Examples with Credential com.android.hotspot2.pps.Credential used on opensource projects

Example 31 with Credential

use of com.android.hotspot2.pps.Credential in project android_frameworks_base by AOSPA.

the class MOManager method buildHomeSPTree.

private static OMANode buildHomeSPTree(HomeSP homeSP, OMAConstructed root, int instanceID) throws IOException {
    OMANode providerSubNode = root.addChild(getInstanceString(instanceID), null, null, null);
    // The HomeSP:
    OMANode homeSpNode = providerSubNode.addChild(TAG_HomeSP, null, null, null);
    if (!homeSP.getSSIDs().isEmpty()) {
        OMAConstructed nwkIDNode = (OMAConstructed) homeSpNode.addChild(TAG_NetworkID, null, null, null);
        int instance = 0;
        for (Map.Entry<String, Long> entry : homeSP.getSSIDs().entrySet()) {
            OMAConstructed inode = (OMAConstructed) nwkIDNode.addChild(getInstanceString(instance++), null, null, null);
            inode.addChild(TAG_SSID, null, entry.getKey(), null);
            if (entry.getValue() != null) {
                inode.addChild(TAG_HESSID, null, String.format("%012x", entry.getValue()), null);
            }
        }
    }
    homeSpNode.addChild(TAG_FriendlyName, null, homeSP.getFriendlyName(), null);
    if (homeSP.getIconURL() != null) {
        homeSpNode.addChild(TAG_IconURL, null, homeSP.getIconURL(), null);
    }
    homeSpNode.addChild(TAG_FQDN, null, homeSP.getFQDN(), null);
    if (!homeSP.getMatchAllOIs().isEmpty() || !homeSP.getMatchAnyOIs().isEmpty()) {
        OMAConstructed homeOIList = (OMAConstructed) homeSpNode.addChild(TAG_HomeOIList, null, null, null);
        int instance = 0;
        for (Long oi : homeSP.getMatchAllOIs()) {
            OMAConstructed inode = (OMAConstructed) homeOIList.addChild(getInstanceString(instance++), null, null, null);
            inode.addChild(TAG_HomeOI, null, String.format("%x", oi), null);
            inode.addChild(TAG_HomeOIRequired, null, "TRUE", null);
        }
        for (Long oi : homeSP.getMatchAnyOIs()) {
            OMAConstructed inode = (OMAConstructed) homeOIList.addChild(getInstanceString(instance++), null, null, null);
            inode.addChild(TAG_HomeOI, null, String.format("%x", oi), null);
            inode.addChild(TAG_HomeOIRequired, null, "FALSE", null);
        }
    }
    if (!homeSP.getOtherHomePartners().isEmpty()) {
        OMAConstructed otherPartners = (OMAConstructed) homeSpNode.addChild(TAG_OtherHomePartners, null, null, null);
        int instance = 0;
        for (String fqdn : homeSP.getOtherHomePartners()) {
            OMAConstructed inode = (OMAConstructed) otherPartners.addChild(getInstanceString(instance++), null, null, null);
            inode.addChild(TAG_FQDN, null, fqdn, null);
        }
    }
    if (!homeSP.getRoamingConsortiums().isEmpty()) {
        homeSpNode.addChild(TAG_RoamingConsortiumOI, null, getRCList(homeSP.getRoamingConsortiums()), null);
    }
    // The Credential:
    OMANode credentialNode = providerSubNode.addChild(TAG_Credential, null, null, null);
    Credential cred = homeSP.getCredential();
    EAPMethod method = cred.getEAPMethod();
    if (cred.getCtime() > 0) {
        credentialNode.addChild(TAG_CreationDate, null, DTFormat.format(new Date(cred.getCtime())), null);
    }
    if (cred.getExpTime() > 0) {
        credentialNode.addChild(TAG_ExpirationDate, null, DTFormat.format(new Date(cred.getExpTime())), null);
    }
    if (method.getEAPMethodID() == EAP.EAPMethodID.EAP_SIM || method.getEAPMethodID() == EAP.EAPMethodID.EAP_AKA || method.getEAPMethodID() == EAP.EAPMethodID.EAP_AKAPrim) {
        OMANode simNode = credentialNode.addChild(TAG_SIM, null, null, null);
        simNode.addChild(TAG_IMSI, null, cred.getImsi().toString(), null);
        simNode.addChild(TAG_EAPType, null, Integer.toString(EAP.mapEAPMethod(method.getEAPMethodID())), null);
    } else if (method.getEAPMethodID() == EAP.EAPMethodID.EAP_TTLS) {
        OMANode unpNode = credentialNode.addChild(TAG_UsernamePassword, null, null, null);
        unpNode.addChild(TAG_Username, null, cred.getUserName(), null);
        unpNode.addChild(TAG_Password, null, Base64.encodeToString(cred.getPassword().getBytes(StandardCharsets.UTF_8), Base64.DEFAULT), null);
        OMANode eapNode = unpNode.addChild(TAG_EAPMethod, null, null, null);
        eapNode.addChild(TAG_EAPType, null, Integer.toString(EAP.mapEAPMethod(method.getEAPMethodID())), null);
        eapNode.addChild(TAG_InnerMethod, null, ((NonEAPInnerAuth) method.getAuthParam()).getOMAtype(), null);
    } else if (method.getEAPMethodID() == EAP.EAPMethodID.EAP_TLS) {
        OMANode certNode = credentialNode.addChild(TAG_DigitalCertificate, null, null, null);
        certNode.addChild(TAG_CertificateType, null, Credential.CertTypeX509, null);
        certNode.addChild(TAG_CertSHA256Fingerprint, null, Utils.toHex(cred.getFingerPrint()), null);
    } else {
        throw new OMAException("Invalid credential on " + homeSP.getFQDN());
    }
    credentialNode.addChild(TAG_Realm, null, cred.getRealm(), null);
    //credentialNode.addChild(TAG_CheckAAAServerCertStatus, null, "TRUE", null);
    return providerSubNode;
}

Example 32 with Credential

use of com.android.hotspot2.pps.Credential in project android_frameworks_base by AOSPA.

the class OSUClient method createHandler.

private HTTPHandler createHandler(Network network, HomeSP homeSP, KeyManager km, int flowType) throws GeneralSecurityException, IOException {
    Credential credential = homeSP.getCredential();
    Log.d(TAG, "Credential method " + credential.getEAPMethod().getEAPMethodID());
    switch(credential.getEAPMethod().getEAPMethodID()) {
        case EAP_TTLS:
            String user;
            byte[] password;
            UpdateInfo subscriptionUpdate;
            if (flowType == OSUManager.FLOW_POLICY) {
                subscriptionUpdate = homeSP.getPolicy() != null ? homeSP.getPolicy().getPolicyUpdate() : null;
            } else {
                subscriptionUpdate = homeSP.getSubscriptionUpdate();
            }
            if (subscriptionUpdate != null && subscriptionUpdate.getUsername() != null) {
                user = subscriptionUpdate.getUsername();
                password = subscriptionUpdate.getPassword() != null ? subscriptionUpdate.getPassword().getBytes(StandardCharsets.UTF_8) : new byte[0];
            } else {
                user = credential.getUserName();
                password = credential.getPassword().getBytes(StandardCharsets.UTF_8);
            }
            return new HTTPHandler(StandardCharsets.UTF_8, OSUSocketFactory.getSocketFactory(mKeyStore, homeSP, flowType, network, mURL, km, true), user, password);
        case EAP_TLS:
            return new HTTPHandler(StandardCharsets.UTF_8, OSUSocketFactory.getSocketFactory(mKeyStore, homeSP, flowType, network, mURL, km, true));
        default:
            throw new IOException("Cannot remediate account with " + credential.getEAPMethod().getEAPMethodID());
    }
}

Example 33 with Credential

use of com.android.hotspot2.pps.Credential in project android_frameworks_base by AOSPA.

the class MOManager method buildHomeSP.

private static HomeSP buildHomeSP(OMANode ppsRoot, int updateIdentifier) throws OMAException {
    OMANode spRoot = ppsRoot.getChild(TAG_HomeSP);
    String fqdn = spRoot.getScalarValue(Arrays.asList(TAG_FQDN).iterator());
    String friendlyName = spRoot.getScalarValue(Arrays.asList(TAG_FriendlyName).iterator());
    String iconURL = spRoot.getScalarValue(Arrays.asList(TAG_IconURL).iterator());
    HashSet<Long> roamingConsortiums = new HashSet<>();
    String oiString = spRoot.getScalarValue(Arrays.asList(TAG_RoamingConsortiumOI).iterator());
    if (oiString != null) {
        for (String oi : oiString.split(",")) {
            roamingConsortiums.add(Long.parseLong(oi.trim(), 16));
        }
    }
    Map<String, Long> ssids = new HashMap<>();
    OMANode ssidListNode = spRoot.getListValue(Arrays.asList(TAG_NetworkID).iterator());
    if (ssidListNode != null) {
        for (OMANode ssidRoot : ssidListNode.getChildren()) {
            OMANode hessidNode = ssidRoot.getChild(TAG_HESSID);
            ssids.put(ssidRoot.getChild(TAG_SSID).getValue(), getMac(hessidNode));
        }
    }
    Set<Long> matchAnyOIs = new HashSet<>();
    List<Long> matchAllOIs = new ArrayList<>();
    OMANode homeOIListNode = spRoot.getListValue(Arrays.asList(TAG_HomeOIList).iterator());
    if (homeOIListNode != null) {
        for (OMANode homeOIRoot : homeOIListNode.getChildren()) {
            String homeOI = homeOIRoot.getChild(TAG_HomeOI).getValue();
            if (Boolean.parseBoolean(homeOIRoot.getChild(TAG_HomeOIRequired).getValue())) {
                matchAllOIs.add(Long.parseLong(homeOI, 16));
            } else {
                matchAnyOIs.add(Long.parseLong(homeOI, 16));
            }
        }
    }
    Set<String> otherHomePartners = new HashSet<>();
    OMANode otherListNode = spRoot.getListValue(Arrays.asList(TAG_OtherHomePartners).iterator());
    if (otherListNode != null) {
        for (OMANode fqdnNode : otherListNode.getChildren()) {
            otherHomePartners.add(fqdnNode.getChild(TAG_FQDN).getValue());
        }
    }
    Credential credential = buildCredential(ppsRoot.getChild(TAG_Credential));
    OMANode policyNode = ppsRoot.getChild(TAG_Policy);
    Policy policy = policyNode != null ? new Policy(policyNode) : null;
    Map<String, String> aaaTrustRoots;
    OMANode aaaRootNode = ppsRoot.getChild(TAG_AAAServerTrustRoot);
    if (aaaRootNode == null) {
        aaaTrustRoots = null;
    } else {
        aaaTrustRoots = new HashMap<>(aaaRootNode.getChildren().size());
        for (OMANode child : aaaRootNode.getChildren()) {
            aaaTrustRoots.put(getString(child, TAG_CertURL), getString(child, TAG_CertSHA256Fingerprint));
        }
    }
    OMANode updateNode = ppsRoot.getChild(TAG_SubscriptionUpdate);
    UpdateInfo subscriptionUpdate = updateNode != null ? new UpdateInfo(updateNode) : null;
    OMANode subNode = ppsRoot.getChild(TAG_SubscriptionParameters);
    SubscriptionParameters subscriptionParameters = subNode != null ? new SubscriptionParameters(subNode) : null;
    return new HomeSP(ssids, fqdn, roamingConsortiums, otherHomePartners, matchAnyOIs, matchAllOIs, friendlyName, iconURL, credential, policy, getInteger(ppsRoot.getChild(TAG_CredentialPriority), 0), aaaTrustRoots, subscriptionUpdate, subscriptionParameters, updateIdentifier);
}

Example 34 with Credential

use of com.android.hotspot2.pps.Credential in project android_frameworks_base by AOSPA.

the class ConfigBuilder method buildTTLSConfig.

// Retain for debugging purposes
/*
    private static void xIterateCerts(KeyStore ks, X509Certificate caCert)
            throws GeneralSecurityException {
        Enumeration<String> aliases = ks.aliases();
        while (aliases.hasMoreElements()) {
            String alias = aliases.nextElement();
            Certificate cert = ks.getCertificate(alias);
            Log.d("HS2J", "Checking " + alias);
            if (cert instanceof X509Certificate) {
                X509Certificate x509Certificate = (X509Certificate) cert;
                boolean sm = x509Certificate.getSubjectX500Principal().equals(
                        caCert.getSubjectX500Principal());
                boolean eq = false;
                if (sm) {
                    eq = Arrays.equals(x509Certificate.getEncoded(), caCert.getEncoded());
                }
                Log.d("HS2J", "Subject: " + x509Certificate.getSubjectX500Principal() +
                        ": " + sm + "/" + eq);
            }
        }
    }
    */
private static WifiConfiguration buildTTLSConfig(HomeSP homeSP) throws IOException {
    Credential credential = homeSP.getCredential();
    if (credential.getUserName() == null || credential.getPassword() == null) {
        throw new IOException("EAP-TTLS provisioned without user name or password");
    }
    EAPMethod eapMethod = credential.getEAPMethod();
    AuthParam authParam = eapMethod.getAuthParam();
    if (authParam == null || authParam.getAuthInfoID() != EAP.AuthInfoID.NonEAPInnerAuthType) {
        throw new IOException("Bad auth parameter for EAP-TTLS: " + authParam);
    }
    WifiConfiguration config = buildBaseConfiguration(homeSP);
    NonEAPInnerAuth ttlsParam = (NonEAPInnerAuth) authParam;
    WifiEnterpriseConfig enterpriseConfig = config.enterpriseConfig;
    enterpriseConfig.setPhase2Method(remapInnerMethod(ttlsParam.getType()));
    enterpriseConfig.setIdentity(credential.getUserName());
    enterpriseConfig.setPassword(credential.getPassword());
    return config;
}

Example 35 with Credential

use of com.android.hotspot2.pps.Credential in project android_frameworks_base by AOSPA.

the class ConfigBuilder method buildTLSConfig.

private static WifiConfiguration buildTLSConfig(HomeSP homeSP, List<X509Certificate> clientChain, PrivateKey clientKey) throws IOException, GeneralSecurityException {
    Credential credential = homeSP.getCredential();
    X509Certificate clientCertificate = null;
    if (clientKey == null || clientChain == null) {
        throw new IOException("No key and/or cert passed for EAP-TLS");
    }
    if (credential.getCertType() != Credential.CertType.x509v3) {
        throw new IOException("Invalid certificate type for TLS: " + credential.getCertType());
    }
    byte[] reference = credential.getFingerPrint();
    MessageDigest digester = MessageDigest.getInstance("SHA-256");
    for (X509Certificate certificate : clientChain) {
        digester.reset();
        byte[] fingerprint = digester.digest(certificate.getEncoded());
        if (Arrays.equals(reference, fingerprint)) {
            clientCertificate = certificate;
            break;
        }
    }
    if (clientCertificate == null) {
        throw new IOException("No certificate in chain matches supplied fingerprint");
    }
    String alias = Base64.encodeToString(reference, Base64.DEFAULT);
    WifiConfiguration config = buildBaseConfiguration(homeSP);
    WifiEnterpriseConfig enterpriseConfig = config.enterpriseConfig;
    enterpriseConfig.setClientCertificateAlias(alias);
    enterpriseConfig.setClientKeyEntry(clientKey, clientCertificate);
    return config;
}