From: Markus Pfeiffer <markus.pfeiffer@relution.io>
Date: Tue, 21 Nov 2023 14:37:23 +0000 (+0100)
Subject: android: Add trusted and user certificates to ManagedVpnProfile
X-Git-Tag: android-2.5.0^2~12
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6882f177410f5601ae5aca10e515335bdcdc02d7;p=thirdparty%2Fstrongswan.git

android: Add trusted and user certificates to ManagedVpnProfile
---

diff --git a/src/frontends/android/app/src/main/java/org/strongswan/android/data/ManagedVpnProfile.java b/src/frontends/android/app/src/main/java/org/strongswan/android/data/ManagedVpnProfile.java
index 90169871c1..054dde19f6 100644
--- a/src/frontends/android/app/src/main/java/org/strongswan/android/data/ManagedVpnProfile.java
+++ b/src/frontends/android/app/src/main/java/org/strongswan/android/data/ManagedVpnProfile.java
@@ -21,8 +21,11 @@ import android.text.TextUtils;
 
 import org.strongswan.android.utils.Constants;
 
+import java.util.Objects;
 import java.util.UUID;
 
+import androidx.annotation.Nullable;
+
 public class ManagedVpnProfile extends VpnProfile
 {
 	private static final String KEY_REMOTE = "remote";
@@ -40,6 +43,9 @@ public class ManagedVpnProfile extends VpnProfile
 	private static final String KEY_SPLIT_TUNNELLING_BLOCK_IPV4_FLAG = "split_tunnelling_block_ipv4";
 	private static final String KEY_SPLIT_TUNNELLING_BLOCK_IPV6_FLAG = "split_tunnelling_block_ipv6";
 
+	private ManagedTrustedCertificate trustedCertificate;
+	private ManagedUserCertificate userCertificate;
+
 	ManagedVpnProfile(final Bundle bundle, final UUID uuid)
 	{
 		int flags = 0;
@@ -51,41 +57,14 @@ public class ManagedVpnProfile extends VpnProfile
 		setVpnType(VpnType.fromIdentifier(bundle.getString(VpnProfileDataSource.KEY_VPN_TYPE)));
 
 		final Bundle remote = bundle.getBundle(KEY_REMOTE);
-		if (remote != null)
-		{
-			setGateway(remote.getString(VpnProfileDataSource.KEY_GATEWAY));
-			setPort(getInt(remote, VpnProfileDataSource.KEY_PORT, 1, 65535));
-			setRemoteId(remote.getString(VpnProfileDataSource.KEY_REMOTE_ID));
-			setCertificateAlias(remote.getString(VpnProfileDataSource.KEY_CERTIFICATE));
-
-			flags = addNegativeFlag(flags, remote, KEY_REMOTE_CERT_REQ_FLAG, VpnProfile.FLAGS_SUPPRESS_CERT_REQS);
-			flags = addNegativeFlag(flags, remote, KEY_REMOTE_REVOCATION_CRL_FLAG, VpnProfile.FLAGS_DISABLE_CRL);
-			flags = addNegativeFlag(flags, remote, KEY_REMOTE_REVOCATION_OCSP_FLAG, VpnProfile.FLAGS_DISABLE_OCSP);
-			flags = addPositiveFlag(flags, remote, KEY_REMOTE_REVOCATION_STRICT_FLAG, VpnProfile.FLAGS_STRICT_REVOCATION);
-		}
+		flags = configureRemote(uuid, remote, flags);
 
 		final Bundle local = bundle.getBundle(KEY_LOCAL);
-		if (local != null)
-		{
-			setLocalId(local.getString(VpnProfileDataSource.KEY_LOCAL_ID));
-			setUsername(local.getString(VpnProfileDataSource.KEY_USERNAME));
-
-			flags = addPositiveFlag(flags, local, KEY_LOCAL_RSA_PSS_FLAG, VpnProfile.FLAGS_RSA_PSS);
-		}
+		flags = configureLocal(uuid, local, flags);
 
 		final String includedPackageNames = bundle.getString(KEY_INCLUDED_APPS);
 		final String excludedPackageNames = bundle.getString(KEY_EXCLUDED_APPS);
-
-		if (!TextUtils.isEmpty(includedPackageNames))
-		{
-			setSelectedAppsHandling(VpnProfile.SelectedAppsHandling.SELECTED_APPS_ONLY);
-			setSelectedApps(includedPackageNames);
-		}
-		else if (!TextUtils.isEmpty(excludedPackageNames))
-		{
-			setSelectedAppsHandling(VpnProfile.SelectedAppsHandling.SELECTED_APPS_EXCLUDE);
-			setSelectedApps(excludedPackageNames);
-		}
+		configureSelectedApps(includedPackageNames, excludedPackageNames);
 
 		setMTU(getInt(bundle, VpnProfileDataSource.KEY_MTU, Constants.MTU_MIN, Constants.MTU_MAX));
 		setNATKeepAlive(getInt(bundle, VpnProfileDataSource.KEY_NAT_KEEPALIVE, Constants.NAT_KEEPALIVE_MIN, Constants.NAT_KEEPALIVE_MAX));
@@ -108,6 +87,67 @@ public class ManagedVpnProfile extends VpnProfile
 		setFlags(flags);
 	}
 
+	private void configureSelectedApps(String includedPackageNames, String excludedPackageNames)
+	{
+		if (!TextUtils.isEmpty(includedPackageNames))
+		{
+			setSelectedAppsHandling(SelectedAppsHandling.SELECTED_APPS_ONLY);
+			setSelectedApps(includedPackageNames);
+		}
+		else if (!TextUtils.isEmpty(excludedPackageNames))
+		{
+			setSelectedAppsHandling(SelectedAppsHandling.SELECTED_APPS_EXCLUDE);
+			setSelectedApps(excludedPackageNames);
+		}
+	}
+
+	private int configureRemote(final UUID uuid, @Nullable Bundle remote, int flags)
+	{
+		if (remote == null)
+		{
+			return flags;
+		}
+
+		setGateway(remote.getString(VpnProfileDataSource.KEY_GATEWAY));
+		setPort(getInt(remote, VpnProfileDataSource.KEY_PORT, 1, 65_535));
+		setRemoteId(remote.getString(VpnProfileDataSource.KEY_REMOTE_ID));
+
+		final String certificateData = remote.getString(VpnProfileDataSource.KEY_CERTIFICATE);
+		if (!TextUtils.isEmpty(certificateData))
+		{
+			trustedCertificate = new ManagedTrustedCertificate(uuid.toString(), certificateData);
+			setCertificateAlias(trustedCertificate.getAlias());
+		}
+
+		flags = addNegativeFlag(flags, remote, KEY_REMOTE_CERT_REQ_FLAG, VpnProfile.FLAGS_SUPPRESS_CERT_REQS);
+		flags = addNegativeFlag(flags, remote, KEY_REMOTE_REVOCATION_CRL_FLAG, VpnProfile.FLAGS_DISABLE_CRL);
+		flags = addNegativeFlag(flags, remote, KEY_REMOTE_REVOCATION_OCSP_FLAG, VpnProfile.FLAGS_DISABLE_OCSP);
+		flags = addPositiveFlag(flags, remote, KEY_REMOTE_REVOCATION_STRICT_FLAG, VpnProfile.FLAGS_STRICT_REVOCATION);
+		return flags;
+	}
+
+	private int configureLocal(final UUID uuid, @Nullable Bundle local, int flags)
+	{
+		if (local == null)
+		{
+			return flags;
+		}
+
+		setLocalId(local.getString(VpnProfileDataSource.KEY_LOCAL_ID));
+		setUsername(local.getString(VpnProfileDataSource.KEY_USERNAME));
+
+		final String userCertificateData = local.getString(VpnProfileDataSource.KEY_USER_CERTIFICATE);
+		final String userCertificatePassword = local.getString(VpnProfileDataSource.KEY_USER_CERTIFICATE_PASSWORD, "");
+		if (!TextUtils.isEmpty(userCertificateData))
+		{
+			userCertificate = new ManagedUserCertificate(uuid.toString(), userCertificateData, userCertificatePassword);
+			setUserCertificateAlias(userCertificate.getAlias());
+		}
+
+		flags = addPositiveFlag(flags, local, KEY_LOCAL_RSA_PSS_FLAG, VpnProfile.FLAGS_RSA_PSS);
+		return flags;
+	}
+
 	private static Integer getInt(final Bundle bundle, final String key, final int min, final int max)
 	{
 		final int value = bundle.getInt(key);
@@ -131,4 +171,35 @@ public class ManagedVpnProfile extends VpnProfile
 		}
 		return flags;
 	}
+
+	public ManagedTrustedCertificate getTrustedCertificate()
+	{
+		return trustedCertificate;
+	}
+
+	public ManagedUserCertificate getUserCertificate()
+	{
+		return userCertificate;
+	}
+
+	@Override
+	public boolean equals(Object o)
+	{
+		if (o == this)
+		{
+			return true;
+		}
+		if (o == null || getClass() != o.getClass())
+		{
+			return false;
+		}
+		ManagedVpnProfile that = (ManagedVpnProfile)o;
+		return Objects.equals(getUUID(), that.getUUID());
+	}
+
+	@Override
+	public int hashCode()
+	{
+		return Objects.hash(getUUID());
+	}
 }