android: Allow configuration of client identity for all authentication types
authorTobias Brunner <tobias@strongswan.org>
Tue, 8 Oct 2019 13:02:30 +0000 (15:02 +0200)
committerTobias Brunner <tobias@strongswan.org>
Tue, 15 Oct 2019 15:05:56 +0000 (17:05 +0200)
This replaces the drop-down box to select certificate identities with a
text field (in the advanced settings) with auto-completion for SANs
contained in the certificate.

The field is always shown and allows using an IKE identity different from
the username for EAP authentication (e.g. to configure a more complete
identity to select a specific config on the server).

Fixes #3134.

src/frontends/android/app/src/main/java/org/strongswan/android/ui/VpnProfileDetailActivity.java
src/frontends/android/app/src/main/java/org/strongswan/android/ui/adapter/CertificateIdentitiesAdapter.java
src/frontends/android/app/src/main/java/org/strongswan/android/ui/adapter/VpnProfileAdapter.java
src/frontends/android/app/src/main/res/layout/profile_detail_view.xml
src/frontends/android/app/src/main/res/values-de/strings.xml
src/frontends/android/app/src/main/res/values-pl/strings.xml
src/frontends/android/app/src/main/res/values-ru/strings.xml
src/frontends/android/app/src/main/res/values-ua/strings.xml
src/frontends/android/app/src/main/res/values-zh-rCN/strings.xml
src/frontends/android/app/src/main/res/values-zh-rTW/strings.xml
src/frontends/android/app/src/main/res/values/strings.xml

index 94bb21c..eaed550 100644 (file)
@@ -90,7 +90,6 @@ public class VpnProfileDetailActivity extends AppCompatActivity
        private TrustedCertificateEntry mCertEntry;
        private String mUserCertLoading;
        private CertificateIdentitiesAdapter mSelectUserIdAdapter;
-       private String mSelectedUserId;
        private TrustedCertificateEntry mUserCertEntry;
        private VpnType mVpnType = VpnType.IKEV2_EAP;
        private SelectedAppsHandling mSelectedAppsHandling = SelectedAppsHandling.SELECTED_APPS_DISABLE;
@@ -107,7 +106,6 @@ public class VpnProfileDetailActivity extends AppCompatActivity
        private EditText mPassword;
        private ViewGroup mUserCertificate;
        private RelativeLayout mSelectUserCert;
-       private Spinner mSelectUserId;
        private CheckBox mCheckAuto;
        private RelativeLayout mSelectCert;
        private RelativeLayout mTncNotice;
@@ -115,6 +113,8 @@ public class VpnProfileDetailActivity extends AppCompatActivity
        private ViewGroup mAdvancedSettings;
        private MultiAutoCompleteTextView mRemoteId;
        private TextInputLayoutHelper mRemoteIdWrap;
+       private MultiAutoCompleteTextView mLocalId;
+       private TextInputLayoutHelper mLocalIdWrap;
        private EditText mMTU;
        private TextInputLayoutHelper mMTUWrap;
        private EditText mPort;
@@ -170,7 +170,6 @@ public class VpnProfileDetailActivity extends AppCompatActivity
 
                mUserCertificate = (ViewGroup)findViewById(R.id.user_certificate_group);
                mSelectUserCert = (RelativeLayout)findViewById(R.id.select_user_certificate);
-               mSelectUserId = (Spinner)findViewById(R.id.select_user_id);
 
                mCheckAuto = (CheckBox)findViewById(R.id.ca_auto);
                mSelectCert = (RelativeLayout)findViewById(R.id.select_certificate);
@@ -180,6 +179,8 @@ public class VpnProfileDetailActivity extends AppCompatActivity
 
                mRemoteId = (MultiAutoCompleteTextView)findViewById(R.id.remote_id);
                mRemoteIdWrap = (TextInputLayoutHelper) findViewById(R.id.remote_id_wrap);
+               mLocalId = findViewById(R.id.local_id);
+               mLocalIdWrap = findViewById(R.id.local_id_wrap);
                mDnsServers = findViewById(R.id.dns_servers);
                mDnsServersWrap = findViewById(R.id.dns_servers_wrap);
                mMTU = (EditText)findViewById(R.id.mtu);
@@ -216,6 +217,7 @@ public class VpnProfileDetailActivity extends AppCompatActivity
                final SpaceTokenizer spaceTokenizer = new SpaceTokenizer();
                mName.setTokenizer(spaceTokenizer);
                mRemoteId.setTokenizer(spaceTokenizer);
+               mLocalId.setTokenizer(spaceTokenizer);
                final ArrayAdapter<String> gatewayAdapter = new ArrayAdapter<>(this, android.R.layout.simple_dropdown_item_1line);
                mName.setAdapter(gatewayAdapter);
                mRemoteId.setAdapter(gatewayAdapter);
@@ -280,23 +282,7 @@ public class VpnProfileDetailActivity extends AppCompatActivity
 
                mSelectUserCert.setOnClickListener(new SelectUserCertOnClickListener());
                mSelectUserIdAdapter = new CertificateIdentitiesAdapter(this);
-               mSelectUserId.setAdapter(mSelectUserIdAdapter);
-               mSelectUserId.setOnItemSelectedListener(new OnItemSelectedListener() {
-                       @Override
-                       public void onItemSelected(AdapterView<?> parent, View view, int position, long id)
-                       {
-                               if (mUserCertEntry != null)
-                               {       /* we don't store the subject DN as it is in the reverse order and the default anyway */
-                                       mSelectedUserId = position == 0 ? null : mSelectUserIdAdapter.getItem(position);
-                               }
-                       }
-
-                       @Override
-                       public void onNothingSelected(AdapterView<?> parent)
-                       {
-                               mSelectedUserId = null;
-                       }
-               });
+               mLocalId.setAdapter(mSelectUserIdAdapter);
 
                mCheckAuto.setOnCheckedChangeListener(new OnCheckedChangeListener() {
                        @Override
@@ -384,10 +370,6 @@ public class VpnProfileDetailActivity extends AppCompatActivity
                {
                        outState.putString(VpnProfileDataSource.KEY_USER_CERTIFICATE, mUserCertEntry.getAlias());
                }
-               if (mSelectedUserId != null)
-               {
-                       outState.putString(VpnProfileDataSource.KEY_LOCAL_ID, mSelectedUserId);
-               }
                if (mCertEntry != null)
                {
                        outState.putString(VpnProfileDataSource.KEY_CERTIFICATE, mCertEntry.getAlias());
@@ -455,10 +437,10 @@ public class VpnProfileDetailActivity extends AppCompatActivity
                mUsernamePassword.setVisibility(mVpnType.has(VpnTypeFeature.USER_PASS) ? View.VISIBLE : View.GONE);
                mUserCertificate.setVisibility(mVpnType.has(VpnTypeFeature.CERTIFICATE) ? View.VISIBLE : View.GONE);
                mTncNotice.setVisibility(mVpnType.has(VpnTypeFeature.BYOD) ? View.VISIBLE : View.GONE);
+               mLocalIdWrap.setHelperText(getString(R.string.profile_local_id_hint_user));
 
                if (mVpnType.has(VpnTypeFeature.CERTIFICATE))
                {
-                       mSelectUserId.setEnabled(false);
                        if (mUserCertLoading != null)
                        {
                                ((TextView)mSelectUserCert.findViewById(android.R.id.text1)).setText(mUserCertLoading);
@@ -470,8 +452,6 @@ public class VpnProfileDetailActivity extends AppCompatActivity
                                ((TextView)mSelectUserCert.findViewById(android.R.id.text1)).setText(mUserCertEntry.getAlias());
                                ((TextView)mSelectUserCert.findViewById(android.R.id.text2)).setText(mUserCertEntry.getCertificate().getSubjectDN().toString());
                                mSelectUserIdAdapter.setCertificate(mUserCertEntry);
-                               mSelectUserId.setSelection(mSelectUserIdAdapter.getPosition(mSelectedUserId));
-                               mSelectUserId.setEnabled(true);
                        }
                        else
                        {
@@ -479,6 +459,7 @@ public class VpnProfileDetailActivity extends AppCompatActivity
                                ((TextView)mSelectUserCert.findViewById(android.R.id.text2)).setText(R.string.profile_user_select_certificate);
                                mSelectUserIdAdapter.setCertificate(null);
                        }
+                       mLocalIdWrap.setHelperText(getString(R.string.profile_local_id_hint_cert));
                }
        }
 
@@ -580,7 +561,7 @@ public class VpnProfileDetailActivity extends AppCompatActivity
                                   mProfile.getIncludedSubnets() != null || mProfile.getExcludedSubnets() != null ||
                                   mProfile.getSelectedAppsHandling() != SelectedAppsHandling.SELECTED_APPS_DISABLE ||
                                   mProfile.getIkeProposal() != null || mProfile.getEspProposal() != null ||
-                                  mProfile.getDnsServers() != null;
+                                  mProfile.getDnsServers() != null || mProfile.getLocalId() != null;
                }
                mShowAdvanced.setVisibility(!show ? View.VISIBLE : View.GONE);
                mAdvancedSettings.setVisibility(show ? View.VISIBLE : View.GONE);
@@ -717,11 +698,11 @@ public class VpnProfileDetailActivity extends AppCompatActivity
                if (mVpnType.has(VpnTypeFeature.CERTIFICATE))
                {
                        mProfile.setUserCertificateAlias(mUserCertEntry.getAlias());
-                       mProfile.setLocalId(mSelectedUserId);
                }
                String certAlias = mCheckAuto.isChecked() ? null : mCertEntry.getAlias();
                mProfile.setCertificateAlias(certAlias);
                mProfile.setRemoteId(getString(mRemoteId));
+               mProfile.setLocalId(getString(mLocalId));
                mProfile.setMTU(getInteger(mMTU));
                mProfile.setPort(getInteger(mPort));
                mProfile.setNATKeepAlive(getInteger(mNATKeepalive));
@@ -767,6 +748,7 @@ public class VpnProfileDetailActivity extends AppCompatActivity
                                mUsername.setText(mProfile.getUsername());
                                mPassword.setText(mProfile.getPassword());
                                mRemoteId.setText(mProfile.getRemoteId());
+                               mLocalId.setText(mProfile.getLocalId());
                                mMTU.setText(mProfile.getMTU() != null ? mProfile.getMTU().toString() : null);
                                mPort.setText(mProfile.getPort() != null ? mProfile.getPort().toString() : null);
                                mNATKeepalive.setText(mProfile.getNATKeepAlive() != null ? mProfile.getNATKeepAlive().toString() : null);
@@ -803,12 +785,10 @@ public class VpnProfileDetailActivity extends AppCompatActivity
 
                /* check if the user selected a user certificate previously */
                useralias = savedInstanceState == null ? useralias : savedInstanceState.getString(VpnProfileDataSource.KEY_USER_CERTIFICATE);
-               local_id = savedInstanceState == null ? local_id : savedInstanceState.getString(VpnProfileDataSource.KEY_LOCAL_ID);
                if (useralias != null)
                {
                        UserCertificateLoader loader = new UserCertificateLoader(this, useralias);
                        mUserCertLoading = useralias;
-                       mSelectedUserId = local_id;
                        loader.execute();
                }
 
index c8e3df3..912f524 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2016 Tobias Brunner
+ * Copyright (C) 2016-2019 Tobias Brunner
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
 package org.strongswan.android.ui.adapter;
 
 import android.content.Context;
-import android.view.LayoutInflater;
-import android.view.View;
-import android.view.ViewGroup;
 import android.widget.ArrayAdapter;
-import android.widget.TextView;
 
-import org.strongswan.android.R;
 import org.strongswan.android.security.TrustedCertificateEntry;
 
-import java.util.List;
-
 public class CertificateIdentitiesAdapter extends ArrayAdapter<String>
 {
        TrustedCertificateEntry mCertificate;
@@ -51,14 +44,8 @@ public class CertificateIdentitiesAdapter extends ArrayAdapter<String>
 
        private void extractIdentities()
        {
-               if (mCertificate == null)
-               {
-                       add(getContext().getString(R.string.profile_user_select_id_init));
-               }
-               else
+               if (mCertificate != null)
                {
-                       add(String.format(getContext().getString(R.string.profile_user_select_id_default),
-                                                         mCertificate.getCertificate().getSubjectDN().getName()));
                        addAll(mCertificate.getSubjectAltNames());
                }
        }
index f1ff1c6..d920174 100644 (file)
 
 package org.strongswan.android.ui.adapter;
 
-import java.util.Collections;
-import java.util.Comparator;
-import java.util.List;
-
-import org.strongswan.android.R;
-import org.strongswan.android.data.VpnProfile;
-import org.strongswan.android.data.VpnType.VpnTypeFeature;
-
 import android.content.Context;
 import android.view.LayoutInflater;
 import android.view.View;
@@ -32,6 +24,14 @@ import android.view.ViewGroup;
 import android.widget.ArrayAdapter;
 import android.widget.TextView;
 
+import org.strongswan.android.R;
+import org.strongswan.android.data.VpnProfile;
+import org.strongswan.android.data.VpnType.VpnTypeFeature;
+
+import java.util.Collections;
+import java.util.Comparator;
+import java.util.List;
+
 public class VpnProfileAdapter extends ArrayAdapter<VpnProfile>
 {
        private final int resource;
@@ -74,7 +74,7 @@ public class VpnProfileAdapter extends ArrayAdapter<VpnProfile>
                                 profile.getLocalId() != null)
                {
                        tv.setVisibility(View.VISIBLE);
-                       tv.setText(getContext().getString(R.string.profile_user_select_id_label) + ": " + profile.getLocalId());
+                       tv.setText(getContext().getString(R.string.profile_local_id_label) + ": " + profile.getLocalId());
                }
                else
                {
index 0adbe6e..acab0b2 100644 (file)
@@ -73,6 +73,7 @@
                 android:id="@+id/username_wrap"
                 android:layout_width="match_parent"
                 android:layout_height="wrap_content"
+                android:layout_marginTop="4dp"
                 android:hint="@string/profile_username_label" >
 
                 <com.google.android.material.textfield.TextInputEditText
                 android:id="@+id/select_user_certificate"
                 layout="@layout/two_line_button" />
 
-            <TextView
-                android:layout_width="match_parent"
-                android:layout_height="wrap_content"
-                android:layout_marginTop="4dp"
-                android:layout_marginLeft="4dp"
-                android:textSize="12sp"
-                android:text="@string/profile_user_select_id_label" />
-
-            <Spinner
-                android:id="@+id/select_user_id"
-                android:layout_width="match_parent"
-                android:layout_height="wrap_content"
-                android:spinnerMode="dropdown" />
-
         </LinearLayout>
 
         <TextView
             </org.strongswan.android.ui.widget.TextInputLayoutHelper>
 
             <org.strongswan.android.ui.widget.TextInputLayoutHelper
+                android:id="@+id/local_id_wrap"
+                android:layout_width="match_parent"
+                android:layout_height="wrap_content"
+                android:hint="@string/profile_local_id_label"
+                app:helper_text="@string/profile_local_id_hint_user" >
+
+                <MultiAutoCompleteTextView
+                    android:id="@+id/local_id"
+                    android:layout_width="match_parent"
+                    android:layout_height="wrap_content"
+                    android:singleLine="true"
+                    android:inputType="textNoSuggestions"
+                    android:completionThreshold="0" />
+
+            </org.strongswan.android.ui.widget.TextInputLayoutHelper>
+
+            <org.strongswan.android.ui.widget.TextInputLayoutHelper
                 android:id="@+id/dns_servers_wrap"
                 android:layout_width="match_parent"
                 android:layout_height="wrap_content"
index 77542aa..fcd14ea 100644 (file)
@@ -73,9 +73,6 @@
     <string name="profile_user_certificate_label">Benutzer-Zertifikat</string>
     <string name="profile_user_select_certificate_label">Benutzer-Zertifikat auswählen</string>
     <string name="profile_user_select_certificate">Wählen Sie ein bestimmtes Benutzer-Zertifikat</string>
-    <string name="profile_user_select_id_label">Benutzer-Identität</string>
-    <string name="profile_user_select_id_init">Wählen Sie zuerst ein Benutzer-Zertifikat</string>
-    <string name="profile_user_select_id_default">Standardwert (%1$s)</string>
     <string name="profile_ca_label">CA-Zertifikat</string>
     <string name="profile_ca_auto_label">Automatisch wählen</string>
     <string name="profile_ca_select_certificate_label">CA-Zertifikat auswählen</string>
@@ -85,6 +82,9 @@
     <string name="profile_remote_id_label">Server-Identität</string>
     <string name="profile_remote_id_hint">Standardwert ist der konfigurierte Server. Eigene Werte werden explizit an den Server gesendet und während der Authentifizierung erzwungen</string>
     <string name="profile_remote_id_hint_gateway">Standardwert ist \"%1$s\". Eigene Werte werden explizit an den Server gesendet und während der Authentifizierung erzwungen</string>
+    <string name="profile_local_id_label">Client-Identität</string>
+    <string name="profile_local_id_hint_user">Standardwert ist der konfigurierte Benutzername. Eigene Werte können verwendet werden, falls der Server diese erwartet/benötigt</string>
+    <string name="profile_local_id_hint_cert">Standardwert ist die Inhaber-Identität des Zertifkats. Eigene Werte können verwendet werden, falls der Server diese erwartet/benötigt. Zu beachten ist, dass diese üblicherweise vom Zertifikat bestätigt werden müssen (für die alternativen Identitäten des Zertifikats, falls vorhanden, wird eine Auto-Vervollständigung angeboten)</string>
     <string name="profile_dns_servers_label">DNS Server</string>
     <string name="profile_dns_servers_hint">Benutzerdefinierte DNS Server bei Verbindung zum VPN (mit Leerzeichen getrennt, z.B.. \"8.8.8.8 2001:4860:4860::8888\"), standardmässig werden die vom VPN Server erhaltenen Server verwendet</string>
     <string name="profile_mtu_label">MTU des VPN Tunnel-Device</string>
index 90523be..6f4716b 100644 (file)
@@ -73,9 +73,6 @@
     <string name="profile_user_certificate_label">Certyfikat użytkownika</string>
     <string name="profile_user_select_certificate_label">Wybierz certyfikat użytkownika</string>
     <string name="profile_user_select_certificate">>Wybierz określony certyfikat użytkownika</string>
-    <string name="profile_user_select_id_label">User identity</string>
-    <string name="profile_user_select_id_init">Select a certificate first</string>
-    <string name="profile_user_select_id_default">Default (%1$s)</string>
     <string name="profile_ca_label">Certyfikat CA</string>
     <string name="profile_ca_auto_label">Wybierz automatycznie</string>
     <string name="profile_ca_select_certificate_label">Wybierz certyfikat CA</string>
@@ -85,6 +82,9 @@
     <string name="profile_remote_id_label">Server identity</string>
     <string name="profile_remote_id_hint">Defaults to the configured server. Custom values are explicitly sent to the server and enforced during authentication</string>
     <string name="profile_remote_id_hint_gateway">Defaults to \"%1$s\". Custom values are explicitly sent to the server and enforced during authentication</string>
+    <string name="profile_local_id_label">Client identity</string>
+    <string name="profile_local_id_hint_user">Defaults to the configured username. Custom values may be used if expected/required by the server</string>
+    <string name="profile_local_id_hint_cert">Defaults to the certificate\'s subject identity. Custom values may be used if expected/required by the server. Note that these usually must be confirmed by the certificate (auto-completion is provided for the certificate\'s alternative identities, if any)</string>
     <string name="profile_dns_servers_label">DNS servers</string>
     <string name="profile_dns_servers_hint">Custom DNS servers to use when connected to the VPN (separated by spaces, e.g. \"8.8.8.8 2001:4860:4860::8888\"), defaults to those received from the VPN server</string>
     <string name="profile_mtu_label">MTU of the VPN tunnel device</string>
index c6a38de..5def66d 100644 (file)
@@ -70,9 +70,6 @@
     <string name="profile_user_certificate_label">Сертификат пользователя</string>
     <string name="profile_user_select_certificate_label">Выбрать сертификат пользователя</string>
     <string name="profile_user_select_certificate">Выбрать сертификат пользователя</string>
-    <string name="profile_user_select_id_label">User identity</string>
-    <string name="profile_user_select_id_init">Select a certificate first</string>
-    <string name="profile_user_select_id_default">Default (%1$s)</string>
     <string name="profile_ca_label">Сертификат CA</string>
     <string name="profile_ca_auto_label">Выбрать автоматически</string>
     <string name="profile_ca_select_certificate_label">Выбрать сертификат CA</string>
@@ -82,6 +79,9 @@
     <string name="profile_remote_id_label">Server identity</string>
     <string name="profile_remote_id_hint">Defaults to the configured server. Custom values are explicitly sent to the server and enforced during authentication</string>
     <string name="profile_remote_id_hint_gateway">Defaults to \"%1$s\". Custom values are explicitly sent to the server and enforced during authentication</string>
+    <string name="profile_local_id_label">Client identity</string>
+    <string name="profile_local_id_hint_user">Defaults to the configured username. Custom values may be used if expected/required by the server</string>
+    <string name="profile_local_id_hint_cert">Defaults to the certificate\'s subject identity. Custom values may be used if expected/required by the server. Note that these usually must be confirmed by the certificate (auto-completion is provided for the certificate\'s alternative identities, if any)</string>
     <string name="profile_dns_servers_label">DNS servers</string>
     <string name="profile_dns_servers_hint">Custom DNS servers to use when connected to the VPN (separated by spaces, e.g. \"8.8.8.8 2001:4860:4860::8888\"), defaults to those received from the VPN server</string>
     <string name="profile_mtu_label">MTU of the VPN tunnel device</string>
index b133525..4920aa2 100644 (file)
@@ -71,9 +71,6 @@
     <string name="profile_user_certificate_label">Сертифікат користувача</string>
     <string name="profile_user_select_certificate_label">Виберіть сертифікат користувача</string>
     <string name="profile_user_select_certificate">Вибрати спеціальний сертифікат користувача</string>
-    <string name="profile_user_select_id_label">User identity</string>
-    <string name="profile_user_select_id_init">Select a certificate first</string>
-    <string name="profile_user_select_id_default">Default (%1$s)</string>
     <string name="profile_ca_label">Сертифікат CA</string>
     <string name="profile_ca_auto_label">Вибрати автоматично</string>
     <string name="profile_ca_select_certificate_label">Вибрати сертифікат CA</string>
@@ -83,6 +80,9 @@
     <string name="profile_remote_id_label">Server identity</string>
     <string name="profile_remote_id_hint">Defaults to the configured server. Custom values are explicitly sent to the server and enforced during authentication</string>
     <string name="profile_remote_id_hint_gateway">Defaults to \"%1$s\". Custom values are explicitly sent to the server and enforced during authentication</string>
+    <string name="profile_local_id_label">Client identity</string>
+    <string name="profile_local_id_hint_user">Defaults to the configured username. Custom values may be used if expected/required by the server</string>
+    <string name="profile_local_id_hint_cert">Defaults to the certificate\'s subject identity. Custom values may be used if expected/required by the server. Note that these usually must be confirmed by the certificate (auto-completion is provided for the certificate\'s alternative identities, if any)</string>
     <string name="profile_dns_servers_label">DNS servers</string>
     <string name="profile_dns_servers_hint">Custom DNS servers to use when connected to the VPN (separated by spaces, e.g. \"8.8.8.8 2001:4860:4860::8888\"), defaults to those received from the VPN server</string>
     <string name="profile_mtu_label">MTU of the VPN tunnel device</string>
index 3594391..3408f5f 100644 (file)
@@ -70,9 +70,6 @@
     <string name="profile_user_certificate_label">用户证书</string>
     <string name="profile_user_select_certificate_label">选择用户证书</string>
     <string name="profile_user_select_certificate">选择指定的用户证书</string>
-    <string name="profile_user_select_id_label">用户ID</string>
-    <string name="profile_user_select_id_init">首先选择一个证书</string>
-    <string name="profile_user_select_id_default">默认(%1$s)</string>
     <string name="profile_ca_label">CA证书</string>
     <string name="profile_ca_auto_label">自动选择</string>
     <string name="profile_ca_select_certificate_label">选择CA证书</string>
@@ -82,6 +79,9 @@
     <string name="profile_remote_id_label">服务器ID</string>
     <string name="profile_remote_id_hint">默认为已配置的服务器地址。自义定值将在鉴权期间被显式地发送至服务器</string>
     <string name="profile_remote_id_hint_gateway">默认为 \"%1$s\"。自义定值将在鉴权期间被显式地发送至服务器</string>
+    <string name="profile_local_id_label">Client identity</string>
+    <string name="profile_local_id_hint_user">Defaults to the configured username. Custom values may be used if expected/required by the server</string>
+    <string name="profile_local_id_hint_cert">Defaults to the certificate\'s subject identity. Custom values may be used if expected/required by the server. Note that these usually must be confirmed by the certificate (auto-completion is provided for the certificate\'s alternative identities, if any)</string>
     <string name="profile_dns_servers_label">DNS servers</string>
     <string name="profile_dns_servers_hint">Custom DNS servers to use when connected to the VPN (separated by spaces, e.g. \"8.8.8.8 2001:4860:4860::8888\"), defaults to those received from the VPN server</string>
     <string name="profile_mtu_label">VPN隧道设备的MTU值</string>
index 2330283..e3d7f03 100644 (file)
@@ -70,9 +70,6 @@
     <string name="profile_user_certificate_label">用戶憑證</string>
     <string name="profile_user_select_certificate_label">選擇用戶憑證</string>
     <string name="profile_user_select_certificate">選擇指定的用戶憑證</string>
-    <string name="profile_user_select_id_label">用戶帳號</string>
-    <string name="profile_user_select_id_init">請先選擇一個憑證</string>
-    <string name="profile_user_select_id_default">預設(%1$s)</string>
     <string name="profile_ca_label">CA憑證</string>
     <string name="profile_ca_auto_label">自動選擇</string>
     <string name="profile_ca_select_certificate_label">選擇CA憑證</string>
@@ -82,6 +79,9 @@
     <string name="profile_remote_id_label">伺服器ID</string>
     <string name="profile_remote_id_hint">預設為已設定的伺服器位置。自訂值會在授權期間送到伺服器</string>
     <string name="profile_remote_id_hint_gateway">預設為 \"%1$s\"。自訂值會在授權期間送到伺服器</string>
+    <string name="profile_local_id_label">Client identity</string>
+    <string name="profile_local_id_hint_user">Defaults to the configured username. Custom values may be used if expected/required by the server</string>
+    <string name="profile_local_id_hint_cert">Defaults to the certificate\'s subject identity. Custom values may be used if expected/required by the server. Note that these usually must be confirmed by the certificate (auto-completion is provided for the certificate\'s alternative identities, if any)</string>
     <string name="profile_dns_servers_label">DNS servers</string>
     <string name="profile_dns_servers_hint">Custom DNS servers to use when connected to the VPN (separated by spaces, e.g. \"8.8.8.8 2001:4860:4860::8888\"), defaults to those received from the VPN server</string>
     <string name="profile_mtu_label">VPN通道裝置的MTU值</string>
index 2432316..4d9fd87 100644 (file)
@@ -73,9 +73,6 @@
     <string name="profile_user_certificate_label">User certificate</string>
     <string name="profile_user_select_certificate_label">Select user certificate</string>
     <string name="profile_user_select_certificate">Select a specific user certificate</string>
-    <string name="profile_user_select_id_label">User identity</string>
-    <string name="profile_user_select_id_init">Select a certificate first</string>
-    <string name="profile_user_select_id_default">Default (%1$s)</string>
     <string name="profile_ca_label">CA certificate</string>
     <string name="profile_ca_auto_label">Select automatically</string>
     <string name="profile_ca_select_certificate_label">Select CA certificate</string>
@@ -85,6 +82,9 @@
     <string name="profile_remote_id_label">Server identity</string>
     <string name="profile_remote_id_hint">Defaults to the configured server. Custom values are explicitly sent to the server and enforced during authentication</string>
     <string name="profile_remote_id_hint_gateway">Defaults to \"%1$s\". Custom values are explicitly sent to the server and enforced during authentication</string>
+    <string name="profile_local_id_label">Client identity</string>
+    <string name="profile_local_id_hint_user">Defaults to the configured username. Custom values may be used if expected/required by the server</string>
+    <string name="profile_local_id_hint_cert">Defaults to the certificate\'s subject identity. Custom values may be used if expected/required by the server. Note that these usually must be confirmed by the certificate (auto-completion is provided for the certificate\'s alternative identities, if any)</string>
     <string name="profile_dns_servers_label">DNS servers</string>
     <string name="profile_dns_servers_hint">Custom DNS servers to use when connected to the VPN (separated by spaces, e.g. \"8.8.8.8 2001:4860:4860::8888\"), defaults to those received from the VPN server</string>
     <string name="profile_mtu_label">MTU of the VPN tunnel device</string>