android:prompt="@string/vpn_ipsec_user_cert" />
</LinearLayout>
- <LinearLayout android:id="@+id/ipsec_ca"
+ <LinearLayout android:id="@+id/ipsec_peer"
android:layout_width="match_parent"
android:layout_height="wrap_content"
android:orientation="vertical"
<TextView style="@style/vpn_label" android:text="@string/vpn_ipsec_ca_cert"/>
<Spinner style="@style/vpn_value" android:id="@+id/ipsec_ca_cert"
android:prompt="@string/vpn_ipsec_ca_cert" />
+ <TextView style="@style/vpn_label" android:text="@string/vpn_ipsec_server_cert"/>
+ <Spinner style="@style/vpn_value" android:id="@+id/ipsec_server_cert"
+ android:prompt="@string/vpn_ipsec_server_cert" />
</LinearLayout>
<CheckBox style="@style/vpn_value" android:id="@+id/show_options"
<string name="vpn_ipsec_user_cert">IPSec user certificate</string>
<!-- Selection label for the IPSec CA certificate of a VPN network. [CHAR LIMIT=40] -->
<string name="vpn_ipsec_ca_cert">IPSec CA certificate</string>
+ <!-- Selection label for the IPSec server certificate of a VPN network. [CHAR LIMIT=40] -->
+ <string name="vpn_ipsec_server_cert">IPSec server certificate</string>
<!-- Checkbox label to show advanced options of a VPN network. [CHAR LIMIT=40] -->
<string name="vpn_show_options">Show advanced options</string>
<!-- Input label for the DNS search domains of a VPN network. [CHAR LIMIT=40] -->
<string name="vpn_not_used">(not used)</string>
<!-- Option to not use a CA certificate to verify the VPN server. [CHAR LIMIT=40] -->
<string name="vpn_no_ca_cert">(don\'t verify server)</string>
+ <!-- Option to use the server certificate received from the VPN server. [CHAR LIMIT=40] -->
+ <string name="vpn_no_server_cert">(received from server)</string>
<!-- Button label to cancel chaning a VPN network. [CHAR LIMIT=40] -->
<string name="vpn_cancel">Cancel</string>
private TextView mIpsecSecret;
private Spinner mIpsecUserCert;
private Spinner mIpsecCaCert;
+ private Spinner mIpsecServerCert;
private CheckBox mSaveLogin;
VpnDialog(Context context, DialogInterface.OnClickListener listener,
mIpsecSecret = (TextView) mView.findViewById(R.id.ipsec_secret);
mIpsecUserCert = (Spinner) mView.findViewById(R.id.ipsec_user_cert);
mIpsecCaCert = (Spinner) mView.findViewById(R.id.ipsec_ca_cert);
+ mIpsecServerCert = (Spinner) mView.findViewById(R.id.ipsec_server_cert);
mSaveLogin = (CheckBox) mView.findViewById(R.id.save_login);
// Second, copy values from the profile.
0, mProfile.ipsecUserCert);
loadCertificates(mIpsecCaCert, Credentials.CA_CERTIFICATE,
R.string.vpn_no_ca_cert, mProfile.ipsecCaCert);
+ loadCertificates(mIpsecServerCert, Credentials.USER_CERTIFICATE,
+ R.string.vpn_no_server_cert, mProfile.ipsecServerCert);
mSaveLogin.setChecked(mProfile.saveLogin);
// Third, add listeners to required fields.
mView.findViewById(R.id.l2tp).setVisibility(View.GONE);
mView.findViewById(R.id.ipsec_psk).setVisibility(View.GONE);
mView.findViewById(R.id.ipsec_user).setVisibility(View.GONE);
- mView.findViewById(R.id.ipsec_ca).setVisibility(View.GONE);
+ mView.findViewById(R.id.ipsec_peer).setVisibility(View.GONE);
// Then, unhide type-specific fields.
switch (type) {
mView.findViewById(R.id.ipsec_user).setVisibility(View.VISIBLE);
// fall through
case VpnProfile.TYPE_IPSEC_HYBRID_RSA:
- mView.findViewById(R.id.ipsec_ca).setVisibility(View.VISIBLE);
+ mView.findViewById(R.id.ipsec_peer).setVisibility(View.VISIBLE);
break;
}
}
if (mIpsecCaCert.getSelectedItemPosition() != 0) {
profile.ipsecCaCert = (String) mIpsecCaCert.getSelectedItem();
}
+ if (mIpsecServerCert.getSelectedItemPosition() != 0) {
+ profile.ipsecServerCert = (String) mIpsecServerCert.getSelectedItem();
+ }
break;
}
String ipsecSecret = ""; // 11
String ipsecUserCert = ""; // 12
String ipsecCaCert = ""; // 13
+ String ipsecServerCert = "";// 14
// Helper fields.
boolean saveLogin = false;
}
String[] values = new String(value, Charsets.UTF_8).split("\0", -1);
- // Currently it always has 14 fields.
- if (values.length < 14) {
+ // There can be 14 or 15 values in ICS MR1.
+ if (values.length < 14 || values.length > 15) {
return null;
}
profile.ipsecSecret = values[11];
profile.ipsecUserCert = values[12];
profile.ipsecCaCert = values[13];
+ profile.ipsecServerCert = (values.length > 14) ? values[14] : "";
profile.saveLogin = !profile.username.isEmpty() || !profile.password.isEmpty();
return profile;
builder.append('\0').append(ipsecSecret);
builder.append('\0').append(ipsecUserCert);
builder.append('\0').append(ipsecCaCert);
+ builder.append('\0').append(ipsecServerCert);
return builder.toString().getBytes(Charsets.UTF_8);
}
}
String privateKey = "";
String userCert = "";
String caCert = "";
+ String serverCert = "";
if (!profile.ipsecUserCert.isEmpty()) {
byte[] value = mKeyStore.get(Credentials.USER_PRIVATE_KEY + profile.ipsecUserCert);
privateKey = (value == null) ? null : new String(value, Charsets.UTF_8);
byte[] value = mKeyStore.get(Credentials.CA_CERTIFICATE + profile.ipsecCaCert);
caCert = (value == null) ? null : new String(value, Charsets.UTF_8);
}
- if (privateKey == null || userCert == null || caCert == null) {
+ if (!profile.ipsecServerCert.isEmpty()) {
+ byte[] value = mKeyStore.get(Credentials.USER_CERTIFICATE + profile.ipsecServerCert);
+ serverCert = (value == null) ? null : new String(value, Charsets.UTF_8);
+ }
+ if (privateKey == null || userCert == null || caCert == null || serverCert == null) {
// TODO: find out a proper way to handle this. Delete these keys?
throw new IllegalStateException("Cannot load credentials");
}
break;
case VpnProfile.TYPE_L2TP_IPSEC_RSA:
racoon = new String[] {
- interfaze, profile.server, "udprsa", privateKey, userCert, caCert, "1701",
+ interfaze, profile.server, "udprsa", privateKey, userCert,
+ caCert, serverCert, "1701",
};
break;
case VpnProfile.TYPE_IPSEC_XAUTH_PSK:
break;
case VpnProfile.TYPE_IPSEC_XAUTH_RSA:
racoon = new String[] {
- interfaze, profile.server, "xauthrsa", privateKey, userCert, caCert,
- profile.username, profile.password, "", gateway,
+ interfaze, profile.server, "xauthrsa", privateKey, userCert,
+ caCert, serverCert, profile.username, profile.password, "", gateway,
};
break;
case VpnProfile.TYPE_IPSEC_HYBRID_RSA:
racoon = new String[] {
- interfaze, profile.server, "hybridrsa", caCert,
- profile.username, profile.password, "", gateway,
+ interfaze, profile.server, "hybridrsa",
+ caCert, serverCert, profile.username, profile.password, "", gateway,
};
break;
}