From c72c5625c69595501cb888f6086979abf7fd6161 Mon Sep 17 00:00:00 2001 From: Irfan Sheriff Date: Fri, 11 Jan 2013 14:03:55 -0800 Subject: [PATCH 1/6] Refactor enterprise config Change-Id: I7104250e80317fce6164385701a7caffbcd14813 --- .../android/net/wifi/WifiConfigStore.java | 101 +--- .../android/net/wifi/WifiConfiguration.java | 135 ++---- .../net/wifi/WifiEnterpriseConfig.aidl | 19 + .../net/wifi/WifiEnterpriseConfig.java | 430 ++++++++++++++++++ 4 files changed, 493 insertions(+), 192 deletions(-) create mode 100644 wifi/java/android/net/wifi/WifiEnterpriseConfig.aidl create mode 100644 wifi/java/android/net/wifi/WifiEnterpriseConfig.java diff --git a/wifi/java/android/net/wifi/WifiConfigStore.java b/wifi/java/android/net/wifi/WifiConfigStore.java index 84506b660945e..edf0e47ae73ee 100644 --- a/wifi/java/android/net/wifi/WifiConfigStore.java +++ b/wifi/java/android/net/wifi/WifiConfigStore.java @@ -25,7 +25,6 @@ import android.net.NetworkUtils; import android.net.NetworkInfo.DetailedState; import android.net.ProxyProperties; import android.net.RouteInfo; -import android.net.wifi.WifiConfiguration.EnterpriseField; import android.net.wifi.WifiConfiguration.IpAssignment; import android.net.wifi.WifiConfiguration.KeyMgmt; import android.net.wifi.WifiConfiguration.ProxySettings; @@ -1122,31 +1121,17 @@ class WifiConfigStore { break setVariables; } - for (WifiConfiguration.EnterpriseField field - : config.enterpriseFields) { - String varName = field.varName(); - String value = field.value(); - if (value != null) { - if (field == config.engine) { - /* - * If the field is declared as an integer, it must not - * be null - */ - if (value.length() == 0) { - value = "0"; - } - } else if (field != config.eap) { - value = (value.length() == 0) ? "NULL" : convertToQuotedString(value); - } + HashMap enterpriseFields = config.enterpriseConfig.getFields(); + for (String key : enterpriseFields.keySet()) { + String value = enterpriseFields.get(key); if (!mWifiNative.setNetworkVariable( netId, - varName, + key, value)) { - loge(config.SSID + ": failed to set " + varName + + loge(config.SSID + ": failed to set " + key + ": " + value); break setVariables; } - } } updateFailed = false; } @@ -1445,78 +1430,26 @@ class WifiConfigStore { } } - for (WifiConfiguration.EnterpriseField field : - config.enterpriseFields) { - value = mWifiNative.getNetworkVariable(netId, - field.varName()); + HashMap entepriseFields = config.enterpriseConfig.getFields(); + for (String key : entepriseFields.keySet()) { + value = mWifiNative.getNetworkVariable(netId, key); if (!TextUtils.isEmpty(value)) { - if (field != config.eap && field != config.engine) { - value = removeDoubleQuotes(value); - } - field.setValue(value); + entepriseFields.put(key, removeDoubleQuotes(value)); } } - migrateOldEapTlsIfNecessary(config, netId); - } - - /** - * Migration code for old EAP-TLS configurations. This should only be used - * when restoring an old wpa_supplicant.conf or upgrading from a previous - * platform version. - * - * @param config the configuration to be migrated - * @param netId the wpa_supplicant's net ID - * @param value the old private_key value - */ - private void migrateOldEapTlsIfNecessary(WifiConfiguration config, int netId) { - String value = mWifiNative.getNetworkVariable(netId, - WifiConfiguration.OLD_PRIVATE_KEY_NAME); - /* - * If the old configuration value is not present, then there is nothing - * to do. - */ - if (TextUtils.isEmpty(value)) { - return; - } else { - // Also ignore it if it's empty quotes. - value = removeDoubleQuotes(value); - if (TextUtils.isEmpty(value)) { - return; - } + if (config.enterpriseConfig.migrateOldEapTlsNative(mWifiNative, netId)) { + saveConfig(); } - - config.engine.setValue(WifiConfiguration.ENGINE_ENABLE); - config.engine_id.setValue(convertToQuotedString(WifiConfiguration.KEYSTORE_ENGINE_ID)); - - /* - * The old key started with the keystore:// URI prefix, but we don't - * need that anymore. Trim it off if it exists. - */ - final String keyName; - if (value.startsWith(WifiConfiguration.KEYSTORE_URI)) { - keyName = new String(value.substring(WifiConfiguration.KEYSTORE_URI.length())); - } else { - keyName = value; - } - config.key_id.setValue(convertToQuotedString(keyName)); - - // Now tell the wpa_supplicant the new configuration values. - final EnterpriseField needsUpdate[] = { config.engine, config.engine_id, config.key_id }; - for (EnterpriseField field : needsUpdate) { - mWifiNative.setNetworkVariable(netId, field.varName(), field.value()); - } - - // Remove old private_key string so we don't run this again. - mWifiNative.setNetworkVariable(netId, WifiConfiguration.OLD_PRIVATE_KEY_NAME, - convertToQuotedString("")); - - saveConfig(); } private String removeDoubleQuotes(String string) { - if (string.length() <= 2) return ""; - return string.substring(1, string.length() - 1); + int length = string.length(); + if ((length > 1) && (string.charAt(0) == '"') + && (string.charAt(length - 1) == '"')) { + return string.substring(1, length - 1); + } + return string; } private String convertToQuotedString(String string) { diff --git a/wifi/java/android/net/wifi/WifiConfiguration.java b/wifi/java/android/net/wifi/WifiConfiguration.java index c4fe1b4b35fbb..552356c0bdc69 100644 --- a/wifi/java/android/net/wifi/WifiConfiguration.java +++ b/wifi/java/android/net/wifi/WifiConfiguration.java @@ -24,44 +24,10 @@ import java.util.BitSet; /** * A class representing a configured Wi-Fi network, including the - * security configuration. Android will not necessarily support - * all of these security schemes initially. + * security configuration. */ public class WifiConfiguration implements Parcelable { - - /** - * In old configurations, the "private_key" field was used. However, newer - * configurations use the key_id field with the engine_id set to "keystore". - * If this field is found in the configuration, the migration code is - * triggered. - * @hide - */ - public static final String OLD_PRIVATE_KEY_NAME = "private_key"; - - /** - * String representing the keystore OpenSSL ENGINE's ID. - * @hide - */ - public static final String KEYSTORE_ENGINE_ID = "keystore"; - - /** - * String representing the keystore URI used for wpa_supplicant. - * @hide - */ - public static final String KEYSTORE_URI = "keystore://"; - - /** - * String to set the engine value to when it should be enabled. - * @hide - */ - public static final String ENGINE_ENABLE = "1"; - - /** - * String to set the engine value to when it should be disabled. - * @hide - */ - public static final String ENGINE_DISABLE = "0"; - + private static final String TAG = "WifiConfiguration"; /** {@hide} */ public static final String ssidVarName = "ssid"; /** {@hide} */ @@ -78,56 +44,6 @@ public class WifiConfiguration implements Parcelable { public static final String hiddenSSIDVarName = "scan_ssid"; /** {@hide} */ public static final int INVALID_NETWORK_ID = -1; - - /** {@hide} */ - public class EnterpriseField { - private String varName; - private String value; - - private EnterpriseField(String varName) { - this.varName = varName; - this.value = null; - } - - public void setValue(String value) { - this.value = value; - } - - public String varName() { - return varName; - } - - public String value() { - return value; - } - } - - /** {@hide} */ - public EnterpriseField eap = new EnterpriseField("eap"); - /** {@hide} */ - public EnterpriseField phase2 = new EnterpriseField("phase2"); - /** {@hide} */ - public EnterpriseField identity = new EnterpriseField("identity"); - /** {@hide} */ - public EnterpriseField anonymous_identity = new EnterpriseField("anonymous_identity"); - /** {@hide} */ - public EnterpriseField password = new EnterpriseField("password"); - /** {@hide} */ - public EnterpriseField client_cert = new EnterpriseField("client_cert"); - /** {@hide} */ - public EnterpriseField engine = new EnterpriseField("engine"); - /** {@hide} */ - public EnterpriseField engine_id = new EnterpriseField("engine_id"); - /** {@hide} */ - public EnterpriseField key_id = new EnterpriseField("key_id"); - /** {@hide} */ - public EnterpriseField ca_cert = new EnterpriseField("ca_cert"); - - /** {@hide} */ - public EnterpriseField[] enterpriseFields = { - eap, phase2, identity, anonymous_identity, password, client_cert, - engine, engine_id, key_id, ca_cert }; - /** * Recognized key management schemes. */ @@ -357,6 +273,11 @@ public class WifiConfiguration implements Parcelable { * Defaults to CCMP TKIP WEP104 WEP40. */ public BitSet allowedGroupCiphers; + /** + * The enterprise configuration details + * @hide + */ + public WifiEnterpriseConfig enterpriseConfig; /** * @hide @@ -412,11 +333,10 @@ public class WifiConfiguration implements Parcelable { allowedPairwiseCiphers = new BitSet(); allowedGroupCiphers = new BitSet(); wepKeys = new String[4]; - for (int i = 0; i < wepKeys.length; i++) + for (int i = 0; i < wepKeys.length; i++) { wepKeys[i] = null; - for (EnterpriseField field : enterpriseFields) { - field.setValue(null); } + enterpriseConfig = new WifiEnterpriseConfig(); ipAssignment = IpAssignment.UNASSIGNED; proxySettings = ProxySettings.UNASSIGNED; linkProperties = new LinkProperties(); @@ -496,12 +416,9 @@ public class WifiConfiguration implements Parcelable { sbuf.append('*'); } - for (EnterpriseField field : enterpriseFields) { - sbuf.append('\n').append(" " + field.varName() + ": "); - String value = field.value(); - if (value != null) sbuf.append(value); - } + sbuf.append(enterpriseConfig); sbuf.append('\n'); + sbuf.append("IP assignment: " + ipAssignment.toString()); sbuf.append("\n"); sbuf.append("Proxy settings: " + proxySettings.toString()); @@ -549,8 +466,9 @@ public class WifiConfiguration implements Parcelable { int cardinality = src.readInt(); BitSet set = new BitSet(); - for (int i = 0; i < cardinality; i++) + for (int i = 0; i < cardinality; i++) { set.set(src.readInt()); + } return set; } @@ -560,8 +478,9 @@ public class WifiConfiguration implements Parcelable { dest.writeInt(set.cardinality()); - while ((nextSetBit = set.nextSetBit(nextSetBit + 1)) != -1) + while ((nextSetBit = set.nextSetBit(nextSetBit + 1)) != -1) { dest.writeInt(nextSetBit); + } } /** @hide */ @@ -594,8 +513,9 @@ public class WifiConfiguration implements Parcelable { preSharedKey = source.preSharedKey; wepKeys = new String[4]; - for (int i = 0; i < wepKeys.length; i++) + for (int i = 0; i < wepKeys.length; i++) { wepKeys[i] = source.wepKeys[i]; + } wepTxKeyIndex = source.wepTxKeyIndex; priority = source.priority; @@ -606,9 +526,8 @@ public class WifiConfiguration implements Parcelable { allowedPairwiseCiphers = (BitSet) source.allowedPairwiseCiphers.clone(); allowedGroupCiphers = (BitSet) source.allowedGroupCiphers.clone(); - for (int i = 0; i < source.enterpriseFields.length; i++) { - enterpriseFields[i].setValue(source.enterpriseFields[i].value()); - } + enterpriseConfig = new WifiEnterpriseConfig(source.enterpriseConfig); + ipAssignment = source.ipAssignment; proxySettings = source.proxySettings; linkProperties = new LinkProperties(source.linkProperties); @@ -623,8 +542,9 @@ public class WifiConfiguration implements Parcelable { dest.writeString(SSID); dest.writeString(BSSID); dest.writeString(preSharedKey); - for (String wepKey : wepKeys) + for (String wepKey : wepKeys) { dest.writeString(wepKey); + } dest.writeInt(wepTxKeyIndex); dest.writeInt(priority); dest.writeInt(hiddenSSID ? 1 : 0); @@ -635,9 +555,8 @@ public class WifiConfiguration implements Parcelable { writeBitSet(dest, allowedPairwiseCiphers); writeBitSet(dest, allowedGroupCiphers); - for (EnterpriseField field : enterpriseFields) { - dest.writeString(field.value()); - } + dest.writeParcelable(enterpriseConfig, flags); + dest.writeString(ipAssignment.name()); dest.writeString(proxySettings.name()); dest.writeParcelable(linkProperties, flags); @@ -654,8 +573,9 @@ public class WifiConfiguration implements Parcelable { config.SSID = in.readString(); config.BSSID = in.readString(); config.preSharedKey = in.readString(); - for (int i = 0; i < config.wepKeys.length; i++) + for (int i = 0; i < config.wepKeys.length; i++) { config.wepKeys[i] = in.readString(); + } config.wepTxKeyIndex = in.readInt(); config.priority = in.readInt(); config.hiddenSSID = in.readInt() != 0; @@ -665,13 +585,12 @@ public class WifiConfiguration implements Parcelable { config.allowedPairwiseCiphers = readBitSet(in); config.allowedGroupCiphers = readBitSet(in); - for (EnterpriseField field : config.enterpriseFields) { - field.setValue(in.readString()); - } + config.enterpriseConfig = in.readParcelable(null); config.ipAssignment = IpAssignment.valueOf(in.readString()); config.proxySettings = ProxySettings.valueOf(in.readString()); config.linkProperties = in.readParcelable(null); + return config; } diff --git a/wifi/java/android/net/wifi/WifiEnterpriseConfig.aidl b/wifi/java/android/net/wifi/WifiEnterpriseConfig.aidl new file mode 100644 index 0000000000000..b0f5f849c7eca --- /dev/null +++ b/wifi/java/android/net/wifi/WifiEnterpriseConfig.aidl @@ -0,0 +1,19 @@ +/** + * Copyright (c) 2013, The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.net.wifi; + +parcelable WifiEnterpriseConfig; diff --git a/wifi/java/android/net/wifi/WifiEnterpriseConfig.java b/wifi/java/android/net/wifi/WifiEnterpriseConfig.java new file mode 100644 index 0000000000000..788cb9b439ab1 --- /dev/null +++ b/wifi/java/android/net/wifi/WifiEnterpriseConfig.java @@ -0,0 +1,430 @@ +/* + * Copyright (C) 2013 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package android.net.wifi; + +import android.os.Parcel; +import android.os.Parcelable; +import android.security.Credentials; +import android.text.TextUtils; + +import java.util.HashMap; +import java.util.Map; + +/** Enterprise configuration details for Wi-Fi @hide */ +public class WifiEnterpriseConfig implements Parcelable { + private static final String TAG = "WifiEnterpriseConfig"; + /** + * In old configurations, the "private_key" field was used. However, newer + * configurations use the key_id field with the engine_id set to "keystore". + * If this field is found in the configuration, the migration code is + * triggered. + */ + private static final String OLD_PRIVATE_KEY_NAME = "private_key"; + + /** + * String representing the keystore OpenSSL ENGINE's ID. + */ + private static final String ENGINE_ID_KEYSTORE = "keystore"; + + /** + * String representing the keystore URI used for wpa_supplicant. + */ + private static final String KEYSTORE_URI = "keystore://"; + + /** + * String to set the engine value to when it should be enabled. + */ + private static final String ENGINE_ENABLE = "1"; + + /** + * String to set the engine value to when it should be disabled. + */ + private static final String ENGINE_DISABLE = "0"; + + private static final String CA_CERT_PREFIX = KEYSTORE_URI + Credentials.CA_CERTIFICATE; + private static final String CLIENT_CERT_PREFIX = KEYSTORE_URI + Credentials.USER_CERTIFICATE; + + private static final String EAP_KEY = "eap"; + private static final String PHASE2_KEY = "phase2"; + private static final String IDENTITY_KEY = "identity"; + private static final String ANON_IDENTITY_KEY = "anonymous_identity"; + private static final String PASSWORD_KEY = "password"; + private static final String CLIENT_CERT_KEY = "client_cert"; + private static final String CA_CERT_KEY = "ca_cert"; + private static final String SUBJECT_MATCH_KEY = "subject_match"; + private static final String ENGINE_KEY = "engine"; + private static final String ENGINE_ID_KEY = "engine_id"; + private static final String PRIVATE_KEY_ID_KEY = "key_id"; + + private HashMap mFields = new HashMap(); + + /** This represents an empty value of an enterprise field. + * NULL is used at wpa_supplicant to indicate an empty value + */ + private static final String EMPTY_VALUE = "NULL"; + + public WifiEnterpriseConfig() { + // Set the required defaults + mFields.put(EAP_KEY, Eap.strings[Eap.PEAP]); + mFields.put(ENGINE_KEY, ENGINE_DISABLE); + + for (String key : new String[] {PHASE2_KEY, IDENTITY_KEY, ANON_IDENTITY_KEY, + PASSWORD_KEY, CLIENT_CERT_KEY, ENGINE_ID_KEY, PRIVATE_KEY_ID_KEY, + CA_CERT_KEY, SUBJECT_MATCH_KEY}) { + mFields.put(key, EMPTY_VALUE); + } + } + + /** Copy constructor */ + public WifiEnterpriseConfig(WifiEnterpriseConfig source) { + for (String key : source.mFields.keySet()) { + mFields.put(key, source.mFields.get(key)); + } + } + + @Override + public int describeContents() { + return 0; + } + + /** @Override */ + public void writeToParcel(Parcel dest, int flags) { + dest.writeInt(mFields.size()); + for (Map.Entry entry : mFields.entrySet()) { + dest.writeString(entry.getKey()); + dest.writeString(entry.getValue()); + } + } + + /** @Override */ + public static final Creator CREATOR = + new Creator() { + public WifiEnterpriseConfig createFromParcel(Parcel in) { + WifiEnterpriseConfig enterpriseConfig = new WifiEnterpriseConfig(); + int count = in.readInt(); + for (int i = 0; i < count; i++) { + String key = in.readString(); + String value = in.readString(); + enterpriseConfig.mFields.put(key, value); + } + return enterpriseConfig; + } + + public WifiEnterpriseConfig[] newArray(int size) { + return new WifiEnterpriseConfig[size]; + } + }; + + public static final class Eap { + public static final int PEAP = 0; + public static final int TLS = 1; + public static final int TTLS = 2; + public static final int PWD = 3; + /** @hide */ + public static final String[] strings = { "PEAP", "TLS", "TTLS", "PWD" }; + } + + public static final class Phase2 { + public static final int NONE = 0; + public static final int PAP = 1; + public static final int MSCHAP = 2; + public static final int MSCHAPV2 = 3; + public static final int GTC = 4; + private static final String PREFIX = "auth="; + /** @hide */ + public static final String[] strings = {EMPTY_VALUE, "PAP", "MSCHAP", "MSCHAPV2", "GTC" }; + } + + /** Internal use only @hide */ + public HashMap getFields() { + return mFields; + } + + /** + * Set the EAP authentication method. + * @param eapMethod is one {@link Eap#PEAP}, {@link Eap#TLS}, {@link Eap#TTLS} or + * {@link Eap#PWD} + */ + public void setEapMethod(int eapMethod) { + switch (eapMethod) { + /** Valid methods */ + case Eap.PEAP: + case Eap.PWD: + case Eap.TLS: + case Eap.TTLS: + mFields.put(EAP_KEY, Eap.strings[eapMethod]); + break; + default: + throw new IllegalArgumentException("Unknown EAP method"); + } + } + + /** + * Get the eap method. + * @return eap method configured + */ + public int getEapMethod() { + String eapMethod = mFields.get(EAP_KEY); + return getStringIndex(Eap.strings, eapMethod, Eap.PEAP); + } + + /** + * Set Phase 2 authentication method. Sets the inner authentication method to be used in + * phase 2 after setting up a secure channel + * @param phase2Method is the inner authentication method and can be one of {@link Phase2#NONE}, + * {@link Phase2#PAP}, {@link Phase2#MSCHAP}, {@link Phase2#MSCHAPV2}, + * {@link Phase2#GTC} + * + */ + public void setPhase2Method(int phase2Method) { + switch (phase2Method) { + case Phase2.NONE: + mFields.put(PHASE2_KEY, EMPTY_VALUE); + break; + /** Valid methods */ + case Phase2.PAP: + case Phase2.MSCHAP: + case Phase2.MSCHAPV2: + case Phase2.GTC: + mFields.put(PHASE2_KEY, convertToQuotedString( + Phase2.PREFIX + Phase2.strings[phase2Method])); + break; + default: + throw new IllegalArgumentException("Unknown Phase 2 method"); + } + } + + /** + * Get the phase 2 authentication method. + * @return a phase 2 method defined at {@link Phase2} + * */ + public int getPhase2Method() { + String phase2Method = mFields.get(PHASE2_KEY); + return getStringIndex(Phase2.strings, phase2Method, Phase2.NONE); + } + + /** + * Set the identity + * @param identity + */ + public void setIdentity(String identity) { + setFieldValue(IDENTITY_KEY, identity, ""); + } + + /** + * Get the identity + * @return the identity + */ + public String getIdentity() { + return getFieldValue(IDENTITY_KEY, ""); + } + + /** + * Set anonymous identity. This is used as the unencrypted identity with + * certain EAP types + * @param anonymousIdentity the anonymous identity + */ + public void setAnonymousIdentity(String anonymousIdentity) { + setFieldValue(ANON_IDENTITY_KEY, anonymousIdentity, ""); + } + + /** Get the anonymous identity + * @return anonymous identity + */ + public String getAnonymousIdentity() { + return getFieldValue(ANON_IDENTITY_KEY, ""); + } + + /** + * Set the password. + * @param password the password + */ + public void setPassword(String password) { + setFieldValue(PASSWORD_KEY, password, ""); + } + + /** + * Set CA certificate alias. + * + *

See the {@link android.security.KeyChain} for details on installing or choosing + * a certificate + *

+ * @param alias identifies the certificate + */ + public void setCaCertificate(String alias) { + setFieldValue(CA_CERT_KEY, alias, CA_CERT_PREFIX); + } + + /** + * Get CA certificate alias + * @return alias to the CA certificate + */ + public String getCaCertificate() { + return getFieldValue(CA_CERT_KEY, CA_CERT_PREFIX); + } + + /** + * Set Client certificate alias. + * + *

See the {@link android.security.KeyChain} for details on installing or choosing + * a certificate + *

+ * @param alias identifies the certificate + */ + public void setClientCertificate(String alias) { + setFieldValue(CLIENT_CERT_KEY, alias, CLIENT_CERT_PREFIX); + setFieldValue(PRIVATE_KEY_ID_KEY, alias, Credentials.USER_PRIVATE_KEY); + // Also, set engine parameters + if (TextUtils.isEmpty(alias)) { + mFields.put(ENGINE_KEY, ENGINE_DISABLE); + mFields.put(ENGINE_ID_KEY, EMPTY_VALUE); + } else { + mFields.put(ENGINE_KEY, ENGINE_ENABLE); + mFields.put(ENGINE_ID_KEY, convertToQuotedString(ENGINE_ID_KEYSTORE)); + } + } + + /** + * Get client certificate alias + * @return alias to the client certificate + */ + public String getClientCertificate() { + return getFieldValue(CLIENT_CERT_KEY, CLIENT_CERT_PREFIX); + } + + /** + * Set subject match. This is the substring to be matched against the subject of the + * authentication server certificate. + * @param subjectMatch substring to be matched + */ + public void setSubjectMatch(String subjectMatch) { + setFieldValue(SUBJECT_MATCH_KEY, subjectMatch, ""); + } + + /** + * Get subject match + * @return the subject match string + */ + public String getSubjectMatch() { + return getFieldValue(SUBJECT_MATCH_KEY, ""); + } + + /** Migrates the old style TLS config to the new config style. This should only be used + * when restoring an old wpa_supplicant.conf or upgrading from a previous + * platform version. + * @return true if the config was updated + * @hide + */ + public boolean migrateOldEapTlsNative(WifiNative wifiNative, int netId) { + String oldPrivateKey = wifiNative.getNetworkVariable(netId, OLD_PRIVATE_KEY_NAME); + /* + * If the old configuration value is not present, then there is nothing + * to do. + */ + if (TextUtils.isEmpty(oldPrivateKey)) { + return false; + } else { + // Also ignore it if it's empty quotes. + oldPrivateKey = removeDoubleQuotes(oldPrivateKey); + if (TextUtils.isEmpty(oldPrivateKey)) { + return false; + } + } + + mFields.put(ENGINE_KEY, ENGINE_ENABLE); + mFields.put(ENGINE_ID_KEY, convertToQuotedString(ENGINE_ID_KEYSTORE)); + + /* + * The old key started with the keystore:// URI prefix, but we don't + * need that anymore. Trim it off if it exists. + */ + final String keyName; + if (oldPrivateKey.startsWith(KEYSTORE_URI)) { + keyName = new String(oldPrivateKey.substring(KEYSTORE_URI.length())); + } else { + keyName = oldPrivateKey; + } + mFields.put(PRIVATE_KEY_ID_KEY, convertToQuotedString(keyName)); + + wifiNative.setNetworkVariable(netId, ENGINE_KEY, mFields.get(ENGINE_KEY)); + wifiNative.setNetworkVariable(netId, ENGINE_ID_KEY, mFields.get(ENGINE_ID_KEY)); + wifiNative.setNetworkVariable(netId, PRIVATE_KEY_ID_KEY, mFields.get(PRIVATE_KEY_ID_KEY)); + // Remove old private_key string so we don't run this again. + wifiNative.setNetworkVariable(netId, OLD_PRIVATE_KEY_NAME, EMPTY_VALUE); + return true; + } + + private String removeDoubleQuotes(String string) { + int length = string.length(); + if ((length > 1) && (string.charAt(0) == '"') + && (string.charAt(length - 1) == '"')) { + return string.substring(1, length - 1); + } + return string; + } + + private String convertToQuotedString(String string) { + return "\"" + string + "\""; + } + + /** Returns the index at which the toBeFound string is found in the array. + * @param arr array of strings + * @param toBeFound string to be found + * @param defaultIndex default index to be returned when string is not found + * @return the index into array + */ + private int getStringIndex(String arr[], String toBeFound, int defaultIndex) { + for (int i = 0; i < arr.length; i++) { + // toBeFound can be formatted with a prefix. For example, phase2 + // string has "auth=" as the prefix. + if (toBeFound.contains(arr[i])) return i; + } + return defaultIndex; + } + + /** Returns the field value for the key. + * @param key into the hash + * @param prefix is the prefix that the value may have + * @return value + */ + private String getFieldValue(String key, String prefix) { + String value = mFields.get(key); + if (EMPTY_VALUE.equals(value)) return ""; + return removeDoubleQuotes(value).substring(prefix.length()); + } + + /** Set a value with an optional prefix at key + * @param key into the hash + * @param value to be set + * @param prefix an optional value to be prefixed to actual value + */ + private void setFieldValue(String key, String value, String prefix) { + if (TextUtils.isEmpty(value)) { + mFields.put(key, EMPTY_VALUE); + } else { + mFields.put(key, convertToQuotedString(prefix + value)); + } + } + + @Override + public String toString() { + StringBuffer sb = new StringBuffer(); + for (String key : mFields.keySet()) { + sb.append(key).append(" ").append(mFields.get(key)).append("\n"); + } + return sb.toString(); + } +} From 2f6778c038e71fd0f857fcd9d0f0412598c69fa6 Mon Sep 17 00:00:00 2001 From: Irfan Sheriff Date: Tue, 15 Jan 2013 10:02:31 -0800 Subject: [PATCH 2/6] Fix build Change-Id: Ib9fd57c641e3bd2001c7c802f35d97e0cb849b8a --- wifi/java/android/net/wifi/WifiEnterpriseConfig.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/wifi/java/android/net/wifi/WifiEnterpriseConfig.java b/wifi/java/android/net/wifi/WifiEnterpriseConfig.java index 788cb9b439ab1..46e446ea63a99 100644 --- a/wifi/java/android/net/wifi/WifiEnterpriseConfig.java +++ b/wifi/java/android/net/wifi/WifiEnterpriseConfig.java @@ -100,7 +100,7 @@ public class WifiEnterpriseConfig implements Parcelable { return 0; } - /** @Override */ + @Override public void writeToParcel(Parcel dest, int flags) { dest.writeInt(mFields.size()); for (Map.Entry entry : mFields.entrySet()) { @@ -109,7 +109,6 @@ public class WifiEnterpriseConfig implements Parcelable { } } - /** @Override */ public static final Creator CREATOR = new Creator() { public WifiEnterpriseConfig createFromParcel(Parcel in) { From 46e09310805f3cb858578fc82539f47e83f37c40 Mon Sep 17 00:00:00 2001 From: Irfan Sheriff Date: Tue, 15 Jan 2013 10:35:02 -0800 Subject: [PATCH 3/6] Fix connectivitymanagertest Change-Id: If5687eacec0f502c39b102eb5cf7d9383f0ec056 --- .../AccessPointParserHelper.java | 44 ++++++++++++------- 1 file changed, 27 insertions(+), 17 deletions(-) diff --git a/core/tests/ConnectivityManagerTest/src/com/android/connectivitymanagertest/AccessPointParserHelper.java b/core/tests/ConnectivityManagerTest/src/com/android/connectivitymanagertest/AccessPointParserHelper.java index a6057de1d91c0..649e39d0cacb5 100644 --- a/core/tests/ConnectivityManagerTest/src/com/android/connectivitymanagertest/AccessPointParserHelper.java +++ b/core/tests/ConnectivityManagerTest/src/com/android/connectivitymanagertest/AccessPointParserHelper.java @@ -28,6 +28,7 @@ import android.net.wifi.WifiConfiguration.AuthAlgorithm; import android.net.wifi.WifiConfiguration.IpAssignment; import android.net.wifi.WifiConfiguration.KeyMgmt; import android.net.wifi.WifiConfiguration.ProxySettings; +import android.net.wifi.WifiEnterpriseConfig; import android.net.LinkAddress; import android.net.LinkProperties; import android.net.RouteInfo; @@ -67,7 +68,6 @@ import java.util.List; * networkprefixlength. */ public class AccessPointParserHelper { - private static final String KEYSTORE_SPACE = "keystore://"; private static final String TAG = "AccessPointParserHelper"; static final int NONE = 0; static final int WEP = 1; @@ -212,14 +212,11 @@ public class AccessPointParserHelper { config.allowedKeyManagement.set(KeyMgmt.WPA_EAP); config.allowedKeyManagement.set(KeyMgmt.IEEE8021X); // Initialize other fields. - config.phase2.setValue(""); - config.ca_cert.setValue(""); - config.client_cert.setValue(""); - config.engine.setValue(""); - config.engine_id.setValue(""); - config.key_id.setValue(""); - config.identity.setValue(""); - config.anonymous_identity.setValue(""); + config.enterpriseConfig.setPhase2Method(WifiEnterpriseConfig.Phase2.NONE); + config.enterpriseConfig.setCaCertificate(""); + config.enterpriseConfig.setClientCertificate(""); + config.enterpriseConfig.setIdentity(""); + config.enterpriseConfig.setAnonymousIdentity(""); break; default: throw new SAXException(); @@ -246,7 +243,7 @@ public class AccessPointParserHelper { config.preSharedKey = '"' + passwordStr + '"'; } } else if (securityType == EAP) { - config.password.setValue(passwordStr); + config.enterpriseConfig.setPassword(passwordStr); } else { throw new SAXException(); } @@ -257,33 +254,46 @@ public class AccessPointParserHelper { if (!validateEapValue(eapValue)) { throw new SAXException(); } - config.eap.setValue(eapValue); + if (eapValue.equals("TLS")) { + config.enterpriseConfig.setEapMethod(WifiEnterpriseConfig.Eap.TLS); + } else if (eapValue.equals("TTLS")) { + config.enterpriseConfig.setEapMethod(WifiEnterpriseConfig.Eap.TTLS); + } else if (eapValue.equals("PEAP")) { + config.enterpriseConfig.setEapMethod(WifiEnterpriseConfig.Eap.PEAP); + } eap = false; } if (phase2) { String phase2Value = new String(ch, start, length); - config.phase2.setValue("auth=" + phase2Value); + if (phase2Value.equals("PAP")) { + config.enterpriseConfig.setPhase2Method(WifiEnterpriseConfig.Phase2.PAP); + } else if (phase2Value.equals("MSCHAP")) { + config.enterpriseConfig.setPhase2Method(WifiEnterpriseConfig.Phase2.MSCHAP); + } else if (phase2Value.equals("MSCHAPV2")) { + config.enterpriseConfig.setPhase2Method(WifiEnterpriseConfig.Phase2.MSCHAPV2); + } else if (phase2Value.equals("GTC")) { + config.enterpriseConfig.setPhase2Method(WifiEnterpriseConfig.Phase2.GTC); + } phase2 = false; } if (identity) { String identityValue = new String(ch, start, length); - config.identity.setValue(identityValue); + config.enterpriseConfig.setIdentity(identityValue); identity = false; } if (anonymousidentity) { String anonyId = new String(ch, start, length); - config.anonymous_identity.setValue(anonyId); + config.enterpriseConfig.setAnonymousIdentity(anonyId); anonymousidentity = false; } if (cacert) { String cacertValue = new String(ch, start, length); - // need to install the credentail to "keystore://" - config.ca_cert.setValue(KEYSTORE_SPACE); + config.enterpriseConfig.setCaCertificate(cacertValue); cacert = false; } if (usercert) { String usercertValue = new String(ch, start, length); - config.client_cert.setValue(KEYSTORE_SPACE); + config.enterpriseConfig.setClientCertificate(usercertValue); usercert = false; } if (ip) { From b07526fb1c2b5b045fefccd5f2ab6be229aa34d6 Mon Sep 17 00:00:00 2001 From: Irfan Sheriff Date: Thu, 17 Jan 2013 08:58:14 -0800 Subject: [PATCH 4/6] eix enterprise config storage bugs Reading empty and not updating was resulting in retaining old values in a config. Also, fix matching phase2 entries. Additionally, allow configuring subset of enterprise fields. Necessary since password cannot be read back from supplicant. Change-Id: I83a01690a0cf7cad1457a674f50f1e3a1a0441b5 --- .../android/net/wifi/WifiConfigStore.java | 35 +++++++++++-------- .../net/wifi/WifiEnterpriseConfig.java | 35 +++++++++++-------- 2 files changed, 42 insertions(+), 28 deletions(-) diff --git a/wifi/java/android/net/wifi/WifiConfigStore.java b/wifi/java/android/net/wifi/WifiConfigStore.java index edf0e47ae73ee..9deacde23b372 100644 --- a/wifi/java/android/net/wifi/WifiConfigStore.java +++ b/wifi/java/android/net/wifi/WifiConfigStore.java @@ -1121,17 +1121,19 @@ class WifiConfigStore { break setVariables; } - HashMap enterpriseFields = config.enterpriseConfig.getFields(); - for (String key : enterpriseFields.keySet()) { - String value = enterpriseFields.get(key); - if (!mWifiNative.setNetworkVariable( - netId, - key, - value)) { - loge(config.SSID + ": failed to set " + key + - ": " + value); - break setVariables; - } + if (config.enterpriseConfig != null) { + HashMap enterpriseFields = config.enterpriseConfig.getFields(); + for (String key : enterpriseFields.keySet()) { + String value = enterpriseFields.get(key); + if (!mWifiNative.setNetworkVariable( + netId, + key, + value)) { + loge(config.SSID + ": failed to set " + key + + ": " + value); + break setVariables; + } + } } updateFailed = false; } @@ -1430,11 +1432,16 @@ class WifiConfigStore { } } - HashMap entepriseFields = config.enterpriseConfig.getFields(); - for (String key : entepriseFields.keySet()) { + if (config.enterpriseConfig == null) { + config.enterpriseConfig = new WifiEnterpriseConfig(); + } + HashMap enterpriseFields = config.enterpriseConfig.getFields(); + for (String key : WifiEnterpriseConfig.getSupplicantKeys()) { value = mWifiNative.getNetworkVariable(netId, key); if (!TextUtils.isEmpty(value)) { - entepriseFields.put(key, removeDoubleQuotes(value)); + enterpriseFields.put(key, removeDoubleQuotes(value)); + } else { + enterpriseFields.put(key, WifiEnterpriseConfig.EMPTY_VALUE); } } diff --git a/wifi/java/android/net/wifi/WifiEnterpriseConfig.java b/wifi/java/android/net/wifi/WifiEnterpriseConfig.java index 46e446ea63a99..4dca7acca9ea6 100644 --- a/wifi/java/android/net/wifi/WifiEnterpriseConfig.java +++ b/wifi/java/android/net/wifi/WifiEnterpriseConfig.java @@ -74,18 +74,14 @@ public class WifiEnterpriseConfig implements Parcelable { /** This represents an empty value of an enterprise field. * NULL is used at wpa_supplicant to indicate an empty value */ - private static final String EMPTY_VALUE = "NULL"; + static final String EMPTY_VALUE = "NULL"; public WifiEnterpriseConfig() { - // Set the required defaults - mFields.put(EAP_KEY, Eap.strings[Eap.PEAP]); - mFields.put(ENGINE_KEY, ENGINE_DISABLE); + // Do not set defaults so that the enterprise fields that are not changed + // by API are not changed underneath + // This is essential because an app may not have all fields like password + // available. It allows modification of subset of fields. - for (String key : new String[] {PHASE2_KEY, IDENTITY_KEY, ANON_IDENTITY_KEY, - PASSWORD_KEY, CLIENT_CERT_KEY, ENGINE_ID_KEY, PRIVATE_KEY_ID_KEY, - CA_CERT_KEY, SUBJECT_MATCH_KEY}) { - mFields.put(key, EMPTY_VALUE); - } } /** Copy constructor */ @@ -128,6 +124,8 @@ public class WifiEnterpriseConfig implements Parcelable { }; public static final class Eap { + /* NONE represents an empty enterprise config */ + public static final int NONE = -1; public static final int PEAP = 0; public static final int TLS = 1; public static final int TTLS = 2; @@ -152,6 +150,13 @@ public class WifiEnterpriseConfig implements Parcelable { return mFields; } + /** Internal use only @hide */ + public static String[] getSupplicantKeys() { + return new String[] { EAP_KEY, PHASE2_KEY, IDENTITY_KEY, ANON_IDENTITY_KEY, PASSWORD_KEY, + CLIENT_CERT_KEY, CA_CERT_KEY, SUBJECT_MATCH_KEY, ENGINE_KEY, ENGINE_ID_KEY, + PRIVATE_KEY_ID_KEY }; + } + /** * Set the EAP authentication method. * @param eapMethod is one {@link Eap#PEAP}, {@link Eap#TLS}, {@link Eap#TTLS} or @@ -177,7 +182,7 @@ public class WifiEnterpriseConfig implements Parcelable { */ public int getEapMethod() { String eapMethod = mFields.get(EAP_KEY); - return getStringIndex(Eap.strings, eapMethod, Eap.PEAP); + return getStringIndex(Eap.strings, eapMethod, Eap.NONE); } /** @@ -211,7 +216,11 @@ public class WifiEnterpriseConfig implements Parcelable { * @return a phase 2 method defined at {@link Phase2} * */ public int getPhase2Method() { - String phase2Method = mFields.get(PHASE2_KEY); + String phase2Method = removeDoubleQuotes(mFields.get(PHASE2_KEY)); + // Remove auth= prefix + if (phase2Method.startsWith(Phase2.PREFIX)) { + phase2Method = phase2Method.substring(Phase2.PREFIX.length()); + } return getStringIndex(Phase2.strings, phase2Method, Phase2.NONE); } @@ -387,9 +396,7 @@ public class WifiEnterpriseConfig implements Parcelable { */ private int getStringIndex(String arr[], String toBeFound, int defaultIndex) { for (int i = 0; i < arr.length; i++) { - // toBeFound can be formatted with a prefix. For example, phase2 - // string has "auth=" as the prefix. - if (toBeFound.contains(arr[i])) return i; + if (toBeFound.equals(arr[i])) return i; } return defaultIndex; } From b815edf3aba63c2cd46f3ceb243ed13192102940 Mon Sep 17 00:00:00 2001 From: Irfan Sheriff Date: Tue, 5 Feb 2013 09:44:12 -0800 Subject: [PATCH 5/6] Track keys per config and allow cert push from apps Allow configuring keys for a configuration and update/delete from wificonfigstore. Change-Id: I79b43bf7ca58f7efc95f7dcc125fc84d7aa8c795 --- .../android/net/wifi/WifiConfigStore.java | 77 ++++-- .../android/net/wifi/WifiConfiguration.java | 48 +++- .../net/wifi/WifiEnterpriseConfig.java | 250 +++++++++++++++++- 3 files changed, 343 insertions(+), 32 deletions(-) diff --git a/wifi/java/android/net/wifi/WifiConfigStore.java b/wifi/java/android/net/wifi/WifiConfigStore.java index 9deacde23b372..f119a4b45b216 100644 --- a/wifi/java/android/net/wifi/WifiConfigStore.java +++ b/wifi/java/android/net/wifi/WifiConfigStore.java @@ -36,6 +36,7 @@ import android.os.Message; import android.os.Handler; import android.os.HandlerThread; import android.os.UserHandle; +import android.security.KeyStore; import android.text.TextUtils; import android.util.Log; @@ -143,6 +144,7 @@ class WifiConfigStore { private static final String EOS = "eos"; private WifiNative mWifiNative; + private final KeyStore mKeyStore = KeyStore.getInstance(); WifiConfigStore(Context c, WifiNative wn) { mContext = c; @@ -294,16 +296,7 @@ class WifiConfigStore { boolean forgetNetwork(int netId) { if (mWifiNative.removeNetwork(netId)) { mWifiNative.saveConfig(); - WifiConfiguration target = null; - WifiConfiguration config = mConfiguredNetworks.get(netId); - if (config != null) { - target = mConfiguredNetworks.remove(netId); - mNetworkIds.remove(configKey(config)); - } - if (target != null) { - writeIpAndProxyConfigurations(); - sendConfiguredNetworksChangedBroadcast(target, WifiManager.CHANGE_REASON_REMOVED); - } + removeConfigAndSendBroadcastIfNeeded(netId); return true; } else { loge("Failed to remove network " + netId); @@ -341,20 +334,27 @@ class WifiConfigStore { */ boolean removeNetwork(int netId) { boolean ret = mWifiNative.removeNetwork(netId); - WifiConfiguration config = null; if (ret) { - config = mConfiguredNetworks.get(netId); - if (config != null) { - config = mConfiguredNetworks.remove(netId); - mNetworkIds.remove(configKey(config)); - } - } - if (config != null) { - sendConfiguredNetworksChangedBroadcast(config, WifiManager.CHANGE_REASON_REMOVED); + removeConfigAndSendBroadcastIfNeeded(netId); } return ret; } + private void removeConfigAndSendBroadcastIfNeeded(int netId) { + WifiConfiguration config = mConfiguredNetworks.get(netId); + if (config != null) { + // Remove any associated keys + if (config.enterpriseConfig != null) { + config.enterpriseConfig.removeKeys(mKeyStore); + } + mConfiguredNetworks.remove(netId); + mNetworkIds.remove(configKey(config)); + + writeIpAndProxyConfigurations(); + sendConfiguredNetworksChangedBroadcast(config, WifiManager.CHANGE_REASON_REMOVED); + } + } + /** * Enable a network. Note that there is no saveConfig operation. * This function is retained for compatibility with the public @@ -1122,13 +1122,48 @@ class WifiConfigStore { } if (config.enterpriseConfig != null) { - HashMap enterpriseFields = config.enterpriseConfig.getFields(); + + WifiEnterpriseConfig enterpriseConfig = config.enterpriseConfig; + + if (enterpriseConfig.needsKeyStore()) { + /** + * Keyguard settings may eventually be controlled by device policy. + * We check here if keystore is unlocked before installing + * credentials. + * TODO: Figure a way to store these credentials for wifi alone + * TODO: Do we need a dialog here ? + */ + if (mKeyStore.state() != KeyStore.State.UNLOCKED) { + loge(config.SSID + ": key store is locked"); + break setVariables; + } + + try { + /* config passed may include only fields being updated. + * In order to generate the key id, fetch uninitialized + * fields from the currently tracked configuration + */ + WifiConfiguration currentConfig = mConfiguredNetworks.get(netId); + String keyId = config.getKeyIdForCredentials(currentConfig); + + if (!enterpriseConfig.installKeys(mKeyStore, keyId)) { + loge(config.SSID + ": failed to install keys"); + break setVariables; + } + } catch (IllegalStateException e) { + loge(config.SSID + " invalid config for key installation"); + break setVariables; + } + } + + HashMap enterpriseFields = enterpriseConfig.getFields(); for (String key : enterpriseFields.keySet()) { String value = enterpriseFields.get(key); if (!mWifiNative.setNetworkVariable( netId, key, value)) { + enterpriseConfig.removeKeys(mKeyStore); loge(config.SSID + ": failed to set " + key + ": " + value); break setVariables; @@ -1136,7 +1171,7 @@ class WifiConfigStore { } } updateFailed = false; - } + } //end of setVariables if (updateFailed) { if (newNetwork) { diff --git a/wifi/java/android/net/wifi/WifiConfiguration.java b/wifi/java/android/net/wifi/WifiConfiguration.java index 552356c0bdc69..bf82792779bb1 100644 --- a/wifi/java/android/net/wifi/WifiConfiguration.java +++ b/wifi/java/android/net/wifi/WifiConfiguration.java @@ -19,6 +19,7 @@ package android.net.wifi; import android.net.LinkProperties; import android.os.Parcelable; import android.os.Parcel; +import android.text.TextUtils; import java.util.BitSet; @@ -274,7 +275,8 @@ public class WifiConfiguration implements Parcelable { */ public BitSet allowedGroupCiphers; /** - * The enterprise configuration details + * The enterprise configuration details specifying the EAP method, + * certificates and other settings associated with the EAP. * @hide */ public WifiEnterpriseConfig enterpriseConfig; @@ -462,6 +464,47 @@ public class WifiConfiguration implements Parcelable { return SSID; } + /** + * Get an identifier for associating credentials with this config + * @param current configuration contains values for additional fields + * that are not part of this configuration. Used + * when a config with some fields is passed by an application. + * @throws IllegalStateException if config is invalid for key id generation + * @hide + */ + String getKeyIdForCredentials(WifiConfiguration current) { + String keyMgmt = null; + + try { + // Get current config details for fields that are not initialized + if (TextUtils.isEmpty(SSID)) SSID = current.SSID; + if (allowedKeyManagement.cardinality() == 0) { + allowedKeyManagement = current.allowedKeyManagement; + } + if (allowedKeyManagement.get(KeyMgmt.WPA_EAP)) { + keyMgmt = KeyMgmt.strings[KeyMgmt.WPA_EAP]; + } + if (allowedKeyManagement.get(KeyMgmt.IEEE8021X)) { + keyMgmt += KeyMgmt.strings[KeyMgmt.IEEE8021X]; + } + + if (TextUtils.isEmpty(keyMgmt)) { + throw new IllegalStateException("Not an EAP network"); + } + + return trimStringForKeyId(SSID) + "_" + keyMgmt + "_" + + trimStringForKeyId(enterpriseConfig.getKeyId(current != null ? + current.enterpriseConfig : null)); + } catch (NullPointerException e) { + throw new IllegalStateException("Invalid config details"); + } + } + + private String trimStringForKeyId(String string) { + // Remove quotes and spaces + return string.replace("\"", "").replace(" ", ""); + } + private static BitSet readBitSet(Parcel src) { int cardinality = src.readInt(); @@ -485,6 +528,9 @@ public class WifiConfiguration implements Parcelable { /** @hide */ public int getAuthType() { + if (allowedKeyManagement.cardinality() > 1) { + throw new IllegalStateException("More than one auth type set"); + } if (allowedKeyManagement.get(KeyMgmt.WPA_PSK)) { return KeyMgmt.WPA_PSK; } else if (allowedKeyManagement.get(KeyMgmt.WPA2_PSK)) { diff --git a/wifi/java/android/net/wifi/WifiEnterpriseConfig.java b/wifi/java/android/net/wifi/WifiEnterpriseConfig.java index 4dca7acca9ea6..7313e7ee511bf 100644 --- a/wifi/java/android/net/wifi/WifiEnterpriseConfig.java +++ b/wifi/java/android/net/wifi/WifiEnterpriseConfig.java @@ -19,7 +19,26 @@ import android.os.Parcel; import android.os.Parcelable; import android.security.Credentials; import android.text.TextUtils; +import android.util.Log; +import com.android.org.bouncycastle.asn1.ASN1InputStream; +import com.android.org.bouncycastle.asn1.ASN1Sequence; +import com.android.org.bouncycastle.asn1.DEROctetString; +import com.android.org.bouncycastle.asn1.x509.BasicConstraints; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.security.KeyFactory; +import java.security.KeyStore; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.cert.Certificate; +import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.PKCS8EncodedKeySpec; import java.util.HashMap; import java.util.Map; @@ -70,6 +89,9 @@ public class WifiEnterpriseConfig implements Parcelable { private static final String PRIVATE_KEY_ID_KEY = "key_id"; private HashMap mFields = new HashMap(); + private X509Certificate mCaCert; + private PrivateKey mClientPrivateKey; + private X509Certificate mClientCertificate; /** This represents an empty value of an enterprise field. * NULL is used at wpa_supplicant to indicate an empty value @@ -103,6 +125,34 @@ public class WifiEnterpriseConfig implements Parcelable { dest.writeString(entry.getKey()); dest.writeString(entry.getValue()); } + + writeCertificate(dest, mCaCert); + + if (mClientPrivateKey != null) { + String algorithm = mClientPrivateKey.getAlgorithm(); + byte[] userKeyBytes = mClientPrivateKey.getEncoded(); + dest.writeInt(userKeyBytes.length); + dest.writeByteArray(userKeyBytes); + dest.writeString(algorithm); + } else { + dest.writeInt(0); + } + + writeCertificate(dest, mClientCertificate); + } + + private void writeCertificate(Parcel dest, X509Certificate cert) { + if (cert != null) { + try { + byte[] certBytes = cert.getEncoded(); + dest.writeInt(certBytes.length); + dest.writeByteArray(certBytes); + } catch (CertificateEncodingException e) { + dest.writeInt(0); + } + } else { + dest.writeInt(0); + } } public static final Creator CREATOR = @@ -115,9 +165,47 @@ public class WifiEnterpriseConfig implements Parcelable { String value = in.readString(); enterpriseConfig.mFields.put(key, value); } + + enterpriseConfig.mCaCert = readCertificate(in); + + PrivateKey userKey = null; + int len = in.readInt(); + if (len > 0) { + try { + byte[] bytes = new byte[len]; + in.readByteArray(bytes); + String algorithm = in.readString(); + KeyFactory keyFactory = KeyFactory.getInstance(algorithm); + userKey = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(bytes)); + } catch (NoSuchAlgorithmException e) { + userKey = null; + } catch (InvalidKeySpecException e) { + userKey = null; + } + } + + enterpriseConfig.mClientPrivateKey = userKey; + enterpriseConfig.mClientCertificate = readCertificate(in); return enterpriseConfig; } + private X509Certificate readCertificate(Parcel in) { + X509Certificate cert = null; + int len = in.readInt(); + if (len > 0) { + try { + byte[] bytes = new byte[len]; + in.readByteArray(bytes); + CertificateFactory cFactory = CertificateFactory.getInstance("X.509"); + cert = (X509Certificate) cFactory + .generateCertificate(new ByteArrayInputStream(bytes)); + } catch (CertificateException e) { + cert = null; + } + } + return cert; + } + public WifiEnterpriseConfig[] newArray(int size) { return new WifiEnterpriseConfig[size]; } @@ -145,13 +233,13 @@ public class WifiEnterpriseConfig implements Parcelable { public static final String[] strings = {EMPTY_VALUE, "PAP", "MSCHAP", "MSCHAPV2", "GTC" }; } - /** Internal use only @hide */ - public HashMap getFields() { + /** Internal use only */ + HashMap getFields() { return mFields; } - /** Internal use only @hide */ - public static String[] getSupplicantKeys() { + /** Internal use only */ + static String[] getSupplicantKeys() { return new String[] { EAP_KEY, PHASE2_KEY, IDENTITY_KEY, ANON_IDENTITY_KEY, PASSWORD_KEY, CLIENT_CERT_KEY, CA_CERT_KEY, SUBJECT_MATCH_KEY, ENGINE_KEY, ENGINE_ID_KEY, PRIVATE_KEY_ID_KEY }; @@ -271,19 +359,37 @@ public class WifiEnterpriseConfig implements Parcelable { * a certificate *

* @param alias identifies the certificate + * @hide */ - public void setCaCertificate(String alias) { + public void setCaCertificateAlias(String alias) { setFieldValue(CA_CERT_KEY, alias, CA_CERT_PREFIX); } /** * Get CA certificate alias * @return alias to the CA certificate + * @hide */ - public String getCaCertificate() { + public String getCaCertificateAlias() { return getFieldValue(CA_CERT_KEY, CA_CERT_PREFIX); } + /** + * Specify a X.509 certificate that identifies the server. + * + *

A default name is automatically assigned to the certificate and used + * with this configuration. + * @param cert X.509 CA certificate + * @throws IllegalArgumentException if not a CA certificate + */ + public void setCaCertificate(X509Certificate cert) { + if (cert.getBasicConstraints() >= 0) { + mCaCert = cert; + } else { + throw new IllegalArgumentException("Not a CA certificate"); + } + } + /** * Set Client certificate alias. * @@ -291,8 +397,9 @@ public class WifiEnterpriseConfig implements Parcelable { * a certificate *

* @param alias identifies the certificate + * @hide */ - public void setClientCertificate(String alias) { + public void setClientCertificateAlias(String alias) { setFieldValue(CLIENT_CERT_KEY, alias, CLIENT_CERT_PREFIX); setFieldValue(PRIVATE_KEY_ID_KEY, alias, Credentials.USER_PRIVATE_KEY); // Also, set engine parameters @@ -308,11 +415,117 @@ public class WifiEnterpriseConfig implements Parcelable { /** * Get client certificate alias * @return alias to the client certificate + * @hide */ - public String getClientCertificate() { + public String getClientCertificateAlias() { return getFieldValue(CLIENT_CERT_KEY, CLIENT_CERT_PREFIX); } + /** + * Specify a private key and client certificate for client authorization. + * + *

A default name is automatically assigned to the key entry and used + * with this configuration. + * @param privateKey + * @param clientCertificate + */ + public void setClientKeyEntry(PrivateKey privateKey, X509Certificate clientCertificate) { + if (clientCertificate != null) { + if (clientCertificate.getBasicConstraints() != -1) { + throw new IllegalArgumentException("Cannot be a CA certificate"); + } + if (privateKey == null) { + throw new IllegalArgumentException("Client cert without a private key"); + } + if (privateKey.getEncoded() == null) { + throw new IllegalArgumentException("Private key cannot be encoded"); + } + } + + mClientPrivateKey = privateKey; + mClientCertificate = clientCertificate; + } + + boolean needsKeyStore() { + // Has no keys to be installed + if (mClientCertificate == null && mCaCert == null) return false; + return true; + } + + boolean installKeys(android.security.KeyStore keyStore, String name) { + boolean ret = true; + String privKeyName = Credentials.USER_PRIVATE_KEY + name; + String userCertName = Credentials.USER_CERTIFICATE + name; + String caCertName = Credentials.CA_CERTIFICATE + name; + if (mClientCertificate != null) { + byte[] privKeyData = mClientPrivateKey.getEncoded(); + ret = keyStore.importKey(privKeyName, privKeyData); + if (ret == false) { + return ret; + } + + ret = putCertInKeyStore(keyStore, userCertName, mClientCertificate); + if (ret == false) { + // Remove private key installed + keyStore.delKey(privKeyName); + return ret; + } + } + + if (mCaCert != null) { + ret = putCertInKeyStore(keyStore, caCertName, mCaCert); + if (ret == false) { + if (mClientCertificate != null) { + // Remove client key+cert + keyStore.delKey(privKeyName); + keyStore.delete(userCertName); + } + return ret; + } + } + + // Set alias names + if (mClientCertificate != null) { + setClientCertificateAlias(name); + mClientPrivateKey = null; + mClientCertificate = null; + } + + if (mCaCert != null) { + setCaCertificateAlias(name); + mCaCert = null; + } + + return ret; + } + + private boolean putCertInKeyStore(android.security.KeyStore keyStore, String name, + Certificate cert) { + try { + byte[] certData = Credentials.convertToPem(cert); + return keyStore.put(name, certData); + } catch (IOException e1) { + return false; + } catch (CertificateException e2) { + return false; + } + } + + void removeKeys(android.security.KeyStore keyStore) { + String client = getFieldValue(CLIENT_CERT_KEY, CLIENT_CERT_PREFIX); + // a valid client certificate is configured + if (!TextUtils.isEmpty(client)) { + keyStore.delKey(Credentials.USER_PRIVATE_KEY + client); + keyStore.delete(Credentials.USER_CERTIFICATE + client); + } + + String ca = getFieldValue(CA_CERT_KEY, CA_CERT_PREFIX); + // a valid ca certificate is configured + if (!TextUtils.isEmpty(ca)) { + keyStore.delete(Credentials.CA_CERTIFICATE + ca); + } + } + /** * Set subject match. This is the substring to be matched against the subject of the * authentication server certificate. @@ -330,13 +543,28 @@ public class WifiEnterpriseConfig implements Parcelable { return getFieldValue(SUBJECT_MATCH_KEY, ""); } + /** See {@link WifiConfiguration#getKeyIdForCredentials} @hide */ + String getKeyId(WifiEnterpriseConfig current) { + String eap = mFields.get(EAP_KEY); + String phase2 = mFields.get(PHASE2_KEY); + + // If either eap or phase2 are not initialized, use current config details + if (TextUtils.isEmpty((eap))) { + eap = current.mFields.get(EAP_KEY); + } + if (TextUtils.isEmpty(phase2)) { + phase2 = current.mFields.get(PHASE2_KEY); + } + return eap + "_" + phase2; + } + /** Migrates the old style TLS config to the new config style. This should only be used * when restoring an old wpa_supplicant.conf or upgrading from a previous * platform version. * @return true if the config was updated * @hide */ - public boolean migrateOldEapTlsNative(WifiNative wifiNative, int netId) { + boolean migrateOldEapTlsNative(WifiNative wifiNative, int netId) { String oldPrivateKey = wifiNative.getNetworkVariable(netId, OLD_PRIVATE_KEY_NAME); /* * If the old configuration value is not present, then there is nothing @@ -395,6 +623,7 @@ public class WifiEnterpriseConfig implements Parcelable { * @return the index into array */ private int getStringIndex(String arr[], String toBeFound, int defaultIndex) { + if (TextUtils.isEmpty(toBeFound)) return defaultIndex; for (int i = 0; i < arr.length; i++) { if (toBeFound.equals(arr[i])) return i; } @@ -408,7 +637,8 @@ public class WifiEnterpriseConfig implements Parcelable { */ private String getFieldValue(String key, String prefix) { String value = mFields.get(key); - if (EMPTY_VALUE.equals(value)) return ""; + // Uninitialized or known to be empty after reading from supplicant + if (TextUtils.isEmpty(value) || EMPTY_VALUE.equals(value)) return ""; return removeDoubleQuotes(value).substring(prefix.length()); } From 1c2acdc6e8eb8a834a3f7797bc8c39b2da02bb4e Mon Sep 17 00:00:00 2001 From: Wink Saville Date: Tue, 12 Feb 2013 17:07:21 -0800 Subject: [PATCH 6/6] Fix broken test. Change-Id: I8c5649c9b3d917cf13b94d49da44eaf510643df6 --- .../connectivitymanagertest/AccessPointParserHelper.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/core/tests/ConnectivityManagerTest/src/com/android/connectivitymanagertest/AccessPointParserHelper.java b/core/tests/ConnectivityManagerTest/src/com/android/connectivitymanagertest/AccessPointParserHelper.java index 649e39d0cacb5..0461c0bfdc11f 100644 --- a/core/tests/ConnectivityManagerTest/src/com/android/connectivitymanagertest/AccessPointParserHelper.java +++ b/core/tests/ConnectivityManagerTest/src/com/android/connectivitymanagertest/AccessPointParserHelper.java @@ -213,8 +213,8 @@ public class AccessPointParserHelper { config.allowedKeyManagement.set(KeyMgmt.IEEE8021X); // Initialize other fields. config.enterpriseConfig.setPhase2Method(WifiEnterpriseConfig.Phase2.NONE); - config.enterpriseConfig.setCaCertificate(""); - config.enterpriseConfig.setClientCertificate(""); + config.enterpriseConfig.setCaCertificateAlias(""); + config.enterpriseConfig.setClientCertificateAlias(""); config.enterpriseConfig.setIdentity(""); config.enterpriseConfig.setAnonymousIdentity(""); break; @@ -288,12 +288,12 @@ public class AccessPointParserHelper { } if (cacert) { String cacertValue = new String(ch, start, length); - config.enterpriseConfig.setCaCertificate(cacertValue); + config.enterpriseConfig.setCaCertificateAlias(cacertValue); cacert = false; } if (usercert) { String usercertValue = new String(ch, start, length); - config.enterpriseConfig.setClientCertificate(usercertValue); + config.enterpriseConfig.setClientCertificateAlias(usercertValue); usercert = false; } if (ip) {