Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9778c788 authored by nharold's avatar nharold Committed by Gerrit Code Review
Browse files

Merge changes from topic "ipsec-svc-cleanup"

* changes:
  Split IpSecServiceTest to add IPv6 Tests
  Add equals() for IpSecAlgorithm and IpSecConfig
  Input Validation for IpSecService
parents cfe51aab 2e9a5200
Loading
Loading
Loading
Loading
+10 −7
Original line number Original line Diff line number Diff line
@@ -24,6 +24,7 @@ import com.android.internal.util.HexDump;


import java.lang.annotation.Retention;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.RetentionPolicy;
import java.util.Arrays;


/**
/**
 * IpSecAlgorithm specifies a single algorithm that can be applied to an IpSec Transform. Refer to
 * IpSecAlgorithm specifies a single algorithm that can be applied to an IpSec Transform. Refer to
@@ -75,13 +76,7 @@ public final class IpSecAlgorithm implements Parcelable {
    public static final String AUTH_HMAC_SHA512 = "hmac(sha512)";
    public static final String AUTH_HMAC_SHA512 = "hmac(sha512)";


    /** @hide */
    /** @hide */
    @StringDef({
    @StringDef({CRYPT_AES_CBC, AUTH_HMAC_MD5, AUTH_HMAC_SHA1, AUTH_HMAC_SHA256, AUTH_HMAC_SHA512})
        CRYPT_AES_CBC,
        AUTH_HMAC_MD5,
        AUTH_HMAC_SHA1,
        AUTH_HMAC_SHA256,
        AUTH_HMAC_SHA512
    })
    @Retention(RetentionPolicy.SOURCE)
    @Retention(RetentionPolicy.SOURCE)
    public @interface AlgorithmName {}
    public @interface AlgorithmName {}


@@ -197,4 +192,12 @@ public final class IpSecAlgorithm implements Parcelable {
                .append("}")
                .append("}")
                .toString();
                .toString();
    }
    }

    /** package */
    static boolean equals(IpSecAlgorithm lhs, IpSecAlgorithm rhs) {
        if (lhs == null || rhs == null) return (lhs == rhs);
        return (lhs.mName.equals(rhs.mName)
                && Arrays.equals(lhs.mKey, rhs.mKey)
                && lhs.mTruncLenBits == rhs.mTruncLenBits);
    }
};
};
+172 −101
Original line number Original line Diff line number Diff line
@@ -17,105 +17,170 @@ package android.net;


import android.os.Parcel;
import android.os.Parcel;
import android.os.Parcelable;
import android.os.Parcelable;
import android.util.Log;

import java.net.InetAddress;
import com.android.internal.annotations.VisibleForTesting;
import java.net.UnknownHostException;


/** @hide */
/** @hide */
public final class IpSecConfig implements Parcelable {
public final class IpSecConfig implements Parcelable {
    private static final String TAG = "IpSecConfig";
    private static final String TAG = "IpSecConfig";


    // MODE_TRANSPORT or MODE_TUNNEL
    // MODE_TRANSPORT or MODE_TUNNEL
    int mode;
    private int mMode = IpSecTransform.MODE_TRANSPORT;


    // For tunnel mode
    // Needs to be valid only for tunnel mode
    InetAddress localAddress;
    // Preventing this from being null simplifies Java->Native binder
    private String mLocalAddress = "";


    InetAddress remoteAddress;
    // Preventing this from being null simplifies Java->Native binder
    private String mRemoteAddress = "";


    // Limit selection by network interface
    // The underlying network interface that represents the "gateway" Network
    Network network;
    // for outbound packets. It may also be used to select packets.
    private Network mNetwork;


    public static class Flow {
    public static class Flow {
        // Minimum requirements for identifying a transform
        // Minimum requirements for identifying a transform
        // SPI identifying the IPsec flow in packet processing
        // SPI identifying the IPsec flow in packet processing
        // and a remote IP address
        // and a remote IP address
        int spiResourceId;
        private int mSpiResourceId = IpSecManager.INVALID_RESOURCE_ID;


        // Encryption Algorithm
        // Encryption Algorithm
        IpSecAlgorithm encryption;
        private IpSecAlgorithm mEncryption;


        // Authentication Algorithm
        // Authentication Algorithm
        IpSecAlgorithm authentication;
        private IpSecAlgorithm mAuthentication;


        @Override
        @Override
        public String toString() {
        public String toString() {
            return new StringBuilder()
            return new StringBuilder()
                    .append("{spiResourceId=")
                    .append("{mSpiResourceId=")
                    .append(spiResourceId)
                    .append(mSpiResourceId)
                    .append(", encryption=")
                    .append(", mEncryption=")
                    .append(encryption)
                    .append(mEncryption)
                    .append(", authentication=")
                    .append(", mAuthentication=")
                    .append(authentication)
                    .append(mAuthentication)
                    .append("}")
                    .append("}")
                    .toString();
                    .toString();
        }
        }

        static boolean equals(IpSecConfig.Flow lhs, IpSecConfig.Flow rhs) {
            if (lhs == null || rhs == null) return (lhs == rhs);
            return (lhs.mSpiResourceId == rhs.mSpiResourceId
                    && IpSecAlgorithm.equals(lhs.mEncryption, rhs.mEncryption)
                    && IpSecAlgorithm.equals(lhs.mAuthentication, rhs.mAuthentication));
        }
    }
    }


    final Flow[] flow = new Flow[] {new Flow(), new Flow()};
    private final Flow[] mFlow = new Flow[] {new Flow(), new Flow()};


    // For tunnel mode IPv4 UDP Encapsulation
    // For tunnel mode IPv4 UDP Encapsulation
    // IpSecTransform#ENCAP_ESP_*, such as ENCAP_ESP_OVER_UDP_IKE
    // IpSecTransform#ENCAP_ESP_*, such as ENCAP_ESP_OVER_UDP_IKE
    int encapType;
    private int mEncapType = IpSecTransform.ENCAP_NONE;
    int encapLocalPortResourceId;
    private int mEncapSocketResourceId = IpSecManager.INVALID_RESOURCE_ID;
    int encapRemotePort;
    private int mEncapRemotePort;


    // An interval, in seconds between the NattKeepalive packets
    // An interval, in seconds between the NattKeepalive packets
    int nattKeepaliveInterval;
    private int mNattKeepaliveInterval;

    /** Set the mode for this IPsec transform */
    public void setMode(int mode) {
        mMode = mode;
    }

    /** Set the local IP address for Tunnel mode */
    public void setLocalAddress(String localAddress) {
        if (localAddress == null) {
            throw new IllegalArgumentException("localAddress may not be null!");
        }
        mLocalAddress = localAddress;
    }

    /** Set the remote IP address for this IPsec transform */
    public void setRemoteAddress(String remoteAddress) {
        if (remoteAddress == null) {
            throw new IllegalArgumentException("remoteAddress may not be null!");
        }
        mRemoteAddress = remoteAddress;
    }

    /** Set the SPI for a given direction by resource ID */
    public void setSpiResourceId(int direction, int resourceId) {
        mFlow[direction].mSpiResourceId = resourceId;
    }

    /** Set the encryption algorithm for a given direction */
    public void setEncryption(int direction, IpSecAlgorithm encryption) {
        mFlow[direction].mEncryption = encryption;
    }

    /** Set the authentication algorithm for a given direction */
    public void setAuthentication(int direction, IpSecAlgorithm authentication) {
        mFlow[direction].mAuthentication = authentication;
    }

    public void setNetwork(Network network) {
        mNetwork = network;
    }

    public void setEncapType(int encapType) {
        mEncapType = encapType;
    }

    public void setEncapSocketResourceId(int resourceId) {
        mEncapSocketResourceId = resourceId;
    }

    public void setEncapRemotePort(int port) {
        mEncapRemotePort = port;
    }

    public void setNattKeepaliveInterval(int interval) {
        mNattKeepaliveInterval = interval;
    }


    // Transport or Tunnel
    // Transport or Tunnel
    public int getMode() {
    public int getMode() {
        return mode;
        return mMode;
    }
    }


    public InetAddress getLocalAddress() {
    public String getLocalAddress() {
        return localAddress;
        return mLocalAddress;
    }
    }


    public int getSpiResourceId(int direction) {
    public int getSpiResourceId(int direction) {
        return flow[direction].spiResourceId;
        return mFlow[direction].mSpiResourceId;
    }
    }


    public InetAddress getRemoteAddress() {
    public String getRemoteAddress() {
        return remoteAddress;
        return mRemoteAddress;
    }
    }


    public IpSecAlgorithm getEncryption(int direction) {
    public IpSecAlgorithm getEncryption(int direction) {
        return flow[direction].encryption;
        return mFlow[direction].mEncryption;
    }
    }


    public IpSecAlgorithm getAuthentication(int direction) {
    public IpSecAlgorithm getAuthentication(int direction) {
        return flow[direction].authentication;
        return mFlow[direction].mAuthentication;
    }
    }


    public Network getNetwork() {
    public Network getNetwork() {
        return network;
        return mNetwork;
    }
    }


    public int getEncapType() {
    public int getEncapType() {
        return encapType;
        return mEncapType;
    }
    }


    public int getEncapLocalResourceId() {
    public int getEncapSocketResourceId() {
        return encapLocalPortResourceId;
        return mEncapSocketResourceId;
    }
    }


    public int getEncapRemotePort() {
    public int getEncapRemotePort() {
        return encapRemotePort;
        return mEncapRemotePort;
    }
    }


    public int getNattKeepaliveInterval() {
    public int getNattKeepaliveInterval() {
        return nattKeepaliveInterval;
        return mNattKeepaliveInterval;
    }
    }


    // Parcelable Methods
    // Parcelable Methods
@@ -127,82 +192,70 @@ public final class IpSecConfig implements Parcelable {


    @Override
    @Override
    public void writeToParcel(Parcel out, int flags) {
    public void writeToParcel(Parcel out, int flags) {
        // TODO: Use a byte array or other better method for storing IPs that can also include scope
        out.writeInt(mMode);
        out.writeString((localAddress != null) ? localAddress.getHostAddress() : null);
        out.writeString(mLocalAddress);
        // TODO: Use a byte array or other better method for storing IPs that can also include scope
        out.writeString(mRemoteAddress);
        out.writeString((remoteAddress != null) ? remoteAddress.getHostAddress() : null);
        out.writeParcelable(mNetwork, flags);
        out.writeParcelable(network, flags);
        out.writeInt(mFlow[IpSecTransform.DIRECTION_IN].mSpiResourceId);
        out.writeInt(flow[IpSecTransform.DIRECTION_IN].spiResourceId);
        out.writeParcelable(mFlow[IpSecTransform.DIRECTION_IN].mEncryption, flags);
        out.writeParcelable(flow[IpSecTransform.DIRECTION_IN].encryption, flags);
        out.writeParcelable(mFlow[IpSecTransform.DIRECTION_IN].mAuthentication, flags);
        out.writeParcelable(flow[IpSecTransform.DIRECTION_IN].authentication, flags);
        out.writeInt(mFlow[IpSecTransform.DIRECTION_OUT].mSpiResourceId);
        out.writeInt(flow[IpSecTransform.DIRECTION_OUT].spiResourceId);
        out.writeParcelable(mFlow[IpSecTransform.DIRECTION_OUT].mEncryption, flags);
        out.writeParcelable(flow[IpSecTransform.DIRECTION_OUT].encryption, flags);
        out.writeParcelable(mFlow[IpSecTransform.DIRECTION_OUT].mAuthentication, flags);
        out.writeParcelable(flow[IpSecTransform.DIRECTION_OUT].authentication, flags);
        out.writeInt(mEncapType);
        out.writeInt(encapType);
        out.writeInt(mEncapSocketResourceId);
        out.writeInt(encapLocalPortResourceId);
        out.writeInt(mEncapRemotePort);
        out.writeInt(encapRemotePort);
        out.writeInt(mNattKeepaliveInterval);
    }

    // Package Private: Used by the IpSecTransform.Builder;
    // there should be no public constructor for this object
    IpSecConfig() {}

    private static InetAddress readInetAddressFromParcel(Parcel in) {
        String addrString = in.readString();
        if (addrString == null) {
            return null;
        }
        try {
            return InetAddress.getByName(addrString);
        } catch (UnknownHostException e) {
            Log.wtf(TAG, "Invalid IpAddress " + addrString);
            return null;
        }
    }
    }


    @VisibleForTesting
    public IpSecConfig() {}

    private IpSecConfig(Parcel in) {
    private IpSecConfig(Parcel in) {
        localAddress = readInetAddressFromParcel(in);
        mMode = in.readInt();
        remoteAddress = readInetAddressFromParcel(in);
        mLocalAddress = in.readString();
        network = (Network) in.readParcelable(Network.class.getClassLoader());
        mRemoteAddress = in.readString();
        flow[IpSecTransform.DIRECTION_IN].spiResourceId = in.readInt();
        mNetwork = (Network) in.readParcelable(Network.class.getClassLoader());
        flow[IpSecTransform.DIRECTION_IN].encryption =
        mFlow[IpSecTransform.DIRECTION_IN].mSpiResourceId = in.readInt();
        mFlow[IpSecTransform.DIRECTION_IN].mEncryption =
                (IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader());
                (IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader());
        flow[IpSecTransform.DIRECTION_IN].authentication =
        mFlow[IpSecTransform.DIRECTION_IN].mAuthentication =
                (IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader());
                (IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader());
        flow[IpSecTransform.DIRECTION_OUT].spiResourceId = in.readInt();
        mFlow[IpSecTransform.DIRECTION_OUT].mSpiResourceId = in.readInt();
        flow[IpSecTransform.DIRECTION_OUT].encryption =
        mFlow[IpSecTransform.DIRECTION_OUT].mEncryption =
                (IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader());
                (IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader());
        flow[IpSecTransform.DIRECTION_OUT].authentication =
        mFlow[IpSecTransform.DIRECTION_OUT].mAuthentication =
                (IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader());
                (IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader());
        encapType = in.readInt();
        mEncapType = in.readInt();
        encapLocalPortResourceId = in.readInt();
        mEncapSocketResourceId = in.readInt();
        encapRemotePort = in.readInt();
        mEncapRemotePort = in.readInt();
        mNattKeepaliveInterval = in.readInt();
    }
    }


    @Override
    @Override
    public String toString() {
    public String toString() {
        StringBuilder strBuilder = new StringBuilder();
        StringBuilder strBuilder = new StringBuilder();
        strBuilder
        strBuilder
                .append("{mode=")
                .append("{mMode=")
                .append(mode == IpSecTransform.MODE_TUNNEL ? "TUNNEL" : "TRANSPORT")
                .append(mMode == IpSecTransform.MODE_TUNNEL ? "TUNNEL" : "TRANSPORT")
                .append(", localAddress=")
                .append(", mLocalAddress=")
                .append(localAddress)
                .append(mLocalAddress)
                .append(", remoteAddress=")
                .append(", mRemoteAddress=")
                .append(remoteAddress)
                .append(mRemoteAddress)
                .append(", network=")
                .append(", mNetwork=")
                .append(network)
                .append(mNetwork)
                .append(", encapType=")
                .append(", mEncapType=")
                .append(encapType)
                .append(mEncapType)
                .append(", encapLocalPortResourceId=")
                .append(", mEncapSocketResourceId=")
                .append(encapLocalPortResourceId)
                .append(mEncapSocketResourceId)
                .append(", encapRemotePort=")
                .append(", mEncapRemotePort=")
                .append(encapRemotePort)
                .append(mEncapRemotePort)
                .append(", nattKeepaliveInterval=")
                .append(", mNattKeepaliveInterval=")
                .append(nattKeepaliveInterval)
                .append(mNattKeepaliveInterval)
                .append(", flow[OUT]=")
                .append(", mFlow[OUT]=")
                .append(flow[IpSecTransform.DIRECTION_OUT])
                .append(mFlow[IpSecTransform.DIRECTION_OUT])
                .append(", flow[IN]=")
                .append(", mFlow[IN]=")
                .append(flow[IpSecTransform.DIRECTION_IN])
                .append(mFlow[IpSecTransform.DIRECTION_IN])
                .append("}");
                .append("}");


        return strBuilder.toString();
        return strBuilder.toString();
@@ -218,4 +271,22 @@ public final class IpSecConfig implements Parcelable {
                    return new IpSecConfig[size];
                    return new IpSecConfig[size];
                }
                }
            };
            };

    @VisibleForTesting
    public static boolean equals(IpSecConfig lhs, IpSecConfig rhs) {
        if (lhs == null || rhs == null) return (lhs == rhs);
        return (lhs.mMode == rhs.mMode
                && lhs.mLocalAddress.equals(rhs.mLocalAddress)
                && lhs.mRemoteAddress.equals(rhs.mRemoteAddress)
                && ((lhs.mNetwork != null && lhs.mNetwork.equals(rhs.mNetwork))
                        || (lhs.mNetwork == rhs.mNetwork))
                && lhs.mEncapType == rhs.mEncapType
                && lhs.mEncapSocketResourceId == rhs.mEncapSocketResourceId
                && lhs.mEncapRemotePort == rhs.mEncapRemotePort
                && lhs.mNattKeepaliveInterval == rhs.mNattKeepaliveInterval
                && IpSecConfig.Flow.equals(lhs.mFlow[IpSecTransform.DIRECTION_OUT],
                        rhs.mFlow[IpSecTransform.DIRECTION_OUT])
                && IpSecConfig.Flow.equals(lhs.mFlow[IpSecTransform.DIRECTION_IN],
                        rhs.mFlow[IpSecTransform.DIRECTION_IN]));
    }
}
}
+6 −2
Original line number Original line Diff line number Diff line
@@ -26,6 +26,8 @@ import android.os.RemoteException;
import android.util.AndroidException;
import android.util.AndroidException;
import android.util.Log;
import android.util.Log;


import com.android.internal.annotations.VisibleForTesting;

import dalvik.system.CloseGuard;
import dalvik.system.CloseGuard;


import java.io.FileDescriptor;
import java.io.FileDescriptor;
@@ -188,7 +190,8 @@ public final class IpSecManager {
        }
        }


        /** @hide */
        /** @hide */
        int getResourceId() {
        @VisibleForTesting
        public int getResourceId() {
            return mResourceId;
            return mResourceId;
        }
        }
    }
    }
@@ -489,7 +492,8 @@ public final class IpSecManager {
        }
        }


        /** @hide */
        /** @hide */
        int getResourceId() {
        @VisibleForTesting
        public int getResourceId() {
            return mResourceId;
            return mResourceId;
        }
        }
    };
    };
+27 −76
Original line number Original line Diff line number Diff line
@@ -68,10 +68,10 @@ public final class IpSecTransform implements AutoCloseable {
    public @interface TransformDirection {}
    public @interface TransformDirection {}


    /** @hide */
    /** @hide */
    public static final int MODE_TUNNEL = 0;
    public static final int MODE_TRANSPORT = 0;


    /** @hide */
    /** @hide */
    public static final int MODE_TRANSPORT = 1;
    public static final int MODE_TUNNEL = 1;


    /** @hide */
    /** @hide */
    public static final int ENCAP_NONE = 0;
    public static final int ENCAP_NONE = 0;
@@ -113,7 +113,11 @@ public final class IpSecTransform implements AutoCloseable {
        return IIpSecService.Stub.asInterface(b);
        return IIpSecService.Stub.asInterface(b);
    }
    }


    private void checkResultStatusAndThrow(int status)
    /**
     * Checks the result status and throws an appropriate exception if
     * the status is not Status.OK.
     */
    private void checkResultStatus(int status)
            throws IOException, IpSecManager.ResourceUnavailableException,
            throws IOException, IpSecManager.ResourceUnavailableException,
                    IpSecManager.SpiUnavailableException {
                    IpSecManager.SpiUnavailableException {
        switch (status) {
        switch (status) {
@@ -141,7 +145,7 @@ public final class IpSecTransform implements AutoCloseable {
                IpSecTransformResponse result =
                IpSecTransformResponse result =
                        svc.createTransportModeTransform(mConfig, new Binder());
                        svc.createTransportModeTransform(mConfig, new Binder());
                int status = result.status;
                int status = result.status;
                checkResultStatusAndThrow(status);
                checkResultStatus(status);
                mResourceId = result.resourceId;
                mResourceId = result.resourceId;


                /* Keepalive will silently fail if not needed by the config; but, if needed and
                /* Keepalive will silently fail if not needed by the config; but, if needed and
@@ -243,62 +247,21 @@ public final class IpSecTransform implements AutoCloseable {


    /* Package */
    /* Package */
    void startKeepalive(Context c) {
    void startKeepalive(Context c) {
        // FIXME: NO_KEEPALIVE needs to be a constant
        if (mConfig.getNattKeepaliveInterval() != 0) {
        if (mConfig.getNattKeepaliveInterval() == 0) {
            Log.wtf(TAG, "Keepalive not yet supported.");
            return;
        }
        }

        ConnectivityManager cm =
                (ConnectivityManager) c.getSystemService(Context.CONNECTIVITY_SERVICE);

        if (mKeepalive != null) {
            Log.wtf(TAG, "Keepalive already started for this IpSecTransform.");
            return;
    }
    }


        synchronized (mKeepaliveSyncLock) {
    /** @hide */
            mKeepalive =
    @VisibleForTesting
                    cm.startNattKeepalive(
    public int getResourceId() {
                            mConfig.getNetwork(),
                            mConfig.getNattKeepaliveInterval(),
                            mKeepaliveCallback,
                            mConfig.getLocalAddress(),
                            0x1234, /* FIXME: get the real port number again,
                                    which we need to retrieve from the provided
                                    EncapsulationSocket, and which isn't currently
                                    stashed in IpSecConfig */
                            mConfig.getRemoteAddress());
            try {
                // FIXME: this is still a horrible way to fudge the synchronous callback
                mKeepaliveSyncLock.wait(2000);
            } catch (InterruptedException e) {
            }
        }
        if (mKeepaliveStatus != ConnectivityManager.PacketKeepalive.SUCCESS) {
            throw new UnsupportedOperationException("Packet Keepalive cannot be started");
        }
    }

    /* Package */
    int getResourceId() {
        return mResourceId;
        return mResourceId;
    }
    }


    /* Package */
    /* Package */
    void stopKeepalive() {
    void stopKeepalive() {
        if (mKeepalive == null) {
        return;
        return;
    }
    }
        mKeepalive.stop();
        synchronized (mKeepaliveSyncLock) {
            if (mKeepaliveStatus == ConnectivityManager.PacketKeepalive.SUCCESS) {
                try {
                    mKeepaliveSyncLock.wait(2000);
                } catch (InterruptedException e) {
                }
            }
        }
    }


    /**
    /**
     * Builder object to facilitate the creation of IpSecTransform objects.
     * Builder object to facilitate the creation of IpSecTransform objects.
@@ -323,7 +286,7 @@ public final class IpSecTransform implements AutoCloseable {
         */
         */
        public IpSecTransform.Builder setEncryption(
        public IpSecTransform.Builder setEncryption(
                @TransformDirection int direction, IpSecAlgorithm algo) {
                @TransformDirection int direction, IpSecAlgorithm algo) {
            mConfig.flow[direction].encryption = algo;
            mConfig.setEncryption(direction, algo);
            return this;
            return this;
        }
        }


@@ -338,7 +301,7 @@ public final class IpSecTransform implements AutoCloseable {
         */
         */
        public IpSecTransform.Builder setAuthentication(
        public IpSecTransform.Builder setAuthentication(
                @TransformDirection int direction, IpSecAlgorithm algo) {
                @TransformDirection int direction, IpSecAlgorithm algo) {
            mConfig.flow[direction].authentication = algo;
            mConfig.setAuthentication(direction, algo);
            return this;
            return this;
        }
        }


@@ -361,9 +324,7 @@ public final class IpSecTransform implements AutoCloseable {
         */
         */
        public IpSecTransform.Builder setSpi(
        public IpSecTransform.Builder setSpi(
                @TransformDirection int direction, IpSecManager.SecurityParameterIndex spi) {
                @TransformDirection int direction, IpSecManager.SecurityParameterIndex spi) {
            // TODO: convert to using the resource Id of the SPI. Then build() can validate
            mConfig.setSpiResourceId(direction, spi.getResourceId());
            // the owner in the IpSecService
            mConfig.flow[direction].spiResourceId = spi.getResourceId();
            return this;
            return this;
        }
        }


@@ -378,7 +339,7 @@ public final class IpSecTransform implements AutoCloseable {
         */
         */
        @SystemApi
        @SystemApi
        public IpSecTransform.Builder setUnderlyingNetwork(Network net) {
        public IpSecTransform.Builder setUnderlyingNetwork(Network net) {
            mConfig.network = net;
            mConfig.setNetwork(net);
            return this;
            return this;
        }
        }


@@ -395,10 +356,9 @@ public final class IpSecTransform implements AutoCloseable {
         */
         */
        public IpSecTransform.Builder setIpv4Encapsulation(
        public IpSecTransform.Builder setIpv4Encapsulation(
                IpSecManager.UdpEncapsulationSocket localSocket, int remotePort) {
                IpSecManager.UdpEncapsulationSocket localSocket, int remotePort) {
            // TODO: check encap type is valid.
            mConfig.setEncapType(ENCAP_ESPINUDP);
            mConfig.encapType = ENCAP_ESPINUDP;
            mConfig.setEncapSocketResourceId(localSocket.getResourceId());
            mConfig.encapLocalPortResourceId = localSocket.getResourceId();
            mConfig.setEncapRemotePort(remotePort);
            mConfig.encapRemotePort = remotePort;
            return this;
            return this;
        }
        }


@@ -416,7 +376,7 @@ public final class IpSecTransform implements AutoCloseable {
         */
         */
        @SystemApi
        @SystemApi
        public IpSecTransform.Builder setNattKeepalive(int intervalSeconds) {
        public IpSecTransform.Builder setNattKeepalive(int intervalSeconds) {
            mConfig.nattKeepaliveInterval = intervalSeconds;
            mConfig.setNattKeepaliveInterval(intervalSeconds);
            return this;
            return this;
        }
        }


@@ -451,8 +411,8 @@ public final class IpSecTransform implements AutoCloseable {
                        IpSecManager.SpiUnavailableException, IOException {
                        IpSecManager.SpiUnavailableException, IOException {
            //FIXME: argument validation here
            //FIXME: argument validation here
            //throw new IllegalArgumentException("Natt Keepalive requires UDP Encapsulation");
            //throw new IllegalArgumentException("Natt Keepalive requires UDP Encapsulation");
            mConfig.mode = MODE_TRANSPORT;
            mConfig.setMode(MODE_TRANSPORT);
            mConfig.remoteAddress = remoteAddress;
            mConfig.setRemoteAddress(remoteAddress.getHostAddress());
            return new IpSecTransform(mContext, mConfig).activate();
            return new IpSecTransform(mContext, mConfig).activate();
        }
        }


@@ -473,9 +433,9 @@ public final class IpSecTransform implements AutoCloseable {
                InetAddress localAddress, InetAddress remoteAddress) {
                InetAddress localAddress, InetAddress remoteAddress) {
            //FIXME: argument validation here
            //FIXME: argument validation here
            //throw new IllegalArgumentException("Natt Keepalive requires UDP Encapsulation");
            //throw new IllegalArgumentException("Natt Keepalive requires UDP Encapsulation");
            mConfig.localAddress = localAddress;
            mConfig.setLocalAddress(localAddress.getHostAddress());
            mConfig.remoteAddress = remoteAddress;
            mConfig.setRemoteAddress(remoteAddress.getHostAddress());
            mConfig.mode = MODE_TUNNEL;
            mConfig.setMode(MODE_TUNNEL);
            return new IpSecTransform(mContext, mConfig);
            return new IpSecTransform(mContext, mConfig);
        }
        }


@@ -489,14 +449,5 @@ public final class IpSecTransform implements AutoCloseable {
            mContext = context;
            mContext = context;
            mConfig = new IpSecConfig();
            mConfig = new IpSecConfig();
        }
        }

        /**
         * Return an {@link IpSecConfig} object for testing purposes.
         * @hide
         */
        @VisibleForTesting
        public IpSecConfig getIpSecConfig() {
            return mConfig;
        }
    }
    }
}
}
+122 −29

File changed.

Preview size limit exceeded, changes collapsed.

Loading