android:layout_height="fill_parent"
android:padding="15dip">
+ <TextView android:id="@+id/cstor_access_dialog_hint_from_action"
+ android:layout_width="fill_parent"
+ android:layout_height="wrap_content"
+ android:textSize="@dimen/vpn_connect_normal_text_size"
+ android:text="@string/cstor_access_dialog_hint_from_action"
+ android:layout_marginBottom="10sp" />
+
<TextView android:id="@+id/cstor_error"
android:layout_width="fill_parent"
android:layout_height="wrap_content"
<!-- Main Settings screen settings title for things like Wi-Fi, bluetooth, airplane mode. This will take you to another screen with those settings. -->
<string name="radio_controls_title">Wireless controls</string>
<!-- Main Settings screen settings summary text for the "Wireless controls" setting -->
- <string name="radio_controls_summary">Manage Wi-Fi, Bluetooth, airplane mode, & mobile networks</string>
+ <string name="radio_controls_summary">Manage Wi-Fi, Bluetooth, airplane mode, mobile networks, & VPNs</string>
<!-- mobile network settings screen, setting check box title -->
<!-- Main Settings screen setting option title for the item to take you the security and location screen -->
<string name="security_settings_title">Security & location</string>
<!-- Main Settings screen setting option summary text for the item tot ake you to the security and location screen -->
- <string name="security_settings_summary">Set My Location, screen unlock, SIM card lock</string>
+ <string name="security_settings_summary">Set My Location, screen unlock, SIM card lock, credential storage lock</string>
<!-- In the security screen, the header title for settings related to Passwords-->
<string name="security_passwords_title">Passwords</string>
<string name="cstor_access_summary">Allow applications to access secure certificates and other credentials</string>
<!-- Title of dialog to enable/dislable access to credential storage -->
<string name="cstor_access_dialog_title">Enter password</string>
+ <!-- Description of dialog to enable/dislable access to credential storage from an action that requires the credential storage -->
+ <string name="cstor_access_dialog_hint_from_action">This action requires enabling the credential storage. Please enter the password to enable it.</string>
<!-- Title of preference to set storage password -->
<string name="cstor_set_passwd_title">Set password</string>
<string name="cstor_confirm_password">Confirm new password:</string>
<!-- Description when user set up the storage for the very first time -->
<string name="cstor_first_time_hint">You must set a password for the credential storage.</string>
+ <!-- Description when user set up the storage for the very first time from an action that requires the credential storage-->
+ <string name="cstor_first_time_hint_from_action">This action requires the credential storage but the storage has not been activated before. To activiate it, you must set a password for the credential storage.</string>
<string name="cstor_password_error">Please enter the correct password.</string>
<string name="cstor_password_error_reset_warning">Please enter the correct password. You have one more try to enter the correct password before the credential storage is erased.</string>
<string name="cstor_password_error_reset_warning_plural">Please enter the correct password. You have %d more tries to enter the correct password before the credential storage is erased.</string>
: R.string.cstor_password_error);
if (count <= 3) {
if (count == 1) {
- v.setText(getString(
- R.string.cstor_password_error_reset_warning));
+ v.setText(R.string.cstor_password_error_reset_warning);
} else {
String format = getString(
R.string.cstor_password_error_reset_warning_plural);
return v;
}
- private void hideError() {
- View v = mView.findViewById(R.id.cstor_error);
+ private void hide(int viewId) {
+ View v = mView.findViewById(viewId);
if (v != null) v.setVisibility(View.GONE);
}
+ private void hideError() {
+ hide(R.id.cstor_error);
+ }
+
private String getText(int viewId) {
return ((TextView) mView.findViewById(viewId)).getText().toString();
}
if (v != null) v.setText(text);
}
+ private void setText(int viewId, int textId) {
+ TextView v = (TextView) mView.findViewById(viewId);
+ if (v != null) v.setText(textId);
+ }
+
private void enablePreferences(boolean enabled) {
mAccessCheckBox.setEnabled(enabled);
mResetButton.setEnabled(enabled);
R.layout.cstor_unlock_dialog_view, null);
hideError();
+ // show extra hint only when the action comes from outside
+ if ((mSpecialIntent == null)
+ && (mCstorAddCredentialHelper == null)) {
+ hide(R.id.cstor_access_dialog_hint_from_action);
+ }
+
Dialog d = new AlertDialog.Builder(SecuritySettings.this)
.setView(mView)
.setTitle(R.string.cstor_access_dialog_title)
R.layout.cstor_set_password_dialog_view, null);
hideError();
+ // show extra hint only when the action comes from outside
+ if ((mSpecialIntent != null)
+ || (mCstorAddCredentialHelper != null)) {
+ setText(R.id.cstor_first_time_hint,
+ R.string.cstor_first_time_hint_from_action);
+ }
+
switch (id) {
case CSTOR_INIT_DIALOG:
mView.findViewById(R.id.cstor_old_password_block)
hideError();
setText(R.id.cstor_credential_name_title,
- getString(R.string.cstor_credential_name));
+ R.string.cstor_credential_name);
setText(R.id.cstor_credential_info_title,
- getString(R.string.cstor_credential_info));
+ R.string.cstor_credential_info);
setText(R.id.cstor_credential_info,
mCstorAddCredentialHelper.getDescription().toString());
: validate(mSecretString, R.string.vpn_l2tp_secret));
}
- @Override
- public void saveSecrets(String originalProfileName) {
- L2tpProfile profile = (L2tpProfile) getProfile();
- // TODO: fill up the implementation after keystore is available
- }
-
private Preference createSecretPreference(Context c) {
final L2tpProfile profile = (L2tpProfile) getProfile();
CheckBoxPreference secret = mSecret = new CheckBoxPreference(c);
import android.preference.ListPreference;
import android.preference.Preference;
import android.preference.PreferenceGroup;
-import android.security.Keystore;
+import android.security.CertTool;
import android.text.TextUtils;
/**
mUserCertificate = createListPreference(c,
R.string.vpn_user_certificate_title,
mProfile.getUserCertificate(),
- Keystore.getInstance().getAllUserCertificateKeys(),
+ CertTool.getInstance().getAllUserCertificateKeys(),
new Preference.OnPreferenceChangeListener() {
public boolean onPreferenceChange(
Preference pref, Object newValue) {
mCaCertificate = createListPreference(c,
R.string.vpn_ca_certificate_title,
mProfile.getCaCertificate(),
- Keystore.getInstance().getAllCaCertificateKeys(),
+ CertTool.getInstance().getAllCaCertificateKeys(),
new Preference.OnPreferenceChangeListener() {
public boolean onPreferenceChange(
Preference pref, Object newValue) {
: validate(mPresharedKey, R.string.vpn_ipsec_presharedkey));
}
- @Override
- public void saveSecrets(String originalProfileName) {
- L2tpIpsecPskProfile profile = (L2tpIpsecPskProfile) getProfile();
- profile.getPresharedKey();
- // TODO: fill up the implementation after keystore is available
- }
-
private Preference createPresharedKeyPreference(Context c) {
final L2tpIpsecPskProfile profile = (L2tpIpsecPskProfile) getProfile();
mPresharedKey = createSecretPreference(c,
import android.content.DialogInterface;
import android.widget.Toast;
-import org.apache.commons.codec.binary.Base64;
-
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
createErrorDialog(c, message, listener).show();
}
- static String base64Encode(byte[] bytes) {
- return new String(Base64.encodeBase64(bytes));
- }
-
static void deleteFile(String path) {
deleteFile(new File(path));
}
private VpnProfileEditor mProfileEditor;
private boolean mAddingProfile;
- private String mOriginalProfileName;
@Override
public void onCreate(Bundle savedInstanceState) {
VpnProfile p = (VpnProfile) ((savedInstanceState == null)
? getIntent().getParcelableExtra(VpnSettings.KEY_VPN_PROFILE)
: savedInstanceState.getParcelable(KEY_PROFILE));
- mOriginalProfileName = (savedInstanceState == null)
- ? p.getName()
- : savedInstanceState.getString(KEY_ORIGINAL_PROFILE_NAME);
mProfileEditor = getEditor(p);
mAddingProfile = TextUtils.isEmpty(p.getName());
if (mProfileEditor == null) return;
outState.putParcelable(KEY_PROFILE, getProfile());
- outState.putString(KEY_ORIGINAL_PROFILE_NAME, mOriginalProfileName);
}
@Override
return false;
}
- mProfileEditor.saveSecrets(mOriginalProfileName);
setResult(getProfile());
return true;
}
private void setResult(VpnProfile p) {
- p.setId(Util.base64Encode(p.getName().getBytes()));
Intent intent = new Intent(this, VpnSettings.class);
intent.putExtra(VpnSettings.KEY_VPN_PROFILE, (Parcelable) p);
setResult(RESULT_OK, intent);
}
/**
- * Saves the secrets in this profile.
- * @param originalProfileName the original profile name
- */
- public void saveSecrets(String originalProfileName) {
- }
-
- /**
* Creates a preference for users to input domain suffices.
*/
protected EditTextPreference createDomainSufficesPreference(Context c) {
package com.android.settings.vpn;
import com.android.settings.R;
+import com.android.settings.SecuritySettings;
import android.app.AlertDialog;
import android.app.Dialog;
import android.content.Context;
import android.content.DialogInterface;
import android.content.Intent;
+import android.net.vpn.L2tpIpsecPskProfile;
+import android.net.vpn.L2tpProfile;
import android.net.vpn.VpnManager;
import android.net.vpn.VpnProfile;
import android.net.vpn.VpnState;
import android.preference.PreferenceManager;
import android.preference.PreferenceScreen;
import android.preference.Preference.OnPreferenceClickListener;
+import android.security.Keystore;
import android.text.TextUtils;
import android.util.Log;
import android.view.ContextMenu;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.util.ArrayList;
-import java.util.Arrays;
import java.util.Collections;
+import java.util.Comparator;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
private VpnProfileActor mConnectingActor;
private boolean mStateSaved = false;
+ // states saved for unlocking keystore
+ private Runnable mUnlockAction;
+
private VpnManager mVpnManager = new VpnManager(this);
private ConnectivityReceiver mConnectivityReceiver =
public void onResume() {
super.onResume();
mStatusChecker.onResume();
+
+ if ((mUnlockAction != null) && isKeystoreUnlocked()) {
+ Runnable action = mUnlockAction;
+ mUnlockAction = null;
+ runOnUiThread(action);
+ }
}
@Override
}
@Override
- protected void onActivityResult(int requestCode, int resultCode,
- Intent data) {
- int index = mIndexOfEditedProfile;
+ protected void onActivityResult(final int requestCode, final int resultCode,
+ final Intent data) {
+ final int index = mIndexOfEditedProfile;
mIndexOfEditedProfile = -1;
if ((resultCode == RESULT_CANCELED) || (data == null)) {
return;
}
+ if (needKeystoreToSave(p)) {
+ Runnable action = new Runnable() {
+ public void run() {
+ mIndexOfEditedProfile = index;
+ onActivityResult(requestCode, resultCode, data);
+ }
+ };
+ if (!unlockKeystore(p, action)) return;
+ }
+
try {
if ((index < 0) || (index >= mVpnProfileList.size())) {
addProfile(p);
.show();
}
+ // Randomly generates an ID for the profile.
+ // The ID is unique and only set once when the profile is created.
+ private void setProfileId(VpnProfile profile) {
+ String id;
+
+ while (true) {
+ id = String.valueOf(Math.abs(
+ Double.doubleToLongBits(Math.random())));
+ if (id.length() >= 8) break;
+ }
+ for (VpnProfile p : mVpnProfileList) {
+ if (p.getId().equals(id)) {
+ setProfileId(profile);
+ return;
+ }
+ }
+ profile.setId(id);
+ }
+
private void addProfile(VpnProfile p) throws IOException {
+ setProfileId(p);
saveProfileToStorage(p);
mVpnProfileList.add(p);
addPreferenceFor(p);
throw new RuntimeException("inconsistent state!");
}
- // TODO: call saveSecret(String) after keystore is available
+ p.setId(oldProfile.getId());
+
+ processSecrets(p);
+ // TODO: remove copyFiles once the setId() code propagates.
// Copy config files and remove the old ones if they are in different
// directories.
if (Util.copyFiles(getProfileDir(oldProfile), getProfileDir(p))) {
startActivityForResult(intent, REQUEST_SELECT_VPN_TYPE);
}
- private void startVpnEditor(VpnProfile profile) {
+ private boolean isKeystoreUnlocked() {
+ return (Keystore.getInstance().getState() == Keystore.UNLOCKED);
+ }
+
+
+ // Returns true if the profile needs to access keystore
+ private boolean needKeystoreToSave(VpnProfile p) {
+ return needKeystoreToConnect(p);
+ }
+
+ // Returns true if the profile needs to access keystore
+ private boolean needKeystoreToEdit(VpnProfile p) {
+ switch (p.getType()) {
+ case L2TP_IPSEC:
+ case L2TP_IPSEC_PSK:
+ return true;
+
+ default:
+ return false;
+ }
+ }
+
+ // Returns true if the profile needs to access keystore
+ private boolean needKeystoreToConnect(VpnProfile p) {
+ switch (p.getType()) {
+ case L2TP_IPSEC:
+ case L2TP_IPSEC_PSK:
+ return true;
+
+ case L2TP:
+ return ((L2tpProfile) p).isSecretEnabled();
+
+ default:
+ return false;
+ }
+ }
+
+ // Returns true if keystore is unlocked or keystore is not a concern
+ private boolean unlockKeystore(VpnProfile p, Runnable action) {
+ if (isKeystoreUnlocked()) return true;
+ mUnlockAction = action;
+ startActivity(
+ new Intent(SecuritySettings.ACTION_UNLOCK_CREDENTIAL_STORAGE));
+ return false;
+ }
+
+ private void startVpnEditor(final VpnProfile profile) {
+ if (needKeystoreToEdit(profile)) {
+ Runnable action = new Runnable() {
+ public void run() {
+ startVpnEditor(profile);
+ }
+ };
+ if (!unlockKeystore(profile, action)) return;
+ }
+
Intent intent = new Intent(this, VpnEditor.class);
intent.putExtra(KEY_VPN_PROFILE, (Parcelable) profile);
startActivityForResult(intent, REQUEST_ADD_OR_EDIT_PROFILE);
}
+ private synchronized void connect(final VpnProfile p) {
+ if (needKeystoreToConnect(p)) {
+ Runnable action = new Runnable() {
+ public void run() {
+ connect(p);
+ }
+ };
+ if (!unlockKeystore(p, action)) return;
+ }
+
+ mConnectingActor = getActor(p);
+ if (mConnectingActor.isConnectDialogNeeded()) {
+ removeDialog(DIALOG_CONNECT);
+ showDialog(DIALOG_CONNECT);
+ } else {
+ changeState(p, VpnState.CONNECTING);
+ mConnectingActor.connect(null);
+ }
+ }
+
// Do connect or disconnect based on the current state.
private synchronized void connectOrDisconnect(VpnProfile p) {
VpnPreference pref = mVpnPreferenceMap.get(p.getName());
switch (p.getState()) {
case IDLE:
- mConnectingActor = getActor(p);
- if (mConnectingActor.isConnectDialogNeeded()) {
- removeDialog(DIALOG_CONNECT);
- showDialog(DIALOG_CONNECT);
- } else {
- changeState(p, VpnState.CONNECTING);
- mConnectingActor.connect(null);
- }
+ connect(p);
break;
case CONNECTING:
File root = new File(PROFILES_ROOT);
String[] dirs = root.list();
if (dirs == null) return;
- Arrays.sort(dirs);
for (String dir : dirs) {
File f = new File(new File(root, dir), PROFILE_OBJ_FILE);
if (!f.exists()) continue;
if (!checkIdConsistency(dir, p)) continue;
mVpnProfileList.add(p);
- addPreferenceFor(p);
} catch (IOException e) {
Log.e(TAG, "retrieveVpnListFromStorage()", e);
}
}
+ Collections.sort(mVpnProfileList, new Comparator<VpnProfile>() {
+ public int compare(VpnProfile p1, VpnProfile p2) {
+ return p1.getName().compareTo(p2.getName());
+ }
+
+ public boolean equals(VpnProfile p) {
+ // not used
+ return false;
+ }
+ });
+ for (VpnProfile p : mVpnProfileList) addPreferenceFor(p);
disableProfilePreferencesIfOneActive();
}
return mVpnManager.createVpnProfile(Enum.valueOf(VpnType.class, type));
}
+ private static final String NAMESPACE_VPN = "vpn";
+ private static final String KEY_PREFIX_IPSEC_PSK = "ipsk000";
+ private static final String KEY_PREFIX_L2TP_SECRET = "lscrt000";
+
+ private void processSecrets(VpnProfile p) {
+ Keystore ks = Keystore.getInstance();
+ switch (p.getType()) {
+ case L2TP_IPSEC_PSK:
+ L2tpIpsecPskProfile pskProfile = (L2tpIpsecPskProfile) p;
+ String keyName = KEY_PREFIX_IPSEC_PSK + p.getId();
+ String presharedKey = pskProfile.getPresharedKey();
+ if (!presharedKey.equals(keyName)) {
+ ks.put(NAMESPACE_VPN, keyName, presharedKey);
+ pskProfile.setPresharedKey(NAMESPACE_VPN + "_" + keyName);
+ }
+ // pass through
+
+ case L2TP:
+ L2tpProfile l2tpProfile = (L2tpProfile) p;
+ keyName = KEY_PREFIX_L2TP_SECRET + p.getId();
+ String secret = l2tpProfile.getSecretString();
+ if (l2tpProfile.isSecretEnabled()) {
+ if (!secret.equals(keyName)) {
+ ks.put(NAMESPACE_VPN, keyName, secret);
+ l2tpProfile.setSecretString(
+ NAMESPACE_VPN + "_" + keyName);
+ }
+ } else {
+ ks.remove(NAMESPACE_VPN, keyName);
+ }
+ break;
+ }
+ }
+
private class VpnPreference extends Preference {
VpnProfile mProfile;
VpnPreference(Context c, VpnProfile p) {
OSDN Git Service
