diff options
author | Tobias Brunner <tobias@strongswan.org> | 2012-08-28 17:11:55 +0200 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2012-08-31 18:24:46 +0200 |
commit | c89cc2269259fcc2ea140e199cef9eff230e4e80 (patch) | |
tree | d4407e7f96e7164dbf02a502d6f23b5c5c4ce161 /src/frontends | |
parent | 094a059bcfdb0589f864b373fb694e87a86a8b19 (diff) | |
download | strongswan-c89cc2269259fcc2ea140e199cef9eff230e4e80.tar.bz2 strongswan-c89cc2269259fcc2ea140e199cef9eff230e4e80.tar.xz |
android: Native parts handle ikev2-cert VPN type
Diffstat (limited to 'src/frontends')
3 files changed, 71 insertions, 16 deletions
diff --git a/src/frontends/android/jni/libandroidbridge/backend/android_service.c b/src/frontends/android/jni/libandroidbridge/backend/android_service.c index dfc0d2342..29b6d45af 100644 --- a/src/frontends/android/jni/libandroidbridge/backend/android_service.c +++ b/src/frontends/android/jni/libandroidbridge/backend/android_service.c @@ -44,11 +44,21 @@ struct private_android_service_t { android_service_t public; /** + * credential set + */ + android_creds_t *creds; + + /** * current IKE_SA */ ike_sa_t *ike_sa; /** + * the type of VPN + */ + char *type; + + /** * local ipv4 address */ char *local_address; @@ -64,6 +74,11 @@ struct private_android_service_t { char *username; /** + * password + */ + char *password; + + /** * lock to safely access the TUN device fd */ rwlock_t *lock; @@ -430,12 +445,42 @@ static job_requeue_t initiate(private_android_service_t *this) host_create_from_string("0.0.0.0", 0) /* virt */, NULL, FALSE, NULL, NULL); /* pool, mediation */ + /* local auth config */ + if (streq("ikev2-eap", this->type)) + { + auth = auth_cfg_create(); + auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_EAP); + user = identification_create_from_string(this->username); + auth->add(auth, AUTH_RULE_IDENTITY, user); + + this->creds->add_username_password(this->creds, this->username, + this->password); + memwipe(this->password, strlen(this->password)); + peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE); + } + else if (streq("ikev2-cert", this->type)) + { + certificate_t *cert; + identification_t *id; - auth = auth_cfg_create(); - auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_EAP); - user = identification_create_from_string(this->username); - auth->add(auth, AUTH_RULE_IDENTITY, user); - peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE); + cert = this->creds->load_user_certificate(this->creds); + if (!cert) + { + peer_cfg->destroy(peer_cfg); + charonservice->update_status(charonservice, + CHARONSERVICE_GENERIC_ERROR); + return JOB_REQUEUE_NONE; + + } + auth = auth_cfg_create(); + auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); + auth->add(auth, AUTH_RULE_SUBJECT_CERT, cert); + id = cert->get_subject(cert); + auth->add(auth, AUTH_RULE_IDENTITY, id->clone(id)); + peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE); + } + + /* remote auth config */ auth = auth_cfg_create(); auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); gateway = identification_create_from_string(this->gateway); @@ -492,17 +537,24 @@ METHOD(android_service_t, destroy, void, /* make sure the tun device is actually closed */ close_tun_device(this); this->lock->destroy(this->lock); + free(this->type); free(this->local_address); - free(this->username); free(this->gateway); + free(this->username); + if (this->password) + { + memwipe(this->password, strlen(this->password)); + free(this->password); + } free(this); } /** * See header */ -android_service_t *android_service_create(char *local_address, char *gateway, - char *username) +android_service_t *android_service_create(android_creds_t *creds, char *type, + char *local_address, char *gateway, + char *username, char *password) { private_android_service_t *this; @@ -520,7 +572,10 @@ android_service_t *android_service_create(char *local_address, char *gateway, .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), .local_address = local_address, .username = username, + .password = password, .gateway = gateway, + .creds = creds, + .type = type, .tunfd = -1, ); diff --git a/src/frontends/android/jni/libandroidbridge/backend/android_service.h b/src/frontends/android/jni/libandroidbridge/backend/android_service.h index a7bd8b059..52c3dc5c8 100644 --- a/src/frontends/android/jni/libandroidbridge/backend/android_service.h +++ b/src/frontends/android/jni/libandroidbridge/backend/android_service.h @@ -51,11 +51,15 @@ struct android_service_t { * Create an Android service instance. Queues a job that starts initiation of a * new IKE SA. * + * @param creds Android specific credential set + * @param type VPN type (see VpnType.java) * @param local_address local ip address * @param gateway gateway address * @param username user name (local identity) + * @param password password (if any) */ -android_service_t *android_service_create(char *local_address, char *gateway, - char *username); +android_service_t *android_service_create(android_creds_t *creds, char *type, + char *local_address, char *gateway, + char *username, char *password); #endif /** ANDROID_SERVICE_H_ @}*/ diff --git a/src/frontends/android/jni/libandroidbridge/charonservice.c b/src/frontends/android/jni/libandroidbridge/charonservice.c index 8d07dd5b6..59ec62fc7 100644 --- a/src/frontends/android/jni/libandroidbridge/charonservice.c +++ b/src/frontends/android/jni/libandroidbridge/charonservice.c @@ -310,13 +310,9 @@ static void initiate(char *type, char *local, char *gateway, private_charonservice_t *this = (private_charonservice_t*)charonservice; this->creds->clear(this->creds); - this->creds->add_username_password(this->creds, username, password); - memwipe(password, strlen(password)); - free(password); - DESTROY_IF(this->service); - this->service = android_service_create(local, gateway, username); - free(type); + this->service = android_service_create(this->creds, type, local, gateway, + username, password); } /** |