version 0.4.2

1 files changed, 72 insertions, 37 deletions

diff --git a/src/de/blinkt/openvpn/VpnProfile.java b/src/de/blinkt/openvpn/VpnProfile.java
index 2db89395..4028f3d0 100644
--- a/src/de/blinkt/openvpn/VpnProfile.java
+++ b/src/de/blinkt/openvpn/VpnProfile.java
@@ -38,6 +38,7 @@ public class VpnProfile implements  Serializable{
 	public static final int TYPE_STATICKEYS = 4;
 
 	private static final String OVPNCONFIGFILE = "android.conf";
+	
 
 	// Keep in order of parceling
 	// Public attributes, since I got mad with getter/setter
@@ -74,6 +75,10 @@ public class VpnProfile implements  Serializable{
 	public String mUsername="";
 	public boolean mRoutenopull=false;
 
+	
+	protected transient String mTransientPW=null;
+	private static transient String mTempPKCS12Password;
+
 
 	public int describeContents() {
 		return 0;
@@ -153,10 +158,17 @@ public class VpnProfile implements  Serializable{
 
 		String cfg="";
 
+		// Enable managment interface 
+		cfg += "management ";
 
-		// TODO  "--remote-cert-eku", "TLS Web Server Authentication"
-
-
+		cfg +=cacheDir.getAbsolutePath() + "/" +  "mgmtsocket";
+		cfg += " unix\n";
+		cfg += "management-hold\n\n";
+		
+		cfg+="# tmp does not exist on Android\n";
+		cfg+="tmp-dir ";
+		cfg+=cacheDir.getAbsolutePath();
+		cfg+="\n\n";
 
 		boolean useTLSClient = (mAuthenticationType != TYPE_STATICKEYS);
 
@@ -171,10 +183,7 @@ public class VpnProfile implements  Serializable{
 		cfg+="verb 2\n";
 
 
-		// /tmp does not exist on Android
-		cfg+="tmp-dir ";
-		cfg+=cacheDir.getAbsolutePath();
-		cfg+="\n";
+	
 
 		// quit after 5 tries
 		cfg+="connect-retry-max 5\n";
@@ -339,14 +348,6 @@ public class VpnProfile implements  Serializable{
 		// Add fixed paramenters
 		args.add("openvpn");
 
-		// Enable managment interface to 
-		// stop openvpn
-		args.add("--management");
-
-		args.add(cacheDir.getAbsolutePath() + "/" +  "mgmtsocket");
-		args.add("unix");
-		//args.add("--management-hold");
-
 		args.add("--config");
 		args.add(cacheDir.getAbsolutePath() + "/" + OVPNCONFIGFILE);
 
@@ -358,24 +359,12 @@ public class VpnProfile implements  Serializable{
 		String prefix = activity.getPackageName();
 
 		Intent intent = new Intent(activity,OpenVpnService.class);
+		
+		   if(mAuthenticationType == VpnProfile.TYPE_KEYSTORE) {
+            savePKCS12(activity);
+		   }
 
 		intent.putExtra(prefix + ".ARGV" , buildOpenvpnArgv(activity.getCacheDir()));
-
-		if(mAuthenticationType == TYPE_PKCS12){
-			intent.putExtra(prefix + ".PKCS12PASS",
-					mPKCS12Password);
-		}
-
-		if(mAuthenticationType == VpnProfile.TYPE_KEYSTORE) {
-			String pkcs12pw = savePKCS12(activity);
-			intent.putExtra(prefix + ".PKCS12PASS", pkcs12pw);
-		}
-
-		if(mAuthenticationType == VpnProfile.TYPE_USERPASS) {
-			intent.putExtra(prefix + ".USERNAME", mUsername);
-			intent.putExtra(prefix + ".PASSWORD", mPassword);
-		}
-
 		intent.putExtra(prefix + ".profileUUID", mUuid.toString());
 
 		try {
@@ -390,7 +379,10 @@ public class VpnProfile implements  Serializable{
 		return intent;
 	}
 
-	private String getRandomPW() {
+	public String getTemporaryPKCS12Password() {
+		if(mTempPKCS12Password!=null)
+			return mTempPKCS12Password;
+		
 		String pw= "";
 		// Put enough digits togher to make a password :)
 		Random r = new Random();
@@ -398,11 +390,12 @@ public class VpnProfile implements  Serializable{
 			pw += new Integer(r.nextInt(1000)).toString();
 		}
 
-		return pw;
+		mTempPKCS12Password=pw;
+		return mTempPKCS12Password;
 
 	}
 
-	private String savePKCS12(Context context) {
+	private void savePKCS12(Context context) {
 		PrivateKey privateKey = null;
 		X509Certificate[] cachain=null;
 		try {
@@ -412,11 +405,11 @@ public class VpnProfile implements  Serializable{
 			KeyStore ks = KeyStore.getInstance("PKCS12");
 			ks.load(null, null);
 			ks.setKeyEntry("usercert", privateKey, null, cachain);
-			String mypw = getRandomPW();
+			String mypw = getTemporaryPKCS12Password();
 			FileOutputStream fout = new FileOutputStream(context.getCacheDir().getAbsolutePath() + "/" + VpnProfile.OVPNCONFIGPKCS12);
 			ks.store(fout,mypw.toCharArray());
 			fout.flush(); fout.close();
-			return mypw;
+			return;
 		} catch (KeyChainException e) {
 			e.printStackTrace();
 		} catch (InterruptedException e) {
@@ -432,7 +425,6 @@ public class VpnProfile implements  Serializable{
 		} catch (IOException e) {
 			e.printStackTrace();
 		}
-		return "ERROR";
 
 	}
 	//! Return an error if somethign is wrong
@@ -453,6 +445,49 @@ public class VpnProfile implements  Serializable{
 
 	}
 
+	//! Openvpn asks for a "Private Key", this can be pkcs12 pw or private key pw
+	//
+	public String getPasswordPrivateKey() {
+		if(mTransientPW!=null) {
+			return mTransientPW;
+		}
+		switch (mAuthenticationType) {
+		case TYPE_KEYSTORE:
+			return getTemporaryPKCS12Password();
+			
+		case TYPE_PKCS12:
+			return mPKCS12Password;
+			
+		case TYPE_USERPASS:
+		case TYPE_STATICKEYS:
+		case TYPE_CERTIFICATES:
+		default:
+			return null;
+		}
+	}
+
+	public String needUserPWInput() {
+		if(mTransientPW!=null)
+			return null;
+		if(mAuthenticationType == TYPE_PKCS12 &&
+				(mPKCS12Password.equals("") || mPKCS12Password == null)) {
+			return "PKCS12 File Password";
+		}
+		if(mAuthenticationType == TYPE_USERPASS &&
+				(mPassword.equals("") || mPassword == null)) {
+			return "Password";
+		}
+		return null;
+	}
+
+	public String getPasswordAuth() {
+		if(mTransientPW!=null)
+			return mTransientPW;
+		else
+			return mPassword;
+	}
+
+	
 
 }