Example 26 with Credential
use of com.android.hotspot2.pps.Credential in project platform_frameworks_base by android.
the class ConfigBuilder method buildSIMConfig.
private static WifiConfiguration buildSIMConfig(HomeSP homeSP) throws IOException {
Credential credential = homeSP.getCredential();
IMSIParameter credImsi = credential.getImsi();
/*
* Uncomment to enforce strict IMSI matching with currently installed SIM cards.
*
TelephonyManager tm = TelephonyManager.from(context);
SubscriptionManager sub = SubscriptionManager.from(context);
boolean match = false;
for (int subId : sub.getActiveSubscriptionIdList()) {
String imsi = tm.getSubscriberId(subId);
if (credImsi.matches(imsi)) {
match = true;
break;
}
}
if (!match) {
throw new IOException("Supplied IMSI does not match any SIM card");
}
*/
WifiConfiguration config = buildBaseConfiguration(homeSP);
config.enterpriseConfig.setPlmn(credImsi.toString());
return config;
}
Also used :
Credential(com.android.hotspot2.pps.Credential)
WifiConfiguration(android.net.wifi.WifiConfiguration)
IMSIParameter(com.android.hotspot2.IMSIParameter)
Example 27 with Credential
use of com.android.hotspot2.pps.Credential in project platform_frameworks_base by android.
the class ConfigBuilder method buildTLSConfig.
private static WifiConfiguration buildTLSConfig(HomeSP homeSP, List<X509Certificate> clientChain, PrivateKey clientKey) throws IOException, GeneralSecurityException {
Credential credential = homeSP.getCredential();
X509Certificate clientCertificate = null;
if (clientKey == null || clientChain == null) {
throw new IOException("No key and/or cert passed for EAP-TLS");
}
if (credential.getCertType() != Credential.CertType.x509v3) {
throw new IOException("Invalid certificate type for TLS: " + credential.getCertType());
}
byte[] reference = credential.getFingerPrint();
MessageDigest digester = MessageDigest.getInstance("SHA-256");
for (X509Certificate certificate : clientChain) {
digester.reset();
byte[] fingerprint = digester.digest(certificate.getEncoded());
if (Arrays.equals(reference, fingerprint)) {
clientCertificate = certificate;
break;
}
}
if (clientCertificate == null) {
throw new IOException("No certificate in chain matches supplied fingerprint");
}
String alias = Base64.encodeToString(reference, Base64.DEFAULT);
WifiConfiguration config = buildBaseConfiguration(homeSP);
WifiEnterpriseConfig enterpriseConfig = config.enterpriseConfig;
enterpriseConfig.setClientCertificateAlias(alias);
enterpriseConfig.setClientKeyEntry(clientKey, clientCertificate);
return config;
}
Also used :
WifiEnterpriseConfig(android.net.wifi.WifiEnterpriseConfig)
Credential(com.android.hotspot2.pps.Credential)
WifiConfiguration(android.net.wifi.WifiConfiguration)
IOException(java.io.IOException)
MessageDigest(java.security.MessageDigest)
X509Certificate(java.security.cert.X509Certificate)
Example 28 with Credential
use of com.android.hotspot2.pps.Credential in project platform_frameworks_base by android.
the class OSUClient method createHandler.
private HTTPHandler createHandler(Network network, HomeSP homeSP, KeyManager km, int flowType) throws GeneralSecurityException, IOException {
Credential credential = homeSP.getCredential();
Log.d(TAG, "Credential method " + credential.getEAPMethod().getEAPMethodID());
switch(credential.getEAPMethod().getEAPMethodID()) {
case EAP_TTLS:
String user;
byte[] password;
UpdateInfo subscriptionUpdate;
if (flowType == OSUManager.FLOW_POLICY) {
subscriptionUpdate = homeSP.getPolicy() != null ? homeSP.getPolicy().getPolicyUpdate() : null;
} else {
subscriptionUpdate = homeSP.getSubscriptionUpdate();
}
if (subscriptionUpdate != null && subscriptionUpdate.getUsername() != null) {
user = subscriptionUpdate.getUsername();
password = subscriptionUpdate.getPassword() != null ? subscriptionUpdate.getPassword().getBytes(StandardCharsets.UTF_8) : new byte[0];
} else {
user = credential.getUserName();
password = credential.getPassword().getBytes(StandardCharsets.UTF_8);
}
return new HTTPHandler(StandardCharsets.UTF_8, OSUSocketFactory.getSocketFactory(mKeyStore, homeSP, flowType, network, mURL, km, true), user, password);
case EAP_TLS:
return new HTTPHandler(StandardCharsets.UTF_8, OSUSocketFactory.getSocketFactory(mKeyStore, homeSP, flowType, network, mURL, km, true));
default:
throw new IOException("Cannot remediate account with " + credential.getEAPMethod().getEAPMethodID());
}
}
Also used :
Credential(com.android.hotspot2.pps.Credential)
IOException(java.io.IOException)
UpdateInfo(com.android.hotspot2.pps.UpdateInfo)
Example 29 with Credential
use of com.android.hotspot2.pps.Credential in project android_frameworks_base by AOSPA.
the class MOManager method buildHomeSPTree.
private static OMANode buildHomeSPTree(HomeSP homeSP, OMAConstructed root, int instanceID) throws IOException {
OMANode providerSubNode = root.addChild(getInstanceString(instanceID), null, null, null);
// The HomeSP:
OMANode homeSpNode = providerSubNode.addChild(TAG_HomeSP, null, null, null);
if (!homeSP.getSSIDs().isEmpty()) {
OMAConstructed nwkIDNode = (OMAConstructed) homeSpNode.addChild(TAG_NetworkID, null, null, null);
int instance = 0;
for (Map.Entry<String, Long> entry : homeSP.getSSIDs().entrySet()) {
OMAConstructed inode = (OMAConstructed) nwkIDNode.addChild(getInstanceString(instance++), null, null, null);
inode.addChild(TAG_SSID, null, entry.getKey(), null);
if (entry.getValue() != null) {
inode.addChild(TAG_HESSID, null, String.format("%012x", entry.getValue()), null);
}
}
}
homeSpNode.addChild(TAG_FriendlyName, null, homeSP.getFriendlyName(), null);
if (homeSP.getIconURL() != null) {
homeSpNode.addChild(TAG_IconURL, null, homeSP.getIconURL(), null);
}
homeSpNode.addChild(TAG_FQDN, null, homeSP.getFQDN(), null);
if (!homeSP.getMatchAllOIs().isEmpty() || !homeSP.getMatchAnyOIs().isEmpty()) {
OMAConstructed homeOIList = (OMAConstructed) homeSpNode.addChild(TAG_HomeOIList, null, null, null);
int instance = 0;
for (Long oi : homeSP.getMatchAllOIs()) {
OMAConstructed inode = (OMAConstructed) homeOIList.addChild(getInstanceString(instance++), null, null, null);
inode.addChild(TAG_HomeOI, null, String.format("%x", oi), null);
inode.addChild(TAG_HomeOIRequired, null, "TRUE", null);
}
for (Long oi : homeSP.getMatchAnyOIs()) {
OMAConstructed inode = (OMAConstructed) homeOIList.addChild(getInstanceString(instance++), null, null, null);
inode.addChild(TAG_HomeOI, null, String.format("%x", oi), null);
inode.addChild(TAG_HomeOIRequired, null, "FALSE", null);
}
}
if (!homeSP.getOtherHomePartners().isEmpty()) {
OMAConstructed otherPartners = (OMAConstructed) homeSpNode.addChild(TAG_OtherHomePartners, null, null, null);
int instance = 0;
for (String fqdn : homeSP.getOtherHomePartners()) {
OMAConstructed inode = (OMAConstructed) otherPartners.addChild(getInstanceString(instance++), null, null, null);
inode.addChild(TAG_FQDN, null, fqdn, null);
}
}
if (!homeSP.getRoamingConsortiums().isEmpty()) {
homeSpNode.addChild(TAG_RoamingConsortiumOI, null, getRCList(homeSP.getRoamingConsortiums()), null);
}
// The Credential:
OMANode credentialNode = providerSubNode.addChild(TAG_Credential, null, null, null);
Credential cred = homeSP.getCredential();
EAPMethod method = cred.getEAPMethod();
if (cred.getCtime() > 0) {
credentialNode.addChild(TAG_CreationDate, null, DTFormat.format(new Date(cred.getCtime())), null);
}
if (cred.getExpTime() > 0) {
credentialNode.addChild(TAG_ExpirationDate, null, DTFormat.format(new Date(cred.getExpTime())), null);
}
if (method.getEAPMethodID() == EAP.EAPMethodID.EAP_SIM || method.getEAPMethodID() == EAP.EAPMethodID.EAP_AKA || method.getEAPMethodID() == EAP.EAPMethodID.EAP_AKAPrim) {
OMANode simNode = credentialNode.addChild(TAG_SIM, null, null, null);
simNode.addChild(TAG_IMSI, null, cred.getImsi().toString(), null);
simNode.addChild(TAG_EAPType, null, Integer.toString(EAP.mapEAPMethod(method.getEAPMethodID())), null);
} else if (method.getEAPMethodID() == EAP.EAPMethodID.EAP_TTLS) {
OMANode unpNode = credentialNode.addChild(TAG_UsernamePassword, null, null, null);
unpNode.addChild(TAG_Username, null, cred.getUserName(), null);
unpNode.addChild(TAG_Password, null, Base64.encodeToString(cred.getPassword().getBytes(StandardCharsets.UTF_8), Base64.DEFAULT), null);
OMANode eapNode = unpNode.addChild(TAG_EAPMethod, null, null, null);
eapNode.addChild(TAG_EAPType, null, Integer.toString(EAP.mapEAPMethod(method.getEAPMethodID())), null);
eapNode.addChild(TAG_InnerMethod, null, ((NonEAPInnerAuth) method.getAuthParam()).getOMAtype(), null);
} else if (method.getEAPMethodID() == EAP.EAPMethodID.EAP_TLS) {
OMANode certNode = credentialNode.addChild(TAG_DigitalCertificate, null, null, null);
certNode.addChild(TAG_CertificateType, null, Credential.CertTypeX509, null);
certNode.addChild(TAG_CertSHA256Fingerprint, null, Utils.toHex(cred.getFingerPrint()), null);
} else {
throw new OMAException("Invalid credential on " + homeSP.getFQDN());
}
credentialNode.addChild(TAG_Realm, null, cred.getRealm(), null);
//credentialNode.addChild(TAG_CheckAAAServerCertStatus, null, "TRUE", null);
return providerSubNode;
}
Also used :
Credential(com.android.hotspot2.pps.Credential)
HashMap(java.util.HashMap)
Map(java.util.Map)
ExpandedEAPMethod(com.android.anqp.eap.ExpandedEAPMethod)
EAPMethod(com.android.anqp.eap.EAPMethod)
Date(java.util.Date)
NonEAPInnerAuth(com.android.anqp.eap.NonEAPInnerAuth)
Example 30 with Credential
use of com.android.hotspot2.pps.Credential in project android_frameworks_base by AOSPA.
the class OSUClient method createHandler.
private HTTPHandler createHandler(Network network, HomeSP homeSP, KeyManager km, int flowType) throws GeneralSecurityException, IOException {
Credential credential = homeSP.getCredential();
Log.d(TAG, "Credential method " + credential.getEAPMethod().getEAPMethodID());
switch(credential.getEAPMethod().getEAPMethodID()) {
case EAP_TTLS:
String user;
byte[] password;
UpdateInfo subscriptionUpdate;
if (flowType == OSUManager.FLOW_POLICY) {
subscriptionUpdate = homeSP.getPolicy() != null ? homeSP.getPolicy().getPolicyUpdate() : null;
} else {
subscriptionUpdate = homeSP.getSubscriptionUpdate();
}
if (subscriptionUpdate != null && subscriptionUpdate.getUsername() != null) {
user = subscriptionUpdate.getUsername();
password = subscriptionUpdate.getPassword() != null ? subscriptionUpdate.getPassword().getBytes(StandardCharsets.UTF_8) : new byte[0];
} else {
user = credential.getUserName();
password = credential.getPassword().getBytes(StandardCharsets.UTF_8);
}
return new HTTPHandler(StandardCharsets.UTF_8, OSUSocketFactory.getSocketFactory(mKeyStore, homeSP, flowType, network, mURL, km, true), user, password);
case EAP_TLS:
return new HTTPHandler(StandardCharsets.UTF_8, OSUSocketFactory.getSocketFactory(mKeyStore, homeSP, flowType, network, mURL, km, true));
default:
throw new IOException("Cannot remediate account with " + credential.getEAPMethod().getEAPMethodID());
}
}
Also used :
Credential(com.android.hotspot2.pps.Credential)
IOException(java.io.IOException)
UpdateInfo(com.android.hotspot2.pps.UpdateInfo)
Aggregations
Credential (com.android.hotspot2.pps.Credential)40
IOException (java.io.IOException)30
WifiConfiguration (android.net.wifi.WifiConfiguration)20
WifiEnterpriseConfig (android.net.wifi.WifiEnterpriseConfig)15
EAPMethod (com.android.anqp.eap.EAPMethod)15
NonEAPInnerAuth (com.android.anqp.eap.NonEAPInnerAuth)15
HashMap (java.util.HashMap)11
EAP (com.android.anqp.eap.EAP)10
ExpandedEAPMethod (com.android.anqp.eap.ExpandedEAPMethod)10
IMSIParameter (com.android.hotspot2.IMSIParameter)10
HomeSP (com.android.hotspot2.pps.HomeSP)10
UpdateInfo (com.android.hotspot2.pps.UpdateInfo)10
ArrayList (java.util.ArrayList)6
AuthParam (com.android.anqp.eap.AuthParam)5
InnerAuthEAP (com.android.anqp.eap.InnerAuthEAP)5
MOData (com.android.hotspot2.osu.commands.MOData)5
Policy (com.android.hotspot2.pps.Policy)5
SubscriptionParameters (com.android.hotspot2.pps.SubscriptionParameters)5
BufferedInputStream (java.io.BufferedInputStream)5
FileInputStream (java.io.FileInputStream)5
