Search in sources :

Example 41 with Credential

use of android.net.wifi.hotspot2.pps.Credential in project android_frameworks_base by crdroidandroid.

the class ConfigBuilder method buildTTLSConfig.

// Retain for debugging purposes
/*
    private static void xIterateCerts(KeyStore ks, X509Certificate caCert)
            throws GeneralSecurityException {
        Enumeration<String> aliases = ks.aliases();
        while (aliases.hasMoreElements()) {
            String alias = aliases.nextElement();
            Certificate cert = ks.getCertificate(alias);
            Log.d("HS2J", "Checking " + alias);
            if (cert instanceof X509Certificate) {
                X509Certificate x509Certificate = (X509Certificate) cert;
                boolean sm = x509Certificate.getSubjectX500Principal().equals(
                        caCert.getSubjectX500Principal());
                boolean eq = false;
                if (sm) {
                    eq = Arrays.equals(x509Certificate.getEncoded(), caCert.getEncoded());
                }
                Log.d("HS2J", "Subject: " + x509Certificate.getSubjectX500Principal() +
                        ": " + sm + "/" + eq);
            }
        }
    }
    */
private static WifiConfiguration buildTTLSConfig(HomeSP homeSP) throws IOException {
    Credential credential = homeSP.getCredential();
    if (credential.getUserName() == null || credential.getPassword() == null) {
        throw new IOException("EAP-TTLS provisioned without user name or password");
    }
    EAPMethod eapMethod = credential.getEAPMethod();
    AuthParam authParam = eapMethod.getAuthParam();
    if (authParam == null || authParam.getAuthInfoID() != EAP.AuthInfoID.NonEAPInnerAuthType) {
        throw new IOException("Bad auth parameter for EAP-TTLS: " + authParam);
    }
    WifiConfiguration config = buildBaseConfiguration(homeSP);
    NonEAPInnerAuth ttlsParam = (NonEAPInnerAuth) authParam;
    WifiEnterpriseConfig enterpriseConfig = config.enterpriseConfig;
    enterpriseConfig.setPhase2Method(remapInnerMethod(ttlsParam.getType()));
    enterpriseConfig.setIdentity(credential.getUserName());
    enterpriseConfig.setPassword(credential.getPassword());
    return config;
}
Also used : WifiEnterpriseConfig(android.net.wifi.WifiEnterpriseConfig) Credential(com.android.hotspot2.pps.Credential) WifiConfiguration(android.net.wifi.WifiConfiguration) IOException(java.io.IOException) AuthParam(com.android.anqp.eap.AuthParam) EAPMethod(com.android.anqp.eap.EAPMethod) NonEAPInnerAuth(com.android.anqp.eap.NonEAPInnerAuth)

Example 42 with Credential

use of android.net.wifi.hotspot2.pps.Credential in project android_frameworks_base by crdroidandroid.

the class ConfigBuilder method buildConfig.

public static WifiConfiguration buildConfig(HomeSP homeSP, X509Certificate caCert, List<X509Certificate> clientChain, PrivateKey key) throws IOException, GeneralSecurityException {
    Credential credential = homeSP.getCredential();
    WifiConfiguration config;
    EAP.EAPMethodID eapMethodID = credential.getEAPMethod().getEAPMethodID();
    switch(eapMethodID) {
        case EAP_TTLS:
            if (key != null || clientChain != null) {
                Log.w(TAG, "Client cert and/or key included with EAP-TTLS profile");
            }
            config = buildTTLSConfig(homeSP);
            break;
        case EAP_TLS:
            config = buildTLSConfig(homeSP, clientChain, key);
            break;
        case EAP_AKA:
        case EAP_AKAPrim:
        case EAP_SIM:
            if (key != null || clientChain != null || caCert != null) {
                Log.i(TAG, "Client/CA cert and/or key included with " + eapMethodID + " profile");
            }
            config = buildSIMConfig(homeSP);
            break;
        default:
            throw new IOException("Unsupported EAP Method: " + eapMethodID);
    }
    WifiEnterpriseConfig enterpriseConfig = config.enterpriseConfig;
    enterpriseConfig.setCaCertificate(caCert);
    enterpriseConfig.setAnonymousIdentity("anonymous@" + credential.getRealm());
    return config;
}
Also used : WifiEnterpriseConfig(android.net.wifi.WifiEnterpriseConfig) Credential(com.android.hotspot2.pps.Credential) WifiConfiguration(android.net.wifi.WifiConfiguration) EAP(com.android.anqp.eap.EAP) IOException(java.io.IOException)

Example 43 with Credential

use of android.net.wifi.hotspot2.pps.Credential in project android_frameworks_base by crdroidandroid.

the class ConfigBuilder method buildTLSConfig.

private static WifiConfiguration buildTLSConfig(HomeSP homeSP, List<X509Certificate> clientChain, PrivateKey clientKey) throws IOException, GeneralSecurityException {
    Credential credential = homeSP.getCredential();
    X509Certificate clientCertificate = null;
    if (clientKey == null || clientChain == null) {
        throw new IOException("No key and/or cert passed for EAP-TLS");
    }
    if (credential.getCertType() != Credential.CertType.x509v3) {
        throw new IOException("Invalid certificate type for TLS: " + credential.getCertType());
    }
    byte[] reference = credential.getFingerPrint();
    MessageDigest digester = MessageDigest.getInstance("SHA-256");
    for (X509Certificate certificate : clientChain) {
        digester.reset();
        byte[] fingerprint = digester.digest(certificate.getEncoded());
        if (Arrays.equals(reference, fingerprint)) {
            clientCertificate = certificate;
            break;
        }
    }
    if (clientCertificate == null) {
        throw new IOException("No certificate in chain matches supplied fingerprint");
    }
    String alias = Base64.encodeToString(reference, Base64.DEFAULT);
    WifiConfiguration config = buildBaseConfiguration(homeSP);
    WifiEnterpriseConfig enterpriseConfig = config.enterpriseConfig;
    enterpriseConfig.setClientCertificateAlias(alias);
    enterpriseConfig.setClientKeyEntry(clientKey, clientCertificate);
    return config;
}
Also used : WifiEnterpriseConfig(android.net.wifi.WifiEnterpriseConfig) Credential(com.android.hotspot2.pps.Credential) WifiConfiguration(android.net.wifi.WifiConfiguration) IOException(java.io.IOException) MessageDigest(java.security.MessageDigest) X509Certificate(java.security.cert.X509Certificate)

Aggregations

Credential (com.android.hotspot2.pps.Credential)40 IOException (java.io.IOException)25 WifiConfiguration (android.net.wifi.WifiConfiguration)20 WifiEnterpriseConfig (android.net.wifi.WifiEnterpriseConfig)15 EAPMethod (com.android.anqp.eap.EAPMethod)15 NonEAPInnerAuth (com.android.anqp.eap.NonEAPInnerAuth)15 HashMap (java.util.HashMap)11 EAP (com.android.anqp.eap.EAP)10 ExpandedEAPMethod (com.android.anqp.eap.ExpandedEAPMethod)10 IMSIParameter (com.android.hotspot2.IMSIParameter)10 UpdateInfo (com.android.hotspot2.pps.UpdateInfo)10 ArrayList (java.util.ArrayList)6 AuthParam (com.android.anqp.eap.AuthParam)5 InnerAuthEAP (com.android.anqp.eap.InnerAuthEAP)5 HomeSP (com.android.hotspot2.pps.HomeSP)5 Policy (com.android.hotspot2.pps.Policy)5 SubscriptionParameters (com.android.hotspot2.pps.SubscriptionParameters)5 MessageDigest (java.security.MessageDigest)5 X509Certificate (java.security.cert.X509Certificate)5 Date (java.util.Date)5