diff options
8 files changed, 103 insertions, 79 deletions
diff --git a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java index 115a9d03..84e7975d 100644 --- a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java +++ b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java @@ -170,6 +170,7 @@ public class VpnProfile implements Serializable, Cloneable { public String mPeerFingerPrints = ""; public int mCompatMode = 0; public boolean mUseLegacyProvider = false; + public String mTlSCertProfile = ""; private transient PrivateKey mPrivateKey; // Public attributes, since I got mad with getter/setter diff --git a/main/src/main/res/values/arrays.xml b/main/src/main/res/values/arrays.xml index 97c10ff7..d5e21f3a 100644 --- a/main/src/main/res/values/arrays.xml +++ b/main/src/main/res/values/arrays.xml @@ -42,4 +42,10 @@ <item>OpenVPN 2.4.x peers</item> <item>OpenVPN 2.3.x and older peers</item> </string-array> + <string-array name="tls_profile_entries"> + <item>insecure (not recommend, allows insecure crypto)</item> + <item>legacy (default)</item> + <item>preferred (recommended but limited compabbility)</item> + <item>Suite B</item> + </string-array> </resources> diff --git a/main/src/main/res/values/strings.xml b/main/src/main/res/values/strings.xml index 4a4df03d..b82d70ca 100755 --- a/main/src/main/res/values/strings.xml +++ b/main/src/main/res/values/strings.xml @@ -508,5 +508,6 @@ <string name="bf_cbc_requires_legacy">Profiles uses BF-CBC which depends on OpenSSL legacy provider (not enabled).</string> <string name="allow_translations_title">Allow community contributed translations</string> <string name="allow_translations_summary">Allows the app to be translated with translations contributed by the community. Requires a restart of the app to activate.</string> + <string name="tls_profile">TLS Security Profile</string> </resources> diff --git a/main/src/main/res/values/untranslatable.xml b/main/src/main/res/values/untranslatable.xml index db64efa6..0260de8d 100644 --- a/main/src/main/res/values/untranslatable.xml +++ b/main/src/main/res/values/untranslatable.xml @@ -83,4 +83,10 @@ <string name="faq_title_ncp">Failed to negotiate cipher with server</string> <string name="import_from_URL">URL</string> + <string-array name="tls_profile_values" translatable="false"> + <item>insecure</item> + <item>legacy</item> + <item>preferred</item> + <item>suiteb</item> + </string-array> </resources> diff --git a/main/src/ui/java/de/blinkt/openvpn/fragments/Settings_Authentication.kt b/main/src/ui/java/de/blinkt/openvpn/fragments/Settings_Authentication.kt index 15687f26..d3de8116 100644 --- a/main/src/ui/java/de/blinkt/openvpn/fragments/Settings_Authentication.kt +++ b/main/src/ui/java/de/blinkt/openvpn/fragments/Settings_Authentication.kt @@ -24,8 +24,7 @@ import de.blinkt.openvpn.views.RemoteCNPreference import de.blinkt.openvpn.views.RemoteCNPreferenceDialog import java.io.IOException -class Settings_Authentication : OpenVpnPreferencesFragment(), Preference.OnPreferenceChangeListener, - Preference.OnPreferenceClickListener { +class Settings_Authentication : OpenVpnPreferencesFragment(), Preference.OnPreferenceClickListener { private lateinit var mExpectTLSCert: CheckBoxPreference private lateinit var mCheckRemoteCN: CheckBoxPreference private lateinit var mRemoteCN: RemoteCNPreference @@ -36,6 +35,7 @@ class Settings_Authentication : OpenVpnPreferencesFragment(), Preference.OnPrefe private var mTlsAuthFileData: String? = null private lateinit var mAuth: EditTextPreference private lateinit var mRemoteX509Name: EditTextPreference + private lateinit var mTLSProfile: ListPreference override fun onCreatePreferences(savedInstanceState: Bundle?, rootKey: String?) { } @@ -48,17 +48,17 @@ class Settings_Authentication : OpenVpnPreferencesFragment(), Preference.OnPrefe mExpectTLSCert = findPreference("remoteServerTLS")!! mCheckRemoteCN = findPreference("checkRemoteCN")!! mRemoteCN = findPreference("remotecn")!! - mRemoteCN.onPreferenceChangeListener = this + setRemoteCNSummaryProvider() mRemoteX509Name = findPreference("remotex509name")!! - mRemoteX509Name.onPreferenceChangeListener = this + mRemoteX509Name.setSummaryProvider { pref -> + if ((pref as EditTextPreference).text.isEmpty()) "CN (default)" else pref.text + } mUseTLSAuth = findPreference("useTLSAuth")!! mTLSAuthFile = findPreference("tlsAuthFile")!! mTLSAuthDirection = findPreference("tls_direction")!! - mTLSAuthFile.onPreferenceClickListener = this mDataCiphers = findPreference("dataciphers")!! - mDataCiphers.onPreferenceChangeListener = this mAuth = findPreference("auth")!! - mAuth.onPreferenceChangeListener = this + mTLSProfile = findPreference("tls_profile")!! loadSettings() } @@ -67,20 +67,17 @@ class Settings_Authentication : OpenVpnPreferencesFragment(), Preference.OnPrefe mCheckRemoteCN.isChecked = mProfile.mCheckRemoteCN mRemoteCN.setDN(mProfile.mRemoteCN) mRemoteCN.setAuthType(mProfile.mX509AuthType) - onPreferenceChange( - mRemoteCN, - Pair(mProfile.mX509AuthType, mProfile.mRemoteCN) - ) mRemoteX509Name.text = mProfile.mx509UsernameField ?: "" - onPreferenceChange(mRemoteX509Name, mProfile.mx509UsernameField ?: "") mUseTLSAuth.isChecked = mProfile.mUseTLSAuth + mTlsAuthFileData = mProfile.mTLSAuthFilename setTlsAuthSummary(mTlsAuthFileData) + mTLSAuthDirection.value = mProfile.mTLSAuthDirection + mDataCiphers.text = mProfile.mDataCiphers - onPreferenceChange(mDataCiphers, mProfile.mDataCiphers) mAuth.text = mProfile.mAuth - onPreferenceChange(mAuth, mProfile.mAuth) + if (mProfile.mAuthenticationType == VpnProfile.TYPE_STATICKEYS) { mExpectTLSCert.isEnabled = false mCheckRemoteCN.isEnabled = false @@ -89,6 +86,10 @@ class Settings_Authentication : OpenVpnPreferencesFragment(), Preference.OnPrefe mExpectTLSCert.isEnabled = true mCheckRemoteCN.isEnabled = true } + if (mProfile.mTlSCertProfile.isNullOrBlank()) + mTLSProfile.value = "legacy" + else + mTLSProfile.value = mProfile.mTlSCertProfile } override fun saveSettings() { @@ -99,36 +100,30 @@ class Settings_Authentication : OpenVpnPreferencesFragment(), Preference.OnPrefe mProfile.mUseTLSAuth = mUseTLSAuth.isChecked mProfile.mTLSAuthFilename = mTlsAuthFileData mProfile.mx509UsernameField = mRemoteX509Name.text - if (mTLSAuthDirection.value == null) mProfile.mTLSAuthDirection = - null else mProfile.mTLSAuthDirection = mTLSAuthDirection.value - if (mDataCiphers.text == null) mProfile.mDataCiphers = null else mProfile.mDataCiphers = - mDataCiphers.text - if (mAuth.text == null) mProfile.mAuth = null else mProfile.mAuth = mAuth.text + mProfile.mTLSAuthDirection = mTLSAuthDirection.value + mProfile.mDataCiphers = mDataCiphers.text + mProfile.mAuth = mAuth.text + mProfile.mTlSCertProfile = mTLSProfile.value } - override fun onPreferenceChange(preference: Preference, newValue: Any): Boolean { - if (preference === mRemoteCN && newValue is Pair<*, *>) { - val authtype = newValue.first as Int - val dn = newValue.second - if ("" == dn) { + private fun setRemoteCNSummaryProvider() + { + mRemoteCN.setSummaryProvider { + pref -> + pref as RemoteCNPreference; + + if ("" == pref.cnText) { if (mProfile.mConnections.size > 0) { - preference.summary = getX509String( - VpnProfile.X509_VERIFY_TLSREMOTE_RDN, + return@setSummaryProvider getX509String(VpnProfile.X509_VERIFY_TLSREMOTE_RDN, mProfile.mConnections[0].mServerName ) } else { - preference.setSummary(R.string.no_remote_defined) + return@setSummaryProvider getString(R.string.no_remote_defined) } } else { - preference.summary = getX509String(authtype, dn as String) + return@setSummaryProvider getX509String(pref.authtype, pref.cnText) } - } else if (preference === mDataCiphers || preference === mAuth) { - preference.summary = (newValue as CharSequence) - } else if (preference === mRemoteX509Name) { - preference.summary = - (if (newValue.toString().isEmpty()) "CN (default)" else newValue as CharSequence) } - return true } private fun getX509String(authtype: Int, dn: String): CharSequence { diff --git a/main/src/ui/java/de/blinkt/openvpn/views/RemoteCNPreference.java b/main/src/ui/java/de/blinkt/openvpn/views/RemoteCNPreference.java index 93a2d90f..ca94ac19 100644 --- a/main/src/ui/java/de/blinkt/openvpn/views/RemoteCNPreference.java +++ b/main/src/ui/java/de/blinkt/openvpn/views/RemoteCNPreference.java @@ -39,11 +39,13 @@ public class RemoteCNPreference extends DialogPreference { public void setDN(String dn) { mDn = dn; + notifyChanged(); } public void setAuthType(int x509authtype) { mDNType = x509authtype; + notifyChanged(); } public String getCNText() { diff --git a/main/src/ui/java/de/blinkt/openvpn/views/RemoteCNPreferenceDialog.java b/main/src/ui/java/de/blinkt/openvpn/views/RemoteCNPreferenceDialog.java index 37258489..303e5977 100644 --- a/main/src/ui/java/de/blinkt/openvpn/views/RemoteCNPreferenceDialog.java +++ b/main/src/ui/java/de/blinkt/openvpn/views/RemoteCNPreferenceDialog.java @@ -107,17 +107,14 @@ public class RemoteCNPreferenceDialog extends PreferenceDialogFragmentCompat { @Override public void onDialogClosed(boolean positiveResult) { - if (positiveResult) { RemoteCNPreference pref = ((RemoteCNPreference) getPreference()); String dn = mEditText.getText().toString(); int authtype = getAuthTypeFromSpinner(); - if (pref.callChangeListener(new Pair<>(authtype, dn))) { - pref.setDN(dn); - pref.setAuthType(authtype); - } - } + pref.setDN(dn); + pref.setAuthType(authtype); + } } diff --git a/main/src/ui/res/xml/vpn_authentification.xml b/main/src/ui/res/xml/vpn_authentification.xml index be24495a..770f6599 100644 --- a/main/src/ui/res/xml/vpn_authentification.xml +++ b/main/src/ui/res/xml/vpn_authentification.xml @@ -3,64 +3,80 @@ ~ Distributed under the GNU GPL v2 with additional terms. For full terms see the file doc/LICENSE.txt --> -<PreferenceScreen xmlns:android="http://schemas.android.com/apk/res/android"> +<PreferenceScreen xmlns:android="http://schemas.android.com/apk/res/android" + xmlns:app="http://schemas.android.com/apk/res-auto"> <PreferenceCategory android:title="@string/tls_settings"> + <ListPreference + android:entries="@array/tls_profile_entries" + android:entryValues="@array/tls_profile_values" + android:key="tls_profile" + android:persistent="false" + android:title="@string/tls_profile" + app:useSimpleSummaryProvider="true" /> <CheckBoxPreference - android:key="remoteServerTLS" - android:summary="@string/check_remote_tlscert" - android:title="@string/check_remote_tlscert_title" /> + android:key="remoteServerTLS" + android:summary="@string/check_remote_tlscert" + android:title="@string/check_remote_tlscert_title" /> <CheckBoxPreference - android:key="checkRemoteCN" - android:summary="@string/remote_tlscn_check_summary" - android:title="@string/remote_tlscn_check_title" /> + android:key="checkRemoteCN" + android:summary="@string/remote_tlscn_check_summary" + android:title="@string/remote_tlscn_check_title" /> <de.blinkt.openvpn.views.RemoteCNPreference - android:dependency="checkRemoteCN" - android:positiveButtonText="@android:string/ok" - android:negativeButtonText="@string/cancel" - android:key="remotecn" - android:title="@string/enter_tlscn_title" /> + android:dependency="checkRemoteCN" + android:key="remotecn" + android:negativeButtonText="@string/cancel" + android:positiveButtonText="@android:string/ok" + android:title="@string/enter_tlscn_title" /> <EditTextPreference - android:dependency="checkRemoteCN" - android:dialogMessage="Field in the X.509 certificate subject to be used as the username (default=CN)." - android:key="remotex509name" - android:persistent="false" - android:title="X509 Username Field" /> + android:dependency="checkRemoteCN" + android:dialogMessage="Field in the X.509 certificate subject to be used as the username (default=CN)." + android:key="remotex509name" + android:persistent="false" + android:title="X509 Username Field" /> </PreferenceCategory> <PreferenceCategory android:title="@string/tls_authentication"> <SwitchPreference - android:key="useTLSAuth" - android:summary="@string/tls_key_auth" - android:title="@string/useTLSAuth" /> + + android:key="useTLSAuth" + android:summary="@string/tls_key_auth" + android:title="@string/useTLSAuth" /> <Preference - android:dependency="useTLSAuth" - android:key="tlsAuthFile" - android:title="@string/tls_auth_file" /> + android:dependency="useTLSAuth" + + android:key="tlsAuthFile" + android:title="@string/tls_auth_file" + app:useSimpleSummaryProvider="true" /> <ListPreference - android:dependency="useTLSAuth" - android:entries="@array/tls_directions_entries" - android:entryValues="@array/tls_directions_values" - android:key="tls_direction" - android:persistent="false" - android:title="@string/tls_direction" /> + android:dependency="useTLSAuth" + + android:entries="@array/tls_directions_entries" + android:entryValues="@array/tls_directions_values" + android:key="tls_direction" + android:persistent="false" + android:title="@string/tls_direction" + app:useSimpleSummaryProvider="true" /> </PreferenceCategory> <PreferenceCategory android:title="@string/encryption"> <EditTextPreference - android:dialogMessage="@string/chipher_dialog_message" - android:dialogTitle="@string/cipher_dialog_title" - android:key="dataciphers" - android:persistent="false" - android:title="@string/encryption_cipher" /> + android:dialogMessage="@string/chipher_dialog_message" + android:dialogTitle="@string/cipher_dialog_title" + android:key="dataciphers" + android:persistent="false" + android:title="@string/encryption_cipher" + app:useSimpleSummaryProvider="true" /> <EditTextPreference - android:dialogMessage="@string/auth_dialog_message" - android:dialogTitle="@string/auth_dialog_title" - android:key="auth" - android:persistent="false" - android:title="@string/packet_auth" /> + android:dialogMessage="@string/auth_dialog_message" + android:dialogTitle="@string/auth_dialog_title" + android:key="auth" + android:persistent="false" + android:title="@string/packet_auth" + + app:useSimpleSummaryProvider="true" /> </PreferenceCategory> </PreferenceScreen>
\ No newline at end of file |