From 8e6775102cae857726601cc4f32dcb774cd4e50b Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Thu, 7 Mar 2013 22:22:42 +0100 Subject: Add x509-verify-name support to ics-openvpn GUI --HG-- extra : rebase_source : 58613dd0fdf7a9ea75d59b1ea16c68fb6524138b --- src/de/blinkt/openvpn/Settings_Authentication.java | 101 ++++++++++++++------- 1 file changed, 67 insertions(+), 34 deletions(-) (limited to 'src/de/blinkt/openvpn/Settings_Authentication.java') diff --git a/src/de/blinkt/openvpn/Settings_Authentication.java b/src/de/blinkt/openvpn/Settings_Authentication.java index 4e3f1e6f..8f73cd07 100644 --- a/src/de/blinkt/openvpn/Settings_Authentication.java +++ b/src/de/blinkt/openvpn/Settings_Authentication.java @@ -11,13 +11,14 @@ import android.preference.Preference; import android.preference.Preference.OnPreferenceChangeListener; import android.preference.Preference.OnPreferenceClickListener; import android.preference.SwitchPreference; +import android.util.Pair; public class Settings_Authentication extends OpenVpnPreferencesFragment implements OnPreferenceChangeListener, OnPreferenceClickListener { private static final int SELECT_TLS_FILE = 23223232; private CheckBoxPreference mExpectTLSCert; private CheckBoxPreference mCheckRemoteCN; - private EditTextPreference mRemoteCN; + private RemoteCNPreference mRemoteCN; private ListPreference mTLSAuthDirection; private Preference mTLSAuthFile; private SwitchPreference mUseTLSAuth; @@ -34,34 +35,36 @@ public class Settings_Authentication extends OpenVpnPreferencesFragment implemen mExpectTLSCert = (CheckBoxPreference) findPreference("remoteServerTLS"); mCheckRemoteCN = (CheckBoxPreference) findPreference("checkRemoteCN"); - mRemoteCN = (EditTextPreference) findPreference("remotecn"); + mRemoteCN = (RemoteCNPreference) findPreference("remotecn"); mRemoteCN.setOnPreferenceChangeListener(this); - + mUseTLSAuth = (SwitchPreference) findPreference("useTLSAuth" ); mTLSAuthFile = findPreference("tlsAuthFile"); mTLSAuthDirection = (ListPreference) findPreference("tls_direction"); - - + + mTLSAuthFile.setOnPreferenceClickListener(this); - + mCipher =(EditTextPreference) findPreference("cipher"); mCipher.setOnPreferenceChangeListener(this); - + mAuth =(EditTextPreference) findPreference("auth"); mAuth.setOnPreferenceChangeListener(this); - + loadSettings(); } @Override protected void loadSettings() { - + mExpectTLSCert.setChecked(mProfile.mExpectTLSCert); mCheckRemoteCN.setChecked(mProfile.mCheckRemoteCN); - mRemoteCN.setText(mProfile.mRemoteCN); - onPreferenceChange(mRemoteCN, mProfile.mRemoteCN); - + mRemoteCN.setDN(mProfile.mRemoteCN); + mRemoteCN.setAuthType(mProfile.mX509AuthType); + onPreferenceChange(mRemoteCN, + new Pair(mProfile.mX509AuthType, mProfile.mRemoteCN)); + mUseTLSAuth.setChecked(mProfile.mUseTLSAuth); mTlsAuthFileData= mProfile.mTLSAuthFilename; setTlsAuthSummary(mTlsAuthFileData); @@ -71,76 +74,106 @@ public class Settings_Authentication extends OpenVpnPreferencesFragment implemen mAuth.setText(mProfile.mAuth); onPreferenceChange(mAuth, mProfile.mAuth); } - + @Override protected void saveSettings() { mProfile.mExpectTLSCert=mExpectTLSCert.isChecked(); mProfile.mCheckRemoteCN=mCheckRemoteCN.isChecked(); - mProfile.mRemoteCN=mRemoteCN.getText(); - + mProfile.mRemoteCN=mRemoteCN.getCNText(); + mProfile.mX509AuthType=mRemoteCN.getAuthtype(); + mProfile.mUseTLSAuth = mUseTLSAuth.isChecked(); mProfile.mTLSAuthFilename = mTlsAuthFileData; - + if(mTLSAuthDirection.getValue()==null) mProfile.mTLSAuthDirection=null; else mProfile.mTLSAuthDirection = mTLSAuthDirection.getValue().toString(); - + if(mCipher.getText()==null) mProfile.mCipher=null; else mProfile.mCipher = mCipher.getText(); - + if(mAuth.getText()==null) mProfile.mAuth = null; else mProfile.mAuth = mAuth.getText(); - + } - - + + @Override public boolean onPreferenceChange(Preference preference, Object newValue) { if(preference==mRemoteCN) { - if ("".equals(newValue)) - preference.setSummary(mProfile.mServerName); + @SuppressWarnings("unchecked") + int authtype = ((Pair) newValue).first; + @SuppressWarnings("unchecked") + String dn = ((Pair) newValue).second; + + if ("".equals(dn)) + preference.setSummary(getX509String(VpnProfile.X509_VERIFY_TLSREMOTE_RDN, mProfile.mServerName)); else - preference.setSummary((String)newValue); + preference.setSummary(getX509String(authtype,dn)); + } else if (preference == mCipher || preference == mAuth) { preference.setSummary((CharSequence) newValue); } return true; } + private CharSequence getX509String(int authtype, String dn) { + String ret =""; + switch (authtype) { + case VpnProfile.X509_VERIFY_TLSREMOTE: + case VpnProfile.X509_VERIFY_TLSREMOTE_COMPAT_NOREMAPPING: + ret+="tls-remote "; + break; + + case VpnProfile.X509_VERIFY_TLSREMOTE_DN: + ret="dn: "; + break; + + case VpnProfile.X509_VERIFY_TLSREMOTE_RDN: + ret="rdn: "; + break; + + case VpnProfile.X509_VERIFY_TLSREMOTE_RDN_PREFIX: + ret="rdn prefix: "; + break; + } + return ret + dn; + } + void startFileDialog() { Intent startFC = new Intent(getActivity(),FileSelect.class); startFC.putExtra(FileSelect.START_DATA, Environment.getExternalStorageDirectory().getPath()); - + startActivityForResult(startFC,SELECT_TLS_FILE); } @Override public boolean onPreferenceClick(Preference preference) { startFileDialog(); return true; - + } - + @Override public void onActivityResult(int requestCode, int resultCode, Intent data) { super.onActivityResult(requestCode, resultCode, data); if(requestCode==SELECT_TLS_FILE && resultCode == Activity.RESULT_OK){ - String result = data.getStringExtra(FileSelect.RESULT_DATA); - mTlsAuthFileData=result; - setTlsAuthSummary(result); - + String result = data.getStringExtra(FileSelect.RESULT_DATA); + mTlsAuthFileData=result; + setTlsAuthSummary(result); + } } private void setTlsAuthSummary(String result) { if(result==null) result = getString(R.string.no_certificate); if(result.startsWith(VpnProfile.INLINE_TAG)) - mTLSAuthFile.setSummary(R.string.inline_file_data); - else - mTLSAuthFile.setSummary(result); + mTLSAuthFile.setSummary(R.string.inline_file_data); + else + mTLSAuthFile.setSummary(result); } } \ No newline at end of file -- cgit v1.2.3