From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 4 Sep 2012 11:57:05 +0000 (+0200)
Subject: Merge branch 'android-client-cert'
X-Git-Tag: 5.0.1~152
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d1604d0551ea591c12ce15ab59d2d2f074cf674f;p=thirdparty%2Fstrongswan.git

Merge branch 'android-client-cert'

Introduces IKEv2 client certificate authentication for the Android App.
---

d1604d0551ea591c12ce15ab59d2d2f074cf674f
diff --cc src/frontends/android/jni/libandroidbridge/backend/android_service.c
index d1769a99a0,29b6d45af6..f62aea0e83
--- a/src/frontends/android/jni/libandroidbridge/backend/android_service.c
+++ b/src/frontends/android/jni/libandroidbridge/backend/android_service.c
@@@ -442,14 -442,45 +457,45 @@@ static job_requeue_t initiate(private_a
  							   600, 600, /* jitter, over 10min */
  							   TRUE, FALSE, /* mobike, aggressive */
  							   0, 0, /* DPD delay, timeout */
 -							   host_create_from_string("0.0.0.0", 0) /* virt */,
 -							   NULL, FALSE, NULL, NULL); /* pool, mediation */
 +							   FALSE, NULL, NULL); /* mediation */
 +	peer_cfg->add_virtual_ip(peer_cfg, host_create_from_string("0.0.0.0", 0));
  
- 	auth = auth_cfg_create();
- 	auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_EAP);
- 	user = identification_create_from_string(this->username);
- 	auth->add(auth, AUTH_RULE_IDENTITY, user);
- 	peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE);
+ 	/* local auth config */
+ 	if (streq("ikev2-eap", this->type))
+ 	{
+ 		auth = auth_cfg_create();
+ 		auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_EAP);
+ 		user = identification_create_from_string(this->username);
+ 		auth->add(auth, AUTH_RULE_IDENTITY, user);
+ 
+ 		this->creds->add_username_password(this->creds, this->username,
+ 										   this->password);
+ 		memwipe(this->password, strlen(this->password));
+ 		peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE);
+ 	}
+ 	else if (streq("ikev2-cert", this->type))
+ 	{
+ 		certificate_t *cert;
+ 		identification_t *id;
+ 
+ 		cert = this->creds->load_user_certificate(this->creds);
+ 		if (!cert)
+ 		{
+ 			peer_cfg->destroy(peer_cfg);
+ 			charonservice->update_status(charonservice,
+ 										 CHARONSERVICE_GENERIC_ERROR);
+ 			return JOB_REQUEUE_NONE;
+ 
+ 		}
+ 		auth = auth_cfg_create();
+ 		auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
+ 		auth->add(auth, AUTH_RULE_SUBJECT_CERT, cert);
+ 		id = cert->get_subject(cert);
+ 		auth->add(auth, AUTH_RULE_IDENTITY, id->clone(id));
+ 		peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE);
+ 	}
+ 
+ 	/* remote auth config */
  	auth = auth_cfg_create();
  	auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
  	gateway = identification_create_from_string(this->gateway);