From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 18 Feb 2025 12:26:08 +0000 (+0100)
Subject: android: Imported VPN profile files may contain passwords
X-Git-Tag: android-2.5.3^2~1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a47e282d09078f27e2b4a7a182c7f67d39c62c2c;p=thirdparty%2Fstrongswan.git

android: Imported VPN profile files may contain passwords

A warning is displayed to the users, reminding them that there is a
cleartext password in the file.
---

diff --git a/src/frontends/android/app/src/main/java/org/strongswan/android/ui/VpnProfileImportActivity.java b/src/frontends/android/app/src/main/java/org/strongswan/android/ui/VpnProfileImportActivity.java
index 7239679454..08565d67bb 100644
--- a/src/frontends/android/app/src/main/java/org/strongswan/android/ui/VpnProfileImportActivity.java
+++ b/src/frontends/android/app/src/main/java/org/strongswan/android/ui/VpnProfileImportActivity.java
@@ -99,6 +99,7 @@ public class VpnProfileImportActivity extends AppCompatActivity
 	private boolean mHideImport;
 	private androidx.core.widget.ContentLoadingProgressBar mProgressBar;
 	private TextView mExistsWarning;
+	private TextView mSharedSecretWarning;
 	private ViewGroup mBasicDataGroup;
 	private TextView mName;
 	private TextView mGateway;
@@ -206,6 +207,7 @@ public class VpnProfileImportActivity extends AppCompatActivity
 
 		mProgressBar = findViewById(R.id.progress_bar);
 		mExistsWarning = findViewById(R.id.exists_warning);
+		mSharedSecretWarning = findViewById(R.id.shared_secret_warning);
 		mBasicDataGroup = findViewById(R.id.basic_data_group);
 		mName = findViewById(R.id.name);
 		mGateway = findViewById(R.id.gateway);
@@ -224,6 +226,7 @@ public class VpnProfileImportActivity extends AppCompatActivity
 		mRemoteCert = findViewById(R.id.remote_certificate);
 
 		mExistsWarning.setVisibility(View.GONE);
+		mSharedSecretWarning.setVisibility(View.GONE);
 		mBasicDataGroup.setVisibility(View.GONE);
 		mUsernamePassword.setVisibility(View.GONE);
 		mUserCertificate.setVisibility(View.GONE);
@@ -400,10 +403,16 @@ public class VpnProfileImportActivity extends AppCompatActivity
 		if (mProfile.getVpnType().has(VpnTypeFeature.USER_PASS))
 		{
 			mUsername.setText(mProfile.getUsername());
-			if (mProfile.getUsername() != null && !mProfile.getUsername().isEmpty())
+			if (!TextUtils.isEmpty(mProfile.getUsername()))
 			{
 				mUsername.setEnabled(false);
 			}
+			mPassword.setText(mProfile.getPassword());
+			if (!TextUtils.isEmpty(mProfile.getPassword()))
+			{
+				mPassword.setEnabled(false);
+				mSharedSecretWarning.setVisibility(View.VISIBLE);
+			}
 		}
 
 		mUserCertificate.setVisibility(mProfile.getVpnType().has(VpnTypeFeature.CERTIFICATE) ? View.VISIBLE : View.GONE);
@@ -523,6 +532,7 @@ public class VpnProfileImportActivity extends AppCompatActivity
 			if (type.has(VpnTypeFeature.USER_PASS))
 			{
 				profile.setUsername(local.optString("eap_id", null));
+				profile.setPassword(local.optString("shared_secret", null));
 			}
 
 			if (type.has(VpnTypeFeature.CERTIFICATE))
diff --git a/src/frontends/android/app/src/main/res/layout/profile_import_view.xml b/src/frontends/android/app/src/main/res/layout/profile_import_view.xml
index bca3ac853c..231b552c93 100644
--- a/src/frontends/android/app/src/main/res/layout/profile_import_view.xml
+++ b/src/frontends/android/app/src/main/res/layout/profile_import_view.xml
@@ -47,6 +47,20 @@
             android:textAppearance="?android:attr/textAppearanceSmall"
             android:textColor="?android:attr/textColorPrimary" />
 
+        <TextView
+            android:id="@+id/shared_secret_warning"
+            android:background="@drawable/state_background"
+            android:padding="8dp"
+            android:layout_width="match_parent"
+            android:layout_height="wrap_content"
+            android:layout_marginBottom="8dp"
+            app:drawableStartCompat="@android:drawable/ic_dialog_alert"
+            android:drawablePadding="8dp"
+            android:textStyle="bold"
+            android:text="@string/profile_import_shared_secret"
+            android:textAppearance="?android:attr/textAppearanceSmall"
+            android:textColor="?android:attr/textColorPrimary" />
+
         <LinearLayout
             android:id="@+id/basic_data_group"
             android:layout_width="match_parent"
diff --git a/src/frontends/android/app/src/main/res/values-de/strings.xml b/src/frontends/android/app/src/main/res/values-de/strings.xml
index 4e16f5d8dd..f1d2975565 100644
--- a/src/frontends/android/app/src/main/res/values-de/strings.xml
+++ b/src/frontends/android/app/src/main/res/values-de/strings.xml
@@ -136,6 +136,7 @@
     <string name="profile_import_failed_tls">TLS-Handshake fehlgeschlagen</string>
     <string name="profile_import_failed_value">Ungültiger Wert in \"%1$s\"</string>
     <string name="profile_import_exists">Dieses VPN Profil existiert bereits, die bestehenden Einstellungen werden ersetzt.</string>
+    <string name="profile_import_shared_secret">Diese Datei enthält ein Klartext-Passwort. Denken Sie daran, sie nach dem Importieren zu löschen.</string>
     <string name="profile_cert_import">Zertifikat aus VPN Profil importieren</string>
     <string name="profile_cert_alias">Zertifikat für \"%1$s\"</string>
     <string name="profile_profile_id">Profil-ID</string>
diff --git a/src/frontends/android/app/src/main/res/values-pl/strings.xml b/src/frontends/android/app/src/main/res/values-pl/strings.xml
index 68089da938..cdf4eccc18 100644
--- a/src/frontends/android/app/src/main/res/values-pl/strings.xml
+++ b/src/frontends/android/app/src/main/res/values-pl/strings.xml
@@ -138,6 +138,7 @@
     <string name="profile_import_failed_tls">TLS handshake failed</string>
     <string name="profile_import_failed_value">Invalid value in \"%1$s\"</string>
     <string name="profile_import_exists">This VPN profile already exists, its current settings will be replaced.</string>
+    <string name="profile_import_shared_secret">This file contains a cleartext password. Remember to delete it after importing.</string>
     <string name="profile_cert_import">Import certificate from VPN profile</string>
     <string name="profile_cert_alias">Certificate for \"%1$s\"</string>
     <string name="profile_profile_id">Profile ID</string>
diff --git a/src/frontends/android/app/src/main/res/values-ru/strings.xml b/src/frontends/android/app/src/main/res/values-ru/strings.xml
index ab35f29e75..d879c9ebed 100644
--- a/src/frontends/android/app/src/main/res/values-ru/strings.xml
+++ b/src/frontends/android/app/src/main/res/values-ru/strings.xml
@@ -132,6 +132,7 @@
     <string name="profile_import_failed_tls">TLS handshake failed</string>
     <string name="profile_import_failed_value">Invalid value in \"%1$s\"</string>
     <string name="profile_import_exists">This VPN profile already exists, its current settings will be replaced.</string>
+    <string name="profile_import_shared_secret">This file contains a cleartext password. Remember to delete it after importing.</string>
     <string name="profile_cert_import">Import certificate from VPN profile</string>
     <string name="profile_cert_alias">Certificate for \"%1$s\"</string>
     <string name="profile_profile_id">Profile ID</string>
diff --git a/src/frontends/android/app/src/main/res/values-uk/strings.xml b/src/frontends/android/app/src/main/res/values-uk/strings.xml
index 677d7c95d2..8eadc5cb31 100644
--- a/src/frontends/android/app/src/main/res/values-uk/strings.xml
+++ b/src/frontends/android/app/src/main/res/values-uk/strings.xml
@@ -133,6 +133,7 @@
     <string name="profile_import_failed_tls">TLS handshake failed</string>
     <string name="profile_import_failed_value">Invalid value in \"%1$s\"</string>
     <string name="profile_import_exists">This VPN profile already exists, its current settings will be replaced.</string>
+    <string name="profile_import_shared_secret">This file contains a cleartext password. Remember to delete it after importing.</string>
     <string name="profile_cert_import">Import certificate from VPN profile</string>
     <string name="profile_cert_alias">Certificate for \"%1$s\"</string>
     <string name="profile_profile_id">Profile ID</string>
diff --git a/src/frontends/android/app/src/main/res/values-zh-rCN/strings.xml b/src/frontends/android/app/src/main/res/values-zh-rCN/strings.xml
index 43d3134d95..4cc7295a27 100644
--- a/src/frontends/android/app/src/main/res/values-zh-rCN/strings.xml
+++ b/src/frontends/android/app/src/main/res/values-zh-rCN/strings.xml
@@ -132,6 +132,7 @@
     <string name="profile_import_failed_tls">TLS握手失败</string>
     <string name="profile_import_failed_value">无效的值： \"%1$s\"</string>
     <string name="profile_import_exists">此VPN配置已经存在，当前设定将被覆盖。</string>
+    <string name="profile_import_shared_secret">This file contains a cleartext password. Remember to delete it after importing.</string>
     <string name="profile_cert_import">从VPN配置导入证书</string>
     <string name="profile_cert_alias">\"%1$s\" 所对应的证书</string>
     <string name="profile_profile_id">配置文件ID</string>
diff --git a/src/frontends/android/app/src/main/res/values-zh-rTW/strings.xml b/src/frontends/android/app/src/main/res/values-zh-rTW/strings.xml
index 731682f660..3036791124 100644
--- a/src/frontends/android/app/src/main/res/values-zh-rTW/strings.xml
+++ b/src/frontends/android/app/src/main/res/values-zh-rTW/strings.xml
@@ -132,6 +132,7 @@
     <string name="profile_import_failed_tls">TLS連線失敗</string>
     <string name="profile_import_failed_value">Invalid value in \"%1$s\"</string>
     <string name="profile_import_exists">這個VPN設定檔已經存在，當前設定檔會被覆蓋。</string>
+    <string name="profile_import_shared_secret">This file contains a cleartext password. Remember to delete it after importing.</string>
     <string name="profile_cert_import">從VPN設定檔匯入憑證</string>
     <string name="profile_cert_alias">\"%1$s\" 對應的憑證</string>
     <string name="profile_profile_id">Profile ID</string>
diff --git a/src/frontends/android/app/src/main/res/values/strings.xml b/src/frontends/android/app/src/main/res/values/strings.xml
index 71dc6e851b..aaf7dd4c28 100644
--- a/src/frontends/android/app/src/main/res/values/strings.xml
+++ b/src/frontends/android/app/src/main/res/values/strings.xml
@@ -136,6 +136,7 @@
     <string name="profile_import_failed_tls">TLS handshake failed</string>
     <string name="profile_import_failed_value">Invalid value in \"%1$s\"</string>
     <string name="profile_import_exists">This VPN profile already exists, its current settings will be replaced.</string>
+    <string name="profile_import_shared_secret">This file contains a cleartext password. Remember to delete it after importing.</string>
     <string name="profile_cert_import">Import certificate from VPN profile</string>
     <string name="profile_cert_alias">Certificate for \"%1$s\"</string>
     <string name="profile_profile_id">Profile ID</string>