Enhance/fix --verify-x509-name support

5 files changed, 88 insertions, 46 deletions

diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index e88e8813..0fa6a1b9 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -18,8 +18,8 @@
 <manifest xmlns:android="http://schemas.android.com/apk/res/android"
     xmlns:tools="http://schemas.android.com/tools"
     package="de.blinkt.openvpn"
-    android:versionCode="63"
-    android:versionName="0.5.35" >
+    android:versionCode="64"
+    android:versionName="0.5.36" >
 
     <uses-permission android:name="android.permission.INTERNET" />
     <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
diff --git a/res/layout/tlsremote.xml b/res/layout/tlsremote.xml
index 3c16566a..e93b9364 100644
--- a/res/layout/tlsremote.xml
+++ b/res/layout/tlsremote.xml
@@ -1,38 +1,44 @@
 <?xml version="1.0" encoding="utf-8"?>
-<RelativeLayout xmlns:android="http://schemas.android.com/apk/res/android"
+<ScrollView xmlns:android="http://schemas.android.com/apk/res/android"
     android:layout_width="match_parent"
     android:layout_height="match_parent" >
 
-    <TextView
-        android:id="@+id/dialogHeader"
+    <LinearLayout
         android:layout_width="wrap_content"
         android:layout_height="wrap_content"
-        android:layout_alignParentTop="true"
-        android:text="@string/enter_tlscn_dialog" />
+        android:orientation="vertical" >
 
-    <Spinner
-        android:id="@+id/x509verifytype"
-        android:layout_width="wrap_content"
-        android:layout_height="wrap_content"
-        android:layout_below="@id/dialogHeader"
-        android:layout_toRightOf="@+id/textView1" />
+        <TextView
+            android:id="@+id/dialogHeader"
+            android:layout_width="wrap_content"
+            android:layout_height="wrap_content"
+            android:text="@string/enter_tlscn_dialog" />
 
-    <EditText
-        android:id="@+id/tlsremotecn"
-        android:layout_width="match_parent"
-        android:layout_height="wrap_content"
-        android:layout_alignParentLeft="true"
-        android:layout_below="@id/x509verifytype"
-        android:layout_marginTop="20dp"
-        android:ems="10"
-        android:inputType="text" />
-
-    <TextView
-        android:id="@+id/textView2"
-        android:layout_width="wrap_content"
-        android:layout_height="wrap_content"
-        android:layout_alignParentLeft="true"
-        android:layout_below="@+id/textView1"
-        android:textAppearance="?android:attr/textAppearanceSmall" />
+        <TextView
+            android:id="@+id/tlsremotenote"
+            android:layout_width="wrap_content"
+            android:layout_height="wrap_content"
+            android:layout_marginTop="8sp"
+            android:text="@string/remotetlsnote"
+            android:textAppearance="?android:attr/textAppearanceSmall"
+            android:visibility="gone" />
+
+        <Spinner
+            android:id="@+id/x509verifytype"
+            android:layout_width="wrap_content"
+            android:layout_height="wrap_content" />
+
+        <EditText
+            android:id="@+id/tlsremotecn"
+            android:layout_width="match_parent"
+            android:layout_height="wrap_content"
+            android:layout_marginTop="20dp"
+            android:ems="10"
+            android:inputType="text" >
+
+            <requestFocus />
+        </EditText>
+
+    </LinearLayout>
 
-</RelativeLayout>
\ No newline at end of file
+</ScrollView>
\ No newline at end of file
diff --git a/res/values/strings.xml b/res/values/strings.xml
index 7d35c20d..dd36c46e 100755
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -65,7 +65,7 @@
     <string name="check_remote_tlscert_title">Except TLS Server</string>
     <string name="remote_tlscn_check_summary">Checks the Remote Server Certificate Subject DN</string>
     <string name="remote_tlscn_check_title">Certificate Hostname Check</string>
-    <string name="enter_tlscn_dialog">Specify the check used to verify the remote certificate DN\n\Specify the complete DN (e.g. C=DE, L=Paderborn, OU=Avian IP Carriers, CN=openvpn.blinkt.de) or the RDN (openvpn.blinkt.de in the DN example) or an RDN prefix for verification.\n\nRDN prefix will use prefix matching. \"Server\" matches \"Server-1\" and \"Server-2\"\nLeaving the text field empty will check the RDN against the server hostname.\nFor more details see the OpenVPN 2.3.1+ manpage under --verify-x509-name</string>
+    <string name="enter_tlscn_dialog">Specify the check used to verify the remote certificate DN (e.g. C=DE, L=Paderborn, OU=Avian IP Carriers, CN=openvpn.blinkt.de)\n\nSpecify the complete DN or the RDN (openvpn.blinkt.de in the example) or an RDN prefix for verification.\n\nRDN prefix will use prefix matching. \"Server\" matches \"Server-1\" and \"Server-2\"\n\nLeaving the text field empty will check the RDN against the server hostname.\n\nFor more details see the OpenVPN 2.3.1+ manpage under —verify-x509-name</string>
     <string name="enter_tlscn_title">Remote certificate subject</string>
     <string name="tls_key_auth">Enables the TLS Key Authentication</string>
     <string name="tls_auth_file">TLS Auth File</string>
@@ -272,5 +272,9 @@
     <string name="add">Add</string>
     <string name="send_config">Send config file</string>
     <string name="complete_dn">Complete DN</string>
+    <string name="remotetlsnote">Your imported configuration used the old DEPRECATED tls-remote option which uses a different DN format.</string>
+    <string name="rdn">RDN (common name)</string>
+    <string name="rdn_prefix">RDN prefix</string>
+    <string name="tls_remote_deprecated">tls-remote (DEPRECATED)</string>
 
 </resources>
\ No newline at end of file
diff --git a/src/de/blinkt/openvpn/RemoteCNPreference.java b/src/de/blinkt/openvpn/RemoteCNPreference.java
index 3d142527..22d3126e 100644
--- a/src/de/blinkt/openvpn/RemoteCNPreference.java
+++ b/src/de/blinkt/openvpn/RemoteCNPreference.java
@@ -7,7 +7,9 @@ import android.util.Pair;
 import android.view.View;
 import android.widget.ArrayAdapter;
 import android.widget.EditText;
+import android.widget.ScrollView;
 import android.widget.Spinner;
+import android.widget.TextView;
 
 public class RemoteCNPreference extends DialogPreference {
 
@@ -15,8 +17,9 @@ public class RemoteCNPreference extends DialogPreference {
 	private Spinner mSpinner;
 	private EditText mEditText;
 	private int mDNType;
-	private ArrayAdapter<String> mAuthtypes;
 	private String mDn;
+	private TextView mRemoteTLSNote;
+	//private ScrollView mScrollView;
 
 	public RemoteCNPreference(Context context, AttributeSet attrs) {
 		super(context, attrs);
@@ -31,6 +34,8 @@ public class RemoteCNPreference extends DialogPreference {
 
 		mEditText = (EditText) view.findViewById(R.id.tlsremotecn);
 		mSpinner = (Spinner) view.findViewById(R.id.x509verifytype);
+		mRemoteTLSNote = (TextView) view.findViewById(R.id.tlsremotenote);
+		//mScrollView = (ScrollView) view.findViewById(R.id.tlsremotescroll);
 		if(mDn!=null)
 			mEditText.setText(mDn);
 
@@ -38,23 +43,12 @@ public class RemoteCNPreference extends DialogPreference {
 
 	}
 
-	private void populateSpinner() {
-		mAuthtypes = new ArrayAdapter<String>(getContext(), android.R.layout.simple_spinner_item);
-		mAuthtypes.setDropDownViewResource(android.R.layout.simple_spinner_dropdown_item);
-
-		mAuthtypes.add(getContext().getString(R.string.complete_dn));
-		mAuthtypes.add("RDN (common name)");
-		mAuthtypes.add("RDN prefix");
-		if (mDNType == VpnProfile.X509_VERIFY_TLSREMOTE || mDNType == VpnProfile.X509_VERIFY_TLSREMOTE_COMPAT_NOREMAPPING )
-			mAuthtypes.add("tls-remote (DEPRECATED)");
 
-		mSpinner.setAdapter(mAuthtypes);
-	}
 
 	public String getCNText() {
 		return mDn;
 	}
-	
+
 	public int getAuthtype() {
 		return mDNType;
 	}
@@ -84,7 +78,46 @@ public class RemoteCNPreference extends DialogPreference {
 			}
 		}
 	}
+	
+	private void populateSpinner() {
+		ArrayAdapter<String> authtypes = new ArrayAdapter<String>(getContext(), android.R.layout.simple_spinner_item);
+		authtypes.setDropDownViewResource(android.R.layout.simple_spinner_dropdown_item);
+
+		authtypes.add(getContext().getString(R.string.complete_dn));
+		authtypes.add(getContext().getString(R.string.rdn));
+		authtypes.add(getContext().getString(R.string.rdn_prefix));
+		if ((mDNType == VpnProfile.X509_VERIFY_TLSREMOTE || mDNType == VpnProfile.X509_VERIFY_TLSREMOTE_COMPAT_NOREMAPPING) 
+				&& !(mDn==null || "".equals(mDn))) {
+			authtypes.add(getContext().getString(R.string.tls_remote_deprecated));
+			mRemoteTLSNote.setVisibility(View.VISIBLE);
+		} else {
+			mRemoteTLSNote.setVisibility(View.GONE);
+		}
+		mSpinner.setAdapter(authtypes);
+		mSpinner.setSelection(getSpinnerPositionFromAuthTYPE());
+	}
+	
+	private int getSpinnerPositionFromAuthTYPE() {
+		switch (mDNType) {
+		case VpnProfile.X509_VERIFY_TLSREMOTE_DN:
+			return 0;
+		case VpnProfile.X509_VERIFY_TLSREMOTE_RDN:
+			return 1;
+		case VpnProfile.X509_VERIFY_TLSREMOTE_RDN_PREFIX:
+			return 2;
+		case VpnProfile.X509_VERIFY_TLSREMOTE_COMPAT_NOREMAPPING:
+		case VpnProfile.X509_VERIFY_TLSREMOTE:
+			if (mDn==null || "".equals(mDn))
+				return 1;
+			else
+				return 3;
 
+
+		default:
+			return 0;
+		}
+	}
+	
 	private int getAuthTypeFromSpinner() {
 		int pos = mSpinner.getSelectedItemPosition();
 		switch (pos) {
diff --git a/src/de/blinkt/openvpn/Settings_Obscure.java b/src/de/blinkt/openvpn/Settings_Obscure.java
index 160dbe0c..22f561b0 100644
--- a/src/de/blinkt/openvpn/Settings_Obscure.java
+++ b/src/de/blinkt/openvpn/Settings_Obscure.java
@@ -22,7 +22,6 @@ public class Settings_Obscure extends OpenVpnPreferencesFragment implements OnPr
 		super.onCreate(savedInstanceState);
 		// Load the preferences from an XML resource
 		addPreferencesFromResource(R.xml.vpn_obscure);
-
 		
 		mUseRandomHostName = (CheckBoxPreference) findPreference("useRandomHostname");
 		mUseFloat = (CheckBoxPreference) findPreference("useFloat");