1 /* 2 * Copyright (c) 2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef IPSEC_VPN_CTL_H 17 #define IPSEC_VPN_CTL_H 18 19 #include <cstdint> 20 21 #include "cJSON.h" 22 #include "ipsecvpn_config.h" 23 #include "l2tpvpn_config.h" 24 #include "net_vpn_impl.h" 25 #include "netsys_controller.h" 26 27 #define IPSEC_PIDDIR "/data/service/el1/public/vpn" 28 29 namespace OHOS { 30 namespace NetManagerStandard { 31 namespace { 32 constexpr const char *SWAN_CONFIG_FILE = IPSEC_PIDDIR "/strongswan.conf"; 33 constexpr const char *L2TP_CFG = IPSEC_PIDDIR "/xl2tpd.conf"; 34 constexpr const char *IPSEC_START_TAG = "start"; 35 constexpr const char *SWANCTL_START_TAG = "config"; 36 constexpr const char *IPSEC_CONNECT_TAG = "connect"; 37 constexpr const char *IPSEC_CONNECT_NAME = "home"; 38 constexpr const char *L2TP_CONNECT_NAME = "l2tp"; 39 constexpr const char *IPSEC_NODE_UPDATE_CONFIG = "updateconfig"; 40 constexpr const char *IPSEC_NODE_MTU = "mtu"; 41 constexpr const char *IPSEC_NODE_ADDRESS = "address"; 42 constexpr const char *IPSEC_NODE_NETMASK = "netmask"; 43 constexpr const char *IPSEC_NODE_PHY_NAME = "phyifname"; 44 constexpr const char *IPSEC_NODE_REMOTE_IP = "remoteip"; 45 constexpr const char *PRIMARY_DNS = "primarydns"; 46 constexpr const char *SECONDARY_DNS = "secondarydns"; 47 } // namespace 48 using namespace NetsysNative; 49 enum IpsecVpnStateCode { 50 STATE_INIT = 0, 51 STATE_STARTED, // ipsec restart compelete 52 STATE_CONFIGED, // swanctl load files compelete 53 STATE_CONTROLLED, // control pppd startup 54 STATE_CONNECTED, // ipsec up home or pppd started 55 STATE_DISCONNECTED, // stop 56 STATE_L2TP_STARTED, // xl2tpd start 57 }; 58 59 enum IpsecVpnCertType : int32_t { 60 CA_CERT = 0, 61 USER_CERT, 62 SERVER_CERT, 63 SWAN_CTL_CONF, 64 OPTIONS_L2TP_CLIENT_CONF, 65 L2TP_IPSEC_SECRETS_CONF, 66 PKCS12_DATA, 67 PKCS12_PASSWD, 68 }; 69 70 enum VpnErrorCode : int32_t { 71 CONNECT_TIME_OUT = 200, 72 IKEV2_KEY_ERROR = 201, 73 CA_ERROR = 202, 74 PASSWORD_ERROR = 203, 75 IKEV1_KEY_ERROR = 204, 76 }; 77 78 class IpsecVpnCtl : public NetVpnImpl { 79 public: 80 IpsecVpnCtl(sptr<VpnConfig> config, const std::string &pkg, int32_t userId, std::vector<int32_t> &activeUserIds); 81 virtual ~IpsecVpnCtl(); 82 83 sptr<IpsecVpnConfig> ipsecVpnConfig_ = nullptr; 84 sptr<L2tpVpnConfig> l2tpVpnConfig_ = nullptr; 85 86 int32_t GetVpnCertData(const int32_t certType, std::vector<int8_t> &certData) override; 87 bool IsInternalVpn() override; 88 int32_t SetUp() override; 89 int32_t Destroy() override; 90 int32_t GetConnectedSysVpnConfig(sptr<SysVpnConfig> &sysVpnConfig) override; 91 int32_t NotifyConnectStage(const std::string &stage, const int32_t &result) override; 92 int32_t GetSysVpnCertUri(const int32_t certType, std::string &certUri) override; 93 bool IsSystemVpn() override; 94 95 protected: 96 int32_t state_ = STATE_INIT; 97 virtual int32_t StartSysVpn(); 98 virtual int32_t StopSysVpn(); 99 virtual int32_t InitConfigFile(); 100 void CleanTempFiles(); 101 void DeleteTempFile(const std::string &fileName); 102 int32_t SetUpVpnTun(); 103 int32_t UpdateConfig(const std::string &msg); 104 private: 105 void ProcessUpdateConfig(cJSON* jConfig); 106 int32_t ProcessDnsConfig(cJSON* jConfig); 107 void ProcessSwanctlLoad(); 108 void ProcessIpsecUp(); 109 void HandleConnected(); 110 int32_t HandleUpdateConfig(const std::string &config); 111 void HandleIpsecConnectFailed(const int32_t result); 112 }; 113 } // namespace NetManagerStandard 114 } // namespace OHOS 115 #endif // IPSEC_VPN_CTL_H 116