android: Add new VpnType to enable BYOD features

2013-06-19 12:41:09 +02:00 · 2013-06-19 12:41:09 +02:00 · 8a5bffb0fe
parent d27f225d9a
commit 8a5bffb0fe
8 changed files with 42 additions and 5 deletions
--- a/src/frontends/android/jni/libandroidbridge/backend/android_service.c
+++ b/src/frontends/android/jni/libandroidbridge/backend/android_service.c
@ -464,13 +464,18 @@ METHOD(listener_t, ike_reestablish, bool,
 }

 static void add_auth_cfg_eap(private_android_service_t *this,
-							 peer_cfg_t *peer_cfg)
+							 peer_cfg_t *peer_cfg, bool byod)
 {
 	identification_t *user;
 	auth_cfg_t *auth;

 	auth = auth_cfg_create();
 	auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_EAP);
+	if (byod)
+	{	/* use EAP-TTLS if BYOD is enabled */
+		auth->add(auth, AUTH_RULE_EAP_TYPE, EAP_TTLS);
+	}
+
 	user = identification_create_from_string(this->username);
 	auth->add(auth, AUTH_RULE_IDENTITY, user);

@ -549,9 +554,10 @@ static job_requeue_t initiate(private_android_service_t *this)
 		}
 	}
 	if (streq("ikev2-eap", this->type) ||
-		streq("ikev2-cert-eap", this->type))
+		streq("ikev2-cert-eap", this->type) ||
+		streq("ikev2-byod-eap", this->type))
 	{
-		add_auth_cfg_eap(this, peer_cfg);
+		add_auth_cfg_eap(this, peer_cfg, strpfx(this->type, "ikev2-byod"));
 	}

 	/* remote auth config */
--- a/src/frontends/android/res/values-de/arrays.xml
+++ b/src/frontends/android/res/values-de/arrays.xml
@ -19,5 +19,6 @@
        <item>IKEv2 EAP (Benutzername/Passwort)</item>
        <item>IKEv2 Zertifikat</item>
        <item>IKEv2 Zertifikat + EAP (Benutzername/Passwort)</item>
+        <item>IKEv2 EAP-TNC (Benutzername/Passwort)</item>
    </string-array>
 </resources>
--- a/src/frontends/android/res/values-pl/arrays.xml
+++ b/src/frontends/android/res/values-pl/arrays.xml
@ -19,5 +19,6 @@
        <item>IKEv2 EAP (użytkownik/hasło)</item>
        <item>IKEv2 certyfikat</item>
        <item>IKEv2 certyfikat + EAP (użytkownik/hasło)</item>
+        <item>IKEv2 EAP-TNC (użytkownik/hasło)</item>
    </string-array>
 </resources>
--- a/src/frontends/android/res/values-ru/arrays.xml
+++ b/src/frontends/android/res/values-ru/arrays.xml
@ -18,5 +18,6 @@
        <item>IKEv2 EAP (Логин/Пароль)</item>
        <item>IKEv2 Сертификат</item>
        <item>IKEv2 Сертификат + EAP (Логин/Пароль)</item>
+        <item>IKEv2 EAP-TNC (Логин/Пароль)</item>
    </string-array>
 </resources>
--- a/src/frontends/android/res/values-ua/arrays.xml
+++ b/src/frontends/android/res/values-ua/arrays.xml
@ -18,5 +18,6 @@
        <item>IKEv2 EAP (Логін/Пароль)</item>
        <item>IKEv2 Сертифікати</item>
        <item>IKEv2 Сертифікати + EAP (Логін/Пароль)</item>
+        <item>IKEv2 EAP-TNC (Логін/Пароль)</item>
    </string-array>
 </resources>
--- a/src/frontends/android/res/values/arrays.xml
+++ b/src/frontends/android/res/values/arrays.xml
@ -19,5 +19,6 @@
        <item>IKEv2 EAP (Username/Password)</item>
        <item>IKEv2 Certificate</item>
        <item>IKEv2 Certificate + EAP (Username/Password)</item>
+        <item>IKEv2 EAP-TNC (Username/Password)</item>
    </string-array>
 </resources>
--- a/src/frontends/android/src/org/strongswan/android/data/VpnType.java
+++ b/src/frontends/android/src/org/strongswan/android/data/VpnType.java
@ -20,11 +20,13 @@ public enum VpnType
 	/* the order here must match the items in R.array.vpn_types */
 	IKEV2_EAP("ikev2-eap", true, false),
 	IKEV2_CERT("ikev2-cert", false, true),
-	IKEV2_CERT_EAP("ikev2-cert-eap", true, true);
+	IKEV2_CERT_EAP("ikev2-cert-eap", true, true),
+	IKEV2_BYOD_EAP("ikev2-byod-eap", true, false, true);

 	private String mIdentifier;
 	private boolean mCertificate;
 	private boolean mUsernamePassword;
+	private boolean mBYOD;

 	/**
 	 * Enum which provides additional information about the supported VPN types.
@ -34,10 +36,24 @@ public enum VpnType
 	 * @param certificate true if a client certificate is required
 	 */
 	VpnType(String id, boolean userpass, boolean certificate)
+	{
+		this(id, userpass, certificate, false);
+	}
+
+	/**
+	 * Enum which provides additional information about the supported VPN types.
+	 *
+	 * @param id identifier used to store and transmit this specific type
+	 * @param userpass true if username and password are required
+	 * @param certificate true if a client certificate is required
+	 * @param byod true to enable BYOD features
+	 */
+	VpnType(String id, boolean userpass, boolean certificate, boolean byod)
 	{
 		mIdentifier = id;
 		mUsernamePassword = userpass;
 		mCertificate = certificate;
+		mBYOD = byod;
 	}

 	/**
@ -69,6 +85,16 @@ public enum VpnType
 		return mCertificate;
 	}

+	/**
+	 * Whether BYOD features should be enabled.
+	 *
+	 * @return true if BYOD features are to be enabled
+	 */
+	public boolean getEnableBYOD()
+	{
+		return mBYOD;
+	}
+
 	/**
 	 * Get the enum entry with the given identifier.
 	 *
--- a/src/frontends/android/src/org/strongswan/android/logic/CharonVpnService.java
+++ b/src/frontends/android/src/org/strongswan/android/logic/CharonVpnService.java
@ -214,7 +214,7 @@ public class CharonVpnService extends VpnService implements Runnable
 						mIsDisconnecting = false;

 						BuilderAdapter builder = new BuilderAdapter(mCurrentProfile.getName());
-						initializeCharon(builder, mLogFile, true);
+						initializeCharon(builder, mLogFile, mCurrentProfile.getVpnType().getEnableBYOD());
 						Log.i(TAG, "charon started");

 						initiate(mCurrentProfile.getVpnType().getIdentifier(),