diff options
| -rw-r--r-- | res/layout/basic_settings.xml | 6 | ||||
| -rw-r--r-- | res/layout/file_dialog_main.xml | 2 | ||||
| -rw-r--r-- | res/layout/keystore_selector.xml | 2 | ||||
| -rw-r--r-- | res/values-de/strings.xml | 6 | ||||
| -rw-r--r-- | res/values/strings.xml | 8 | ||||
| -rw-r--r-- | src/de/blinkt/openvpn/LaunchVPN.java | 2 | ||||
| -rw-r--r-- | src/de/blinkt/openvpn/OpenVPN.java | 11 | ||||
| -rw-r--r-- | src/de/blinkt/openvpn/Settings_Basic.java | 6 | ||||
| -rw-r--r-- | src/de/blinkt/openvpn/VpnProfile.java | 30 |
9 files changed, 64 insertions, 9 deletions
diff --git a/res/layout/basic_settings.xml b/res/layout/basic_settings.xml index d47ba207..409936e1 100644 --- a/res/layout/basic_settings.xml +++ b/res/layout/basic_settings.xml @@ -106,6 +106,12 @@ android:visibility="gone" > <include layout="@layout/keystore_selector" /> + + <TextView + style="@style/item" + android:singleLine="false" + android:text="@string/extracahint" + android:textAppearance="?android:attr/textAppearanceSmall" /> </LinearLayout> <LinearLayout diff --git a/res/layout/file_dialog_main.xml b/res/layout/file_dialog_main.xml index 2f88ffb7..68af9b18 100644 --- a/res/layout/file_dialog_main.xml +++ b/res/layout/file_dialog_main.xml @@ -23,7 +23,7 @@ android:id="@+id/fdButtonSelect" android:layout_width="wrap_content" android:layout_height="wrap_content" - android:text="@string/select" > + android:text="@string/select_file" > </Button> </LinearLayout> diff --git a/res/layout/keystore_selector.xml b/res/layout/keystore_selector.xml index 21945104..211e977b 100644 --- a/res/layout/keystore_selector.xml +++ b/res/layout/keystore_selector.xml @@ -28,7 +28,7 @@ android:layout_width="wrap_content" android:layout_height="wrap_content" android:layout_alignParentRight="true" - android:text="@string/select_certificate" /> + android:text="@string/select" /> <TextView android:id="@+id/title" diff --git a/res/values-de/strings.xml b/res/values-de/strings.xml index be0a518d..aebfe351 100644 --- a/res/values-de/strings.xml +++ b/res/values-de/strings.xml @@ -14,7 +14,7 @@ <string name="client_certificate_title">Clientzertifikat</string> <string name="client_key_title">Clientzertifikatsschlüssel</string> <string name="ca_title">CA Zertifikat</string> - <string name="select_certificate">Auswählen</string> + <string name="select_file">Auswählen</string> <string name="no_certificate">Nichts ausgewählt</string> <string name="about">Über</string> <string name="vpn_type">Typ</string> @@ -171,5 +171,9 @@ <string name="building_configration">Generiere OpenVPN Konfigration…</string> <string name="netchange_summary">Aktivieren dieser Option zwingt OpenVPN dazu beim Wechsel des Netzwerkes (WLAN zu Mobilfunk und umgekehrt) neu zu verbinden.</string> <string name="netchange">Netzwerkänderungen beachten</string> + <string name="netstatus">Netzwerkstatus: %s</string> + <string name="keychain_nocacert">Beim Abfragen des Android KeyStore wurde kein CA Zertifikat zurückgegeben. Überprüfen des Serverzertifikat wird warscheinlich fehlschlagen. Geben Sie manuell ein CA Zertifikat an.</string> + <string name="cert_from_keystore">Zertifikat (KeyStore): \'%s\' </string> + <string name="extracahint">Das CA Zertifikat wird meist aus dem Zertifikatsspeicher automatisch ausgewählt. Sollte dies nicht funktionieren und Sie Verifizierungsprobleme erhalten(self signed certificate), wählen Sie manuell ein Zertifikat aus.</string> </resources>
\ No newline at end of file diff --git a/res/values/strings.xml b/res/values/strings.xml index 08bb0a27..f7c9817f 100644 --- a/res/values/strings.xml +++ b/res/values/strings.xml @@ -24,7 +24,6 @@ <string name="defaultport" translatable="false">1194</string> <string name="location">Location</string> <string name="cant_read_folder">folder can\'t be read!</string> - <string name="select">Select</string> <string name="cancel">Cancel</string> <string name="no_data">No Data</string> <string name="useLZO">LZO Compression</string> @@ -33,7 +32,6 @@ <string name="client_key_title">Client Certificate Key</string> <string name="client_pkcs12_title">PKCS12 File</string> <string name="ca_title">CA Certificate</string> - <string name="select_certificate">Select</string> <string name="no_certificate">Nothing selected</string> <string name="opevpn_copyright" translatable="false">Copyright © 2002–2010 OpenVPN Technologies, Inc. <sales@openvpn.net>\n @@ -57,6 +55,7 @@ <string name="vpn_list_title">All your precious VPNs</string> <string name="vpn_type">Type</string> <string name="pkcs12pwquery">PKCS12 Password</string> + <string name="select">Select…</string> <string name="file_select">Select…</string> <string name="file_nothing_selected">Nothing Selected</string> <string name="useTLSAuth">Use TLS Authentication</string> @@ -209,7 +208,10 @@ <string name="building_configration">Building configration…</string> <string name="netchange_summary">Turning this option on will force a reconnet if the network state is change (WIFI to/from mobile)</string> <string name="netchange">Reconnect on Network change</string> - <string name="keychain_nocacert">No CA Certificate returned while reading from Android keystore. Auhtentication will probably fail.</string> <string name="cert_from_keystore">Got certificate \'%s\' from Keystore</string> <string name="netstatus">Network Status: %s</string> + <string name="extracahint">The CA cert is usually returned from the Android Keystore. Specify a seperate certificate if you get certificate verification errors.</string> + <string name="select_file">Select</string> + <string name="keychain_nocacert">No CA Certificate returned while reading from Android keystore. Auhtentication will probably fail.</string> + </resources> diff --git a/src/de/blinkt/openvpn/LaunchVPN.java b/src/de/blinkt/openvpn/LaunchVPN.java index b4151c24..e76057d7 100644 --- a/src/de/blinkt/openvpn/LaunchVPN.java +++ b/src/de/blinkt/openvpn/LaunchVPN.java @@ -105,7 +105,7 @@ public class LaunchVPN extends ListActivity implements OnItemClickListener { if(Intent.ACTION_MAIN.equals(action)) { // we got called to be the starting point, most likely a shortcut String shortcutUUID = intent.getStringExtra( EXTRA_KEY); - String shortcutName = intent.getStringExtra( EXTRA_KEY); + String shortcutName = intent.getStringExtra( EXTRA_NAME); VpnProfile profileToConnect = ProfileManager.get(shortcutUUID); if(shortcutName != null && profileToConnect ==null) diff --git a/src/de/blinkt/openvpn/OpenVPN.java b/src/de/blinkt/openvpn/OpenVPN.java index 39533db3..b09eb60e 100644 --- a/src/de/blinkt/openvpn/OpenVPN.java +++ b/src/de/blinkt/openvpn/OpenVPN.java @@ -35,6 +35,12 @@ public class OpenVPN { mMessage = message; } + public LogItem(int loglevel, String msg) { + mLevel = loglevel; + mMessage = msg; + } + + String getString(Context c) { if(mMessage !=null) { return mMessage; @@ -144,6 +150,11 @@ public class OpenVPN { } } + public static void logError(String msg) { + newlogItem(new LogItem(LogItem.ERROR, msg)); + + } + } diff --git a/src/de/blinkt/openvpn/Settings_Basic.java b/src/de/blinkt/openvpn/Settings_Basic.java index bafee229..1b82b579 100644 --- a/src/de/blinkt/openvpn/Settings_Basic.java +++ b/src/de/blinkt/openvpn/Settings_Basic.java @@ -200,7 +200,7 @@ public class Settings_Basic extends Fragment implements View.OnClickListener, On mView.findViewById(R.id.userpassword).setVisibility(View.GONE); mView.findViewById(R.id.key_password_layout).setVisibility(View.GONE); - // Fallthroughs are by desing + // Fall through are by design switch(type) { case VpnProfile.TYPE_USERPASS_CERTIFICATES: mView.findViewById(R.id.userpassword).setVisibility(View.VISIBLE); @@ -210,18 +210,22 @@ public class Settings_Basic extends Fragment implements View.OnClickListener, On if(mProfile.requireTLSKeyPassword()) mView.findViewById(R.id.key_password_layout).setVisibility(View.VISIBLE); break; + case VpnProfile.TYPE_USERPASS_PKCS12: mView.findViewById(R.id.userpassword).setVisibility(View.VISIBLE); case VpnProfile.TYPE_PKCS12: mView.findViewById(R.id.pkcs12).setVisibility(View.VISIBLE); break; + case VpnProfile.TYPE_STATICKEYS: mView.findViewById(R.id.statickeys).setVisibility(View.VISIBLE); break; + case VpnProfile.TYPE_USERPASS_KEYSTORE: mView.findViewById(R.id.userpassword).setVisibility(View.VISIBLE); case VpnProfile.TYPE_KEYSTORE: mView.findViewById(R.id.keystore).setVisibility(View.VISIBLE); + mView.findViewById(R.id.cacert).setVisibility(View.VISIBLE); break; case VpnProfile.TYPE_USERPASS: diff --git a/src/de/blinkt/openvpn/VpnProfile.java b/src/de/blinkt/openvpn/VpnProfile.java index e9cb994a..7ca75723 100644 --- a/src/de/blinkt/openvpn/VpnProfile.java +++ b/src/de/blinkt/openvpn/VpnProfile.java @@ -1,17 +1,22 @@ package de.blinkt.openvpn; +import java.io.ByteArrayInputStream; import java.io.File; +import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.FileOutputStream; import java.io.FileReader; import java.io.FileWriter; import java.io.IOException; +import java.io.InputStream; import java.io.Serializable; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; +import java.security.cert.Certificate; import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.util.Collection; import java.util.Random; @@ -474,7 +479,7 @@ public class VpnProfile implements Serializable{ try { privateKey = KeyChain.getPrivateKey(context,mAlias); cachain = KeyChain.getCertificateChain(context, mAlias); - if(cachain.length <= 1) + if(cachain.length <= 1 && !nonNull(mCaFilename)) OpenVPN.logMessage(0, "", context.getString(R.string.keychain_nocacert)); @@ -484,6 +489,15 @@ public class VpnProfile implements Serializable{ KeyStore ks = KeyStore.getInstance("PKCS12"); ks.load(null, null); + if(nonNull(mCaFilename)) { + try { + Certificate cacert = getCacertFromFile(); + + ks.setCertificateEntry("cacert", cacert); + } catch (Exception e) { + OpenVPN.logError("Could not read CA certificate" + e.getLocalizedMessage()); + } + } ks.setKeyEntry("usercert", privateKey, null, cachain); String mypw = getTemporaryPKCS12Password(); FileOutputStream fout = new FileOutputStream(context.getCacheDir().getAbsolutePath() + "/" + VpnProfile.OVPNCONFIGPKCS12); @@ -507,6 +521,20 @@ public class VpnProfile implements Serializable{ } } + private Certificate getCacertFromFile() throws FileNotFoundException, CertificateException { + CertificateFactory certFact = CertificateFactory.getInstance("X.509"); + + InputStream inStream; + + if(mCaFilename.startsWith(INLINE_TAG)) + inStream = new ByteArrayInputStream(mCaFilename.replace(INLINE_TAG,"").getBytes()); + else + inStream = new FileInputStream(mCaFilename); + + return certFact.generateCertificate(inStream); + } + + //! Return an error if somethign is wrong int checkProfile() { if((mAuthenticationType==TYPE_KEYSTORE || mAuthenticationType==TYPE_USERPASS_KEYSTORE) && mAlias==null) |