diff options
| author | Android (Google) Code Review <android-gerrit@google.com> | 2009-09-22 12:02:34 -0400 |
|---|---|---|
| committer | Android (Google) Code Review <android-gerrit@google.com> | 2009-09-22 12:02:34 -0400 |
| commit | cb41032d85e2538c0a0a85f72656891c6203dc9b (patch) | |
| tree | 59ad1772935d4973b083339c67385a52c2709d74 /src/com/android/settings | |
| parent | 8c212ef4cfd911ba80dd256cab7a3f997e2cb8cc (diff) | |
| parent | c00b6561967655cc32a4f920e8bbd68bccdfaf8b (diff) | |
| download | packages_apps_settings-cb41032d85e2538c0a0a85f72656891c6203dc9b.zip packages_apps_settings-cb41032d85e2538c0a0a85f72656891c6203dc9b.tar.gz packages_apps_settings-cb41032d85e2538c0a0a85f72656891c6203dc9b.tar.bz2 | |
Merge change 26186 into eclair
* changes:
Settings: revise VpnSettings.
Diffstat (limited to 'src/com/android/settings')
| -rw-r--r-- | src/com/android/settings/vpn/L2tpIpsecEditor.java | 9 | ||||
| -rw-r--r-- | src/com/android/settings/vpn/VpnSettings.java | 122 |
2 files changed, 56 insertions, 75 deletions
diff --git a/src/com/android/settings/vpn/L2tpIpsecEditor.java b/src/com/android/settings/vpn/L2tpIpsecEditor.java index b14feb3..276ee2f 100644 --- a/src/com/android/settings/vpn/L2tpIpsecEditor.java +++ b/src/com/android/settings/vpn/L2tpIpsecEditor.java @@ -24,7 +24,8 @@ import android.preference.EditTextPreference; import android.preference.ListPreference; import android.preference.Preference; import android.preference.PreferenceGroup; -import android.security.CertTool; +import android.security.Credentials; +import android.security.KeyStore; import android.text.TextUtils; /** @@ -33,6 +34,8 @@ import android.text.TextUtils; class L2tpIpsecEditor extends L2tpEditor { private static final String TAG = L2tpIpsecEditor.class.getSimpleName(); + private KeyStore mKeyStore = KeyStore.getInstance(); + private ListPreference mUserCertificate; private ListPreference mCaCertificate; @@ -67,7 +70,7 @@ class L2tpIpsecEditor extends L2tpEditor { mUserCertificate = createListPreference(c, R.string.vpn_user_certificate_title, mProfile.getUserCertificate(), - CertTool.getInstance().getAllUserCertificateKeys(), + mKeyStore.saw(Credentials.USER_CERTIFICATE), new Preference.OnPreferenceChangeListener() { public boolean onPreferenceChange( Preference pref, Object newValue) { @@ -86,7 +89,7 @@ class L2tpIpsecEditor extends L2tpEditor { mCaCertificate = createListPreference(c, R.string.vpn_ca_certificate_title, mProfile.getCaCertificate(), - CertTool.getInstance().getAllCaCertificateKeys(), + mKeyStore.saw(Credentials.CA_CERTIFICATE), new Preference.OnPreferenceChangeListener() { public boolean onPreferenceChange( Preference pref, Object newValue) { diff --git a/src/com/android/settings/vpn/VpnSettings.java b/src/com/android/settings/vpn/VpnSettings.java index eea0aca..d0c6a89 100644 --- a/src/com/android/settings/vpn/VpnSettings.java +++ b/src/com/android/settings/vpn/VpnSettings.java @@ -47,8 +47,8 @@ import android.preference.PreferenceCategory; import android.preference.PreferenceManager; import android.preference.PreferenceScreen; import android.preference.Preference.OnPreferenceClickListener; -import android.security.CertTool; -import android.security.Keystore; +import android.security.Credentials; +import android.security.KeyStore; import android.text.TextUtils; import android.util.Log; import android.view.ContextMenu; @@ -109,9 +109,8 @@ public class VpnSettings extends PreferenceActivity implements private static final int NO_ERROR = VpnManager.VPN_ERROR_NO_ERROR; - private static final String NAMESPACE_VPN = "vpn"; - private static final String KEY_PREFIX_IPSEC_PSK = "ipsk000"; - private static final String KEY_PREFIX_L2TP_SECRET = "lscrt000"; + private static final String KEY_PREFIX_IPSEC_PSK = Credentials.VPN + 'i'; + private static final String KEY_PREFIX_L2TP_SECRET = Credentials.VPN + 'l'; private PreferenceScreen mAddVpn; private PreferenceCategory mVpnListContainer; @@ -129,6 +128,8 @@ public class VpnSettings extends PreferenceActivity implements // states saved for unlocking keystore private Runnable mUnlockAction; + private KeyStore mKeyStore = KeyStore.getInstance(); + private VpnManager mVpnManager = new VpnManager(this); private ConnectivityReceiver mConnectivityReceiver = @@ -172,7 +173,7 @@ public class VpnSettings extends PreferenceActivity implements public void onResume() { super.onResume(); - if ((mUnlockAction != null) && isKeystoreUnlocked()) { + if ((mUnlockAction != null) && isKeyStoreUnlocked()) { Runnable action = mUnlockAction; mUnlockAction = null; runOnUiThread(action); @@ -402,13 +403,13 @@ public class VpnSettings extends PreferenceActivity implements return; } - if (needKeystoreToSave(p)) { + if (needKeyStoreToSave(p)) { Runnable action = new Runnable() { public void run() { onActivityResult(requestCode, resultCode, data); } }; - if (!unlockKeystore(p, action)) return; + if (!unlockKeyStore(p, action)) return; } try { @@ -610,22 +611,26 @@ public class VpnSettings extends PreferenceActivity implements startActivityForResult(intent, REQUEST_SELECT_VPN_TYPE); } - private boolean isKeystoreUnlocked() { - return (Keystore.getInstance().getState() == Keystore.UNLOCKED); + private boolean isKeyStoreUnlocked() { + return mKeyStore.test() == KeyStore.NO_ERROR; } - // Returns true if the profile needs to access keystore - private boolean needKeystoreToSave(VpnProfile p) { - return needKeystoreToConnect(p); - } - - // Returns true if the profile needs to access keystore - private boolean needKeystoreToEdit(VpnProfile p) { + private boolean needKeyStoreToSave(VpnProfile p) { switch (p.getType()) { - case L2TP_IPSEC: case L2TP_IPSEC_PSK: - return true; + L2tpIpsecPskProfile pskProfile = (L2tpIpsecPskProfile) p; + String presharedKey = pskProfile.getPresharedKey(); + if (!TextUtils.isEmpty(presharedKey)) return true; + // pass through + + case L2TP: + L2tpProfile l2tpProfile = (L2tpProfile) p; + if (l2tpProfile.isSecretEnabled() && + !TextUtils.isEmpty(l2tpProfile.getSecretString())) { + return true; + } + // pass through default: return false; @@ -633,7 +638,7 @@ public class VpnSettings extends PreferenceActivity implements } // Returns true if the profile needs to access keystore - private boolean needKeystoreToConnect(VpnProfile p) { + private boolean needKeyStoreToConnect(VpnProfile p) { switch (p.getType()) { case L2TP_IPSEC: case L2TP_IPSEC_PSK: @@ -648,37 +653,27 @@ public class VpnSettings extends PreferenceActivity implements } // Returns true if keystore is unlocked or keystore is not a concern - private boolean unlockKeystore(VpnProfile p, Runnable action) { - if (isKeystoreUnlocked()) return true; + private boolean unlockKeyStore(VpnProfile p, Runnable action) { + if (isKeyStoreUnlocked()) return true; mUnlockAction = action; - startActivity( - new Intent(Keystore.ACTION_UNLOCK_CREDENTIAL_STORAGE)); + Credentials.getInstance().unlock(this); return false; } private void startVpnEditor(final VpnProfile profile) { - if (needKeystoreToEdit(profile)) { - Runnable action = new Runnable() { - public void run() { - startVpnEditor(profile); - } - }; - if (!unlockKeystore(profile, action)) return; - } - Intent intent = new Intent(this, VpnEditor.class); intent.putExtra(KEY_VPN_PROFILE, (Parcelable) profile); startActivityForResult(intent, REQUEST_ADD_OR_EDIT_PROFILE); } private synchronized void connect(final VpnProfile p) { - if (needKeystoreToConnect(p)) { + if (needKeyStoreToConnect(p)) { Runnable action = new Runnable() { public void run() { connect(p); } }; - if (!unlockKeystore(p, action)) return; + if (!unlockKeyStore(p, action)) return; } if (!checkSecrets(p)) return; @@ -888,43 +883,32 @@ public class VpnSettings extends PreferenceActivity implements return mVpnManager.createVpnProfile(Enum.valueOf(VpnType.class, type)); } - private String keyNameForDaemon(String keyName) { - return NAMESPACE_VPN + "_" + keyName; - } - private boolean checkSecrets(VpnProfile p) { - Keystore ks = Keystore.getInstance(); - HashSet<String> secretSet = new HashSet<String>(); boolean secretMissing = false; if (p instanceof L2tpIpsecProfile) { L2tpIpsecProfile certProfile = (L2tpIpsecProfile) p; - CertTool certTool = CertTool.getInstance(); - Collections.addAll(secretSet, certTool.getAllCaCertificateKeys()); + String cert = certProfile.getCaCertificate(); - if (TextUtils.isEmpty(cert) || !secretSet.contains(cert)) { + if (TextUtils.isEmpty(cert) || + !mKeyStore.contains(Credentials.CA_CERTIFICATE + cert)) { certProfile.setCaCertificate(null); secretMissing = true; } - secretSet.clear(); - Collections.addAll(secretSet, certTool.getAllUserCertificateKeys()); cert = certProfile.getUserCertificate(); - if (TextUtils.isEmpty(cert) || !secretSet.contains(cert)) { + if (TextUtils.isEmpty(cert) || + !mKeyStore.contains(Credentials.USER_CERTIFICATE + cert)) { certProfile.setUserCertificate(null); secretMissing = true; } } - secretSet.clear(); - Collections.addAll(secretSet, ks.listKeys(NAMESPACE_VPN)); - if (p instanceof L2tpIpsecPskProfile) { L2tpIpsecPskProfile pskProfile = (L2tpIpsecPskProfile) p; String presharedKey = pskProfile.getPresharedKey(); - String keyName = KEY_PREFIX_IPSEC_PSK + p.getId(); - if (TextUtils.isEmpty(presharedKey) - || !secretSet.contains(keyName)) { + String key = KEY_PREFIX_IPSEC_PSK + p.getId(); + if (TextUtils.isEmpty(presharedKey) || !mKeyStore.contains(key)) { pskProfile.setPresharedKey(null); secretMissing = true; } @@ -934,9 +918,8 @@ public class VpnSettings extends PreferenceActivity implements L2tpProfile l2tpProfile = (L2tpProfile) p; if (l2tpProfile.isSecretEnabled()) { String secret = l2tpProfile.getSecretString(); - String keyName = KEY_PREFIX_L2TP_SECRET + p.getId(); - if (TextUtils.isEmpty(secret) - || !secretSet.contains(keyName)) { + String key = KEY_PREFIX_L2TP_SECRET + p.getId(); + if (TextUtils.isEmpty(secret) || !mKeyStore.contains(key)) { l2tpProfile.setSecretString(null); secretMissing = true; } @@ -953,35 +936,30 @@ public class VpnSettings extends PreferenceActivity implements } private void processSecrets(VpnProfile p) { - Keystore ks = Keystore.getInstance(); switch (p.getType()) { case L2TP_IPSEC_PSK: L2tpIpsecPskProfile pskProfile = (L2tpIpsecPskProfile) p; String presharedKey = pskProfile.getPresharedKey(); - String keyName = KEY_PREFIX_IPSEC_PSK + p.getId(); - if (!TextUtils.isEmpty(presharedKey)) { - int ret = ks.put(NAMESPACE_VPN, keyName, presharedKey); - if (ret != 0) { - Log.e(TAG, "keystore write failed: key=" + keyName); - } + String key = KEY_PREFIX_IPSEC_PSK + p.getId(); + if (!TextUtils.isEmpty(presharedKey) && + !mKeyStore.put(key, presharedKey)) { + Log.e(TAG, "keystore write failed: key=" + key); } - pskProfile.setPresharedKey(keyNameForDaemon(keyName)); + pskProfile.setPresharedKey(key); // pass through case L2TP: L2tpProfile l2tpProfile = (L2tpProfile) p; - keyName = KEY_PREFIX_L2TP_SECRET + p.getId(); + key = KEY_PREFIX_L2TP_SECRET + p.getId(); if (l2tpProfile.isSecretEnabled()) { String secret = l2tpProfile.getSecretString(); - if (!TextUtils.isEmpty(secret)) { - int ret = ks.put(NAMESPACE_VPN, keyName, secret); - if (ret != 0) { - Log.e(TAG, "keystore write failed: key=" + keyName); - } + if (!TextUtils.isEmpty(secret) && + !mKeyStore.put(key, secret)) { + Log.e(TAG, "keystore write failed: key=" + key); } - l2tpProfile.setSecretString(keyNameForDaemon(keyName)); + l2tpProfile.setSecretString(key); } else { - ks.remove(NAMESPACE_VPN, keyName); + mKeyStore.delete(key); } break; } |