eap auth

ios/Keychain.swift

@@ -0,0 +1,47 @@
+import Foundation
+import Security
+
+@objc class Keychain {
+	@objc func persistentRef(key: String) -> NSData? {
+		let query: [NSObject: AnyObject] = [
+			kSecClass: kSecClassGenericPassword,
+			kSecAttrGeneric: key,
+			kSecAttrAccount: key,
+			kSecAttrAccessible: kSecAttrAccessibleAlways,
+			kSecMatchLimit: kSecMatchLimitOne,
+			kSecAttrService: NSBundle.mainBundle().bundleIdentifier!,
+			kSecReturnPersistentRef: kCFBooleanTrue
+		]
+
+		var secItem: AnyObject?
+		let result = SecItemCopyMatching(query, &secItem)
+		if result != errSecSuccess {
+			return nil
+		}
+
+		return secItem as? NSData
+	}
+
+	@objc func set(key: String, value: String) {
+
+		let query: [NSObject: AnyObject] = [
+			kSecValueData: value.dataUsingEncoding(NSUTF8StringEncoding)!,
+			kSecClass: kSecClassGenericPassword,
+			kSecAttrGeneric: key,
+			kSecAttrAccount: key,
+			kSecAttrAccessible: kSecAttrAccessibleAlways,
+			kSecAttrService: NSBundle.mainBundle().bundleIdentifier!
+		]
+
+		clear(key)
+		SecItemAdd(query as CFDictionaryRef, nil)
+	}
+
+	@objc func clear(key: String) {
+		let query: [NSObject: AnyObject] = [
+			kSecClass: kSecClassGenericPassword,
+			kSecAttrAccount: key
+		]
+		SecItemDelete(query as CFDictionaryRef)
+	}
+}

ios/RNNetworkExtension.h

@@ -7,6 +7,7 @@
 #import <React/RCTBridgeModule.h>
 #import <React/RCTEventEmitter.h>
 
+@class Keychain;
 
 @interface RNNetworkExtension : RCTEventEmitter <RCTBridgeModule>
 

ios/RNNetworkExtension.m

@@ -1,5 +1,6 @@
 
 #import "RNNetworkExtension.h"
+#import "RNNetworkExtension-Swift.h"
 
 #import <NetworkExtension/NEVPNManager.h>
 #import <NetworkExtension/NEVPNConnection.h>
@@ -97,38 +98,43 @@ -(void)installProfile:(NSDictionary *)args resolver:(RCTPromiseResolveBlock)reso
             p = [[NEVPNProtocolIKEv2 alloc] init];
         }
 
-        p.serverAddress = args[@"IPAddress"];
+        Keychain *keychain = [Keychain new];
+        [keychain set:@"vpnpassword" value:args[@"password"]];
+
+        p.serverAddress = args[@"domain"];
         p.authenticationMethod = NEVPNIKEAuthenticationMethodCertificate;
-        p.identityData = [[NSData alloc] initWithBase64EncodedString:args[@"clientCert"] options:0];
-        p.identityDataPassword = args[@"clientCertKey"];
-
-        p.childSecurityAssociationParameters.diffieHellmanGroup = NEVPNIKEv2DiffieHellmanGroup19;
-        p.childSecurityAssociationParameters.encryptionAlgorithm = NEVPNIKEv2EncryptionAlgorithmAES128GCM;
-        p.childSecurityAssociationParameters.integrityAlgorithm = NEVPNIKEv2IntegrityAlgorithmSHA512;
-        p.childSecurityAssociationParameters.lifetimeMinutes = 20;
-
-        p.IKESecurityAssociationParameters.diffieHellmanGroup = NEVPNIKEv2DiffieHellmanGroup19;
-        p.IKESecurityAssociationParameters.encryptionAlgorithm = NEVPNIKEv2EncryptionAlgorithmAES128GCM;
-        p.IKESecurityAssociationParameters.integrityAlgorithm = NEVPNIKEv2IntegrityAlgorithmSHA512;
-        p.IKESecurityAssociationParameters.lifetimeMinutes = 20;
+        p.username = args[@"username"];
+        p.passwordReference = [keychain persistentRef:args[@"password"]];
+        // p.identityData = [[NSData alloc] initWithBase64EncodedString:args[@"clientCert"] options:0];
+        // p.identityDataPassword = args[@"clientCertKey"];
+
+        // p.childSecurityAssociationParameters.diffieHellmanGroup = NEVPNIKEv2DiffieHellmanGroup19;
+        // p.childSecurityAssociationParameters.encryptionAlgorithm = NEVPNIKEv2EncryptionAlgorithmAES128GCM;
+        // p.childSecurityAssociationParameters.integrityAlgorithm = NEVPNIKEv2IntegrityAlgorithmSHA512;
+        // p.childSecurityAssociationParameters.lifetimeMinutes = 20;
+
+        // p.IKESecurityAssociationParameters.diffieHellmanGroup = NEVPNIKEv2DiffieHellmanGroup19;
+        // p.IKESecurityAssociationParameters.encryptionAlgorithm = NEVPNIKEv2EncryptionAlgorithmAES128GCM;
+        // p.IKESecurityAssociationParameters.integrityAlgorithm = NEVPNIKEv2IntegrityAlgorithmSHA512;
+        // p.IKESecurityAssociationParameters.lifetimeMinutes = 20;
 
         p.disableMOBIKE = NO;
         p.disableRedirect = YES;
         p.enableRevocationCheck = NO;
         p.enablePFS = YES;
         p.useConfigurationAttributeInternalIPSubnet = NO;
-        p.certificateType = NEVPNIKEv2CertificateTypeECDSA256;
-        p.serverCertificateCommonName = args[@"IPAddress"];
-        p.serverCertificateIssuerCommonName = args[@"IPAddress"];
+        // p.certificateType = NEVPNIKEv2CertificateTypeECDSA256;
+        // p.serverCertificateCommonName = args[@"IPAddress"];
+        // p.serverCertificateIssuerCommonName = args[@"IPAddress"];
 
-        p.localIdentifier = args[@"IPAddress"];
-        p.remoteIdentifier = args[@"IPAddress"];
+        p.localIdentifier = args[@"domain"];
+        p.remoteIdentifier = args[@"domain"];
 
-        p.useExtendedAuthentication = NO;
+        p.useExtendedAuthentication = YES;
         p.disconnectOnSleep = NO;
 
         _vpnManager.protocolConfiguration = p;
-        _vpnManager.localizedDescription = @"AnyVPN";
+        _vpnManager.localizedDescription = args[@"domain"];
         _vpnManager.enabled = YES;
 
         [_vpnManager saveToPreferencesWithCompletionHandler:^(NSError *error) {

package.json

@@ -1,6 +1,6 @@
 {
   "name": "react-native-network-extension",
-  "version": "0.1.11",
+  "version": "0.1.12",
   "description": "React Native Network Extension",
   "repository": "https://github.com/miniyarov/react-native-network-extension",
   "main": "index.js",

react-native-network-extension.podspec

@@ -16,7 +16,7 @@ Pod::Spec.new do |s|
     s.platform       = :ios, '9.0'
 
     s.preserve_paths = '*.js'
-    s.source_files   = 'ios/*.{h,m}'
+    s.source_files   = 'ios/*.{h,m}', 'ios/*.swift'
 
     s.dependency 'React'
   end