am 325c912a: Merge "VpnSettings: add support for server certificates." into ics-mr1

* commit '325c912ae64e9559cf2e84d5c94d81a0e8a15c48':
  VpnSettings: add support for server certificates.

3 files changed, 26 insertions, 10 deletions

diff --git a/src/com/android/settings/vpn2/VpnDialog.java b/src/com/android/settings/vpn2/VpnDialog.java
index 604c8ba..6703187 100644
--- a/src/com/android/settings/vpn2/VpnDialog.java
+++ b/src/com/android/settings/vpn2/VpnDialog.java
@@ -61,6 +61,7 @@ class VpnDialog extends AlertDialog implements TextWatcher,
     private TextView mIpsecSecret;
     private Spinner mIpsecUserCert;
     private Spinner mIpsecCaCert;
+    private Spinner mIpsecServerCert;
     private CheckBox mSaveLogin;
 
     VpnDialog(Context context, DialogInterface.OnClickListener listener,
@@ -94,6 +95,7 @@ class VpnDialog extends AlertDialog implements TextWatcher,
         mIpsecSecret = (TextView) mView.findViewById(R.id.ipsec_secret);
         mIpsecUserCert = (Spinner) mView.findViewById(R.id.ipsec_user_cert);
         mIpsecCaCert = (Spinner) mView.findViewById(R.id.ipsec_ca_cert);
+        mIpsecServerCert = (Spinner) mView.findViewById(R.id.ipsec_server_cert);
         mSaveLogin = (CheckBox) mView.findViewById(R.id.save_login);
 
         // Second, copy values from the profile.
@@ -115,6 +117,8 @@ class VpnDialog extends AlertDialog implements TextWatcher,
                 0, mProfile.ipsecUserCert);
         loadCertificates(mIpsecCaCert, Credentials.CA_CERTIFICATE,
                 R.string.vpn_no_ca_cert, mProfile.ipsecCaCert);
+        loadCertificates(mIpsecServerCert, Credentials.USER_CERTIFICATE,
+                R.string.vpn_no_server_cert, mProfile.ipsecServerCert);
         mSaveLogin.setChecked(mProfile.saveLogin);
 
         // Third, add listeners to required fields.
@@ -217,7 +221,7 @@ class VpnDialog extends AlertDialog implements TextWatcher,
         mView.findViewById(R.id.l2tp).setVisibility(View.GONE);
         mView.findViewById(R.id.ipsec_psk).setVisibility(View.GONE);
         mView.findViewById(R.id.ipsec_user).setVisibility(View.GONE);
-        mView.findViewById(R.id.ipsec_ca).setVisibility(View.GONE);
+        mView.findViewById(R.id.ipsec_peer).setVisibility(View.GONE);
 
         // Then, unhide type-specific fields.
         switch (type) {
@@ -239,7 +243,7 @@ class VpnDialog extends AlertDialog implements TextWatcher,
                 mView.findViewById(R.id.ipsec_user).setVisibility(View.VISIBLE);
                 // fall through
             case VpnProfile.TYPE_IPSEC_HYBRID_RSA:
-                mView.findViewById(R.id.ipsec_ca).setVisibility(View.VISIBLE);
+                mView.findViewById(R.id.ipsec_peer).setVisibility(View.VISIBLE);
                 break;
         }
     }
@@ -365,6 +369,9 @@ class VpnDialog extends AlertDialog implements TextWatcher,
                 if (mIpsecCaCert.getSelectedItemPosition() != 0) {
                     profile.ipsecCaCert = (String) mIpsecCaCert.getSelectedItem();
                 }
+                if (mIpsecServerCert.getSelectedItemPosition() != 0) {
+                    profile.ipsecServerCert = (String) mIpsecServerCert.getSelectedItem();
+                }
                 break;
         }
 
diff --git a/src/com/android/settings/vpn2/VpnProfile.java b/src/com/android/settings/vpn2/VpnProfile.java
index 3ee3af0..d4d0e79 100644
--- a/src/com/android/settings/vpn2/VpnProfile.java
+++ b/src/com/android/settings/vpn2/VpnProfile.java
@@ -51,6 +51,7 @@ class VpnProfile implements Cloneable {
     String ipsecSecret = "";    // 11
     String ipsecUserCert = "";  // 12
     String ipsecCaCert = "";    // 13
+    String ipsecServerCert = "";// 14
 
     // Helper fields.
     boolean saveLogin = false;
@@ -66,8 +67,8 @@ class VpnProfile implements Cloneable {
             }
 
             String[] values = new String(value, Charsets.UTF_8).split("\0", -1);
-            // Currently it always has 14 fields.
-            if (values.length < 14) {
+            // There can be 14 or 15 values in ICS MR1.
+            if (values.length < 14 || values.length > 15) {
                 return null;
             }
 
@@ -89,6 +90,7 @@ class VpnProfile implements Cloneable {
             profile.ipsecSecret = values[11];
             profile.ipsecUserCert = values[12];
             profile.ipsecCaCert = values[13];
+            profile.ipsecServerCert = (values.length > 14) ? values[14] : "";
 
             profile.saveLogin = !profile.username.isEmpty() || !profile.password.isEmpty();
             return profile;
@@ -113,6 +115,7 @@ class VpnProfile implements Cloneable {
         builder.append('\0').append(ipsecSecret);
         builder.append('\0').append(ipsecUserCert);
         builder.append('\0').append(ipsecCaCert);
+        builder.append('\0').append(ipsecServerCert);
         return builder.toString().getBytes(Charsets.UTF_8);
     }
 }
diff --git a/src/com/android/settings/vpn2/VpnSettings.java b/src/com/android/settings/vpn2/VpnSettings.java
index 0197333..655306a 100644
--- a/src/com/android/settings/vpn2/VpnSettings.java
+++ b/src/com/android/settings/vpn2/VpnSettings.java
@@ -354,6 +354,7 @@ public class VpnSettings extends SettingsPreferenceFragment implements
         String privateKey = "";
         String userCert = "";
         String caCert = "";
+        String serverCert = "";
         if (!profile.ipsecUserCert.isEmpty()) {
             byte[] value = mKeyStore.get(Credentials.USER_PRIVATE_KEY + profile.ipsecUserCert);
             privateKey = (value == null) ? null : new String(value, Charsets.UTF_8);
@@ -364,7 +365,11 @@ public class VpnSettings extends SettingsPreferenceFragment implements
             byte[] value = mKeyStore.get(Credentials.CA_CERTIFICATE + profile.ipsecCaCert);
             caCert = (value == null) ? null : new String(value, Charsets.UTF_8);
         }
-        if (privateKey == null || userCert == null || caCert == null) {
+        if (!profile.ipsecServerCert.isEmpty()) {
+            byte[] value = mKeyStore.get(Credentials.USER_CERTIFICATE + profile.ipsecServerCert);
+            serverCert = (value == null) ? null : new String(value, Charsets.UTF_8);
+        }
+        if (privateKey == null || userCert == null || caCert == null || serverCert == null) {
             // TODO: find out a proper way to handle this. Delete these keys?
             throw new IllegalStateException("Cannot load credentials");
         }
@@ -380,7 +385,8 @@ public class VpnSettings extends SettingsPreferenceFragment implements
                 break;
             case VpnProfile.TYPE_L2TP_IPSEC_RSA:
                 racoon = new String[] {
-                    interfaze, profile.server, "udprsa", privateKey, userCert, caCert, "1701",
+                    interfaze, profile.server, "udprsa", privateKey, userCert,
+                    caCert, serverCert, "1701",
                 };
                 break;
             case VpnProfile.TYPE_IPSEC_XAUTH_PSK:
@@ -391,14 +397,14 @@ public class VpnSettings extends SettingsPreferenceFragment implements
                 break;
             case VpnProfile.TYPE_IPSEC_XAUTH_RSA:
                 racoon = new String[] {
-                    interfaze, profile.server, "xauthrsa", privateKey, userCert, caCert,
-                    profile.username, profile.password, "", gateway,
+                    interfaze, profile.server, "xauthrsa", privateKey, userCert,
+                    caCert, serverCert, profile.username, profile.password, "", gateway,
                 };
                 break;
             case VpnProfile.TYPE_IPSEC_HYBRID_RSA:
                 racoon = new String[] {
-                    interfaze, profile.server, "hybridrsa", caCert,
-                    profile.username, profile.password, "", gateway,
+                    interfaze, profile.server, "hybridrsa",
+                    caCert, serverCert, profile.username, profile.password, "", gateway,
                 };
                 break;
         }