Update Wifi to use new keystore function

The old wpa_supplicant.conf format used a special URI prefix "keystore://" for the private_key value to indicate when to load things from keystore. The new format uses an OpenSSL ENGINE to perform operations with the private key, so we don't need the special URI prefix. This changes enables that usage and also supports migrating the old style configuration to the new style. Change-Id: Ibdf2322743eaa129bd2aa5e874f197b573714b57
author: Kenny Root <kroot@google.com> 2012-03-21 09:36:47 -0700
committer: Kenny Root <kroot@google.com> 2012-03-21 14:34:36 -0700
commit: 565f9f216aa87f11d451ae6532d5153001a386bf (patch)
tree: fef059aace818123da170964c337cbb6aa6b9c4b /wifi/java
parent: 5423e68d5dbe048ec6f042cce52a33f94184e9fb (diff)
download: frameworks_base-565f9f216aa87f11d451ae6532d5153001a386bf.zip
frameworks_base-565f9f216aa87f11d451ae6532d5153001a386bf.tar.gz
frameworks_base-565f9f216aa87f11d451ae6532d5153001a386bf.tar.bz2
2 files changed, 94 insertions, 4 deletions
diff --git a/wifi/java/android/net/wifi/WifiConfigStore.java b/wifi/java/android/net/wifi/WifiConfigStore.java
index 46ad036..c648568 100644
--- a/wifi/java/android/net/wifi/WifiConfigStore.java
+++ b/wifi/java/android/net/wifi/WifiConfigStore.java
@@ -25,6 +25,7 @@ import android.net.NetworkUtils;
 import android.net.NetworkInfo.DetailedState;
 import android.net.ProxyProperties;
 import android.net.RouteInfo;
+import android.net.wifi.WifiConfiguration.EnterpriseField;
 import android.net.wifi.WifiConfiguration.IpAssignment;
 import android.net.wifi.WifiConfiguration.KeyMgmt;
 import android.net.wifi.WifiConfiguration.ProxySettings;
@@ -1092,7 +1093,7 @@ class WifiConfigStore {
                 String varName = field.varName();
                 String value = field.value();
                 if (value != null) {
-                    if (field != config.eap) {
+                    if (field != config.eap && field != config.engine) {
                         value = (value.length() == 0) ? "NULL" : convertToQuotedString(value);
                     }
                     if (!mWifiNative.setNetworkVariable(
@@ -1399,10 +1400,68 @@ class WifiConfigStore {
             value = mWifiNative.getNetworkVariable(netId,
                     field.varName());
             if (!TextUtils.isEmpty(value)) {
-                if (field != config.eap) value = removeDoubleQuotes(value);
+                if (field != config.eap && field != config.engine) {
+                    value = removeDoubleQuotes(value);
+                }
                 field.setValue(value);
             }
         }
+
+        migrateOldEapTlsIfNecessary(config, netId);
+    }
+
+    /**
+     * Migration code for old EAP-TLS configurations. This should only be used
+     * when restoring an old wpa_supplicant.conf or upgrading from a previous
+     * platform version.
+     *
+     * @param config the configuration to be migrated
+     * @param netId the wpa_supplicant's net ID
+     * @param value the old private_key value
+     */
+    private void migrateOldEapTlsIfNecessary(WifiConfiguration config, int netId) {
+        String value = mWifiNative.getNetworkVariable(netId,
+                WifiConfiguration.OLD_PRIVATE_KEY_NAME);
+        /*
+         * If the old configuration value is not present, then there is nothing
+         * to do.
+         */
+        if (TextUtils.isEmpty(value)) {
+            return;
+        } else {
+            // Also ignore it if it's empty quotes.
+            value = removeDoubleQuotes(value);
+            if (TextUtils.isEmpty(value)) {
+                return;
+            }
+        }
+
+        config.engine.setValue(WifiConfiguration.ENGINE_ENABLE);
+        config.engine_id.setValue(convertToQuotedString(WifiConfiguration.KEYSTORE_ENGINE_ID));
+
+        /*
+         * The old key started with the keystore:// URI prefix, but we don't
+         * need that anymore. Trim it off if it exists.
+         */
+        final String keyName;
+        if (value.startsWith(WifiConfiguration.KEYSTORE_URI)) {
+            keyName = new String(value.substring(WifiConfiguration.KEYSTORE_URI.length()));
+        } else {
+            keyName = value;
+        }
+        config.key_id.setValue(convertToQuotedString(keyName));
+
+        // Now tell the wpa_supplicant the new configuration values.
+        final EnterpriseField needsUpdate[] = { config.engine, config.engine_id, config.key_id };
+        for (EnterpriseField field : needsUpdate) {
+            mWifiNative.setNetworkVariable(netId, field.varName(), field.value());
+        }
+
+        // Remove old private_key string so we don't run this again.
+        mWifiNative.setNetworkVariable(netId, WifiConfiguration.OLD_PRIVATE_KEY_NAME,
+                convertToQuotedString(""));
+
+        saveConfig();
     }
 
     private String removeDoubleQuotes(String string) {
diff --git a/wifi/java/android/net/wifi/WifiConfiguration.java b/wifi/java/android/net/wifi/WifiConfiguration.java
index 85a6f27..dfc1b18 100644
--- a/wifi/java/android/net/wifi/WifiConfiguration.java
+++ b/wifi/java/android/net/wifi/WifiConfiguration.java
@@ -29,6 +29,33 @@ import java.util.BitSet;
  */
 public class WifiConfiguration implements Parcelable {
 
+    /**
+     * In old configurations, the "private_key" field was used. However, newer
+     * configurations use the key_id field with the engine_id set to "keystore".
+     * If this field is found in the configuration, the migration code is
+     * triggered.
+     * @hide
+     */
+    public static final String OLD_PRIVATE_KEY_NAME = "private_key";
+
+    /**
+     * String representing the keystore OpenSSL ENGINE's ID.
+     * @hide
+     */
+    public static final String KEYSTORE_ENGINE_ID = "keystore";
+
+    /**
+     * String representing the keystore URI used for wpa_supplicant.
+     * @hide
+     */
+    public static final String KEYSTORE_URI = "keystore://";
+
+    /**
+     * String to set the engine value to when it should be enabled.
+     * @hide
+     */
+    public static final String ENGINE_ENABLE = "1";
+
     /** {@hide} */
     public static final String ssidVarName = "ssid";
     /** {@hide} */
@@ -82,14 +109,18 @@ public class WifiConfiguration implements Parcelable {
     /** {@hide} */
     public EnterpriseField client_cert = new EnterpriseField("client_cert");
     /** {@hide} */
-    public EnterpriseField private_key = new EnterpriseField("private_key");
+    public EnterpriseField engine = new EnterpriseField("engine");
+    /** {@hide} */
+    public EnterpriseField engine_id = new EnterpriseField("engine_id");
+    /** {@hide} */
+    public EnterpriseField key_id = new EnterpriseField("key_id");
     /** {@hide} */
     public EnterpriseField ca_cert = new EnterpriseField("ca_cert");
 
     /** {@hide} */
     public EnterpriseField[] enterpriseFields = {
             eap, phase2, identity, anonymous_identity, password, client_cert,
-            private_key, ca_cert };
+            engine, engine_id, key_id, ca_cert };
 
     /**
      * Recognized key management schemes.
author	Kenny Root <kroot@google.com>	2012-03-21 09:36:47 -0700
committer	Kenny Root <kroot@google.com>	2012-03-21 14:34:36 -0700
commit	565f9f216aa87f11d451ae6532d5153001a386bf (patch)
tree	fef059aace818123da170964c337cbb6aa6b9c4b /wifi/java
parent	5423e68d5dbe048ec6f042cce52a33f94184e9fb (diff)
download	frameworks_base-565f9f216aa87f11d451ae6532d5153001a386bf.zip frameworks_base-565f9f216aa87f11d451ae6532d5153001a386bf.tar.gz frameworks_base-565f9f216aa87f11d451ae6532d5153001a386bf.tar.bz2