mirror of
https://github.com/schwabe/ics-openvpn.git
synced 2024-09-19 19:42:29 +02:00
Fix summary of Auth settings dialog and add TLS Profile setting
This commit is contained in:
Arne Schwabe
parent
893ce60f73
commit
9ca366fb2d
@ -170,6 +170,7 @@ public class VpnProfile implements Serializable, Cloneable {
|
||||
public String mPeerFingerPrints = "";
|
||||
public int mCompatMode = 0;
|
||||
public boolean mUseLegacyProvider = false;
|
||||
public String mTlSCertProfile = "";
|
||||
|
||||
private transient PrivateKey mPrivateKey;
|
||||
// Public attributes, since I got mad with getter/setter
|
||||
|
||||
@ -42,4 +42,10 @@
|
||||
<item>OpenVPN 2.4.x peers</item>
|
||||
<item>OpenVPN 2.3.x and older peers</item>
|
||||
</string-array>
|
||||
<string-array name="tls_profile_entries">
|
||||
<item>insecure (not recommend, allows insecure crypto)</item>
|
||||
<item>legacy (default)</item>
|
||||
<item>preferred (recommended but limited compabbility)</item>
|
||||
<item>Suite B</item>
|
||||
</string-array>
|
||||
</resources>
|
||||
|
||||
@ -508,5 +508,6 @@
|
||||
<string name="bf_cbc_requires_legacy">Profiles uses BF-CBC which depends on OpenSSL legacy provider (not enabled).</string>
|
||||
<string name="allow_translations_title">Allow community contributed translations</string>
|
||||
<string name="allow_translations_summary">Allows the app to be translated with translations contributed by the community. Requires a restart of the app to activate.</string>
|
||||
<string name="tls_profile">TLS Security Profile</string>
|
||||
|
||||
</resources>
|
||||
|
||||
@ -83,4 +83,10 @@
|
||||
<string name="faq_title_ncp">Failed to negotiate cipher with server</string>
|
||||
<string name="import_from_URL">URL</string>
|
||||
|
||||
<string-array name="tls_profile_values" translatable="false">
|
||||
<item>insecure</item>
|
||||
<item>legacy</item>
|
||||
<item>preferred</item>
|
||||
<item>suiteb</item>
|
||||
</string-array>
|
||||
</resources>
|
||||
|
||||
@ -24,8 +24,7 @@ import de.blinkt.openvpn.views.RemoteCNPreference
|
||||
import de.blinkt.openvpn.views.RemoteCNPreferenceDialog
|
||||
import java.io.IOException
|
||||
|
||||
class Settings_Authentication : OpenVpnPreferencesFragment(), Preference.OnPreferenceChangeListener,
|
||||
Preference.OnPreferenceClickListener {
|
||||
class Settings_Authentication : OpenVpnPreferencesFragment(), Preference.OnPreferenceClickListener {
|
||||
private lateinit var mExpectTLSCert: CheckBoxPreference
|
||||
private lateinit var mCheckRemoteCN: CheckBoxPreference
|
||||
private lateinit var mRemoteCN: RemoteCNPreference
|
||||
@ -36,6 +35,7 @@ class Settings_Authentication : OpenVpnPreferencesFragment(), Preference.OnPrefe
|
||||
private var mTlsAuthFileData: String? = null
|
||||
private lateinit var mAuth: EditTextPreference
|
||||
private lateinit var mRemoteX509Name: EditTextPreference
|
||||
private lateinit var mTLSProfile: ListPreference
|
||||
|
||||
override fun onCreatePreferences(savedInstanceState: Bundle?, rootKey: String?) {
|
||||
}
|
||||
@ -48,17 +48,17 @@ class Settings_Authentication : OpenVpnPreferencesFragment(), Preference.OnPrefe
|
||||
mExpectTLSCert = findPreference("remoteServerTLS")!!
|
||||
mCheckRemoteCN = findPreference("checkRemoteCN")!!
|
||||
mRemoteCN = findPreference("remotecn")!!
|
||||
mRemoteCN.onPreferenceChangeListener = this
|
||||
setRemoteCNSummaryProvider()
|
||||
mRemoteX509Name = findPreference("remotex509name")!!
|
||||
mRemoteX509Name.onPreferenceChangeListener = this
|
||||
mRemoteX509Name.setSummaryProvider { pref ->
|
||||
if ((pref as EditTextPreference).text.isEmpty()) "CN (default)" else pref.text
|
||||
}
|
||||
mUseTLSAuth = findPreference("useTLSAuth")!!
|
||||
mTLSAuthFile = findPreference("tlsAuthFile")!!
|
||||
mTLSAuthDirection = findPreference("tls_direction")!!
|
||||
mTLSAuthFile.onPreferenceClickListener = this
|
||||
mDataCiphers = findPreference("dataciphers")!!
|
||||
mDataCiphers.onPreferenceChangeListener = this
|
||||
mAuth = findPreference("auth")!!
|
||||
mAuth.onPreferenceChangeListener = this
|
||||
mTLSProfile = findPreference("tls_profile")!!
|
||||
loadSettings()
|
||||
}
|
||||
|
||||
@ -67,20 +67,17 @@ class Settings_Authentication : OpenVpnPreferencesFragment(), Preference.OnPrefe
|
||||
mCheckRemoteCN.isChecked = mProfile.mCheckRemoteCN
|
||||
mRemoteCN.setDN(mProfile.mRemoteCN)
|
||||
mRemoteCN.setAuthType(mProfile.mX509AuthType)
|
||||
onPreferenceChange(
|
||||
mRemoteCN,
|
||||
Pair(mProfile.mX509AuthType, mProfile.mRemoteCN)
|
||||
)
|
||||
mRemoteX509Name.text = mProfile.mx509UsernameField ?: ""
|
||||
onPreferenceChange(mRemoteX509Name, mProfile.mx509UsernameField ?: "")
|
||||
mUseTLSAuth.isChecked = mProfile.mUseTLSAuth
|
||||
|
||||
mTlsAuthFileData = mProfile.mTLSAuthFilename
|
||||
setTlsAuthSummary(mTlsAuthFileData)
|
||||
|
||||
mTLSAuthDirection.value = mProfile.mTLSAuthDirection
|
||||
|
||||
mDataCiphers.text = mProfile.mDataCiphers
|
||||
onPreferenceChange(mDataCiphers, mProfile.mDataCiphers)
|
||||
mAuth.text = mProfile.mAuth
|
||||
onPreferenceChange(mAuth, mProfile.mAuth)
|
||||
|
||||
if (mProfile.mAuthenticationType == VpnProfile.TYPE_STATICKEYS) {
|
||||
mExpectTLSCert.isEnabled = false
|
||||
mCheckRemoteCN.isEnabled = false
|
||||
@ -89,6 +86,10 @@ class Settings_Authentication : OpenVpnPreferencesFragment(), Preference.OnPrefe
|
||||
mExpectTLSCert.isEnabled = true
|
||||
mCheckRemoteCN.isEnabled = true
|
||||
}
|
||||
if (mProfile.mTlSCertProfile.isNullOrBlank())
|
||||
mTLSProfile.value = "legacy"
|
||||
else
|
||||
mTLSProfile.value = mProfile.mTlSCertProfile
|
||||
}
|
||||
|
||||
override fun saveSettings() {
|
||||
@ -99,36 +100,30 @@ class Settings_Authentication : OpenVpnPreferencesFragment(), Preference.OnPrefe
|
||||
mProfile.mUseTLSAuth = mUseTLSAuth.isChecked
|
||||
mProfile.mTLSAuthFilename = mTlsAuthFileData
|
||||
mProfile.mx509UsernameField = mRemoteX509Name.text
|
||||
if (mTLSAuthDirection.value == null) mProfile.mTLSAuthDirection =
|
||||
null else mProfile.mTLSAuthDirection = mTLSAuthDirection.value
|
||||
if (mDataCiphers.text == null) mProfile.mDataCiphers = null else mProfile.mDataCiphers =
|
||||
mDataCiphers.text
|
||||
if (mAuth.text == null) mProfile.mAuth = null else mProfile.mAuth = mAuth.text
|
||||
mProfile.mTLSAuthDirection = mTLSAuthDirection.value
|
||||
mProfile.mDataCiphers = mDataCiphers.text
|
||||
mProfile.mAuth = mAuth.text
|
||||
mProfile.mTlSCertProfile = mTLSProfile.value
|
||||
}
|
||||
|
||||
override fun onPreferenceChange(preference: Preference, newValue: Any): Boolean {
|
||||
if (preference === mRemoteCN && newValue is Pair<*, *>) {
|
||||
val authtype = newValue.first as Int
|
||||
val dn = newValue.second
|
||||
if ("" == dn) {
|
||||
private fun setRemoteCNSummaryProvider()
|
||||
{
|
||||
mRemoteCN.setSummaryProvider {
|
||||
pref ->
|
||||
pref as RemoteCNPreference;
|
||||
|
||||
if ("" == pref.cnText) {
|
||||
if (mProfile.mConnections.size > 0) {
|
||||
preference.summary = getX509String(
|
||||
VpnProfile.X509_VERIFY_TLSREMOTE_RDN,
|
||||
return@setSummaryProvider getX509String(VpnProfile.X509_VERIFY_TLSREMOTE_RDN,
|
||||
mProfile.mConnections[0].mServerName
|
||||
)
|
||||
} else {
|
||||
preference.setSummary(R.string.no_remote_defined)
|
||||
return@setSummaryProvider getString(R.string.no_remote_defined)
|
||||
}
|
||||
} else {
|
||||
preference.summary = getX509String(authtype, dn as String)
|
||||
return@setSummaryProvider getX509String(pref.authtype, pref.cnText)
|
||||
}
|
||||
} else if (preference === mDataCiphers || preference === mAuth) {
|
||||
preference.summary = (newValue as CharSequence)
|
||||
} else if (preference === mRemoteX509Name) {
|
||||
preference.summary =
|
||||
(if (newValue.toString().isEmpty()) "CN (default)" else newValue as CharSequence)
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
||||
private fun getX509String(authtype: Int, dn: String): CharSequence {
|
||||
|
||||
@ -39,11 +39,13 @@ public class RemoteCNPreference extends DialogPreference {
|
||||
|
||||
public void setDN(String dn) {
|
||||
mDn = dn;
|
||||
notifyChanged();
|
||||
}
|
||||
|
||||
|
||||
public void setAuthType(int x509authtype) {
|
||||
mDNType = x509authtype;
|
||||
notifyChanged();
|
||||
}
|
||||
|
||||
public String getCNText() {
|
||||
|
||||
@ -107,17 +107,14 @@ public class RemoteCNPreferenceDialog extends PreferenceDialogFragmentCompat {
|
||||
|
||||
@Override
|
||||
public void onDialogClosed(boolean positiveResult) {
|
||||
|
||||
if (positiveResult) {
|
||||
RemoteCNPreference pref = ((RemoteCNPreference) getPreference());
|
||||
|
||||
String dn = mEditText.getText().toString();
|
||||
int authtype = getAuthTypeFromSpinner();
|
||||
if (pref.callChangeListener(new Pair<>(authtype, dn))) {
|
||||
pref.setDN(dn);
|
||||
pref.setAuthType(authtype);
|
||||
}
|
||||
}
|
||||
pref.setDN(dn);
|
||||
pref.setAuthType(authtype);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -3,64 +3,80 @@
|
||||
~ Distributed under the GNU GPL v2 with additional terms. For full terms see the file doc/LICENSE.txt
|
||||
-->
|
||||
|
||||
<PreferenceScreen xmlns:android="http://schemas.android.com/apk/res/android">
|
||||
<PreferenceScreen xmlns:android="http://schemas.android.com/apk/res/android"
|
||||
xmlns:app="http://schemas.android.com/apk/res-auto">
|
||||
<PreferenceCategory android:title="@string/tls_settings">
|
||||
<ListPreference
|
||||
android:entries="@array/tls_profile_entries"
|
||||
android:entryValues="@array/tls_profile_values"
|
||||
android:key="tls_profile"
|
||||
android:persistent="false"
|
||||
android:title="@string/tls_profile"
|
||||
app:useSimpleSummaryProvider="true" />
|
||||
<CheckBoxPreference
|
||||
android:key="remoteServerTLS"
|
||||
android:summary="@string/check_remote_tlscert"
|
||||
android:title="@string/check_remote_tlscert_title" />
|
||||
android:key="remoteServerTLS"
|
||||
android:summary="@string/check_remote_tlscert"
|
||||
android:title="@string/check_remote_tlscert_title" />
|
||||
<CheckBoxPreference
|
||||
android:key="checkRemoteCN"
|
||||
android:summary="@string/remote_tlscn_check_summary"
|
||||
android:title="@string/remote_tlscn_check_title" />
|
||||
android:key="checkRemoteCN"
|
||||
android:summary="@string/remote_tlscn_check_summary"
|
||||
android:title="@string/remote_tlscn_check_title" />
|
||||
|
||||
<de.blinkt.openvpn.views.RemoteCNPreference
|
||||
android:dependency="checkRemoteCN"
|
||||
android:positiveButtonText="@android:string/ok"
|
||||
android:negativeButtonText="@string/cancel"
|
||||
android:key="remotecn"
|
||||
android:title="@string/enter_tlscn_title" />
|
||||
android:dependency="checkRemoteCN"
|
||||
android:key="remotecn"
|
||||
android:negativeButtonText="@string/cancel"
|
||||
android:positiveButtonText="@android:string/ok"
|
||||
android:title="@string/enter_tlscn_title" />
|
||||
|
||||
<EditTextPreference
|
||||
android:dependency="checkRemoteCN"
|
||||
android:dialogMessage="Field in the X.509 certificate subject to be used as the username (default=CN)."
|
||||
android:key="remotex509name"
|
||||
android:persistent="false"
|
||||
android:title="X509 Username Field" />
|
||||
android:dependency="checkRemoteCN"
|
||||
android:dialogMessage="Field in the X.509 certificate subject to be used as the username (default=CN)."
|
||||
android:key="remotex509name"
|
||||
android:persistent="false"
|
||||
android:title="X509 Username Field" />
|
||||
|
||||
</PreferenceCategory>
|
||||
<PreferenceCategory android:title="@string/tls_authentication">
|
||||
<SwitchPreference
|
||||
android:key="useTLSAuth"
|
||||
android:summary="@string/tls_key_auth"
|
||||
android:title="@string/useTLSAuth" />
|
||||
|
||||
android:key="useTLSAuth"
|
||||
android:summary="@string/tls_key_auth"
|
||||
android:title="@string/useTLSAuth" />
|
||||
|
||||
<Preference
|
||||
android:dependency="useTLSAuth"
|
||||
android:key="tlsAuthFile"
|
||||
android:title="@string/tls_auth_file" />
|
||||
android:dependency="useTLSAuth"
|
||||
|
||||
android:key="tlsAuthFile"
|
||||
android:title="@string/tls_auth_file"
|
||||
app:useSimpleSummaryProvider="true" />
|
||||
|
||||
<ListPreference
|
||||
android:dependency="useTLSAuth"
|
||||
android:entries="@array/tls_directions_entries"
|
||||
android:entryValues="@array/tls_directions_values"
|
||||
android:key="tls_direction"
|
||||
android:persistent="false"
|
||||
android:title="@string/tls_direction" />
|
||||
android:dependency="useTLSAuth"
|
||||
|
||||
android:entries="@array/tls_directions_entries"
|
||||
android:entryValues="@array/tls_directions_values"
|
||||
android:key="tls_direction"
|
||||
android:persistent="false"
|
||||
android:title="@string/tls_direction"
|
||||
app:useSimpleSummaryProvider="true" />
|
||||
</PreferenceCategory>
|
||||
<PreferenceCategory android:title="@string/encryption">
|
||||
<EditTextPreference
|
||||
android:dialogMessage="@string/chipher_dialog_message"
|
||||
android:dialogTitle="@string/cipher_dialog_title"
|
||||
android:key="dataciphers"
|
||||
android:persistent="false"
|
||||
android:title="@string/encryption_cipher" />
|
||||
android:dialogMessage="@string/chipher_dialog_message"
|
||||
android:dialogTitle="@string/cipher_dialog_title"
|
||||
android:key="dataciphers"
|
||||
android:persistent="false"
|
||||
android:title="@string/encryption_cipher"
|
||||
app:useSimpleSummaryProvider="true" />
|
||||
<EditTextPreference
|
||||
android:dialogMessage="@string/auth_dialog_message"
|
||||
android:dialogTitle="@string/auth_dialog_title"
|
||||
android:key="auth"
|
||||
android:persistent="false"
|
||||
android:title="@string/packet_auth" />
|
||||
android:dialogMessage="@string/auth_dialog_message"
|
||||
android:dialogTitle="@string/auth_dialog_title"
|
||||
android:key="auth"
|
||||
android:persistent="false"
|
||||
android:title="@string/packet_auth"
|
||||
|
||||
app:useSimpleSummaryProvider="true" />
|
||||
</PreferenceCategory>
|
||||
|
||||
</PreferenceScreen>
|
||||
Loading…
Reference in New Issue
Block a user