am c157aadf: Add error dialog when secrets are missing.

Merge commit 'c157aadf5682e417ace8e4cf3fba498e6953cad3'

* commit 'c157aadf5682e417ace8e4cf3fba498e6953cad3':
  Add error dialog when secrets are missing.

res/values/strings.xml

@@ -1861,6 +1861,7 @@ found in the list of installed applications.</string>
     <string name="vpn_confirm_edit_profile_cancellation">Are you sure you want to discard the changes made to this profile?</string>
     <string name="vpn_confirm_reconnect">Unable to connect to the network. Do you want to try again?</string>
     <string name="vpn_unknown_server_dialog_msg">Server name cannot be resolved. Do you want to check your server name setting?</string>
+    <string name="vpn_secret_not_set_dialog_msg">One or more secrets are missing in this VPN configuration. Do you want to check your secret setting?</string>
     <string name="vpn_auth_error_dialog_msg">The username or password you entered is incorrect. Do you want to try again?</string>
 
     <!-- VPN type selection activity title -->

src/com/android/settings/vpn/VpnSettings.java

@@ -28,6 +28,7 @@ import android.content.DialogInterface;
 import android.content.Intent;
 import android.content.ServiceConnection;
 import android.net.vpn.IVpnService;
+import android.net.vpn.L2tpIpsecProfile;
 import android.net.vpn.L2tpIpsecPskProfile;
 import android.net.vpn.L2tpProfile;
 import android.net.vpn.VpnManager;
@@ -46,6 +47,7 @@ import android.preference.PreferenceCategory;
 import android.preference.PreferenceManager;
 import android.preference.PreferenceScreen;
 import android.preference.Preference.OnPreferenceClickListener;
+import android.security.CertTool;
 import android.security.Keystore;
 import android.text.TextUtils;
 import android.util.Log;
@@ -106,6 +108,7 @@ public class VpnSettings extends PreferenceActivity implements
     private static final int DIALOG_RECONNECT = 2;
     private static final int DIALOG_AUTH_ERROR = 3;
     private static final int DIALOG_UNKNOWN_SERVER = 4;
+    private static final int DIALOG_SECRET_NOT_SET = 5;
 
     private static final int NO_ERROR = 0;
 
@@ -204,6 +207,9 @@ public class VpnSettings extends PreferenceActivity implements
             case DIALOG_UNKNOWN_SERVER:
                 return createUnknownServerDialog();
 
+            case DIALOG_SECRET_NOT_SET:
+                return createSecretNotSetDialog();
+
             default:
                 return super.onCreateDialog(id);
         }
@@ -252,6 +258,19 @@ public class VpnSettings extends PreferenceActivity implements
                 .create();
     }
 
+    private Dialog createSecretNotSetDialog() {
+        return createCommonDialogBuilder()
+                .setMessage(R.string.vpn_secret_not_set_dialog_msg)
+                .setPositiveButton(R.string.vpn_yes_button,
+                        new DialogInterface.OnClickListener() {
+                            public void onClick(DialogInterface dialog, int w) {
+                                VpnProfile p = mConnectingActor.getProfile();
+                                startVpnEditor(p);
+                            }
+                        })
+                .create();
+    }
+
     private AlertDialog.Builder createCommonDialogBuilder() {
         return new AlertDialog.Builder(this)
                 .setTitle(android.R.string.dialog_alert_title)
@@ -639,6 +658,7 @@ public class VpnSettings extends PreferenceActivity implements
 
         mConnectingActor = getActor(p);
         mActiveProfile = p;
+        if (!checkSecrets(p)) return;
         if (mConnectingActor.isConnectDialogNeeded()) {
             showDialog(DIALOG_CONNECT);
         } else {
@@ -858,6 +878,65 @@ public class VpnSettings extends PreferenceActivity implements
         return NAMESPACE_VPN + "_" + keyName;
     }
 
+    private boolean checkSecrets(VpnProfile p) {
+        Keystore ks = Keystore.getInstance();
+        HashSet<String> secretSet = new HashSet<String>();
+        boolean secretMissing = false;
+
+        if (p instanceof L2tpIpsecProfile) {
+            L2tpIpsecProfile certProfile = (L2tpIpsecProfile) p;
+            CertTool certTool = CertTool.getInstance();
+            Collections.addAll(secretSet, certTool.getAllCaCertificateKeys());
+            String cert = certProfile.getCaCertificate();
+            if (TextUtils.isEmpty(cert) || !secretSet.contains(cert)) {
+                certProfile.setCaCertificate(null);
+                secretMissing = true;
+            }
+
+            secretSet.clear();
+            Collections.addAll(secretSet, certTool.getAllUserCertificateKeys());
+            cert = certProfile.getUserCertificate();
+            if (TextUtils.isEmpty(cert) || !secretSet.contains(cert)) {
+                certProfile.setUserCertificate(null);
+                secretMissing = true;
+            }
+        }
+
+        secretSet.clear();
+        Collections.addAll(secretSet, ks.listKeys(NAMESPACE_VPN));
+
+        if (p instanceof L2tpIpsecPskProfile) {
+            L2tpIpsecPskProfile pskProfile = (L2tpIpsecPskProfile) p;
+            String presharedKey = pskProfile.getPresharedKey();
+            String keyName = KEY_PREFIX_IPSEC_PSK + p.getId();
+            if (TextUtils.isEmpty(presharedKey)
+                    || !secretSet.contains(keyName)) {
+                pskProfile.setPresharedKey(null);
+                secretMissing = true;
+            }
+        }
+
+        if (p instanceof L2tpProfile) {
+            L2tpProfile l2tpProfile = (L2tpProfile) p;
+            if (l2tpProfile.isSecretEnabled()) {
+                String secret = l2tpProfile.getSecretString();
+                String keyName = KEY_PREFIX_L2TP_SECRET + p.getId();
+                if (TextUtils.isEmpty(secret)
+                        || !secretSet.contains(keyName)) {
+                    l2tpProfile.setSecretString(null);
+                    secretMissing = true;
+                }
+            }
+        }
+
+        if (secretMissing) {
+            showDialog(DIALOG_SECRET_NOT_SET);
+            return false;
+        } else {
+            return true;
+        }
+    }
+
     private void processSecrets(VpnProfile p) {
         Keystore ks = Keystore.getInstance();
         switch (p.getType()) {