android: Native parts handle ikev2-cert VPN type
authorTobias Brunner <tobias@strongswan.org>
Tue, 28 Aug 2012 15:11:55 +0000 (17:11 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 31 Aug 2012 16:24:46 +0000 (18:24 +0200)
src/frontends/android/jni/libandroidbridge/backend/android_service.c
src/frontends/android/jni/libandroidbridge/backend/android_service.h
src/frontends/android/jni/libandroidbridge/charonservice.c

index dfc0d23..29b6d45 100644 (file)
@@ -44,11 +44,21 @@ struct private_android_service_t {
        android_service_t public;
 
        /**
+        * credential set
+        */
+       android_creds_t *creds;
+
+       /**
         * current IKE_SA
         */
        ike_sa_t *ike_sa;
 
        /**
+        * the type of VPN
+        */
+       char *type;
+
+       /**
         * local ipv4 address
         */
        char *local_address;
@@ -64,6 +74,11 @@ struct private_android_service_t {
        char *username;
 
        /**
+        * password
+        */
+       char *password;
+
+       /**
         * lock to safely access the TUN device fd
         */
        rwlock_t *lock;
@@ -430,12 +445,42 @@ static job_requeue_t initiate(private_android_service_t *this)
                                                           host_create_from_string("0.0.0.0", 0) /* virt */,
                                                           NULL, FALSE, NULL, NULL); /* pool, mediation */
 
+       /* local auth config */
+       if (streq("ikev2-eap", this->type))
+       {
+               auth = auth_cfg_create();
+               auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_EAP);
+               user = identification_create_from_string(this->username);
+               auth->add(auth, AUTH_RULE_IDENTITY, user);
+
+               this->creds->add_username_password(this->creds, this->username,
+                                                                                  this->password);
+               memwipe(this->password, strlen(this->password));
+               peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE);
+       }
+       else if (streq("ikev2-cert", this->type))
+       {
+               certificate_t *cert;
+               identification_t *id;
 
-       auth = auth_cfg_create();
-       auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_EAP);
-       user = identification_create_from_string(this->username);
-       auth->add(auth, AUTH_RULE_IDENTITY, user);
-       peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE);
+               cert = this->creds->load_user_certificate(this->creds);
+               if (!cert)
+               {
+                       peer_cfg->destroy(peer_cfg);
+                       charonservice->update_status(charonservice,
+                                                                                CHARONSERVICE_GENERIC_ERROR);
+                       return JOB_REQUEUE_NONE;
+
+               }
+               auth = auth_cfg_create();
+               auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
+               auth->add(auth, AUTH_RULE_SUBJECT_CERT, cert);
+               id = cert->get_subject(cert);
+               auth->add(auth, AUTH_RULE_IDENTITY, id->clone(id));
+               peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE);
+       }
+
+       /* remote auth config */
        auth = auth_cfg_create();
        auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY);
        gateway = identification_create_from_string(this->gateway);
@@ -492,17 +537,24 @@ METHOD(android_service_t, destroy, void,
        /* make sure the tun device is actually closed */
        close_tun_device(this);
        this->lock->destroy(this->lock);
+       free(this->type);
        free(this->local_address);
-       free(this->username);
        free(this->gateway);
+       free(this->username);
+       if (this->password)
+       {
+               memwipe(this->password, strlen(this->password));
+               free(this->password);
+       }
        free(this);
 }
 
 /**
  * See header
  */
-android_service_t *android_service_create(char *local_address, char *gateway,
-                                                                                 char *username)
+android_service_t *android_service_create(android_creds_t *creds, char *type,
+                                                                                 char *local_address, char *gateway,
+                                                                                 char *username, char *password)
 {
        private_android_service_t *this;
 
@@ -520,7 +572,10 @@ android_service_t *android_service_create(char *local_address, char *gateway,
                .lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
                .local_address = local_address,
                .username = username,
+               .password = password,
                .gateway = gateway,
+               .creds = creds,
+               .type = type,
                .tunfd = -1,
        );
 
index a7bd8b0..52c3dc5 100644 (file)
@@ -51,11 +51,15 @@ struct android_service_t {
  * Create an Android service instance. Queues a job that starts initiation of a
  * new IKE SA.
  *
+ * @param creds                                        Android specific credential set
+ * @param type                                 VPN type (see VpnType.java)
  * @param local_address                        local ip address
  * @param gateway                              gateway address
  * @param username                             user name (local identity)
+ * @param password                             password (if any)
  */
-android_service_t *android_service_create(char *local_address, char *gateway,
-                                                                                 char *username);
+android_service_t *android_service_create(android_creds_t *creds, char *type,
+                                                                                 char *local_address, char *gateway,
+                                                                                 char *username, char *password);
 
 #endif /** ANDROID_SERVICE_H_ @}*/
index 8d07dd5..59ec62f 100644 (file)
@@ -310,13 +310,9 @@ static void initiate(char *type, char *local, char *gateway,
        private_charonservice_t *this = (private_charonservice_t*)charonservice;
 
        this->creds->clear(this->creds);
-       this->creds->add_username_password(this->creds, username, password);
-       memwipe(password, strlen(password));
-       free(password);
-
        DESTROY_IF(this->service);
-       this->service = android_service_create(local, gateway, username);
-       free(type);
+       this->service = android_service_create(this->creds, type, local, gateway,
+                                                                                  username, password);
 }
 
 /**