Search in sources :

Example 11 with NonEAPInnerAuth

use of com.android.anqp.eap.NonEAPInnerAuth in project android_frameworks_base by AOSPA.

the class MOManager method buildHomeSPTree.

private static OMANode buildHomeSPTree(HomeSP homeSP, OMAConstructed root, int instanceID) throws IOException {
    OMANode providerSubNode = root.addChild(getInstanceString(instanceID), null, null, null);
    // The HomeSP:
    OMANode homeSpNode = providerSubNode.addChild(TAG_HomeSP, null, null, null);
    if (!homeSP.getSSIDs().isEmpty()) {
        OMAConstructed nwkIDNode = (OMAConstructed) homeSpNode.addChild(TAG_NetworkID, null, null, null);
        int instance = 0;
        for (Map.Entry<String, Long> entry : homeSP.getSSIDs().entrySet()) {
            OMAConstructed inode = (OMAConstructed) nwkIDNode.addChild(getInstanceString(instance++), null, null, null);
            inode.addChild(TAG_SSID, null, entry.getKey(), null);
            if (entry.getValue() != null) {
                inode.addChild(TAG_HESSID, null, String.format("%012x", entry.getValue()), null);
            }
        }
    }
    homeSpNode.addChild(TAG_FriendlyName, null, homeSP.getFriendlyName(), null);
    if (homeSP.getIconURL() != null) {
        homeSpNode.addChild(TAG_IconURL, null, homeSP.getIconURL(), null);
    }
    homeSpNode.addChild(TAG_FQDN, null, homeSP.getFQDN(), null);
    if (!homeSP.getMatchAllOIs().isEmpty() || !homeSP.getMatchAnyOIs().isEmpty()) {
        OMAConstructed homeOIList = (OMAConstructed) homeSpNode.addChild(TAG_HomeOIList, null, null, null);
        int instance = 0;
        for (Long oi : homeSP.getMatchAllOIs()) {
            OMAConstructed inode = (OMAConstructed) homeOIList.addChild(getInstanceString(instance++), null, null, null);
            inode.addChild(TAG_HomeOI, null, String.format("%x", oi), null);
            inode.addChild(TAG_HomeOIRequired, null, "TRUE", null);
        }
        for (Long oi : homeSP.getMatchAnyOIs()) {
            OMAConstructed inode = (OMAConstructed) homeOIList.addChild(getInstanceString(instance++), null, null, null);
            inode.addChild(TAG_HomeOI, null, String.format("%x", oi), null);
            inode.addChild(TAG_HomeOIRequired, null, "FALSE", null);
        }
    }
    if (!homeSP.getOtherHomePartners().isEmpty()) {
        OMAConstructed otherPartners = (OMAConstructed) homeSpNode.addChild(TAG_OtherHomePartners, null, null, null);
        int instance = 0;
        for (String fqdn : homeSP.getOtherHomePartners()) {
            OMAConstructed inode = (OMAConstructed) otherPartners.addChild(getInstanceString(instance++), null, null, null);
            inode.addChild(TAG_FQDN, null, fqdn, null);
        }
    }
    if (!homeSP.getRoamingConsortiums().isEmpty()) {
        homeSpNode.addChild(TAG_RoamingConsortiumOI, null, getRCList(homeSP.getRoamingConsortiums()), null);
    }
    // The Credential:
    OMANode credentialNode = providerSubNode.addChild(TAG_Credential, null, null, null);
    Credential cred = homeSP.getCredential();
    EAPMethod method = cred.getEAPMethod();
    if (cred.getCtime() > 0) {
        credentialNode.addChild(TAG_CreationDate, null, DTFormat.format(new Date(cred.getCtime())), null);
    }
    if (cred.getExpTime() > 0) {
        credentialNode.addChild(TAG_ExpirationDate, null, DTFormat.format(new Date(cred.getExpTime())), null);
    }
    if (method.getEAPMethodID() == EAP.EAPMethodID.EAP_SIM || method.getEAPMethodID() == EAP.EAPMethodID.EAP_AKA || method.getEAPMethodID() == EAP.EAPMethodID.EAP_AKAPrim) {
        OMANode simNode = credentialNode.addChild(TAG_SIM, null, null, null);
        simNode.addChild(TAG_IMSI, null, cred.getImsi().toString(), null);
        simNode.addChild(TAG_EAPType, null, Integer.toString(EAP.mapEAPMethod(method.getEAPMethodID())), null);
    } else if (method.getEAPMethodID() == EAP.EAPMethodID.EAP_TTLS) {
        OMANode unpNode = credentialNode.addChild(TAG_UsernamePassword, null, null, null);
        unpNode.addChild(TAG_Username, null, cred.getUserName(), null);
        unpNode.addChild(TAG_Password, null, Base64.encodeToString(cred.getPassword().getBytes(StandardCharsets.UTF_8), Base64.DEFAULT), null);
        OMANode eapNode = unpNode.addChild(TAG_EAPMethod, null, null, null);
        eapNode.addChild(TAG_EAPType, null, Integer.toString(EAP.mapEAPMethod(method.getEAPMethodID())), null);
        eapNode.addChild(TAG_InnerMethod, null, ((NonEAPInnerAuth) method.getAuthParam()).getOMAtype(), null);
    } else if (method.getEAPMethodID() == EAP.EAPMethodID.EAP_TLS) {
        OMANode certNode = credentialNode.addChild(TAG_DigitalCertificate, null, null, null);
        certNode.addChild(TAG_CertificateType, null, Credential.CertTypeX509, null);
        certNode.addChild(TAG_CertSHA256Fingerprint, null, Utils.toHex(cred.getFingerPrint()), null);
    } else {
        throw new OMAException("Invalid credential on " + homeSP.getFQDN());
    }
    credentialNode.addChild(TAG_Realm, null, cred.getRealm(), null);
    //credentialNode.addChild(TAG_CheckAAAServerCertStatus, null, "TRUE", null);
    return providerSubNode;
}
Also used : Credential(com.android.hotspot2.pps.Credential) HashMap(java.util.HashMap) Map(java.util.Map) ExpandedEAPMethod(com.android.anqp.eap.ExpandedEAPMethod) EAPMethod(com.android.anqp.eap.EAPMethod) Date(java.util.Date) NonEAPInnerAuth(com.android.anqp.eap.NonEAPInnerAuth)

Example 12 with NonEAPInnerAuth

use of com.android.anqp.eap.NonEAPInnerAuth in project android_frameworks_base by AOSPA.

the class ConfigBuilder method buildTTLSConfig.

// Retain for debugging purposes
/*
    private static void xIterateCerts(KeyStore ks, X509Certificate caCert)
            throws GeneralSecurityException {
        Enumeration<String> aliases = ks.aliases();
        while (aliases.hasMoreElements()) {
            String alias = aliases.nextElement();
            Certificate cert = ks.getCertificate(alias);
            Log.d("HS2J", "Checking " + alias);
            if (cert instanceof X509Certificate) {
                X509Certificate x509Certificate = (X509Certificate) cert;
                boolean sm = x509Certificate.getSubjectX500Principal().equals(
                        caCert.getSubjectX500Principal());
                boolean eq = false;
                if (sm) {
                    eq = Arrays.equals(x509Certificate.getEncoded(), caCert.getEncoded());
                }
                Log.d("HS2J", "Subject: " + x509Certificate.getSubjectX500Principal() +
                        ": " + sm + "/" + eq);
            }
        }
    }
    */
private static WifiConfiguration buildTTLSConfig(HomeSP homeSP) throws IOException {
    Credential credential = homeSP.getCredential();
    if (credential.getUserName() == null || credential.getPassword() == null) {
        throw new IOException("EAP-TTLS provisioned without user name or password");
    }
    EAPMethod eapMethod = credential.getEAPMethod();
    AuthParam authParam = eapMethod.getAuthParam();
    if (authParam == null || authParam.getAuthInfoID() != EAP.AuthInfoID.NonEAPInnerAuthType) {
        throw new IOException("Bad auth parameter for EAP-TTLS: " + authParam);
    }
    WifiConfiguration config = buildBaseConfiguration(homeSP);
    NonEAPInnerAuth ttlsParam = (NonEAPInnerAuth) authParam;
    WifiEnterpriseConfig enterpriseConfig = config.enterpriseConfig;
    enterpriseConfig.setPhase2Method(remapInnerMethod(ttlsParam.getType()));
    enterpriseConfig.setIdentity(credential.getUserName());
    enterpriseConfig.setPassword(credential.getPassword());
    return config;
}
Also used : WifiEnterpriseConfig(android.net.wifi.WifiEnterpriseConfig) Credential(com.android.hotspot2.pps.Credential) WifiConfiguration(android.net.wifi.WifiConfiguration) IOException(java.io.IOException) AuthParam(com.android.anqp.eap.AuthParam) EAPMethod(com.android.anqp.eap.EAPMethod) NonEAPInnerAuth(com.android.anqp.eap.NonEAPInnerAuth)

Example 13 with NonEAPInnerAuth

use of com.android.anqp.eap.NonEAPInnerAuth in project android_frameworks_base by DirtyUnicorns.

the class MOManager method buildCredential.

private static Credential buildCredential(OMANode credNode) throws OMAException {
    long ctime = getTime(credNode.getChild(TAG_CreationDate));
    long expTime = getTime(credNode.getChild(TAG_ExpirationDate));
    String realm = getString(credNode.getChild(TAG_Realm));
    boolean checkAAACert = getBoolean(credNode.getChild(TAG_CheckAAAServerCertStatus));
    OMANode unNode = credNode.getChild(TAG_UsernamePassword);
    OMANode certNode = credNode.getChild(TAG_DigitalCertificate);
    OMANode simNode = credNode.getChild(TAG_SIM);
    int alternatives = 0;
    alternatives += unNode != null ? 1 : 0;
    alternatives += certNode != null ? 1 : 0;
    alternatives += simNode != null ? 1 : 0;
    if (alternatives != 1) {
        throw new OMAException("Expected exactly one credential type, got " + alternatives);
    }
    if (unNode != null) {
        String userName = getString(unNode.getChild(TAG_Username));
        String password = getString(unNode.getChild(TAG_Password));
        boolean machineManaged = getBoolean(unNode.getChild(TAG_MachineManaged));
        String softTokenApp = getString(unNode.getChild(TAG_SoftTokenApp));
        boolean ableToShare = getBoolean(unNode.getChild(TAG_AbleToShare));
        OMANode eapMethodNode = unNode.getChild(TAG_EAPMethod);
        int eapID = getInteger(eapMethodNode.getChild(TAG_EAPType));
        EAP.EAPMethodID eapMethodID = EAP.mapEAPMethod(eapID);
        if (eapMethodID == null) {
            throw new OMAException("Unknown EAP method: " + eapID);
        }
        Long vid = getOptionalInteger(eapMethodNode.getChild(TAG_VendorId));
        Long vtype = getOptionalInteger(eapMethodNode.getChild(TAG_VendorType));
        Long innerEAPType = getOptionalInteger(eapMethodNode.getChild(TAG_InnerEAPType));
        EAP.EAPMethodID innerEAPMethod = null;
        if (innerEAPType != null) {
            innerEAPMethod = EAP.mapEAPMethod(innerEAPType.intValue());
            if (innerEAPMethod == null) {
                throw new OMAException("Bad inner EAP method: " + innerEAPType);
            }
        }
        Long innerVid = getOptionalInteger(eapMethodNode.getChild(TAG_InnerVendorID));
        Long innerVtype = getOptionalInteger(eapMethodNode.getChild(TAG_InnerVendorType));
        String innerNonEAPMethod = getString(eapMethodNode.getChild(TAG_InnerMethod));
        EAPMethod eapMethod;
        if (innerEAPMethod != null) {
            eapMethod = new EAPMethod(eapMethodID, new InnerAuthEAP(innerEAPMethod));
        } else if (vid != null) {
            eapMethod = new EAPMethod(eapMethodID, new ExpandedEAPMethod(EAP.AuthInfoID.ExpandedEAPMethod, vid.intValue(), vtype));
        } else if (innerVid != null) {
            eapMethod = new EAPMethod(eapMethodID, new ExpandedEAPMethod(EAP.AuthInfoID.ExpandedInnerEAPMethod, innerVid.intValue(), innerVtype));
        } else if (innerNonEAPMethod != null) {
            eapMethod = new EAPMethod(eapMethodID, new NonEAPInnerAuth(innerNonEAPMethod));
        } else {
            throw new OMAException("Incomplete set of EAP parameters");
        }
        return new Credential(ctime, expTime, realm, checkAAACert, eapMethod, userName, password, machineManaged, softTokenApp, ableToShare);
    }
    if (certNode != null) {
        try {
            String certTypeString = getString(certNode.getChild(TAG_CertificateType));
            byte[] fingerPrint = getOctets(certNode.getChild(TAG_CertSHA256Fingerprint));
            EAPMethod eapMethod = new EAPMethod(EAP.EAPMethodID.EAP_TLS, null);
            return new Credential(ctime, expTime, realm, checkAAACert, eapMethod, Credential.mapCertType(certTypeString), fingerPrint);
        } catch (NumberFormatException nfe) {
            throw new OMAException("Bad hex string: " + nfe.toString());
        }
    }
    if (simNode != null) {
        try {
            IMSIParameter imsi = new IMSIParameter(getString(simNode.getChild(TAG_IMSI)));
            EAPMethod eapMethod = new EAPMethod(EAP.mapEAPMethod(getInteger(simNode.getChild(TAG_EAPType))), null);
            return new Credential(ctime, expTime, realm, checkAAACert, eapMethod, imsi);
        } catch (IOException ioe) {
            throw new OMAException("Failed to parse IMSI: " + ioe);
        }
    }
    throw new OMAException("Missing credential parameters");
}
Also used : Credential(com.android.hotspot2.pps.Credential) InnerAuthEAP(com.android.anqp.eap.InnerAuthEAP) IOException(java.io.IOException) ExpandedEAPMethod(com.android.anqp.eap.ExpandedEAPMethod) EAPMethod(com.android.anqp.eap.EAPMethod) ExpandedEAPMethod(com.android.anqp.eap.ExpandedEAPMethod) InnerAuthEAP(com.android.anqp.eap.InnerAuthEAP) EAP(com.android.anqp.eap.EAP) IMSIParameter(com.android.hotspot2.IMSIParameter) NonEAPInnerAuth(com.android.anqp.eap.NonEAPInnerAuth)

Example 14 with NonEAPInnerAuth

use of com.android.anqp.eap.NonEAPInnerAuth in project android_frameworks_base by ResurrectionRemix.

the class MOManager method buildCredential.

private static Credential buildCredential(OMANode credNode) throws OMAException {
    long ctime = getTime(credNode.getChild(TAG_CreationDate));
    long expTime = getTime(credNode.getChild(TAG_ExpirationDate));
    String realm = getString(credNode.getChild(TAG_Realm));
    boolean checkAAACert = getBoolean(credNode.getChild(TAG_CheckAAAServerCertStatus));
    OMANode unNode = credNode.getChild(TAG_UsernamePassword);
    OMANode certNode = credNode.getChild(TAG_DigitalCertificate);
    OMANode simNode = credNode.getChild(TAG_SIM);
    int alternatives = 0;
    alternatives += unNode != null ? 1 : 0;
    alternatives += certNode != null ? 1 : 0;
    alternatives += simNode != null ? 1 : 0;
    if (alternatives != 1) {
        throw new OMAException("Expected exactly one credential type, got " + alternatives);
    }
    if (unNode != null) {
        String userName = getString(unNode.getChild(TAG_Username));
        String password = getString(unNode.getChild(TAG_Password));
        boolean machineManaged = getBoolean(unNode.getChild(TAG_MachineManaged));
        String softTokenApp = getString(unNode.getChild(TAG_SoftTokenApp));
        boolean ableToShare = getBoolean(unNode.getChild(TAG_AbleToShare));
        OMANode eapMethodNode = unNode.getChild(TAG_EAPMethod);
        int eapID = getInteger(eapMethodNode.getChild(TAG_EAPType));
        EAP.EAPMethodID eapMethodID = EAP.mapEAPMethod(eapID);
        if (eapMethodID == null) {
            throw new OMAException("Unknown EAP method: " + eapID);
        }
        Long vid = getOptionalInteger(eapMethodNode.getChild(TAG_VendorId));
        Long vtype = getOptionalInteger(eapMethodNode.getChild(TAG_VendorType));
        Long innerEAPType = getOptionalInteger(eapMethodNode.getChild(TAG_InnerEAPType));
        EAP.EAPMethodID innerEAPMethod = null;
        if (innerEAPType != null) {
            innerEAPMethod = EAP.mapEAPMethod(innerEAPType.intValue());
            if (innerEAPMethod == null) {
                throw new OMAException("Bad inner EAP method: " + innerEAPType);
            }
        }
        Long innerVid = getOptionalInteger(eapMethodNode.getChild(TAG_InnerVendorID));
        Long innerVtype = getOptionalInteger(eapMethodNode.getChild(TAG_InnerVendorType));
        String innerNonEAPMethod = getString(eapMethodNode.getChild(TAG_InnerMethod));
        EAPMethod eapMethod;
        if (innerEAPMethod != null) {
            eapMethod = new EAPMethod(eapMethodID, new InnerAuthEAP(innerEAPMethod));
        } else if (vid != null) {
            eapMethod = new EAPMethod(eapMethodID, new ExpandedEAPMethod(EAP.AuthInfoID.ExpandedEAPMethod, vid.intValue(), vtype));
        } else if (innerVid != null) {
            eapMethod = new EAPMethod(eapMethodID, new ExpandedEAPMethod(EAP.AuthInfoID.ExpandedInnerEAPMethod, innerVid.intValue(), innerVtype));
        } else if (innerNonEAPMethod != null) {
            eapMethod = new EAPMethod(eapMethodID, new NonEAPInnerAuth(innerNonEAPMethod));
        } else {
            throw new OMAException("Incomplete set of EAP parameters");
        }
        return new Credential(ctime, expTime, realm, checkAAACert, eapMethod, userName, password, machineManaged, softTokenApp, ableToShare);
    }
    if (certNode != null) {
        try {
            String certTypeString = getString(certNode.getChild(TAG_CertificateType));
            byte[] fingerPrint = getOctets(certNode.getChild(TAG_CertSHA256Fingerprint));
            EAPMethod eapMethod = new EAPMethod(EAP.EAPMethodID.EAP_TLS, null);
            return new Credential(ctime, expTime, realm, checkAAACert, eapMethod, Credential.mapCertType(certTypeString), fingerPrint);
        } catch (NumberFormatException nfe) {
            throw new OMAException("Bad hex string: " + nfe.toString());
        }
    }
    if (simNode != null) {
        try {
            IMSIParameter imsi = new IMSIParameter(getString(simNode.getChild(TAG_IMSI)));
            EAPMethod eapMethod = new EAPMethod(EAP.mapEAPMethod(getInteger(simNode.getChild(TAG_EAPType))), null);
            return new Credential(ctime, expTime, realm, checkAAACert, eapMethod, imsi);
        } catch (IOException ioe) {
            throw new OMAException("Failed to parse IMSI: " + ioe);
        }
    }
    throw new OMAException("Missing credential parameters");
}
Also used : Credential(com.android.hotspot2.pps.Credential) InnerAuthEAP(com.android.anqp.eap.InnerAuthEAP) IOException(java.io.IOException) ExpandedEAPMethod(com.android.anqp.eap.ExpandedEAPMethod) EAPMethod(com.android.anqp.eap.EAPMethod) ExpandedEAPMethod(com.android.anqp.eap.ExpandedEAPMethod) InnerAuthEAP(com.android.anqp.eap.InnerAuthEAP) EAP(com.android.anqp.eap.EAP) IMSIParameter(com.android.hotspot2.IMSIParameter) NonEAPInnerAuth(com.android.anqp.eap.NonEAPInnerAuth)

Example 15 with NonEAPInnerAuth

use of com.android.anqp.eap.NonEAPInnerAuth in project android_frameworks_base by crdroidandroid.

the class ConfigBuilder method buildTTLSConfig.

// Retain for debugging purposes
/*
    private static void xIterateCerts(KeyStore ks, X509Certificate caCert)
            throws GeneralSecurityException {
        Enumeration<String> aliases = ks.aliases();
        while (aliases.hasMoreElements()) {
            String alias = aliases.nextElement();
            Certificate cert = ks.getCertificate(alias);
            Log.d("HS2J", "Checking " + alias);
            if (cert instanceof X509Certificate) {
                X509Certificate x509Certificate = (X509Certificate) cert;
                boolean sm = x509Certificate.getSubjectX500Principal().equals(
                        caCert.getSubjectX500Principal());
                boolean eq = false;
                if (sm) {
                    eq = Arrays.equals(x509Certificate.getEncoded(), caCert.getEncoded());
                }
                Log.d("HS2J", "Subject: " + x509Certificate.getSubjectX500Principal() +
                        ": " + sm + "/" + eq);
            }
        }
    }
    */
private static WifiConfiguration buildTTLSConfig(HomeSP homeSP) throws IOException {
    Credential credential = homeSP.getCredential();
    if (credential.getUserName() == null || credential.getPassword() == null) {
        throw new IOException("EAP-TTLS provisioned without user name or password");
    }
    EAPMethod eapMethod = credential.getEAPMethod();
    AuthParam authParam = eapMethod.getAuthParam();
    if (authParam == null || authParam.getAuthInfoID() != EAP.AuthInfoID.NonEAPInnerAuthType) {
        throw new IOException("Bad auth parameter for EAP-TTLS: " + authParam);
    }
    WifiConfiguration config = buildBaseConfiguration(homeSP);
    NonEAPInnerAuth ttlsParam = (NonEAPInnerAuth) authParam;
    WifiEnterpriseConfig enterpriseConfig = config.enterpriseConfig;
    enterpriseConfig.setPhase2Method(remapInnerMethod(ttlsParam.getType()));
    enterpriseConfig.setIdentity(credential.getUserName());
    enterpriseConfig.setPassword(credential.getPassword());
    return config;
}
Also used : WifiEnterpriseConfig(android.net.wifi.WifiEnterpriseConfig) Credential(com.android.hotspot2.pps.Credential) WifiConfiguration(android.net.wifi.WifiConfiguration) IOException(java.io.IOException) AuthParam(com.android.anqp.eap.AuthParam) EAPMethod(com.android.anqp.eap.EAPMethod) NonEAPInnerAuth(com.android.anqp.eap.NonEAPInnerAuth)

Aggregations

EAPMethod (com.android.anqp.eap.EAPMethod)15 NonEAPInnerAuth (com.android.anqp.eap.NonEAPInnerAuth)15 Credential (com.android.hotspot2.pps.Credential)15 ExpandedEAPMethod (com.android.anqp.eap.ExpandedEAPMethod)10 IOException (java.io.IOException)10 WifiConfiguration (android.net.wifi.WifiConfiguration)5 WifiEnterpriseConfig (android.net.wifi.WifiEnterpriseConfig)5 AuthParam (com.android.anqp.eap.AuthParam)5 EAP (com.android.anqp.eap.EAP)5 InnerAuthEAP (com.android.anqp.eap.InnerAuthEAP)5 IMSIParameter (com.android.hotspot2.IMSIParameter)5 Date (java.util.Date)5 HashMap (java.util.HashMap)5 Map (java.util.Map)5