android: Make excluded subnets configurable in the GUI
authorTobias Brunner <tobias@strongswan.org>
Wed, 21 Jun 2017 16:29:48 +0000 (18:29 +0200)
committerTobias Brunner <tobias@strongswan.org>
Mon, 3 Jul 2017 08:27:52 +0000 (10:27 +0200)
src/frontends/android/app/src/main/java/org/strongswan/android/ui/VpnProfileDetailActivity.java
src/frontends/android/app/src/main/res/layout/profile_detail_view.xml
src/frontends/android/app/src/main/res/values-de/strings.xml
src/frontends/android/app/src/main/res/values-pl/strings.xml
src/frontends/android/app/src/main/res/values-ru/strings.xml
src/frontends/android/app/src/main/res/values-ua/strings.xml
src/frontends/android/app/src/main/res/values-zh-rCN/strings.xml
src/frontends/android/app/src/main/res/values-zh-rTW/strings.xml
src/frontends/android/app/src/main/res/values/strings.xml

index bf64370..2be50e6 100644 (file)
@@ -65,6 +65,7 @@ import org.strongswan.android.security.TrustedCertificateEntry;
 import org.strongswan.android.ui.adapter.CertificateIdentitiesAdapter;
 import org.strongswan.android.ui.widget.TextInputLayoutHelper;
 import org.strongswan.android.utils.Constants;
+import org.strongswan.android.utils.IPRangeSet;
 
 import java.security.cert.X509Certificate;
 import java.util.UUID;
@@ -105,6 +106,8 @@ public class VpnProfileDetailActivity extends AppCompatActivity
        private TextInputLayoutHelper mMTUWrap;
        private EditText mPort;
        private TextInputLayoutHelper mPortWrap;
+       private EditText mExcludedSubnets;
+       private TextInputLayoutHelper mExcludedSubnetsWrap;
        private CheckBox mBlockIPv4;
        private CheckBox mBlockIPv6;
 
@@ -149,6 +152,8 @@ public class VpnProfileDetailActivity extends AppCompatActivity
                mMTUWrap = (TextInputLayoutHelper) findViewById(R.id.mtu_wrap);
                mPort = (EditText)findViewById(R.id.port);
                mPortWrap = (TextInputLayoutHelper) findViewById(R.id.port_wrap);
+               mExcludedSubnets = (EditText)findViewById(R.id.excluded_subnets);
+               mExcludedSubnetsWrap = (TextInputLayoutHelper)findViewById(R.id.excluded_subnets_wrap);
                mBlockIPv4 = (CheckBox)findViewById(R.id.split_tunneling_v4);
                mBlockIPv6 = (CheckBox)findViewById(R.id.split_tunneling_v6);
 
@@ -437,7 +442,8 @@ public class VpnProfileDetailActivity extends AppCompatActivity
                {
                        Integer st = mProfile.getSplitTunneling();
                        show = mProfile.getRemoteId() != null || mProfile.getMTU() != null ||
-                                  mProfile.getPort() != null || (st != null && st != 0);
+                                  mProfile.getPort() != null || (st != null && st != 0) ||
+                                  mProfile.getExcludedSubnets() != null;
                }
                mShowAdvanced.setVisibility(!show ? View.VISIBLE : View.GONE);
                mAdvancedSettings.setVisibility(show ? View.VISIBLE : View.GONE);
@@ -510,6 +516,11 @@ public class VpnProfileDetailActivity extends AppCompatActivity
                        mMTUWrap.setError(String.format(getString(R.string.alert_text_out_of_range), Constants.MTU_MIN, Constants.MTU_MAX));
                        valid = false;
                }
+               if (!validateSubnets(mExcludedSubnets))
+               {
+                       mExcludedSubnetsWrap.setError(getString(R.string.alert_text_no_subnets));
+                       valid = false;
+               }
                if (!validateInteger(mPort, 1, 65535))
                {
                        mPortWrap.setError(String.format(getString(R.string.alert_text_out_of_range), 1, 65535));
@@ -547,6 +558,8 @@ public class VpnProfileDetailActivity extends AppCompatActivity
                mProfile.setRemoteId(remote_id.isEmpty() ? null : remote_id);
                mProfile.setMTU(getInteger(mMTU));
                mProfile.setPort(getInteger(mPort));
+               String excluded = mExcludedSubnets.getText().toString().trim();
+               mProfile.setExcludedSubnets(excluded.isEmpty() ? null : excluded);
                int st = 0;
                st |= mBlockIPv4.isChecked() ? VpnProfile.SPLIT_TUNNELING_BLOCK_IPV4 : 0;
                st |= mBlockIPv6.isChecked() ? VpnProfile.SPLIT_TUNNELING_BLOCK_IPV6 : 0;
@@ -576,6 +589,7 @@ public class VpnProfileDetailActivity extends AppCompatActivity
                                mRemoteId.setText(mProfile.getRemoteId());
                                mMTU.setText(mProfile.getMTU() != null ? mProfile.getMTU().toString() : null);
                                mPort.setText(mProfile.getPort() != null ? mProfile.getPort().toString() : null);
+                               mExcludedSubnets.setText(mProfile.getExcludedSubnets());
                                mBlockIPv4.setChecked(mProfile.getSplitTunneling() != null && (mProfile.getSplitTunneling() & VpnProfile.SPLIT_TUNNELING_BLOCK_IPV4) != 0);
                                mBlockIPv6.setChecked(mProfile.getSplitTunneling() != null && (mProfile.getSplitTunneling() & VpnProfile.SPLIT_TUNNELING_BLOCK_IPV6) != 0);
                                useralias = mProfile.getUserCertificateAlias();
@@ -665,6 +679,17 @@ public class VpnProfileDetailActivity extends AppCompatActivity
                }
        }
 
+       /**
+        * Check that the value in the given text box is a valid list of subnets/ranges
+        *
+        * @param view text box
+        */
+       private boolean validateSubnets(EditText view)
+       {
+               String value = view.getText().toString().trim();
+               return value.isEmpty() || IPRangeSet.fromString(value) != null;
+       }
+
        private class SelectUserCertOnClickListener implements OnClickListener, KeyChainAliasCallback
        {
                @Override
index 08881b3..82880a1 100644 (file)
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <!--
-    Copyright (C) 2012-2016 Tobias Brunner
+    Copyright (C) 2012-2017 Tobias Brunner
     Copyright (C) 2012 Giuliano Grassi
     Copyright (C) 2012 Ralf Sager
     HSR Hochschule fuer Technik Rapperswil
                 android:layout_width="match_parent"
                 android:layout_height="wrap_content"
                 android:layout_marginTop="10dp"
+                android:layout_marginBottom="10dp"
                 android:layout_marginLeft="4dp"
-                android:textSize="12sp"
+                android:textSize="20sp"
                 android:text="@string/profile_split_tunneling_label" />
 
+            <org.strongswan.android.ui.widget.TextInputLayoutHelper
+                android:id="@+id/excluded_subnets_wrap"
+                android:layout_width="match_parent"
+                android:layout_height="wrap_content"
+                app:helper_text="@string/profile_excluded_subnets_hint" >
+
+                <android.support.design.widget.TextInputEditText
+                    android:id="@+id/excluded_subnets"
+                    android:layout_width="match_parent"
+                    android:layout_height="wrap_content"
+                    android:singleLine="true"
+                    android:inputType="textNoSuggestions"
+                    android:hint="@string/profile_excluded_subnets_label" />
+
+            </org.strongswan.android.ui.widget.TextInputLayoutHelper>
+
             <CheckBox
                 android:id="@+id/split_tunneling_v4"
                 android:layout_width="match_parent"
index 941c163..30e984e 100644 (file)
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <!--
-    Copyright (C) 2012-2016 Tobias Brunner
+    Copyright (C) 2012-2017 Tobias Brunner
     Copyright (C) 2012 Giuliano Grassi
     Copyright (C) 2012 Ralf Sager
     HSR Hochschule fuer Technik Rapperswil
@@ -82,6 +82,8 @@
     <string name="profile_split_tunneling_label">Split-Tunneling</string>
     <string name="profile_split_tunnelingv4_title">Blockiere IPv4 Verkehr der nicht für das VPN bestimmt ist</string>
     <string name="profile_split_tunnelingv6_title">Blockiere IPv6 Verkehr der nicht für das VPN bestimmt ist</string>
+    <string name="profile_excluded_subnets_label">Ausgeschlossene Subnetze</string>
+    <string name="profile_excluded_subnets_hint">Mit Leerzeichen getrennte Subnetze und/oder IP-Adressen, die vom VPN ausgeschlossen werden sollen (z.B. \"192.168.1.0/24 2001:db8::/64\")</string>
     <string name="profile_import">VPN Profile importieren</string>
     <string name="profile_import_failed">VPN Profil-Import fehlgeschlagen</string>
     <string name="profile_import_failed_detail">VPN Profil-Import fehlgeschlagen: %1$s</string>
     <string name="alert_text_nocertfound_title">Kein CA-Zertifikat ausgewählt</string>
     <string name="alert_text_nocertfound">Bitte wählen Sie eines aus oder aktivieren Sie <i>Automatisch wählen</i></string>
     <string name="alert_text_out_of_range">Bitte geben Sie eine Nummer von %1$d - %2$d ein</string>
+    <string name="alert_text_no_subnets">Bitte geben Sie mit Leerzeichen getrennte, gültige Subnetzte und/oder IP-Adressen ein</string>
     <string name="tnc_notice_title">EAP-TNC kann Ihre Privatsphäre beeinträchtigen</string>
     <string name="tnc_notice_subtitle">Gerätedaten werden an den Server-Betreiber gesendet</string>
     <string name="tnc_notice_details"><![CDATA[<p>Trusted Network Connect (TNC) erlaubt Server-Betreibern den Gesundheitszustand von Endgeräten zu prüfen.</p><p>Dazu kann der Betreiber Daten verlangen, wie etwa eine eindeutige Identifikationsnummer, eine Liste der installierten Pakete, Systemeinstellungen oder kryptografische Prüfsummen von Dateien.</p><b>Solche Daten werden nur übermittelt nachdem die Identität des Servers geprüft wurde.</b>]]></string>
index 08d11c6..6823ccd 100644 (file)
@@ -82,6 +82,8 @@
     <string name="profile_split_tunneling_label">Split tunneling</string>
     <string name="profile_split_tunnelingv4_title">Block IPv4 traffic not destined for the VPN</string>
     <string name="profile_split_tunnelingv6_title">Block IPv6 traffic not destined for the VPN</string>
+    <string name="profile_excluded_subnets_label">Excluded subnets</string>
+    <string name="profile_excluded_subnets_hint">Subnets and/or IP addresses, separated by spaces, to exclude from the VPN (e.g. \"192.168.1.0/24 2001:db8::/64\")</string>
     <string name="profile_import">Import VPN profile</string>
     <string name="profile_import_failed">Failed to import VPN profile</string>
     <string name="profile_import_failed_detail">Failed to import VPN profile: %1$s</string>
     <string name="alert_text_nocertfound_title">Nie wybrano żadnego certyfikatu CA</string>
     <string name="alert_text_nocertfound">Wybierz lub uaktywnij jeden <i>Wybierz automatycznie</i></string>
     <string name="alert_text_out_of_range">Please enter a number in the range from %1$d - %2$d</string>
+    <string name="alert_text_no_subnets">Please enter valid subnets and/or IP addresses, separated by spaces</string>
     <string name="tnc_notice_title">EAP-TNC may affect your privacy</string>
     <string name="tnc_notice_subtitle">Device data is sent to the server operator</string>
     <string name="tnc_notice_details"><![CDATA[<p>Trusted Network Connect (TNC) allows server operators to assess the health of a client device.</p><p>For that purpose the server operator may request data such as a unique identifier, a list of installed packages, system settings, or cryptographic checksums of files.</p><b>Any data will be sent only after verifying the server\'s identity.</b>]]></string>
index 092d734..eb24bc4 100644 (file)
@@ -79,6 +79,8 @@
     <string name="profile_split_tunneling_label">Split tunneling</string>
     <string name="profile_split_tunnelingv4_title">Block IPv4 traffic not destined for the VPN</string>
     <string name="profile_split_tunnelingv6_title">Block IPv6 traffic not destined for the VPN</string>
+    <string name="profile_excluded_subnets_label">Excluded subnets</string>
+    <string name="profile_excluded_subnets_hint">Subnets and/or IP addresses, separated by spaces, to exclude from the VPN (e.g. \"192.168.1.0/24 2001:db8::/64\")</string>
     <string name="profile_import">Import VPN profile</string>
     <string name="profile_import_failed">Failed to import VPN profile</string>
     <string name="profile_import_failed_detail">Failed to import VPN profile: %1$s</string>
@@ -95,6 +97,7 @@
     <string name="alert_text_nocertfound_title">Не выбран сертификат CA</string>
     <string name="alert_text_nocertfound">Пожалуйста выберите один <i>Выбрать автоматически</i></string>
     <string name="alert_text_out_of_range">Please enter a number in the range from %1$d - %2$d</string>
+    <string name="alert_text_no_subnets">Please enter valid subnets and/or IP addresses, separated by spaces</string>
     <string name="tnc_notice_title">EAP-TNC may affect your privacy</string>
     <string name="tnc_notice_subtitle">Device data is sent to the server operator</string>
     <string name="tnc_notice_details"><![CDATA[<p>Trusted Network Connect (TNC) allows server operators to assess the health of a client device.</p><p>For that purpose the server operator may request data such as a unique identifier, a list of installed packages, system settings, or cryptographic checksums of files.</p><b>Any data will be sent only after verifying the server\'s identity.</b>]]></string>
index b1b7103..dbae53c 100644 (file)
@@ -80,6 +80,8 @@
     <string name="profile_split_tunneling_label">Split tunneling</string>
     <string name="profile_split_tunnelingv4_title">Block IPv4 traffic not destined for the VPN</string>
     <string name="profile_split_tunnelingv6_title">Block IPv6 traffic not destined for the VPN</string>
+    <string name="profile_excluded_subnets_label">Excluded subnets</string>
+    <string name="profile_excluded_subnets_hint">Subnets and/or IP addresses, separated by spaces, to exclude from the VPN (e.g. \"192.168.1.0/24 2001:db8::/64\")</string>
     <string name="profile_import">Import VPN profile</string>
     <string name="profile_import_failed">Failed to import VPN profile</string>
     <string name="profile_import_failed_detail">Failed to import VPN profile: %1$s</string>
@@ -96,6 +98,7 @@
     <string name="alert_text_nocertfound_title">Не вибрано сертифікат CA</string>
     <string name="alert_text_nocertfound">Будь ласка виберіть один <i>Вибрати автоматично</i></string>
     <string name="alert_text_out_of_range">Please enter a number in the range from %1$d - %2$d</string>
+    <string name="alert_text_no_subnets">Please enter valid subnets and/or IP addresses, separated by spaces</string>
     <string name="tnc_notice_title">EAP-TNC may affect your privacy</string>
     <string name="tnc_notice_subtitle">Device data is sent to the server operator</string>
     <string name="tnc_notice_details"><![CDATA[<p>Trusted Network Connect (TNC) allows server operators to assess the health of a client device.</p><p>For that purpose the server operator may request data such as a unique identifier, a list of installed packages, system settings, or cryptographic checksums of files.</p><b>Any data will be sent only after verifying the server\'s identity.</b>]]></string>
index e9ad8e0..bae1c37 100644 (file)
@@ -79,6 +79,8 @@
     <string name="profile_split_tunneling_label">拆分隧道</string>
     <string name="profile_split_tunnelingv4_title">屏蔽不通过VPN的IPV4流量</string>
     <string name="profile_split_tunnelingv6_title">屏蔽不通过VPN的IPV6流量</string>
+    <string name="profile_excluded_subnets_label">Excluded subnets</string>
+    <string name="profile_excluded_subnets_hint">Subnets and/or IP addresses, separated by spaces, to exclude from the VPN (e.g. \"192.168.1.0/24 2001:db8::/64\")</string>
     <string name="profile_import">导入VPN配置</string>
     <string name="profile_import_failed">导入VPN配置失败</string>
     <string name="profile_import_failed_detail">导入VPN配置失败: %1$s</string>
@@ -95,6 +97,7 @@
     <string name="alert_text_nocertfound_title">未选择CA证书</string>
     <string name="alert_text_nocertfound">请选择一项或激活 <i>自动选择</i></string>
     <string name="alert_text_out_of_range">请输入一个数字范围从%1$d到%2$d</string>
+    <string name="alert_text_no_subnets">Please enter valid subnets and/or IP addresses, separated by spaces</string>
     <string name="tnc_notice_title">EAP-TNC可能会影响您的隐私</string>
     <string name="tnc_notice_subtitle">设备数据已被发送至服务器管理员</string>
     <string name="tnc_notice_details"><![CDATA[<p>Trusted Network Connect (TNC) 允许服务器管理员评定一个用户设备的状况。</p><p>出于此目的,服务器管理员可能要求以下数据如独立ID、已安装软件列表、系统设置、或加密过的文件校验值。</p><b>任何数据都仅将在验证过服务器的身份ID之后被发出。</b>]]></string>
index 3be4a6d..ccd645f 100644 (file)
@@ -79,6 +79,8 @@
     <string name="profile_split_tunneling_label">拆分隧道</string>
     <string name="profile_split_tunnelingv4_title">屏蔽不通过VPN的IPV4流量</string>
     <string name="profile_split_tunnelingv6_title">屏蔽不通过VPN的IPV6流量</string>
+    <string name="profile_excluded_subnets_label">Excluded subnets</string>
+    <string name="profile_excluded_subnets_hint">Subnets and/or IP addresses, separated by spaces, to exclude from the VPN (e.g. \"192.168.1.0/24 2001:db8::/64\")</string>
     <string name="profile_import">匯入VPN設定檔</string>
     <string name="profile_import_failed">匯入VPN設定檔失敗</string>
     <string name="profile_import_failed_detail">匯入VPN設定檔失敗: %1$s</string>
@@ -95,6 +97,7 @@
     <string name="alert_text_nocertfound_title">沒有選擇CA憑證</string>
     <string name="alert_text_nocertfound">請選擇一項或啟動 <i>自動選擇</i></string>
     <string name="alert_text_out_of_range">請輸入一個數字範圍從%1$d到%2$d</string>
+    <string name="alert_text_no_subnets">Please enter valid subnets and/or IP addresses, separated by spaces</string>
     <string name="tnc_notice_title">EAP-TNC可能會影響您的隱私安全</string>
     <string name="tnc_notice_subtitle">裝置資料已經發送給伺服器管理者</string>
     <string name="tnc_notice_details"><![CDATA[<p>Trusted Network Connect (TNC) 可以讓伺服器管理者評估用戶裝置的狀況。</p><p>在這個目的下,伺服器管理者可能會要求以下資料,例如ID、已安裝的App項目、系統設定、或加密檔案驗證值。</p><b>任何資料都只有在驗證伺服器的身分ID之後才會被送出。</b>]]></string>
index 1e9a0ee..6f1bd4b 100644 (file)
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <!--
-    Copyright (C) 2012-2016 Tobias Brunner
+    Copyright (C) 2012-2017 Tobias Brunner
     Copyright (C) 2012 Giuliano Grassi
     Copyright (C) 2012 Ralf Sager
     HSR Hochschule fuer Technik Rapperswil
@@ -82,6 +82,8 @@
     <string name="profile_split_tunneling_label">Split tunneling</string>
     <string name="profile_split_tunnelingv4_title">Block IPv4 traffic not destined for the VPN</string>
     <string name="profile_split_tunnelingv6_title">Block IPv6 traffic not destined for the VPN</string>
+    <string name="profile_excluded_subnets_label">Excluded subnets</string>
+    <string name="profile_excluded_subnets_hint">Subnets and/or IP addresses, separated by spaces, to exclude from the VPN (e.g. \"192.168.1.0/24 2001:db8::/64\")</string>
     <string name="profile_import">Import VPN profile</string>
     <string name="profile_import_failed">Failed to import VPN profile</string>
     <string name="profile_import_failed_detail">Failed to import VPN profile: %1$s</string>
     <string name="alert_text_nocertfound_title">No CA certificate selected</string>
     <string name="alert_text_nocertfound">Please select one or activate <i>Select automatically</i></string>
     <string name="alert_text_out_of_range">Please enter a number in the range from %1$d - %2$d</string>
+    <string name="alert_text_no_subnets">Please enter valid subnets and/or IP addresses, separated by spaces</string>
     <string name="tnc_notice_title">EAP-TNC may affect your privacy</string>
     <string name="tnc_notice_subtitle">Device data is sent to the server operator</string>
     <string name="tnc_notice_details"><![CDATA[<p>Trusted Network Connect (TNC) allows server operators to assess the health of a client device.</p><p>For that purpose the server operator may request data such as a unique identifier, a list of installed packages, system settings, or cryptographic checksums of files.</p><b>Any data will be sent only after verifying the server\'s identity.</b>]]></string>