mirror of
https://github.com/deneraraujo/OpenVPNAdapter.git
synced 2026-04-24 00:00:05 +08:00
Wrap peer info property and refactor getters/setters for min tbs version and tbs cert profile
This commit is contained in:
Sergey Abramchuk
@@ -0,0 +1,22 @@
|
||||
//
|
||||
// ConfigurationValues.h
|
||||
// OpenVPN Adapter
|
||||
//
|
||||
// Created by Sergey Abramchuk on 24.04.17.
|
||||
//
|
||||
//
|
||||
|
||||
#import <Foundation/Foundation.h>
|
||||
|
||||
extern NSString * __nonnull const OpenVPNMinTLSVersionDisabledValue;
|
||||
extern NSString * __nonnull const OpenVPNMinTLSVersion10Value;
|
||||
extern NSString * __nonnull const OpenVPNMinTLSVersion11Value;
|
||||
extern NSString * __nonnull const OpenVPNMinTLSVersion12Value;
|
||||
extern NSString * __nonnull const OpenVPNMinTLSVersionDefaultValue;
|
||||
|
||||
extern NSString * __nonnull const OpenVPNTLSCertProfileLegacyValue;
|
||||
extern NSString * __nonnull const OpenVPNTLSCertProfilePreferredValue;
|
||||
extern NSString * __nonnull const OpenVPNTLSCertProfileSuiteBValue;
|
||||
extern NSString * __nonnull const OpenVPNTLSCertProfileLegacyDefaultValue;
|
||||
extern NSString * __nonnull const OpenVPNTLSCertProfilePreferredDefaultValue;
|
||||
extern NSString * __nonnull const OpenVPNTLSCertProfileDefaultValue;
|
||||
@@ -0,0 +1,22 @@
|
||||
//
|
||||
// ConfigurationValues.m
|
||||
// OpenVPN Adapter
|
||||
//
|
||||
// Created by Sergey Abramchuk on 24.04.17.
|
||||
//
|
||||
//
|
||||
|
||||
#import "ConfigurationValues.h"
|
||||
|
||||
NSString * const OpenVPNMinTLSVersionDisabledValue = @"disabled";
|
||||
NSString * const OpenVPNMinTLSVersion10Value = @"tls_1_0";
|
||||
NSString * const OpenVPNMinTLSVersion11Value = @"tls_1_1";
|
||||
NSString * const OpenVPNMinTLSVersion12Value = @"tls_1_2";
|
||||
NSString * const OpenVPNMinTLSVersionDefaultValue = @"default";
|
||||
|
||||
NSString * const OpenVPNTLSCertProfileLegacyValue = @"legacy";
|
||||
NSString * const OpenVPNTLSCertProfilePreferredValue = @"preferred";
|
||||
NSString * const OpenVPNTLSCertProfileSuiteBValue = @"suiteb";
|
||||
NSString * const OpenVPNTLSCertProfileLegacyDefaultValue = @"legacy-default";
|
||||
NSString * const OpenVPNTLSCertProfilePreferredDefaultValue = @"preferred-default";
|
||||
NSString * const OpenVPNTLSCertProfileDefaultValue = @"default";
|
||||
@@ -66,6 +66,21 @@ typedef NS_ENUM(NSInteger, OpenVPNMinTLSVersion) {
|
||||
OpenVPNMinTLSVersionDefault
|
||||
};
|
||||
|
||||
typedef NS_ENUM(NSInteger, OpenVPNTLSCertProfile) {
|
||||
/// Allow 1024-bit RSA certs signed with SHA1
|
||||
OpenVPNTLSCertProfileLegacy,
|
||||
/// Require at least 2048-bit RSA certs signed with SHA256 or higher
|
||||
OpenVPNTLSCertProfilePreferred,
|
||||
/// Require NSA Suite-B
|
||||
OpenVPNTLSCertProfileSuiteB,
|
||||
/// Use legacy as the default if profile doesn't specify tls-cert-profile
|
||||
OpenVPNTLSCertProfileLegacyDefault,
|
||||
/// Use preferred as the default if profile doesn't specify tls-cert-profile
|
||||
OpenVPNTLSCertProfilePreferredDefault,
|
||||
/// Use profile default
|
||||
OpenVPNTLSCertProfileDefault
|
||||
};
|
||||
|
||||
@interface OpenVPNConfiguration : NSObject
|
||||
|
||||
/**
|
||||
@@ -164,4 +179,14 @@ typedef NS_ENUM(NSInteger, OpenVPNMinTLSVersion) {
|
||||
*/
|
||||
@property (nonatomic) OpenVPNMinTLSVersion minTLSVersion;
|
||||
|
||||
/**
|
||||
Override or default the tls-cert-profile setting
|
||||
*/
|
||||
@property (nonatomic) OpenVPNTLSCertProfile tlsCertProfile;
|
||||
|
||||
/**
|
||||
Pass custom key/value pairs to OpenVPN server
|
||||
*/
|
||||
@property (nullable, nonatomic) NSDictionary<NSString *, NSString *> *peerInfo;
|
||||
|
||||
@end
|
||||
|
||||
@@ -6,6 +6,7 @@
|
||||
//
|
||||
//
|
||||
|
||||
#import "ConfigurationValues.h"
|
||||
#import "OpenVPNConfiguration.h"
|
||||
#import "OpenVPNConfiguration+Internal.h"
|
||||
|
||||
@@ -92,7 +93,7 @@ using namespace openvpn;
|
||||
NSString *currentValue = [NSString stringWithUTF8String:_config.protoOverride.c_str()];
|
||||
|
||||
NSNumber *transportProtocol = options[currentValue];
|
||||
NSAssert(transportProtocol != nil, @"Incorrect ipv6 value");
|
||||
NSAssert(transportProtocol != nil, @"Incorrect protoOverride value");
|
||||
|
||||
return (OpenVPNTransportProtocol)[transportProtocol integerValue];
|
||||
}
|
||||
@@ -271,48 +272,100 @@ using namespace openvpn;
|
||||
|
||||
- (OpenVPNMinTLSVersion)minTLSVersion {
|
||||
NSDictionary *options = @{
|
||||
@"disabled": @(OpenVPNMinTLSVersionDisabled),
|
||||
@"tls_1_0": @(OpenVPNMinTLSVersion10),
|
||||
@"tls_1_1": @(OpenVPNMinTLSVersion11),
|
||||
@"tls_1_2": @(OpenVPNMinTLSVersion12),
|
||||
@"default": @(OpenVPNMinTLSVersionDefault),
|
||||
@"": @(OpenVPNMinTLSVersionDefault)
|
||||
OpenVPNMinTLSVersionDisabledValue: @(OpenVPNMinTLSVersionDisabled),
|
||||
OpenVPNMinTLSVersion10Value: @(OpenVPNMinTLSVersion10),
|
||||
OpenVPNMinTLSVersion11Value: @(OpenVPNMinTLSVersion11),
|
||||
OpenVPNMinTLSVersion12Value: @(OpenVPNMinTLSVersion12),
|
||||
OpenVPNMinTLSVersionDefaultValue: @(OpenVPNMinTLSVersionDefault)
|
||||
};
|
||||
|
||||
NSString *currentValue = [NSString stringWithUTF8String:_config.tlsVersionMinOverride.c_str()];
|
||||
NSString *currentValue = _config.tlsVersionMinOverride.empty() ? OpenVPNMinTLSVersionDefaultValue :
|
||||
[NSString stringWithUTF8String:_config.tlsVersionMinOverride.c_str()];
|
||||
|
||||
NSNumber *preference = options[currentValue];
|
||||
NSAssert(preference != nil, @"Incorrect minTLSVersion value");
|
||||
NSAssert(preference != nil, @"Incorrect tlsVersionMinOverride value: %@", currentValue);
|
||||
|
||||
return (OpenVPNMinTLSVersion)[preference integerValue];
|
||||
}
|
||||
|
||||
- (void)setMinTLSVersion:(OpenVPNMinTLSVersion)minTLSVersion {
|
||||
switch (minTLSVersion) {
|
||||
case OpenVPNMinTLSVersionDisabled:
|
||||
_config.tlsVersionMinOverride = "disabled";
|
||||
break;
|
||||
|
||||
case OpenVPNMinTLSVersion10:
|
||||
_config.tlsVersionMinOverride = "tls_1_0";
|
||||
break;
|
||||
|
||||
case OpenVPNMinTLSVersion11:
|
||||
_config.tlsVersionMinOverride = "tls_1_1";
|
||||
break;
|
||||
|
||||
case OpenVPNMinTLSVersion12:
|
||||
_config.tlsVersionMinOverride = "tls_1_2";
|
||||
break;
|
||||
|
||||
case OpenVPNMinTLSVersionDefault:
|
||||
_config.tlsVersionMinOverride = "default";
|
||||
break;
|
||||
|
||||
default:
|
||||
NSAssert(NO, @"Incorrect OpenVPNMinTLSVersion value");
|
||||
break;
|
||||
NSDictionary *options = @{
|
||||
@(OpenVPNMinTLSVersionDisabled): OpenVPNMinTLSVersionDisabledValue,
|
||||
@(OpenVPNMinTLSVersion10): OpenVPNMinTLSVersion10Value,
|
||||
@(OpenVPNMinTLSVersion11): OpenVPNMinTLSVersion11Value,
|
||||
@(OpenVPNMinTLSVersion12): OpenVPNMinTLSVersion12Value,
|
||||
@(OpenVPNMinTLSVersionDefault): OpenVPNMinTLSVersionDefaultValue
|
||||
};
|
||||
|
||||
NSString *value = options[@(minTLSVersion)];
|
||||
NSAssert(value != nil, @"Incorrect minTLSVersion value: %li", (NSInteger)minTLSVersion);
|
||||
|
||||
_config.tlsVersionMinOverride = [value UTF8String];
|
||||
}
|
||||
|
||||
- (OpenVPNTLSCertProfile)tlsCertProfile {
|
||||
NSDictionary *options = @{
|
||||
OpenVPNTLSCertProfileLegacyValue: @(OpenVPNTLSCertProfileLegacy),
|
||||
OpenVPNTLSCertProfilePreferredValue: @(OpenVPNTLSCertProfilePreferred),
|
||||
OpenVPNTLSCertProfileSuiteBValue: @(OpenVPNTLSCertProfileSuiteB),
|
||||
OpenVPNTLSCertProfileLegacyDefaultValue: @(OpenVPNTLSCertProfileLegacyDefault),
|
||||
OpenVPNTLSCertProfilePreferredDefaultValue: @(OpenVPNTLSCertProfilePreferredDefault),
|
||||
OpenVPNTLSCertProfileDefaultValue: @(OpenVPNTLSCertProfileDefault),
|
||||
};
|
||||
|
||||
NSString *currentValue = _config.tlsCertProfileOverride.empty() ? OpenVPNTLSCertProfileDefaultValue :
|
||||
[NSString stringWithUTF8String:_config.tlsCertProfileOverride.c_str()];
|
||||
|
||||
NSNumber *preference = options[currentValue];
|
||||
NSAssert(preference != nil, @"Incorrect tlsCertProfileOverride value: %@", currentValue);
|
||||
|
||||
return (OpenVPNTLSCertProfile)[preference integerValue];
|
||||
}
|
||||
|
||||
- (void)setTlsCertProfile:(OpenVPNTLSCertProfile)tlsCertProfile {
|
||||
NSDictionary *options = @{
|
||||
@(OpenVPNTLSCertProfileLegacy): OpenVPNTLSCertProfileLegacyValue,
|
||||
@(OpenVPNTLSCertProfilePreferred): OpenVPNTLSCertProfilePreferredValue,
|
||||
@(OpenVPNTLSCertProfileSuiteB): OpenVPNTLSCertProfileSuiteBValue,
|
||||
@(OpenVPNTLSCertProfileLegacyDefault): OpenVPNTLSCertProfileLegacyDefaultValue,
|
||||
@(OpenVPNTLSCertProfilePreferredDefault): OpenVPNTLSCertProfilePreferredDefaultValue,
|
||||
@(OpenVPNTLSCertProfileDefault): OpenVPNTLSCertProfileDefaultValue
|
||||
};
|
||||
|
||||
NSString *value = options[@(tlsCertProfile)];
|
||||
NSAssert(value != nil, @"Incorrect tlsCertProfile value: %li", (NSInteger)tlsCertProfile);
|
||||
|
||||
_config.tlsCertProfileOverride = [value UTF8String];
|
||||
}
|
||||
|
||||
- (NSDictionary<NSString *,NSString *> *)peerInfo {
|
||||
if (_config.peerInfo.size() == 0) {
|
||||
return nil;
|
||||
}
|
||||
|
||||
NSMutableDictionary *peerInfo = [NSMutableDictionary new];
|
||||
|
||||
for (ClientAPI::KeyValue param : _config.peerInfo) {
|
||||
NSString *key = [NSString stringWithCString:param.key.c_str() encoding:NSUTF8StringEncoding];
|
||||
NSString *value = [NSString stringWithCString:param.value.c_str() encoding:NSUTF8StringEncoding];
|
||||
|
||||
peerInfo[key] = value;
|
||||
}
|
||||
|
||||
return [peerInfo copy];
|
||||
}
|
||||
|
||||
- (void)setPeerInfo:(NSDictionary<NSString *,NSString *> *)peerInfo {
|
||||
_config.contentList.clear();
|
||||
|
||||
if (!peerInfo) {
|
||||
return;
|
||||
}
|
||||
|
||||
[peerInfo enumerateKeysAndObjectsUsingBlock:^(NSString * _Nonnull key, NSString * _Nonnull obj, BOOL * _Nonnull stop) {
|
||||
ClientAPI::KeyValue param = ClientAPI::KeyValue(std::string([key UTF8String]), std::string([obj UTF8String]));
|
||||
_config.peerInfo.push_back(param);
|
||||
}];
|
||||
}
|
||||
|
||||
@end
|
||||
|
||||
Reference in New Issue
Block a user