Search in sources :

Example 46 with HomeSP

use of com.android.hotspot2.pps.HomeSP in project platform_frameworks_base by android.

the class MOManager method addSP.

public HomeSP addSP(MOTree instanceTree, OSUManager osuManager) throws IOException {
    List<HomeSP> spList = buildSPs(instanceTree);
    if (spList.size() != 1) {
        throw new OMAException("Expected exactly one HomeSP, got " + spList.size());
    }
    HomeSP sp = spList.iterator().next();
    String fqdn = sp.getFQDN();
    if (mSPs.put(fqdn, sp) != null) {
        throw new OMAException("SP " + fqdn + " already exists");
    }
    OMAConstructed pps = (OMAConstructed) instanceTree.getRoot().getChild(TAG_PerProviderSubscription);
    try {
        addSP(pps, osuManager);
    } catch (FileNotFoundException fnfe) {
        MOTree tree = new MOTree(instanceTree.getUrn(), instanceTree.getDtdRev(), instanceTree.getRoot());
        writeMO(tree, mPpsFile, osuManager);
    }
    return sp;
}
Also used : HomeSP(com.android.hotspot2.pps.HomeSP) FileNotFoundException(java.io.FileNotFoundException)

Example 47 with HomeSP

use of com.android.hotspot2.pps.HomeSP in project platform_frameworks_base by android.

the class ConfigBuilder method buildConfig.

public static WifiConfiguration buildConfig(HomeSP homeSP, X509Certificate caCert, List<X509Certificate> clientChain, PrivateKey key) throws IOException, GeneralSecurityException {
    Credential credential = homeSP.getCredential();
    WifiConfiguration config;
    EAP.EAPMethodID eapMethodID = credential.getEAPMethod().getEAPMethodID();
    switch(eapMethodID) {
        case EAP_TTLS:
            if (key != null || clientChain != null) {
                Log.w(TAG, "Client cert and/or key included with EAP-TTLS profile");
            }
            config = buildTTLSConfig(homeSP);
            break;
        case EAP_TLS:
            config = buildTLSConfig(homeSP, clientChain, key);
            break;
        case EAP_AKA:
        case EAP_AKAPrim:
        case EAP_SIM:
            if (key != null || clientChain != null || caCert != null) {
                Log.i(TAG, "Client/CA cert and/or key included with " + eapMethodID + " profile");
            }
            config = buildSIMConfig(homeSP);
            break;
        default:
            throw new IOException("Unsupported EAP Method: " + eapMethodID);
    }
    WifiEnterpriseConfig enterpriseConfig = config.enterpriseConfig;
    enterpriseConfig.setCaCertificate(caCert);
    enterpriseConfig.setAnonymousIdentity("anonymous@" + credential.getRealm());
    return config;
}
Also used : WifiEnterpriseConfig(android.net.wifi.WifiEnterpriseConfig) Credential(com.android.hotspot2.pps.Credential) WifiConfiguration(android.net.wifi.WifiConfiguration) EAP(com.android.anqp.eap.EAP) IOException(java.io.IOException)

Example 48 with HomeSP

use of com.android.hotspot2.pps.HomeSP in project platform_frameworks_base by android.

the class ConfigBuilder method buildSIMConfig.

private static WifiConfiguration buildSIMConfig(HomeSP homeSP) throws IOException {
    Credential credential = homeSP.getCredential();
    IMSIParameter credImsi = credential.getImsi();
    /*
         * Uncomment to enforce strict IMSI matching with currently installed SIM cards.
         *
        TelephonyManager tm = TelephonyManager.from(context);
        SubscriptionManager sub = SubscriptionManager.from(context);
        boolean match = false;

        for (int subId : sub.getActiveSubscriptionIdList()) {
            String imsi = tm.getSubscriberId(subId);
            if (credImsi.matches(imsi)) {
                match = true;
                break;
            }
        }
        if (!match) {
            throw new IOException("Supplied IMSI does not match any SIM card");
        }
        */
    WifiConfiguration config = buildBaseConfiguration(homeSP);
    config.enterpriseConfig.setPlmn(credImsi.toString());
    return config;
}
Also used : Credential(com.android.hotspot2.pps.Credential) WifiConfiguration(android.net.wifi.WifiConfiguration) IMSIParameter(com.android.hotspot2.IMSIParameter)

Example 49 with HomeSP

use of com.android.hotspot2.pps.HomeSP in project platform_frameworks_base by android.

the class ConfigBuilder method buildTLSConfig.

private static WifiConfiguration buildTLSConfig(HomeSP homeSP, List<X509Certificate> clientChain, PrivateKey clientKey) throws IOException, GeneralSecurityException {
    Credential credential = homeSP.getCredential();
    X509Certificate clientCertificate = null;
    if (clientKey == null || clientChain == null) {
        throw new IOException("No key and/or cert passed for EAP-TLS");
    }
    if (credential.getCertType() != Credential.CertType.x509v3) {
        throw new IOException("Invalid certificate type for TLS: " + credential.getCertType());
    }
    byte[] reference = credential.getFingerPrint();
    MessageDigest digester = MessageDigest.getInstance("SHA-256");
    for (X509Certificate certificate : clientChain) {
        digester.reset();
        byte[] fingerprint = digester.digest(certificate.getEncoded());
        if (Arrays.equals(reference, fingerprint)) {
            clientCertificate = certificate;
            break;
        }
    }
    if (clientCertificate == null) {
        throw new IOException("No certificate in chain matches supplied fingerprint");
    }
    String alias = Base64.encodeToString(reference, Base64.DEFAULT);
    WifiConfiguration config = buildBaseConfiguration(homeSP);
    WifiEnterpriseConfig enterpriseConfig = config.enterpriseConfig;
    enterpriseConfig.setClientCertificateAlias(alias);
    enterpriseConfig.setClientKeyEntry(clientKey, clientCertificate);
    return config;
}
Also used : WifiEnterpriseConfig(android.net.wifi.WifiEnterpriseConfig) Credential(com.android.hotspot2.pps.Credential) WifiConfiguration(android.net.wifi.WifiConfiguration) IOException(java.io.IOException) MessageDigest(java.security.MessageDigest) X509Certificate(java.security.cert.X509Certificate)

Example 50 with HomeSP

use of com.android.hotspot2.pps.HomeSP in project platform_frameworks_base by android.

the class OSUClient method remediate.

public void remediate(OSUManager osuManager, Network network, KeyManager km, HomeSP homeSP, int flowType) throws IOException, GeneralSecurityException {
    try (HTTPHandler httpHandler = createHandler(network, homeSP, km, flowType)) {
        URL redirectURL = osuManager.prepareUserInput(homeSP.getFriendlyName());
        OMADMAdapter omadmAdapter = osuManager.getOMADMAdapter();
        String regRequest = SOAPBuilder.buildPostDevDataResponse(RequestReason.SubRemediation, null, redirectURL.toString(), omadmAdapter.getMO(OMAConstants.DevInfoURN), omadmAdapter.getMO(OMAConstants.DevDetailURN));
        OSUResponse serverResponse = httpHandler.exchangeSOAP(mURL, regRequest);
        if (serverResponse.getMessageType() != OSUMessageType.PostDevData) {
            throw new IOException("Expected a PostDevDataResponse");
        }
        String sessionID = serverResponse.getSessionID();
        PostDevDataResponse pddResponse = (PostDevDataResponse) serverResponse;
        Log.d(TAG, "Remediation response: " + pddResponse);
        Map<OSUCertType, List<X509Certificate>> certs = null;
        PrivateKey clientKey = null;
        if (pddResponse.getStatus() != OSUStatus.RemediationComplete) {
            if (pddResponse.getExecCommand() == ExecCommand.UploadMO) {
                String ulMessage = SOAPBuilder.buildPostDevDataResponse(RequestReason.MOUpload, null, redirectURL.toString(), omadmAdapter.getMO(OMAConstants.DevInfoURN), omadmAdapter.getMO(OMAConstants.DevDetailURN), osuManager.getMOTree(homeSP));
                Log.d(TAG, "Upload MO: " + ulMessage);
                OSUResponse ulResponse = httpHandler.exchangeSOAP(mURL, ulMessage);
                if (ulResponse.getMessageType() != OSUMessageType.PostDevData) {
                    throw new IOException("Expected a PostDevDataResponse to MOUpload");
                }
                pddResponse = (PostDevDataResponse) ulResponse;
            }
            if (pddResponse.getExecCommand() == ExecCommand.Browser) {
                if (flowType == OSUManager.FLOW_POLICY) {
                    throw new IOException("Browser launch requested in policy flow");
                }
                String webURL = ((BrowserURI) pddResponse.getCommandData()).getURI();
                if (webURL == null) {
                    throw new IOException("No web-url");
                } else if (!webURL.contains(sessionID)) {
                    throw new IOException("Bad or missing session ID in webURL");
                }
                if (!osuManager.startUserInput(new URL(webURL), network)) {
                    throw new IOException("User session failed");
                }
                Log.d(TAG, " -- Sending user input complete:");
                String userComplete = SOAPBuilder.buildPostDevDataResponse(RequestReason.InputComplete, sessionID, null, omadmAdapter.getMO(OMAConstants.DevInfoURN), omadmAdapter.getMO(OMAConstants.DevDetailURN));
                OSUResponse udResponse = httpHandler.exchangeSOAP(mURL, userComplete);
                if (udResponse.getMessageType() != OSUMessageType.PostDevData) {
                    throw new IOException("Bad user input complete response: " + udResponse);
                }
                pddResponse = (PostDevDataResponse) udResponse;
            } else if (pddResponse.getExecCommand() == ExecCommand.GetCert) {
                certs = new HashMap<>();
                try (ESTHandler estHandler = new ESTHandler((GetCertData) pddResponse.getCommandData(), network, osuManager.getOMADMAdapter(), km, mKeyStore, homeSP, flowType)) {
                    estHandler.execute(true);
                    certs.put(OSUCertType.CA, estHandler.getCACerts());
                    certs.put(OSUCertType.Client, estHandler.getClientCerts());
                    clientKey = estHandler.getClientKey();
                }
                if (httpHandler.isHTTPAuthPerformed()) {
                    // 8.4.3.6
                    httpHandler.renegotiate(certs, clientKey);
                }
                Log.d(TAG, " -- Sending remediation cert enrollment complete:");
                // 8.4.3.5 in the spec actually prescribes that an update URI is sent here,
                // but there is no remediation flow that defines user interaction after EST
                // so for now a null is passed.
                String certComplete = SOAPBuilder.buildPostDevDataResponse(RequestReason.CertEnrollmentComplete, sessionID, null, omadmAdapter.getMO(OMAConstants.DevInfoURN), omadmAdapter.getMO(OMAConstants.DevDetailURN));
                OSUResponse ceResponse = httpHandler.exchangeSOAP(mURL, certComplete);
                if (ceResponse.getMessageType() != OSUMessageType.PostDevData) {
                    throw new IOException("Bad cert enrollment complete response: " + ceResponse);
                }
                pddResponse = (PostDevDataResponse) ceResponse;
            } else {
                throw new IOException("Unexpected command: " + pddResponse.getExecCommand());
            }
        }
        if (pddResponse.getStatus() != OSUStatus.RemediationComplete) {
            throw new IOException("Expected a PostDevDataResponse to MOUpload");
        }
        Log.d(TAG, "Remediation response: " + pddResponse);
        List<MOData> mods = new ArrayList<>();
        for (OSUCommand command : pddResponse.getCommands()) {
            if (command.getOSUCommand() == OSUCommandID.UpdateNode) {
                mods.add((MOData) command.getCommandData());
            } else if (command.getOSUCommand() != OSUCommandID.NoMOUpdate) {
                throw new IOException("Unexpected OSU response: " + command);
            }
        }
        // 1. Machine remediation: Remediation complete + replace node
        // 2a. User remediation with upload: ExecCommand.UploadMO
        // 2b. User remediation without upload: ExecCommand.Browser
        // 3. User remediation only: -> sppPostDevData user input complete
        //
        // 4. Update node
        // 5. -> Update response
        // 6. Exchange complete
        OSUError error = null;
        String updateResponse = SOAPBuilder.buildUpdateResponse(sessionID, error);
        Log.d(TAG, " -- Sending updateResponse:");
        OSUResponse exComplete = httpHandler.exchangeSOAP(mURL, updateResponse);
        Log.d(TAG, "exComplete response: " + exComplete);
        if (exComplete.getMessageType() != OSUMessageType.ExchangeComplete) {
            throw new IOException("Expected ExchangeComplete: " + exComplete);
        } else if (exComplete.getStatus() != OSUStatus.ExchangeComplete) {
            throw new IOException("Bad ExchangeComplete status: " + exComplete);
        }
        // the network is lost and the remediation flow fails.
        try {
            osuManager.remediationComplete(homeSP, mods, certs, clientKey);
        } catch (IOException | GeneralSecurityException e) {
            osuManager.provisioningFailed(homeSP.getFriendlyName(), e.getMessage(), homeSP, OSUManager.FLOW_REMEDIATION);
            error = OSUError.CommandFailed;
        }
    }
}
Also used : PrivateKey(java.security.PrivateKey) HashMap(java.util.HashMap) ESTHandler(com.android.hotspot2.est.ESTHandler) GeneralSecurityException(java.security.GeneralSecurityException) ArrayList(java.util.ArrayList) IOException(java.io.IOException) OMADMAdapter(com.android.hotspot2.OMADMAdapter) URL(java.net.URL) MOData(com.android.hotspot2.osu.commands.MOData) BrowserURI(com.android.hotspot2.osu.commands.BrowserURI) ArrayList(java.util.ArrayList) List(java.util.List) GetCertData(com.android.hotspot2.osu.commands.GetCertData)

Aggregations

HomeSP (com.android.hotspot2.pps.HomeSP)50 IOException (java.io.IOException)45 Credential (com.android.hotspot2.pps.Credential)35 WifiConfiguration (android.net.wifi.WifiConfiguration)25 HashMap (java.util.HashMap)16 WifiEnterpriseConfig (android.net.wifi.WifiEnterpriseConfig)15 X509Certificate (java.security.cert.X509Certificate)15 ArrayList (java.util.ArrayList)12 EAPMethod (com.android.anqp.eap.EAPMethod)10 NonEAPInnerAuth (com.android.anqp.eap.NonEAPInnerAuth)10 MOData (com.android.hotspot2.osu.commands.MOData)10 UpdateInfo (com.android.hotspot2.pps.UpdateInfo)10 BufferedInputStream (java.io.BufferedInputStream)10 FileInputStream (java.io.FileInputStream)10 GeneralSecurityException (java.security.GeneralSecurityException)10 SAXException (org.xml.sax.SAXException)10 List (java.util.List)6 Network (android.net.Network)5 WifiInfo (android.net.wifi.WifiInfo)5 AuthParam (com.android.anqp.eap.AuthParam)5