summaryrefslogtreecommitdiff
path: root/main/src
diff options
context:
space:
mode:
Diffstat (limited to 'main/src')
-rw-r--r--main/src/main/java/de/blinkt/openvpn/VpnProfile.java1
-rw-r--r--main/src/main/res/values/arrays.xml6
-rwxr-xr-xmain/src/main/res/values/strings.xml1
-rw-r--r--main/src/main/res/values/untranslatable.xml6
-rw-r--r--main/src/ui/java/de/blinkt/openvpn/fragments/Settings_Authentication.kt63
-rw-r--r--main/src/ui/java/de/blinkt/openvpn/views/RemoteCNPreference.java2
-rw-r--r--main/src/ui/java/de/blinkt/openvpn/views/RemoteCNPreferenceDialog.java9
-rw-r--r--main/src/ui/res/xml/vpn_authentification.xml94
8 files changed, 103 insertions, 79 deletions
diff --git a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java
index 115a9d03..84e7975d 100644
--- a/main/src/main/java/de/blinkt/openvpn/VpnProfile.java
+++ b/main/src/main/java/de/blinkt/openvpn/VpnProfile.java
@@ -170,6 +170,7 @@ public class VpnProfile implements Serializable, Cloneable {
public String mPeerFingerPrints = "";
public int mCompatMode = 0;
public boolean mUseLegacyProvider = false;
+ public String mTlSCertProfile = "";
private transient PrivateKey mPrivateKey;
// Public attributes, since I got mad with getter/setter
diff --git a/main/src/main/res/values/arrays.xml b/main/src/main/res/values/arrays.xml
index 97c10ff7..d5e21f3a 100644
--- a/main/src/main/res/values/arrays.xml
+++ b/main/src/main/res/values/arrays.xml
@@ -42,4 +42,10 @@
<item>OpenVPN 2.4.x peers</item>
<item>OpenVPN 2.3.x and older peers</item>
</string-array>
+ <string-array name="tls_profile_entries">
+ <item>insecure (not recommend, allows insecure crypto)</item>
+ <item>legacy (default)</item>
+ <item>preferred (recommended but limited compabbility)</item>
+ <item>Suite B</item>
+ </string-array>
</resources>
diff --git a/main/src/main/res/values/strings.xml b/main/src/main/res/values/strings.xml
index 4a4df03d..b82d70ca 100755
--- a/main/src/main/res/values/strings.xml
+++ b/main/src/main/res/values/strings.xml
@@ -508,5 +508,6 @@
<string name="bf_cbc_requires_legacy">Profiles uses BF-CBC which depends on OpenSSL legacy provider (not enabled).</string>
<string name="allow_translations_title">Allow community contributed translations</string>
<string name="allow_translations_summary">Allows the app to be translated with translations contributed by the community. Requires a restart of the app to activate.</string>
+ <string name="tls_profile">TLS Security Profile</string>
</resources>
diff --git a/main/src/main/res/values/untranslatable.xml b/main/src/main/res/values/untranslatable.xml
index db64efa6..0260de8d 100644
--- a/main/src/main/res/values/untranslatable.xml
+++ b/main/src/main/res/values/untranslatable.xml
@@ -83,4 +83,10 @@
<string name="faq_title_ncp">Failed to negotiate cipher with server</string>
<string name="import_from_URL">URL</string>
+ <string-array name="tls_profile_values" translatable="false">
+ <item>insecure</item>
+ <item>legacy</item>
+ <item>preferred</item>
+ <item>suiteb</item>
+ </string-array>
</resources>
diff --git a/main/src/ui/java/de/blinkt/openvpn/fragments/Settings_Authentication.kt b/main/src/ui/java/de/blinkt/openvpn/fragments/Settings_Authentication.kt
index 15687f26..d3de8116 100644
--- a/main/src/ui/java/de/blinkt/openvpn/fragments/Settings_Authentication.kt
+++ b/main/src/ui/java/de/blinkt/openvpn/fragments/Settings_Authentication.kt
@@ -24,8 +24,7 @@ import de.blinkt.openvpn.views.RemoteCNPreference
import de.blinkt.openvpn.views.RemoteCNPreferenceDialog
import java.io.IOException
-class Settings_Authentication : OpenVpnPreferencesFragment(), Preference.OnPreferenceChangeListener,
- Preference.OnPreferenceClickListener {
+class Settings_Authentication : OpenVpnPreferencesFragment(), Preference.OnPreferenceClickListener {
private lateinit var mExpectTLSCert: CheckBoxPreference
private lateinit var mCheckRemoteCN: CheckBoxPreference
private lateinit var mRemoteCN: RemoteCNPreference
@@ -36,6 +35,7 @@ class Settings_Authentication : OpenVpnPreferencesFragment(), Preference.OnPrefe
private var mTlsAuthFileData: String? = null
private lateinit var mAuth: EditTextPreference
private lateinit var mRemoteX509Name: EditTextPreference
+ private lateinit var mTLSProfile: ListPreference
override fun onCreatePreferences(savedInstanceState: Bundle?, rootKey: String?) {
}
@@ -48,17 +48,17 @@ class Settings_Authentication : OpenVpnPreferencesFragment(), Preference.OnPrefe
mExpectTLSCert = findPreference("remoteServerTLS")!!
mCheckRemoteCN = findPreference("checkRemoteCN")!!
mRemoteCN = findPreference("remotecn")!!
- mRemoteCN.onPreferenceChangeListener = this
+ setRemoteCNSummaryProvider()
mRemoteX509Name = findPreference("remotex509name")!!
- mRemoteX509Name.onPreferenceChangeListener = this
+ mRemoteX509Name.setSummaryProvider { pref ->
+ if ((pref as EditTextPreference).text.isEmpty()) "CN (default)" else pref.text
+ }
mUseTLSAuth = findPreference("useTLSAuth")!!
mTLSAuthFile = findPreference("tlsAuthFile")!!
mTLSAuthDirection = findPreference("tls_direction")!!
- mTLSAuthFile.onPreferenceClickListener = this
mDataCiphers = findPreference("dataciphers")!!
- mDataCiphers.onPreferenceChangeListener = this
mAuth = findPreference("auth")!!
- mAuth.onPreferenceChangeListener = this
+ mTLSProfile = findPreference("tls_profile")!!
loadSettings()
}
@@ -67,20 +67,17 @@ class Settings_Authentication : OpenVpnPreferencesFragment(), Preference.OnPrefe
mCheckRemoteCN.isChecked = mProfile.mCheckRemoteCN
mRemoteCN.setDN(mProfile.mRemoteCN)
mRemoteCN.setAuthType(mProfile.mX509AuthType)
- onPreferenceChange(
- mRemoteCN,
- Pair(mProfile.mX509AuthType, mProfile.mRemoteCN)
- )
mRemoteX509Name.text = mProfile.mx509UsernameField ?: ""
- onPreferenceChange(mRemoteX509Name, mProfile.mx509UsernameField ?: "")
mUseTLSAuth.isChecked = mProfile.mUseTLSAuth
+
mTlsAuthFileData = mProfile.mTLSAuthFilename
setTlsAuthSummary(mTlsAuthFileData)
+
mTLSAuthDirection.value = mProfile.mTLSAuthDirection
+
mDataCiphers.text = mProfile.mDataCiphers
- onPreferenceChange(mDataCiphers, mProfile.mDataCiphers)
mAuth.text = mProfile.mAuth
- onPreferenceChange(mAuth, mProfile.mAuth)
+
if (mProfile.mAuthenticationType == VpnProfile.TYPE_STATICKEYS) {
mExpectTLSCert.isEnabled = false
mCheckRemoteCN.isEnabled = false
@@ -89,6 +86,10 @@ class Settings_Authentication : OpenVpnPreferencesFragment(), Preference.OnPrefe
mExpectTLSCert.isEnabled = true
mCheckRemoteCN.isEnabled = true
}
+ if (mProfile.mTlSCertProfile.isNullOrBlank())
+ mTLSProfile.value = "legacy"
+ else
+ mTLSProfile.value = mProfile.mTlSCertProfile
}
override fun saveSettings() {
@@ -99,36 +100,30 @@ class Settings_Authentication : OpenVpnPreferencesFragment(), Preference.OnPrefe
mProfile.mUseTLSAuth = mUseTLSAuth.isChecked
mProfile.mTLSAuthFilename = mTlsAuthFileData
mProfile.mx509UsernameField = mRemoteX509Name.text
- if (mTLSAuthDirection.value == null) mProfile.mTLSAuthDirection =
- null else mProfile.mTLSAuthDirection = mTLSAuthDirection.value
- if (mDataCiphers.text == null) mProfile.mDataCiphers = null else mProfile.mDataCiphers =
- mDataCiphers.text
- if (mAuth.text == null) mProfile.mAuth = null else mProfile.mAuth = mAuth.text
+ mProfile.mTLSAuthDirection = mTLSAuthDirection.value
+ mProfile.mDataCiphers = mDataCiphers.text
+ mProfile.mAuth = mAuth.text
+ mProfile.mTlSCertProfile = mTLSProfile.value
}
- override fun onPreferenceChange(preference: Preference, newValue: Any): Boolean {
- if (preference === mRemoteCN && newValue is Pair<*, *>) {
- val authtype = newValue.first as Int
- val dn = newValue.second
- if ("" == dn) {
+ private fun setRemoteCNSummaryProvider()
+ {
+ mRemoteCN.setSummaryProvider {
+ pref ->
+ pref as RemoteCNPreference;
+
+ if ("" == pref.cnText) {
if (mProfile.mConnections.size > 0) {
- preference.summary = getX509String(
- VpnProfile.X509_VERIFY_TLSREMOTE_RDN,
+ return@setSummaryProvider getX509String(VpnProfile.X509_VERIFY_TLSREMOTE_RDN,
mProfile.mConnections[0].mServerName
)
} else {
- preference.setSummary(R.string.no_remote_defined)
+ return@setSummaryProvider getString(R.string.no_remote_defined)
}
} else {
- preference.summary = getX509String(authtype, dn as String)
+ return@setSummaryProvider getX509String(pref.authtype, pref.cnText)
}
- } else if (preference === mDataCiphers || preference === mAuth) {
- preference.summary = (newValue as CharSequence)
- } else if (preference === mRemoteX509Name) {
- preference.summary =
- (if (newValue.toString().isEmpty()) "CN (default)" else newValue as CharSequence)
}
- return true
}
private fun getX509String(authtype: Int, dn: String): CharSequence {
diff --git a/main/src/ui/java/de/blinkt/openvpn/views/RemoteCNPreference.java b/main/src/ui/java/de/blinkt/openvpn/views/RemoteCNPreference.java
index 93a2d90f..ca94ac19 100644
--- a/main/src/ui/java/de/blinkt/openvpn/views/RemoteCNPreference.java
+++ b/main/src/ui/java/de/blinkt/openvpn/views/RemoteCNPreference.java
@@ -39,11 +39,13 @@ public class RemoteCNPreference extends DialogPreference {
public void setDN(String dn) {
mDn = dn;
+ notifyChanged();
}
public void setAuthType(int x509authtype) {
mDNType = x509authtype;
+ notifyChanged();
}
public String getCNText() {
diff --git a/main/src/ui/java/de/blinkt/openvpn/views/RemoteCNPreferenceDialog.java b/main/src/ui/java/de/blinkt/openvpn/views/RemoteCNPreferenceDialog.java
index 37258489..303e5977 100644
--- a/main/src/ui/java/de/blinkt/openvpn/views/RemoteCNPreferenceDialog.java
+++ b/main/src/ui/java/de/blinkt/openvpn/views/RemoteCNPreferenceDialog.java
@@ -107,17 +107,14 @@ public class RemoteCNPreferenceDialog extends PreferenceDialogFragmentCompat {
@Override
public void onDialogClosed(boolean positiveResult) {
-
if (positiveResult) {
RemoteCNPreference pref = ((RemoteCNPreference) getPreference());
String dn = mEditText.getText().toString();
int authtype = getAuthTypeFromSpinner();
- if (pref.callChangeListener(new Pair<>(authtype, dn))) {
- pref.setDN(dn);
- pref.setAuthType(authtype);
- }
- }
+ pref.setDN(dn);
+ pref.setAuthType(authtype);
+ }
}
diff --git a/main/src/ui/res/xml/vpn_authentification.xml b/main/src/ui/res/xml/vpn_authentification.xml
index be24495a..770f6599 100644
--- a/main/src/ui/res/xml/vpn_authentification.xml
+++ b/main/src/ui/res/xml/vpn_authentification.xml
@@ -3,64 +3,80 @@
~ Distributed under the GNU GPL v2 with additional terms. For full terms see the file doc/LICENSE.txt
-->
-<PreferenceScreen xmlns:android="http://schemas.android.com/apk/res/android">
+<PreferenceScreen xmlns:android="http://schemas.android.com/apk/res/android"
+ xmlns:app="http://schemas.android.com/apk/res-auto">
<PreferenceCategory android:title="@string/tls_settings">
+ <ListPreference
+ android:entries="@array/tls_profile_entries"
+ android:entryValues="@array/tls_profile_values"
+ android:key="tls_profile"
+ android:persistent="false"
+ android:title="@string/tls_profile"
+ app:useSimpleSummaryProvider="true" />
<CheckBoxPreference
- android:key="remoteServerTLS"
- android:summary="@string/check_remote_tlscert"
- android:title="@string/check_remote_tlscert_title" />
+ android:key="remoteServerTLS"
+ android:summary="@string/check_remote_tlscert"
+ android:title="@string/check_remote_tlscert_title" />
<CheckBoxPreference
- android:key="checkRemoteCN"
- android:summary="@string/remote_tlscn_check_summary"
- android:title="@string/remote_tlscn_check_title" />
+ android:key="checkRemoteCN"
+ android:summary="@string/remote_tlscn_check_summary"
+ android:title="@string/remote_tlscn_check_title" />
<de.blinkt.openvpn.views.RemoteCNPreference
- android:dependency="checkRemoteCN"
- android:positiveButtonText="@android:string/ok"
- android:negativeButtonText="@string/cancel"
- android:key="remotecn"
- android:title="@string/enter_tlscn_title" />
+ android:dependency="checkRemoteCN"
+ android:key="remotecn"
+ android:negativeButtonText="@string/cancel"
+ android:positiveButtonText="@android:string/ok"
+ android:title="@string/enter_tlscn_title" />
<EditTextPreference
- android:dependency="checkRemoteCN"
- android:dialogMessage="Field in the X.509 certificate subject to be used as the username (default=CN)."
- android:key="remotex509name"
- android:persistent="false"
- android:title="X509 Username Field" />
+ android:dependency="checkRemoteCN"
+ android:dialogMessage="Field in the X.509 certificate subject to be used as the username (default=CN)."
+ android:key="remotex509name"
+ android:persistent="false"
+ android:title="X509 Username Field" />
</PreferenceCategory>
<PreferenceCategory android:title="@string/tls_authentication">
<SwitchPreference
- android:key="useTLSAuth"
- android:summary="@string/tls_key_auth"
- android:title="@string/useTLSAuth" />
+
+ android:key="useTLSAuth"
+ android:summary="@string/tls_key_auth"
+ android:title="@string/useTLSAuth" />
<Preference
- android:dependency="useTLSAuth"
- android:key="tlsAuthFile"
- android:title="@string/tls_auth_file" />
+ android:dependency="useTLSAuth"
+
+ android:key="tlsAuthFile"
+ android:title="@string/tls_auth_file"
+ app:useSimpleSummaryProvider="true" />
<ListPreference
- android:dependency="useTLSAuth"
- android:entries="@array/tls_directions_entries"
- android:entryValues="@array/tls_directions_values"
- android:key="tls_direction"
- android:persistent="false"
- android:title="@string/tls_direction" />
+ android:dependency="useTLSAuth"
+
+ android:entries="@array/tls_directions_entries"
+ android:entryValues="@array/tls_directions_values"
+ android:key="tls_direction"
+ android:persistent="false"
+ android:title="@string/tls_direction"
+ app:useSimpleSummaryProvider="true" />
</PreferenceCategory>
<PreferenceCategory android:title="@string/encryption">
<EditTextPreference
- android:dialogMessage="@string/chipher_dialog_message"
- android:dialogTitle="@string/cipher_dialog_title"
- android:key="dataciphers"
- android:persistent="false"
- android:title="@string/encryption_cipher" />
+ android:dialogMessage="@string/chipher_dialog_message"
+ android:dialogTitle="@string/cipher_dialog_title"
+ android:key="dataciphers"
+ android:persistent="false"
+ android:title="@string/encryption_cipher"
+ app:useSimpleSummaryProvider="true" />
<EditTextPreference
- android:dialogMessage="@string/auth_dialog_message"
- android:dialogTitle="@string/auth_dialog_title"
- android:key="auth"
- android:persistent="false"
- android:title="@string/packet_auth" />
+ android:dialogMessage="@string/auth_dialog_message"
+ android:dialogTitle="@string/auth_dialog_title"
+ android:key="auth"
+ android:persistent="false"
+ android:title="@string/packet_auth"
+
+ app:useSimpleSummaryProvider="true" />
</PreferenceCategory>
</PreferenceScreen> \ No newline at end of file