use of android.net.wifi.hotspot2.pps.Credential in project android_frameworks_base by crdroidandroid.
the class ConfigBuilder method buildTTLSConfig.
// Retain for debugging purposes
/*
private static void xIterateCerts(KeyStore ks, X509Certificate caCert)
throws GeneralSecurityException {
Enumeration<String> aliases = ks.aliases();
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
Certificate cert = ks.getCertificate(alias);
Log.d("HS2J", "Checking " + alias);
if (cert instanceof X509Certificate) {
X509Certificate x509Certificate = (X509Certificate) cert;
boolean sm = x509Certificate.getSubjectX500Principal().equals(
caCert.getSubjectX500Principal());
boolean eq = false;
if (sm) {
eq = Arrays.equals(x509Certificate.getEncoded(), caCert.getEncoded());
}
Log.d("HS2J", "Subject: " + x509Certificate.getSubjectX500Principal() +
": " + sm + "/" + eq);
}
}
}
*/
private static WifiConfiguration buildTTLSConfig(HomeSP homeSP) throws IOException {
Credential credential = homeSP.getCredential();
if (credential.getUserName() == null || credential.getPassword() == null) {
throw new IOException("EAP-TTLS provisioned without user name or password");
}
EAPMethod eapMethod = credential.getEAPMethod();
AuthParam authParam = eapMethod.getAuthParam();
if (authParam == null || authParam.getAuthInfoID() != EAP.AuthInfoID.NonEAPInnerAuthType) {
throw new IOException("Bad auth parameter for EAP-TTLS: " + authParam);
}
WifiConfiguration config = buildBaseConfiguration(homeSP);
NonEAPInnerAuth ttlsParam = (NonEAPInnerAuth) authParam;
WifiEnterpriseConfig enterpriseConfig = config.enterpriseConfig;
enterpriseConfig.setPhase2Method(remapInnerMethod(ttlsParam.getType()));
enterpriseConfig.setIdentity(credential.getUserName());
enterpriseConfig.setPassword(credential.getPassword());
return config;
}
use of android.net.wifi.hotspot2.pps.Credential in project android_frameworks_base by crdroidandroid.
the class ConfigBuilder method buildConfig.
public static WifiConfiguration buildConfig(HomeSP homeSP, X509Certificate caCert, List<X509Certificate> clientChain, PrivateKey key) throws IOException, GeneralSecurityException {
Credential credential = homeSP.getCredential();
WifiConfiguration config;
EAP.EAPMethodID eapMethodID = credential.getEAPMethod().getEAPMethodID();
switch(eapMethodID) {
case EAP_TTLS:
if (key != null || clientChain != null) {
Log.w(TAG, "Client cert and/or key included with EAP-TTLS profile");
}
config = buildTTLSConfig(homeSP);
break;
case EAP_TLS:
config = buildTLSConfig(homeSP, clientChain, key);
break;
case EAP_AKA:
case EAP_AKAPrim:
case EAP_SIM:
if (key != null || clientChain != null || caCert != null) {
Log.i(TAG, "Client/CA cert and/or key included with " + eapMethodID + " profile");
}
config = buildSIMConfig(homeSP);
break;
default:
throw new IOException("Unsupported EAP Method: " + eapMethodID);
}
WifiEnterpriseConfig enterpriseConfig = config.enterpriseConfig;
enterpriseConfig.setCaCertificate(caCert);
enterpriseConfig.setAnonymousIdentity("anonymous@" + credential.getRealm());
return config;
}
use of android.net.wifi.hotspot2.pps.Credential in project android_frameworks_base by crdroidandroid.
the class ConfigBuilder method buildTLSConfig.
private static WifiConfiguration buildTLSConfig(HomeSP homeSP, List<X509Certificate> clientChain, PrivateKey clientKey) throws IOException, GeneralSecurityException {
Credential credential = homeSP.getCredential();
X509Certificate clientCertificate = null;
if (clientKey == null || clientChain == null) {
throw new IOException("No key and/or cert passed for EAP-TLS");
}
if (credential.getCertType() != Credential.CertType.x509v3) {
throw new IOException("Invalid certificate type for TLS: " + credential.getCertType());
}
byte[] reference = credential.getFingerPrint();
MessageDigest digester = MessageDigest.getInstance("SHA-256");
for (X509Certificate certificate : clientChain) {
digester.reset();
byte[] fingerprint = digester.digest(certificate.getEncoded());
if (Arrays.equals(reference, fingerprint)) {
clientCertificate = certificate;
break;
}
}
if (clientCertificate == null) {
throw new IOException("No certificate in chain matches supplied fingerprint");
}
String alias = Base64.encodeToString(reference, Base64.DEFAULT);
WifiConfiguration config = buildBaseConfiguration(homeSP);
WifiEnterpriseConfig enterpriseConfig = config.enterpriseConfig;
enterpriseConfig.setClientCertificateAlias(alias);
enterpriseConfig.setClientKeyEntry(clientKey, clientCertificate);
return config;
}
Aggregations