sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-04 00:00:14 -04:00
Code Issues Projects Releases Wiki Activity
18,962 Commits 101 Branches 327 Tags
Commit Graph

18962 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tobias Brunner
51a5d96b36 android: Add translations for managed configuration strings 
Not actually translating anything, but making the linter happy.
 2024-02-21 12:24:53 +01:00
Markus Pfeiffer
8c6b3019a7 android: Update managed certificates if config changes 2024-02-21 12:24:53 +01:00
Markus Pfeiffer
b0ba845e27 android: Add manager for managed user certificates 
This can be used to install, replace or delete currently installed user
certificates based on the app's current managed configuration.
 2024-02-21 12:24:53 +01:00
Markus Pfeiffer
aa06d75491 android: Add manager for managed trusted certificates 
This is used to install, replace or delete currently installed trusted
certificates based on the app's current managed configuration.

Certificates that are shared between multiple profiles are protected
and not uninstalled if a profile that uses it remains.
 2024-02-21 12:24:53 +01:00
Markus Pfeiffer
9cb23f650a android: Add utility class to determine differences in two lists of objects 
This allows determining the difference between two lists in the form of
inserts, updates and deletes (and unchanged elements).
 2024-02-21 12:24:53 +01:00
Markus Pfeiffer
97cb35afe5 android: Add repository for managed user certificates 2024-02-21 12:24:53 +01:00
Markus Pfeiffer
99dfa8cb0e android: Add repository for managed trusted certificates 2024-02-21 12:24:53 +01:00
Markus Pfeiffer
a04798a796 android: Add base repository for installed managed certificates 2024-02-21 12:24:53 +01:00
Markus Pfeiffer
cd67c30fd1 android: Add installer for managed user certificates/keys 
This installs the configured user certificate into Android's key store
using the DevicePolicyManager.

This is only accessible if the app is installed on an enrolled device and
has been granted the CERT_INSTALL delegate scope.
 2024-02-21 12:24:53 +01:00
Markus Pfeiffer
fb302d967c android: Add installer for managed trusted certificates 
This installs a configured CA or server certificate into the app's local
key store.
 2024-02-21 12:24:53 +01:00
Markus Pfeiffer
e2f505350e android: Add database migration for managed certificates 2024-02-21 12:24:53 +01:00
Markus Pfeiffer
6882f17741 android: Add trusted and user certificates to ManagedVpnProfile 2024-02-21 12:24:53 +01:00
Markus Pfeiffer
9cbc03e84f android: Add entities for CA/server and user certificates 2024-02-21 12:24:53 +01:00
Markus Pfeiffer
22bce57e4c android: Add utility that parses a PKCS#12 container and extracts a KeyPair 2024-02-21 12:24:53 +01:00
Markus Pfeiffer
4ac9fc327e android: Add utility that converts a Base64 string to a X509Certificate 2024-02-21 12:24:53 +01:00
Markus Pfeiffer
afcb56400e android: Add utility class that pairs a certificate with a private key 2024-02-21 12:24:53 +01:00
Markus Pfeiffer
8a50651212 android: Add password for client certificate to managed config 2024-02-21 12:24:53 +01:00
Markus Pfeiffer
9a917252e2 android: Provide global database helper instance 2024-02-21 12:24:53 +01:00
Markus Pfeiffer
861ac0109a android: Extend database helper with table definition 
This simplifies database migration.
 2024-02-21 12:24:53 +01:00
Markus Pfeiffer
802047cae8 android: Move database helper into separate class 
Reduce strong coupling between database helper and VPN profiles, to
prepare for the addition of other tables.
 2024-02-21 12:24:53 +01:00
Markus Pfeiffer
42626c1dd8 android: Hide unmanaged profiles by default 
Such profiles could exist if a user already had strongSwan installed.
 2024-02-21 12:24:53 +01:00
Markus Pfeiffer
0af501ef26 android: Disable access to settings depending on managed configuration 2024-02-21 12:24:53 +01:00
Markus Pfeiffer
fe13782e3c android: Hide menu items depending on managed configuration 
Hide and disable menu items when disabled by the managed configuration.
 2024-02-21 12:24:53 +01:00
Markus Pfeiffer
4bfeb3b000 android: Add data source for managed VPN profiles 
Include the managed VPN profile data source in the profile source,
to show profiles from both sources in the UI.
 2024-02-21 12:24:53 +01:00
Tobias Brunner
8f04d15dfd android: Expose static instance for Application object 
While it seems to be possible to cast Context.getApplicationContext()
to the application class, there really is no documented reason why that
should actually be the same object.
 2024-02-21 12:24:53 +01:00
Markus Pfeiffer
36f62585bb android: Expose managed configuration globally and notify listeners on changes 
Triggers a broadcast if the configuration changed and updates the
profile list accordingly (previously only handled removal of multiple
profiles).

If the app resumes, the configuration is also loaded and listeners are
notified in case the config was updated while the app was in the
background.
 2024-02-21 12:24:53 +01:00
Markus Pfeiffer
8796e9bb31 android: Add ManagedConfigurationService and related classes 
Add service that provides access to managed configurations.
 2024-02-21 12:24:53 +01:00
Markus Pfeiffer
c2007d5b09 android: Add managed_configuration.xml 
Add managed configuration and associated English strings.
 2024-02-21 12:24:53 +01:00
Markus Pfeiffer
01ea7b92bd android: Make VpnType#fromIdentifier null-safe 2024-02-21 12:24:53 +01:00
Markus Pfeiffer
a5167a69e0 android: Add data source to VpnProfile 2024-02-21 12:24:53 +01:00
Markus Pfeiffer
5f9f279a33 android: Show warning message for read-only profiles in detail view 
Show a message explaining that a managed profile can't be edited in
its detail view.
 2024-02-21 12:24:53 +01:00
Markus Pfeiffer
c9c65a94c9 android: Add label to read-only profiles in list 
Show "Managed profile" in the list of VPN profiles, to make it
immediately obvious that a profile is managed/read-only.
 2024-02-21 12:24:53 +01:00
Markus Pfeiffer
d3f5c3a760 android: Disable copy/delete for read-only profiles 
If a profile is marked as read-only, do not allow users to copy or
delete the profile.
 2024-02-21 12:24:53 +01:00
Markus Pfeiffer
150dc5ab64 android: Make selected apps read-only 
Also prevent users from changing selected apps in read-only VPN profiles.
 2024-02-21 12:24:53 +01:00
Markus Pfeiffer
3391f7a465 android: Prevent editing of read-only profiles 
Do not allow users to edit read-only VPN profiles, with the exception of
the profile's password.
 2024-02-21 12:24:53 +01:00
Markus Pfeiffer
9618c83c03 android: Add read-only flag to VpnProfile 2024-02-21 12:24:52 +01:00
Markus Pfeiffer
8e3b921abe android: Always use UUID to access profiles 
Use the UUID rather than the ID to ensure there are no conflicts between
profiles from the database and managed profiles.
 2024-02-21 12:24:52 +01:00
Markus Pfeiffer
d629e1d358 android: Fix version number on port column 
The onUpgrade method creates this column for database version 6. Update
the DbColumn definition to match that version number.
 2024-02-21 12:24:52 +01:00
Markus Pfeiffer
7c8773dea5 android: Add interface for VPN data source 
Change VPN profile source to an interface. Preparation to allow managed
configurations as a second source.
 2024-02-21 12:24:52 +01:00
Markus Pfeiffer
b687f0c22f android: Use try-with-resources for IO 2024-02-21 12:24:52 +01:00
Markus Pfeiffer
73af77709a android: Remove unnecessary @TargetApi 
The minSdkVersion is 21, remove unnecessary @TargetApi annotations.
 2024-02-21 12:24:52 +01:00
Markus Pfeiffer
a3e895b4d8 android: Remove unnecessary API checks 
The minSdkVersion is 21, remove unnecessary checks and code that target
older API versions.
 2024-02-21 12:24:52 +01:00
Markus Pfeiffer
5d192246e8 android: Remove AndroidX legacy support 2024-02-21 12:24:52 +01:00
Markus Pfeiffer
ff6b6b5b49 Add ._.DS_Store to .gitignore 2024-02-21 12:24:52 +01:00
Andreas Steffen
ad08ced8b2 pki: Added key and cert handles to --ocsp command 2024-02-21 12:22:33 +01:00
Andreas Steffen
49769fff53 pkcs11: Support RSA-PSS signatures 2024-02-21 11:22:33 +01:00
Andreas Steffen
f739657aac pkcs11: Updated pkcs11.h header file based on OpenSC 2024-02-21 11:22:33 +01:00
Gerardo Ravago
e56b597af1 openssl: Condition out unsupported curves for AWS-LC 
AWS-LC lacks support for a number of elliptic curve algorithms so this
adds some conditional macros to avoid registering the related plugin
features. Support for curves ed448 and x448 is completely absent and are
not planned for implementation as they are no longer recommended for use.
While ed25519 is supported by the library, a single missing API for
ASN.1 DER encoding of its private keys is missing which prevents its
use in strongSwan. Future work may remove this limitation, but for now
we will disable the functionality.

Closes strongswan/strongswan#2109
 2024-02-21 08:42:48 +01:00
Gerardo Ravago
7f1ba3cc68 openssl: Add conditional macros around SHA_CTX for AWS-LC 
AWS-LC is a BoringSSL-based libcrypto implementation. SHA_CTX is declared with
the hash data specified as an array rather than as a field in upstream OpenSSL.
Since AWS-LC builds against C99, we are unable to handle this with anonymous
unions like BoringSSL. The workaround I propose is to add these conditional
macros around the accessors within openssl_sha1_prf. After this change,
everything builds successfully with AWS-LC headers.

Closes strongswan/strongswan#2103
 2024-02-19 10:01:51 +01:00
Tobias Brunner
a7493ab57d pf-handler: Always free the object even if no socket has been opened yet 2024-02-19 09:49:08 +01:00