android: Encode connection settings as single Java string argument
[strongswan.git] / src / frontends / android / jni / libandroidbridge / backend / android_service.c
index 896bb09..b11e664 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2010-2014 Tobias Brunner
+ * Copyright (C) 2010-2015 Tobias Brunner
  * Copyright (C) 2012 Giuliano Grassi
  * Copyright (C) 2012 Ralf Sager
  * Hochschule fuer Technik Rapperswil
@@ -55,24 +55,9 @@ struct private_android_service_t {
        ike_sa_t *ike_sa;
 
        /**
-        * the type of VPN
+        * configuration setttings
         */
-       char *type;
-
-       /**
-        * gateway
-        */
-       char *gateway;
-
-       /**
-        * username
-        */
-       char *username;
-
-       /**
-        * password
-        */
-       char *password;
+       settings_t *settings;
 
        /**
         * lock to safely access the TUN device fd
@@ -621,6 +606,7 @@ static void add_auth_cfg_pw(private_android_service_t *this,
 {
        identification_t *user;
        auth_cfg_t *auth;
+       char *username, *password;
 
        auth = auth_cfg_create();
        auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_EAP);
@@ -629,12 +615,14 @@ static void add_auth_cfg_pw(private_android_service_t *this,
                auth->add(auth, AUTH_RULE_EAP_TYPE, EAP_TTLS);
        }
 
-       user = identification_create_from_string(this->username);
+       username = this->settings->get_str(this->settings, "connection.username",
+                                                                          NULL);
+       password = this->settings->get_str(this->settings, "connection.password",
+                                                                          NULL);
+       user = identification_create_from_string(username);
        auth->add(auth, AUTH_RULE_IDENTITY, user);
 
-       this->creds->add_username_password(this->creds, this->username,
-                                                                          this->password);
-       memwipe(this->password, strlen(this->password));
+       this->creds->add_username_password(this->creds, username, password);
        peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE);
 }
 
@@ -644,6 +632,7 @@ static bool add_auth_cfg_cert(private_android_service_t *this,
        certificate_t *cert;
        identification_t *id;
        auth_cfg_t *auth;
+       char *type;
 
        cert = this->creds->load_user_certificate(this->creds);
        if (!cert)
@@ -651,8 +640,9 @@ static bool add_auth_cfg_cert(private_android_service_t *this,
                return FALSE;
        }
 
+       type = this->settings->get_str(this->settings, "connection.type", NULL);
        auth = auth_cfg_create();
-       if (strpfx("ikev2-eap-tls", this->type))
+       if (strpfx("ikev2-eap-tls", type))
        {
                auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_EAP);
                auth->add(auth, AUTH_RULE_EAP_TYPE, EAP_TLS);
@@ -687,11 +677,12 @@ static job_requeue_t initiate(private_android_service_t *this)
                        .jitter = 300 /* 5min */
                }
        };
+       char *type, *server;
 
+       server = this->settings->get_str(this->settings, "connection.server", NULL);
        ike_cfg = ike_cfg_create(IKEV2, TRUE, TRUE, "0.0.0.0",
                                                         charon->socket->get_port(charon->socket, FALSE),
-                                                        this->gateway, IKEV2_UDP_PORT,
-                                                        FRAGMENTATION_YES, 0);
+                                                        server, IKEV2_UDP_PORT, FRAGMENTATION_YES, 0);
        ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE));
        ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE));
 
@@ -705,10 +696,11 @@ static job_requeue_t initiate(private_android_service_t *this)
        peer_cfg->add_virtual_ip(peer_cfg, host_create_any(AF_INET));
        peer_cfg->add_virtual_ip(peer_cfg, host_create_any(AF_INET6));
 
+       type = this->settings->get_str(this->settings, "connection.type", NULL);
        /* local auth config */
-       if (streq("ikev2-cert", this->type) ||
-               streq("ikev2-cert-eap", this->type) ||
-               streq("ikev2-eap-tls", this->type))
+       if (streq("ikev2-cert", type) ||
+               streq("ikev2-cert-eap", type) ||
+               streq("ikev2-eap-tls", type))
        {
                if (!add_auth_cfg_cert(this, peer_cfg))
                {
@@ -718,16 +710,16 @@ static job_requeue_t initiate(private_android_service_t *this)
                        return JOB_REQUEUE_NONE;
                }
        }
-       if (streq("ikev2-eap", this->type) ||
-               streq("ikev2-cert-eap", this->type) ||
-               streq("ikev2-byod-eap", this->type))
+       if (streq("ikev2-eap", type) ||
+               streq("ikev2-cert-eap", type) ||
+               streq("ikev2-byod-eap", type))
        {
-               add_auth_cfg_pw(this, peer_cfg, strpfx(this->type, "ikev2-byod"));
+               add_auth_cfg_pw(this, peer_cfg, strpfx(type, "ikev2-byod"));
        }
 
        /* remote auth config */
        auth = auth_cfg_create();
-       gateway = identification_create_from_string(this->gateway);
+       gateway = identification_create_from_string(server);
        auth->add(auth, AUTH_RULE_IDENTITY, gateway);
        auth->add(auth, AUTH_RULE_IDENTITY_LOOSE, TRUE);
        auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
@@ -806,23 +798,15 @@ METHOD(android_service_t, destroy, void,
        close_tun_device(this);
        this->dns_proxy->destroy(this->dns_proxy);
        this->lock->destroy(this->lock);
-       free(this->type);
-       free(this->gateway);
-       free(this->username);
-       if (this->password)
-       {
-               memwipe(this->password, strlen(this->password));
-               free(this->password);
-       }
+       this->settings->destroy(this->settings);
        free(this);
 }
 
 /**
  * See header
  */
-android_service_t *android_service_create(android_creds_t *creds, char *type,
-                                                                                 char *gateway, char *username,
-                                                                                 char *password)
+android_service_t *android_service_create(android_creds_t *creds,
+                                                                                 settings_t *settings)
 {
        private_android_service_t *this;
 
@@ -840,15 +824,13 @@ android_service_t *android_service_create(android_creds_t *creds, char *type,
                },
                .lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
                .dns_proxy = android_dns_proxy_create(),
-               .username = username,
-               .password = password,
-               .gateway = gateway,
+               .settings = settings,
                .creds = creds,
-               .type = type,
                .tunfd = -1,
        );
        /* only allow queries for the VPN gateway */
-       this->dns_proxy->add_hostname(this->dns_proxy, gateway);
+       this->dns_proxy->add_hostname(this->dns_proxy,
+                       this->settings->get_str(this->settings, "connection.server", NULL));
 
        charon->bus->add_listener(charon->bus, &this->public.listener);