use of com.android.hotspot2.pps.Credential in project android_frameworks_base by DirtyUnicorns.
the class MOManager method buildHomeSPTree.
private static OMANode buildHomeSPTree(HomeSP homeSP, OMAConstructed root, int instanceID) throws IOException {
OMANode providerSubNode = root.addChild(getInstanceString(instanceID), null, null, null);
// The HomeSP:
OMANode homeSpNode = providerSubNode.addChild(TAG_HomeSP, null, null, null);
if (!homeSP.getSSIDs().isEmpty()) {
OMAConstructed nwkIDNode = (OMAConstructed) homeSpNode.addChild(TAG_NetworkID, null, null, null);
int instance = 0;
for (Map.Entry<String, Long> entry : homeSP.getSSIDs().entrySet()) {
OMAConstructed inode = (OMAConstructed) nwkIDNode.addChild(getInstanceString(instance++), null, null, null);
inode.addChild(TAG_SSID, null, entry.getKey(), null);
if (entry.getValue() != null) {
inode.addChild(TAG_HESSID, null, String.format("%012x", entry.getValue()), null);
}
}
}
homeSpNode.addChild(TAG_FriendlyName, null, homeSP.getFriendlyName(), null);
if (homeSP.getIconURL() != null) {
homeSpNode.addChild(TAG_IconURL, null, homeSP.getIconURL(), null);
}
homeSpNode.addChild(TAG_FQDN, null, homeSP.getFQDN(), null);
if (!homeSP.getMatchAllOIs().isEmpty() || !homeSP.getMatchAnyOIs().isEmpty()) {
OMAConstructed homeOIList = (OMAConstructed) homeSpNode.addChild(TAG_HomeOIList, null, null, null);
int instance = 0;
for (Long oi : homeSP.getMatchAllOIs()) {
OMAConstructed inode = (OMAConstructed) homeOIList.addChild(getInstanceString(instance++), null, null, null);
inode.addChild(TAG_HomeOI, null, String.format("%x", oi), null);
inode.addChild(TAG_HomeOIRequired, null, "TRUE", null);
}
for (Long oi : homeSP.getMatchAnyOIs()) {
OMAConstructed inode = (OMAConstructed) homeOIList.addChild(getInstanceString(instance++), null, null, null);
inode.addChild(TAG_HomeOI, null, String.format("%x", oi), null);
inode.addChild(TAG_HomeOIRequired, null, "FALSE", null);
}
}
if (!homeSP.getOtherHomePartners().isEmpty()) {
OMAConstructed otherPartners = (OMAConstructed) homeSpNode.addChild(TAG_OtherHomePartners, null, null, null);
int instance = 0;
for (String fqdn : homeSP.getOtherHomePartners()) {
OMAConstructed inode = (OMAConstructed) otherPartners.addChild(getInstanceString(instance++), null, null, null);
inode.addChild(TAG_FQDN, null, fqdn, null);
}
}
if (!homeSP.getRoamingConsortiums().isEmpty()) {
homeSpNode.addChild(TAG_RoamingConsortiumOI, null, getRCList(homeSP.getRoamingConsortiums()), null);
}
// The Credential:
OMANode credentialNode = providerSubNode.addChild(TAG_Credential, null, null, null);
Credential cred = homeSP.getCredential();
EAPMethod method = cred.getEAPMethod();
if (cred.getCtime() > 0) {
credentialNode.addChild(TAG_CreationDate, null, DTFormat.format(new Date(cred.getCtime())), null);
}
if (cred.getExpTime() > 0) {
credentialNode.addChild(TAG_ExpirationDate, null, DTFormat.format(new Date(cred.getExpTime())), null);
}
if (method.getEAPMethodID() == EAP.EAPMethodID.EAP_SIM || method.getEAPMethodID() == EAP.EAPMethodID.EAP_AKA || method.getEAPMethodID() == EAP.EAPMethodID.EAP_AKAPrim) {
OMANode simNode = credentialNode.addChild(TAG_SIM, null, null, null);
simNode.addChild(TAG_IMSI, null, cred.getImsi().toString(), null);
simNode.addChild(TAG_EAPType, null, Integer.toString(EAP.mapEAPMethod(method.getEAPMethodID())), null);
} else if (method.getEAPMethodID() == EAP.EAPMethodID.EAP_TTLS) {
OMANode unpNode = credentialNode.addChild(TAG_UsernamePassword, null, null, null);
unpNode.addChild(TAG_Username, null, cred.getUserName(), null);
unpNode.addChild(TAG_Password, null, Base64.encodeToString(cred.getPassword().getBytes(StandardCharsets.UTF_8), Base64.DEFAULT), null);
OMANode eapNode = unpNode.addChild(TAG_EAPMethod, null, null, null);
eapNode.addChild(TAG_EAPType, null, Integer.toString(EAP.mapEAPMethod(method.getEAPMethodID())), null);
eapNode.addChild(TAG_InnerMethod, null, ((NonEAPInnerAuth) method.getAuthParam()).getOMAtype(), null);
} else if (method.getEAPMethodID() == EAP.EAPMethodID.EAP_TLS) {
OMANode certNode = credentialNode.addChild(TAG_DigitalCertificate, null, null, null);
certNode.addChild(TAG_CertificateType, null, Credential.CertTypeX509, null);
certNode.addChild(TAG_CertSHA256Fingerprint, null, Utils.toHex(cred.getFingerPrint()), null);
} else {
throw new OMAException("Invalid credential on " + homeSP.getFQDN());
}
credentialNode.addChild(TAG_Realm, null, cred.getRealm(), null);
//credentialNode.addChild(TAG_CheckAAAServerCertStatus, null, "TRUE", null);
return providerSubNode;
}
use of com.android.hotspot2.pps.Credential in project android_frameworks_base by AOSPA.
the class MOManager method modifySP.
public HomeSP modifySP(HomeSP homeSP, Collection<MOData> mods, OSUManager osuManager) throws IOException {
Log.d(OSUManager.TAG, "modifying SP: " + mods);
MOTree moTree;
int ppsMods = 0;
int updateIdentifier = 0;
try (BufferedInputStream in = new BufferedInputStream(new FileInputStream(mPpsFile))) {
moTree = MOTree.unmarshal(in);
// moTree is PPS/?/provider-data
OMAConstructed targetTree = findTargetTree(moTree, homeSP.getFQDN());
if (targetTree == null) {
throw new IOException("Failed to find PPS tree for " + homeSP.getFQDN());
}
OMAConstructed instance = getInstanceNode(targetTree);
for (MOData mod : mods) {
LinkedList<String> tailPath = getTailPath(mod.getBaseURI(), TAG_PerProviderSubscription);
OMAConstructed modRoot = mod.getMOTree().getRoot();
if (tailPath.getFirst().equals(TAG_UpdateIdentifier)) {
updateIdentifier = getInteger(modRoot.getChildren().iterator().next());
OMANode oldUdi = targetTree.getChild(TAG_UpdateIdentifier);
if (getInteger(oldUdi) != updateIdentifier) {
ppsMods++;
}
if (oldUdi != null) {
targetTree.replaceNode(oldUdi, modRoot.getChild(TAG_UpdateIdentifier));
} else {
targetTree.addChild(modRoot.getChild(TAG_UpdateIdentifier));
}
} else {
// Drop the instance
tailPath.removeFirst();
OMANode current = instance.getListValue(tailPath.iterator());
if (current == null) {
throw new IOException("No previous node for " + tailPath + " in " + homeSP.getFQDN());
}
for (OMANode newNode : modRoot.getChildren()) {
// newNode is something like Credential
// current is the same existing node
OMANode old = current.getParent().replaceNode(current, newNode);
ppsMods++;
}
}
}
}
writeMO(moTree, mPpsFile, osuManager);
if (ppsMods == 0) {
// HomeSP not modified.
return null;
}
// Return a new rebuilt HomeSP
List<HomeSP> sps = buildSPs(moTree);
if (sps != null) {
for (HomeSP sp : sps) {
if (sp.getFQDN().equals(homeSP.getFQDN())) {
return sp;
}
}
} else {
throw new OMAException("Failed to build HomeSP");
}
return null;
}
use of com.android.hotspot2.pps.Credential in project android_frameworks_base by AOSPA.
the class MOManager method buildCredential.
private static Credential buildCredential(OMANode credNode) throws OMAException {
long ctime = getTime(credNode.getChild(TAG_CreationDate));
long expTime = getTime(credNode.getChild(TAG_ExpirationDate));
String realm = getString(credNode.getChild(TAG_Realm));
boolean checkAAACert = getBoolean(credNode.getChild(TAG_CheckAAAServerCertStatus));
OMANode unNode = credNode.getChild(TAG_UsernamePassword);
OMANode certNode = credNode.getChild(TAG_DigitalCertificate);
OMANode simNode = credNode.getChild(TAG_SIM);
int alternatives = 0;
alternatives += unNode != null ? 1 : 0;
alternatives += certNode != null ? 1 : 0;
alternatives += simNode != null ? 1 : 0;
if (alternatives != 1) {
throw new OMAException("Expected exactly one credential type, got " + alternatives);
}
if (unNode != null) {
String userName = getString(unNode.getChild(TAG_Username));
String password = getString(unNode.getChild(TAG_Password));
boolean machineManaged = getBoolean(unNode.getChild(TAG_MachineManaged));
String softTokenApp = getString(unNode.getChild(TAG_SoftTokenApp));
boolean ableToShare = getBoolean(unNode.getChild(TAG_AbleToShare));
OMANode eapMethodNode = unNode.getChild(TAG_EAPMethod);
int eapID = getInteger(eapMethodNode.getChild(TAG_EAPType));
EAP.EAPMethodID eapMethodID = EAP.mapEAPMethod(eapID);
if (eapMethodID == null) {
throw new OMAException("Unknown EAP method: " + eapID);
}
Long vid = getOptionalInteger(eapMethodNode.getChild(TAG_VendorId));
Long vtype = getOptionalInteger(eapMethodNode.getChild(TAG_VendorType));
Long innerEAPType = getOptionalInteger(eapMethodNode.getChild(TAG_InnerEAPType));
EAP.EAPMethodID innerEAPMethod = null;
if (innerEAPType != null) {
innerEAPMethod = EAP.mapEAPMethod(innerEAPType.intValue());
if (innerEAPMethod == null) {
throw new OMAException("Bad inner EAP method: " + innerEAPType);
}
}
Long innerVid = getOptionalInteger(eapMethodNode.getChild(TAG_InnerVendorID));
Long innerVtype = getOptionalInteger(eapMethodNode.getChild(TAG_InnerVendorType));
String innerNonEAPMethod = getString(eapMethodNode.getChild(TAG_InnerMethod));
EAPMethod eapMethod;
if (innerEAPMethod != null) {
eapMethod = new EAPMethod(eapMethodID, new InnerAuthEAP(innerEAPMethod));
} else if (vid != null) {
eapMethod = new EAPMethod(eapMethodID, new ExpandedEAPMethod(EAP.AuthInfoID.ExpandedEAPMethod, vid.intValue(), vtype));
} else if (innerVid != null) {
eapMethod = new EAPMethod(eapMethodID, new ExpandedEAPMethod(EAP.AuthInfoID.ExpandedInnerEAPMethod, innerVid.intValue(), innerVtype));
} else if (innerNonEAPMethod != null) {
eapMethod = new EAPMethod(eapMethodID, new NonEAPInnerAuth(innerNonEAPMethod));
} else {
throw new OMAException("Incomplete set of EAP parameters");
}
return new Credential(ctime, expTime, realm, checkAAACert, eapMethod, userName, password, machineManaged, softTokenApp, ableToShare);
}
if (certNode != null) {
try {
String certTypeString = getString(certNode.getChild(TAG_CertificateType));
byte[] fingerPrint = getOctets(certNode.getChild(TAG_CertSHA256Fingerprint));
EAPMethod eapMethod = new EAPMethod(EAP.EAPMethodID.EAP_TLS, null);
return new Credential(ctime, expTime, realm, checkAAACert, eapMethod, Credential.mapCertType(certTypeString), fingerPrint);
} catch (NumberFormatException nfe) {
throw new OMAException("Bad hex string: " + nfe.toString());
}
}
if (simNode != null) {
try {
IMSIParameter imsi = new IMSIParameter(getString(simNode.getChild(TAG_IMSI)));
EAPMethod eapMethod = new EAPMethod(EAP.mapEAPMethod(getInteger(simNode.getChild(TAG_EAPType))), null);
return new Credential(ctime, expTime, realm, checkAAACert, eapMethod, imsi);
} catch (IOException ioe) {
throw new OMAException("Failed to parse IMSI: " + ioe);
}
}
throw new OMAException("Missing credential parameters");
}
use of com.android.hotspot2.pps.Credential in project android_frameworks_base by AOSPA.
the class ConfigBuilder method buildConfig.
public static WifiConfiguration buildConfig(HomeSP homeSP, X509Certificate caCert, List<X509Certificate> clientChain, PrivateKey key) throws IOException, GeneralSecurityException {
Credential credential = homeSP.getCredential();
WifiConfiguration config;
EAP.EAPMethodID eapMethodID = credential.getEAPMethod().getEAPMethodID();
switch(eapMethodID) {
case EAP_TTLS:
if (key != null || clientChain != null) {
Log.w(TAG, "Client cert and/or key included with EAP-TTLS profile");
}
config = buildTTLSConfig(homeSP);
break;
case EAP_TLS:
config = buildTLSConfig(homeSP, clientChain, key);
break;
case EAP_AKA:
case EAP_AKAPrim:
case EAP_SIM:
if (key != null || clientChain != null || caCert != null) {
Log.i(TAG, "Client/CA cert and/or key included with " + eapMethodID + " profile");
}
config = buildSIMConfig(homeSP);
break;
default:
throw new IOException("Unsupported EAP Method: " + eapMethodID);
}
WifiEnterpriseConfig enterpriseConfig = config.enterpriseConfig;
enterpriseConfig.setCaCertificate(caCert);
enterpriseConfig.setAnonymousIdentity("anonymous@" + credential.getRealm());
return config;
}
use of com.android.hotspot2.pps.Credential in project android_frameworks_base by AOSPA.
the class ConfigBuilder method buildSIMConfig.
private static WifiConfiguration buildSIMConfig(HomeSP homeSP) throws IOException {
Credential credential = homeSP.getCredential();
IMSIParameter credImsi = credential.getImsi();
/*
* Uncomment to enforce strict IMSI matching with currently installed SIM cards.
*
TelephonyManager tm = TelephonyManager.from(context);
SubscriptionManager sub = SubscriptionManager.from(context);
boolean match = false;
for (int subId : sub.getActiveSubscriptionIdList()) {
String imsi = tm.getSubscriberId(subId);
if (credImsi.matches(imsi)) {
match = true;
break;
}
}
if (!match) {
throw new IOException("Supplied IMSI does not match any SIM card");
}
*/
WifiConfiguration config = buildBaseConfiguration(homeSP);
config.enterpriseConfig.setPlmn(credImsi.toString());
return config;
}
Aggregations