diff options
| author | Arne Schwabe <arne@rfc2549.org> | 2016-07-05 18:25:50 +0200 |
|---|---|---|
| committer | Arne Schwabe <arne@rfc2549.org> | 2016-07-05 18:25:50 +0200 |
| commit | 29bda719b6a1e2caef78045d5073c0b212d73fdc (patch) | |
| tree | 0cfd13afd246fdcb4a07144ef953233a42052a66 | |
| parent | f0d2595b794bc02d4527cf37c312d7dacd86b7bc (diff) | |
Add UI option for x509-username-field option (closes #519)
4 files changed, 31 insertions, 3 deletions
diff --git a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java index cb5d7552..a082ce8e 100644 --- a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java +++ b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java @@ -141,6 +141,8 @@ public class VpnProfile implements Serializable, Cloneable { public boolean mUserEditable = true; public String mAuth = ""; public int mX509AuthType = X509_VERIFY_TLSREMOTE_RDN; + public String mx509UsernameField = null; + private transient PrivateKey mPrivateKey; // Public attributes, since I got mad with getter/setter // set members to default values @@ -470,7 +472,7 @@ public class VpnProfile implements Serializable, Cloneable { if (mAuthenticationType != TYPE_STATICKEYS) { if (mCheckRemoteCN) { if (mRemoteCN == null || mRemoteCN.equals("")) - cfg += "verify-x509-name " + mConnections[0].mServerName + " name\n"; + cfg += "verify-x509-name " + openVpnEscape(mConnections[0].mServerName) + " name\n"; else switch (mX509AuthType) { @@ -493,6 +495,8 @@ public class VpnProfile implements Serializable, Cloneable { cfg += "verify-x509-name " + openVpnEscape(mRemoteCN) + "\n"; break; } + if (!TextUtils.isEmpty(mx509UsernameField)) + cfg+= "x509-username-field " + openVpnEscape(mx509UsernameField) +"\n"; } if (mExpectTLSCert) cfg += "remote-cert-tls server\n"; diff --git a/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java b/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java index 2a4f742f..b216f6d9 100644 --- a/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java +++ b/main/src/main/java/de/blinkt/openvpn/core/ConfigParser.java @@ -566,6 +566,11 @@ public class ConfigParser { } + Vector<String> x509usernamefield = getOption("x509-username-field", 1,1); + if (x509usernamefield!=null) { + np.mx509UsernameField = x509usernamefield.get(1); + } + Vector<String> verb = getOption("verb", 1, 1); if (verb != null) { diff --git a/main/src/main/java/de/blinkt/openvpn/fragments/Settings_Authentication.java b/main/src/main/java/de/blinkt/openvpn/fragments/Settings_Authentication.java index 22464b3b..09ffb143 100644 --- a/main/src/main/java/de/blinkt/openvpn/fragments/Settings_Authentication.java +++ b/main/src/main/java/de/blinkt/openvpn/fragments/Settings_Authentication.java @@ -16,6 +16,7 @@ import android.preference.Preference; import android.preference.Preference.OnPreferenceChangeListener; import android.preference.Preference.OnPreferenceClickListener; import android.preference.SwitchPreference; +import android.text.TextUtils; import android.util.Pair; import de.blinkt.openvpn.activities.FileSelect; import de.blinkt.openvpn.R; @@ -38,8 +39,9 @@ public class Settings_Authentication extends OpenVpnPreferencesFragment implemen private EditTextPreference mCipher; private String mTlsAuthFileData; private EditTextPreference mAuth; + private EditTextPreference mRemoteX509Name; - @Override + @Override public void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); @@ -51,6 +53,9 @@ public class Settings_Authentication extends OpenVpnPreferencesFragment implemen mRemoteCN = (RemoteCNPreference) findPreference("remotecn"); mRemoteCN.setOnPreferenceChangeListener(this); + mRemoteX509Name = (EditTextPreference) findPreference("remotex509name"); + mRemoteX509Name.setOnPreferenceChangeListener(this); + mUseTLSAuth = (SwitchPreference) findPreference("useTLSAuth" ); mTLSAuthFile = findPreference("tlsAuthFile"); mTLSAuthDirection = (ListPreference) findPreference("tls_direction"); @@ -78,6 +83,9 @@ public class Settings_Authentication extends OpenVpnPreferencesFragment implemen onPreferenceChange(mRemoteCN, new Pair<Integer, String>(mProfile.mX509AuthType, mProfile.mRemoteCN)); + mRemoteX509Name.setText(mProfile.mx509UsernameField); + onPreferenceChange(mRemoteX509Name, mProfile.mx509UsernameField); + mUseTLSAuth.setChecked(mProfile.mUseTLSAuth); mTlsAuthFileData= mProfile.mTLSAuthFilename; setTlsAuthSummary(mTlsAuthFileData); @@ -107,6 +115,7 @@ public class Settings_Authentication extends OpenVpnPreferencesFragment implemen mProfile.mUseTLSAuth = mUseTLSAuth.isChecked(); mProfile.mTLSAuthFilename = mTlsAuthFileData; + mProfile.mx509UsernameField = mRemoteX509Name.getText(); if(mTLSAuthDirection.getValue()==null) mProfile.mTLSAuthDirection=null; @@ -147,7 +156,9 @@ public class Settings_Authentication extends OpenVpnPreferencesFragment implemen } else if (preference == mCipher || preference == mAuth) { preference.setSummary((CharSequence) newValue); - } + } else if (preference == mRemoteX509Name) { + preference.setSummary(TextUtils.isEmpty((CharSequence) newValue) ? "CN (default)" : (CharSequence)newValue); + } return true; } private CharSequence getX509String(int authtype, String dn) { diff --git a/main/src/main/res/xml/vpn_authentification.xml b/main/src/main/res/xml/vpn_authentification.xml index 8bfebccb..09354de3 100644 --- a/main/src/main/res/xml/vpn_authentification.xml +++ b/main/src/main/res/xml/vpn_authentification.xml @@ -18,6 +18,14 @@ android:dependency="checkRemoteCN" android:key="remotecn" android:title="@string/enter_tlscn_title" /> + + <EditTextPreference + android:dependency="checkRemoteCN" + android:key="remotex509name" + android:persistent="false" + android:dialogMessage="Field in the X.509 certificate subject to be used as the username (default=CN)." + android:title="X509 Username Field" /> + </PreferenceCategory> <PreferenceCategory android:title="@string/tls_authentication"> <SwitchPreference |