From a3065159dc7c6819db8d32495d098ea67a52c7a7 Mon Sep 17 00:00:00 2001 From: "xiaohui.xie" Date: Thu, 19 Jun 2025 12:34:39 +0800 Subject: [PATCH 1/7] support multi vpn Signed-off-by: xiaohui.xie --- frameworks/js/napi/vpn/include/vpn_monitor.h | 2 - frameworks/js/napi/vpn/src/vpn_monitor.cpp | 4 +- frameworks/js/napi/vpnext/BUILD.gn | 2 +- .../js/napi/vpnext/include/vpn_monitor_ext.h | 2 - .../netvpnclient/INetworkVpnService.idl | 1 - .../netvpnclient/IVpnEventCallback.idl | 2 +- .../netvpnclient/include/networkvpn_client.h | 2 - .../vpnmanager/include/i_vpn_conn_state_cb.h | 4 +- services/vpnmanager/include/ipsec_vpn_ctl.h | 20 +- services/vpnmanager/include/l2tp_vpn_ctl.h | 13 + .../vpnmanager/include/multi_vpn_helper.h | 9 +- services/vpnmanager/include/net_vpn_impl.h | 1 + .../vpnmanager/include/networkvpn_service.h | 5 +- .../include/vpn_template_processor.h | 19 +- services/vpnmanager/src/ipsec_vpn_ctl.cpp | 188 ++++- services/vpnmanager/src/l2tp_vpn_ctl.cpp | 200 +++-- services/vpnmanager/src/multi_vpn_helper.cpp | 31 +- services/vpnmanager/src/net_vpn_impl.cpp | 31 + .../vpnmanager/src/networkvpn_service.cpp | 114 ++- services/vpnmanager/src/open_vpn_ctl.cpp | 8 + .../vpnmanager/src/vpn_template_processor.cpp | 738 +++++++++--------- .../mock_vpn_event_callback_test.h | 2 - .../ipsec_vpn_ctl_test.cpp | 64 ++ .../l2tp_vpn_ctl_test.cpp | 145 +++- .../multi_vpn_helper_test.cpp | 45 +- .../open_vpn_ctl_test.cpp | 29 + .../vpn_template_processor_test.cpp | 170 +++- .../vpn_manager_test/net_vpn_impl_test.cpp | 7 - .../networkvpn_client_test.cpp | 2 - .../networkvpn_service_test.cpp | 2 - 30 files changed, 1247 insertions(+), 615 deletions(-) diff --git a/frameworks/js/napi/vpn/include/vpn_monitor.h b/frameworks/js/napi/vpn/include/vpn_monitor.h index ed93197a..ae10b521 100644 --- a/frameworks/js/napi/vpn/include/vpn_monitor.h +++ b/frameworks/js/napi/vpn/include/vpn_monitor.h @@ -27,9 +27,7 @@ namespace NetManagerStandard { class VpnEventCallback : public VpnEventCallbackStub { public: int32_t OnVpnStateChanged(bool isConnected) override; - #ifdef SUPPORT_SYSVPN int32_t OnMultiVpnStateChanged(bool isConnected, const std::string &bundleName, const std::string &vpnId) override; - #endif // SUPPORT_SYSVPN int32_t OnVpnMultiUserSetUp() override{ return ERR_OK; }; }; diff --git a/frameworks/js/napi/vpn/src/vpn_monitor.cpp b/frameworks/js/napi/vpn/src/vpn_monitor.cpp index f29fb753..7a0710d4 100644 --- a/frameworks/js/napi/vpn/src/vpn_monitor.cpp +++ b/frameworks/js/napi/vpn/src/vpn_monitor.cpp @@ -134,19 +134,19 @@ int32_t VpnEventCallback::OnVpnStateChanged(bool isConnected) return ERR_OK; } -#ifdef SUPPORT_SYSVPN int32_t VpnEventCallback::OnMultiVpnStateChanged(bool isConnected, const std::string &bundleName, const std::string &vpnId) { +#ifdef SUPPORT_SYSVPN auto manager = VpnMonitor::GetInstance().GetManager(); MultiVpnData *data = new MultiVpnData(); data->isConnected = isConnected; data->bundleName = bundleName; data->vpnId = vpnId; manager->EmitByUv(CONNECT_MULTI, reinterpret_cast(data), EventConnectMultiCallback); +#endif // SUPPORT_SYSVPN return ERR_OK; } -#endif // SUPPORT_SYSVPN VpnMonitor::VpnMonitor() { diff --git a/frameworks/js/napi/vpnext/BUILD.gn b/frameworks/js/napi/vpnext/BUILD.gn index f07acf81..3035aa43 100644 --- a/frameworks/js/napi/vpnext/BUILD.gn +++ b/frameworks/js/napi/vpnext/BUILD.gn @@ -40,7 +40,7 @@ ohos_shared_library("vpnextension") { if (netmanager_ext_feature_sysvpn) { sources += [ - "src/vpn_config_utils_ext.cpp", + "src/vpn_config_utils_ext.cpp", "src/context/generate_vpnId_context_ext.cpp", ] } diff --git a/frameworks/js/napi/vpnext/include/vpn_monitor_ext.h b/frameworks/js/napi/vpnext/include/vpn_monitor_ext.h index 5de1c74a..f7c0be72 100644 --- a/frameworks/js/napi/vpnext/include/vpn_monitor_ext.h +++ b/frameworks/js/napi/vpnext/include/vpn_monitor_ext.h @@ -36,9 +36,7 @@ static constexpr const char *VPN_DIALOG_POSTFIX = "**vpndialog**"; class VpnEventCallback : public VpnEventCallbackStub { public: int32_t OnVpnStateChanged(bool isConnected) override; - #ifdef SUPPORT_SYSVPN int32_t OnMultiVpnStateChanged(bool isConnected, const std::string &bundleName, const std::string &vpnId) override; - #endif // SUPPORT_SYSVPN int32_t OnVpnMultiUserSetUp() override{ return ERR_OK; }; }; diff --git a/interfaces/innerkits/netvpnclient/INetworkVpnService.idl b/interfaces/innerkits/netvpnclient/INetworkVpnService.idl index fdde1a2a..ac5e2090 100644 --- a/interfaces/innerkits/netvpnclient/INetworkVpnService.idl +++ b/interfaces/innerkits/netvpnclient/INetworkVpnService.idl @@ -40,5 +40,4 @@ interface OHOS.NetManagerStandard.INetworkVpnService { [macrodef SUPPORT_SYSVPN] void DestroyVpn([in] String vpnId); [macrodef SUPPORT_SYSVPN] void RegisterMultiVpnEvent([in] IVpnEventCallback callbackparam); [macrodef SUPPORT_SYSVPN] void UnregisterMultiVpnEvent([in] IVpnEventCallback callbackparam); - } \ No newline at end of file diff --git a/interfaces/innerkits/netvpnclient/IVpnEventCallback.idl b/interfaces/innerkits/netvpnclient/IVpnEventCallback.idl index c2cc99c5..06de43a1 100644 --- a/interfaces/innerkits/netvpnclient/IVpnEventCallback.idl +++ b/interfaces/innerkits/netvpnclient/IVpnEventCallback.idl @@ -16,6 +16,6 @@ package OHOS.NetManagerStandard; [callback] interface IVpnEventCallback{ void OnVpnStateChanged([in] boolean isConnected); - [macrodef SUPPORT_SYSVPN] void OnMultiVpnStateChanged([in] boolean isConnected, [in] String bundleName, [in] String vpnId); + void OnMultiVpnStateChanged([in] boolean isConnected, [in] String bundleName, [in] String vpnId); void OnVpnMultiUserSetUp(); } \ No newline at end of file diff --git a/interfaces/innerkits/netvpnclient/include/networkvpn_client.h b/interfaces/innerkits/netvpnclient/include/networkvpn_client.h index 48db13f3..b4a58f80 100644 --- a/interfaces/innerkits/netvpnclient/include/networkvpn_client.h +++ b/interfaces/innerkits/netvpnclient/include/networkvpn_client.h @@ -36,10 +36,8 @@ namespace NetManagerStandard { class VpnSetUpEventCallback : public VpnEventCallbackStub { public: int32_t OnVpnStateChanged(bool isConnected) override{ return ERR_OK; }; -#ifdef SUPPORT_SYSVPN int32_t OnMultiVpnStateChanged(bool isConnected, const std::string &bundleName, const std::string &vpnId) override{ return ERR_OK; }; -#endif // SUPPORT_SYSVPN int32_t OnVpnMultiUserSetUp() override; }; diff --git a/services/vpnmanager/include/i_vpn_conn_state_cb.h b/services/vpnmanager/include/i_vpn_conn_state_cb.h index f6332d16..ff513a85 100644 --- a/services/vpnmanager/include/i_vpn_conn_state_cb.h +++ b/services/vpnmanager/include/i_vpn_conn_state_cb.h @@ -24,9 +24,7 @@ namespace NetManagerStandard { class IVpnConnStateCb { public: virtual void OnVpnConnStateChanged(const VpnConnectState &state) = 0; -#ifdef SUPPORT_SYSVPN - virtual void OnMultiVpnConnStateChanged(const VpnConnectState &state, const std::string &vpnId) = 0; -#endif // SUPPORT_SYSVPN + virtual void OnMultiVpnConnStateChanged(const VpnConnectState &state, const std::string &vpnId) {}; }; } // namespace NetManagerStandard } // namespace OHOS diff --git a/services/vpnmanager/include/ipsec_vpn_ctl.h b/services/vpnmanager/include/ipsec_vpn_ctl.h index b792a411..162d4319 100644 --- a/services/vpnmanager/include/ipsec_vpn_ctl.h +++ b/services/vpnmanager/include/ipsec_vpn_ctl.h @@ -18,6 +18,7 @@ #include +#include "cJSON.h" #include "ipsecvpn_config.h" #include "l2tpvpn_config.h" #include "net_vpn_impl.h" @@ -34,15 +35,24 @@ const std::string L2TP_CFG = IPSEC_PIDDIR "/xl2tpd.conf"; const std::string IPSEC_START_TAG = "start"; const std::string SWANCTL_START_TAG = "config"; const std::string IPSEC_CONNECT_TAG = "connect"; +constexpr const char *IPSEC_CONNECT_NAME = "home"; +constexpr const char *L2TP_CONNECT_NAME = "l2tp"; +constexpr const char *IPSEC_NODE_UPDATE_CONFIG = "updateconfig"; +constexpr const char *IPSEC_NODE_MTU = "mtu"; +constexpr const char *IPSEC_NODE_ADDRESS = "address"; +constexpr const char *IPSEC_NODE_NETMASK = "netmask"; +constexpr const char *IPSEC_NODE_PHY_NAME = "phyifname"; +constexpr const char *IPSEC_NODE_REMOTE_IP = "remoteip"; } // namespace using namespace NetsysNative; enum IpsecVpnStateCode { STATE_INIT = 0, STATE_STARTED, // ipsec restart compelete - STATE_CONFIGED, // swanctl load files compelete or xl2tpd start + STATE_CONFIGED, // swanctl load files compelete STATE_CONTROLLED, // control pppd startup STATE_CONNECTED, // ipsec up home or pppd started STATE_DISCONNECTED, // stop + STATE_L2TP_STARTED, // xl2tpd start }; enum IpsecVpnCertType : int32_t { @@ -77,6 +87,14 @@ protected: virtual int32_t InitConfigFile(); void CleanTempFiles(); void DeleteTempFile(const std::string &fileName); + int32_t SetUpVpnTun(); + int32_t UpdateConfig(const std::string &msg); +private: + void ProcessUpdateConfig(cJSON* jConfig); + void ProcessSwanctlLoad(); + void ProcessIpsecUp(); + void HandleConnected(); + int32_t HandleUpdateConfig(const std::string &config); }; } // namespace NetManagerStandard } // namespace OHOS diff --git a/services/vpnmanager/include/l2tp_vpn_ctl.h b/services/vpnmanager/include/l2tp_vpn_ctl.h index 4b21fecb..8aa2fb57 100644 --- a/services/vpnmanager/include/l2tp_vpn_ctl.h +++ b/services/vpnmanager/include/l2tp_vpn_ctl.h @@ -28,6 +28,11 @@ namespace NetManagerStandard { namespace { const std::string L2TP_IPSEC_CONFIGURED_TAG = "xl2tpdstart"; const std::string L2TP_IPSEC_CONNECTED_TAG = "pppdstart"; +constexpr const char *SINGLE_XL2TP_TEMPCONFIG = + R"(l2tp lns = vpn_address;ppp debug = yes;pppoptfile = options.l2tpd.client.conf;length bit = yes;)"; +constexpr const char *VPN_ADDRESS_KEY = "vpn_address"; +constexpr const char *VPN_NAME_KEY = "l2tp"; +constexpr const char *VPN_CLIENT_CONFIG_NAME_KEY = "options.l2tpd.client.conf"; } // namespace class L2tpVpnCtl : public IpsecVpnCtl { public: @@ -42,6 +47,14 @@ private: int32_t StartSysVpn() override; int32_t StopSysVpn() override; int32_t InitConfigFile() override; + std::string GetXl2tpdConfig(); + void AddConfigToL2tpdConf(); + void HandleIpdecStarted(); + void HandleSwanCtlLoaded(); + void HandleL2tpConfiged(); + void HandleL2tpdCtl(); + void HandleL2tpConnected(); + int32_t ProcessUpdateConfig(const std::string &config); }; } // namespace NetManagerStandard } // namespace OHOS diff --git a/services/vpnmanager/include/multi_vpn_helper.h b/services/vpnmanager/include/multi_vpn_helper.h index a5f65811..51d1d1eb 100644 --- a/services/vpnmanager/include/multi_vpn_helper.h +++ b/services/vpnmanager/include/multi_vpn_helper.h @@ -20,9 +20,11 @@ #include "sysvpn_config.h" #include "refbase.h" #include "net_manager_ext_constants.h" +#include "netsys_controller.h" namespace OHOS { namespace NetManagerStandard { +using namespace NetsysNative; struct MultiVpnInfo : RefBase { std::string vpnId; std::string ifName; @@ -31,23 +33,20 @@ struct MultiVpnInfo : RefBase { int32_t callingUid; int32_t userId; VpnConnectState vpnConnectState = VpnConnectState::VPN_DISCONNECTED; - bool isConnecting = false; - bool isVpnExtCall = false; + bool isVpnExtCall = true; }; class MultiVpnHelper { public: static MultiVpnHelper &GetInstance(); int32_t GetNewIfNameId(); - int32_t CreateMultiVpnInfo(const sptr &config, sptr &info, - std::string &bundleName, int32_t userId, bool isVpnExtCall); + int32_t CreateMultiVpnInfo(const std::string &vpnId, int32_t vpnType, sptr &info); int32_t AddMultiVpnInfo(const sptr &info); int32_t DelMultiVpnInfo(const sptr &info); bool StartIpsec(); void StopIpsec(); bool StartL2tp(); void StopL2tp(); - bool IsAnyVpnConnecting(); bool IsConnectedStage(const std::string &stage); private: MultiVpnHelper(); diff --git a/services/vpnmanager/include/net_vpn_impl.h b/services/vpnmanager/include/net_vpn_impl.h index 84ea328f..40aceb96 100644 --- a/services/vpnmanager/include/net_vpn_impl.h +++ b/services/vpnmanager/include/net_vpn_impl.h @@ -107,6 +107,7 @@ private: std::string ConvertVpnIpv4Address(uint32_t addressIpv4); #ifdef SUPPORT_SYSVPN + void ProcessUpRules(bool isUp); public: sptr multiVpnInfo_ = nullptr; #endif // SUPPORT_SYSVPN diff --git a/services/vpnmanager/include/networkvpn_service.h b/services/vpnmanager/include/networkvpn_service.h index 0463b438..d5274fac 100644 --- a/services/vpnmanager/include/networkvpn_service.h +++ b/services/vpnmanager/include/networkvpn_service.h @@ -69,9 +69,7 @@ class NetworkVpnService : public SystemAbility, public NetworkVpnServiceStub, pr explicit VpnConnStateCb(const NetworkVpnService &vpnService) : vpnService_(vpnService){}; virtual ~VpnConnStateCb() = default; void OnVpnConnStateChanged(const VpnConnectState &state) override; - #ifdef SUPPORT_SYSVPN void OnMultiVpnConnStateChanged(const VpnConnectState &state, const std::string &vpnId) override; - #endif // SUPPORT_SYSVPN private: const NetworkVpnService &vpnService_; @@ -280,6 +278,8 @@ private: std::vector &activeUserIds); int32_t DestroyMultiVpn(int32_t callingUid); int32_t DestroyMultiVpn(const std::shared_ptr &vpnObj, bool needErase = true); + bool IsSetUpReady(std::string &vpnId, std::string &vpnBundleName, + int32_t &userId, std::vector &activeUserIds); #endif // SUPPORT_SYSVPN std::string GetBundleName(); std::string GetCurrentVpnBundleName(); @@ -295,6 +295,7 @@ private: std::shared_ptr vpnConnCallback_; std::shared_ptr vpnObj_; #ifdef SUPPORT_SYSVPN + std::shared_ptr connectingObj_; std::map> vpnObjMap_; std::vector> multiVpnEventCallbacks_; #endif // SUPPORT_SYSVPN diff --git a/services/vpnmanager/include/vpn_template_processor.h b/services/vpnmanager/include/vpn_template_processor.h index 7b39c055..d81468a2 100644 --- a/services/vpnmanager/include/vpn_template_processor.h +++ b/services/vpnmanager/include/vpn_template_processor.h @@ -16,25 +16,32 @@ #ifndef NET_VPN_TEMPLATE_PROCESSOR_H #define NET_VPN_TEMPLATE_PROCESSOR_H +#include #include "ipsecvpn_config.h" #include "l2tpvpn_config.h" +#include "net_vpn_impl.h" namespace OHOS { namespace NetManagerStandard { class VpnTemplateProcessor { public: - int32_t BuildConfig(sptr &l2tpConfig); - int32_t BuildConfig(sptr &ipsecConfig); + int32_t BuildConfig(std::shared_ptr &vpnObj, + std::map> &vpnObjMap); private: - void GenSwanctlConf(sptr &config); - void GenXl2tpdConf(sptr &config); + void GenSwanctlOrIpsecConf(sptr &ipsecConfig, sptr &l2tpConfig, + int32_t ifNameId, std::map> &vpnObjMap); + void GenXl2tpdConf(sptr &config, int32_t ifNameId, + std::map> &vpnObjMap); void GenOptionsL2tpdClient(sptr &config); - void GenIpsecConf(sptr &config); void GenIpsecSecrets(sptr &config); - void GenStrongSwanConf(int32_t vpnType, std::string &outConf); void InflateConf(std::string &conf, const std::unordered_map& params); + + void GetConnectAndSecretTemp(int32_t type, std::string &outConnect, std::string &outSecret); + void CreateConnectAndSecret(sptr &ipsecConfig, sptr &l2tpConfig, + int32_t ifNameId, std::string &outConnect, std::string &outSecret); + void CreateXl2tpdConf(sptr &config, int32_t ifNameId, std::string &outConf); }; } // namespace NetManagerStandard } // namespace OHOS diff --git a/services/vpnmanager/src/ipsec_vpn_ctl.cpp b/services/vpnmanager/src/ipsec_vpn_ctl.cpp index 8c07539c..fb50d286 100644 --- a/services/vpnmanager/src/ipsec_vpn_ctl.cpp +++ b/services/vpnmanager/src/ipsec_vpn_ctl.cpp @@ -17,7 +17,7 @@ #include -#include "base64_utils.h" +#include "multi_vpn_helper.h" #include "netmgr_ext_log_wrapper.h" #include "netmanager_base_common_utils.h" #include "net_manager_ext_constants.h" @@ -46,15 +46,28 @@ int32_t IpsecVpnCtl::SetUp() int32_t IpsecVpnCtl::Destroy() { - return StopSysVpn(); + StopSysVpn(); + if (multiVpnInfo_ != nullptr) { + NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_SET_VPN_CALL_MODE, + multiVpnInfo_->isVpnExtCall ? "0" : "1"); + } + int result = NetVpnImpl::Destroy(); + NETMGR_EXT_LOG_I("ipsec Destroy result %{public}d", result); + return result; } int32_t IpsecVpnCtl::StopSysVpn() { NETMGR_EXT_LOG_I("stop ipsec vpn"); state_ = IpsecVpnStateCode::STATE_DISCONNECTED; - NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_DOWN_HOME); - NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_STOP); + if (multiVpnInfo_ != nullptr) { + NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_DOWN_HOME, + std::string(IPSEC_CONNECT_NAME) + std::to_string(multiVpnInfo_->ifNameId)); + } else { + NetsysController::GetInstance().ProcessVpnStage( + SysVpnStageCode::VPN_STAGE_DOWN_HOME, std::string(IPSEC_CONNECT_NAME)); + } + MultiVpnHelper::GetInstance().StopIpsec(); NotifyConnectState(VpnConnectState::VPN_DISCONNECTED); return NETMANAGER_EXT_SUCCESS; } @@ -64,7 +77,10 @@ int32_t IpsecVpnCtl::StartSysVpn() NETMGR_EXT_LOG_I("start ipsec vpn"); state_ = IpsecVpnStateCode::STATE_INIT; InitConfigFile(); - NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_RESTART); + if (!MultiVpnHelper::GetInstance().StartIpsec()) { + state_ = IpsecVpnStateCode::STATE_STARTED; + NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_SWANCTL_LOAD); + }; return NETMANAGER_EXT_SUCCESS; } @@ -76,10 +92,7 @@ int32_t IpsecVpnCtl::InitConfigFile() return NETMANAGER_EXT_ERR_INTERNAL; } if (!ipsecVpnConfig_->strongswanConf_.empty()) { - std::string strongswanCfg = Base64::Decode(ipsecVpnConfig_->strongswanConf_); - if (!strongswanCfg.empty()) { - CommonUtils::WriteFile(SWAN_CONFIG_FILE, strongswanCfg); - } + CommonUtils::WriteFile(SWAN_CONFIG_FILE, ipsecVpnConfig_->strongswanConf_); } return NETMANAGER_EXT_SUCCESS; } @@ -88,7 +101,6 @@ void IpsecVpnCtl::CleanTempFiles() { DeleteTempFile(SWAN_CONFIG_FILE); DeleteTempFile(L2TP_CFG); - DeleteTempFile(L2TP_IPSEC_CFG); } void IpsecVpnCtl::DeleteTempFile(const std::string &fileName) @@ -100,6 +112,51 @@ void IpsecVpnCtl::DeleteTempFile(const std::string &fileName) } } +int32_t IpsecVpnCtl::SetUpVpnTun() +{ + if (multiVpnInfo_ != nullptr) { + NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_SET_VPN_CALL_MODE, + multiVpnInfo_->isVpnExtCall ? "0" : "1"); + } + int result = NetVpnImpl::SetUp(); + if (result != NETMANAGER_EXT_SUCCESS) { + NETMGR_EXT_LOG_W("ipsec SetUp failed"); + StopSysVpn(); + } + NETMGR_EXT_LOG_I("ipsec SetUp %{public}d", result); + return result; +} + +int32_t IpsecVpnCtl::UpdateConfig(const std::string &msg) +{ + if (msg.empty()) { + NETMGR_EXT_LOG_E("msg is empty"); + return NETMANAGER_EXT_ERR_PARAMETER_ERROR; + } + const char *ret = strstr(msg.c_str(), "{"); + if (ret == nullptr) { + NETMGR_EXT_LOG_E("client rootJson format error"); + return NETMANAGER_EXT_ERR_PARAMETER_ERROR; + } + cJSON* rootJson = cJSON_Parse(ret); + if (rootJson == nullptr) { + NETMGR_EXT_LOG_E("not json string"); + return NETMANAGER_EXT_ERR_PARAMETER_ERROR; + } + + cJSON* jConfig = cJSON_GetObjectItem(rootJson, IPSEC_NODE_UPDATE_CONFIG); + if (!cJSON_IsObject(jConfig)) { + cJSON_Delete(rootJson); + NETMGR_EXT_LOG_E("jConfig format error"); + return NETMANAGER_EXT_ERR_PARAMETER_ERROR; + } + ProcessUpdateConfig(jConfig); + + cJSON_Delete(rootJson); + return NETMANAGER_EXT_SUCCESS; +} + + int32_t IpsecVpnCtl::NotifyConnectStage(const std::string &stage, const int32_t &result) { if (stage.empty()) { @@ -113,26 +170,22 @@ int32_t IpsecVpnCtl::NotifyConnectStage(const std::string &stage, const int32_t switch (state_) { case IpsecVpnStateCode::STATE_INIT: if (stage.compare(IPSEC_START_TAG) == 0) { - // 1. start strongswan - NETMGR_EXT_LOG_I("ipsec vpn setup step 1: start strongswan"); - state_ = IpsecVpnStateCode::STATE_STARTED; - NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_SWANCTL_LOAD); + ProcessSwanctlLoad(); } break; case IpsecVpnStateCode::STATE_STARTED: if (stage.compare(SWANCTL_START_TAG) == 0) { - // 2. start connect - NETMGR_EXT_LOG_I("ipsec vpn setup step 2: start connect"); - state_ = IpsecVpnStateCode::STATE_CONFIGED; - NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_UP_HOME); + ProcessIpsecUp(); } break; case IpsecVpnStateCode::STATE_CONFIGED: if (stage.compare(IPSEC_CONNECT_TAG) == 0) { - // 3. is connected - NETMGR_EXT_LOG_I("ipsec vpn setup step 3: is connected"); - state_ = IpsecVpnStateCode::STATE_CONNECTED; - NotifyConnectState(VpnConnectState::VPN_CONNECTED); + HandleConnected(); + } + if (stage.find(IPSEC_NODE_UPDATE_CONFIG) != std::string::npos) { + if (HandleUpdateConfig(stage) != NETMANAGER_EXT_SUCCESS) { + return NETMANAGER_EXT_ERR_INTERNAL; + } } break; default: @@ -159,7 +212,7 @@ int32_t IpsecVpnCtl::GetSysVpnCertUri(const int32_t certType, std::string &certU certUri = ipsecVpnConfig_->ipsecPublicServerCertConf_; break; case IpsecVpnCertType::SWAN_CTL_CONF: - certUri = Base64::Decode(ipsecVpnConfig_->swanctlConf_); + certUri = ipsecVpnConfig_->swanctlConf_; break; default: NETMGR_EXT_LOG_E("invalid certType: %{public}d", certType); @@ -181,5 +234,94 @@ bool IpsecVpnCtl::IsInternalVpn() { return true; } + +void IpsecVpnCtl::ProcessUpdateConfig(cJSON* jConfig) +{ + if (vpnConfig_ == nullptr) { + NETMGR_EXT_LOG_E("UpdateConfig vpnConfig_ is null"); + return; + } + cJSON *mtu = cJSON_GetObjectItem(jConfig, IPSEC_NODE_MTU); + if (mtu != nullptr && cJSON_IsNumber(mtu)) { + int32_t ipsecVpnMtu = static_cast(cJSON_GetNumberValue(mtu)); + vpnConfig_->mtu_ = ipsecVpnMtu; + NETMGR_EXT_LOG_I("UpdateConfig mtu %{public}d", ipsecVpnMtu); + } + + INetAddr iNetAddr; + INetAddr destination; + INetAddr gateway; + cJSON *address = cJSON_GetObjectItem(jConfig, IPSEC_NODE_ADDRESS); + if (address != nullptr && cJSON_IsString(address)) { + std::string ipsecVpnAddress = cJSON_GetStringValue(address); + iNetAddr.address_ = ipsecVpnAddress; + gateway.address_ = ipsecVpnAddress; + destination.address_ = ipsecVpnAddress; + } + + cJSON *netmask = cJSON_GetObjectItem(jConfig, IPSEC_NODE_NETMASK); + if (netmask != nullptr && cJSON_IsString(netmask)) { + std::string ipsecVpnNetmask = cJSON_GetStringValue(netmask); + iNetAddr.netMask_ = ipsecVpnNetmask; + destination.prefixlen_ = CommonUtils::GetMaskLength(ipsecVpnNetmask); + } + + cJSON *phyIfNameObj = cJSON_GetObjectItem(jConfig, IPSEC_NODE_PHY_NAME); + if (phyIfNameObj != nullptr && cJSON_IsString(phyIfNameObj)) { + std::string phyIfName = cJSON_GetStringValue(phyIfNameObj); + NETMGR_EXT_LOG_I("phyIfName:%{public}s", phyIfName.c_str()); + NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_SET_XFRM_PHY_IFNAME, phyIfName); + } + + cJSON *dstIpObj = cJSON_GetObjectItem(jConfig, IPSEC_NODE_REMOTE_IP); + if (dstIpObj != nullptr && cJSON_IsString(dstIpObj)) { + std::string remoteIp = cJSON_GetStringValue(dstIpObj); + NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_SET_VPN_REMOTE_ADDRESS, remoteIp); + } + vpnConfig_->addresses_.emplace_back(iNetAddr); +} + +void IpsecVpnCtl::ProcessSwanctlLoad() +{ + // 1. start strongswan + NETMGR_EXT_LOG_I("ipsec vpn setup step 1: start strongswan"); + state_ = IpsecVpnStateCode::STATE_STARTED; + NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_SWANCTL_LOAD); +} + +void IpsecVpnCtl::ProcessIpsecUp() +{ + // 2. start connect + NETMGR_EXT_LOG_I("ipsec vpn setup step 2: start connect"); + state_ = IpsecVpnStateCode::STATE_CONFIGED; + if (multiVpnInfo_ != nullptr) { + NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_UP_HOME, + std::string(IPSEC_CONNECT_NAME) + std::to_string(multiVpnInfo_->ifNameId)); + } else { + NetsysController::GetInstance().ProcessVpnStage( + SysVpnStageCode::VPN_STAGE_UP_HOME, std::string(IPSEC_CONNECT_NAME)); + } +} + +void IpsecVpnCtl::HandleConnected() +{ + // 3. is connected + NETMGR_EXT_LOG_I("ipsec vpn setup step 3: is connected"); + state_ = IpsecVpnStateCode::STATE_CONNECTED; + NotifyConnectState(VpnConnectState::VPN_CONNECTED); +} + +int32_t IpsecVpnCtl::HandleUpdateConfig(const std::string &config) +{ + if (UpdateConfig(config) != NETMANAGER_EXT_SUCCESS) { + NETMGR_EXT_LOG_I("ipsec vpn config update failed"); + return NETMANAGER_EXT_ERR_INTERNAL; + } + if (SetUpVpnTun() != NETMANAGER_EXT_SUCCESS) { + NETMGR_EXT_LOG_I("set up l2tp vpn failed"); + return NETMANAGER_EXT_ERR_INTERNAL; + } + return NETMANAGER_EXT_SUCCESS; +} } // namespace NetManagerStandard } // namespace OHOS \ No newline at end of file diff --git a/services/vpnmanager/src/l2tp_vpn_ctl.cpp b/services/vpnmanager/src/l2tp_vpn_ctl.cpp index be703d8c..d63df0b1 100644 --- a/services/vpnmanager/src/l2tp_vpn_ctl.cpp +++ b/services/vpnmanager/src/l2tp_vpn_ctl.cpp @@ -17,7 +17,6 @@ #include -#include "base64_utils.h" #include "netmgr_ext_log_wrapper.h" #include "netmanager_base_common_utils.h" #include "net_manager_ext_constants.h" @@ -33,12 +32,20 @@ int32_t L2tpVpnCtl::StopSysVpn() { NETMGR_EXT_LOG_I("stop l2tp vpn"); state_ = IpsecVpnStateCode::STATE_DISCONNECTED; - if (l2tpVpnConfig_->vpnType_ == VpnType::L2TP) { - NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_STOP); - } else { - NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_DOWN_HOME); - NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_STOP); + std::string connectName = L2TP_CONNECT_NAME; + std::string ipsecName = IPSEC_CONNECT_NAME; + if (multiVpnInfo_ != nullptr) { + int32_t id = multiVpnInfo_->ifNameId; + connectName = connectName + std::to_string(id); + ipsecName = ipsecName + std::to_string(id); } + if (l2tpVpnConfig_ != nullptr && l2tpVpnConfig_->vpnType_ != VpnType::L2TP) { + NetsysController::GetInstance().ProcessVpnStage( + SysVpnStageCode::VPN_STAGE_DOWN_HOME, ipsecName); + MultiVpnHelper::GetInstance().StopIpsec(); + } + NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_L2TP_STOP, connectName); + MultiVpnHelper::GetInstance().StopL2tp(); NotifyConnectState(VpnConnectState::VPN_DISCONNECTED); return NETMANAGER_EXT_SUCCESS; } @@ -48,11 +55,20 @@ int32_t L2tpVpnCtl::StartSysVpn() NETMGR_EXT_LOG_I("start l2tp vpn"); state_ = IpsecVpnStateCode::STATE_INIT; InitConfigFile(); + if (multiVpnInfo_ != nullptr) { + NetsysController::GetInstance().ProcessVpnStage( + SysVpnStageCode::VPN_STAGE_CREATE_PPP_FD, multiVpnInfo_->ifName); + } if (l2tpVpnConfig_->vpnType_ == VpnType::L2TP) { - state_ = IpsecVpnStateCode::STATE_STARTED; - NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_L2TP_LOAD); + state_ = IpsecVpnStateCode::STATE_CONFIGED; + if (!MultiVpnHelper::GetInstance().StartL2tp()) { + AddConfigToL2tpdConf(); + } } else { - NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_RESTART); + if (!MultiVpnHelper::GetInstance().StartIpsec()) { + state_ = IpsecVpnStateCode::STATE_STARTED; + NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_SWANCTL_LOAD); + } } return NETMANAGER_EXT_SUCCESS; } @@ -65,22 +81,10 @@ int32_t L2tpVpnCtl::InitConfigFile() return NETMANAGER_EXT_ERR_INTERNAL; } if (!l2tpVpnConfig_->strongswanConf_.empty()) { - std::string strongswanCfg = Base64::Decode(l2tpVpnConfig_->strongswanConf_); - if (!strongswanCfg.empty()) { - CommonUtils::WriteFile(SWAN_CONFIG_FILE, strongswanCfg); - } + CommonUtils::WriteFile(SWAN_CONFIG_FILE, l2tpVpnConfig_->strongswanConf_); } if (!l2tpVpnConfig_->xl2tpdConf_.empty()) { - std::string xl2tpdConf = Base64::Decode(l2tpVpnConfig_->xl2tpdConf_); - if (!xl2tpdConf.empty()) { - CommonUtils::WriteFile(L2TP_CFG, xl2tpdConf); - } - } - if (!l2tpVpnConfig_->ipsecConf_.empty()) { - std::string ipsecConf = Base64::Decode(l2tpVpnConfig_->ipsecConf_); - if (!ipsecConf.empty()) { - CommonUtils::WriteFile(L2TP_IPSEC_CFG, ipsecConf); - } + CommonUtils::WriteFile(L2TP_CFG, l2tpVpnConfig_->xl2tpdConf_); } return NETMANAGER_EXT_SUCCESS; } @@ -95,42 +99,38 @@ int32_t L2tpVpnCtl::NotifyConnectStage(const std::string &stage, const int32_t & NETMGR_EXT_LOG_E("l2tpVpn stage: %{public}s failed, result: %{public}d", stage.c_str(), result); return NETMANAGER_EXT_ERR_INTERNAL; } + switch (state_) { case IpsecVpnStateCode::STATE_INIT: if (stage.compare(IPSEC_START_TAG) == 0) { - // 1. start l2tp - NETMGR_EXT_LOG_I("l2tp vpn setup step 1: start l2tp"); - state_ = IpsecVpnStateCode::STATE_STARTED; - NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_L2TP_LOAD); + HandleIpdecStarted(); } break; case IpsecVpnStateCode::STATE_STARTED: - if (stage.compare(L2TP_IPSEC_CONFIGURED_TAG) == 0) { - // 2. start connect - NETMGR_EXT_LOG_I("l2tp vpn setup step 2: start connect"); - if (l2tpVpnConfig_->vpnType_ == VpnType::L2TP) { - state_ = IpsecVpnStateCode::STATE_CONTROLLED; - NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_L2TP_CTL); - } else { - state_ = IpsecVpnStateCode::STATE_CONFIGED; - NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_UP_HOME); - } + if (stage.compare(SWANCTL_START_TAG) == 0) { + HandleSwanCtlLoaded(); } break; case IpsecVpnStateCode::STATE_CONFIGED: + if (stage.compare(L2TP_IPSEC_CONFIGURED_TAG) == 0) { + HandleL2tpConfiged(); + } + break; + case IpsecVpnStateCode::STATE_L2TP_STARTED: if (stage.compare(IPSEC_CONNECT_TAG) == 0) { - // 3. set stage IPSEC_L2TP_CTL - NETMGR_EXT_LOG_I("l2tp vpn setup step 3: set stage IPSEC_L2TP_CTL"); - state_ = IpsecVpnStateCode::STATE_CONTROLLED; - NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_L2TP_CTL); + HandleL2tpdCtl(); } break; case IpsecVpnStateCode::STATE_CONTROLLED: if (stage.compare(L2TP_IPSEC_CONNECTED_TAG) == 0) { - // 4. is connected - NETMGR_EXT_LOG_I("l2tp vpn setup step 4: is connected"); - state_ = IpsecVpnStateCode::STATE_CONNECTED; - NotifyConnectState(VpnConnectState::VPN_CONNECTED); + HandleL2tpConnected(); + } + break; + case IpsecVpnStateCode::STATE_CONNECTED: + if (stage.find(IPSEC_NODE_UPDATE_CONFIG) != std::string::npos) { + if (ProcessUpdateConfig(stage) != NETMANAGER_EXT_SUCCESS) { + return NETMANAGER_EXT_ERR_INTERNAL; + } } break; default: @@ -157,10 +157,13 @@ int32_t L2tpVpnCtl::GetSysVpnCertUri(const int32_t certType, std::string &certUr certUri = l2tpVpnConfig_->ipsecPublicServerCertConf_; break; case IpsecVpnCertType::OPTIONS_L2TP_CLIENT_CONF: - certUri = Base64::Decode(l2tpVpnConfig_->optionsL2tpdClient_); + certUri = l2tpVpnConfig_->optionsL2tpdClient_; break; case IpsecVpnCertType::L2TP_IPSEC_SECRETS_CONF: - certUri = Base64::Decode(l2tpVpnConfig_->ipsecSecrets_); + certUri = l2tpVpnConfig_->ipsecSecrets_; + break; + case IpsecVpnCertType::SWAN_CTL_CONF: + certUri = l2tpVpnConfig_->ipsecConf_; break; default: NETMGR_EXT_LOG_E("invalid certType: %{public}d", certType); @@ -177,5 +180,108 @@ int32_t L2tpVpnCtl::GetConnectedSysVpnConfig(sptr &sysVpnConfig) } return NETMANAGER_EXT_SUCCESS; } + +std::string L2tpVpnCtl::GetXl2tpdConfig() +{ + std::string templateContent = SINGLE_XL2TP_TEMPCONFIG; + if (l2tpVpnConfig_ != nullptr && multiVpnInfo_ != nullptr && !l2tpVpnConfig_->addresses_.empty()) { + std::map params; + params[VPN_NAME_KEY] = std::string(VPN_NAME_KEY) + std::to_string(multiVpnInfo_->ifNameId); + params[VPN_ADDRESS_KEY] = l2tpVpnConfig_->addresses_[0].address_; + params[VPN_CLIENT_CONFIG_NAME_KEY] = std::string(VPN_CLIENT_CONFIG_NAME_KEY) + + "-" + std::to_string(multiVpnInfo_->ifNameId); + size_t pos = 0; + for (const auto& [key, value] : params) { + if (value.empty()) { + continue; + } + size_t pos = 0; + while ((pos = templateContent.find(key, pos)) != std::string::npos) { + templateContent.replace(pos, key.length(), value); + break; + } + } + } + templateContent = "\"" + templateContent + "\""; + return templateContent; +} + +void L2tpVpnCtl::AddConfigToL2tpdConf() +{ + std::string tempConfig = GetXl2tpdConfig(); + NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_SET_L2TP_CONF, tempConfig); +} + +void L2tpVpnCtl::HandleIpdecStarted() +{ + NETMGR_EXT_LOG_I("1:ipsec started, process load swanctl config"); + state_ = IpsecVpnStateCode::STATE_STARTED; + NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_SWANCTL_LOAD); +} + +void L2tpVpnCtl::HandleSwanCtlLoaded() +{ + NETMGR_EXT_LOG_I("2:swanctl loaded, process start l2tp or add l2tp config"); + state_ = IpsecVpnStateCode::STATE_CONFIGED; + if (!MultiVpnHelper::GetInstance().StartL2tp()) { + AddConfigToL2tpdConf(); + } +} + +void L2tpVpnCtl::HandleL2tpConfiged() +{ + NETMGR_EXT_LOG_I("3:l2tpd started orconfiged, process ipsec up"); + if (l2tpVpnConfig_->vpnType_ == VpnType::L2TP) { + state_ = IpsecVpnStateCode::STATE_CONTROLLED; + if (multiVpnInfo_ != nullptr) { + NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_L2TP_CTL, + std::string(L2TP_CONNECT_NAME) + std::to_string(multiVpnInfo_->ifNameId)); + } else { + NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_L2TP_CTL); + } + } else { + state_ = IpsecVpnStateCode::STATE_L2TP_STARTED; + if (multiVpnInfo_ != nullptr) { + NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_UP_HOME, + std::string(IPSEC_CONNECT_NAME) + std::to_string(multiVpnInfo_->ifNameId)); + } else { + NetsysController::GetInstance().ProcessVpnStage( + SysVpnStageCode::VPN_STAGE_UP_HOME, std::string(IPSEC_CONNECT_NAME)); + } + } +} + +void L2tpVpnCtl::HandleL2tpdCtl() +{ + NETMGR_EXT_LOG_I("4:set stage IPSEC_L2TP_CTL, process ehco c"); + state_ = IpsecVpnStateCode::STATE_CONTROLLED; + if (multiVpnInfo_ != nullptr) { + NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_L2TP_CTL, + std::string(L2TP_CONNECT_NAME) + std::to_string(multiVpnInfo_->ifNameId)); + } else { + NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_L2TP_CTL); + } +} + +void L2tpVpnCtl::HandleL2tpConnected() +{ + NETMGR_EXT_LOG_I("5:l2tp vpn is connected"); + state_ = IpsecVpnStateCode::STATE_CONNECTED; + NotifyConnectState(VpnConnectState::VPN_CONNECTED); +} + +int32_t L2tpVpnCtl::ProcessUpdateConfig(const std::string &config) +{ + NETMGR_EXT_LOG_I("6:l2tp vpn config update"); + if (UpdateConfig(config) != NETMANAGER_EXT_SUCCESS) { + NETMGR_EXT_LOG_I("l2tp vpn config update failed"); + return NETMANAGER_EXT_ERR_INTERNAL; + } + if (SetUpVpnTun() != NETMANAGER_EXT_SUCCESS) { + NETMGR_EXT_LOG_I("set up l2tp vpn failed"); + return NETMANAGER_EXT_ERR_INTERNAL; + } + return NETMANAGER_EXT_SUCCESS; +} } // namespace NetManagerStandard } // namespace OHOS diff --git a/services/vpnmanager/src/multi_vpn_helper.cpp b/services/vpnmanager/src/multi_vpn_helper.cpp index 3b659b1c..b2417ca4 100644 --- a/services/vpnmanager/src/multi_vpn_helper.cpp +++ b/services/vpnmanager/src/multi_vpn_helper.cpp @@ -64,20 +64,15 @@ int32_t MultiVpnHelper::GetNewIfNameId() return newId; } -int32_t MultiVpnHelper::CreateMultiVpnInfo(const sptr &vpnConfig, - sptr &info, std::string &bundleName, int32_t userId, bool isVpnExtCall) +int32_t MultiVpnHelper::CreateMultiVpnInfo(const std::string &vpnId, int32_t vpnType, sptr &info) { - if (vpnConfig == nullptr) { - NETMGR_EXT_LOG_E("CreateMultiVpnInfo failed, config is null"); - return NETMANAGER_EXT_ERR_INTERNAL; - } if (multiVpnInfos_.size() >= MAX_VPN_INTERFACE_COUNT) { NETMGR_EXT_LOG_E("CreateMultiVpnInfo failed, MAX_VPN_INTERFACE_COUNT"); return NETMANAGER_EXT_ERR_INTERNAL; } int32_t ifNameId = GetNewIfNameId(); - std::string newIfName = ""; - switch (vpnConfig->vpnType_) { + std::string newIfName; + switch (vpnType) { case VpnType::IKEV2_IPSEC_MSCHAPv2: case VpnType::IKEV2_IPSEC_PSK: case VpnType::IKEV2_IPSEC_RSA: @@ -95,22 +90,18 @@ int32_t MultiVpnHelper::CreateMultiVpnInfo(const sptr &vpnConfig, newIfName = PPP_CARD_NAME + std::to_string(ifNameId); break; default: - NETMGR_EXT_LOG_E("CreateMultiVpnInfo failed, invalid type=%{public}d", vpnConfig->vpnType_); - return NETMANAGER_EXT_ERR_INTERNAL; + NETMGR_EXT_LOG_I("other vpnType=%{public}d", vpnType); + break; } info = new (std::nothrow) MultiVpnInfo(); if (info == nullptr) { NETMGR_EXT_LOG_E("CreateMultiVpnInfo failed, info is null"); return NETMANAGER_EXT_ERR_INTERNAL; } - info->vpnId = vpnConfig->vpnId_; + info->vpnId = vpnId; info->ifNameId = ifNameId; info->ifName = newIfName; info->callingUid = static_cast(IPCSkeleton::GetCallingUid()); - info->isConnecting = true; - info->isVpnExtCall = isVpnExtCall; - info->bundleName = bundleName; - info->userId = userId; NETMGR_EXT_LOG_I("CreateMultiVpnInfo %{public}s", newIfName.c_str()); return NETMANAGER_EXT_SUCCESS; } @@ -222,15 +213,5 @@ bool MultiVpnHelper::IsOpenvpnConnectedStage(const std::string &msg) } return openvpnConnected; } - -bool MultiVpnHelper::IsAnyVpnConnecting() -{ - for (const auto &info : multiVpnInfos_) { - if (info->isConnecting) { - return true; - } - } - return false; -} } // namespace NetManagerStandard } // namespace OHOS diff --git a/services/vpnmanager/src/net_vpn_impl.cpp b/services/vpnmanager/src/net_vpn_impl.cpp index 40594cdb..ee15f13d 100644 --- a/services/vpnmanager/src/net_vpn_impl.cpp +++ b/services/vpnmanager/src/net_vpn_impl.cpp @@ -82,6 +82,9 @@ void NetVpnImpl::NotifyConnectState(const VpnConnectState &state) NETMGR_EXT_LOG_E("NotifyConnectState connect callback is null."); return; } +#ifdef SUPPORT_SYSVPN + connChangedCb_->OnMultiVpnConnStateChanged(state, multiVpnInfo_->vpnId); +#endif // SUPPORT_SYSVPN connChangedCb_->OnVpnConnStateChanged(state); } @@ -131,6 +134,7 @@ int32_t NetVpnImpl::SetUp() return NETMANAGER_EXT_ERR_INTERNAL; } #ifdef SUPPORT_SYSVPN + ProcessUpRules(true); if (!IsSystemVpn()) { NotifyConnectState(VpnConnectState::VPN_CONNECTED); } @@ -174,6 +178,9 @@ int32_t NetVpnImpl::ResumeUids() int32_t NetVpnImpl::Destroy() { +#ifdef SUPPORT_SYSVPN + ProcessUpRules(false); +#endif // SUPPORT_SYSVPN VpnEventType legacy = IsInternalVpn() ? VpnEventType::TYPE_LEGACY : VpnEventType::TYPE_EXTENDED; if (NetsysController::GetInstance().NetworkDelUids(netId_, beginUids_, endUids_)) { NETMGR_EXT_LOG_W("vpn remove whitelist rule error"); @@ -211,10 +218,26 @@ int32_t NetVpnImpl::GetSysVpnCertUri(const int32_t certType, std::string &certUr { return NETMANAGER_EXT_SUCCESS; } + bool NetVpnImpl::IsSystemVpn() { return false; } + +void NetVpnImpl::ProcessUpRules(bool isUp) +{ + if (vpnConfig_ != nullptr && !vpnConfig_->addresses_.empty()) { + std::vector extMessages; + if (multiVpnInfo_ != nullptr && multiVpnInfo_->isVpnExtCall) { + INetAddr netAddr = vpnConfig_->addresses_.back(); + extMessages.emplace_back(netAddr.address_); + } else { + INetAddr netAddr = vpnConfig_->addresses_.front(); + extMessages.emplace_back(netAddr.address_); + } + NetsysController::GetInstance().UpdateVpnRules(netId_, extMessages, isUp); + } +} #endif // SUPPORT_SYSVPN bool NetVpnImpl::RegisterNetSupplier(NetConnClient &netConnClientIns) @@ -441,6 +464,14 @@ int32_t NetVpnImpl::GenerateUidRanges(int32_t userId, std::vector &begi if (userId == AppExecFwk::Constants::INVALID_USERID) { userId = AppExecFwk::Constants::START_USERID; } +#ifdef SUPPORT_SYSVPN + if (multiVpnInfo_ != nullptr && multiVpnInfo_->isVpnExtCall) { + if (vpnConfig_->acceptedApplications_.size() == 0) { + NETMGR_EXT_LOG_W("GenerateUidRangesMark is vpn ext call, but not accept uid ranges"); + return NETMANAGER_EXT_SUCCESS; + } + } +#endif // SUPPORT_SYSVPN if (vpnConfig_->acceptedApplications_.size()) { std::set uids = GetAppsUids(userId, vpnConfig_->acceptedApplications_); GenerateUidRangesByAcceptedApps(uids, beginUids, endUids); diff --git a/services/vpnmanager/src/networkvpn_service.cpp b/services/vpnmanager/src/networkvpn_service.cpp index 9eb9f305..2dec252e 100644 --- a/services/vpnmanager/src/networkvpn_service.cpp +++ b/services/vpnmanager/src/networkvpn_service.cpp @@ -243,10 +243,11 @@ void NetworkVpnService::VpnConnStateCb::OnVpnConnStateChanged(const VpnConnectSt vpnService_.networkVpnServiceFfrtQueue_->wait(OnVpnConnStateTask); } -#ifdef SUPPORT_SYSVPN + void NetworkVpnService::VpnConnStateCb::OnMultiVpnConnStateChanged(const VpnConnectState &state, const std::string &vpnId) { +#ifdef SUPPORT_SYSVPN NETMGR_EXT_LOG_I("receive new vpn connect state[%{public}d].", static_cast(state)); vpnService_.PublishVpnConnectionStateEvent(state); if (!vpnService_.networkVpnServiceFfrtQueue_) { @@ -272,8 +273,9 @@ void NetworkVpnService::VpnConnStateCb::OnMultiVpnConnStateChanged(const VpnConn vpnService_.networkVpnServiceFfrtQueue_->submit_h(OnVpnConnStateChangedFunction, ffrt::task_attr().name("OnVpnConnStateChanged")); vpnService_.networkVpnServiceFfrtQueue_->wait(OnVpnConnStateTask); -} #endif // SUPPORT_SYSVPN +} + void NetworkVpnService::OnVpnMultiUserSetUp() { @@ -870,46 +872,78 @@ int32_t NetworkVpnService::DestroyMultiVpn(const std::shared_ptr &vp return NETMANAGER_EXT_SUCCESS; } +bool NetworkVpnService::IsSetUpReady(std::string &vpnId, std::string &vpnBundleName, + int32_t &userId, std::vector &activeUserIds) +{ + vpnBundleName = GetBundleName(); + if (!CheckSystemCall(vpnBundleName)) { + NETMGR_EXT_LOG_W("forbit setup, CheckSystemCall"); + return false; + } + if (!CheckVpnPermission(vpnBundleName)) { + NETMGR_EXT_LOG_W("forbit setup, CheckVpnPermission"); + return false; + } + if (CheckCurrentAccountType(userId, activeUserIds) != NETMANAGER_EXT_SUCCESS) { + NETMGR_EXT_LOG_W("forbit setup, CheckCurrentAccountType"); + return false; + } + if (vpnObjMap_.find(vpnId) != vpnObjMap_.end()) { + NETMGR_EXT_LOG_W("forbit setup, repeated vpn:%{public}s", vpnId.c_str()); + return false; + } + if (vpnObj_ != nullptr && vpnObj_->multiVpnInfo_ != nullptr && !vpnObj_->multiVpnInfo_->isVpnExtCall + && vpnObj_->multiVpnInfo_->vpnConnectState != VpnConnectState::VPN_DISCONNECTED) { + NETMGR_EXT_LOG_W("forbit setup, exist system vpn"); + return false; + } + return true; +} + int32_t NetworkVpnService::SetUpSysVpn(const sptr &config, bool isVpnExtCall) { if (config == nullptr) { NETMGR_EXT_LOG_E("config is null."); return NETMANAGER_EXT_ERR_PARAMETER_ERROR; } - std::string vpnBundleName = GetBundleName(); - if (!CheckVpnPermission(vpnBundleName)) { - NETMGR_EXT_LOG_E("permission is error."); - return NETMANAGER_EXT_ERR_PERMISSION_DENIED; - } + std::unique_lock locker(netVpnMutex_); + std::string vpnBundleName; int32_t userId = AppExecFwk::Constants::UNSPECIFIED_USERID; std::vector activeUserIds; - int32_t ret = CheckCurrentAccountType(userId, activeUserIds); - if (ret != NETMANAGER_EXT_SUCCESS) { - NETMGR_EXT_LOG_E("CheckCurrentAccountType failed"); - return ret; - } - std::unique_lock locker(netVpnMutex_); - if (vpnObj_ != nullptr) { - if (vpnObj_->GetUserId() == userId) { - NETMGR_EXT_LOG_W("vpn exist already, please execute destory first"); - } else { - NETMGR_EXT_LOG_W("vpn using by other user"); - } - return NETWORKVPN_ERROR_VPN_EXIST; + if (!IsSetUpReady(config->vpnId_, vpnBundleName, userId, activeUserIds)) { + NETMGR_EXT_LOG_W("SetUpVpn failed, not ready"); + return NETMANAGER_EXT_ERR_INTERNAL; } - vpnObj_ = CreateSysVpnCtl(config, userId, activeUserIds, isVpnExtCall); + std::shared_ptr vpnObj = CreateSysVpnCtl(config, userId, activeUserIds, isVpnExtCall); if (!vpnConnCallback_) { vpnConnCallback_ = std::make_shared(*this); } - if (vpnObj_ == nullptr || vpnObj_->RegisterConnectStateChangedCb(vpnConnCallback_) != NETMANAGER_EXT_SUCCESS) { + if (vpnObj == nullptr || vpnObj->RegisterConnectStateChangedCb(vpnConnCallback_) != NETMANAGER_EXT_SUCCESS) { NETMGR_EXT_LOG_E("SetUpSysVpn register internal callback failed"); return NETMANAGER_EXT_ERR_INTERNAL; } + if (MultiVpnHelper::GetInstance().CreateMultiVpnInfo( + config->vpnId_, config->vpnType_, vpnObj->multiVpnInfo_) != NETMANAGER_EXT_SUCCESS) { + NETMGR_EXT_LOG_E("CreateMultiVpnInfo failed"); + return NETMANAGER_EXT_ERR_INTERNAL; + } + vpnObj->multiVpnInfo_->isVpnExtCall = isVpnExtCall; + vpnObj->multiVpnInfo_->bundleName = vpnBundleName; + vpnObj->multiVpnInfo_->userId = userId; + if (config->vpnType_ != VpnType::OPENVPN) { + VpnTemplateProcessor vpnTemplateProcessor; + if (vpnTemplateProcessor.BuildConfig(vpnObj, vpnObjMap_) != NETMANAGER_EXT_SUCCESS) { + NETMGR_EXT_LOG_E("vpnTemplateProcessor BuildConfig failed"); + return NETMANAGER_EXT_ERR_INTERNAL; + } + } NETMGR_EXT_LOG_I("SystemVpn SetUp"); - ret = vpnObj_->SetUp(); - if (ret == NETMANAGER_EXT_SUCCESS) { + int32_t ret = vpnObj->SetUp(); + if (ret == NETMANAGER_EXT_SUCCESS && !isVpnExtCall) { hasOpenedVpnUid_ = IPCSkeleton::GetCallingUid(); + vpnObj_ = vpnObj; } + connectingObj_ = vpnObj; return ret; } @@ -979,12 +1013,6 @@ std::shared_ptr NetworkVpnService::CreateL2tpCtl(const sptr sysVpnCtl = std::make_shared(l2tpVpnConfig, "", userId, activeUserIds); if (sysVpnCtl != nullptr) { sysVpnCtl->l2tpVpnConfig_ = l2tpVpnConfig; @@ -1055,12 +1083,6 @@ std::shared_ptr NetworkVpnService::CreateIpsecVpnCtl(const sptr sysVpnCtl = std::make_shared(ipsecVpnConfig, "", userId, activeUserIds); if (sysVpnCtl != nullptr) { sysVpnCtl->ipsecVpnConfig_ = ipsecVpnConfig; @@ -1232,11 +1254,15 @@ int32_t NetworkVpnService::NotifyConnectStage(const std::string &stage, const in } std::unique_lock locker(netVpnMutex_); - if (vpnObj_ == nullptr) { - NETMGR_EXT_LOG_E("NotifyConnectStage failed, vpnObj_ is null"); + if (connectingObj_ == nullptr || connectingObj_->multiVpnInfo_ == nullptr) { + NETMGR_EXT_LOG_E("NotifyConnectStage failed, connectingObj_ is null"); return NETMANAGER_EXT_ERR_INTERNAL; } - return vpnObj_->NotifyConnectStage(stage, result); + if (connectingObj_->multiVpnInfo_->isVpnExtCall && MultiVpnHelper::GetInstance().IsConnectedStage(stage)) { + MultiVpnHelper::GetInstance().AddMultiVpnInfo(connectingObj_->multiVpnInfo_); + vpnObjMap_.insert({connectingObj_->multiVpnInfo_->vpnId, connectingObj_}); + } + return connectingObj_->NotifyConnectStage(stage, result); } int32_t NetworkVpnService::GetSysVpnCertUri(const int32_t certType, std::string &certUri) @@ -1247,11 +1273,12 @@ int32_t NetworkVpnService::GetSysVpnCertUri(const int32_t certType, std::string return NETMANAGER_EXT_ERR_NOT_SYSTEM_CALL; } std::unique_lock locker(netVpnMutex_); - if (vpnObj_ == nullptr) { - NETMGR_EXT_LOG_E("GetSysVpnCertUri failed, vpnObj_ is null"); + + if (connectingObj_ == nullptr) { + NETMGR_EXT_LOG_E("GetSysVpnCertUri failed, connectingObj_ is null"); return NETMANAGER_EXT_ERR_INTERNAL; } - return vpnObj_->GetSysVpnCertUri(certType, certUri); + return connectingObj_->GetSysVpnCertUri(certType, certUri); } int32_t NetworkVpnService::RegisterMultiVpnEvent(const sptr &callback) @@ -1848,6 +1875,9 @@ void NetworkVpnService::VpnHapObserver::OnProcessDied(const AppExecFwk::ProcessD } vpnService_.UnregVpnHpObserver(); vpnService_.ClearCurrentVpnUserInfo(); +#ifdef SUPPORT_SYSVPN + vpnService_.DestroyMultiVpn(processData.uid); +#endif // SUPPORT_SYSVPN } void NetworkVpnService::OnRemoteDied(const wptr &remoteObject) diff --git a/services/vpnmanager/src/open_vpn_ctl.cpp b/services/vpnmanager/src/open_vpn_ctl.cpp index f1eb2395..64feb7d0 100644 --- a/services/vpnmanager/src/open_vpn_ctl.cpp +++ b/services/vpnmanager/src/open_vpn_ctl.cpp @@ -65,6 +65,10 @@ int32_t OpenvpnCtl::NotifyConnectStage(const std::string &stage, const int32_t & int32_t OpenvpnCtl::SetUpVpnTun() { + if (multiVpnInfo_ != nullptr) { + NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_SET_VPN_CALL_MODE, + multiVpnInfo_->isVpnExtCall ? "0" : "1"); + } int result = NetVpnImpl::SetUp(); if (result != NETMANAGER_EXT_SUCCESS) { NETMGR_EXT_LOG_W("openvpn SetUp failed"); @@ -217,6 +221,10 @@ bool OpenvpnCtl::IsSystemVpn() int32_t OpenvpnCtl::Destroy() { StopOpenvpn(); + if (multiVpnInfo_ != nullptr) { + NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_SET_VPN_CALL_MODE, + multiVpnInfo_->isVpnExtCall ? "0" : "1"); + } int result = NetVpnImpl::Destroy(); NETMGR_EXT_LOG_I("openvpn Destroy result %{public}d}", result); return result; diff --git a/services/vpnmanager/src/vpn_template_processor.cpp b/services/vpnmanager/src/vpn_template_processor.cpp index 59400441..c461fa68 100644 --- a/services/vpnmanager/src/vpn_template_processor.cpp +++ b/services/vpnmanager/src/vpn_template_processor.cpp @@ -13,10 +13,10 @@ * limitations under the License. */ #include "vpn_template_processor.h" - -#include "base64_utils.h" #include "net_manager_constants.h" #include "netmgr_ext_log_wrapper.h" +#include "ipsec_vpn_ctl.h" +#include "netmanager_base_common_utils.h" namespace OHOS { namespace NetManagerStandard { @@ -25,196 +25,207 @@ constexpr const char* KEY_VPN_USERNAME = "vpn_username_value"; constexpr const char* KEY_VPN_IPSEC_IDENTIFIER = "vpn_ipsec_identifier_value"; constexpr const char* KEY_VPN_PASSWORD = "vpn_password_value"; constexpr const char* KEY_VPN_IPSEC_SHAREDKEY = "vpn_ipsec_sharedKey_value"; -constexpr const char* IKE2_IPSEC_MSCHAPV2_SWANCTL_TEMPCONFIG = R"( -connections { - home { - remote_addrs = vpn_address_value - vips = 0.0.0.0 - local { - auth = eap-mschapv2 - eap_id = vpn_username_value - } - remote { - auth = pubkey - } - children { - home { - remote_ts=0.0.0.0/0 - esp_proposals = aes128gcm128-x25519 - } - } - version = 2 - proposals = aes128-sha256-x25519 +constexpr const char* KEY_VPN_HOME_ELEMENT = "homeElement"; +constexpr const char* KEY_VPN_HOME = "home"; +constexpr const char* KEY_VPN_MYVPN_NAME = "lac l2tp"; +constexpr const char* KEY_VPN_CLIENT_CONFIG_NAME = "options.l2tpd.client.conf"; +constexpr const char* KEY_VPN_IF_ID_NUM = "if_id_num"; +constexpr const char* KEY_VPN_L2TP_PSK_ID = "l2tp_psk_id"; + +constexpr const char* IKE2_IPSEC_MSCHAPV2_SWANCTL_CONNECTIONS_TEMPCONFIG = R"( + homeElement { + remote_addrs = vpn_address_value + vips = 0.0.0.0 + local { + auth = eap-mschapv2 + eap_id = vpn_username_value } -} -secrets { - eap-carol { - id = ipsec_identifier_value - secret = password_value + remote { + auth = pubkey } - eap-dave { - id = vpn_username_value - secret = vpn_password_value + children { + home { + if_id_in=if_id_num + if_id_out=if_id_num + remote_ts=0.0.0.0/0 + esp_proposals = default + } } -})"; - -constexpr const char* IKE2_IPSEC_PSK_SWANCTL_TEMPCONFIG = R"( -connections { - home { - remote_addrs = vpn_address_value - vips = 0.0.0.0 - local { - auth = psk - } - remote { - auth = psk - id = vpn_ipsec_identifier_value - } - children { - home { - remote_ts=0.0.0.0/0 - esp_proposals = aes128gcm128-x25519 - } - } version = 2 - proposals = aes128-sha256-x25519 + proposals = default + })"; + +constexpr const char* IKE2_IPSEC_PSK_SWANCTL_CONNECTIONS_TEMPCONFIG = R"( + homeElement { + remote_addrs = vpn_address_value + vips = 0.0.0.0 + local { + auth = psk } -} -secrets { - ike-moon { - id = vpn_ipsec_identifier_value - secret = vpn_ipsec_sharedKey_value + remote { + auth = psk + id = vpn_ipsec_identifier_value } -})"; - -constexpr const char* IKE2_IPSEC_RSA_SWANCTL_TEMPCONFIG = R"( -connections { - home { - remote_addrs = vpn_address_value - vips = 0.0.0.0 - local { - auth = pubkey - certs = /data/service/el1/public/vpn/client.cert.pem - id = vpn_ipsec_identifier_value - } - remote { - auth = pubkey - } - children { - home { - remote_ts=0.0.0.0/0 - esp_proposals = aes128gcm128-x25519 - } - } - version = 2 - proposals = aes128-sha256-x25519 + children { + home { + if_id_in=if_id_num + if_id_out=if_id_num + remote_ts=0.0.0.0/0 + esp_proposals = default + } } -})"; + version = 2 + proposals = default + })"; -constexpr const char* IPSEC_HYBRID_RSA_SWANCTL_TEMPCONFIG = R"( -connections { - home { - remote_addrs = vpn_address_value - vips = 0.0.0.0 - local { - auth = xauth - xauth_id = vpn_username_value - } - remote { - auth = pubkey - } - children { - home { - remote_ts=0.0.0.0/0 - esp_proposals = aes256-sha2_384 - } - } - version = 1 - proposals = aes256-sha2_384-modp1024 +constexpr const char* IKE2_IPSEC_RSA_SWANCTL_CONNECTIONS_TEMPCONFIG = R"( + homeElement { + remote_addrs = vpn_address_value + vips = 0.0.0.0 + local { + auth = pubkey + id = vpn_ipsec_identifier_value } -} -secrets { - xauth { - id = vpn_username_value - secret = vpn_password_value + remote { + auth = pubkey } -})"; - -constexpr const char* IPSEC_XAUTH_PSK_SWANCTL_TEMPCONFIG = R"( -connections { - home { - remote_addrs = vpn_address_value - vips = 0.0.0.0 - local { - auth = psk - } - local-xauth { - auth = xauth - xauth_id = vpn_username_value - } - remote { - auth = psk - } - children { - home { - remote_ts=0.0.0.0/0 - esp_proposals = aes256-sha2_384 - } + children { + home { + if_id_in=if_id_num + if_id_out=if_id_num + remote_ts=0.0.0.0/0 + esp_proposals = default } - version = 1 - proposals = aes256-sha2_384-modp1024 - aggressive=yes - } -} -secrets { - ike-moon { - secret = vpn_ipsec_sharedKey_value - } - xauth{ - id = vpn_username_value - secret = vpn_password_value - } -})"; + } + version = 2 + proposals = default + })"; -constexpr const char* IPSEC_XAUTH_RSA_SWANCTL_TEMPCONFIG = R"( -connections { - home { - remote_addrs = vpn_address_value - vips = 0.0.0.0 - local { - auth = pubkey - certs = /data/service/el1/public/vpn/client.cert.pem - id = vpn_username_value - } - local-xauth { - auth = xauth - } - remote { - auth = pubkey +constexpr const char* IPSEC_HYBRID_RSA_SWANCTL_CONNECTIONS_TEMPCONFIG = R"( + homeElement { + remote_addrs = vpn_address_value + vips = 0.0.0.0 + local { + auth = xauth + xauth_id = vpn_username_value + } + remote { + auth = pubkey + } + children { + home { + if_id_in=if_id_num + if_id_out=if_id_num + remote_ts=0.0.0.0/0 + esp_proposals = default } - children { - home { + } + version = 1 + proposals = default + })"; + +constexpr const char* IPSEC_XAUTH_PSK_SWANCTL_CONNECTIONS_TEMPCONFIG = R"( + homeElement { + remote_addrs = vpn_address_value + vips = 0.0.0.0 + local { + id = vpn_ipsec_identifier_value + auth = psk + } + local-xauth { + auth = xauth + xauth_id = vpn_username_value + } + remote { + id = vpn_ipsec_identifier_value + auth = psk + } + children { + home { + if_id_in=if_id_num + if_id_out=if_id_num remote_ts=0.0.0.0/0 - esp_proposals = aes256-sha2_384 - } + esp_proposals = default } - version = 1 - proposals = aes256-sha2_384-modp1024 - } -} -secrets { - xauth-carol { - id = vpn_username_value - secret = vpn_password_value - } -})"; + } + version = 1 + proposals = default + aggressive=yes + })"; + +constexpr const char* L2TP_PSK_SWANCTL_CONNECTIONS_TEMPCONFIG = R"( + homeElement { + remote_addrs = vpn_address_value + local { + id = l2tp_psk_id + auth = psk + } + remote { + id = vpn_ipsec_identifier_value + auth = psk + } + children { + homel2tp { + mode=transport + local_ts = 0.0.0.0/0[udp/1701] + remote_ts = vpn_address_value/32[udp/1701] + esp_proposals = aes256-sha1, aes128-sha1, 3des-sha1 + } + } + version = 1 + proposals = 3des-sha1-modp1024, aes128-sha1-modp1024, aes256-sha1-modp1024 + })"; -constexpr const char* L2TP_IPSEC_XL2TP_TEMPCONFIG = R"( -[lac myVPN] +constexpr const char* L2TP_RSA_SWANCTL_CONNECTIONS_TEMPCONFIG = R"( + homeElement { + remote_addrs = vpn_address_value + local { + auth = psk + } + remote { + auth = psk + } + children { + homel2tp { + mode=transport + local_ts = 0.0.0.0/0[udp/1701] + remote_ts = vpn_address_value/32[udp/1701] + esp_proposals = aes256-sha1, aes128-sha1, 3des-sha1 + } + } + version = 1 + proposals = 3des-sha1-modp1024, aes128-sha1-modp1024, aes256-sha1-modp1024 + })"; + +constexpr const char* IPSEC_XAUTH_RSA_SWANCTL_CONNECTIONS_TEMPCONFIG = R"( + homeElement { + remote_addrs = vpn_address_value + vips = 0.0.0.0 + local { + auth = pubkey + id = vpn_username_value + } + local-xauth { + auth = xauth + } + remote { + auth = pubkey + } + children { + home { + remote_ts=0.0.0.0/0 + esp_proposals = default + } + } + version = 1 + proposals = default + })"; + +constexpr const char* L2TP_IPSEC_XL2TP_TEMPCONFIG = R"([lac l2tp] ; set this to the ip address of your vpn server lns = vpn_address_value ppp debug = yes -pppoptfile = /data/service/el1/public/vpn/options.l2tpd.client.conf +pppoptfile = options.l2tpd.client.conf length bit = yes )"; @@ -225,7 +236,6 @@ refuse-eap require-mschap-v2 noccp noauth -logfile /data/service/el1/public/vpn/xl2tpd.log idle 1800 mtu 1410 mru 1410 @@ -234,195 +244,93 @@ usepeerdns debug connect-delay 5000 name vpn_username_value -password vpn_password_value -)"; - -constexpr const char* L2TP_IPSEC_RSA_IPSEC_TEMPCONFIG = R"( -config setup - uniqueids=no - charondebug="ike 4, knl 3, cfg 4" -conn %default - dpdaction=clear - dpddelay=300s - rekey=no - left=%defaultroute - leftfirewall=yes - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - auto=add -conn home - type=transport - ike=aes256-sha2_384-modp1024 - esp = aes256-sha2_384 - keyexchange=ikev1 - authby=pubkey - leftcert=/data/service/el1/public/vpn/client.cert.pem - leftid=192.168.1.11 - leftprotoport=udp/l2tp - keyingtries=1 - right=vpn_address_value -)"; - -constexpr const char* L2TP_IPSEC_PSK_IPSEC_TEMPCONFIG = R"( -config setup -conn %default - ikelifetime=60m - keylife=20m - rekeymargin=3m - keyingtries=1 - keyexchange=ikev1 - authby=secret - ike=aes128-sha1-modp1024, 3des-sha1-modp1024! - esp=aes128-sha1-modp1024, 3des-sha1-modp1024! -conn home - keyexchange=ikev1 - left=%defaultroute - auto=add - authby=secret - type=transport - leftprotoport=17/1701 - rightprotoport=17/1701 - right=vpn_address_value - rightid=%any -)"; - -constexpr const char* L2TP_IPSEC_RSA_IPSEC_SECERETS_TEMPCONFIG = R"( -: RSA /data/service/el1/public/vpn/client.key.pem)"; +password vpn_password_value)"; constexpr const char* L2TP_IPSEC_PSK_IPSEC_SECERETS_TEMPCONFIG = R"( : PSK vpn_ipsec_sharedKey_value)"; -constexpr const char* SWANCTL_STRONGSWAN_TEMPCONFIG = R"( -swanctl { - load = pem pkcs1 x509 revocation constraints pubkey openssl random -})"; - -constexpr const char* SWANCTL_PSK_STRONGSWAN_TEMPCONFIG = R"( -swanctl { - load = random openssl -} -charon-systemd { - load = random nonce aes sha1 sha2 hmac kdf curve25519 kernel-netlink socket-default updown vici kernel-libipsec -})"; - -constexpr const char* CHARON_STRONGSWAN_TEMPCONFIG_START = "charon {"; -constexpr const char* CHARON_IKEV2_STRONGSWAN_TEMPCONFIG_START = R"( +constexpr const char* STRONGSWAN_CONF_TEMPCONFIG = R"( +# /etc/strongswan.conf - strongSwan configuration file charon { - plugins { - kernel-libipsec { - allow_peer_ts = yes - } + i_dont_care_about_security_and_use_aggressive_mode_psk = yes + install_virtual_ip = no + plugins { + include /system/etc/strongswan/strongswan.d/charon/*.conf + kernel-libipsec { + load = no } -)"; - -constexpr const char* CHARON_L2TP_STRONGSWAN_TEMPCONFIG_START = R"( -charon { -load_modular = yes - plugins { - include /system/etc/strongswan/strongswan.d/charon/*.conf - kernel-libipsec { - load = no - } - } -)"; - -constexpr const char* CHARON_XAUTH_PSK_STRONGSWAN_TEMPCONFIG_START = R"( -charon { - i_dont_care_about_security_and_use_aggressive_mode_psk = yes - plugins { - kernel-netlink { - install_routes_xfrmi = yes - } + kernel-netlink { + load = yes } -)"; - -constexpr const char* CHARON_XAUTH_RSA_STRONGSWAN_TEMPCONFIG_START = R"( -charon { - i_dont_care_about_security_and_use_aggressive_mode_psk = yes -)"; - -constexpr const char* CHARON_STRONGSWAN_TEMPCONFIG_END = R"( -})"; - -constexpr const char* INCLUDE_STRONGSWAN_TEMPCONFIG = R"( + } +} include /system/etc/strongswan/strongswan.d/*.conf)"; -int32_t VpnTemplateProcessor::BuildConfig(sptr &l2tpConfig) +int32_t VpnTemplateProcessor::BuildConfig(std::shared_ptr &vpnObj, + std::map> &vpnObjMap) { - if (l2tpConfig == nullptr) { - NETMGR_EXT_LOG_E("config is null."); + if (vpnObj == nullptr) { + NETMGR_EXT_LOG_E("invalid vpnObj"); return NETMANAGER_EXT_ERR_INTERNAL; } - GenOptionsL2tpdClient(l2tpConfig); - GenXl2tpdConf(l2tpConfig); - GenIpsecConf(l2tpConfig); - GenIpsecSecrets(l2tpConfig); - GenStrongSwanConf(l2tpConfig->vpnType_, l2tpConfig->strongswanConf_); - l2tpConfig->strongswanConf_ = Base64::Encode(l2tpConfig->strongswanConf_); - return NETMANAGER_EXT_SUCCESS; -} - -int32_t VpnTemplateProcessor::BuildConfig(sptr &ipsecConfig) -{ - if (ipsecConfig == nullptr) { - NETMGR_EXT_LOG_E("config is null."); + std::shared_ptr sysVpnObj = std::static_pointer_cast(vpnObj); + if (sysVpnObj == nullptr || sysVpnObj->multiVpnInfo_ == nullptr) { + NETMGR_EXT_LOG_E("invalid sysVpnObj"); return NETMANAGER_EXT_ERR_INTERNAL; } - GenSwanctlConf(ipsecConfig); - GenStrongSwanConf(ipsecConfig->vpnType_, ipsecConfig->strongswanConf_); - ipsecConfig->strongswanConf_ = Base64::Encode(ipsecConfig->strongswanConf_); + int32_t ifNameId = sysVpnObj->multiVpnInfo_->ifNameId; + if (sysVpnObj->ipsecVpnConfig_ != nullptr) { + GenSwanctlOrIpsecConf(sysVpnObj->ipsecVpnConfig_, sysVpnObj->l2tpVpnConfig_, ifNameId, vpnObjMap); + sysVpnObj->ipsecVpnConfig_->strongswanConf_ = STRONGSWAN_CONF_TEMPCONFIG; + } else if (sysVpnObj->l2tpVpnConfig_ != nullptr) { + GenOptionsL2tpdClient(sysVpnObj->l2tpVpnConfig_); + GenXl2tpdConf(sysVpnObj->l2tpVpnConfig_, ifNameId, vpnObjMap); + GenSwanctlOrIpsecConf(sysVpnObj->ipsecVpnConfig_, sysVpnObj->l2tpVpnConfig_, ifNameId, vpnObjMap); + GenIpsecSecrets(sysVpnObj->l2tpVpnConfig_); + sysVpnObj->l2tpVpnConfig_->strongswanConf_ = STRONGSWAN_CONF_TEMPCONFIG; + } return NETMANAGER_EXT_SUCCESS; } -void VpnTemplateProcessor::GenSwanctlConf(sptr &config) +void VpnTemplateProcessor::GenSwanctlOrIpsecConf(sptr &ipsecConfig, sptr &l2tpConfig, + int32_t ifNameId, std::map> &vpnObjMap) { - std::string conf; - switch (config->vpnType_) { - case VpnType::IKEV2_IPSEC_MSCHAPv2: - conf.append(IKE2_IPSEC_MSCHAPV2_SWANCTL_TEMPCONFIG); - break; - case VpnType::IKEV2_IPSEC_PSK: - conf.append(IKE2_IPSEC_PSK_SWANCTL_TEMPCONFIG); - break; - case VpnType::IKEV2_IPSEC_RSA: - conf.append(IKE2_IPSEC_RSA_SWANCTL_TEMPCONFIG); - break; - case VpnType::IPSEC_HYBRID_RSA: - conf.append(IPSEC_HYBRID_RSA_SWANCTL_TEMPCONFIG); - break; - case VpnType::IPSEC_XAUTH_PSK: - conf.append(IPSEC_XAUTH_PSK_SWANCTL_TEMPCONFIG); - break; - case VpnType::IPSEC_XAUTH_RSA: - conf.append(IPSEC_XAUTH_RSA_SWANCTL_TEMPCONFIG); - break; - default: - break; + std::string connects; + std::string secrets; + for (const auto& pair : vpnObjMap) { + if (pair.second != nullptr) { + std::shared_ptr vpnObj = std::static_pointer_cast(pair.second); + if (vpnObj != nullptr && vpnObj->multiVpnInfo_ != nullptr) { + CreateConnectAndSecret(vpnObj->ipsecVpnConfig_, vpnObj->l2tpVpnConfig_, + vpnObj->multiVpnInfo_->ifNameId, connects, secrets); + } + } + } + CreateConnectAndSecret(ipsecConfig, l2tpConfig, ifNameId, connects, secrets); + std::string conf = "connections {\n" + connects + "\n}" + "\nsecrets {\n" + secrets + "\n}"; + if (ipsecConfig != nullptr) { + ipsecConfig->swanctlConf_ = conf; + } else if (l2tpConfig != nullptr) { + l2tpConfig->ipsecConf_ = conf; + } else { + NETMGR_EXT_LOG_W("invalid config"); } - std::unordered_map params; - params[KEY_VPN_ADDRESS] = config->addresses_[0].address_; - params[KEY_VPN_IPSEC_IDENTIFIER] = config->ipsecIdentifier_; - params[KEY_VPN_IPSEC_SHAREDKEY] = config->ipsecPreSharedKey_; - params[KEY_VPN_USERNAME] = config->userName_; - params[KEY_VPN_PASSWORD] = config->password_; - InflateConf(conf, params); - config->swanctlConf_ = Base64::Encode(conf); } -void VpnTemplateProcessor::GenXl2tpdConf(sptr &config) +void VpnTemplateProcessor::GenXl2tpdConf(sptr &config, int32_t ifNameId, + std::map> &vpnObjMap) { - int32_t configType = config->vpnType_; std::string conf; - if (configType == VpnType::L2TP_IPSEC_PSK || configType == VpnType::L2TP_IPSEC_RSA - || configType == VpnType::L2TP) { - conf.append(L2TP_IPSEC_XL2TP_TEMPCONFIG); + for (const auto& pair : vpnObjMap) { + if (pair.second != nullptr) { + std::shared_ptr vpnObj = std::static_pointer_cast(pair.second); + if (vpnObj != nullptr && vpnObj->multiVpnInfo_ != nullptr) { + CreateXl2tpdConf(vpnObj->l2tpVpnConfig_, vpnObj->multiVpnInfo_->ifNameId, conf); + } + } } - std::unordered_map params; - params[KEY_VPN_ADDRESS] = config->addresses_[0].address_; - InflateConf(conf, params); - config->xl2tpdConf_ = Base64::Encode(conf); + CreateXl2tpdConf(config, ifNameId, conf); + config->xl2tpdConf_ = conf; } void VpnTemplateProcessor::GenOptionsL2tpdClient(sptr &config) @@ -437,66 +345,20 @@ void VpnTemplateProcessor::GenOptionsL2tpdClient(sptr &config) params[KEY_VPN_USERNAME] = config->userName_; params[KEY_VPN_PASSWORD] = config->password_; InflateConf(conf, params); - config->optionsL2tpdClient_ = Base64::Encode(conf); -} - -void VpnTemplateProcessor::GenIpsecConf(sptr &config) -{ - int32_t configType = config->vpnType_; - std::string conf; - if (configType == VpnType::L2TP_IPSEC_RSA) { - conf.append(L2TP_IPSEC_RSA_IPSEC_TEMPCONFIG); - } - if (configType == VpnType::L2TP_IPSEC_PSK) { - conf.append(L2TP_IPSEC_PSK_IPSEC_TEMPCONFIG); - } - std::unordered_map params; - params[KEY_VPN_ADDRESS] = config->addresses_[0].address_; - InflateConf(conf, params); - config->ipsecConf_ = Base64::Encode(conf); + config->optionsL2tpdClient_ = conf; } void VpnTemplateProcessor::GenIpsecSecrets(sptr &config) { int32_t configType = config->vpnType_; std::string conf; - if (configType == VpnType::L2TP_IPSEC_RSA) { - conf.append(L2TP_IPSEC_RSA_IPSEC_SECERETS_TEMPCONFIG); - } if (configType == VpnType::L2TP_IPSEC_PSK) { conf.append(L2TP_IPSEC_PSK_IPSEC_SECERETS_TEMPCONFIG); } std::unordered_map params; params[KEY_VPN_IPSEC_SHAREDKEY] = config->ipsecPreSharedKey_; InflateConf(conf, params); - config->ipsecSecrets_ = Base64::Encode(conf); -} - -void VpnTemplateProcessor::GenStrongSwanConf(int32_t configType, std::string &outConf) -{ - outConf = "# /etc/strongswan.conf - strongSwan configuration file"; - if (configType == VpnType::IKEV2_IPSEC_MSCHAPv2 || configType == VpnType::IKEV2_IPSEC_RSA - || configType == VpnType::IPSEC_HYBRID_RSA || configType == VpnType::IPSEC_XAUTH_PSK - || configType == VpnType::IPSEC_XAUTH_RSA) { - outConf.append(SWANCTL_STRONGSWAN_TEMPCONFIG); - } else if (configType == VpnType::IKEV2_IPSEC_PSK) { - outConf.append(SWANCTL_PSK_STRONGSWAN_TEMPCONFIG); - } - if (configType == VpnType::IKEV2_IPSEC_PSK) { - outConf.append(CHARON_IKEV2_STRONGSWAN_TEMPCONFIG_START); - } else if (configType == VpnType::L2TP_IPSEC_PSK || configType == VpnType::L2TP_IPSEC_RSA) { - outConf.append(CHARON_L2TP_STRONGSWAN_TEMPCONFIG_START); - } else if (configType == VpnType::IPSEC_XAUTH_PSK) { - outConf.append(CHARON_XAUTH_PSK_STRONGSWAN_TEMPCONFIG_START); - } else if (configType == VpnType::IPSEC_XAUTH_RSA) { - outConf.append(CHARON_XAUTH_RSA_STRONGSWAN_TEMPCONFIG_START); - } else { - outConf.append(CHARON_STRONGSWAN_TEMPCONFIG_START); - } - outConf.append(CHARON_STRONGSWAN_TEMPCONFIG_END); - if (configType == VpnType::L2TP_IPSEC_PSK || configType == VpnType::L2TP_IPSEC_RSA) { - outConf.append(INCLUDE_STRONGSWAN_TEMPCONFIG); - } + config->ipsecSecrets_ = conf; } void VpnTemplateProcessor::InflateConf(std::string &conf, @@ -513,5 +375,107 @@ void VpnTemplateProcessor::InflateConf(std::string &conf, } } } + +void VpnTemplateProcessor::CreateXl2tpdConf(sptr &config, int32_t ifNameId, std::string &outConf) +{ + if (config == nullptr) { + return; + } + std::string conf = L2TP_IPSEC_XL2TP_TEMPCONFIG; + std::unordered_map params; + params[KEY_VPN_ADDRESS] = config->addresses_[0].address_; + params[KEY_VPN_MYVPN_NAME] = KEY_VPN_MYVPN_NAME + std::to_string(ifNameId); + params[KEY_VPN_CLIENT_CONFIG_NAME] = std::string(KEY_VPN_CLIENT_CONFIG_NAME) + "-" + std::to_string(ifNameId); + InflateConf(conf, params); + outConf += conf; +} + +void VpnTemplateProcessor::GetConnectAndSecretTemp(int32_t type, std::string &outConnect, std::string &outSecret) +{ + const std::string secretsUsername = "\nid = vpn_username_value\nsecret = vpn_password_value\n"; + const std::string secretsId = "\nid = vpn_ipsec_identifier_value\nsecret = vpn_ipsec_sharedKey_value\n"; + const std::string l2tpIpsecSecret = + "\nid-1 = l2tp_psk_id\nid-2 = vpn_ipsec_identifier_value\nsecret = vpn_ipsec_sharedKey_value\n"; + switch (type) { + case VpnType::IKEV2_IPSEC_MSCHAPv2: + outConnect = IKE2_IPSEC_MSCHAPV2_SWANCTL_CONNECTIONS_TEMPCONFIG; + outSecret = "eap-homeElement {" + secretsUsername + "}\n"; + break; + case VpnType::IKEV2_IPSEC_PSK: + outConnect = IKE2_IPSEC_PSK_SWANCTL_CONNECTIONS_TEMPCONFIG; + outSecret = "ike-homeElement {" + secretsId + "}\n"; + break; + case VpnType::IKEV2_IPSEC_RSA: + outConnect = IKE2_IPSEC_RSA_SWANCTL_CONNECTIONS_TEMPCONFIG; + break; + case VpnType::IPSEC_XAUTH_PSK: + outConnect = IPSEC_XAUTH_PSK_SWANCTL_CONNECTIONS_TEMPCONFIG; + outSecret = "ike-homeElement {" + secretsId + "}\n" + + "xauth-homeElement {" + secretsUsername + "}\n"; + break; + case VpnType::IPSEC_XAUTH_RSA: + outConnect = IPSEC_XAUTH_RSA_SWANCTL_CONNECTIONS_TEMPCONFIG; + outSecret = "xauth-homeElement {" + secretsUsername + "}\n"; + break; + case VpnType::IPSEC_HYBRID_RSA: + outConnect = IPSEC_HYBRID_RSA_SWANCTL_CONNECTIONS_TEMPCONFIG; + outSecret = "xauth-homeElement {" + secretsUsername + "}\n"; + break; + case VpnType::L2TP_IPSEC_PSK: + outConnect = L2TP_PSK_SWANCTL_CONNECTIONS_TEMPCONFIG; + outSecret = "ike-homeElement {" + l2tpIpsecSecret + "}\n"; + break; + case VpnType::L2TP_IPSEC_RSA: + outConnect = L2TP_RSA_SWANCTL_CONNECTIONS_TEMPCONFIG; + break; + default: + break; + } +} + +void VpnTemplateProcessor::CreateConnectAndSecret(sptr &ipsecConfig, sptr &l2tpConfig, + int32_t ifNameId, std::string &outConnect, std::string &outSecret) +{ + std::string connect; + std::string secret; + std::string emptyId = "%any"; + std::unordered_map params; + if (l2tpConfig != nullptr) { + if (l2tpConfig->vpnType_ == L2TP) { + return; + } + GetConnectAndSecretTemp(l2tpConfig->vpnType_, connect, secret); + + params[KEY_VPN_L2TP_PSK_ID] = + l2tpConfig->ipsecIdentifier_.empty() ? KEY_VPN_HOME_ELEMENT : l2tpConfig->ipsecIdentifier_; + InflateConf(connect, params); + InflateConf(secret, params); + params[KEY_VPN_ADDRESS] = l2tpConfig->addresses_[0].address_; + params[KEY_VPN_HOME_ELEMENT] = KEY_VPN_HOME + std::to_string(ifNameId); + params[KEY_VPN_IPSEC_IDENTIFIER] = l2tpConfig->ipsecIdentifier_.empty() + ? emptyId : l2tpConfig->ipsecIdentifier_; + params[KEY_VPN_IPSEC_SHAREDKEY] = l2tpConfig->ipsecPreSharedKey_; + InflateConf(connect, params); + InflateConf(secret, params); + } else if (ipsecConfig != nullptr) { + GetConnectAndSecretTemp(ipsecConfig->vpnType_, connect, secret); + + params[KEY_VPN_ADDRESS] = ipsecConfig->addresses_[0].address_; + params[KEY_VPN_IPSEC_IDENTIFIER] = ipsecConfig->ipsecIdentifier_.empty() + ? emptyId : ipsecConfig->ipsecIdentifier_; + params[KEY_VPN_IPSEC_SHAREDKEY] = ipsecConfig->ipsecPreSharedKey_; + params[KEY_VPN_USERNAME] = ipsecConfig->userName_; + params[KEY_VPN_PASSWORD] = ipsecConfig->password_; + params[KEY_VPN_HOME_ELEMENT] = KEY_VPN_HOME + std::to_string(ifNameId); + params[KEY_VPN_IF_ID_NUM] = std::to_string(ifNameId); + InflateConf(connect, params); + InflateConf(secret, params); + } else { + connect = ""; + secret = ""; + } + outConnect += connect; + outSecret += secret; +} } // namespace NetManagerStandard } // namespace OHOS diff --git a/test/netmanager_ext_mock_test/mock_vpn_event_callback_test.h b/test/netmanager_ext_mock_test/mock_vpn_event_callback_test.h index a7e3c79b..955308ec 100644 --- a/test/netmanager_ext_mock_test/mock_vpn_event_callback_test.h +++ b/test/netmanager_ext_mock_test/mock_vpn_event_callback_test.h @@ -24,10 +24,8 @@ namespace NetManagerStandard { class MockIVpnEventCallback : public IRemoteStub { public: int32_t OnVpnStateChanged(bool isConnected) override { return 0; }; -#ifdef SUPPORT_SYSVPN int32_t OnMultiVpnStateChanged(bool isConnected, const std::string &bundleName, const std::string &vpnId) override{ return 0; }; -#endif // SUPPORT_SYSVPN int32_t OnVpnMultiUserSetUp() override { return 0; }; }; } // namespace NetManagerStandard diff --git a/test/vpnmanager/unittest/sys_vpn_manager_test/ipsec_vpn_ctl_test.cpp b/test/vpnmanager/unittest/sys_vpn_manager_test/ipsec_vpn_ctl_test.cpp index 9c326d42..0a30dbb7 100644 --- a/test/vpnmanager/unittest/sys_vpn_manager_test/ipsec_vpn_ctl_test.cpp +++ b/test/vpnmanager/unittest/sys_vpn_manager_test/ipsec_vpn_ctl_test.cpp @@ -134,6 +134,9 @@ HWTEST_F(IpsecVpnCtlTest, NotifyConnectStageTest001, TestSize.Level1) EXPECT_EQ(ipsecControl_->NotifyConnectStage(stage, errorCode), NETMANAGER_EXT_SUCCESS); ipsecControl_->state_ = IpsecVpnStateCode::STATE_CONFIGED; EXPECT_EQ(ipsecControl_->NotifyConnectStage(stage, errorCode), NETMANAGER_EXT_SUCCESS); + ipsecControl_->state_ = IpsecVpnStateCode::STATE_CONFIGED; + stage ="{\"updateconfig\":{\"test\":\"192.168.1.1\"}}"; + EXPECT_EQ(ipsecControl_->NotifyConnectStage(stage, errorCode), NETMANAGER_EXT_ERR_INTERNAL); } HWTEST_F(IpsecVpnCtlTest, GetSysVpnCertUriTest001, TestSize.Level1) @@ -220,5 +223,66 @@ HWTEST_F(IpsecVpnCtlTest, InitConfigFileTest002, TestSize.Level1) ipsecControl_->ipsecVpnConfig_ = nullptr; EXPECT_EQ(ipsecControl_->InitConfigFile(), NETMANAGER_EXT_ERR_INTERNAL); } + +HWTEST_F(IpsecVpnCtlTest, UpdateConfigTest002, TestSize.Level1) +{ + if (ipsecControl_ == nullptr) { + return; + } + ipsecControl_->ipsecVpnConfig_ = nullptr; + std::string message; + EXPECT_EQ(ipsecControl_->UpdateConfig(message), NETMANAGER_EXT_ERR_PARAMETER_ERROR); + message = "test"; + EXPECT_EQ(ipsecControl_->UpdateConfig(message), NETMANAGER_EXT_ERR_PARAMETER_ERROR); + message = "updateconfig"; + EXPECT_EQ(ipsecControl_->UpdateConfig(message), NETMANAGER_EXT_ERR_PARAMETER_ERROR); + message = "updateconfig{}"; + EXPECT_EQ(ipsecControl_->UpdateConfig(message), NETMANAGER_EXT_ERR_PARAMETER_ERROR); + message = "{\"updateconfig\"}"; + EXPECT_EQ(ipsecControl_->UpdateConfig(message), NETMANAGER_EXT_ERR_PARAMETER_ERROR); + message = R"({"config":{"address":"192.168.1.1", "netmask":"255.255.255.0", + "mtu":1400, "phyifname":"xfrm"}})"; + EXPECT_EQ(ipsecControl_->UpdateConfig(message), NETMANAGER_EXT_ERR_PARAMETER_ERROR); + message = "{\"updateconfig\":{\"test\":\"192.168.1.1\"}}"; + EXPECT_EQ(ipsecControl_->UpdateConfig(message), NETMANAGER_EXT_SUCCESS); + + sptr config = new (std::nothrow) IpsecVpnConfig(); + if (config == nullptr) { + return; + } + ipsecControl_->ipsecVpnConfig_ = config; + message = R"({"updateconfig":{"address":"192.168.1.1", "netmask":"255.255.255.0", + "mtu":1400, "phyifname":"xfrm"}})"; + EXPECT_EQ(ipsecControl_->UpdateConfig(message), NETMANAGER_EXT_SUCCESS); + message = R"({"updateconfig":{"remoteip":"192.168.1.1","address":"192.168.1.1", + "netmask":"255.255.255.0", "mtu":1400, "phyifname":"xfrm"}})"; + EXPECT_EQ(ipsecControl_->UpdateConfig(message), NETMANAGER_EXT_SUCCESS); +} + +HWTEST_F(IpsecVpnCtlTest, HandleUpdateConfig001, TestSize.Level1) +{ + if (ipsecControl_ == nullptr) { + return; + } + ipsecControl_->ipsecVpnConfig_ = nullptr; + std::string message; + EXPECT_EQ(ipsecControl_->HandleUpdateConfig(message), NETMANAGER_EXT_ERR_INTERNAL); + message = R"({"updateconfig":{"address":"192.168.1.1", "netmask":"255.255.255.0", + "mtu":1400, "phyifname":"xfrm"}})"; + EXPECT_EQ(ipsecControl_->HandleUpdateConfig(message), NETMANAGER_EXT_ERR_INTERNAL); + + sptr ipsecConfig = new (std::nothrow) IpsecVpnConfig(); + if (ipsecConfig == nullptr) { + return; + } + int32_t userId = 0; + std::vector activeUserIds; + ipsecControl_ = std::make_unique(ipsecConfig, "pkg", userId, activeUserIds); + ipsecControl_->ipsecVpnConfig_ = ipsecConfig; + message = R"({"updateconfig":{"address":"192.168.1.1", "netmask":"255.255.255.0", + "mtu":1400, "phyifname":"xfrm"}})"; + EXPECT_EQ(ipsecControl_->HandleUpdateConfig(message), NETMANAGER_EXT_ERR_INTERNAL); +} + } // namespace NetManagerStandard } // namespace OHOS \ No newline at end of file diff --git a/test/vpnmanager/unittest/sys_vpn_manager_test/l2tp_vpn_ctl_test.cpp b/test/vpnmanager/unittest/sys_vpn_manager_test/l2tp_vpn_ctl_test.cpp index d8cb410d..1a7f2b30 100644 --- a/test/vpnmanager/unittest/sys_vpn_manager_test/l2tp_vpn_ctl_test.cpp +++ b/test/vpnmanager/unittest/sys_vpn_manager_test/l2tp_vpn_ctl_test.cpp @@ -57,6 +57,63 @@ HWTEST_F(L2tpVpnCtlTest, SetUp001, TestSize.Level1) EXPECT_EQ(l2tpControl_->SetUp(), NETMANAGER_EXT_SUCCESS); } +HWTEST_F(L2tpVpnCtlTest, SetUp002, TestSize.Level1) +{ + sptr l2tpVpnconfig = new (std::nothrow) L2tpVpnConfig(); + ASSERT_NE(l2tpVpnconfig, nullptr); + sptr netAddr = new (std::nothrow) INetAddr(); + ASSERT_NE(netAddr, nullptr); + std::string ip = "1.1.1.1"; + netAddr->address_ = ip; + netAddr->prefixlen_ = 1; + l2tpVpnconfig->addresses_.push_back(*netAddr); + l2tpVpnconfig->vpnId_ = "123"; + l2tpVpnconfig->vpnName_ = "testSetUpVpn"; + l2tpVpnconfig->vpnType_ = 1; + int32_t userId = 0; + std::vector activeUserIds; + std::unique_ptr l2tpControl = + std::make_unique(l2tpVpnconfig, "pkg", userId, activeUserIds); + ASSERT_NE(l2tpControl, nullptr); + l2tpControl->l2tpVpnConfig_ = l2tpVpnconfig; + EXPECT_EQ(l2tpControl->SetUp(), NETMANAGER_EXT_SUCCESS); + l2tpControl->l2tpVpnConfig_->vpnType_ = 10; + EXPECT_EQ(l2tpControl->SetUp(), NETMANAGER_EXT_SUCCESS); + l2tpControl->l2tpVpnConfig_->vpnType_ = 4; + EXPECT_EQ(l2tpControl->SetUp(), NETMANAGER_EXT_SUCCESS); + sptr vpnInfo = new (std::nothrow) MultiVpnInfo(); + ASSERT_NE(vpnInfo, nullptr); + l2tpControl->multiVpnInfo_ = vpnInfo; + EXPECT_EQ(l2tpControl->SetUp(), NETMANAGER_EXT_SUCCESS); + l2tpControl->l2tpVpnConfig_->vpnType_ = 10; + EXPECT_EQ(l2tpControl->SetUp(), NETMANAGER_EXT_SUCCESS); + l2tpControl->l2tpVpnConfig_->vpnType_ = 4; + EXPECT_EQ(l2tpControl->SetUp(), NETMANAGER_EXT_SUCCESS); +} + +HWTEST_F(L2tpVpnCtlTest, SetUp003, TestSize.Level1) +{ + sptr l2tpVpnconfig = new (std::nothrow) L2tpVpnConfig(); + ASSERT_NE(l2tpVpnconfig, nullptr); + l2tpVpnconfig->vpnType_ == 10; + int32_t userId = 0; + std::vector activeUserIds; + std::unique_ptr l2tpControl = + std::make_unique(l2tpVpnconfig, "pkg", userId, activeUserIds); + ASSERT_NE(l2tpControl, nullptr); + l2tpControl->l2tpVpnConfig_ = l2tpVpnconfig; + l2tpControl->l2tpVpnConfig_->vpnType_ = 10; + EXPECT_EQ(l2tpControl->SetUp(), NETMANAGER_EXT_SUCCESS); + l2tpControl->l2tpVpnConfig_->vpnType_ = 4; + EXPECT_EQ(l2tpControl->SetUp(), NETMANAGER_EXT_SUCCESS); + l2tpControl->l2tpVpnConfig_->vpnType_ = 10; + EXPECT_EQ(l2tpControl->SetUp(), NETMANAGER_EXT_SUCCESS); + sptr vpnInfo = new (std::nothrow) MultiVpnInfo(); + ASSERT_NE(vpnInfo, nullptr); + l2tpControl->multiVpnInfo_ = vpnInfo; + EXPECT_EQ(l2tpControl->SetUp(), NETMANAGER_EXT_SUCCESS); +} + HWTEST_F(L2tpVpnCtlTest, Destroy001, TestSize.Level1) { if (l2tpControl_ == nullptr) { @@ -65,6 +122,26 @@ HWTEST_F(L2tpVpnCtlTest, Destroy001, TestSize.Level1) EXPECT_EQ(l2tpControl_->Destroy(), NETMANAGER_EXT_SUCCESS); } +HWTEST_F(L2tpVpnCtlTest, Destroy002, TestSize.Level1) +{ + sptr l2tpVpnconfig = new (std::nothrow) L2tpVpnConfig(); + ASSERT_NE(l2tpVpnconfig, nullptr); + int32_t userId = 0; + std::vector activeUserIds; + std::unique_ptr l2tpControl = + std::make_unique(l2tpVpnconfig, "pkg", userId, activeUserIds); + ASSERT_NE(l2tpControl, nullptr); + EXPECT_EQ(l2tpControl->Destroy(), NETMANAGER_EXT_SUCCESS); + l2tpControl->l2tpVpnConfig_->vpnType_ == VpnType::L2TP; + EXPECT_EQ(l2tpControl->Destroy(), NETMANAGER_EXT_SUCCESS); + l2tpControl->l2tpVpnConfig_->vpnType_ == VpnType::L2TP_IPSEC_PSK; + EXPECT_EQ(l2tpControl->Destroy(), NETMANAGER_EXT_SUCCESS); + sptr vpnInfo = new (std::nothrow) MultiVpnInfo(); + ASSERT_NE(vpnInfo, nullptr); + l2tpControl->multiVpnInfo_ = vpnInfo; + EXPECT_EQ(l2tpControl->Destroy(), NETMANAGER_EXT_SUCCESS); +} + HWTEST_F(L2tpVpnCtlTest, IsInternalVpn001, TestSize.Level1) { if (l2tpControl_ == nullptr) { @@ -114,7 +191,7 @@ HWTEST_F(L2tpVpnCtlTest, NotifyConnectStageTest001, TestSize.Level1) ret = l2tpControl_->NotifyConnectStage(stage, errorCode); EXPECT_EQ(ret, NETMANAGER_EXT_SUCCESS); - l2tpControl_->state_ = IpsecVpnStateCode::STATE_CONFIGED; + l2tpControl_->state_ = IpsecVpnStateCode::STATE_L2TP_STARTED; stage = IPSEC_CONNECT_TAG; ret = l2tpControl_->NotifyConnectStage(stage, errorCode); EXPECT_EQ(ret, NETMANAGER_EXT_SUCCESS); @@ -139,6 +216,44 @@ HWTEST_F(L2tpVpnCtlTest, NotifyConnectStageTest001, TestSize.Level1) EXPECT_EQ(l2tpControl_->NotifyConnectStage(stage, errorCode), NETMANAGER_EXT_SUCCESS); } +HWTEST_F(L2tpVpnCtlTest, NotifyConnectStageTest002, TestSize.Level1) +{ + if (l2tpControl_ == nullptr) { + return; + } + std::string stage; + int32_t errorCode = NETMANAGER_EXT_SUCCESS; + int32_t ret; + + l2tpControl_->state_ = IpsecVpnStateCode::STATE_STARTED; + stage = SWANCTL_START_TAG; + ret = l2tpControl_->NotifyConnectStage(stage, errorCode); + EXPECT_EQ(ret, NETMANAGER_EXT_SUCCESS); + + l2tpControl_->state_ = IpsecVpnStateCode::STATE_CONFIGED; + stage = IPSEC_CONNECT_TAG; + ret = l2tpControl_->NotifyConnectStage(stage, errorCode); + EXPECT_EQ(ret, NETMANAGER_EXT_SUCCESS); + + l2tpControl_->state_ = IpsecVpnStateCode::STATE_CONFIGED; + stage = L2TP_IPSEC_CONFIGURED_TAG; + sptr l2tpVpnconfig = new (std::nothrow) L2tpVpnConfig(); + ASSERT_NE(l2tpVpnconfig, nullptr); + l2tpControl_->l2tpVpnConfig_ = l2tpVpnconfig; + l2tpControl_->l2tpVpnConfig_->vpnType_ = 10; + sptr vpnInfo = new (std::nothrow) MultiVpnInfo(); + ASSERT_NE(vpnInfo, nullptr); + l2tpControl_->multiVpnInfo_ = vpnInfo; + ret = l2tpControl_->NotifyConnectStage(stage, errorCode); + EXPECT_EQ(ret, NETMANAGER_EXT_SUCCESS); + + l2tpControl_->state_ = IpsecVpnStateCode::STATE_CONNECTED; + stage = R"({"updateconfig":{"address":"192.168.1.1", "netmask":"255.255.255.0", + "mtu":1400, "phyifname":"xfrm"}})"; + ret = l2tpControl_->NotifyConnectStage(stage, errorCode); + EXPECT_EQ(ret, NETMANAGER_EXT_ERR_INTERNAL); +} + HWTEST_F(L2tpVpnCtlTest, GetSysVpnCertUriTest001, TestSize.Level1) { sptr config = new (std::nothrow) L2tpVpnConfig(); @@ -179,6 +294,8 @@ HWTEST_F(L2tpVpnCtlTest, GetSysVpnCertUriTest002, TestSize.Level1) EXPECT_EQ(l2tpControl_->GetSysVpnCertUri(certType, certUri), NETMANAGER_EXT_SUCCESS); certType = -1; EXPECT_EQ(l2tpControl_->GetSysVpnCertUri(certType, certUri), NETMANAGER_EXT_SUCCESS); + certType = 3; + EXPECT_EQ(l2tpControl_->GetSysVpnCertUri(certType, certUri), NETMANAGER_EXT_SUCCESS); } HWTEST_F(L2tpVpnCtlTest, InitConfigFile001, TestSize.Level1) @@ -244,5 +361,31 @@ HWTEST_F(L2tpVpnCtlTest, GetSysVpnCertUriTest003, TestSize.Level1) certType = 5; EXPECT_EQ(l2tpControl_->GetSysVpnCertUri(certType, certUri), NETMANAGER_EXT_SUCCESS); } + +HWTEST_F(L2tpVpnCtlTest, ProcessUpdateL2tpConfig001, TestSize.Level1) +{ + sptr l2tpVpnconfig = new (std::nothrow) L2tpVpnConfig(); + if (l2tpVpnconfig == nullptr) { + return; + } + int32_t userId = 0; + std::vector activeUserIds; + std::unique_ptr l2tpControl = + std::make_unique(l2tpVpnconfig, "pkg", userId, activeUserIds); + if (l2tpControl == nullptr) { + return; + } + std::string message; + l2tpControl->l2tpVpnConfig_ = nullptr; + message = R"({"updateconfig":{"address":"192.168.1.1", "netmask":"255.255.255.0", + "mtu":1400, "phyifname":"xfrm"}})"; + EXPECT_EQ(l2tpControl->ProcessUpdateConfig(message), NETMANAGER_EXT_ERR_INTERNAL); + + l2tpControl->l2tpVpnConfig_ = l2tpVpnconfig; + EXPECT_EQ(l2tpControl->ProcessUpdateConfig(message), NETMANAGER_EXT_ERR_INTERNAL); + message =R"({"updateconfig":{"address":"192.168.1.1", "netmask":"255.255.255.0", + "mtu":1400, "phyifname":"xfrm"}})"; + EXPECT_EQ(l2tpControl->ProcessUpdateConfig(message), NETMANAGER_EXT_ERR_INTERNAL); +} } // namespace NetManagerStandard } // namespace OHOS \ No newline at end of file diff --git a/test/vpnmanager/unittest/sys_vpn_manager_test/multi_vpn_helper_test.cpp b/test/vpnmanager/unittest/sys_vpn_manager_test/multi_vpn_helper_test.cpp index fbad156e..14775947 100644 --- a/test/vpnmanager/unittest/sys_vpn_manager_test/multi_vpn_helper_test.cpp +++ b/test/vpnmanager/unittest/sys_vpn_manager_test/multi_vpn_helper_test.cpp @@ -61,13 +61,12 @@ HWTEST_F(MultiVpnHelperTest, GetNewIfNameId001, TestSize.Level1) HWTEST_F(MultiVpnHelperTest, CreateMultiVpnInfo001, TestSize.Level1) { - sptr vpnConfig = nullptr; sptr info = nullptr; std::string bundleName = "test"; int32_t userId = 1; bool isVpnExtCall = true; - EXPECT_EQ(multiVpnHelper_.CreateMultiVpnInfo(vpnConfig, info, bundleName, userId, isVpnExtCall), - NETMANAGER_EXT_ERR_INTERNAL); + EXPECT_EQ(multiVpnHelper_.CreateMultiVpnInfo("testid", 1, info), + NETMANAGER_EXT_SUCCESS); } HWTEST_F(MultiVpnHelperTest, CreateMultiVpnInfo002, TestSize.Level1) @@ -80,11 +79,11 @@ HWTEST_F(MultiVpnHelperTest, CreateMultiVpnInfo002, TestSize.Level1) bool isVpnExtCall = true; for (size_t i = 1; i < 21; ++i) { sptr vpnInfo = new (std::nothrow) MultiVpnInfo(); - ASSERT_NE(vpnInfo, nullptr);; + ASSERT_NE(vpnInfo, nullptr); vpnInfo->ifNameId = i; multiVpnHelper_.multiVpnInfos_.emplace_back(vpnInfo); } - EXPECT_EQ(multiVpnHelper_.CreateMultiVpnInfo(vpnConfig, info, bundleName, userId, isVpnExtCall), + EXPECT_EQ(multiVpnHelper_.CreateMultiVpnInfo(vpnConfig->vpnId_, 1, info), NETMANAGER_EXT_ERR_INTERNAL); multiVpnHelper_.multiVpnInfos_.clear(); } @@ -102,34 +101,34 @@ HWTEST_F(MultiVpnHelperTest, CreateMultiVpnInfo003, TestSize.Level1) sptr vpnConfig = new (std::nothrow) SysVpnConfig(); ASSERT_NE(vpnConfig, nullptr); vpnConfig->vpnType_ = VpnType::IKEV2_IPSEC_MSCHAPv2; - EXPECT_EQ(multiVpnHelper_.CreateMultiVpnInfo(vpnConfig, info, bundleName, userId, isVpnExtCall), + EXPECT_EQ(multiVpnHelper_.CreateMultiVpnInfo(vpnConfig->vpnId_, vpnConfig->vpnType_, info), NETMANAGER_EXT_SUCCESS); vpnConfig->vpnType_ = VpnType::IKEV2_IPSEC_PSK; - EXPECT_EQ(multiVpnHelper_.CreateMultiVpnInfo(vpnConfig, info, bundleName, userId, isVpnExtCall), + EXPECT_EQ(multiVpnHelper_.CreateMultiVpnInfo(vpnConfig->vpnId_, vpnConfig->vpnType_, info), NETMANAGER_EXT_SUCCESS); vpnConfig->vpnType_ = VpnType::IKEV2_IPSEC_RSA; - EXPECT_EQ(multiVpnHelper_.CreateMultiVpnInfo(vpnConfig, info, bundleName, userId, isVpnExtCall), + EXPECT_EQ(multiVpnHelper_.CreateMultiVpnInfo(vpnConfig->vpnId_, vpnConfig->vpnType_, info), NETMANAGER_EXT_SUCCESS); vpnConfig->vpnType_ = VpnType::IPSEC_XAUTH_PSK; - EXPECT_EQ(multiVpnHelper_.CreateMultiVpnInfo(vpnConfig, info, bundleName, userId, isVpnExtCall), + EXPECT_EQ(multiVpnHelper_.CreateMultiVpnInfo(vpnConfig->vpnId_, vpnConfig->vpnType_, info), NETMANAGER_EXT_SUCCESS); vpnConfig->vpnType_ = VpnType::IPSEC_XAUTH_RSA; - EXPECT_EQ(multiVpnHelper_.CreateMultiVpnInfo(vpnConfig, info, bundleName, userId, isVpnExtCall), + EXPECT_EQ(multiVpnHelper_.CreateMultiVpnInfo(vpnConfig->vpnId_, vpnConfig->vpnType_, info), NETMANAGER_EXT_SUCCESS); vpnConfig->vpnType_ = VpnType::IPSEC_HYBRID_RSA; - EXPECT_EQ(multiVpnHelper_.CreateMultiVpnInfo(vpnConfig, info, bundleName, userId, isVpnExtCall), + EXPECT_EQ(multiVpnHelper_.CreateMultiVpnInfo(vpnConfig->vpnId_, vpnConfig->vpnType_, info), NETMANAGER_EXT_SUCCESS); vpnConfig->vpnType_ = VpnType::OPENVPN; - EXPECT_EQ(multiVpnHelper_.CreateMultiVpnInfo(vpnConfig, info, bundleName, userId, isVpnExtCall), + EXPECT_EQ(multiVpnHelper_.CreateMultiVpnInfo(vpnConfig->vpnId_, vpnConfig->vpnType_, info), NETMANAGER_EXT_SUCCESS); vpnConfig->vpnType_ = VpnType::L2TP_IPSEC_PSK; - EXPECT_EQ(multiVpnHelper_.CreateMultiVpnInfo(vpnConfig, info, bundleName, userId, isVpnExtCall), + EXPECT_EQ(multiVpnHelper_.CreateMultiVpnInfo(vpnConfig->vpnId_, vpnConfig->vpnType_, info), NETMANAGER_EXT_SUCCESS); vpnConfig->vpnType_ = VpnType::L2TP_IPSEC_RSA; - EXPECT_EQ(multiVpnHelper_.CreateMultiVpnInfo(vpnConfig, info, bundleName, userId, isVpnExtCall), + EXPECT_EQ(multiVpnHelper_.CreateMultiVpnInfo(vpnConfig->vpnId_, vpnConfig->vpnType_, info), NETMANAGER_EXT_SUCCESS); vpnConfig->vpnType_ = VpnType::L2TP; - EXPECT_EQ(multiVpnHelper_.CreateMultiVpnInfo(vpnConfig, info, bundleName, userId, isVpnExtCall), + EXPECT_EQ(multiVpnHelper_.CreateMultiVpnInfo(vpnConfig->vpnId_, vpnConfig->vpnType_, info), NETMANAGER_EXT_SUCCESS); multiVpnHelper_.multiVpnInfos_.clear(); } @@ -235,21 +234,5 @@ HWTEST_F(MultiVpnHelperTest, IsOpenvpnConnectedStage001, TestSize.Level1) stage ="openvpn{\"updateState\":{\"state\":4}}"; EXPECT_EQ(multiVpnHelper_.IsOpenvpnConnectedStage(stage), true); } - -HWTEST_F(MultiVpnHelperTest, IsAnyVpnConnecting001, TestSize.Level1) -{ - multiVpnHelper_.multiVpnInfos_.clear(); - sptr vpnInfo = new (std::nothrow) MultiVpnInfo(); - ASSERT_NE(vpnInfo, nullptr); - vpnInfo->ifNameId = 1; - multiVpnHelper_.multiVpnInfos_.emplace_back(vpnInfo); - EXPECT_EQ(multiVpnHelper_.IsAnyVpnConnecting(), false); - sptr vpnInfo1 = new (std::nothrow) MultiVpnInfo(); - ASSERT_NE(vpnInfo1, nullptr); - vpnInfo1->isConnecting = true; - multiVpnHelper_.multiVpnInfos_.emplace_back(vpnInfo1); - EXPECT_EQ(multiVpnHelper_.IsAnyVpnConnecting(), true); - multiVpnHelper_.multiVpnInfos_.clear(); -} } } \ No newline at end of file diff --git a/test/vpnmanager/unittest/sys_vpn_manager_test/open_vpn_ctl_test.cpp b/test/vpnmanager/unittest/sys_vpn_manager_test/open_vpn_ctl_test.cpp index 1402fb85..4bcd6d7a 100644 --- a/test/vpnmanager/unittest/sys_vpn_manager_test/open_vpn_ctl_test.cpp +++ b/test/vpnmanager/unittest/sys_vpn_manager_test/open_vpn_ctl_test.cpp @@ -118,6 +118,35 @@ HWTEST_F(OpenvpnCtlTest, HandleClientMessage001, TestSize.Level1) EXPECT_EQ(openvpnControl_->openvpnState_, OPENVPN_STATE_DISCONNECTED); } +HWTEST_F(OpenvpnCtlTest, HandleClientMessage002, TestSize.Level1) +{ + int32_t ret; + std::string msg = R"(openvpn{"setupVpnTun":{"ip":"192.168.1.100"}})"; + ret = openvpnControl_->HandleClientMessage(msg); + EXPECT_NE(ret, NETMANAGER_EXT_SUCCESS); + sptr vpnInfo = new (std::nothrow) MultiVpnInfo(); + ASSERT_NE(vpnInfo, nullptr); + openvpnControl_->multiVpnInfo_ = vpnInfo; + ret = openvpnControl_->HandleClientMessage(msg); + EXPECT_NE(ret, NETMANAGER_EXT_SUCCESS); +} + +HWTEST_F(OpenvpnCtlTest, GetSysVpnCertUriTest001, TestSize.Level1) +{ + openvpnControl_->openvpnConfig_ = nullptr; + int32_t ret; + std::string uri; + ret = openvpnControl_->GetSysVpnCertUri(1, uri); + EXPECT_EQ(ret, NETMANAGER_EXT_ERR_INTERNAL); + sptr openvpnConfig = new (std::nothrow) OpenvpnConfig(); + ASSERT_NE(openvpnConfig, nullptr); + openvpnControl_->openvpnConfig_ = openvpnConfig; + ret = openvpnControl_->GetSysVpnCertUri(0, uri); + EXPECT_EQ(ret, NETMANAGER_EXT_SUCCESS); + ret = openvpnControl_->GetSysVpnCertUri(1, uri); + EXPECT_EQ(ret, NETMANAGER_EXT_SUCCESS); +} + HWTEST_F(OpenvpnCtlTest, UpdateState001, TestSize.Level1) { ASSERT_NE(openvpnControl_, nullptr); diff --git a/test/vpnmanager/unittest/sys_vpn_manager_test/vpn_template_processor_test.cpp b/test/vpnmanager/unittest/sys_vpn_manager_test/vpn_template_processor_test.cpp index 63b106b0..d2ae0400 100644 --- a/test/vpnmanager/unittest/sys_vpn_manager_test/vpn_template_processor_test.cpp +++ b/test/vpnmanager/unittest/sys_vpn_manager_test/vpn_template_processor_test.cpp @@ -20,10 +20,19 @@ #include "inet_addr.h" #include "ipsecvpn_config.h" +#include "ipsec_vpn_ctl.h" #include "l2tpvpn_config.h" +#include "l2tp_vpn_ctl.h" #include "vpn_template_processor.h" #include "net_manager_constants.h" - +#include "multi_vpn_helper.h" +#ifdef GTEST_API_ +#define private public +#define protected public +#endif +#include "networkvpn_service.h" + + namespace OHOS { namespace NetManagerStandard { namespace { @@ -34,31 +43,36 @@ class VpnTemplateProcessorTest : public testing::Test { public: static void SetUpTestCase(); static void TearDownTestCase(); - void SetUp(); - void TearDown(); + static inline auto networkVpnService_ = DelayedSingleton::GetInstance(); + static inline sptr vpnConfig_ = nullptr; + static inline std::string vpnId_ = "test001"; + static inline std::string vpnBundleName_ = "testBundleName"; }; void VpnTemplateProcessorTest::SetUpTestCase() {} -void VpnTemplateProcessorTest::TearDownTestCase() {} - -void VpnTemplateProcessorTest::SetUp() {} - -void VpnTemplateProcessorTest::TearDown() {} - +void VpnTemplateProcessorTest::TearDownTestCase() +{ + if (vpnConfig_ == nullptr) { + return; + } + networkVpnService_->DeleteSysVpnConfig(vpnId_); +} HWTEST_F(VpnTemplateProcessorTest, BuildConfig001, TestSize.Level1) { - sptr config = nullptr; + std::shared_ptr vpnObj = nullptr; + std::map> vpnObjMap; VpnTemplateProcessor processor; - EXPECT_EQ(processor.BuildConfig(config), NETMANAGER_EXT_ERR_INVALID_PARAMETER); + EXPECT_EQ(processor.BuildConfig(vpnObj, vpnObjMap), NETMANAGER_EXT_ERR_INTERNAL); } HWTEST_F(VpnTemplateProcessorTest, BuildConfig002, TestSize.Level1) { - sptr config = nullptr; + std::shared_ptr vpnObj = nullptr; + std::map> vpnObjMap; VpnTemplateProcessor processor; - EXPECT_EQ(processor.BuildConfig(config), NETMANAGER_EXT_ERR_INVALID_PARAMETER); + EXPECT_EQ(processor.BuildConfig(vpnObj, vpnObjMap), NETMANAGER_EXT_ERR_INTERNAL); } HWTEST_F(VpnTemplateProcessorTest, BuildConfig003, TestSize.Level1) @@ -71,11 +85,20 @@ HWTEST_F(VpnTemplateProcessorTest, BuildConfig003, TestSize.Level1) netAddr->address_ = ip; netAddr->prefixlen_ = 1; config->addresses_.push_back(*netAddr); - config->vpnId_ = "1234"; + config->vpnId_ = vpnId_; config->vpnName_ = "test001"; - config->vpnType_ = 1; + config->vpnType_ = 2; + int32_t userId = AppExecFwk::Constants::UNSPECIFIED_USERID; + std::vector activeUserIds; + networkVpnService_->CheckCurrentAccountType(userId, activeUserIds); + bool isVpnExtCall = true; + std::shared_ptr vpnObj = networkVpnService_->CreateSysVpnCtl( + config, userId, activeUserIds, isVpnExtCall); + MultiVpnHelper::GetInstance().CreateMultiVpnInfo(config->vpnId_, config->vpnType_, + vpnObj->multiVpnInfo_); VpnTemplateProcessor processor; - EXPECT_EQ(processor.BuildConfig(config), NETMANAGER_EXT_SUCCESS); + std::map> vpnObjMap; + EXPECT_EQ(processor.BuildConfig(vpnObj, vpnObjMap), NETMANAGER_EXT_SUCCESS); } HWTEST_F(VpnTemplateProcessorTest, BuildConfig004, TestSize.Level1) @@ -88,11 +111,122 @@ HWTEST_F(VpnTemplateProcessorTest, BuildConfig004, TestSize.Level1) netAddr->address_ = ip; netAddr->prefixlen_ = 1; config->addresses_.push_back(*netAddr); - config->vpnId_ = "1234"; + config->vpnId_ = vpnId_; + config->vpnName_ = "test001"; + config->vpnType_ = 4; + int32_t userId = AppExecFwk::Constants::UNSPECIFIED_USERID; + std::vector activeUserIds; + networkVpnService_->CheckCurrentAccountType(userId, activeUserIds); + bool isVpnExtCall = true; + std::shared_ptr vpnObj = networkVpnService_->CreateSysVpnCtl( + config, userId, activeUserIds, isVpnExtCall); + MultiVpnHelper::GetInstance().CreateMultiVpnInfo(config->vpnId_, config->vpnType_, + vpnObj->multiVpnInfo_); + VpnTemplateProcessor processor; + std::map> vpnObjMap; + EXPECT_EQ(processor.BuildConfig(vpnObj, vpnObjMap), NETMANAGER_EXT_SUCCESS); +} + +HWTEST_F(VpnTemplateProcessorTest, BuildConfig005, TestSize.Level1) +{ + sptr config = new (std::nothrow) L2tpVpnConfig(); + ASSERT_NE(config, nullptr); + config->vpnId_ = vpnId_; + config->vpnName_ = "test001"; + config->vpnType_ = 4; + int32_t userId = AppExecFwk::Constants::UNSPECIFIED_USERID; + std::vector activeUserIds; + networkVpnService_->CheckCurrentAccountType(userId, activeUserIds); + bool isVpnExtCall = true; + std::shared_ptr vpnObj = networkVpnService_->CreateSysVpnCtl( + config, userId, activeUserIds, isVpnExtCall); + std::map> vpnObjMap; + VpnTemplateProcessor processor; + EXPECT_EQ(processor.BuildConfig(vpnObj, vpnObjMap), NETMANAGER_EXT_ERR_INTERNAL); +} + +HWTEST_F(VpnTemplateProcessorTest, BuildConfig006, TestSize.Level1) +{ + sptr config = new (std::nothrow) L2tpVpnConfig(); + ASSERT_NE(config, nullptr); + config->vpnId_ = vpnId_; config->vpnName_ = "test001"; + config->vpnType_ = 5; + sptr netAddr = new (std::nothrow) INetAddr(); + ASSERT_NE(netAddr, nullptr); + std::string ip = "1.1.1.1"; + netAddr->address_ = ip; + netAddr->prefixlen_ = 1; + config->addresses_.push_back(*netAddr); + int32_t userId = AppExecFwk::Constants::UNSPECIFIED_USERID; + std::vector activeUserIds; + networkVpnService_->CheckCurrentAccountType(userId, activeUserIds); + bool isVpnExtCall = true; + std::shared_ptr vpnObj = networkVpnService_->CreateSysVpnCtl( + config, userId, activeUserIds, isVpnExtCall); + MultiVpnHelper::GetInstance().CreateMultiVpnInfo(config->vpnId_, config->vpnType_, + vpnObj->multiVpnInfo_); + std::map> vpnObjMap; + VpnTemplateProcessor processor; + EXPECT_EQ(processor.BuildConfig(vpnObj, vpnObjMap), NETMANAGER_EXT_SUCCESS); + vpnObjMap.insert({config->vpnId_, vpnObj}); + + config->vpnId_ = "test4"; config->vpnType_ = 4; + std::shared_ptr vpnObj4 = networkVpnService_->CreateSysVpnCtl( + config, userId, activeUserIds, isVpnExtCall); + MultiVpnHelper::GetInstance().CreateMultiVpnInfo(config->vpnId_, config->vpnType_, + vpnObj4->multiVpnInfo_); + EXPECT_EQ(processor.BuildConfig(vpnObj4, vpnObjMap), NETMANAGER_EXT_SUCCESS); +} + +HWTEST_F(VpnTemplateProcessorTest, BuildConfig007, TestSize.Level1) +{ + sptr config = new (std::nothrow) IpsecVpnConfig(); + ASSERT_NE(config, nullptr); + config->vpnId_ = "test3"; + config->vpnName_ = "test001"; + config->vpnType_ = 3; + sptr netAddr = new (std::nothrow) INetAddr(); + ASSERT_NE(netAddr, nullptr); + std::string ip = "1.1.1.1"; + netAddr->address_ = ip; + netAddr->prefixlen_ = 1; + config->addresses_.push_back(*netAddr); + int32_t userId = AppExecFwk::Constants::UNSPECIFIED_USERID; + std::vector activeUserIds; + networkVpnService_->CheckCurrentAccountType(userId, activeUserIds); + bool isVpnExtCall = true; + std::shared_ptr vpnObj3 = networkVpnService_->CreateSysVpnCtl( + config, userId, activeUserIds, isVpnExtCall); + MultiVpnHelper::GetInstance().CreateMultiVpnInfo(config->vpnId_, config->vpnType_, + vpnObj3->multiVpnInfo_); + std::map> vpnObjMap; VpnTemplateProcessor processor; - EXPECT_EQ(processor.BuildConfig(config), NETMANAGER_EXT_SUCCESS); + EXPECT_EQ(processor.BuildConfig(vpnObj3, vpnObjMap), NETMANAGER_EXT_SUCCESS); + vpnObjMap.insert({config->vpnId_, vpnObj3}); + + config->vpnType_ = 6; + std::shared_ptr vpnObj6 = networkVpnService_->CreateSysVpnCtl( + config, userId, activeUserIds, isVpnExtCall); + MultiVpnHelper::GetInstance().CreateMultiVpnInfo(config->vpnId_, config->vpnType_, + vpnObj6->multiVpnInfo_); + EXPECT_EQ(processor.BuildConfig(vpnObj6, vpnObjMap), NETMANAGER_EXT_SUCCESS); + + config->vpnType_ = 7; + std::shared_ptr vpnObj7 = networkVpnService_->CreateSysVpnCtl( + config, userId, activeUserIds, isVpnExtCall); + MultiVpnHelper::GetInstance().CreateMultiVpnInfo(config->vpnId_, config->vpnType_, + vpnObj7->multiVpnInfo_); + EXPECT_EQ(processor.BuildConfig(vpnObj7, vpnObjMap), NETMANAGER_EXT_SUCCESS); + + config->vpnType_ = 8; + std::shared_ptr vpnObj8 = networkVpnService_->CreateSysVpnCtl( + config, userId, activeUserIds, isVpnExtCall); + MultiVpnHelper::GetInstance().CreateMultiVpnInfo(config->vpnId_, config->vpnType_, + vpnObj8->multiVpnInfo_); + EXPECT_EQ(processor.BuildConfig(vpnObj8, vpnObjMap), NETMANAGER_EXT_SUCCESS); } + } // namespace NetManagerStandard } // namespace OHOS \ No newline at end of file diff --git a/test/vpnmanager/unittest/vpn_manager_test/net_vpn_impl_test.cpp b/test/vpnmanager/unittest/vpn_manager_test/net_vpn_impl_test.cpp index 7d757a1a..e6b17971 100644 --- a/test/vpnmanager/unittest/vpn_manager_test/net_vpn_impl_test.cpp +++ b/test/vpnmanager/unittest/vpn_manager_test/net_vpn_impl_test.cpp @@ -46,9 +46,6 @@ public: VpnConnStateCbTest() = default; virtual ~VpnConnStateCbTest() = default; void OnVpnConnStateChanged(const VpnConnectState &state) override; -#ifdef SUPPORT_SYSVPN - void OnMultiVpnConnStateChanged(const VpnConnectState &state, const std::string &vpnId) override; -#endif // SUPPORT_SYSVPN }; NetVpnImplInstance::NetVpnImplInstance(sptr config, const std::string &pkg, int32_t userId, std::vector &activeUserIds) @@ -73,10 +70,6 @@ bool NetVpnImplInstance::IsInternalVpn() void VpnConnStateCbTest::OnVpnConnStateChanged(const VpnConnectState &state) {} -#ifdef SUPPORT_SYSVPN -void VpnConnStateCbTest::OnMultiVpnConnStateChanged(const VpnConnectState &state, const std::string &vpnId) {}; -#endif // SUPPORT_SYSVPN - class NetVpnImplTest : public testing::Test { public: static inline std::unique_ptr netVpnImpl_ = nullptr; diff --git a/test/vpnmanager/unittest/vpn_manager_test/networkvpn_client_test.cpp b/test/vpnmanager/unittest/vpn_manager_test/networkvpn_client_test.cpp index 7444cc7c..99c363fd 100644 --- a/test/vpnmanager/unittest/vpn_manager_test/networkvpn_client_test.cpp +++ b/test/vpnmanager/unittest/vpn_manager_test/networkvpn_client_test.cpp @@ -47,10 +47,8 @@ using namespace testing::ext; class IVpnEventCallbackTest : public IRemoteStub { public: int32_t OnVpnStateChanged(bool isConnected) override{ return 0; }; -#ifdef SUPPORT_SYSVPN int32_t OnMultiVpnStateChanged(bool isConnected, const std::string &bundleName, const std::string &vpnId) override{ return 0; }; -#endif // SUPPORT_SYSVPN int32_t OnVpnMultiUserSetUp() override{ return 0; }; }; diff --git a/test/vpnmanager/unittest/vpn_manager_test/networkvpn_service_test.cpp b/test/vpnmanager/unittest/vpn_manager_test/networkvpn_service_test.cpp index 62ae299c..32fa01a6 100644 --- a/test/vpnmanager/unittest/vpn_manager_test/networkvpn_service_test.cpp +++ b/test/vpnmanager/unittest/vpn_manager_test/networkvpn_service_test.cpp @@ -38,10 +38,8 @@ constexpr const char *NET_ACTIVATE_WORK_THREAD = "VPN_CALLBACK_WORK_THREAD"; class VpnEventTestCallback : public VpnEventCallbackStub { public: int32_t OnVpnStateChanged(bool isConnected) override{ return 0; }; -#ifdef SUPPORT_SYSVPN int32_t OnMultiVpnStateChanged(bool isConnected, const std::string &bundleName, const std::string &vpnId) override{ return 0; }; -#endif // SUPPORT_SYSVPN int32_t OnVpnMultiUserSetUp() override{ return 0; }; }; } // namespace -- Gitee From 58db8033df9df5031ff3537fe819f2670ae9c182 Mon Sep 17 00:00:00 2001 From: rong_zhichao Date: Thu, 19 Jun 2025 14:03:11 +0800 Subject: [PATCH 2/7] fix codecheck Signed-off-by: xiaohui.xie --- test/vpnmanager/fuzztest/vpnclient_fuzzer/vpnclient_fuzzer.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/test/vpnmanager/fuzztest/vpnclient_fuzzer/vpnclient_fuzzer.cpp b/test/vpnmanager/fuzztest/vpnclient_fuzzer/vpnclient_fuzzer.cpp index da632b6c..033cac15 100644 --- a/test/vpnmanager/fuzztest/vpnclient_fuzzer/vpnclient_fuzzer.cpp +++ b/test/vpnmanager/fuzztest/vpnclient_fuzzer/vpnclient_fuzzer.cpp @@ -100,6 +100,8 @@ class VpnEventCallbackTest : public IRemoteStub { public: int32_t OnVpnStateChanged(bool isConnected) override { return 0; }; int32_t OnVpnMultiUserSetUp()override { return 0; }; + int32_t OnMultiVpnStateChanged(bool isConnected, const std::string &bundleName, + const std::string &vpnId) override{ return 0; }; }; __attribute__((no_sanitize("cfi"))) int32_t OnRemoteRequest(INetworkVpnServiceIpcCode code, -- Gitee From 7933d79e4ca426c1c279cd5870501053ae1fb6ff Mon Sep 17 00:00:00 2001 From: "xiaohui.xie" Date: Thu, 19 Jun 2025 16:40:40 +0800 Subject: [PATCH 3/7] fix codecheck Signed-off-by: xiaohui.xie --- services/vpnmanager/src/net_vpn_impl.cpp | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/services/vpnmanager/src/net_vpn_impl.cpp b/services/vpnmanager/src/net_vpn_impl.cpp index ee15f13d..8b22837e 100644 --- a/services/vpnmanager/src/net_vpn_impl.cpp +++ b/services/vpnmanager/src/net_vpn_impl.cpp @@ -73,17 +73,15 @@ int32_t NetVpnImpl::RegisterConnectStateChangedCb(std::shared_ptrvpnConnectState = state; - } -#endif // SUPPORT_SYSVPN if (connChangedCb_ == nullptr) { NETMGR_EXT_LOG_E("NotifyConnectState connect callback is null."); return; } #ifdef SUPPORT_SYSVPN - connChangedCb_->OnMultiVpnConnStateChanged(state, multiVpnInfo_->vpnId); + if (multiVpnInfo_ != nullptr) { + multiVpnInfo_->vpnConnectState = state; + connChangedCb_->OnMultiVpnConnStateChanged(state, multiVpnInfo_->vpnId); + } #endif // SUPPORT_SYSVPN connChangedCb_->OnVpnConnStateChanged(state); } -- Gitee From 8883af72b9a5d9bfb2259d00b150d098cc44b3e6 Mon Sep 17 00:00:00 2001 From: "xiaohui.xie" Date: Thu, 19 Jun 2025 19:47:04 +0800 Subject: [PATCH 4/7] fix review bug Signed-off-by: xiaohui.xie --- services/vpnmanager/src/l2tp_vpn_ctl.cpp | 1 - services/vpnmanager/src/networkvpn_service.cpp | 2 -- 2 files changed, 3 deletions(-) diff --git a/services/vpnmanager/src/l2tp_vpn_ctl.cpp b/services/vpnmanager/src/l2tp_vpn_ctl.cpp index d63df0b1..a20f63fe 100644 --- a/services/vpnmanager/src/l2tp_vpn_ctl.cpp +++ b/services/vpnmanager/src/l2tp_vpn_ctl.cpp @@ -99,7 +99,6 @@ int32_t L2tpVpnCtl::NotifyConnectStage(const std::string &stage, const int32_t & NETMGR_EXT_LOG_E("l2tpVpn stage: %{public}s failed, result: %{public}d", stage.c_str(), result); return NETMANAGER_EXT_ERR_INTERNAL; } - switch (state_) { case IpsecVpnStateCode::STATE_INIT: if (stage.compare(IPSEC_START_TAG) == 0) { diff --git a/services/vpnmanager/src/networkvpn_service.cpp b/services/vpnmanager/src/networkvpn_service.cpp index 2dec252e..79360e7d 100644 --- a/services/vpnmanager/src/networkvpn_service.cpp +++ b/services/vpnmanager/src/networkvpn_service.cpp @@ -243,7 +243,6 @@ void NetworkVpnService::VpnConnStateCb::OnVpnConnStateChanged(const VpnConnectSt vpnService_.networkVpnServiceFfrtQueue_->wait(OnVpnConnStateTask); } - void NetworkVpnService::VpnConnStateCb::OnMultiVpnConnStateChanged(const VpnConnectState &state, const std::string &vpnId) { @@ -276,7 +275,6 @@ void NetworkVpnService::VpnConnStateCb::OnMultiVpnConnStateChanged(const VpnConn #endif // SUPPORT_SYSVPN } - void NetworkVpnService::OnVpnMultiUserSetUp() { NETMGR_EXT_LOG_I("user multiple execute set up."); -- Gitee From 339517d07141181fce5a26ffe426b8d23a7d243b Mon Sep 17 00:00:00 2001 From: "xiaohui.xie" Date: Fri, 20 Jun 2025 10:37:10 +0800 Subject: [PATCH 5/7] fix review bug Signed-off-by: xiaohui.xie --- services/vpnmanager/src/l2tp_vpn_ctl.cpp | 2 +- services/vpnmanager/src/net_vpn_impl.cpp | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/services/vpnmanager/src/l2tp_vpn_ctl.cpp b/services/vpnmanager/src/l2tp_vpn_ctl.cpp index a20f63fe..4c58539a 100644 --- a/services/vpnmanager/src/l2tp_vpn_ctl.cpp +++ b/services/vpnmanager/src/l2tp_vpn_ctl.cpp @@ -229,7 +229,7 @@ void L2tpVpnCtl::HandleSwanCtlLoaded() void L2tpVpnCtl::HandleL2tpConfiged() { - NETMGR_EXT_LOG_I("3:l2tpd started orconfiged, process ipsec up"); + NETMGR_EXT_LOG_I("3:l2tpd started or configed, process ipsec up"); if (l2tpVpnConfig_->vpnType_ == VpnType::L2TP) { state_ = IpsecVpnStateCode::STATE_CONTROLLED; if (multiVpnInfo_ != nullptr) { diff --git a/services/vpnmanager/src/net_vpn_impl.cpp b/services/vpnmanager/src/net_vpn_impl.cpp index 8b22837e..d7bb0cef 100644 --- a/services/vpnmanager/src/net_vpn_impl.cpp +++ b/services/vpnmanager/src/net_vpn_impl.cpp @@ -463,12 +463,12 @@ int32_t NetVpnImpl::GenerateUidRanges(int32_t userId, std::vector &begi userId = AppExecFwk::Constants::START_USERID; } #ifdef SUPPORT_SYSVPN - if (multiVpnInfo_ != nullptr && multiVpnInfo_->isVpnExtCall) { - if (vpnConfig_->acceptedApplications_.size() == 0) { - NETMGR_EXT_LOG_W("GenerateUidRangesMark is vpn ext call, but not accept uid ranges"); - return NETMANAGER_EXT_SUCCESS; - } + if (multiVpnInfo_ != nullptr && multiVpnInfo_->isVpnExtCall) { + if (vpnConfig_->acceptedApplications_.size() == 0) { + NETMGR_EXT_LOG_W("GenerateUidRangesMark is vpn ext call, but not accept uid ranges"); + return NETMANAGER_EXT_SUCCESS; } + } #endif // SUPPORT_SYSVPN if (vpnConfig_->acceptedApplications_.size()) { std::set uids = GetAppsUids(userId, vpnConfig_->acceptedApplications_); -- Gitee From dd64b2c3f67a5ab891e1c9c8b498f1ef00831d6d Mon Sep 17 00:00:00 2001 From: "xiaohui.xie" Date: Tue, 24 Jun 2025 15:41:35 +0800 Subject: [PATCH 6/7] optimize rom Signed-off-by: xiaohui.xie --- frameworks/js/napi/vpn/src/vpn_monitor.cpp | 2 + frameworks/js/napi/vpnext/BUILD.gn | 4 +- services/vpnmanager/include/ipsec_vpn_ctl.h | 11 +- services/vpnmanager/include/l2tp_vpn_ctl.h | 10 +- .../include/vpn_template_processor.h | 6 +- services/vpnmanager/src/ipsec_vpn_ctl.cpp | 25 +- services/vpnmanager/src/l2tp_vpn_ctl.cpp | 37 +- .../vpnmanager/src/networkvpn_service.cpp | 27 +- .../vpnmanager/src/vpn_template_processor.cpp | 484 ++++++------------ .../ipsec_vpn_ctl_test.cpp | 91 +++- .../l2tp_vpn_ctl_test.cpp | 78 ++- .../vpn_template_processor_test.cpp | 85 ++- 12 files changed, 436 insertions(+), 424 deletions(-) diff --git a/frameworks/js/napi/vpn/src/vpn_monitor.cpp b/frameworks/js/napi/vpn/src/vpn_monitor.cpp index 7a0710d4..8bb35899 100644 --- a/frameworks/js/napi/vpn/src/vpn_monitor.cpp +++ b/frameworks/js/napi/vpn/src/vpn_monitor.cpp @@ -17,7 +17,9 @@ #include #include +#ifdef SUPPORT_SYSVPN #include +#endif // SUPPORT_SYSVPN #include #include diff --git a/frameworks/js/napi/vpnext/BUILD.gn b/frameworks/js/napi/vpnext/BUILD.gn index 3035aa43..16d56063 100644 --- a/frameworks/js/napi/vpnext/BUILD.gn +++ b/frameworks/js/napi/vpnext/BUILD.gn @@ -35,13 +35,13 @@ ohos_shared_library("vpnextension") { "src/vpn_exec_ext.cpp", "src/vpn_module_ext.cpp", "src/vpn_monitor_ext.cpp", - "src/uuid.cpp", ] if (netmanager_ext_feature_sysvpn) { sources += [ - "src/vpn_config_utils_ext.cpp", "src/context/generate_vpnId_context_ext.cpp", + "src/uuid.cpp", + "src/vpn_config_utils_ext.cpp", ] } diff --git a/services/vpnmanager/include/ipsec_vpn_ctl.h b/services/vpnmanager/include/ipsec_vpn_ctl.h index 162d4319..ea49536f 100644 --- a/services/vpnmanager/include/ipsec_vpn_ctl.h +++ b/services/vpnmanager/include/ipsec_vpn_ctl.h @@ -29,12 +29,11 @@ namespace OHOS { namespace NetManagerStandard { namespace { -const std::string SWAN_CONFIG_FILE = IPSEC_PIDDIR "/strongswan.conf"; -const std::string L2TP_IPSEC_CFG = IPSEC_PIDDIR "/ipsec.conf"; -const std::string L2TP_CFG = IPSEC_PIDDIR "/xl2tpd.conf"; -const std::string IPSEC_START_TAG = "start"; -const std::string SWANCTL_START_TAG = "config"; -const std::string IPSEC_CONNECT_TAG = "connect"; +constexpr const char *SWAN_CONFIG_FILE = IPSEC_PIDDIR "/strongswan.conf"; +constexpr const char *L2TP_CFG = IPSEC_PIDDIR "/xl2tpd.conf"; +constexpr const char *IPSEC_START_TAG = "start"; +constexpr const char *SWANCTL_START_TAG = "config"; +constexpr const char *IPSEC_CONNECT_TAG = "connect"; constexpr const char *IPSEC_CONNECT_NAME = "home"; constexpr const char *L2TP_CONNECT_NAME = "l2tp"; constexpr const char *IPSEC_NODE_UPDATE_CONFIG = "updateconfig"; diff --git a/services/vpnmanager/include/l2tp_vpn_ctl.h b/services/vpnmanager/include/l2tp_vpn_ctl.h index 8aa2fb57..6068a7c0 100644 --- a/services/vpnmanager/include/l2tp_vpn_ctl.h +++ b/services/vpnmanager/include/l2tp_vpn_ctl.h @@ -26,13 +26,13 @@ namespace OHOS { namespace NetManagerStandard { namespace { -const std::string L2TP_IPSEC_CONFIGURED_TAG = "xl2tpdstart"; -const std::string L2TP_IPSEC_CONNECTED_TAG = "pppdstart"; -constexpr const char *SINGLE_XL2TP_TEMPCONFIG = - R"(l2tp lns = vpn_address;ppp debug = yes;pppoptfile = options.l2tpd.client.conf;length bit = yes;)"; -constexpr const char *VPN_ADDRESS_KEY = "vpn_address"; +constexpr const char *L2TP_IPSEC_CONFIGURED_TAG = "xl2tpdstart"; +constexpr const char *L2TP_IPSEC_CONNECTED_TAG = "pppdstart"; constexpr const char *VPN_NAME_KEY = "l2tp"; constexpr const char *VPN_CLIENT_CONFIG_NAME_KEY = "options.l2tpd.client.conf"; +constexpr const char *SINGLE_XL2TP_CONFIG_LNS = " lns = "; +constexpr const char *SINGLE_XL2TP_CONFIG_PPP = ";ppp debug = yes;pppoptfile = "; +constexpr const char *SINGLE_XL2TP_CONFIG_LENGTH = ";length bit = yes;"; } // namespace class L2tpVpnCtl : public IpsecVpnCtl { public: diff --git a/services/vpnmanager/include/vpn_template_processor.h b/services/vpnmanager/include/vpn_template_processor.h index d81468a2..1fd49fda 100644 --- a/services/vpnmanager/include/vpn_template_processor.h +++ b/services/vpnmanager/include/vpn_template_processor.h @@ -35,10 +35,8 @@ private: std::map> &vpnObjMap); void GenOptionsL2tpdClient(sptr &config); void GenIpsecSecrets(sptr &config); - void InflateConf(std::string &conf, - const std::unordered_map& params); - - void GetConnectAndSecretTemp(int32_t type, std::string &outConnect, std::string &outSecret); + void GetSecret(sptr &ipsecConfig, int32_t ifNameId, std::string &outSecret); + void GetConnect(sptr &ipsecConfig, int32_t ifNameId, std::string &outConnect); void CreateConnectAndSecret(sptr &ipsecConfig, sptr &l2tpConfig, int32_t ifNameId, std::string &outConnect, std::string &outSecret); void CreateXl2tpdConf(sptr &config, int32_t ifNameId, std::string &outConf); diff --git a/services/vpnmanager/src/ipsec_vpn_ctl.cpp b/services/vpnmanager/src/ipsec_vpn_ctl.cpp index fb50d286..a3c59552 100644 --- a/services/vpnmanager/src/ipsec_vpn_ctl.cpp +++ b/services/vpnmanager/src/ipsec_vpn_ctl.cpp @@ -60,13 +60,11 @@ int32_t IpsecVpnCtl::StopSysVpn() { NETMGR_EXT_LOG_I("stop ipsec vpn"); state_ = IpsecVpnStateCode::STATE_DISCONNECTED; - if (multiVpnInfo_ != nullptr) { - NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_DOWN_HOME, - std::string(IPSEC_CONNECT_NAME) + std::to_string(multiVpnInfo_->ifNameId)); - } else { - NetsysController::GetInstance().ProcessVpnStage( - SysVpnStageCode::VPN_STAGE_DOWN_HOME, std::string(IPSEC_CONNECT_NAME)); - } + std::string baseConnectName = IPSEC_CONNECT_NAME; + std::string connectName = multiVpnInfo_ == nullptr ? baseConnectName : + baseConnectName + std::to_string(multiVpnInfo_->ifNameId); + NetsysController::GetInstance().ProcessVpnStage( + SysVpnStageCode::VPN_STAGE_DOWN_HOME, connectName); MultiVpnHelper::GetInstance().StopIpsec(); NotifyConnectState(VpnConnectState::VPN_DISCONNECTED); return NETMANAGER_EXT_SUCCESS; @@ -120,7 +118,6 @@ int32_t IpsecVpnCtl::SetUpVpnTun() } int result = NetVpnImpl::SetUp(); if (result != NETMANAGER_EXT_SUCCESS) { - NETMGR_EXT_LOG_W("ipsec SetUp failed"); StopSysVpn(); } NETMGR_EXT_LOG_I("ipsec SetUp %{public}d", result); @@ -294,13 +291,11 @@ void IpsecVpnCtl::ProcessIpsecUp() // 2. start connect NETMGR_EXT_LOG_I("ipsec vpn setup step 2: start connect"); state_ = IpsecVpnStateCode::STATE_CONFIGED; - if (multiVpnInfo_ != nullptr) { - NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_UP_HOME, - std::string(IPSEC_CONNECT_NAME) + std::to_string(multiVpnInfo_->ifNameId)); - } else { - NetsysController::GetInstance().ProcessVpnStage( - SysVpnStageCode::VPN_STAGE_UP_HOME, std::string(IPSEC_CONNECT_NAME)); - } + std::string baseConnectName = IPSEC_CONNECT_NAME; + std::string connectName = multiVpnInfo_ == nullptr ? baseConnectName : + baseConnectName + std::to_string(multiVpnInfo_->ifNameId); + NetsysController::GetInstance().ProcessVpnStage( + SysVpnStageCode::VPN_STAGE_UP_HOME, std::string(connectName)); } void IpsecVpnCtl::HandleConnected() diff --git a/services/vpnmanager/src/l2tp_vpn_ctl.cpp b/services/vpnmanager/src/l2tp_vpn_ctl.cpp index 4c58539a..bed31488 100644 --- a/services/vpnmanager/src/l2tp_vpn_ctl.cpp +++ b/services/vpnmanager/src/l2tp_vpn_ctl.cpp @@ -182,24 +182,13 @@ int32_t L2tpVpnCtl::GetConnectedSysVpnConfig(sptr &sysVpnConfig) std::string L2tpVpnCtl::GetXl2tpdConfig() { - std::string templateContent = SINGLE_XL2TP_TEMPCONFIG; + std::string templateContent; if (l2tpVpnConfig_ != nullptr && multiVpnInfo_ != nullptr && !l2tpVpnConfig_->addresses_.empty()) { - std::map params; - params[VPN_NAME_KEY] = std::string(VPN_NAME_KEY) + std::to_string(multiVpnInfo_->ifNameId); - params[VPN_ADDRESS_KEY] = l2tpVpnConfig_->addresses_[0].address_; - params[VPN_CLIENT_CONFIG_NAME_KEY] = std::string(VPN_CLIENT_CONFIG_NAME_KEY) + - "-" + std::to_string(multiVpnInfo_->ifNameId); - size_t pos = 0; - for (const auto& [key, value] : params) { - if (value.empty()) { - continue; - } - size_t pos = 0; - while ((pos = templateContent.find(key, pos)) != std::string::npos) { - templateContent.replace(pos, key.length(), value); - break; - } - } + templateContent.append(VPN_NAME_KEY).append(std::to_string(multiVpnInfo_->ifNameId)) + .append(SINGLE_XL2TP_CONFIG_LNS).append(l2tpVpnConfig_->addresses_[0].address_) + .append(SINGLE_XL2TP_CONFIG_PPP).append(VPN_CLIENT_CONFIG_NAME_KEY) + .append(std::to_string(multiVpnInfo_->ifNameId)) + .append(SINGLE_XL2TP_CONFIG_LENGTH); } templateContent = "\"" + templateContent + "\""; return templateContent; @@ -240,19 +229,17 @@ void L2tpVpnCtl::HandleL2tpConfiged() } } else { state_ = IpsecVpnStateCode::STATE_L2TP_STARTED; - if (multiVpnInfo_ != nullptr) { - NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_UP_HOME, - std::string(IPSEC_CONNECT_NAME) + std::to_string(multiVpnInfo_->ifNameId)); - } else { - NetsysController::GetInstance().ProcessVpnStage( - SysVpnStageCode::VPN_STAGE_UP_HOME, std::string(IPSEC_CONNECT_NAME)); - } + std::string baseConnectName = IPSEC_CONNECT_NAME; + std::string connectName = multiVpnInfo_ == nullptr ? baseConnectName : + baseConnectName + std::to_string(multiVpnInfo_->ifNameId); + NetsysController::GetInstance().ProcessVpnStage( + SysVpnStageCode::VPN_STAGE_UP_HOME, connectName); } } void L2tpVpnCtl::HandleL2tpdCtl() { - NETMGR_EXT_LOG_I("4:set stage IPSEC_L2TP_CTL, process ehco c"); + NETMGR_EXT_LOG_I("4:set stage IPSEC_L2TP_CTL, process echo c"); state_ = IpsecVpnStateCode::STATE_CONTROLLED; if (multiVpnInfo_ != nullptr) { NetsysController::GetInstance().ProcessVpnStage(SysVpnStageCode::VPN_STAGE_L2TP_CTL, diff --git a/services/vpnmanager/src/networkvpn_service.cpp b/services/vpnmanager/src/networkvpn_service.cpp index 79360e7d..63dab4f4 100644 --- a/services/vpnmanager/src/networkvpn_service.cpp +++ b/services/vpnmanager/src/networkvpn_service.cpp @@ -209,27 +209,29 @@ void NetworkVpnService::PublishVpnConnectionStateEvent(const VpnConnectState &st void NetworkVpnService::VpnConnStateCb::OnVpnConnStateChanged(const VpnConnectState &state) { NETMGR_EXT_LOG_I("receive new vpn connect state[%{public}d].", static_cast(state)); - vpnService_.PublishVpnConnectionStateEvent(state); if (!vpnService_.networkVpnServiceFfrtQueue_) { NETMGR_EXT_LOG_E("FFRT Create Fail"); return; } #ifdef SUPPORT_SYSVPN - int32_t userId = AppExecFwk::Constants::UNSPECIFIED_USERID; - int32_t uid = IPCSkeleton::GetCallingUid(); - if (AccountSA::OsAccountManager::GetOsAccountLocalIdFromUid(uid, userId) != ERR_OK) { - NETMGR_EXT_LOG_E("GetOsAccountLocalIdFromUid error, uid: %{public}d.", uid); - return; - } - bool isAllDisconnected = true; - for (const auto& [name, vpn] : vpnService_.vpnObjMap_) { - if (vpn->multiVpnInfo_->userId == userId && - vpn->multiVpnInfo_->vpnConnectState == VpnConnectState::VPN_CONNECTED) { - isAllDisconnected = false; + if (state == VpnConnectState::VPN_DISCONNECTED) { + int32_t userId = AppExecFwk::Constants::UNSPECIFIED_USERID; + int32_t uid = IPCSkeleton::GetCallingUid(); + if (AccountSA::OsAccountManager::GetOsAccountLocalIdFromUid(uid, userId) != ERR_OK) { + NETMGR_EXT_LOG_E("GetOsAccountLocalIdFromUid error, uid: %{public}d.", uid); return; } + for (const auto &[name, vpn] : vpnService_.vpnObjMap_) { + int32_t vpnUserId = (vpn != nullptr && vpn->multiVpnInfo_ != nullptr) ? + vpn->multiVpnInfo_->userId : AppExecFwk::Constants::UNSPECIFIED_USERID; + if (vpnUserId == userId && vpn->multiVpnInfo_->vpnConnectState == VpnConnectState::VPN_CONNECTED) { + NETMGR_EXT_LOG_I("OnVpnConnStateChanged :: other vpn is connnected"); + return; + } + } } #endif // SUPPORT_SYSVPN + vpnService_.PublishVpnConnectionStateEvent(state); std::function OnVpnConnStateChangedFunction = [this, &state]() { std::for_each(vpnService_.vpnEventCallbacks_.begin(), vpnService_.vpnEventCallbacks_.end(), [&state](const auto &callback) { @@ -248,7 +250,6 @@ void NetworkVpnService::VpnConnStateCb::OnMultiVpnConnStateChanged(const VpnConn { #ifdef SUPPORT_SYSVPN NETMGR_EXT_LOG_I("receive new vpn connect state[%{public}d].", static_cast(state)); - vpnService_.PublishVpnConnectionStateEvent(state); if (!vpnService_.networkVpnServiceFfrtQueue_) { NETMGR_EXT_LOG_E("FFRT Create Fail"); return; diff --git a/services/vpnmanager/src/vpn_template_processor.cpp b/services/vpnmanager/src/vpn_template_processor.cpp index c461fa68..3f14cb08 100644 --- a/services/vpnmanager/src/vpn_template_processor.cpp +++ b/services/vpnmanager/src/vpn_template_processor.cpp @@ -20,238 +20,7 @@ namespace OHOS { namespace NetManagerStandard { -constexpr const char* KEY_VPN_ADDRESS = "vpn_address_value"; -constexpr const char* KEY_VPN_USERNAME = "vpn_username_value"; -constexpr const char* KEY_VPN_IPSEC_IDENTIFIER = "vpn_ipsec_identifier_value"; -constexpr const char* KEY_VPN_PASSWORD = "vpn_password_value"; -constexpr const char* KEY_VPN_IPSEC_SHAREDKEY = "vpn_ipsec_sharedKey_value"; -constexpr const char* KEY_VPN_HOME_ELEMENT = "homeElement"; -constexpr const char* KEY_VPN_HOME = "home"; -constexpr const char* KEY_VPN_MYVPN_NAME = "lac l2tp"; -constexpr const char* KEY_VPN_CLIENT_CONFIG_NAME = "options.l2tpd.client.conf"; -constexpr const char* KEY_VPN_IF_ID_NUM = "if_id_num"; -constexpr const char* KEY_VPN_L2TP_PSK_ID = "l2tp_psk_id"; - -constexpr const char* IKE2_IPSEC_MSCHAPV2_SWANCTL_CONNECTIONS_TEMPCONFIG = R"( - homeElement { - remote_addrs = vpn_address_value - vips = 0.0.0.0 - local { - auth = eap-mschapv2 - eap_id = vpn_username_value - } - remote { - auth = pubkey - } - children { - home { - if_id_in=if_id_num - if_id_out=if_id_num - remote_ts=0.0.0.0/0 - esp_proposals = default - } - } - version = 2 - proposals = default - })"; - -constexpr const char* IKE2_IPSEC_PSK_SWANCTL_CONNECTIONS_TEMPCONFIG = R"( - homeElement { - remote_addrs = vpn_address_value - vips = 0.0.0.0 - local { - auth = psk - } - remote { - auth = psk - id = vpn_ipsec_identifier_value - } - children { - home { - if_id_in=if_id_num - if_id_out=if_id_num - remote_ts=0.0.0.0/0 - esp_proposals = default - } - } - version = 2 - proposals = default - })"; - -constexpr const char* IKE2_IPSEC_RSA_SWANCTL_CONNECTIONS_TEMPCONFIG = R"( - homeElement { - remote_addrs = vpn_address_value - vips = 0.0.0.0 - local { - auth = pubkey - id = vpn_ipsec_identifier_value - } - remote { - auth = pubkey - } - children { - home { - if_id_in=if_id_num - if_id_out=if_id_num - remote_ts=0.0.0.0/0 - esp_proposals = default - } - } - version = 2 - proposals = default - })"; - -constexpr const char* IPSEC_HYBRID_RSA_SWANCTL_CONNECTIONS_TEMPCONFIG = R"( - homeElement { - remote_addrs = vpn_address_value - vips = 0.0.0.0 - local { - auth = xauth - xauth_id = vpn_username_value - } - remote { - auth = pubkey - } - children { - home { - if_id_in=if_id_num - if_id_out=if_id_num - remote_ts=0.0.0.0/0 - esp_proposals = default - } - } - version = 1 - proposals = default - })"; - -constexpr const char* IPSEC_XAUTH_PSK_SWANCTL_CONNECTIONS_TEMPCONFIG = R"( - homeElement { - remote_addrs = vpn_address_value - vips = 0.0.0.0 - local { - id = vpn_ipsec_identifier_value - auth = psk - } - local-xauth { - auth = xauth - xauth_id = vpn_username_value - } - remote { - id = vpn_ipsec_identifier_value - auth = psk - } - children { - home { - if_id_in=if_id_num - if_id_out=if_id_num - remote_ts=0.0.0.0/0 - esp_proposals = default - } - } - version = 1 - proposals = default - aggressive=yes - })"; - -constexpr const char* L2TP_PSK_SWANCTL_CONNECTIONS_TEMPCONFIG = R"( - homeElement { - remote_addrs = vpn_address_value - local { - id = l2tp_psk_id - auth = psk - } - remote { - id = vpn_ipsec_identifier_value - auth = psk - } - children { - homel2tp { - mode=transport - local_ts = 0.0.0.0/0[udp/1701] - remote_ts = vpn_address_value/32[udp/1701] - esp_proposals = aes256-sha1, aes128-sha1, 3des-sha1 - } - } - version = 1 - proposals = 3des-sha1-modp1024, aes128-sha1-modp1024, aes256-sha1-modp1024 - })"; - -constexpr const char* L2TP_RSA_SWANCTL_CONNECTIONS_TEMPCONFIG = R"( - homeElement { - remote_addrs = vpn_address_value - local { - auth = psk - } - remote { - auth = psk - } - children { - homel2tp { - mode=transport - local_ts = 0.0.0.0/0[udp/1701] - remote_ts = vpn_address_value/32[udp/1701] - esp_proposals = aes256-sha1, aes128-sha1, 3des-sha1 - } - } - version = 1 - proposals = 3des-sha1-modp1024, aes128-sha1-modp1024, aes256-sha1-modp1024 - })"; - -constexpr const char* IPSEC_XAUTH_RSA_SWANCTL_CONNECTIONS_TEMPCONFIG = R"( - homeElement { - remote_addrs = vpn_address_value - vips = 0.0.0.0 - local { - auth = pubkey - id = vpn_username_value - } - local-xauth { - auth = xauth - } - remote { - auth = pubkey - } - children { - home { - remote_ts=0.0.0.0/0 - esp_proposals = default - } - } - version = 1 - proposals = default - })"; - -constexpr const char* L2TP_IPSEC_XL2TP_TEMPCONFIG = R"([lac l2tp] -; set this to the ip address of your vpn server -lns = vpn_address_value -ppp debug = yes -pppoptfile = options.l2tpd.client.conf -length bit = yes -)"; - -constexpr const char* L2TP_IPSEC_OPTION_L2TP_TEMPCONFIG = R"( -ipcp-accept-local -ipcp-accept-remote -refuse-eap -require-mschap-v2 -noccp -noauth -idle 1800 -mtu 1410 -mru 1410 -defaultroute -usepeerdns -debug -connect-delay 5000 -name vpn_username_value -password vpn_password_value)"; - -constexpr const char* L2TP_IPSEC_PSK_IPSEC_SECERETS_TEMPCONFIG = R"( -: PSK vpn_ipsec_sharedKey_value)"; - -constexpr const char* STRONGSWAN_CONF_TEMPCONFIG = R"( -# /etc/strongswan.conf - strongSwan configuration file -charon { +constexpr const char* STRONGSWAN_CONF_TEMPCONFIG = R"(charon { i_dont_care_about_security_and_use_aggressive_mode_psk = yes install_virtual_ip = no plugins { @@ -279,15 +48,16 @@ int32_t VpnTemplateProcessor::BuildConfig(std::shared_ptr &vpnObj, return NETMANAGER_EXT_ERR_INTERNAL; } int32_t ifNameId = sysVpnObj->multiVpnInfo_->ifNameId; + GenSwanctlOrIpsecConf(sysVpnObj->ipsecVpnConfig_, sysVpnObj->l2tpVpnConfig_, ifNameId, vpnObjMap); if (sysVpnObj->ipsecVpnConfig_ != nullptr) { - GenSwanctlOrIpsecConf(sysVpnObj->ipsecVpnConfig_, sysVpnObj->l2tpVpnConfig_, ifNameId, vpnObjMap); sysVpnObj->ipsecVpnConfig_->strongswanConf_ = STRONGSWAN_CONF_TEMPCONFIG; } else if (sysVpnObj->l2tpVpnConfig_ != nullptr) { GenOptionsL2tpdClient(sysVpnObj->l2tpVpnConfig_); GenXl2tpdConf(sysVpnObj->l2tpVpnConfig_, ifNameId, vpnObjMap); - GenSwanctlOrIpsecConf(sysVpnObj->ipsecVpnConfig_, sysVpnObj->l2tpVpnConfig_, ifNameId, vpnObjMap); GenIpsecSecrets(sysVpnObj->l2tpVpnConfig_); sysVpnObj->l2tpVpnConfig_->strongswanConf_ = STRONGSWAN_CONF_TEMPCONFIG; + } else { + NETMGR_EXT_LOG_W("invalid config"); } return NETMANAGER_EXT_SUCCESS; } @@ -295,6 +65,10 @@ int32_t VpnTemplateProcessor::BuildConfig(std::shared_ptr &vpnObj, void VpnTemplateProcessor::GenSwanctlOrIpsecConf(sptr &ipsecConfig, sptr &l2tpConfig, int32_t ifNameId, std::map> &vpnObjMap) { + if (ipsecConfig == nullptr && l2tpConfig == nullptr) { + NETMGR_EXT_LOG_W("invalid config"); + return; + } std::string connects; std::string secrets; for (const auto& pair : vpnObjMap) { @@ -307,19 +81,22 @@ void VpnTemplateProcessor::GenSwanctlOrIpsecConf(sptr &ipsecConf } } CreateConnectAndSecret(ipsecConfig, l2tpConfig, ifNameId, connects, secrets); - std::string conf = "connections {\n" + connects + "\n}" + "\nsecrets {\n" + secrets + "\n}"; + std::string conf = "connections {\n" + connects + "\n}\nsecrets {\n" + secrets + "\n}"; if (ipsecConfig != nullptr) { ipsecConfig->swanctlConf_ = conf; - } else if (l2tpConfig != nullptr) { + } + if (l2tpConfig != nullptr) { l2tpConfig->ipsecConf_ = conf; - } else { - NETMGR_EXT_LOG_W("invalid config"); } } void VpnTemplateProcessor::GenXl2tpdConf(sptr &config, int32_t ifNameId, std::map> &vpnObjMap) { + if (config == nullptr) { + NETMGR_EXT_LOG_W("invalid config"); + return; + } std::string conf; for (const auto& pair : vpnObjMap) { if (pair.second != nullptr) { @@ -335,147 +112,178 @@ void VpnTemplateProcessor::GenXl2tpdConf(sptr &config, int32_t if void VpnTemplateProcessor::GenOptionsL2tpdClient(sptr &config) { + if (config == nullptr) { + NETMGR_EXT_LOG_W("invalid config"); + return; + } int32_t configType = config->vpnType_; - std::string conf; if (configType == VpnType::L2TP_IPSEC_PSK || configType == VpnType::L2TP_IPSEC_RSA - || configType == VpnType::L2TP) { - conf.append(L2TP_IPSEC_OPTION_L2TP_TEMPCONFIG); + || configType == VpnType::L2TP) { + std::ostringstream oss; + oss << "ipcp-accept-local\nipcp-accept-remote\nrefuse-eap\nrequire-mschap-v2\n"; + oss << "noccp\nnoauth\nidle 1800\nmtu 1410\nmru 1410\n"; + oss << "defaultroute\nusepeerdns\ndebug\nconnect-delay 5000\n"; + oss << "name " << config->userName_ << " \npassword " << config->password_; + config->optionsL2tpdClient_ = oss.str(); } - std::unordered_map params; - params[KEY_VPN_USERNAME] = config->userName_; - params[KEY_VPN_PASSWORD] = config->password_; - InflateConf(conf, params); - config->optionsL2tpdClient_ = conf; } void VpnTemplateProcessor::GenIpsecSecrets(sptr &config) { - int32_t configType = config->vpnType_; - std::string conf; - if (configType == VpnType::L2TP_IPSEC_PSK) { - conf.append(L2TP_IPSEC_PSK_IPSEC_SECERETS_TEMPCONFIG); + if (config != nullptr && config->vpnType_ == VpnType::L2TP_IPSEC_PSK) { + config->ipsecSecrets_ = ": PSK " + config->ipsecPreSharedKey_; } - std::unordered_map params; - params[KEY_VPN_IPSEC_SHAREDKEY] = config->ipsecPreSharedKey_; - InflateConf(conf, params); - config->ipsecSecrets_ = conf; } -void VpnTemplateProcessor::InflateConf(std::string &conf, - const std::unordered_map& params) +void VpnTemplateProcessor::CreateXl2tpdConf(sptr &config, int32_t ifNameId, std::string &outConf) { - for (const auto& [key, value] : params) { - if (value.empty()) { - continue; - } - size_t pos = 0; - while ((pos = conf.find(key, pos)) != std::string::npos) { - conf.replace(pos, key.length(), value); - pos += value.length(); - } + if (config == nullptr || config->addresses_.empty()) { + NETMGR_EXT_LOG_W("invalid config"); + return; } + std::ostringstream oss; + oss << "[lac l2tp" << ifNameId << "]" << std::endl; + oss << "lns = " << config->addresses_[0].address_ << std::endl; + oss << "ppp debug = yes" << std::endl; + oss << "pppoptfile = options.l2tpd.client.conf-" << ifNameId << std::endl; + oss << "length bit = yes" << std::endl; + outConf.append(oss.str()); } -void VpnTemplateProcessor::CreateXl2tpdConf(sptr &config, int32_t ifNameId, std::string &outConf) +void VpnTemplateProcessor::GetSecret(sptr &ipsecConfig, int32_t ifNameId, std::string &outSecret) { - if (config == nullptr) { + if (ipsecConfig == nullptr) { + NETMGR_EXT_LOG_W("invalid config"); return; } - std::string conf = L2TP_IPSEC_XL2TP_TEMPCONFIG; - std::unordered_map params; - params[KEY_VPN_ADDRESS] = config->addresses_[0].address_; - params[KEY_VPN_MYVPN_NAME] = KEY_VPN_MYVPN_NAME + std::to_string(ifNameId); - params[KEY_VPN_CLIENT_CONFIG_NAME] = std::string(KEY_VPN_CLIENT_CONFIG_NAME) + "-" + std::to_string(ifNameId); - InflateConf(conf, params); - outConf += conf; + std::string homeElement = "home" + std::to_string(ifNameId); + std::string ipsecId = ipsecConfig->ipsecIdentifier_.empty() ? "%any" : ipsecConfig->ipsecIdentifier_; + std::ostringstream oss; + switch (ipsecConfig->vpnType_) { + case VpnType::IKEV2_IPSEC_MSCHAPv2: { + oss << "eap-" << homeElement << " {\nid = " << ipsecConfig->userName_; + oss << "\nsecret = " << ipsecConfig->password_ << "\n}\n"; + break; + } + case VpnType::IKEV2_IPSEC_PSK: { + oss << "ike-" << homeElement << " {\nid = " << ipsecId; + oss << "\nsecret = " << ipsecConfig->ipsecPreSharedKey_ << "\n}\n"; + break; + } + case VpnType::IPSEC_XAUTH_PSK: { + oss << "ike-" << homeElement << " {\nid = " << ipsecId; + oss << "\nsecret = " << ipsecConfig->ipsecPreSharedKey_ << "\n}\n"; + oss << "xauth-" << homeElement << " {\nid = " << ipsecConfig->userName_; + oss << "\nsecret = " << ipsecConfig->password_ << "\n}\n"; + break; + } + case VpnType::IPSEC_XAUTH_RSA: + case VpnType::IPSEC_HYBRID_RSA: { + oss << "xauth-" << homeElement << " {id = " << ipsecConfig->userName_; + oss << "\nsecret = " << ipsecConfig->password_ << "\n}\n"; + break; + } + default: + break; + } + outSecret.append(oss.str()); } -void VpnTemplateProcessor::GetConnectAndSecretTemp(int32_t type, std::string &outConnect, std::string &outSecret) +void VpnTemplateProcessor::GetConnect(sptr &ipsecConfig, int32_t ifNameId, std::string &outConnect) { - const std::string secretsUsername = "\nid = vpn_username_value\nsecret = vpn_password_value\n"; - const std::string secretsId = "\nid = vpn_ipsec_identifier_value\nsecret = vpn_ipsec_sharedKey_value\n"; - const std::string l2tpIpsecSecret = - "\nid-1 = l2tp_psk_id\nid-2 = vpn_ipsec_identifier_value\nsecret = vpn_ipsec_sharedKey_value\n"; - switch (type) { - case VpnType::IKEV2_IPSEC_MSCHAPv2: - outConnect = IKE2_IPSEC_MSCHAPV2_SWANCTL_CONNECTIONS_TEMPCONFIG; - outSecret = "eap-homeElement {" + secretsUsername + "}\n"; - break; - case VpnType::IKEV2_IPSEC_PSK: - outConnect = IKE2_IPSEC_PSK_SWANCTL_CONNECTIONS_TEMPCONFIG; - outSecret = "ike-homeElement {" + secretsId + "}\n"; - break; - case VpnType::IKEV2_IPSEC_RSA: - outConnect = IKE2_IPSEC_RSA_SWANCTL_CONNECTIONS_TEMPCONFIG; + if (ipsecConfig == nullptr || ipsecConfig->addresses_.empty()) { + NETMGR_EXT_LOG_W("invalid config"); + return; + } + std::string homeElement = "home" + std::to_string(ifNameId); + std::string ipsecId = ipsecConfig->ipsecIdentifier_.empty() ? "%any" : ipsecConfig->ipsecIdentifier_; + std::string children = "children {\n home {\n if_id_in=" + std::to_string(ifNameId) + "\n if_id_out=" + + std::to_string(ifNameId) + "\nremote_ts=0.0.0.0/0\n esp_proposals = default\n}\n}"; + outConnect = homeElement + " {\n remote_addrs = " + ipsecConfig->addresses_[0].address_ + "\n vips = 0.0.0.0\n"; + std::ostringstream oss; + switch (ipsecConfig->vpnType_) { + case VpnType::IKEV2_IPSEC_MSCHAPv2: { + oss << "local {\n auth = eap-mschapv2\n eap_id = " << ipsecConfig->userName_ << "\n}\n"; + oss << "remote {\n auth = pubkey\n}\n" << children << "\nversion = 2\n proposals = default\n}\n"; break; - case VpnType::IPSEC_XAUTH_PSK: - outConnect = IPSEC_XAUTH_PSK_SWANCTL_CONNECTIONS_TEMPCONFIG; - outSecret = "ike-homeElement {" + secretsId + "}\n" - + "xauth-homeElement {" + secretsUsername + "}\n"; + } + case VpnType::IKEV2_IPSEC_PSK: { + oss << "local {\n auth = psk\n}\n remote {\n auth = psk\n id = " << ipsecId << "\n}\n"; + oss << children << "\nversion = 2\n proposals = default\n}\n"; break; - case VpnType::IPSEC_XAUTH_RSA: - outConnect = IPSEC_XAUTH_RSA_SWANCTL_CONNECTIONS_TEMPCONFIG; - outSecret = "xauth-homeElement {" + secretsUsername + "}\n"; + } + case VpnType::IKEV2_IPSEC_RSA: { + oss << "local {\n auth = pubkey\n id = " << ipsecId << "\n}\n"; + oss << "remote {\n auth = pubkey\n}\n" << children << "\nversion = 2\n proposals = default\n}\n"; break; - case VpnType::IPSEC_HYBRID_RSA: - outConnect = IPSEC_HYBRID_RSA_SWANCTL_CONNECTIONS_TEMPCONFIG; - outSecret = "xauth-homeElement {" + secretsUsername + "}\n"; + } + case VpnType::IPSEC_XAUTH_PSK: { + oss << "local {\n auth = psk\n id = " << ipsecId << "\n}\n"; + oss << "local-xauth {\n auth = xauth\n xauth_id = " << ipsecConfig->userName_ << "\n}\n"; + oss << "remote {\n auth = psk\n id = " << ipsecId << "\n}\n"; + oss << children << "\n version = 1\n proposals = default\n aggressive=yes\n}\n"; break; - case VpnType::L2TP_IPSEC_PSK: - outConnect = L2TP_PSK_SWANCTL_CONNECTIONS_TEMPCONFIG; - outSecret = "ike-homeElement {" + l2tpIpsecSecret + "}\n"; + } + case VpnType::IPSEC_XAUTH_RSA: { + oss << "local {\n auth = pubkey\n id = " << ipsecId << "\n}\n"; + oss << "local-xauth {\n auth = xauth\n}\n remote {\n auth = pubkey\n}\n"; + oss << "children {\n home {\n remote_ts=0.0.0.0/0\n esp_proposals = default\n}\n}\n"; + oss << "version = 1\n proposals = default\n}\n"; break; - case VpnType::L2TP_IPSEC_RSA: - outConnect = L2TP_RSA_SWANCTL_CONNECTIONS_TEMPCONFIG; + } + case VpnType::IPSEC_HYBRID_RSA: { + oss << "local {\n auth = xauth\n xauth_id = " << ipsecConfig->userName_ << "\n}\n"; + oss << "remote {\n auth = pubkey\n}\n"; + oss << children << "{\n version = 1\n proposals = default\n}\n"; break; + } default: break; } + outConnect.append(oss.str()); } void VpnTemplateProcessor::CreateConnectAndSecret(sptr &ipsecConfig, sptr &l2tpConfig, int32_t ifNameId, std::string &outConnect, std::string &outSecret) { - std::string connect; - std::string secret; - std::string emptyId = "%any"; - std::unordered_map params; + if (ipsecConfig == nullptr && l2tpConfig == nullptr) { + NETMGR_EXT_LOG_W("invalid config"); + return; + } + std::string connect, secret; if (l2tpConfig != nullptr) { if (l2tpConfig->vpnType_ == L2TP) { return; } - GetConnectAndSecretTemp(l2tpConfig->vpnType_, connect, secret); + std::string homeElement = "home" + std::to_string(ifNameId); + std::string address = !l2tpConfig->addresses_.empty() ? l2tpConfig->addresses_[0].address_ : ""; + std::string localId = !l2tpConfig->ipsecIdentifier_.empty() ? l2tpConfig->ipsecIdentifier_ : + (l2tpConfig->vpnType_ == L2TP_IPSEC_PSK) ? homeElement : "%any"; + std::string remoteId = l2tpConfig->ipsecIdentifier_.empty() ? "%any" : l2tpConfig->ipsecIdentifier_; + std::string authType = (l2tpConfig->vpnType_ == L2TP_IPSEC_PSK) ? "psk" : "pubkey"; - params[KEY_VPN_L2TP_PSK_ID] = - l2tpConfig->ipsecIdentifier_.empty() ? KEY_VPN_HOME_ELEMENT : l2tpConfig->ipsecIdentifier_; - InflateConf(connect, params); - InflateConf(secret, params); - params[KEY_VPN_ADDRESS] = l2tpConfig->addresses_[0].address_; - params[KEY_VPN_HOME_ELEMENT] = KEY_VPN_HOME + std::to_string(ifNameId); - params[KEY_VPN_IPSEC_IDENTIFIER] = l2tpConfig->ipsecIdentifier_.empty() - ? emptyId : l2tpConfig->ipsecIdentifier_; - params[KEY_VPN_IPSEC_SHAREDKEY] = l2tpConfig->ipsecPreSharedKey_; - InflateConf(connect, params); - InflateConf(secret, params); - } else if (ipsecConfig != nullptr) { - GetConnectAndSecretTemp(ipsecConfig->vpnType_, connect, secret); + std::ostringstream connectOss, secretOss; + connectOss << "home" << ifNameId << " {\nremote_addrs = " << address << "\n"; + connectOss << "local {\nid = " << localId << "\nauth = " << authType << "\n}\n"; + connectOss << "remote {\nid = " << remoteId << "\nauth = " << authType << "\n}\n"; + connectOss << "children {\nhomel2tp {\nmode=transport\nlocal_ts = 0.0.0.0/0[udp/1701]\n"; + connectOss << "remote_ts = " << address << "/32[udp/1701]\n"; + connectOss << "esp_proposals = aes256-sha1, aes128-sha1, 3des-sha1\n}\n}\nversion = 1\n"; + connectOss << "proposals = 3des-sha1-modp1024, aes128-sha1-modp1024, aes256-sha1-modp1024\n}\n"; - params[KEY_VPN_ADDRESS] = ipsecConfig->addresses_[0].address_; - params[KEY_VPN_IPSEC_IDENTIFIER] = ipsecConfig->ipsecIdentifier_.empty() - ? emptyId : ipsecConfig->ipsecIdentifier_; - params[KEY_VPN_IPSEC_SHAREDKEY] = ipsecConfig->ipsecPreSharedKey_; - params[KEY_VPN_USERNAME] = ipsecConfig->userName_; - params[KEY_VPN_PASSWORD] = ipsecConfig->password_; - params[KEY_VPN_HOME_ELEMENT] = KEY_VPN_HOME + std::to_string(ifNameId); - params[KEY_VPN_IF_ID_NUM] = std::to_string(ifNameId); - InflateConf(connect, params); - InflateConf(secret, params); - } else { - connect = ""; - secret = ""; + std::string l2tpId = l2tpConfig->ipsecIdentifier_.empty() ? homeElement : l2tpConfig->ipsecIdentifier_; + secretOss << "ike-" << homeElement << " {\nid-1 = " << l2tpId; + secretOss << "\nid-2 = " << l2tpId << "\nsecret = " << l2tpConfig->ipsecPreSharedKey_ << "\n}\n"; + + connect = connectOss.str(); + secret = secretOss.str(); + } + if (ipsecConfig != nullptr) { + GetConnect(ipsecConfig, ifNameId, connect); + GetSecret(ipsecConfig, ifNameId, secret); } - outConnect += connect; - outSecret += secret; + outConnect.append(connect); + outSecret.append(secret); } } // namespace NetManagerStandard } // namespace OHOS diff --git a/test/vpnmanager/unittest/sys_vpn_manager_test/ipsec_vpn_ctl_test.cpp b/test/vpnmanager/unittest/sys_vpn_manager_test/ipsec_vpn_ctl_test.cpp index 0a30dbb7..50784d24 100644 --- a/test/vpnmanager/unittest/sys_vpn_manager_test/ipsec_vpn_ctl_test.cpp +++ b/test/vpnmanager/unittest/sys_vpn_manager_test/ipsec_vpn_ctl_test.cpp @@ -139,6 +139,24 @@ HWTEST_F(IpsecVpnCtlTest, NotifyConnectStageTest001, TestSize.Level1) EXPECT_EQ(ipsecControl_->NotifyConnectStage(stage, errorCode), NETMANAGER_EXT_ERR_INTERNAL); } +HWTEST_F(IpsecVpnCtlTest, NotifyConnectStageTest002, TestSize.Level1) +{ + ASSERT_NE(ipsecControl_, nullptr); + std::string stage; + int32_t errorCode = 0; + int32_t ret = 0; + ipsecControl_->state_ = IpsecVpnStateCode::STATE_STARTED; + stage = SWANCTL_START_TAG; + sptr vpnInfo = new (std::nothrow) MultiVpnInfo(); + ASSERT_NE(vpnInfo, nullptr); + ipsecControl_->multiVpnInfo_ = vpnInfo; + ret = ipsecControl_->NotifyConnectStage(stage, errorCode); + EXPECT_EQ(ret, NETMANAGER_EXT_SUCCESS); + ipsecControl_->multiVpnInfo_->ifNameId = 1; + ret = ipsecControl_->NotifyConnectStage(stage, errorCode); + EXPECT_EQ(ret, NETMANAGER_EXT_SUCCESS); +} + HWTEST_F(IpsecVpnCtlTest, GetSysVpnCertUriTest001, TestSize.Level1) { sptr config = new (std::nothrow) IpsecVpnConfig(); @@ -224,7 +242,7 @@ HWTEST_F(IpsecVpnCtlTest, InitConfigFileTest002, TestSize.Level1) EXPECT_EQ(ipsecControl_->InitConfigFile(), NETMANAGER_EXT_ERR_INTERNAL); } -HWTEST_F(IpsecVpnCtlTest, UpdateConfigTest002, TestSize.Level1) +HWTEST_F(IpsecVpnCtlTest, UpdateConfigTest001, TestSize.Level1) { if (ipsecControl_ == nullptr) { return; @@ -257,9 +275,13 @@ HWTEST_F(IpsecVpnCtlTest, UpdateConfigTest002, TestSize.Level1) message = R"({"updateconfig":{"remoteip":"192.168.1.1","address":"192.168.1.1", "netmask":"255.255.255.0", "mtu":1400, "phyifname":"xfrm"}})"; EXPECT_EQ(ipsecControl_->UpdateConfig(message), NETMANAGER_EXT_SUCCESS); + ipsecControl_->vpnConfig_ = nullptr; + message = R"({"updateconfig":{"address":"192.168.1.1", "netmask":"255.255.255.0", + "mtu":1400, "phyifname":"xfrm"}})"; + EXPECT_EQ(ipsecControl_->UpdateConfig(message), NETMANAGER_EXT_SUCCESS); } -HWTEST_F(IpsecVpnCtlTest, HandleUpdateConfig001, TestSize.Level1) +HWTEST_F(IpsecVpnCtlTest, HandleUpdateConfigTest001, TestSize.Level1) { if (ipsecControl_ == nullptr) { return; @@ -284,5 +306,70 @@ HWTEST_F(IpsecVpnCtlTest, HandleUpdateConfig001, TestSize.Level1) EXPECT_EQ(ipsecControl_->HandleUpdateConfig(message), NETMANAGER_EXT_ERR_INTERNAL); } +HWTEST_F(IpsecVpnCtlTest, StartSysVpnTest001, TestSize.Level1) +{ + sptr ipsecConfig = new (std::nothrow) IpsecVpnConfig(); + ASSERT_NE(ipsecConfig, nullptr); + int32_t userId = 0; + std::vector activeUserIds; + std::unique_ptr ipsecControl1 + = std::make_unique(ipsecConfig, "pkg", userId, activeUserIds); + ASSERT_NE(ipsecControl1, nullptr); + EXPECT_EQ(ipsecControl1->SetUp(), NETMANAGER_EXT_SUCCESS); + std::unique_ptr ipsecControl2 + = std::make_unique(ipsecConfig, "pkg", userId, activeUserIds); + ASSERT_NE(ipsecControl2, nullptr); + EXPECT_EQ(ipsecControl2->SetUp(), NETMANAGER_EXT_SUCCESS); +} + +HWTEST_F(IpsecVpnCtlTest, DestroyTest002, TestSize.Level1) +{ + sptr ipsecConfig = new (std::nothrow) IpsecVpnConfig(); + ASSERT_NE(ipsecConfig, nullptr); + int32_t userId = 0; + std::vector activeUserIds; + + std::unique_ptr ipsecControl + = std::make_unique(ipsecConfig, "pkg", userId, activeUserIds); + ASSERT_NE(ipsecControl, nullptr); + EXPECT_EQ(ipsecControl->Destroy(), NETMANAGER_EXT_SUCCESS); + + std::unique_ptr ipsecControl1 + = std::make_unique(ipsecConfig, "pkg", userId, activeUserIds); + ASSERT_NE(ipsecControl1, nullptr); + sptr vpnInfo = new (std::nothrow) MultiVpnInfo(); + ASSERT_NE(vpnInfo, nullptr); + ipsecControl1->multiVpnInfo_ = vpnInfo; + ipsecControl1->multiVpnInfo_->isVpnExtCall = false; + EXPECT_EQ(ipsecControl1->Destroy(), NETMANAGER_EXT_SUCCESS); + std::unique_ptr ipsecControl2 + = std::make_unique(ipsecConfig, "pkg", userId, activeUserIds); + ASSERT_NE(ipsecControl2, nullptr); + vpnInfo->isVpnExtCall = 1; + ipsecControl1->multiVpnInfo_->isVpnExtCall = true; + ipsecControl1->multiVpnInfo_->ifNameId = 1; + EXPECT_EQ(ipsecControl2->Destroy(), NETMANAGER_EXT_SUCCESS); +} + +HWTEST_F(IpsecVpnCtlTest, SetUpVpnTunTest001, TestSize.Level1) +{ + sptr vpnInfo = new (std::nothrow) MultiVpnInfo(); + ASSERT_NE(vpnInfo, nullptr); + vpnInfo->isVpnExtCall = 0; + vpnInfo->ifNameId = 1; + sptr ipsecConfig = new (std::nothrow) IpsecVpnConfig(); + ASSERT_NE(ipsecConfig, nullptr); + int32_t userId = 0; + std::vector activeUserIds; + std::unique_ptr ipsecControl + = std::make_unique(ipsecConfig, "pkg", userId, activeUserIds); + ASSERT_NE(ipsecControl, nullptr); + ipsecControl->multiVpnInfo_ = vpnInfo; + ipsecControl->multiVpnInfo_->isVpnExtCall = true; + EXPECT_NE(ipsecControl->SetUpVpnTun(), NETMANAGER_EXT_SUCCESS); + ipsecControl->multiVpnInfo_->isVpnExtCall = false; + EXPECT_NE(ipsecControl->SetUpVpnTun(), NETMANAGER_EXT_SUCCESS); +} + } // namespace NetManagerStandard } // namespace OHOS \ No newline at end of file diff --git a/test/vpnmanager/unittest/sys_vpn_manager_test/l2tp_vpn_ctl_test.cpp b/test/vpnmanager/unittest/sys_vpn_manager_test/l2tp_vpn_ctl_test.cpp index 1a7f2b30..38cb903e 100644 --- a/test/vpnmanager/unittest/sys_vpn_manager_test/l2tp_vpn_ctl_test.cpp +++ b/test/vpnmanager/unittest/sys_vpn_manager_test/l2tp_vpn_ctl_test.cpp @@ -89,9 +89,11 @@ HWTEST_F(L2tpVpnCtlTest, SetUp002, TestSize.Level1) EXPECT_EQ(l2tpControl->SetUp(), NETMANAGER_EXT_SUCCESS); l2tpControl->l2tpVpnConfig_->vpnType_ = 4; EXPECT_EQ(l2tpControl->SetUp(), NETMANAGER_EXT_SUCCESS); + l2tpControl->l2tpVpnConfig_->vpnType_ = 5; + EXPECT_EQ(l2tpControl->SetUp(), NETMANAGER_EXT_SUCCESS); } -HWTEST_F(L2tpVpnCtlTest, SetUp003, TestSize.Level1) +HWTEST_F(L2tpVpnCtlTest, SetUpTest003, TestSize.Level1) { sptr l2tpVpnconfig = new (std::nothrow) L2tpVpnConfig(); ASSERT_NE(l2tpVpnconfig, nullptr); @@ -114,6 +116,31 @@ HWTEST_F(L2tpVpnCtlTest, SetUp003, TestSize.Level1) EXPECT_EQ(l2tpControl->SetUp(), NETMANAGER_EXT_SUCCESS); } +HWTEST_F(L2tpVpnCtlTest, StartSysVpnTest001, TestSize.Level1) +{ + sptr l2tpVpnconfig = new (std::nothrow) L2tpVpnConfig(); + ASSERT_NE(l2tpVpnconfig, nullptr); + sptr netAddr = new (std::nothrow) INetAddr(); + ASSERT_NE(netAddr, nullptr); + std::string ip = "1.1.1.1"; + netAddr->address_ = ip; + netAddr->prefixlen_ = 1; + l2tpVpnconfig->addresses_.push_back(*netAddr); + l2tpVpnconfig->vpnId_ = "123"; + l2tpVpnconfig->vpnName_ = "testSetUpVpn"; + l2tpVpnconfig->vpnType_ = 1; + int32_t userId = 0; + std::vector activeUserIds; + std::unique_ptr l2tpControl = + std::make_unique(l2tpVpnconfig, "pkg", userId, activeUserIds); + ASSERT_NE(l2tpControl, nullptr); + l2tpControl->l2tpVpnConfig_ = l2tpVpnconfig; + l2tpControl->l2tpVpnConfig_->vpnType_ = 4; + EXPECT_EQ(l2tpControl->StartSysVpn(), NETMANAGER_EXT_SUCCESS); + l2tpControl->l2tpVpnConfig_->vpnType_ = 5; + EXPECT_EQ(l2tpControl->StartSysVpn(), NETMANAGER_EXT_SUCCESS); +} + HWTEST_F(L2tpVpnCtlTest, Destroy001, TestSize.Level1) { if (l2tpControl_ == nullptr) { @@ -254,6 +281,45 @@ HWTEST_F(L2tpVpnCtlTest, NotifyConnectStageTest002, TestSize.Level1) EXPECT_EQ(ret, NETMANAGER_EXT_ERR_INTERNAL); } +HWTEST_F(L2tpVpnCtlTest, NotifyConnectStageTest003, TestSize.Level1) +{ + ASSERT_NE(l2tpControl_, nullptr); + std::string stage; + int32_t errorCode = NETMANAGER_EXT_SUCCESS; + l2tpControl_->state_ = IpsecVpnStateCode::STATE_CONFIGED; + stage = L2TP_IPSEC_CONFIGURED_TAG; + sptr l2tpVpnconfig = new (std::nothrow) L2tpVpnConfig(); + ASSERT_NE(l2tpVpnconfig, nullptr); + l2tpControl_->l2tpVpnConfig_ = l2tpVpnconfig; + l2tpControl_->l2tpVpnConfig_->vpnType_ = 4; + EXPECT_EQ(l2tpControl_->NotifyConnectStage(stage, errorCode), NETMANAGER_EXT_SUCCESS); + sptr vpnInfo = new (std::nothrow) MultiVpnInfo(); + ASSERT_NE(vpnInfo, nullptr); + l2tpControl_->multiVpnInfo_ = vpnInfo; + EXPECT_EQ(l2tpControl_->NotifyConnectStage(stage, errorCode), NETMANAGER_EXT_SUCCESS); + + l2tpControl_->state_ = IpsecVpnStateCode::STATE_L2TP_STARTED; + stage = IPSEC_CONNECT_TAG; + EXPECT_EQ(l2tpControl_->NotifyConnectStage(stage, errorCode), NETMANAGER_EXT_SUCCESS); +} + +HWTEST_F(L2tpVpnCtlTest, NotifyConnectStageTest004, TestSize.Level1) +{ + ASSERT_NE(l2tpControl_, nullptr); + std::string stage; + int32_t errorCode = NETMANAGER_EXT_SUCCESS; + l2tpControl_->state_ = IpsecVpnStateCode::STATE_STARTED; + stage = SWANCTL_START_TAG; + sptr l2tpVpnconfig = new (std::nothrow) L2tpVpnConfig(); + ASSERT_NE(l2tpVpnconfig, nullptr); + l2tpControl_->l2tpVpnConfig_ = l2tpVpnconfig; + MultiVpnHelper::GetInstance().StartL2tp(); + l2tpControl_->l2tpVpnConfig_->vpnType_ = 4; + EXPECT_EQ(l2tpControl_->NotifyConnectStage(stage, errorCode), NETMANAGER_EXT_SUCCESS); + l2tpControl_->l2tpVpnConfig_->vpnType_ = 5; + EXPECT_EQ(l2tpControl_->NotifyConnectStage(stage, errorCode), NETMANAGER_EXT_SUCCESS); +} + HWTEST_F(L2tpVpnCtlTest, GetSysVpnCertUriTest001, TestSize.Level1) { sptr config = new (std::nothrow) L2tpVpnConfig(); @@ -365,18 +431,14 @@ HWTEST_F(L2tpVpnCtlTest, GetSysVpnCertUriTest003, TestSize.Level1) HWTEST_F(L2tpVpnCtlTest, ProcessUpdateL2tpConfig001, TestSize.Level1) { sptr l2tpVpnconfig = new (std::nothrow) L2tpVpnConfig(); - if (l2tpVpnconfig == nullptr) { - return; - } + ASSERT_NE(l2tpVpnconfig, nullptr); int32_t userId = 0; std::vector activeUserIds; std::unique_ptr l2tpControl = std::make_unique(l2tpVpnconfig, "pkg", userId, activeUserIds); - if (l2tpControl == nullptr) { - return; - } + ASSERT_NE(l2tpVpnconfig, nullptr); std::string message; - l2tpControl->l2tpVpnConfig_ = nullptr; + EXPECT_EQ(l2tpControl->ProcessUpdateConfig(message), NETMANAGER_EXT_ERR_INTERNAL); message = R"({"updateconfig":{"address":"192.168.1.1", "netmask":"255.255.255.0", "mtu":1400, "phyifname":"xfrm"}})"; EXPECT_EQ(l2tpControl->ProcessUpdateConfig(message), NETMANAGER_EXT_ERR_INTERNAL); diff --git a/test/vpnmanager/unittest/sys_vpn_manager_test/vpn_template_processor_test.cpp b/test/vpnmanager/unittest/sys_vpn_manager_test/vpn_template_processor_test.cpp index d2ae0400..b971e5b3 100644 --- a/test/vpnmanager/unittest/sys_vpn_manager_test/vpn_template_processor_test.cpp +++ b/test/vpnmanager/unittest/sys_vpn_manager_test/vpn_template_processor_test.cpp @@ -15,6 +15,10 @@ #include +#ifdef GTEST_API_ +#define private public +#define protected public +#endif #include #include @@ -26,13 +30,8 @@ #include "vpn_template_processor.h" #include "net_manager_constants.h" #include "multi_vpn_helper.h" -#ifdef GTEST_API_ -#define private public -#define protected public -#endif #include "networkvpn_service.h" - namespace OHOS { namespace NetManagerStandard { namespace { @@ -69,7 +68,13 @@ HWTEST_F(VpnTemplateProcessorTest, BuildConfig001, TestSize.Level1) HWTEST_F(VpnTemplateProcessorTest, BuildConfig002, TestSize.Level1) { - std::shared_ptr vpnObj = nullptr; + sptr config = new (std::nothrow) L2tpVpnConfig(); + ASSERT_NE(config, nullptr); + int32_t userId = 0; + std::vector activeUserIds; + std::shared_ptr sysVpnCtl = std::make_shared(config, "", userId, activeUserIds); + ASSERT_NE(sysVpnCtl, nullptr); + std::shared_ptr vpnObj = sysVpnCtl; std::map> vpnObjMap; VpnTemplateProcessor processor; EXPECT_EQ(processor.BuildConfig(vpnObj, vpnObjMap), NETMANAGER_EXT_ERR_INTERNAL); @@ -228,5 +233,73 @@ HWTEST_F(VpnTemplateProcessorTest, BuildConfig007, TestSize.Level1) EXPECT_EQ(processor.BuildConfig(vpnObj8, vpnObjMap), NETMANAGER_EXT_SUCCESS); } +HWTEST_F(VpnTemplateProcessorTest, BuildConfig008, TestSize.Level1) +{ + sptr config = new (std::nothrow) L2tpVpnConfig(); + ASSERT_NE(config, nullptr); + int32_t userId = 0; + std::vector activeUserIds; + std::shared_ptr sysVpnCtl = std::make_shared(config, "", userId, activeUserIds); + ASSERT_NE(sysVpnCtl, nullptr); + sptr vpnInfo = new (std::nothrow) MultiVpnInfo(); + ASSERT_NE(vpnInfo, nullptr); + sysVpnCtl->multiVpnInfo_ = vpnInfo; + std::shared_ptr vpnObj = sysVpnCtl; + std::map> vpnObjMap; + VpnTemplateProcessor processor; + EXPECT_EQ(processor.BuildConfig(vpnObj, vpnObjMap), NETMANAGER_EXT_SUCCESS); +} + +HWTEST_F(VpnTemplateProcessorTest, GenXl2tpdConf001, TestSize.Level1) +{ + sptr config = nullptr; + std::map> vpnObjMap; + VpnTemplateProcessor processor; + processor.GenXl2tpdConf(config, 1, vpnObjMap); +} + +HWTEST_F(VpnTemplateProcessorTest, GenOptionsL2tpdClient001, TestSize.Level1) +{ + VpnTemplateProcessor processor; + sptr config = nullptr; + processor.GenOptionsL2tpdClient(config); +} + +HWTEST_F(VpnTemplateProcessorTest, CreateXl2tpdConf001, TestSize.Level1) +{ + VpnTemplateProcessor processor; + sptr config = nullptr; + std::string conf; + processor.CreateXl2tpdConf(config, 1, conf); +} + +HWTEST_F(VpnTemplateProcessorTest, GetSecret001, TestSize.Level1) +{ + VpnTemplateProcessor processor; + sptr ipsecConfig = nullptr; + std::string conf; + processor.GetSecret(ipsecConfig, 1, conf); +} + +HWTEST_F(VpnTemplateProcessorTest, GetConnect001, TestSize.Level1) +{ + VpnTemplateProcessor processor; + sptr ipsecConfig = nullptr; + std::string conf; + processor.GetConnect(ipsecConfig, 1, conf); + ipsecConfig= new (std::nothrow) IpsecVpnConfig(); + ASSERT_NE(ipsecConfig, nullptr); + processor.GetConnect(ipsecConfig, 1, conf); + sptr netAddr = new (std::nothrow) INetAddr(); + ASSERT_NE(netAddr, nullptr); + std::string ip = "1.1.1.1"; + netAddr->address_ = ip; + netAddr->prefixlen_ = 1; + ipsecConfig->addresses_.push_back(*netAddr); + processor.GetConnect(ipsecConfig, 1, conf); + ipsecConfig->vpnType_ = -1; + processor.GetConnect(ipsecConfig, 1, conf); +} + } // namespace NetManagerStandard } // namespace OHOS \ No newline at end of file -- Gitee From c9a64b119fd39faa83aa73c15ab550fe1928f7b5 Mon Sep 17 00:00:00 2001 From: songyuanbing Date: Tue, 24 Jun 2025 16:08:41 +0800 Subject: [PATCH 7/7] fix codex Signed-off-by: songyuanbing --- .../vpnmanager/src/vpn_template_processor.cpp | 26 ++++++++----------- 1 file changed, 11 insertions(+), 15 deletions(-) diff --git a/services/vpnmanager/src/vpn_template_processor.cpp b/services/vpnmanager/src/vpn_template_processor.cpp index 3f14cb08..017775ad 100644 --- a/services/vpnmanager/src/vpn_template_processor.cpp +++ b/services/vpnmanager/src/vpn_template_processor.cpp @@ -202,41 +202,35 @@ void VpnTemplateProcessor::GetConnect(sptr &ipsecConfig, int32_t outConnect = homeElement + " {\n remote_addrs = " + ipsecConfig->addresses_[0].address_ + "\n vips = 0.0.0.0\n"; std::ostringstream oss; switch (ipsecConfig->vpnType_) { - case VpnType::IKEV2_IPSEC_MSCHAPv2: { + case VpnType::IKEV2_IPSEC_MSCHAPv2: oss << "local {\n auth = eap-mschapv2\n eap_id = " << ipsecConfig->userName_ << "\n}\n"; oss << "remote {\n auth = pubkey\n}\n" << children << "\nversion = 2\n proposals = default\n}\n"; break; - } - case VpnType::IKEV2_IPSEC_PSK: { + case VpnType::IKEV2_IPSEC_PSK: oss << "local {\n auth = psk\n}\n remote {\n auth = psk\n id = " << ipsecId << "\n}\n"; oss << children << "\nversion = 2\n proposals = default\n}\n"; break; - } - case VpnType::IKEV2_IPSEC_RSA: { + case VpnType::IKEV2_IPSEC_RSA: oss << "local {\n auth = pubkey\n id = " << ipsecId << "\n}\n"; oss << "remote {\n auth = pubkey\n}\n" << children << "\nversion = 2\n proposals = default\n}\n"; break; - } - case VpnType::IPSEC_XAUTH_PSK: { + case VpnType::IPSEC_XAUTH_PSK: oss << "local {\n auth = psk\n id = " << ipsecId << "\n}\n"; oss << "local-xauth {\n auth = xauth\n xauth_id = " << ipsecConfig->userName_ << "\n}\n"; oss << "remote {\n auth = psk\n id = " << ipsecId << "\n}\n"; oss << children << "\n version = 1\n proposals = default\n aggressive=yes\n}\n"; break; - } - case VpnType::IPSEC_XAUTH_RSA: { + case VpnType::IPSEC_XAUTH_RSA: oss << "local {\n auth = pubkey\n id = " << ipsecId << "\n}\n"; oss << "local-xauth {\n auth = xauth\n}\n remote {\n auth = pubkey\n}\n"; oss << "children {\n home {\n remote_ts=0.0.0.0/0\n esp_proposals = default\n}\n}\n"; oss << "version = 1\n proposals = default\n}\n"; break; - } - case VpnType::IPSEC_HYBRID_RSA: { + case VpnType::IPSEC_HYBRID_RSA: oss << "local {\n auth = xauth\n xauth_id = " << ipsecConfig->userName_ << "\n}\n"; oss << "remote {\n auth = pubkey\n}\n"; oss << children << "{\n version = 1\n proposals = default\n}\n"; break; - } default: break; } @@ -250,19 +244,21 @@ void VpnTemplateProcessor::CreateConnectAndSecret(sptr &ipsecCon NETMGR_EXT_LOG_W("invalid config"); return; } - std::string connect, secret; + std::string connect; + std::string secret; if (l2tpConfig != nullptr) { if (l2tpConfig->vpnType_ == L2TP) { return; } std::string homeElement = "home" + std::to_string(ifNameId); std::string address = !l2tpConfig->addresses_.empty() ? l2tpConfig->addresses_[0].address_ : ""; - std::string localId = !l2tpConfig->ipsecIdentifier_.empty() ? l2tpConfig->ipsecIdentifier_ : + std::string localId = !l2tpConfig->ipsecIdentifier_.empty() ? l2tpConfig->ipsecIdentifier_ : (l2tpConfig->vpnType_ == L2TP_IPSEC_PSK) ? homeElement : "%any"; std::string remoteId = l2tpConfig->ipsecIdentifier_.empty() ? "%any" : l2tpConfig->ipsecIdentifier_; std::string authType = (l2tpConfig->vpnType_ == L2TP_IPSEC_PSK) ? "psk" : "pubkey"; - std::ostringstream connectOss, secretOss; + std::ostringstream connectOss; + std::ostringstream secretOss; connectOss << "home" << ifNameId << " {\nremote_addrs = " << address << "\n"; connectOss << "local {\nid = " << localId << "\nauth = " << authType << "\n}\n"; connectOss << "remote {\nid = " << remoteId << "\nauth = " << authType << "\n}\n"; -- Gitee