private static final String KEY_REMOTE_REVOCATION_CRL_FLAG = "remote_revocation_crl";
private static final String KEY_REMOTE_REVOCATION_OCSP_FLAG = "remote_revocation_ocsp";
private static final String KEY_REMOTE_REVOCATION_STRICT_FLAG = "remote_revocation_strict";
+ private static final String KEY_LOCAL_USER_CERTIFICATE_ALIAS = "user_certificate_alias";
private static final String KEY_LOCAL_RSA_PSS_FLAG = "local_rsa_pss";
private static final String KEY_SPLIT_TUNNELLING_BLOCK_IPV4_FLAG = "split_tunnelling_block_ipv4";
userCertificate = new ManagedUserCertificate(uuid.toString(), userCertificateData, userCertificatePassword);
setUserCertificateAlias(userCertificate.getAlias());
}
+ else
+ {
+ setUserCertificateAlias(getString(local, KEY_LOCAL_USER_CERTIFICATE_ALIAS));
+ }
flags = addPositiveFlag(flags, local, KEY_LOCAL_RSA_PSS_FLAG, VpnProfile.FLAGS_RSA_PSS);
return flags;
<?xml version="1.0" encoding="utf-8"?>
<!--
+ Copyright (C) 2025 Tobias Brunner
Copyright (C) 2023 Relution GmbH
Copyright (C) secunet Security Networks AG
<string name="managed_config_local_p12_description">Base64-encoded PKCS#12-container with the client certificate and private key and optional certificate chain (the latter might cause warnings on older Android releases, see Android VPN client configuration for details). Not necessary for username/password-based EAP authentication or if the user already has the certificate/key installed as it may be selected while importing the profile</string>
<string name="managed_config_local_p12_password_title">User certificate password (Optional)</string>
<string name="managed_config_local_p12_password_description">Password required to extract the private key of the PKCS#12-container for installation</string>
+ <string name="managed_config_local_user_certificate_alias_title">User certificate alias (Optional)</string>
+ <string name="managed_config_local_user_certificate_alias_description">Alias of a user certificate/key already installed on the device. The app must be granted access to it by the MDM. Only used if no certificate is distributed with the config. If a certificate is required and this is not set, the user may select a local certificate manually</string>
<string name="managed_config_local_rsa_pss_title">@string/profile_rsa_pss_label</string>
<string name="managed_config_local_rsa_pss_description">@string/profile_rsa_pss_hint</string>
<?xml version="1.0" encoding="utf-8"?>
<!--
+ Copyright (C) 2025 Tobias Brunner
Copyright (C) 2023 Relution GmbH
Copyright (C) secunet Security Networks AG
<string name="managed_config_local_p12_description">Base64-encoded PKCS#12-container with the client certificate and private key and optional certificate chain (the latter might cause warnings on older Android releases, see Android VPN client configuration for details). Not necessary for username/password-based EAP authentication or if the user already has the certificate/key installed as it may be selected while importing the profile</string>
<string name="managed_config_local_p12_password_title">User certificate password (Optional)</string>
<string name="managed_config_local_p12_password_description">Password required to extract the private key of the PKCS#12-container for installation</string>
+ <string name="managed_config_local_user_certificate_alias_title">User certificate alias (Optional)</string>
+ <string name="managed_config_local_user_certificate_alias_description">Alias of a user certificate/key already installed on the device. The app must be granted access to it by the MDM. Only used if no certificate is distributed with the config. If a certificate is required and this is not set, the user may select a local certificate manually</string>
<string name="managed_config_local_rsa_pss_title">@string/profile_rsa_pss_label</string>
<string name="managed_config_local_rsa_pss_description">@string/profile_rsa_pss_hint</string>
<?xml version="1.0" encoding="utf-8"?>
<!--
+ Copyright (C) 2025 Tobias Brunner
Copyright (C) 2023 Relution GmbH
Copyright (C) secunet Security Networks AG
<string name="managed_config_local_p12_description">Base64-encoded PKCS#12-container with the client certificate and private key and optional certificate chain (the latter might cause warnings on older Android releases, see Android VPN client configuration for details). Not necessary for username/password-based EAP authentication or if the user already has the certificate/key installed as it may be selected while importing the profile</string>
<string name="managed_config_local_p12_password_title">User certificate password (Optional)</string>
<string name="managed_config_local_p12_password_description">Password required to extract the private key of the PKCS#12-container for installation</string>
+ <string name="managed_config_local_user_certificate_alias_title">User certificate alias (Optional)</string>
+ <string name="managed_config_local_user_certificate_alias_description">Alias of a user certificate/key already installed on the device. The app must be granted access to it by the MDM. Only used if no certificate is distributed with the config. If a certificate is required and this is not set, the user may select a local certificate manually</string>
<string name="managed_config_local_rsa_pss_title">@string/profile_rsa_pss_label</string>
<string name="managed_config_local_rsa_pss_description">@string/profile_rsa_pss_hint</string>
<?xml version="1.0" encoding="utf-8"?>
<!--
+ Copyright (C) 2025 Tobias Brunner
Copyright (C) 2023 Relution GmbH
Copyright (C) secunet Security Networks AG
<string name="managed_config_local_p12_description">Base64-encoded PKCS#12-container with the client certificate and private key and optional certificate chain (the latter might cause warnings on older Android releases, see Android VPN client configuration for details). Not necessary for username/password-based EAP authentication or if the user already has the certificate/key installed as it may be selected while importing the profile</string>
<string name="managed_config_local_p12_password_title">User certificate password (Optional)</string>
<string name="managed_config_local_p12_password_description">Password required to extract the private key of the PKCS#12-container for installation</string>
+ <string name="managed_config_local_user_certificate_alias_title">User certificate alias (Optional)</string>
+ <string name="managed_config_local_user_certificate_alias_description">Alias of a user certificate/key already installed on the device. The app must be granted access to it by the MDM. Only used if no certificate is distributed with the config. If a certificate is required and this is not set, the user may select a local certificate manually</string>
<string name="managed_config_local_rsa_pss_title">@string/profile_rsa_pss_label</string>
<string name="managed_config_local_rsa_pss_description">@string/profile_rsa_pss_hint</string>
<?xml version="1.0" encoding="utf-8"?>
<!--
+ Copyright (C) 2025 Tobias Brunner
Copyright (C) 2023 Relution GmbH
Copyright (C) secunet Security Networks AG
<string name="managed_config_local_p12_description">Base64-encoded PKCS#12-container with the client certificate and private key and optional certificate chain (the latter might cause warnings on older Android releases, see Android VPN client configuration for details). Not necessary for username/password-based EAP authentication or if the user already has the certificate/key installed as it may be selected while importing the profile</string>
<string name="managed_config_local_p12_password_title">User certificate password (Optional)</string>
<string name="managed_config_local_p12_password_description">Password required to extract the private key of the PKCS#12-container for installation</string>
+ <string name="managed_config_local_user_certificate_alias_title">User certificate alias (Optional)</string>
+ <string name="managed_config_local_user_certificate_alias_description">Alias of a user certificate/key already installed on the device. The app must be granted access to it by the MDM. Only used if no certificate is distributed with the config. If a certificate is required and this is not set, the user may select a local certificate manually</string>
<string name="managed_config_local_rsa_pss_title">@string/profile_rsa_pss_label</string>
<string name="managed_config_local_rsa_pss_description">@string/profile_rsa_pss_hint</string>
<?xml version="1.0" encoding="utf-8"?>
<!--
+ Copyright (C) 2025 Tobias Brunner
Copyright (C) 2023 Relution GmbH
Copyright (C) secunet Security Networks AG
<string name="managed_config_local_p12_description">Base64-encoded PKCS#12-container with the client certificate and private key and optional certificate chain (the latter might cause warnings on older Android releases, see Android VPN client configuration for details). Not necessary for username/password-based EAP authentication or if the user already has the certificate/key installed as it may be selected while importing the profile</string>
<string name="managed_config_local_p12_password_title">User certificate password (Optional)</string>
<string name="managed_config_local_p12_password_description">Password required to extract the private key of the PKCS#12-container for installation</string>
+ <string name="managed_config_local_user_certificate_alias_title">User certificate alias (Optional)</string>
+ <string name="managed_config_local_user_certificate_alias_description">Alias of a user certificate/key already installed on the device. The app must be granted access to it by the MDM. Only used if no certificate is distributed with the config. If a certificate is required and this is not set, the user may select a local certificate manually</string>
<string name="managed_config_local_rsa_pss_title">@string/profile_rsa_pss_label</string>
<string name="managed_config_local_rsa_pss_description">@string/profile_rsa_pss_hint</string>
<string name="managed_config_local_p12_description">Base64-encoded PKCS#12-container with the client certificate and private key and optional certificate chain (the latter might cause warnings on older Android releases, see Android VPN client configuration for details). Not necessary for username/password-based EAP authentication or if the user already has the certificate/key installed as it may be selected while importing the profile</string>
<string name="managed_config_local_p12_password_title">User certificate password (Optional)</string>
<string name="managed_config_local_p12_password_description">Password required to extract the private key of the PKCS#12-container for installation</string>
+ <string name="managed_config_local_user_certificate_alias_title">User certificate alias (Optional)</string>
+ <string name="managed_config_local_user_certificate_alias_description">Alias of a user certificate/key already installed on the device. The app must be granted access to it by the MDM. Only used if no certificate is distributed with the config. If a certificate is required and this is not set, the user may select a local certificate manually</string>
<string name="managed_config_local_rsa_pss_title">@string/profile_rsa_pss_label</string>
<string name="managed_config_local_rsa_pss_description">@string/profile_rsa_pss_hint</string>
android:restrictionType="string"
android:title="@string/managed_config_local_p12_password_title" />
+ <restriction
+ android:defaultValue=""
+ android:description="@string/managed_config_local_user_certificate_alias_description"
+ android:key="user_certificate_alias"
+ android:restrictionType="string"
+ android:title="@string/managed_config_local_user_certificate_alias_title" />
+
<restriction
android:defaultValue="false"
android:description="@string/managed_config_local_rsa_pss_description"
projects / thirdparty / strongswan.git / commitdiff
