sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-04 00:00:14 -04:00
Code Issues Projects Releases Wiki Activity

android: Add trusted and user certificates to ManagedVpnProfile

Browse Source
This commit is contained in:
Markus Pfeiffer 2023-11-21 15:37:23 +01:00 committed by Tobias Brunner
parent 9cbc03e84f
commit 6882f17741
1 changed files with 101 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

131
src/frontends/android/app/src/main/java/org/strongswan/android/data/ManagedVpnProfile.java
View File

@ -21,8 +21,11 @@ import android.text.TextUtils;
import org.strongswan.android.utils.Constants; import org.strongswan.android.utils.Constants;
import java.util.Objects;
import java.util.UUID; import java.util.UUID;
import androidx.annotation.Nullable;
public class ManagedVpnProfile extends VpnProfile public class ManagedVpnProfile extends VpnProfile
{ {
private static final String KEY_REMOTE = "remote"; private static final String KEY_REMOTE = "remote";
@ -40,6 +43,9 @@ public class ManagedVpnProfile extends VpnProfile
private static final String KEY_SPLIT_TUNNELLING_BLOCK_IPV4_FLAG = "split_tunnelling_block_ipv4"; private static final String KEY_SPLIT_TUNNELLING_BLOCK_IPV4_FLAG = "split_tunnelling_block_ipv4";
private static final String KEY_SPLIT_TUNNELLING_BLOCK_IPV6_FLAG = "split_tunnelling_block_ipv6"; private static final String KEY_SPLIT_TUNNELLING_BLOCK_IPV6_FLAG = "split_tunnelling_block_ipv6";
private ManagedTrustedCertificate trustedCertificate;
private ManagedUserCertificate userCertificate;
ManagedVpnProfile(final Bundle bundle, final UUID uuid) ManagedVpnProfile(final Bundle bundle, final UUID uuid)
{ {
int flags = 0; int flags = 0;
@ -51,41 +57,14 @@ public class ManagedVpnProfile extends VpnProfile
setVpnType(VpnType.fromIdentifier(bundle.getString(VpnProfileDataSource.KEY_VPN_TYPE))); setVpnType(VpnType.fromIdentifier(bundle.getString(VpnProfileDataSource.KEY_VPN_TYPE)));
final Bundle remote = bundle.getBundle(KEY_REMOTE); final Bundle remote = bundle.getBundle(KEY_REMOTE);
if (remote != null) flags = configureRemote(uuid, remote, flags);
{
setGateway(remote.getString(VpnProfileDataSource.KEY_GATEWAY));
setPort(getInt(remote, VpnProfileDataSource.KEY_PORT, 1, 65535));
setRemoteId(remote.getString(VpnProfileDataSource.KEY_REMOTE_ID));
setCertificateAlias(remote.getString(VpnProfileDataSource.KEY_CERTIFICATE));
flags = addNegativeFlag(flags, remote, KEY_REMOTE_CERT_REQ_FLAG, VpnProfile.FLAGS_SUPPRESS_CERT_REQS);
flags = addNegativeFlag(flags, remote, KEY_REMOTE_REVOCATION_CRL_FLAG, VpnProfile.FLAGS_DISABLE_CRL);
flags = addNegativeFlag(flags, remote, KEY_REMOTE_REVOCATION_OCSP_FLAG, VpnProfile.FLAGS_DISABLE_OCSP);
flags = addPositiveFlag(flags, remote, KEY_REMOTE_REVOCATION_STRICT_FLAG, VpnProfile.FLAGS_STRICT_REVOCATION);
}
final Bundle local = bundle.getBundle(KEY_LOCAL); final Bundle local = bundle.getBundle(KEY_LOCAL);
if (local != null) flags = configureLocal(uuid, local, flags);
{
setLocalId(local.getString(VpnProfileDataSource.KEY_LOCAL_ID));
setUsername(local.getString(VpnProfileDataSource.KEY_USERNAME));
flags = addPositiveFlag(flags, local, KEY_LOCAL_RSA_PSS_FLAG, VpnProfile.FLAGS_RSA_PSS);
}
final String includedPackageNames = bundle.getString(KEY_INCLUDED_APPS); final String includedPackageNames = bundle.getString(KEY_INCLUDED_APPS);
final String excludedPackageNames = bundle.getString(KEY_EXCLUDED_APPS); final String excludedPackageNames = bundle.getString(KEY_EXCLUDED_APPS);
configureSelectedApps(includedPackageNames, excludedPackageNames);
if (!TextUtils.isEmpty(includedPackageNames))
{
setSelectedAppsHandling(VpnProfile.SelectedAppsHandling.SELECTED_APPS_ONLY);
setSelectedApps(includedPackageNames);
}
else if (!TextUtils.isEmpty(excludedPackageNames))
{
setSelectedAppsHandling(VpnProfile.SelectedAppsHandling.SELECTED_APPS_EXCLUDE);
setSelectedApps(excludedPackageNames);
}
setMTU(getInt(bundle, VpnProfileDataSource.KEY_MTU, Constants.MTU_MIN, Constants.MTU_MAX)); setMTU(getInt(bundle, VpnProfileDataSource.KEY_MTU, Constants.MTU_MIN, Constants.MTU_MAX));
setNATKeepAlive(getInt(bundle, VpnProfileDataSource.KEY_NAT_KEEPALIVE, Constants.NAT_KEEPALIVE_MIN, Constants.NAT_KEEPALIVE_MAX)); setNATKeepAlive(getInt(bundle, VpnProfileDataSource.KEY_NAT_KEEPALIVE, Constants.NAT_KEEPALIVE_MIN, Constants.NAT_KEEPALIVE_MAX));
@ -108,6 +87,67 @@ public class ManagedVpnProfile extends VpnProfile
setFlags(flags); setFlags(flags);
} }
private void configureSelectedApps(String includedPackageNames, String excludedPackageNames)
{
if (!TextUtils.isEmpty(includedPackageNames))
{
setSelectedAppsHandling(SelectedAppsHandling.SELECTED_APPS_ONLY);
setSelectedApps(includedPackageNames);
}
else if (!TextUtils.isEmpty(excludedPackageNames))
{
setSelectedAppsHandling(SelectedAppsHandling.SELECTED_APPS_EXCLUDE);
setSelectedApps(excludedPackageNames);
}
}
private int configureRemote(final UUID uuid, @Nullable Bundle remote, int flags)
{
if (remote == null)
{
return flags;
}
setGateway(remote.getString(VpnProfileDataSource.KEY_GATEWAY));
setPort(getInt(remote, VpnProfileDataSource.KEY_PORT, 1, 65_535));
setRemoteId(remote.getString(VpnProfileDataSource.KEY_REMOTE_ID));
final String certificateData = remote.getString(VpnProfileDataSource.KEY_CERTIFICATE);
if (!TextUtils.isEmpty(certificateData))
{
trustedCertificate = new ManagedTrustedCertificate(uuid.toString(), certificateData);
setCertificateAlias(trustedCertificate.getAlias());
}
flags = addNegativeFlag(flags, remote, KEY_REMOTE_CERT_REQ_FLAG, VpnProfile.FLAGS_SUPPRESS_CERT_REQS);
flags = addNegativeFlag(flags, remote, KEY_REMOTE_REVOCATION_CRL_FLAG, VpnProfile.FLAGS_DISABLE_CRL);
flags = addNegativeFlag(flags, remote, KEY_REMOTE_REVOCATION_OCSP_FLAG, VpnProfile.FLAGS_DISABLE_OCSP);
flags = addPositiveFlag(flags, remote, KEY_REMOTE_REVOCATION_STRICT_FLAG, VpnProfile.FLAGS_STRICT_REVOCATION);
return flags;
}
private int configureLocal(final UUID uuid, @Nullable Bundle local, int flags)
{
if (local == null)
{
return flags;
}
setLocalId(local.getString(VpnProfileDataSource.KEY_LOCAL_ID));
setUsername(local.getString(VpnProfileDataSource.KEY_USERNAME));
final String userCertificateData = local.getString(VpnProfileDataSource.KEY_USER_CERTIFICATE);
final String userCertificatePassword = local.getString(VpnProfileDataSource.KEY_USER_CERTIFICATE_PASSWORD, "");
if (!TextUtils.isEmpty(userCertificateData))
{
userCertificate = new ManagedUserCertificate(uuid.toString(), userCertificateData, userCertificatePassword);
setUserCertificateAlias(userCertificate.getAlias());
}
flags = addPositiveFlag(flags, local, KEY_LOCAL_RSA_PSS_FLAG, VpnProfile.FLAGS_RSA_PSS);
return flags;
}
private static Integer getInt(final Bundle bundle, final String key, final int min, final int max) private static Integer getInt(final Bundle bundle, final String key, final int min, final int max)
{ {
final int value = bundle.getInt(key); final int value = bundle.getInt(key);
@ -131,4 +171,35 @@ public class ManagedVpnProfile extends VpnProfile
} }
return flags; return flags;
} }
public ManagedTrustedCertificate getTrustedCertificate()
{
return trustedCertificate;
}
public ManagedUserCertificate getUserCertificate()
{
return userCertificate;
}
@Override
public boolean equals(Object o)
{
if (o == this)
{
return true;
}
if (o == null || getClass() != o.getClass())
{
return false;
}
ManagedVpnProfile that = (ManagedVpnProfile)o;
return Objects.equals(getUUID(), that.getUUID());
}
@Override
public int hashCode()
{
return Objects.hash(getUUID());
}
} }