File: PlatformVpnProfile.java

package info (click to toggle)
android-platform-frameworks-base 1%3A14~beta1-4
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 326,084 kB
  • sloc: java: 2,032,373; xml: 343,016; cpp: 304,181; python: 3,683; ansic: 2,090; sh: 1,871; makefile: 120; sed: 19
file content (139 lines) | stat: -rw-r--r-- 4,990 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
 
/*
 * Copyright (C) 2019 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package android.net;

import android.annotation.IntDef;
import android.annotation.NonNull;

import com.android.internal.net.VpnProfile;

import java.io.IOException;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.security.GeneralSecurityException;

/**
 * PlatformVpnProfile represents a configuration for a platform-based VPN implementation.
 *
 * <p>Platform-based VPNs allow VPN applications to provide configuration and authentication options
 * to leverage the Android OS' implementations of well-defined control plane (authentication, key
 * negotiation) and data plane (per-packet encryption) protocols to simplify the creation of VPN
 * tunnels. In contrast, {@link VpnService} based VPNs must implement both the control and data
 * planes on a per-app basis.
 *
 * @see Ikev2VpnProfile
 */
public abstract class PlatformVpnProfile {
    /**
     * Alias to platform VPN related types from VpnProfile, for API use.
     *
     * @hide
     */
    @Retention(RetentionPolicy.SOURCE)
    @IntDef({
        TYPE_IKEV2_IPSEC_USER_PASS,
        TYPE_IKEV2_IPSEC_PSK,
        TYPE_IKEV2_IPSEC_RSA,
    })
    public static @interface PlatformVpnType {}

    public static final int TYPE_IKEV2_IPSEC_USER_PASS = VpnProfile.TYPE_IKEV2_IPSEC_USER_PASS;
    public static final int TYPE_IKEV2_IPSEC_PSK = VpnProfile.TYPE_IKEV2_IPSEC_PSK;
    public static final int TYPE_IKEV2_IPSEC_RSA = VpnProfile.TYPE_IKEV2_IPSEC_RSA;

    /** @hide */
    public static final int MAX_MTU_DEFAULT = 1360;

    /** @hide */
    @PlatformVpnType protected final int mType;

    /** @hide */
    protected final boolean mExcludeLocalRoutes;
    /** @hide */
    protected final boolean mRequiresInternetValidation;

    /** @hide */
    PlatformVpnProfile(@PlatformVpnType int type, boolean excludeLocalRoutes,
            boolean requiresValidation) {
        mType = type;
        mExcludeLocalRoutes = excludeLocalRoutes;
        mRequiresInternetValidation = requiresValidation;
    }

    /** Returns the profile integer type. */
    @PlatformVpnType
    public final int getType() {
        return mType;
    }

    /**
     * Returns whether the local traffic is exempted from the VPN.
     */
    public final boolean areLocalRoutesExcluded() {
        return mExcludeLocalRoutes;
    }

    /**
     * Returns whether this VPN should undergo Internet validation.
     *
     * If this is true, the platform will perform basic validation checks for Internet
     * connectivity over this VPN. If and when they succeed, the VPN network capabilities will
     * reflect this by gaining the {@link NetworkCapabilities#NET_CAPABILITY_VALIDATED}
     * capability.
     *
     * If this is false, the platform assumes the VPN either is always capable of reaching the
     * Internet or intends not to. In this case, the VPN network capabilities will
     * always gain the {@link NetworkCapabilities#NET_CAPABILITY_VALIDATED} capability
     * immediately after it connects, whether it can reach public Internet destinations or not.
     */
    public final boolean isInternetValidationRequired() {
        return mRequiresInternetValidation;
    }

    /** Returns a type string describing the VPN profile type */
    @NonNull
    public final String getTypeString() {
        switch (mType) {
            case TYPE_IKEV2_IPSEC_USER_PASS:
                return "IKEv2/IPsec Username/Password";
            case TYPE_IKEV2_IPSEC_PSK:
                return "IKEv2/IPsec Preshared key";
            case TYPE_IKEV2_IPSEC_RSA:
                return "IKEv2/IPsec RSA Digital Signature";
            default:
                return "Unknown VPN profile type";
        }
    }

    /** @hide */
    @NonNull
    public abstract VpnProfile toVpnProfile() throws IOException, GeneralSecurityException;

    /** @hide */
    @NonNull
    public static PlatformVpnProfile fromVpnProfile(@NonNull VpnProfile profile)
            throws IOException, GeneralSecurityException {
        switch (profile.type) {
            case TYPE_IKEV2_IPSEC_USER_PASS: // fallthrough
            case TYPE_IKEV2_IPSEC_PSK: // fallthrough
            case TYPE_IKEV2_IPSEC_RSA:
                return Ikev2VpnProfile.fromVpnProfile(profile);
            default:
                throw new IllegalArgumentException("Unknown VPN Profile type");
        }
    }
}