VpnSettings: pass certificates to racoon directly.
Also fix some style issues. Change-Id: I7ca46d0cc3038f21ef5904d4515e90907a21d613
This commit is contained in:
Chia-chi Yeh
@@ -23,6 +23,7 @@
|
|||||||
<uses-permission android:name="android.permission.ACCESS_DOWNLOAD_MANAGER" />
|
<uses-permission android:name="android.permission.ACCESS_DOWNLOAD_MANAGER" />
|
||||||
<uses-permission android:name="android.permission.READ_CONTACTS" />
|
<uses-permission android:name="android.permission.READ_CONTACTS" />
|
||||||
<uses-permission android:name="android.permission.WRITE_CONTACTS" />
|
<uses-permission android:name="android.permission.WRITE_CONTACTS" />
|
||||||
|
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
|
||||||
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
|
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
|
||||||
<uses-permission android:name="android.permission.CHANGE_WIFI_STATE" />
|
<uses-permission android:name="android.permission.CHANGE_WIFI_STATE" />
|
||||||
<uses-permission android:name="android.permission.INTERNET" />
|
<uses-permission android:name="android.permission.INTERNET" />
|
||||||
|
|||||||
@@ -20,7 +20,7 @@
|
|||||||
<LinearLayout android:layout_width="match_parent"
|
<LinearLayout android:layout_width="match_parent"
|
||||||
android:layout_height="wrap_content"
|
android:layout_height="wrap_content"
|
||||||
android:orientation="vertical"
|
android:orientation="vertical"
|
||||||
android:padding="5mm">
|
android:padding="3mm">
|
||||||
|
|
||||||
<LinearLayout android:id="@+id/editor"
|
<LinearLayout android:id="@+id/editor"
|
||||||
android:layout_width="match_parent"
|
android:layout_width="match_parent"
|
||||||
@@ -30,7 +30,7 @@
|
|||||||
|
|
||||||
<TextView style="@style/vpn_label" android:text="@string/vpn_name"/>
|
<TextView style="@style/vpn_label" android:text="@string/vpn_name"/>
|
||||||
<EditText style="@style/vpn_value" android:id="@+id/name"
|
<EditText style="@style/vpn_value" android:id="@+id/name"
|
||||||
android:singleLine="true"/>
|
android:inputType="textCapWords"/>
|
||||||
|
|
||||||
<TextView style="@style/vpn_label" android:text="@string/vpn_type"/>
|
<TextView style="@style/vpn_label" android:text="@string/vpn_type"/>
|
||||||
<Spinner style="@style/vpn_value" android:id="@+id/type"
|
<Spinner style="@style/vpn_value" android:id="@+id/type"
|
||||||
@@ -38,11 +38,11 @@
|
|||||||
android:entries="@array/vpn_types"/>
|
android:entries="@array/vpn_types"/>
|
||||||
|
|
||||||
<TextView style="@style/vpn_label" android:text="@string/vpn_server"/>
|
<TextView style="@style/vpn_label" android:text="@string/vpn_server"/>
|
||||||
<EditText style="@style/vpn_value" android:id="@+id/server"
|
<EditText style="@style/vpn_value" android:id="@+id/server"/>
|
||||||
android:singleLine="true"/>
|
|
||||||
|
|
||||||
<CheckBox style="@style/vpn_value" android:id="@+id/mppe"
|
<CheckBox style="@style/vpn_value" android:id="@+id/mppe"
|
||||||
android:text="@string/vpn_mppe"
|
android:text="@string/vpn_mppe"
|
||||||
|
android:singleLine="false"
|
||||||
android:visibility="gone"/>
|
android:visibility="gone"/>
|
||||||
|
|
||||||
<LinearLayout android:id="@+id/l2tp"
|
<LinearLayout android:id="@+id/l2tp"
|
||||||
@@ -52,24 +52,27 @@
|
|||||||
android:visibility="gone">
|
android:visibility="gone">
|
||||||
<TextView style="@style/vpn_label" android:text="@string/vpn_l2tp_secret"/>
|
<TextView style="@style/vpn_label" android:text="@string/vpn_l2tp_secret"/>
|
||||||
<EditText style="@style/vpn_value" android:id="@+id/l2tp_secret"
|
<EditText style="@style/vpn_value" android:id="@+id/l2tp_secret"
|
||||||
android:singleLine="true"
|
|
||||||
android:password="true"
|
android:password="true"
|
||||||
android:hint="@string/vpn_not_used"/>
|
android:hint="@string/vpn_not_used"/>
|
||||||
</LinearLayout>
|
</LinearLayout>
|
||||||
|
|
||||||
|
<LinearLayout android:id="@+id/ipsec_id"
|
||||||
|
android:layout_width="match_parent"
|
||||||
|
android:layout_height="wrap_content"
|
||||||
|
android:orientation="vertical"
|
||||||
|
android:visibility="gone">
|
||||||
|
<TextView style="@style/vpn_label" android:text="@string/vpn_ipsec_identifier"/>
|
||||||
|
<EditText style="@style/vpn_value" android:id="@+id/ipsec_identifier"
|
||||||
|
android:hint="@string/vpn_not_used"/>
|
||||||
|
</LinearLayout>
|
||||||
|
|
||||||
<LinearLayout android:id="@+id/ipsec_psk"
|
<LinearLayout android:id="@+id/ipsec_psk"
|
||||||
android:layout_width="match_parent"
|
android:layout_width="match_parent"
|
||||||
android:layout_height="wrap_content"
|
android:layout_height="wrap_content"
|
||||||
android:orientation="vertical"
|
android:orientation="vertical"
|
||||||
android:visibility="gone">
|
android:visibility="gone">
|
||||||
<TextView style="@style/vpn_label" android:text="@string/vpn_ipsec_identifier"/>
|
|
||||||
<EditText style="@style/vpn_value" android:id="@+id/ipsec_identifier"
|
|
||||||
android:singleLine="true"
|
|
||||||
android:hint="@string/vpn_not_used"/>
|
|
||||||
|
|
||||||
<TextView style="@style/vpn_label" android:text="@string/vpn_ipsec_secret"/>
|
<TextView style="@style/vpn_label" android:text="@string/vpn_ipsec_secret"/>
|
||||||
<EditText style="@style/vpn_value" android:id="@+id/ipsec_secret"
|
<EditText style="@style/vpn_value" android:id="@+id/ipsec_secret"
|
||||||
android:singleLine="true"
|
|
||||||
android:password="true"/>
|
android:password="true"/>
|
||||||
</LinearLayout>
|
</LinearLayout>
|
||||||
|
|
||||||
@@ -111,15 +114,14 @@
|
|||||||
android:visibility="gone">
|
android:visibility="gone">
|
||||||
|
|
||||||
<TextView style="@style/vpn_label" android:text="@string/vpn_username"/>
|
<TextView style="@style/vpn_label" android:text="@string/vpn_username"/>
|
||||||
<EditText style="@style/vpn_value" android:id="@+id/username"
|
<EditText style="@style/vpn_value" android:id="@+id/username"/>
|
||||||
android:singleLine="true"/>
|
|
||||||
|
|
||||||
<TextView style="@style/vpn_label" android:text="@string/vpn_password"/>
|
<TextView style="@style/vpn_label" android:text="@string/vpn_password"/>
|
||||||
<EditText style="@style/vpn_value" android:id="@+id/password"
|
<EditText style="@style/vpn_value" android:id="@+id/password"
|
||||||
android:singleLine="true"
|
|
||||||
android:password="true"/>
|
android:password="true"/>
|
||||||
|
|
||||||
<CheckBox style="@style/vpn_value" android:id="@+id/save_login"
|
<CheckBox style="@style/vpn_value" android:id="@+id/save_login"
|
||||||
|
android:singleLine="false"
|
||||||
android:text="@string/vpn_save_login"/>
|
android:text="@string/vpn_save_login"/>
|
||||||
</LinearLayout>
|
</LinearLayout>
|
||||||
</LinearLayout>
|
</LinearLayout>
|
||||||
|
|||||||
@@ -3447,7 +3447,7 @@ found in the list of installed applications.</string>
|
|||||||
<!-- Checkbox label to save the username and the password for a VPN network. [CHAR LIMIT=40] -->
|
<!-- Checkbox label to save the username and the password for a VPN network. [CHAR LIMIT=40] -->
|
||||||
<string name="vpn_save_login">Save account information</string>
|
<string name="vpn_save_login">Save account information</string>
|
||||||
|
|
||||||
<!-- Hint for an optional input of a VPN network. [CHAR LIMIT=40] -->
|
<!-- Hint for not filling an optional field in a VPN configuration. [CHAR LIMIT=40] -->
|
||||||
<string name="vpn_not_used">(not used)</string>
|
<string name="vpn_not_used">(not used)</string>
|
||||||
<!-- Option to not use a CA certificate to verify the VPN server. [CHAR LIMIT=40] -->
|
<!-- Option to not use a CA certificate to verify the VPN server. [CHAR LIMIT=40] -->
|
||||||
<string name="vpn_no_ca_cert">(do not verify server)</string>
|
<string name="vpn_no_ca_cert">(do not verify server)</string>
|
||||||
|
|||||||
@@ -143,12 +143,15 @@
|
|||||||
<style name="vpn_label">
|
<style name="vpn_label">
|
||||||
<item name="android:layout_width">match_parent</item>
|
<item name="android:layout_width">match_parent</item>
|
||||||
<item name="android:layout_height">wrap_content</item>
|
<item name="android:layout_height">wrap_content</item>
|
||||||
<item name="android:textSize">14sp</item>
|
<item name="android:textSize">16sp</item>
|
||||||
</style>
|
</style>
|
||||||
|
|
||||||
<style name="vpn_value">
|
<style name="vpn_value">
|
||||||
<item name="android:layout_width">match_parent</item>
|
<item name="android:layout_width">match_parent</item>
|
||||||
<item name="android:layout_height">wrap_content</item>
|
<item name="android:layout_height">wrap_content</item>
|
||||||
|
<item name="android:textSize">18sp</item>
|
||||||
|
<item name="android:singleLine">true</item>
|
||||||
|
<item name="android:paddingBottom">1mm</item>
|
||||||
</style>
|
</style>
|
||||||
|
|
||||||
<style name="InputMethodPreferenceStyle">
|
<style name="InputMethodPreferenceStyle">
|
||||||
|
|||||||
@@ -197,6 +197,7 @@ class VpnDialog extends AlertDialog implements TextWatcher, OnItemSelectedListen
|
|||||||
// First, hide everything.
|
// First, hide everything.
|
||||||
mMppe.setVisibility(View.GONE);
|
mMppe.setVisibility(View.GONE);
|
||||||
mView.findViewById(R.id.l2tp).setVisibility(View.GONE);
|
mView.findViewById(R.id.l2tp).setVisibility(View.GONE);
|
||||||
|
mView.findViewById(R.id.ipsec_id).setVisibility(View.GONE);
|
||||||
mView.findViewById(R.id.ipsec_psk).setVisibility(View.GONE);
|
mView.findViewById(R.id.ipsec_psk).setVisibility(View.GONE);
|
||||||
mView.findViewById(R.id.ipsec_user).setVisibility(View.GONE);
|
mView.findViewById(R.id.ipsec_user).setVisibility(View.GONE);
|
||||||
mView.findViewById(R.id.ipsec_ca).setVisibility(View.GONE);
|
mView.findViewById(R.id.ipsec_ca).setVisibility(View.GONE);
|
||||||
@@ -206,11 +207,12 @@ class VpnDialog extends AlertDialog implements TextWatcher, OnItemSelectedListen
|
|||||||
case VpnProfile.TYPE_PPTP:
|
case VpnProfile.TYPE_PPTP:
|
||||||
mMppe.setVisibility(View.VISIBLE);
|
mMppe.setVisibility(View.VISIBLE);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case VpnProfile.TYPE_L2TP_IPSEC_PSK:
|
case VpnProfile.TYPE_L2TP_IPSEC_PSK:
|
||||||
mView.findViewById(R.id.l2tp).setVisibility(View.VISIBLE);
|
mView.findViewById(R.id.l2tp).setVisibility(View.VISIBLE);
|
||||||
// fall through
|
mView.findViewById(R.id.ipsec_psk).setVisibility(View.VISIBLE);
|
||||||
|
break;
|
||||||
case VpnProfile.TYPE_IPSEC_XAUTH_PSK:
|
case VpnProfile.TYPE_IPSEC_XAUTH_PSK:
|
||||||
|
mView.findViewById(R.id.ipsec_id).setVisibility(View.VISIBLE);
|
||||||
mView.findViewById(R.id.ipsec_psk).setVisibility(View.VISIBLE);
|
mView.findViewById(R.id.ipsec_psk).setVisibility(View.VISIBLE);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@@ -295,11 +297,12 @@ class VpnDialog extends AlertDialog implements TextWatcher, OnItemSelectedListen
|
|||||||
case VpnProfile.TYPE_PPTP:
|
case VpnProfile.TYPE_PPTP:
|
||||||
profile.mppe = mMppe.isChecked();
|
profile.mppe = mMppe.isChecked();
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case VpnProfile.TYPE_L2TP_IPSEC_PSK:
|
case VpnProfile.TYPE_L2TP_IPSEC_PSK:
|
||||||
profile.l2tpSecret = getSecret(mProfile.l2tpSecret, mL2tpSecret);
|
profile.l2tpSecret = getSecret(mProfile.l2tpSecret, mL2tpSecret);
|
||||||
// fall through
|
profile.ipsecSecret = getSecret(mProfile.ipsecSecret, mIpsecSecret);
|
||||||
|
break;
|
||||||
case VpnProfile.TYPE_IPSEC_XAUTH_PSK:
|
case VpnProfile.TYPE_IPSEC_XAUTH_PSK:
|
||||||
|
profile.ipsecIdentifier = mIpsecIdentifier.getText().toString();
|
||||||
profile.ipsecSecret = getSecret(mProfile.ipsecSecret, mIpsecSecret);
|
profile.ipsecSecret = getSecret(mProfile.ipsecSecret, mIpsecSecret);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
|||||||
@@ -21,6 +21,7 @@ import com.android.settings.R;
|
|||||||
import android.content.Context;
|
import android.content.Context;
|
||||||
import android.content.DialogInterface;
|
import android.content.DialogInterface;
|
||||||
import android.net.IConnectivityManager;
|
import android.net.IConnectivityManager;
|
||||||
|
import android.net.LinkProperties;
|
||||||
import android.os.Bundle;
|
import android.os.Bundle;
|
||||||
import android.os.Handler;
|
import android.os.Handler;
|
||||||
import android.os.Message;
|
import android.os.Message;
|
||||||
@@ -41,6 +42,7 @@ import com.android.internal.net.LegacyVpnInfo;
|
|||||||
import com.android.internal.net.VpnConfig;
|
import com.android.internal.net.VpnConfig;
|
||||||
import com.android.settings.SettingsPreferenceFragment;
|
import com.android.settings.SettingsPreferenceFragment;
|
||||||
|
|
||||||
|
import java.nio.charset.Charsets;
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
|
|
||||||
@@ -198,7 +200,11 @@ public class VpnSettings extends SettingsPreferenceFragment implements
|
|||||||
|
|
||||||
// If we are not editing, connect!
|
// If we are not editing, connect!
|
||||||
if (!mDialog.isEditing()) {
|
if (!mDialog.isEditing()) {
|
||||||
|
try {
|
||||||
connect(profile);
|
connect(profile);
|
||||||
|
} catch (Exception e) {
|
||||||
|
Log.e(TAG, "connect", e);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -314,20 +320,45 @@ public class VpnSettings extends SettingsPreferenceFragment implements
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
private void connect(VpnProfile profile) {
|
private void connect(VpnProfile profile) throws Exception {
|
||||||
|
// Get the current active interface.
|
||||||
|
LinkProperties network = mService.getActiveLinkProperties();
|
||||||
|
String interfaze = (network == null) ? null : network.getInterfaceName();
|
||||||
|
if (interfaze == null) {
|
||||||
|
throw new IllegalStateException("Cannot get network interface");
|
||||||
|
}
|
||||||
|
|
||||||
|
// Load certificates.
|
||||||
|
String privateKey = "";
|
||||||
|
String userCert = "";
|
||||||
|
String caCert = "";
|
||||||
|
if (!profile.ipsecUserCert.isEmpty()) {
|
||||||
|
byte[] value = mKeyStore.get(Credentials.USER_PRIVATE_KEY + profile.ipsecUserCert);
|
||||||
|
privateKey = (value == null) ? null : new String(value, Charsets.UTF_8);
|
||||||
|
value = mKeyStore.get(Credentials.USER_CERTIFICATE + profile.ipsecUserCert);
|
||||||
|
userCert = (value == null) ? null : new String(value, Charsets.UTF_8);
|
||||||
|
}
|
||||||
|
if (!profile.ipsecCaCert.isEmpty()) {
|
||||||
|
byte[] value = mKeyStore.get(Credentials.CA_CERTIFICATE + profile.ipsecCaCert);
|
||||||
|
caCert = (value == null) ? null : new String(value, Charsets.UTF_8);
|
||||||
|
}
|
||||||
|
if (privateKey == null || userCert == null || caCert == null) {
|
||||||
|
// TODO: find out a proper way to handle this. Delete these keys?
|
||||||
|
throw new IllegalStateException("Cannot load credentials");
|
||||||
|
}
|
||||||
|
Log.i(TAG, userCert);
|
||||||
|
|
||||||
|
// Prepare arguments for racoon.
|
||||||
String[] racoon = null;
|
String[] racoon = null;
|
||||||
switch (profile.type) {
|
switch (profile.type) {
|
||||||
case VpnProfile.TYPE_L2TP_IPSEC_PSK:
|
case VpnProfile.TYPE_L2TP_IPSEC_PSK:
|
||||||
racoon = new String[] {
|
racoon = new String[] {
|
||||||
profile.server, "1701", profile.ipsecSecret,
|
interfaze, profile.server, "udppsk", "1701", profile.ipsecSecret,
|
||||||
};
|
};
|
||||||
break;
|
break;
|
||||||
case VpnProfile.TYPE_L2TP_IPSEC_RSA:
|
case VpnProfile.TYPE_L2TP_IPSEC_RSA:
|
||||||
racoon = new String[] {
|
racoon = new String[] {
|
||||||
profile.server, "1701",
|
interfaze, profile.server, "udprsa", "1701", privateKey, userCert, caCert,
|
||||||
Credentials.USER_PRIVATE_KEY + profile.ipsecUserCert,
|
|
||||||
Credentials.USER_CERTIFICATE + profile.ipsecUserCert,
|
|
||||||
Credentials.CA_CERTIFICATE + profile.ipsecCaCert,
|
|
||||||
};
|
};
|
||||||
break;
|
break;
|
||||||
case VpnProfile.TYPE_IPSEC_XAUTH_PSK:
|
case VpnProfile.TYPE_IPSEC_XAUTH_PSK:
|
||||||
@@ -338,6 +369,7 @@ public class VpnSettings extends SettingsPreferenceFragment implements
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Prepare arguments for mtpd.
|
||||||
String[] mtpd = null;
|
String[] mtpd = null;
|
||||||
switch (profile.type) {
|
switch (profile.type) {
|
||||||
case VpnProfile.TYPE_PPTP:
|
case VpnProfile.TYPE_PPTP:
|
||||||
@@ -369,11 +401,7 @@ public class VpnSettings extends SettingsPreferenceFragment implements
|
|||||||
config.searchDomains = Arrays.asList(profile.searchDomains.split(" "));
|
config.searchDomains = Arrays.asList(profile.searchDomains.split(" "));
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
|
||||||
mService.startLegacyVpn(config, racoon, mtpd);
|
mService.startLegacyVpn(config, racoon, mtpd);
|
||||||
} catch (Exception e) {
|
|
||||||
Log.e(TAG, "connect", e);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private void disconnect(String key) {
|
private void disconnect(String key) {
|
||||||
|
|||||||
Reference in New Issue
Block a user