Example 36 with Credential
use of com.android.hotspot2.pps.Credential in project android_frameworks_base by ResurrectionRemix.
the class OSUClient method createHandler.
private HTTPHandler createHandler(Network network, HomeSP homeSP, KeyManager km, int flowType) throws GeneralSecurityException, IOException {
Credential credential = homeSP.getCredential();
Log.d(TAG, "Credential method " + credential.getEAPMethod().getEAPMethodID());
switch(credential.getEAPMethod().getEAPMethodID()) {
case EAP_TTLS:
String user;
byte[] password;
UpdateInfo subscriptionUpdate;
if (flowType == OSUManager.FLOW_POLICY) {
subscriptionUpdate = homeSP.getPolicy() != null ? homeSP.getPolicy().getPolicyUpdate() : null;
} else {
subscriptionUpdate = homeSP.getSubscriptionUpdate();
}
if (subscriptionUpdate != null && subscriptionUpdate.getUsername() != null) {
user = subscriptionUpdate.getUsername();
password = subscriptionUpdate.getPassword() != null ? subscriptionUpdate.getPassword().getBytes(StandardCharsets.UTF_8) : new byte[0];
} else {
user = credential.getUserName();
password = credential.getPassword().getBytes(StandardCharsets.UTF_8);
}
return new HTTPHandler(StandardCharsets.UTF_8, OSUSocketFactory.getSocketFactory(mKeyStore, homeSP, flowType, network, mURL, km, true), user, password);
case EAP_TLS:
return new HTTPHandler(StandardCharsets.UTF_8, OSUSocketFactory.getSocketFactory(mKeyStore, homeSP, flowType, network, mURL, km, true));
default:
throw new IOException("Cannot remediate account with " + credential.getEAPMethod().getEAPMethodID());
}
}
Also used :
Credential(com.android.hotspot2.pps.Credential)
IOException(java.io.IOException)
UpdateInfo(com.android.hotspot2.pps.UpdateInfo)
Example 37 with Credential
use of com.android.hotspot2.pps.Credential in project android_frameworks_base by ResurrectionRemix.
the class MOManager method buildCredential.
private static Credential buildCredential(OMANode credNode) throws OMAException {
long ctime = getTime(credNode.getChild(TAG_CreationDate));
long expTime = getTime(credNode.getChild(TAG_ExpirationDate));
String realm = getString(credNode.getChild(TAG_Realm));
boolean checkAAACert = getBoolean(credNode.getChild(TAG_CheckAAAServerCertStatus));
OMANode unNode = credNode.getChild(TAG_UsernamePassword);
OMANode certNode = credNode.getChild(TAG_DigitalCertificate);
OMANode simNode = credNode.getChild(TAG_SIM);
int alternatives = 0;
alternatives += unNode != null ? 1 : 0;
alternatives += certNode != null ? 1 : 0;
alternatives += simNode != null ? 1 : 0;
if (alternatives != 1) {
throw new OMAException("Expected exactly one credential type, got " + alternatives);
}
if (unNode != null) {
String userName = getString(unNode.getChild(TAG_Username));
String password = getString(unNode.getChild(TAG_Password));
boolean machineManaged = getBoolean(unNode.getChild(TAG_MachineManaged));
String softTokenApp = getString(unNode.getChild(TAG_SoftTokenApp));
boolean ableToShare = getBoolean(unNode.getChild(TAG_AbleToShare));
OMANode eapMethodNode = unNode.getChild(TAG_EAPMethod);
int eapID = getInteger(eapMethodNode.getChild(TAG_EAPType));
EAP.EAPMethodID eapMethodID = EAP.mapEAPMethod(eapID);
if (eapMethodID == null) {
throw new OMAException("Unknown EAP method: " + eapID);
}
Long vid = getOptionalInteger(eapMethodNode.getChild(TAG_VendorId));
Long vtype = getOptionalInteger(eapMethodNode.getChild(TAG_VendorType));
Long innerEAPType = getOptionalInteger(eapMethodNode.getChild(TAG_InnerEAPType));
EAP.EAPMethodID innerEAPMethod = null;
if (innerEAPType != null) {
innerEAPMethod = EAP.mapEAPMethod(innerEAPType.intValue());
if (innerEAPMethod == null) {
throw new OMAException("Bad inner EAP method: " + innerEAPType);
}
}
Long innerVid = getOptionalInteger(eapMethodNode.getChild(TAG_InnerVendorID));
Long innerVtype = getOptionalInteger(eapMethodNode.getChild(TAG_InnerVendorType));
String innerNonEAPMethod = getString(eapMethodNode.getChild(TAG_InnerMethod));
EAPMethod eapMethod;
if (innerEAPMethod != null) {
eapMethod = new EAPMethod(eapMethodID, new InnerAuthEAP(innerEAPMethod));
} else if (vid != null) {
eapMethod = new EAPMethod(eapMethodID, new ExpandedEAPMethod(EAP.AuthInfoID.ExpandedEAPMethod, vid.intValue(), vtype));
} else if (innerVid != null) {
eapMethod = new EAPMethod(eapMethodID, new ExpandedEAPMethod(EAP.AuthInfoID.ExpandedInnerEAPMethod, innerVid.intValue(), innerVtype));
} else if (innerNonEAPMethod != null) {
eapMethod = new EAPMethod(eapMethodID, new NonEAPInnerAuth(innerNonEAPMethod));
} else {
throw new OMAException("Incomplete set of EAP parameters");
}
return new Credential(ctime, expTime, realm, checkAAACert, eapMethod, userName, password, machineManaged, softTokenApp, ableToShare);
}
if (certNode != null) {
try {
String certTypeString = getString(certNode.getChild(TAG_CertificateType));
byte[] fingerPrint = getOctets(certNode.getChild(TAG_CertSHA256Fingerprint));
EAPMethod eapMethod = new EAPMethod(EAP.EAPMethodID.EAP_TLS, null);
return new Credential(ctime, expTime, realm, checkAAACert, eapMethod, Credential.mapCertType(certTypeString), fingerPrint);
} catch (NumberFormatException nfe) {
throw new OMAException("Bad hex string: " + nfe.toString());
}
}
if (simNode != null) {
try {
IMSIParameter imsi = new IMSIParameter(getString(simNode.getChild(TAG_IMSI)));
EAPMethod eapMethod = new EAPMethod(EAP.mapEAPMethod(getInteger(simNode.getChild(TAG_EAPType))), null);
return new Credential(ctime, expTime, realm, checkAAACert, eapMethod, imsi);
} catch (IOException ioe) {
throw new OMAException("Failed to parse IMSI: " + ioe);
}
}
throw new OMAException("Missing credential parameters");
}
Also used :
Credential(com.android.hotspot2.pps.Credential)
InnerAuthEAP(com.android.anqp.eap.InnerAuthEAP)
IOException(java.io.IOException)
ExpandedEAPMethod(com.android.anqp.eap.ExpandedEAPMethod)
EAPMethod(com.android.anqp.eap.EAPMethod)
ExpandedEAPMethod(com.android.anqp.eap.ExpandedEAPMethod)
InnerAuthEAP(com.android.anqp.eap.InnerAuthEAP)
EAP(com.android.anqp.eap.EAP)
IMSIParameter(com.android.hotspot2.IMSIParameter)
NonEAPInnerAuth(com.android.anqp.eap.NonEAPInnerAuth)
Example 38 with Credential
use of com.android.hotspot2.pps.Credential in project android_frameworks_base by ResurrectionRemix.
the class MOManager method buildHomeSP.
private static HomeSP buildHomeSP(OMANode ppsRoot, int updateIdentifier) throws OMAException {
OMANode spRoot = ppsRoot.getChild(TAG_HomeSP);
String fqdn = spRoot.getScalarValue(Arrays.asList(TAG_FQDN).iterator());
String friendlyName = spRoot.getScalarValue(Arrays.asList(TAG_FriendlyName).iterator());
String iconURL = spRoot.getScalarValue(Arrays.asList(TAG_IconURL).iterator());
HashSet<Long> roamingConsortiums = new HashSet<>();
String oiString = spRoot.getScalarValue(Arrays.asList(TAG_RoamingConsortiumOI).iterator());
if (oiString != null) {
for (String oi : oiString.split(",")) {
roamingConsortiums.add(Long.parseLong(oi.trim(), 16));
}
}
Map<String, Long> ssids = new HashMap<>();
OMANode ssidListNode = spRoot.getListValue(Arrays.asList(TAG_NetworkID).iterator());
if (ssidListNode != null) {
for (OMANode ssidRoot : ssidListNode.getChildren()) {
OMANode hessidNode = ssidRoot.getChild(TAG_HESSID);
ssids.put(ssidRoot.getChild(TAG_SSID).getValue(), getMac(hessidNode));
}
}
Set<Long> matchAnyOIs = new HashSet<>();
List<Long> matchAllOIs = new ArrayList<>();
OMANode homeOIListNode = spRoot.getListValue(Arrays.asList(TAG_HomeOIList).iterator());
if (homeOIListNode != null) {
for (OMANode homeOIRoot : homeOIListNode.getChildren()) {
String homeOI = homeOIRoot.getChild(TAG_HomeOI).getValue();
if (Boolean.parseBoolean(homeOIRoot.getChild(TAG_HomeOIRequired).getValue())) {
matchAllOIs.add(Long.parseLong(homeOI, 16));
} else {
matchAnyOIs.add(Long.parseLong(homeOI, 16));
}
}
}
Set<String> otherHomePartners = new HashSet<>();
OMANode otherListNode = spRoot.getListValue(Arrays.asList(TAG_OtherHomePartners).iterator());
if (otherListNode != null) {
for (OMANode fqdnNode : otherListNode.getChildren()) {
otherHomePartners.add(fqdnNode.getChild(TAG_FQDN).getValue());
}
}
Credential credential = buildCredential(ppsRoot.getChild(TAG_Credential));
OMANode policyNode = ppsRoot.getChild(TAG_Policy);
Policy policy = policyNode != null ? new Policy(policyNode) : null;
Map<String, String> aaaTrustRoots;
OMANode aaaRootNode = ppsRoot.getChild(TAG_AAAServerTrustRoot);
if (aaaRootNode == null) {
aaaTrustRoots = null;
} else {
aaaTrustRoots = new HashMap<>(aaaRootNode.getChildren().size());
for (OMANode child : aaaRootNode.getChildren()) {
aaaTrustRoots.put(getString(child, TAG_CertURL), getString(child, TAG_CertSHA256Fingerprint));
}
}
OMANode updateNode = ppsRoot.getChild(TAG_SubscriptionUpdate);
UpdateInfo subscriptionUpdate = updateNode != null ? new UpdateInfo(updateNode) : null;
OMANode subNode = ppsRoot.getChild(TAG_SubscriptionParameters);
SubscriptionParameters subscriptionParameters = subNode != null ? new SubscriptionParameters(subNode) : null;
return new HomeSP(ssids, fqdn, roamingConsortiums, otherHomePartners, matchAnyOIs, matchAllOIs, friendlyName, iconURL, credential, policy, getInteger(ppsRoot.getChild(TAG_CredentialPriority), 0), aaaTrustRoots, subscriptionUpdate, subscriptionParameters, updateIdentifier);
}
Also used :
Policy(com.android.hotspot2.pps.Policy)
Credential(com.android.hotspot2.pps.Credential)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
HomeSP(com.android.hotspot2.pps.HomeSP)
SubscriptionParameters(com.android.hotspot2.pps.SubscriptionParameters)
UpdateInfo(com.android.hotspot2.pps.UpdateInfo)
HashSet(java.util.HashSet)
Example 39 with Credential
use of com.android.hotspot2.pps.Credential in project android_frameworks_base by ResurrectionRemix.
the class MOManager method modifySP.
public HomeSP modifySP(HomeSP homeSP, Collection<MOData> mods, OSUManager osuManager) throws IOException {
Log.d(OSUManager.TAG, "modifying SP: " + mods);
MOTree moTree;
int ppsMods = 0;
int updateIdentifier = 0;
try (BufferedInputStream in = new BufferedInputStream(new FileInputStream(mPpsFile))) {
moTree = MOTree.unmarshal(in);
// moTree is PPS/?/provider-data
OMAConstructed targetTree = findTargetTree(moTree, homeSP.getFQDN());
if (targetTree == null) {
throw new IOException("Failed to find PPS tree for " + homeSP.getFQDN());
}
OMAConstructed instance = getInstanceNode(targetTree);
for (MOData mod : mods) {
LinkedList<String> tailPath = getTailPath(mod.getBaseURI(), TAG_PerProviderSubscription);
OMAConstructed modRoot = mod.getMOTree().getRoot();
if (tailPath.getFirst().equals(TAG_UpdateIdentifier)) {
updateIdentifier = getInteger(modRoot.getChildren().iterator().next());
OMANode oldUdi = targetTree.getChild(TAG_UpdateIdentifier);
if (getInteger(oldUdi) != updateIdentifier) {
ppsMods++;
}
if (oldUdi != null) {
targetTree.replaceNode(oldUdi, modRoot.getChild(TAG_UpdateIdentifier));
} else {
targetTree.addChild(modRoot.getChild(TAG_UpdateIdentifier));
}
} else {
// Drop the instance
tailPath.removeFirst();
OMANode current = instance.getListValue(tailPath.iterator());
if (current == null) {
throw new IOException("No previous node for " + tailPath + " in " + homeSP.getFQDN());
}
for (OMANode newNode : modRoot.getChildren()) {
// newNode is something like Credential
// current is the same existing node
OMANode old = current.getParent().replaceNode(current, newNode);
ppsMods++;
}
}
}
}
writeMO(moTree, mPpsFile, osuManager);
if (ppsMods == 0) {
// HomeSP not modified.
return null;
}
// Return a new rebuilt HomeSP
List<HomeSP> sps = buildSPs(moTree);
if (sps != null) {
for (HomeSP sp : sps) {
if (sp.getFQDN().equals(homeSP.getFQDN())) {
return sp;
}
}
} else {
throw new OMAException("Failed to build HomeSP");
}
return null;
}
Also used :
IOException(java.io.IOException)
FileInputStream(java.io.FileInputStream)
HomeSP(com.android.hotspot2.pps.HomeSP)
MOData(com.android.hotspot2.osu.commands.MOData)
BufferedInputStream(java.io.BufferedInputStream)
Example 40 with Credential
use of com.android.hotspot2.pps.Credential in project android_frameworks_base by ResurrectionRemix.
the class ConfigBuilder method buildTLSConfig.
private static WifiConfiguration buildTLSConfig(HomeSP homeSP, List<X509Certificate> clientChain, PrivateKey clientKey) throws IOException, GeneralSecurityException {
Credential credential = homeSP.getCredential();
X509Certificate clientCertificate = null;
if (clientKey == null || clientChain == null) {
throw new IOException("No key and/or cert passed for EAP-TLS");
}
if (credential.getCertType() != Credential.CertType.x509v3) {
throw new IOException("Invalid certificate type for TLS: " + credential.getCertType());
}
byte[] reference = credential.getFingerPrint();
MessageDigest digester = MessageDigest.getInstance("SHA-256");
for (X509Certificate certificate : clientChain) {
digester.reset();
byte[] fingerprint = digester.digest(certificate.getEncoded());
if (Arrays.equals(reference, fingerprint)) {
clientCertificate = certificate;
break;
}
}
if (clientCertificate == null) {
throw new IOException("No certificate in chain matches supplied fingerprint");
}
String alias = Base64.encodeToString(reference, Base64.DEFAULT);
WifiConfiguration config = buildBaseConfiguration(homeSP);
WifiEnterpriseConfig enterpriseConfig = config.enterpriseConfig;
enterpriseConfig.setClientCertificateAlias(alias);
enterpriseConfig.setClientKeyEntry(clientKey, clientCertificate);
return config;
}
Also used :
WifiEnterpriseConfig(android.net.wifi.WifiEnterpriseConfig)
Credential(com.android.hotspot2.pps.Credential)
WifiConfiguration(android.net.wifi.WifiConfiguration)
IOException(java.io.IOException)
MessageDigest(java.security.MessageDigest)
X509Certificate(java.security.cert.X509Certificate)
Aggregations
Credential (com.android.hotspot2.pps.Credential)40
IOException (java.io.IOException)30
WifiConfiguration (android.net.wifi.WifiConfiguration)20
WifiEnterpriseConfig (android.net.wifi.WifiEnterpriseConfig)15
EAPMethod (com.android.anqp.eap.EAPMethod)15
NonEAPInnerAuth (com.android.anqp.eap.NonEAPInnerAuth)15
HashMap (java.util.HashMap)11
EAP (com.android.anqp.eap.EAP)10
ExpandedEAPMethod (com.android.anqp.eap.ExpandedEAPMethod)10
IMSIParameter (com.android.hotspot2.IMSIParameter)10
HomeSP (com.android.hotspot2.pps.HomeSP)10
UpdateInfo (com.android.hotspot2.pps.UpdateInfo)10
ArrayList (java.util.ArrayList)6
AuthParam (com.android.anqp.eap.AuthParam)5
InnerAuthEAP (com.android.anqp.eap.InnerAuthEAP)5
MOData (com.android.hotspot2.osu.commands.MOData)5
Policy (com.android.hotspot2.pps.Policy)5
SubscriptionParameters (com.android.hotspot2.pps.SubscriptionParameters)5
BufferedInputStream (java.io.BufferedInputStream)5
FileInputStream (java.io.FileInputStream)5
