This commit fixes IKEv2 RSA VPN could not be an always-on VPN
issue to populate ipsecSecret field from "IPsec user certificate".
Fields ipsecUserCert and ipsecSecret are required for a valid
VpnProfile. The ipsecSecret field in VpnProfile should be
populated from "IPsec user certificate" field. It's the matching
private key.
Bug: 263610164
Bug: 230727391
Test: Verify if IKEv2 RSA VPN can setup successfully and set as
as always on VPN
Change-Id: I605b35fff9e399ee7b82d8441137984992ab2907
Additionally, existing secure vpns cannot have their type changed to an
insecure type.
Existing insecure VPNs can be edited, but once the type is changed to a
secure type, it cannot be set to an insecure type again.
Note that devices without FEATURE_IPSEC_TUNNELS still have the ability
to make insecure VPNs at the moment. What to do about these devices will
be addressed in a future change.
Recall video with this Change: https://recall.googleplex.com/projects/a801b0cf-91a5-414e-973b-3c1c8fb5e7be/sessions/bc54e4f2-0205-4822-a51a-382e54f3a956
Test: atest -c SettingsUnitTests
Bug: 176821216
Change-Id: Icf87419650c934a783b01f4d2907b7f704d139b8
The hidden ProxyInfo methods usage should be replaced because
ProxyInfo is moving to connectivity mainline module. Setting
will not be able to access it. Replace the usage with
corresponding APIs.
Bug: 172183305
Test: make RunSettingsRoboTests ROBOTEST_FILTER=\
com.android.settings.wifi.WifiConfigControllerTest
Test: make RunSettingsRoboTests ROBOTEST_FILTER=\
com.android.settings.wifi.WifiConfigController2Test
Test: manually update proxy from setting and check the result
Change-Id: I59192d0d5d38c833eb83cc930e358a738ebe3d13
Proxy is a part of incoming connectivity mainline module. The
hidden APIs are no longer available outside the module. These
shared constants and methods are moving to ProxyUtils insdide
net shared lib. Update the corresponding usage in the caller
side.
Bug: 172183305
Test: atest SettingsRoboTests
Change-Id: I2d51442e65dbcdf1a36940d8a25c7571363d56e6
This change hides the VPN type options if the FEATURE_IPSEC_TUNNELS is
not supported on the device.
Bug: 156681625
Test: Manually tested
Change-Id: I3ef2e6144371596380351341e58c4ee84d49f39d
This change ensures that the updateUiControls() (and validate()
transitively) is called whenever the IPsec identifier is updated.
Bug: 152811464
Test: Manual testing with settings UI
Change-Id: I6536652a60244c3fde3f65211f9d0709145c6cd9
This change addresses minor cleanup comments from aosp/1234607, renaming
a method.
Bug: 148991741
Test: Compiles
Change-Id: I2f31f8045040e6065a89e842b034aea605a99bd4
This CL updates Settings for IKEv2/IPsec Platform VPN profiles.
Platform VPN profiles currently configure DNS and routes based on the
configuration received from the server. As such, these parameters are
not required to start an always-on VPN.
Similarly, a numeric server address is not required, as the IKEv2
library will do the DNS resolution based on the current Network. This
has the nice property of allowing the VPN to run with IPv4 or IPv6 outer
addresses (as opposed to LegacyVpn, which runs only in IPv4)
Lastly, this always allows configuration of the IKEv2 local identifier,
whether MSCHAPv2, RSA or PSK authentication is used.
Bug: 148991741
Test: Compiles, manually tested.
Change-Id: Ib1049fdc602e349bb0d24de536767a6e15adf194
Set the password fields text appearance programatically to get the
appearance consistant.
The style set in xml will be overriden if the field is set to password.
I set the text appearance programmatically in order to keep the
appearance consistent with the others. The color of the text become
gray after setting the text appearance for some reason.
Note that I also do changes to the password field which is not mentioned
in the bug.
Test: visual inspection.
Bug: 127728228
Change-Id: Ie206f60877eb39addc1370ae4e2aee379597960e
Having consistent import order will reduce chance of merge
conflict between internal and external master
Test: rebuild
Change-Id: I0b1a170967ddcce7f388603fd521f6ed1eeba30b
This CL only changed AlertDialog imports.
So, reviewer can review it easily.
Change-Id: I097bc44394195b14287f4f920c570ac8653f356a
Fixes: 111413092
Test: This CL can't pass Robo test.
In the ConfigDialog for legacy VPNs, many configurations do not support
Always-on VPN. Previously, when a user entered an unsupported set of
settings, the Always-on VPN checkbox could still be ticked, and the
Save or Connect action buttons would be disabled. This was not intuitive
as the user could not easily figure out which part of the settings was
incompatible that grayed out the action buttons.
With this change, we disable the Always-on VPN checkbox immediately as
the user enters any incompatible setting. We also display the reason why
Always-on VPN is disabled. This will make it more straightforward for
the users to understand which setting is conflicting with the Always-on
feature.
This change is also the first step towards refactoring the ConfigDialog
for legacy VPNs with PreferenceFragment.
Test: manual
Bug: 29208008
Bug: 28072644
Change-Id: I1e6d32a1069ca0b936513f4985ffb9a9412b249c
Support for this kind has been taken out so it shouldn't be an option
when connecting (it's already not an option when editing).
Bug: 28807474
Change-Id: Id3e7be390c6813d091e7f897ac82aaf29042beb8
A little more consistent with the new app VPNs' dialogs. To make this
work it was also necessary to restart the lockdown VPN every time it is
edited, which makes sense because the expected action after editing a
VPN is that it reconnects with the new settings.
Bug: 28072644
Change-Id: I4b6a6f0a6ed96d2ec6f62889fdae4abb60d0646c
- Move always-on option for legacy vpn into the legacy vpn config page
- This implementation doesn't show dialogue when replacing existing always-on vpn
- Continue to disable lockdown option for legacy vpn when "persist.radio.imsregrequired" is true.
Not applying to vpn app
- Force to save account info when legacy vpn is always-on
- When legacy vpn is always-on, don't try to connect. (Otherwise, an exception is thrown)
TODO: Remove EXTRA_PICK_LOCKDOWN in LockdownVpnTracker in framework
Bug: 26950700
Change-Id: Ia80669359c0b7cdb955c84937156c020ac6e9af5
KeyStore.saw was renamed to KeyStore.list for clarity. The
implementation of both methods is exactly the same.
Bug: 18088752
Change-Id: I2f171a4b7479683d5af898ebdf1b6f8a741536d1
VPN apps are shown alongside configured VPNs now. The requirement that
a password is set is now only enforced when setting up a configured
VPN as this is not necessary for apps.
Some UI redesign.
Bug: 19573824
Bug: 17474682
Bug: 19575658
Change-Id: I02bd977136929647d65b9784fb4cc5df24b45428
