If this is required (for username/password-based EAP authentication) but not configured here, the user is prompted for it and may store it locally</string>
     <string name="managed_config_local_id_title">@string/profile_local_id_label</string>
     <string name="managed_config_local_id_description">@string/profile_local_id_hint_user</string>
     <string name="managed_config_local_p12_title">@string/profile_user_certificate_label</string>

src/frontends/android/app/src/main/res/xml/managed_configuration.xml

@@ -176,6 +176,13 @@
                     android:restrictionType="string"
                     android:title="@string/managed_config_local_eap_id_title" />
 
+                <restriction
+                    android:defaultValue=""
+                    android:description="@string/managed_config_local_eap_password_description"
+                    android:key="password"
+                    android:restrictionType="string"
+                    android:title="@string/managed_config_local_eap_password_title" />
+
                 <restriction
                     android:defaultValue=""
                     android:description="@string/managed_config_local_id_description"