android: Add trusted and user certificates to ManagedVpnProfile

author Markus Pfeiffer <markus.pfeiffer@relution.io>

Tue, 21 Nov 2023 14:37:23 +0000 (15:37 +0100)

committer Tobias Brunner <tobias@strongswan.org>

Wed, 21 Feb 2024 11:24:53 +0000 (12:24 +0100)
author Markus Pfeiffer <markus.pfeiffer@relution.io>
Tue, 21 Nov 2023 14:37:23 +0000 (15:37 +0100)
committer Tobias Brunner <tobias@strongswan.org>
Wed, 21 Feb 2024 11:24:53 +0000 (12:24 +0100)
diff --git a/src/frontends/android/app/src/main/java/org/strongswan/android/data/ManagedVpnProfile.java b/src/frontends/android/app/src/main/java/org/strongswan/android/data/ManagedVpnProfile.java

index 90169871c1dadb11a7cbd5069c6819ad40b5f51d..054dde19f61170bcbb5df075978c03368d835f1a 100644 (file)
--- a/src/frontends/android/app/src/main/java/org/strongswan/android/data/ManagedVpnProfile.java
+++ b/src/frontends/android/app/src/main/java/org/strongswan/android/data/ManagedVpnProfile.java
@@ -21,8 +21,11 @@ import android.text.TextUtils;
  
  import org.strongswan.android.utils.Constants;
  
+import java.util.Objects;
  import java.util.UUID;
  
+import androidx.annotation.Nullable;
+
  public class ManagedVpnProfile extends VpnProfile
  {
         private static final String KEY_REMOTE = "remote";
@@ -40,6 +43,9 @@ public class ManagedVpnProfile extends VpnProfile
         private static final String KEY_SPLIT_TUNNELLING_BLOCK_IPV4_FLAG = "split_tunnelling_block_ipv4";
         private static final String KEY_SPLIT_TUNNELLING_BLOCK_IPV6_FLAG = "split_tunnelling_block_ipv6";
  
+       private ManagedTrustedCertificate trustedCertificate;
+       private ManagedUserCertificate userCertificate;
+
         ManagedVpnProfile(final Bundle bundle, final UUID uuid)
         {
                 int flags = 0;
@@ -51,41 +57,14 @@ public class ManagedVpnProfile extends VpnProfile
                 setVpnType(VpnType.fromIdentifier(bundle.getString(VpnProfileDataSource.KEY_VPN_TYPE)));
  
                 final Bundle remote = bundle.getBundle(KEY_REMOTE);
-               if (remote != null)
-               {
-                       setGateway(remote.getString(VpnProfileDataSource.KEY_GATEWAY));
-                       setPort(getInt(remote, VpnProfileDataSource.KEY_PORT, 1, 65535));
-                       setRemoteId(remote.getString(VpnProfileDataSource.KEY_REMOTE_ID));
-                       setCertificateAlias(remote.getString(VpnProfileDataSource.KEY_CERTIFICATE));
-
-                       flags = addNegativeFlag(flags, remote, KEY_REMOTE_CERT_REQ_FLAG, VpnProfile.FLAGS_SUPPRESS_CERT_REQS);
-                       flags = addNegativeFlag(flags, remote, KEY_REMOTE_REVOCATION_CRL_FLAG, VpnProfile.FLAGS_DISABLE_CRL);
-                       flags = addNegativeFlag(flags, remote, KEY_REMOTE_REVOCATION_OCSP_FLAG, VpnProfile.FLAGS_DISABLE_OCSP);
-                       flags = addPositiveFlag(flags, remote, KEY_REMOTE_REVOCATION_STRICT_FLAG, VpnProfile.FLAGS_STRICT_REVOCATION);
-               }
+               flags = configureRemote(uuid, remote, flags);
  
                 final Bundle local = bundle.getBundle(KEY_LOCAL);
-               if (local != null)
-               {
-                       setLocalId(local.getString(VpnProfileDataSource.KEY_LOCAL_ID));
-                       setUsername(local.getString(VpnProfileDataSource.KEY_USERNAME));
-
-                       flags = addPositiveFlag(flags, local, KEY_LOCAL_RSA_PSS_FLAG, VpnProfile.FLAGS_RSA_PSS);
-               }
+               flags = configureLocal(uuid, local, flags);
  
                 final String includedPackageNames = bundle.getString(KEY_INCLUDED_APPS);
                 final String excludedPackageNames = bundle.getString(KEY_EXCLUDED_APPS);
-
-               if (!TextUtils.isEmpty(includedPackageNames))
-               {
-                       setSelectedAppsHandling(VpnProfile.SelectedAppsHandling.SELECTED_APPS_ONLY);
-                       setSelectedApps(includedPackageNames);
-               }
-               else if (!TextUtils.isEmpty(excludedPackageNames))
-               {
-                       setSelectedAppsHandling(VpnProfile.SelectedAppsHandling.SELECTED_APPS_EXCLUDE);
-                       setSelectedApps(excludedPackageNames);
-               }
+               configureSelectedApps(includedPackageNames, excludedPackageNames);
  
                 setMTU(getInt(bundle, VpnProfileDataSource.KEY_MTU, Constants.MTU_MIN, Constants.MTU_MAX));
                 setNATKeepAlive(getInt(bundle, VpnProfileDataSource.KEY_NAT_KEEPALIVE, Constants.NAT_KEEPALIVE_MIN, Constants.NAT_KEEPALIVE_MAX));
@@ -108,6 +87,67 @@ public class ManagedVpnProfile extends VpnProfile
                 setFlags(flags);
         }
  
+       private void configureSelectedApps(String includedPackageNames, String excludedPackageNames)
+       {
+               if (!TextUtils.isEmpty(includedPackageNames))
+               {
+                       setSelectedAppsHandling(SelectedAppsHandling.SELECTED_APPS_ONLY);
+                       setSelectedApps(includedPackageNames);
+               }
+               else if (!TextUtils.isEmpty(excludedPackageNames))
+               {
+                       setSelectedAppsHandling(SelectedAppsHandling.SELECTED_APPS_EXCLUDE);
+                       setSelectedApps(excludedPackageNames);
+               }
+       }
+
+       private int configureRemote(final UUID uuid, @Nullable Bundle remote, int flags)
+       {
+               if (remote == null)
+               {
+                       return flags;
+               }
+
+               setGateway(remote.getString(VpnProfileDataSource.KEY_GATEWAY));
+               setPort(getInt(remote, VpnProfileDataSource.KEY_PORT, 1, 65_535));
+               setRemoteId(remote.getString(VpnProfileDataSource.KEY_REMOTE_ID));
+
+               final String certificateData = remote.getString(VpnProfileDataSource.KEY_CERTIFICATE);
+               if (!TextUtils.isEmpty(certificateData))
+               {
+                       trustedCertificate = new ManagedTrustedCertificate(uuid.toString(), certificateData);
+                       setCertificateAlias(trustedCertificate.getAlias());
+               }
+
+               flags = addNegativeFlag(flags, remote, KEY_REMOTE_CERT_REQ_FLAG, VpnProfile.FLAGS_SUPPRESS_CERT_REQS);
+               flags = addNegativeFlag(flags, remote, KEY_REMOTE_REVOCATION_CRL_FLAG, VpnProfile.FLAGS_DISABLE_CRL);
+               flags = addNegativeFlag(flags, remote, KEY_REMOTE_REVOCATION_OCSP_FLAG, VpnProfile.FLAGS_DISABLE_OCSP);
+               flags = addPositiveFlag(flags, remote, KEY_REMOTE_REVOCATION_STRICT_FLAG, VpnProfile.FLAGS_STRICT_REVOCATION);
+               return flags;
+       }
+
+       private int configureLocal(final UUID uuid, @Nullable Bundle local, int flags)
+       {
+               if (local == null)
+               {
+                       return flags;
+               }
+
+               setLocalId(local.getString(VpnProfileDataSource.KEY_LOCAL_ID));
+               setUsername(local.getString(VpnProfileDataSource.KEY_USERNAME));
+
+               final String userCertificateData = local.getString(VpnProfileDataSource.KEY_USER_CERTIFICATE);
+               final String userCertificatePassword = local.getString(VpnProfileDataSource.KEY_USER_CERTIFICATE_PASSWORD, "");
+               if (!TextUtils.isEmpty(userCertificateData))
+               {
+                       userCertificate = new ManagedUserCertificate(uuid.toString(), userCertificateData, userCertificatePassword);
+                       setUserCertificateAlias(userCertificate.getAlias());
+               }
+
+               flags = addPositiveFlag(flags, local, KEY_LOCAL_RSA_PSS_FLAG, VpnProfile.FLAGS_RSA_PSS);
+               return flags;
+       }
+
         private static Integer getInt(final Bundle bundle, final String key, final int min, final int max)
         {
                 final int value = bundle.getInt(key);
@@ -131,4 +171,35 @@ public class ManagedVpnProfile extends VpnProfile
                 }
                 return flags;
         }
+
+       public ManagedTrustedCertificate getTrustedCertificate()
+       {
+               return trustedCertificate;
+       }
+
+       public ManagedUserCertificate getUserCertificate()
+       {
+               return userCertificate;
+       }
+
+       @Override
+       public boolean equals(Object o)
+       {
+               if (o == this)
+               {
+                       return true;
+               }
+               if (o == null || getClass() != o.getClass())
+               {
+                       return false;
+               }
+               ManagedVpnProfile that = (ManagedVpnProfile)o;
+               return Objects.equals(getUUID(), that.getUUID());
+       }
+
+       @Override
+       public int hashCode()
+       {
+               return Objects.hash(getUUID());
+       }
  }
author	Markus Pfeiffer <markus.pfeiffer@relution.io>
	Tue, 21 Nov 2023 14:37:23 +0000 (15:37 +0100)
committer	Tobias Brunner <tobias@strongswan.org>
	Wed, 21 Feb 2024 11:24:53 +0000 (12:24 +0100)