Fixed up EAP-TLS remediation.
Change-Id: I318a78593c9da06a26f69b62a29fabce2d2e61bd
This commit is contained in:
Jan Nordqvist
@@ -239,6 +239,10 @@ public class MainActivity extends Activity {
|
||||
|
||||
@Override
|
||||
protected void onHandleIntent(Intent intent) {
|
||||
if (intent == null) {
|
||||
Log.d(OSUManager.TAG, "Null intent!");
|
||||
return;
|
||||
}
|
||||
Bundle bundle = intent.getExtras();
|
||||
WifiManager wifiManager = (WifiManager) getSystemService(Context.WIFI_SERVICE);
|
||||
Log.d(OSUManager.TAG, "OSU Service got intent: " + intent.getStringExtra(ACTION_KEY));
|
||||
@@ -283,7 +287,26 @@ public class MainActivity extends Activity {
|
||||
bundle.getByteArray(WifiManager.EXTRA_PASSPOINT_ICON_DATA));
|
||||
break;
|
||||
case WifiManager.CONFIGURED_NETWORKS_CHANGED_ACTION:
|
||||
mOsuManager.networkConfigChange((WifiConfiguration)
|
||||
boolean multiNetwork =
|
||||
bundle.getBoolean(WifiManager.EXTRA_MULTIPLE_NETWORKS_CHANGED, false);
|
||||
if (multiNetwork) {
|
||||
mOsuManager.networkChanged(null);
|
||||
} else {
|
||||
WifiConfiguration configuration =
|
||||
intent.getParcelableExtra(WifiManager.EXTRA_WIFI_CONFIGURATION);
|
||||
switch (bundle.getInt(WifiManager.EXTRA_CHANGE_REASON,
|
||||
WifiManager.CHANGE_REASON_CONFIG_CHANGE)) {
|
||||
case WifiManager.CHANGE_REASON_ADDED:
|
||||
break;
|
||||
case WifiManager.CHANGE_REASON_REMOVED:
|
||||
mOsuManager.networkDeleted(configuration);
|
||||
break;
|
||||
case WifiManager.CHANGE_REASON_CONFIG_CHANGE:
|
||||
mOsuManager.networkChanged(configuration);
|
||||
break;
|
||||
}
|
||||
}
|
||||
mOsuManager.networkChanged((WifiConfiguration)
|
||||
intent.getParcelableExtra(WifiManager.EXTRA_WIFI_CONFIGURATION));
|
||||
break;
|
||||
case WifiManager.WIFI_STATE_CHANGED_ACTION:
|
||||
|
||||
@@ -82,6 +82,7 @@ public class WifiNetworkAdapter {
|
||||
}
|
||||
|
||||
public void networkConfigChange(WifiConfiguration configuration) {
|
||||
// !!! Watch out for changed r2 configs - remove the MO.
|
||||
loadAllSps();
|
||||
}
|
||||
|
||||
@@ -100,6 +101,7 @@ public class WifiNetworkAdapter {
|
||||
}
|
||||
}
|
||||
Log.d(OSUManager.TAG, "Loaded " + count + " SPs");
|
||||
// !!! Detect adds/deletes
|
||||
}
|
||||
|
||||
public Collection<HomeSP> getLoadedSPs() {
|
||||
@@ -185,6 +187,14 @@ public class WifiNetworkAdapter {
|
||||
return passpointConfig != null ? passpointConfig.getWifiConfiguration() : null;
|
||||
}
|
||||
|
||||
public HomeSP getHomeSP(WifiConfiguration configuration) {
|
||||
if (configuration.isPasspoint()) {
|
||||
PasspointConfig config = mPasspointConfigs.get(configuration.FQDN);
|
||||
return config != null ? config.getHomeSP() : null;
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
public HomeSP getCurrentSP() {
|
||||
PasspointConfig passpointConfig = getActivePasspointConfig();
|
||||
return passpointConfig != null ? passpointConfig.getHomeSP() : null;
|
||||
|
||||
@@ -85,14 +85,8 @@ public class ClientKeyManager implements X509KeyManager {
|
||||
return null;
|
||||
}
|
||||
try {
|
||||
List<X509Certificate> certs = new ArrayList<>();
|
||||
for (Certificate certificate :
|
||||
mKeyStore.getCertificateChain(mAliasMap.get(OSUCertType.Client))) {
|
||||
if (certificate instanceof X509Certificate) {
|
||||
certs.add((X509Certificate) certificate);
|
||||
}
|
||||
}
|
||||
return certs.toArray(new X509Certificate[certs.size()]);
|
||||
Certificate cert = mKeyStore.getCertificate(alias);
|
||||
return new X509Certificate[] {(X509Certificate) cert};
|
||||
} catch (KeyStoreException kse) {
|
||||
Log.w(OSUManager.TAG, "Failed to retrieve certificates: " + kse);
|
||||
return null;
|
||||
|
||||
@@ -98,6 +98,7 @@ public class OSUManager {
|
||||
private final SubscriptionTimer mSubscriptionTimer;
|
||||
private final Set<String> mOSUSSIDs = new HashSet<>();
|
||||
private final Map<OSUProvider, OSUInfo> mOSUMap = new HashMap<>();
|
||||
private final File mKeyStoreFile;
|
||||
private final KeyStore mKeyStore;
|
||||
private volatile RedirectListener mRedirectListener;
|
||||
private final AtomicInteger mOSUSequence = new AtomicInteger();
|
||||
@@ -115,11 +116,12 @@ public class OSUManager {
|
||||
mWifiNetworkAdapter = new WifiNetworkAdapter(context, this);
|
||||
mSubscriptionTimer = new SubscriptionTimer(this, mWifiNetworkAdapter, context);
|
||||
mOSUCache = new OSUCache();
|
||||
mKeyStoreFile = new File(context.getFilesDir(), KEYSTORE_FILE);
|
||||
Log.d(TAG, "KS file: " + mKeyStoreFile.getPath());
|
||||
KeyStore ks = null;
|
||||
try {
|
||||
//ks = loadKeyStore(KEYSTORE_FILE, readCertsFromDisk(WFA_CA_LOC));
|
||||
ks = loadKeyStore(new File(context.getFilesDir(), KEYSTORE_FILE),
|
||||
OSUSocketFactory.buildCertSet());
|
||||
ks = loadKeyStore(mKeyStoreFile, OSUSocketFactory.buildCertSet());
|
||||
} catch (IOException e) {
|
||||
Log.e(TAG, "Failed to initialize Passpoint keystore, OSU disabled", e);
|
||||
}
|
||||
@@ -462,7 +464,15 @@ public class OSUManager {
|
||||
}
|
||||
}
|
||||
|
||||
public void networkConfigChange(WifiConfiguration configuration) {
|
||||
public void networkDeleted(WifiConfiguration configuration) {
|
||||
Log.d("ZXZ", "Network deleted: " + configuration.FQDN);
|
||||
HomeSP homeSP = mWifiNetworkAdapter.getHomeSP(configuration);
|
||||
if (homeSP != null) {
|
||||
spDeleted(homeSP.getFQDN());
|
||||
}
|
||||
}
|
||||
|
||||
public void networkChanged(WifiConfiguration configuration) {
|
||||
mWifiNetworkAdapter.networkConfigChange(configuration);
|
||||
}
|
||||
|
||||
@@ -657,7 +667,7 @@ public class OSUManager {
|
||||
FlowWorker flowWorker = new FlowWorker(network, url, this,
|
||||
getKeyManager(homeSP, mKeyStore), homeSP, FlowType.Remediation);
|
||||
|
||||
if (wifiInfo.getNetworkId() == mActiveNetwork.netId) {
|
||||
if (mActiveNetwork != null && wifiInfo.getNetworkId() == mActiveNetwork.netId) {
|
||||
startOsuFlow(flowWorker);
|
||||
} else {
|
||||
mRemediationFlow = flowWorker;
|
||||
@@ -786,15 +796,15 @@ public class OSUManager {
|
||||
Set<X509Certificate> rootCerts = OSUSocketFactory.getRootCerts(mKeyStore);
|
||||
X509Certificate remCert = getCert(certs, OSUCertType.Remediation);
|
||||
X509Certificate polCert = getCert(certs, OSUCertType.Policy);
|
||||
int newCerts = 0;
|
||||
if (privateKey != null) {
|
||||
X509Certificate cltCert = getCert(certs, OSUCertType.Client);
|
||||
mKeyStore.setKeyEntry(CERT_CLT_KEY_ALIAS + homeSP.getFQDN(),
|
||||
privateKey.getEncoded(),
|
||||
new X509Certificate[]{cltCert});
|
||||
mKeyStore.setCertificateEntry(CERT_CLT_CERT_ALIAS, cltCert);
|
||||
privateKey, null, new X509Certificate[]{cltCert});
|
||||
mKeyStore.setCertificateEntry(CERT_CLT_CERT_ALIAS + homeSP.getFQDN(), cltCert);
|
||||
newCerts++;
|
||||
}
|
||||
boolean usingShared = false;
|
||||
int newCerts = 0;
|
||||
if (remCert != null) {
|
||||
if (!rootCerts.contains(remCert)) {
|
||||
if (remCert.equals(polCert)) {
|
||||
@@ -817,8 +827,9 @@ public class OSUManager {
|
||||
}
|
||||
}
|
||||
|
||||
Log.d("ZXZ", "Got " + newCerts + " new certs.");
|
||||
if (newCerts > 0) {
|
||||
try (FileOutputStream out = new FileOutputStream(KEYSTORE_FILE)) {
|
||||
try (FileOutputStream out = new FileOutputStream(mKeyStoreFile)) {
|
||||
mKeyStore.store(out, null);
|
||||
}
|
||||
}
|
||||
@@ -845,6 +856,8 @@ public class OSUManager {
|
||||
int count = deleteCerts(mKeyStore, fqdn,
|
||||
CERT_REM_ALIAS, CERT_POLICY_ALIAS, CERT_SHARED_ALIAS, CERT_CLT_CERT_ALIAS);
|
||||
|
||||
Log.d(TAG, "Passpoint network deleted, removing " + count + " key store entries");
|
||||
|
||||
try {
|
||||
if (mKeyStore.getKey(CERT_CLT_KEY_ALIAS + fqdn, null) != null) {
|
||||
mKeyStore.deleteEntry(CERT_CLT_KEY_ALIAS + fqdn);
|
||||
@@ -854,7 +867,7 @@ public class OSUManager {
|
||||
}
|
||||
|
||||
if (count > 0) {
|
||||
try (FileOutputStream out = new FileOutputStream(KEYSTORE_FILE)) {
|
||||
try (FileOutputStream out = new FileOutputStream(mKeyStoreFile)) {
|
||||
mKeyStore.store(out, null);
|
||||
} catch (IOException | GeneralSecurityException e) {
|
||||
Log.w(TAG, "Failed to remove certs from key store: " + e);
|
||||
|
||||
Reference in New Issue
Block a user