1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
|
/*
* Copyright (C) 2013 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package android.net.wifi;
import android.os.Parcel;
import android.os.Parcelable;
import android.security.Credentials;
import android.text.TextUtils;
import java.util.HashMap;
import java.util.Map;
/** Enterprise configuration details for Wi-Fi @hide */
public class WifiEnterpriseConfig implements Parcelable {
private static final String TAG = "WifiEnterpriseConfig";
/**
* In old configurations, the "private_key" field was used. However, newer
* configurations use the key_id field with the engine_id set to "keystore".
* If this field is found in the configuration, the migration code is
* triggered.
*/
private static final String OLD_PRIVATE_KEY_NAME = "private_key";
/**
* String representing the keystore OpenSSL ENGINE's ID.
*/
private static final String ENGINE_ID_KEYSTORE = "keystore";
/**
* String representing the keystore URI used for wpa_supplicant.
*/
private static final String KEYSTORE_URI = "keystore://";
/**
* String to set the engine value to when it should be enabled.
*/
private static final String ENGINE_ENABLE = "1";
/**
* String to set the engine value to when it should be disabled.
*/
private static final String ENGINE_DISABLE = "0";
private static final String CA_CERT_PREFIX = KEYSTORE_URI + Credentials.CA_CERTIFICATE;
private static final String CLIENT_CERT_PREFIX = KEYSTORE_URI + Credentials.USER_CERTIFICATE;
private static final String EAP_KEY = "eap";
private static final String PHASE2_KEY = "phase2";
private static final String IDENTITY_KEY = "identity";
private static final String ANON_IDENTITY_KEY = "anonymous_identity";
private static final String PASSWORD_KEY = "password";
private static final String CLIENT_CERT_KEY = "client_cert";
private static final String CA_CERT_KEY = "ca_cert";
private static final String SUBJECT_MATCH_KEY = "subject_match";
private static final String ENGINE_KEY = "engine";
private static final String ENGINE_ID_KEY = "engine_id";
private static final String PRIVATE_KEY_ID_KEY = "key_id";
private HashMap<String, String> mFields = new HashMap<String, String>();
/** This represents an empty value of an enterprise field.
* NULL is used at wpa_supplicant to indicate an empty value
*/
private static final String EMPTY_VALUE = "NULL";
public WifiEnterpriseConfig() {
// Set the required defaults
mFields.put(EAP_KEY, Eap.strings[Eap.PEAP]);
mFields.put(ENGINE_KEY, ENGINE_DISABLE);
for (String key : new String[] {PHASE2_KEY, IDENTITY_KEY, ANON_IDENTITY_KEY,
PASSWORD_KEY, CLIENT_CERT_KEY, ENGINE_ID_KEY, PRIVATE_KEY_ID_KEY,
CA_CERT_KEY, SUBJECT_MATCH_KEY}) {
mFields.put(key, EMPTY_VALUE);
}
}
/** Copy constructor */
public WifiEnterpriseConfig(WifiEnterpriseConfig source) {
for (String key : source.mFields.keySet()) {
mFields.put(key, source.mFields.get(key));
}
}
@Override
public int describeContents() {
return 0;
}
/** @Override */
public void writeToParcel(Parcel dest, int flags) {
dest.writeInt(mFields.size());
for (Map.Entry<String, String> entry : mFields.entrySet()) {
dest.writeString(entry.getKey());
dest.writeString(entry.getValue());
}
}
/** @Override */
public static final Creator<WifiEnterpriseConfig> CREATOR =
new Creator<WifiEnterpriseConfig>() {
public WifiEnterpriseConfig createFromParcel(Parcel in) {
WifiEnterpriseConfig enterpriseConfig = new WifiEnterpriseConfig();
int count = in.readInt();
for (int i = 0; i < count; i++) {
String key = in.readString();
String value = in.readString();
enterpriseConfig.mFields.put(key, value);
}
return enterpriseConfig;
}
public WifiEnterpriseConfig[] newArray(int size) {
return new WifiEnterpriseConfig[size];
}
};
public static final class Eap {
public static final int PEAP = 0;
public static final int TLS = 1;
public static final int TTLS = 2;
public static final int PWD = 3;
/** @hide */
public static final String[] strings = { "PEAP", "TLS", "TTLS", "PWD" };
}
public static final class Phase2 {
public static final int NONE = 0;
public static final int PAP = 1;
public static final int MSCHAP = 2;
public static final int MSCHAPV2 = 3;
public static final int GTC = 4;
private static final String PREFIX = "auth=";
/** @hide */
public static final String[] strings = {EMPTY_VALUE, "PAP", "MSCHAP", "MSCHAPV2", "GTC" };
}
/** Internal use only @hide */
public HashMap<String, String> getFields() {
return mFields;
}
/**
* Set the EAP authentication method.
* @param eapMethod is one {@link Eap#PEAP}, {@link Eap#TLS}, {@link Eap#TTLS} or
* {@link Eap#PWD}
*/
public void setEapMethod(int eapMethod) {
switch (eapMethod) {
/** Valid methods */
case Eap.PEAP:
case Eap.PWD:
case Eap.TLS:
case Eap.TTLS:
mFields.put(EAP_KEY, Eap.strings[eapMethod]);
break;
default:
throw new IllegalArgumentException("Unknown EAP method");
}
}
/**
* Get the eap method.
* @return eap method configured
*/
public int getEapMethod() {
String eapMethod = mFields.get(EAP_KEY);
return getStringIndex(Eap.strings, eapMethod, Eap.PEAP);
}
/**
* Set Phase 2 authentication method. Sets the inner authentication method to be used in
* phase 2 after setting up a secure channel
* @param phase2Method is the inner authentication method and can be one of {@link Phase2#NONE},
* {@link Phase2#PAP}, {@link Phase2#MSCHAP}, {@link Phase2#MSCHAPV2},
* {@link Phase2#GTC}
*
*/
public void setPhase2Method(int phase2Method) {
switch (phase2Method) {
case Phase2.NONE:
mFields.put(PHASE2_KEY, EMPTY_VALUE);
break;
/** Valid methods */
case Phase2.PAP:
case Phase2.MSCHAP:
case Phase2.MSCHAPV2:
case Phase2.GTC:
mFields.put(PHASE2_KEY, convertToQuotedString(
Phase2.PREFIX + Phase2.strings[phase2Method]));
break;
default:
throw new IllegalArgumentException("Unknown Phase 2 method");
}
}
/**
* Get the phase 2 authentication method.
* @return a phase 2 method defined at {@link Phase2}
* */
public int getPhase2Method() {
String phase2Method = mFields.get(PHASE2_KEY);
return getStringIndex(Phase2.strings, phase2Method, Phase2.NONE);
}
/**
* Set the identity
* @param identity
*/
public void setIdentity(String identity) {
setFieldValue(IDENTITY_KEY, identity, "");
}
/**
* Get the identity
* @return the identity
*/
public String getIdentity() {
return getFieldValue(IDENTITY_KEY, "");
}
/**
* Set anonymous identity. This is used as the unencrypted identity with
* certain EAP types
* @param anonymousIdentity the anonymous identity
*/
public void setAnonymousIdentity(String anonymousIdentity) {
setFieldValue(ANON_IDENTITY_KEY, anonymousIdentity, "");
}
/** Get the anonymous identity
* @return anonymous identity
*/
public String getAnonymousIdentity() {
return getFieldValue(ANON_IDENTITY_KEY, "");
}
/**
* Set the password.
* @param password the password
*/
public void setPassword(String password) {
setFieldValue(PASSWORD_KEY, password, "");
}
/**
* Set CA certificate alias.
*
* <p> See the {@link android.security.KeyChain} for details on installing or choosing
* a certificate
* </p>
* @param alias identifies the certificate
*/
public void setCaCertificate(String alias) {
setFieldValue(CA_CERT_KEY, alias, CA_CERT_PREFIX);
}
/**
* Get CA certificate alias
* @return alias to the CA certificate
*/
public String getCaCertificate() {
return getFieldValue(CA_CERT_KEY, CA_CERT_PREFIX);
}
/**
* Set Client certificate alias.
*
* <p> See the {@link android.security.KeyChain} for details on installing or choosing
* a certificate
* </p>
* @param alias identifies the certificate
*/
public void setClientCertificate(String alias) {
setFieldValue(CLIENT_CERT_KEY, alias, CLIENT_CERT_PREFIX);
setFieldValue(PRIVATE_KEY_ID_KEY, alias, Credentials.USER_PRIVATE_KEY);
// Also, set engine parameters
if (TextUtils.isEmpty(alias)) {
mFields.put(ENGINE_KEY, ENGINE_DISABLE);
mFields.put(ENGINE_ID_KEY, EMPTY_VALUE);
} else {
mFields.put(ENGINE_KEY, ENGINE_ENABLE);
mFields.put(ENGINE_ID_KEY, convertToQuotedString(ENGINE_ID_KEYSTORE));
}
}
/**
* Get client certificate alias
* @return alias to the client certificate
*/
public String getClientCertificate() {
return getFieldValue(CLIENT_CERT_KEY, CLIENT_CERT_PREFIX);
}
/**
* Set subject match. This is the substring to be matched against the subject of the
* authentication server certificate.
* @param subjectMatch substring to be matched
*/
public void setSubjectMatch(String subjectMatch) {
setFieldValue(SUBJECT_MATCH_KEY, subjectMatch, "");
}
/**
* Get subject match
* @return the subject match string
*/
public String getSubjectMatch() {
return getFieldValue(SUBJECT_MATCH_KEY, "");
}
/** Migrates the old style TLS config to the new config style. This should only be used
* when restoring an old wpa_supplicant.conf or upgrading from a previous
* platform version.
* @return true if the config was updated
* @hide
*/
public boolean migrateOldEapTlsNative(WifiNative wifiNative, int netId) {
String oldPrivateKey = wifiNative.getNetworkVariable(netId, OLD_PRIVATE_KEY_NAME);
/*
* If the old configuration value is not present, then there is nothing
* to do.
*/
if (TextUtils.isEmpty(oldPrivateKey)) {
return false;
} else {
// Also ignore it if it's empty quotes.
oldPrivateKey = removeDoubleQuotes(oldPrivateKey);
if (TextUtils.isEmpty(oldPrivateKey)) {
return false;
}
}
mFields.put(ENGINE_KEY, ENGINE_ENABLE);
mFields.put(ENGINE_ID_KEY, convertToQuotedString(ENGINE_ID_KEYSTORE));
/*
* The old key started with the keystore:// URI prefix, but we don't
* need that anymore. Trim it off if it exists.
*/
final String keyName;
if (oldPrivateKey.startsWith(KEYSTORE_URI)) {
keyName = new String(oldPrivateKey.substring(KEYSTORE_URI.length()));
} else {
keyName = oldPrivateKey;
}
mFields.put(PRIVATE_KEY_ID_KEY, convertToQuotedString(keyName));
wifiNative.setNetworkVariable(netId, ENGINE_KEY, mFields.get(ENGINE_KEY));
wifiNative.setNetworkVariable(netId, ENGINE_ID_KEY, mFields.get(ENGINE_ID_KEY));
wifiNative.setNetworkVariable(netId, PRIVATE_KEY_ID_KEY, mFields.get(PRIVATE_KEY_ID_KEY));
// Remove old private_key string so we don't run this again.
wifiNative.setNetworkVariable(netId, OLD_PRIVATE_KEY_NAME, EMPTY_VALUE);
return true;
}
private String removeDoubleQuotes(String string) {
int length = string.length();
if ((length > 1) && (string.charAt(0) == '"')
&& (string.charAt(length - 1) == '"')) {
return string.substring(1, length - 1);
}
return string;
}
private String convertToQuotedString(String string) {
return "\"" + string + "\"";
}
/** Returns the index at which the toBeFound string is found in the array.
* @param arr array of strings
* @param toBeFound string to be found
* @param defaultIndex default index to be returned when string is not found
* @return the index into array
*/
private int getStringIndex(String arr[], String toBeFound, int defaultIndex) {
for (int i = 0; i < arr.length; i++) {
// toBeFound can be formatted with a prefix. For example, phase2
// string has "auth=" as the prefix.
if (toBeFound.contains(arr[i])) return i;
}
return defaultIndex;
}
/** Returns the field value for the key.
* @param key into the hash
* @param prefix is the prefix that the value may have
* @return value
*/
private String getFieldValue(String key, String prefix) {
String value = mFields.get(key);
if (EMPTY_VALUE.equals(value)) return "";
return removeDoubleQuotes(value).substring(prefix.length());
}
/** Set a value with an optional prefix at key
* @param key into the hash
* @param value to be set
* @param prefix an optional value to be prefixed to actual value
*/
private void setFieldValue(String key, String value, String prefix) {
if (TextUtils.isEmpty(value)) {
mFields.put(key, EMPTY_VALUE);
} else {
mFields.put(key, convertToQuotedString(prefix + value));
}
}
@Override
public String toString() {
StringBuffer sb = new StringBuffer();
for (String key : mFields.keySet()) {
sb.append(key).append(" ").append(mFields.get(key)).append("\n");
}
return sb.toString();
}
}
|
