Example 86 with HomeSP
use of com.android.hotspot2.pps.HomeSP in project android_frameworks_base by crdroidandroid.
the class OSUClient method createHandler.
private HTTPHandler createHandler(Network network, HomeSP homeSP, KeyManager km, int flowType) throws GeneralSecurityException, IOException {
Credential credential = homeSP.getCredential();
Log.d(TAG, "Credential method " + credential.getEAPMethod().getEAPMethodID());
switch(credential.getEAPMethod().getEAPMethodID()) {
case EAP_TTLS:
String user;
byte[] password;
UpdateInfo subscriptionUpdate;
if (flowType == OSUManager.FLOW_POLICY) {
subscriptionUpdate = homeSP.getPolicy() != null ? homeSP.getPolicy().getPolicyUpdate() : null;
} else {
subscriptionUpdate = homeSP.getSubscriptionUpdate();
}
if (subscriptionUpdate != null && subscriptionUpdate.getUsername() != null) {
user = subscriptionUpdate.getUsername();
password = subscriptionUpdate.getPassword() != null ? subscriptionUpdate.getPassword().getBytes(StandardCharsets.UTF_8) : new byte[0];
} else {
user = credential.getUserName();
password = credential.getPassword().getBytes(StandardCharsets.UTF_8);
}
return new HTTPHandler(StandardCharsets.UTF_8, OSUSocketFactory.getSocketFactory(mKeyStore, homeSP, flowType, network, mURL, km, true), user, password);
case EAP_TLS:
return new HTTPHandler(StandardCharsets.UTF_8, OSUSocketFactory.getSocketFactory(mKeyStore, homeSP, flowType, network, mURL, km, true));
default:
throw new IOException("Cannot remediate account with " + credential.getEAPMethod().getEAPMethodID());
}
}
Also used :
Credential(com.android.hotspot2.pps.Credential)
IOException(java.io.IOException)
UpdateInfo(com.android.hotspot2.pps.UpdateInfo)
Example 87 with HomeSP
use of com.android.hotspot2.pps.HomeSP in project android_frameworks_base by crdroidandroid.
the class ConfigBuilder method buildTTLSConfig.
// Retain for debugging purposes
/*
private static void xIterateCerts(KeyStore ks, X509Certificate caCert)
throws GeneralSecurityException {
Enumeration<String> aliases = ks.aliases();
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
Certificate cert = ks.getCertificate(alias);
Log.d("HS2J", "Checking " + alias);
if (cert instanceof X509Certificate) {
X509Certificate x509Certificate = (X509Certificate) cert;
boolean sm = x509Certificate.getSubjectX500Principal().equals(
caCert.getSubjectX500Principal());
boolean eq = false;
if (sm) {
eq = Arrays.equals(x509Certificate.getEncoded(), caCert.getEncoded());
}
Log.d("HS2J", "Subject: " + x509Certificate.getSubjectX500Principal() +
": " + sm + "/" + eq);
}
}
}
*/
private static WifiConfiguration buildTTLSConfig(HomeSP homeSP) throws IOException {
Credential credential = homeSP.getCredential();
if (credential.getUserName() == null || credential.getPassword() == null) {
throw new IOException("EAP-TTLS provisioned without user name or password");
}
EAPMethod eapMethod = credential.getEAPMethod();
AuthParam authParam = eapMethod.getAuthParam();
if (authParam == null || authParam.getAuthInfoID() != EAP.AuthInfoID.NonEAPInnerAuthType) {
throw new IOException("Bad auth parameter for EAP-TTLS: " + authParam);
}
WifiConfiguration config = buildBaseConfiguration(homeSP);
NonEAPInnerAuth ttlsParam = (NonEAPInnerAuth) authParam;
WifiEnterpriseConfig enterpriseConfig = config.enterpriseConfig;
enterpriseConfig.setPhase2Method(remapInnerMethod(ttlsParam.getType()));
enterpriseConfig.setIdentity(credential.getUserName());
enterpriseConfig.setPassword(credential.getPassword());
return config;
}
Also used :
WifiEnterpriseConfig(android.net.wifi.WifiEnterpriseConfig)
Credential(com.android.hotspot2.pps.Credential)
WifiConfiguration(android.net.wifi.WifiConfiguration)
IOException(java.io.IOException)
AuthParam(com.android.anqp.eap.AuthParam)
EAPMethod(com.android.anqp.eap.EAPMethod)
NonEAPInnerAuth(com.android.anqp.eap.NonEAPInnerAuth)
Example 88 with HomeSP
use of com.android.hotspot2.pps.HomeSP in project android_frameworks_base by crdroidandroid.
the class ConfigBuilder method buildConfig.
public static WifiConfiguration buildConfig(HomeSP homeSP, X509Certificate caCert, List<X509Certificate> clientChain, PrivateKey key) throws IOException, GeneralSecurityException {
Credential credential = homeSP.getCredential();
WifiConfiguration config;
EAP.EAPMethodID eapMethodID = credential.getEAPMethod().getEAPMethodID();
switch(eapMethodID) {
case EAP_TTLS:
if (key != null || clientChain != null) {
Log.w(TAG, "Client cert and/or key included with EAP-TTLS profile");
}
config = buildTTLSConfig(homeSP);
break;
case EAP_TLS:
config = buildTLSConfig(homeSP, clientChain, key);
break;
case EAP_AKA:
case EAP_AKAPrim:
case EAP_SIM:
if (key != null || clientChain != null || caCert != null) {
Log.i(TAG, "Client/CA cert and/or key included with " + eapMethodID + " profile");
}
config = buildSIMConfig(homeSP);
break;
default:
throw new IOException("Unsupported EAP Method: " + eapMethodID);
}
WifiEnterpriseConfig enterpriseConfig = config.enterpriseConfig;
enterpriseConfig.setCaCertificate(caCert);
enterpriseConfig.setAnonymousIdentity("anonymous@" + credential.getRealm());
return config;
}
Also used :
WifiEnterpriseConfig(android.net.wifi.WifiEnterpriseConfig)
Credential(com.android.hotspot2.pps.Credential)
WifiConfiguration(android.net.wifi.WifiConfiguration)
EAP(com.android.anqp.eap.EAP)
IOException(java.io.IOException)
Example 89 with HomeSP
use of com.android.hotspot2.pps.HomeSP in project android_frameworks_base by crdroidandroid.
the class ConfigBuilder method buildTLSConfig.
private static WifiConfiguration buildTLSConfig(HomeSP homeSP, List<X509Certificate> clientChain, PrivateKey clientKey) throws IOException, GeneralSecurityException {
Credential credential = homeSP.getCredential();
X509Certificate clientCertificate = null;
if (clientKey == null || clientChain == null) {
throw new IOException("No key and/or cert passed for EAP-TLS");
}
if (credential.getCertType() != Credential.CertType.x509v3) {
throw new IOException("Invalid certificate type for TLS: " + credential.getCertType());
}
byte[] reference = credential.getFingerPrint();
MessageDigest digester = MessageDigest.getInstance("SHA-256");
for (X509Certificate certificate : clientChain) {
digester.reset();
byte[] fingerprint = digester.digest(certificate.getEncoded());
if (Arrays.equals(reference, fingerprint)) {
clientCertificate = certificate;
break;
}
}
if (clientCertificate == null) {
throw new IOException("No certificate in chain matches supplied fingerprint");
}
String alias = Base64.encodeToString(reference, Base64.DEFAULT);
WifiConfiguration config = buildBaseConfiguration(homeSP);
WifiEnterpriseConfig enterpriseConfig = config.enterpriseConfig;
enterpriseConfig.setClientCertificateAlias(alias);
enterpriseConfig.setClientKeyEntry(clientKey, clientCertificate);
return config;
}
Also used :
WifiEnterpriseConfig(android.net.wifi.WifiEnterpriseConfig)
Credential(com.android.hotspot2.pps.Credential)
WifiConfiguration(android.net.wifi.WifiConfiguration)
IOException(java.io.IOException)
MessageDigest(java.security.MessageDigest)
X509Certificate(java.security.cert.X509Certificate)
Aggregations
HomeSP (com.android.hotspot2.pps.HomeSP)50
IOException (java.io.IOException)45
Credential (com.android.hotspot2.pps.Credential)35
WifiConfiguration (android.net.wifi.WifiConfiguration)25
HashMap (java.util.HashMap)16
WifiEnterpriseConfig (android.net.wifi.WifiEnterpriseConfig)15
X509Certificate (java.security.cert.X509Certificate)15
ArrayList (java.util.ArrayList)12
EAPMethod (com.android.anqp.eap.EAPMethod)10
NonEAPInnerAuth (com.android.anqp.eap.NonEAPInnerAuth)10
MOData (com.android.hotspot2.osu.commands.MOData)10
UpdateInfo (com.android.hotspot2.pps.UpdateInfo)10
BufferedInputStream (java.io.BufferedInputStream)10
FileInputStream (java.io.FileInputStream)10
GeneralSecurityException (java.security.GeneralSecurityException)10
SAXException (org.xml.sax.SAXException)10
List (java.util.List)6
Network (android.net.Network)5
WifiInfo (android.net.wifi.WifiInfo)5
AuthParam (com.android.anqp.eap.AuthParam)5
