19b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff/* 29b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * Copyright (C) 2013 The Android Open Source Project 39b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * 49b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * Licensed under the Apache License, Version 2.0 (the "License"); 59b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * you may not use this file except in compliance with the License. 69b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * You may obtain a copy of the License at 79b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * 89b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * http://www.apache.org/licenses/LICENSE-2.0 99b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * 109b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * Unless required by applicable law or agreed to in writing, software 119b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * distributed under the License is distributed on an "AS IS" BASIS, 129b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 139b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * See the License for the specific language governing permissions and 149b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * limitations under the License. 159b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff */ 169b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriffpackage android.net.wifi; 179b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 18a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xuimport android.annotation.Nullable; 199b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriffimport android.os.Parcel; 209b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriffimport android.os.Parcelable; 219b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriffimport android.security.Credentials; 229b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriffimport android.text.TextUtils; 23274042519d84ad837f03572865bc096a537c73fbPaul Stewartimport android.util.Log; 2426d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff 2526d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriffimport java.io.ByteArrayInputStream; 26a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xuimport java.nio.charset.StandardCharsets; 2726d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriffimport java.security.KeyFactory; 2826d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriffimport java.security.NoSuchAlgorithmException; 2926d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriffimport java.security.PrivateKey; 3026d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriffimport java.security.cert.CertificateEncodingException; 3126d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriffimport java.security.cert.CertificateException; 3226d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriffimport java.security.cert.CertificateFactory; 3326d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriffimport java.security.cert.X509Certificate; 3426d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriffimport java.security.spec.InvalidKeySpecException; 3526d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriffimport java.security.spec.PKCS8EncodedKeySpec; 369b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriffimport java.util.HashMap; 379b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriffimport java.util.Map; 389b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 39ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde/** 40fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff * Enterprise configuration details for Wi-Fi. Stores details about the EAP method 41fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff * and any associated credentials. 42fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff */ 439b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriffpublic class WifiEnterpriseConfig implements Parcelable { 449b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 45ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde /** @hide */ 46ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde public static final String EMPTY_VALUE = "NULL"; 47ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde /** @hide */ 48ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde public static final String EAP_KEY = "eap"; 49ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde /** @hide */ 50ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde public static final String PHASE2_KEY = "phase2"; 51ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde /** @hide */ 52ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde public static final String IDENTITY_KEY = "identity"; 53ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde /** @hide */ 54ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde public static final String ANON_IDENTITY_KEY = "anonymous_identity"; 55ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde /** @hide */ 56ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde public static final String PASSWORD_KEY = "password"; 57ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde /** @hide */ 58ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde public static final String SUBJECT_MATCH_KEY = "subject_match"; 59ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde /** @hide */ 60b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande public static final String ALTSUBJECT_MATCH_KEY = "altsubject_match"; 61b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande /** @hide */ 62c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist public static final String DOM_SUFFIX_MATCH_KEY = "domain_suffix_match"; 63c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist /** @hide */ 64ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde public static final String OPP_KEY_CACHING = "proactive_key_caching"; 65ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde /** 66ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde * String representing the keystore OpenSSL ENGINE's ID. 67ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde * @hide 68ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde */ 69ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde public static final String ENGINE_ID_KEYSTORE = "keystore"; 70ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde 71ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde /** 72ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde * String representing the keystore URI used for wpa_supplicant. 73ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde * @hide 74ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde */ 75ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde public static final String KEYSTORE_URI = "keystore://"; 76ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde 77ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde /** 78a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * String representing the keystore URI used for wpa_supplicant, 79a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * Unlike #KEYSTORE_URI, this supports a list of space-delimited aliases 80a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * @hide 81a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu */ 82a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu public static final String KEYSTORES_URI = "keystores://"; 83a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu 84a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu /** 85ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde * String to set the engine value to when it should be enabled. 86ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde * @hide 87ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde */ 88ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde public static final String ENGINE_ENABLE = "1"; 89ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde 90ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde /** 91ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde * String to set the engine value to when it should be disabled. 92ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde * @hide 93ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde */ 94ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde public static final String ENGINE_DISABLE = "0"; 95ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde 96ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde /** @hide */ 97ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde public static final String CA_CERT_PREFIX = KEYSTORE_URI + Credentials.CA_CERTIFICATE; 98ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde /** @hide */ 99ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde public static final String CLIENT_CERT_PREFIX = KEYSTORE_URI + Credentials.USER_CERTIFICATE; 100ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde /** @hide */ 101ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde public static final String CLIENT_CERT_KEY = "client_cert"; 102ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde /** @hide */ 103ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde public static final String CA_CERT_KEY = "ca_cert"; 104ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde /** @hide */ 105c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan public static final String CA_PATH_KEY = "ca_path"; 106c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan /** @hide */ 107ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde public static final String ENGINE_KEY = "engine"; 108ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde /** @hide */ 109ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde public static final String ENGINE_ID_KEY = "engine_id"; 110ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde /** @hide */ 111ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde public static final String PRIVATE_KEY_ID_KEY = "key_id"; 112b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande /** @hide */ 113b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande public static final String REALM_KEY = "realm"; 114b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande /** @hide */ 115b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande public static final String PLMN_KEY = "plmn"; 1162452e54de65312163b1073fc699a432e2dd2a704xinhe /** @hide */ 117a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu public static final String CA_CERT_ALIAS_DELIMITER = " "; 118b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande 119ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde 120274042519d84ad837f03572865bc096a537c73fbPaul Stewart // Fields to copy verbatim from wpa_supplicant. 121274042519d84ad837f03572865bc096a537c73fbPaul Stewart private static final String[] SUPPLICANT_CONFIG_KEYS = new String[] { 122274042519d84ad837f03572865bc096a537c73fbPaul Stewart IDENTITY_KEY, 123274042519d84ad837f03572865bc096a537c73fbPaul Stewart ANON_IDENTITY_KEY, 124274042519d84ad837f03572865bc096a537c73fbPaul Stewart PASSWORD_KEY, 125274042519d84ad837f03572865bc096a537c73fbPaul Stewart CLIENT_CERT_KEY, 126274042519d84ad837f03572865bc096a537c73fbPaul Stewart CA_CERT_KEY, 127274042519d84ad837f03572865bc096a537c73fbPaul Stewart SUBJECT_MATCH_KEY, 128274042519d84ad837f03572865bc096a537c73fbPaul Stewart ENGINE_KEY, 129274042519d84ad837f03572865bc096a537c73fbPaul Stewart ENGINE_ID_KEY, 130274042519d84ad837f03572865bc096a537c73fbPaul Stewart PRIVATE_KEY_ID_KEY, 131274042519d84ad837f03572865bc096a537c73fbPaul Stewart ALTSUBJECT_MATCH_KEY, 132274042519d84ad837f03572865bc096a537c73fbPaul Stewart DOM_SUFFIX_MATCH_KEY, 133274042519d84ad837f03572865bc096a537c73fbPaul Stewart CA_PATH_KEY 134274042519d84ad837f03572865bc096a537c73fbPaul Stewart }; 135274042519d84ad837f03572865bc096a537c73fbPaul Stewart 1369b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff private HashMap<String, String> mFields = new HashMap<String, String>(); 137a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu private X509Certificate[] mCaCerts; 13826d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff private PrivateKey mClientPrivateKey; 13926d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff private X509Certificate mClientCertificate; 140274042519d84ad837f03572865bc096a537c73fbPaul Stewart private int mEapMethod = Eap.NONE; 141274042519d84ad837f03572865bc096a537c73fbPaul Stewart private int mPhase2Method = Phase2.NONE; 142274042519d84ad837f03572865bc096a537c73fbPaul Stewart 143274042519d84ad837f03572865bc096a537c73fbPaul Stewart private static final String TAG = "WifiEnterpriseConfig"; 1449b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 1459b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public WifiEnterpriseConfig() { 146e095675c872f40f630aa3f9189eb5c02f3cfee6dIrfan Sheriff // Do not set defaults so that the enterprise fields that are not changed 147e095675c872f40f630aa3f9189eb5c02f3cfee6dIrfan Sheriff // by API are not changed underneath 148e095675c872f40f630aa3f9189eb5c02f3cfee6dIrfan Sheriff // This is essential because an app may not have all fields like password 149e095675c872f40f630aa3f9189eb5c02f3cfee6dIrfan Sheriff // available. It allows modification of subset of fields. 150e095675c872f40f630aa3f9189eb5c02f3cfee6dIrfan Sheriff 1519b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 1529b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 1539b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff /** Copy constructor */ 1549b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public WifiEnterpriseConfig(WifiEnterpriseConfig source) { 1559b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff for (String key : source.mFields.keySet()) { 1569b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff mFields.put(key, source.mFields.get(key)); 1579b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 158274042519d84ad837f03572865bc096a537c73fbPaul Stewart mEapMethod = source.mEapMethod; 159274042519d84ad837f03572865bc096a537c73fbPaul Stewart mPhase2Method = source.mPhase2Method; 1609b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 1619b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 1629b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff @Override 1639b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public int describeContents() { 1649b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff return 0; 1659b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 1669b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 16786ee9640ee6d6bd9bb655af830eea5515400f25bIrfan Sheriff @Override 1689b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public void writeToParcel(Parcel dest, int flags) { 1699b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff dest.writeInt(mFields.size()); 1709b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff for (Map.Entry<String, String> entry : mFields.entrySet()) { 1719b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff dest.writeString(entry.getKey()); 1729b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff dest.writeString(entry.getValue()); 1739b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 17426d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff 175274042519d84ad837f03572865bc096a537c73fbPaul Stewart dest.writeInt(mEapMethod); 176274042519d84ad837f03572865bc096a537c73fbPaul Stewart dest.writeInt(mPhase2Method); 177a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu writeCertificates(dest, mCaCerts); 17826d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff 17926d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff if (mClientPrivateKey != null) { 18026d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff String algorithm = mClientPrivateKey.getAlgorithm(); 18126d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff byte[] userKeyBytes = mClientPrivateKey.getEncoded(); 18226d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff dest.writeInt(userKeyBytes.length); 18326d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff dest.writeByteArray(userKeyBytes); 18426d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff dest.writeString(algorithm); 18526d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } else { 18626d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff dest.writeInt(0); 18726d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } 18826d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff 18926d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff writeCertificate(dest, mClientCertificate); 19026d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } 19126d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff 192a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu private void writeCertificates(Parcel dest, X509Certificate[] cert) { 193a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu if (cert != null && cert.length != 0) { 194a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu dest.writeInt(cert.length); 195a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu for (int i = 0; i < cert.length; i++) { 196a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu writeCertificate(dest, cert[i]); 197a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 198a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } else { 199a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu dest.writeInt(0); 200a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 201a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 202a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu 20326d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff private void writeCertificate(Parcel dest, X509Certificate cert) { 20426d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff if (cert != null) { 20526d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff try { 20626d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff byte[] certBytes = cert.getEncoded(); 20726d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff dest.writeInt(certBytes.length); 20826d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff dest.writeByteArray(certBytes); 20926d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } catch (CertificateEncodingException e) { 21026d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff dest.writeInt(0); 21126d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } 21226d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } else { 21326d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff dest.writeInt(0); 21426d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } 2159b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 2169b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 2179b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public static final Creator<WifiEnterpriseConfig> CREATOR = 2189b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff new Creator<WifiEnterpriseConfig>() { 2199b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public WifiEnterpriseConfig createFromParcel(Parcel in) { 2209b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff WifiEnterpriseConfig enterpriseConfig = new WifiEnterpriseConfig(); 2219b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff int count = in.readInt(); 2229b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff for (int i = 0; i < count; i++) { 2239b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff String key = in.readString(); 2249b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff String value = in.readString(); 2259b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff enterpriseConfig.mFields.put(key, value); 2269b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 22726d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff 228274042519d84ad837f03572865bc096a537c73fbPaul Stewart enterpriseConfig.mEapMethod = in.readInt(); 229274042519d84ad837f03572865bc096a537c73fbPaul Stewart enterpriseConfig.mPhase2Method = in.readInt(); 230a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu enterpriseConfig.mCaCerts = readCertificates(in); 23126d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff 23226d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff PrivateKey userKey = null; 23326d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff int len = in.readInt(); 23426d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff if (len > 0) { 23526d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff try { 23626d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff byte[] bytes = new byte[len]; 23726d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff in.readByteArray(bytes); 23826d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff String algorithm = in.readString(); 23926d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff KeyFactory keyFactory = KeyFactory.getInstance(algorithm); 24026d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff userKey = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(bytes)); 24126d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } catch (NoSuchAlgorithmException e) { 24226d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff userKey = null; 24326d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } catch (InvalidKeySpecException e) { 24426d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff userKey = null; 24526d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } 24626d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } 24726d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff 24826d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff enterpriseConfig.mClientPrivateKey = userKey; 24926d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff enterpriseConfig.mClientCertificate = readCertificate(in); 2509b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff return enterpriseConfig; 2519b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 2529b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 253a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu private X509Certificate[] readCertificates(Parcel in) { 254a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu X509Certificate[] certs = null; 255a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu int len = in.readInt(); 256a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu if (len > 0) { 257a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu certs = new X509Certificate[len]; 258a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu for (int i = 0; i < len; i++) { 259a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu certs[i] = readCertificate(in); 260a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 261a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 262a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu return certs; 263a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 264a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu 26526d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff private X509Certificate readCertificate(Parcel in) { 26626d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff X509Certificate cert = null; 26726d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff int len = in.readInt(); 26826d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff if (len > 0) { 26926d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff try { 27026d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff byte[] bytes = new byte[len]; 27126d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff in.readByteArray(bytes); 27226d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff CertificateFactory cFactory = CertificateFactory.getInstance("X.509"); 27326d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff cert = (X509Certificate) cFactory 27426d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff .generateCertificate(new ByteArrayInputStream(bytes)); 27526d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } catch (CertificateException e) { 27626d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff cert = null; 27726d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } 27826d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } 27926d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff return cert; 28026d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } 28126d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff 2829b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public WifiEnterpriseConfig[] newArray(int size) { 2839b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff return new WifiEnterpriseConfig[size]; 2849b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 2859b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff }; 2869b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 287fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff /** The Extensible Authentication Protocol method used */ 2889b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public static final class Eap { 289fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff /** No EAP method used. Represents an empty config */ 290e095675c872f40f630aa3f9189eb5c02f3cfee6dIrfan Sheriff public static final int NONE = -1; 291fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff /** Protected EAP */ 2929b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public static final int PEAP = 0; 293fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff /** EAP-Transport Layer Security */ 2949b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public static final int TLS = 1; 295fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff /** EAP-Tunneled Transport Layer Security */ 2969b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public static final int TTLS = 2; 297fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff /** EAP-Password */ 2989b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public static final int PWD = 3; 299c8505931420dd9a76acf940a56b31354cd0105b0Vinit Deshpande /** EAP-Subscriber Identity Module */ 3007fee7232ee2ae45fb3cd4fcce314e8f1101ae8dbRoger Chang public static final int SIM = 4; 301c8505931420dd9a76acf940a56b31354cd0105b0Vinit Deshpande /** EAP-Authentication and Key Agreement */ 3027fee7232ee2ae45fb3cd4fcce314e8f1101ae8dbRoger Chang public static final int AKA = 5; 303adf9e95ecc5d0867adf1dc2d7adcac958457b98eJean-Michel Bachot /** EAP-Authentication and Key Agreement Prime */ 304adf9e95ecc5d0867adf1dc2d7adcac958457b98eJean-Michel Bachot public static final int AKA_PRIME = 6; 305a772f0cf34f0db67997cb31fa44315c0933563daVinit Deshpande /** Hotspot 2.0 r2 OSEN */ 306a772f0cf34f0db67997cb31fa44315c0933563daVinit Deshpande public static final int UNAUTH_TLS = 7; 3079b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff /** @hide */ 308a772f0cf34f0db67997cb31fa44315c0933563daVinit Deshpande public static final String[] strings = 309a772f0cf34f0db67997cb31fa44315c0933563daVinit Deshpande { "PEAP", "TLS", "TTLS", "PWD", "SIM", "AKA", "AKA'", "WFA-UNAUTH-TLS" }; 31040843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff 31140843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff /** Prevent initialization */ 31240843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff private Eap() {} 3139b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 3149b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 315fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff /** The inner authentication method used */ 3169b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public static final class Phase2 { 3179b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public static final int NONE = 0; 318fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff /** Password Authentication Protocol */ 3199b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public static final int PAP = 1; 320fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff /** Microsoft Challenge Handshake Authentication Protocol */ 3219b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public static final int MSCHAP = 2; 322fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff /** Microsoft Challenge Handshake Authentication Protocol v2 */ 3239b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public static final int MSCHAPV2 = 3; 324fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff /** Generic Token Card */ 3259b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public static final int GTC = 4; 326274042519d84ad837f03572865bc096a537c73fbPaul Stewart private static final String AUTH_PREFIX = "auth="; 327274042519d84ad837f03572865bc096a537c73fbPaul Stewart private static final String AUTHEAP_PREFIX = "autheap="; 3289b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff /** @hide */ 329ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde public static final String[] strings = {EMPTY_VALUE, "PAP", "MSCHAP", 330ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde "MSCHAPV2", "GTC" }; 33140843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff 33240843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff /** Prevent initialization */ 33340843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff private Phase2() {} 3349b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 3359b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 336274042519d84ad837f03572865bc096a537c73fbPaul Stewart // Loader and saver interfaces for exchanging data with wpa_supplicant. 337274042519d84ad837f03572865bc096a537c73fbPaul Stewart // TODO: Decouple this object (which is just a placeholder of the configuration) 338274042519d84ad837f03572865bc096a537c73fbPaul Stewart // from the implementation that knows what wpa_supplicant wants. 339274042519d84ad837f03572865bc096a537c73fbPaul Stewart /** 340274042519d84ad837f03572865bc096a537c73fbPaul Stewart * Interface used for retrieving supplicant configuration from WifiEnterpriseConfig 341274042519d84ad837f03572865bc096a537c73fbPaul Stewart * @hide 342274042519d84ad837f03572865bc096a537c73fbPaul Stewart */ 343274042519d84ad837f03572865bc096a537c73fbPaul Stewart public interface SupplicantSaver { 344274042519d84ad837f03572865bc096a537c73fbPaul Stewart /** 345274042519d84ad837f03572865bc096a537c73fbPaul Stewart * Set a value within wpa_supplicant configuration 346274042519d84ad837f03572865bc096a537c73fbPaul Stewart * @param key index to set within wpa_supplciant 347274042519d84ad837f03572865bc096a537c73fbPaul Stewart * @param value the value for the key 348274042519d84ad837f03572865bc096a537c73fbPaul Stewart * @return true if successful; false otherwise 349274042519d84ad837f03572865bc096a537c73fbPaul Stewart */ 350274042519d84ad837f03572865bc096a537c73fbPaul Stewart boolean saveValue(String key, String value); 351274042519d84ad837f03572865bc096a537c73fbPaul Stewart } 352274042519d84ad837f03572865bc096a537c73fbPaul Stewart 353274042519d84ad837f03572865bc096a537c73fbPaul Stewart /** 354274042519d84ad837f03572865bc096a537c73fbPaul Stewart * Interface used for populating a WifiEnterpriseConfig from supplicant configuration 355274042519d84ad837f03572865bc096a537c73fbPaul Stewart * @hide 356274042519d84ad837f03572865bc096a537c73fbPaul Stewart */ 357274042519d84ad837f03572865bc096a537c73fbPaul Stewart public interface SupplicantLoader { 358274042519d84ad837f03572865bc096a537c73fbPaul Stewart /** 359274042519d84ad837f03572865bc096a537c73fbPaul Stewart * Returns a value within wpa_supplicant configuration 360274042519d84ad837f03572865bc096a537c73fbPaul Stewart * @param key index to set within wpa_supplciant 361274042519d84ad837f03572865bc096a537c73fbPaul Stewart * @return string value if successful; null otherwise 362274042519d84ad837f03572865bc096a537c73fbPaul Stewart */ 363274042519d84ad837f03572865bc096a537c73fbPaul Stewart String loadValue(String key); 364274042519d84ad837f03572865bc096a537c73fbPaul Stewart } 365274042519d84ad837f03572865bc096a537c73fbPaul Stewart 366274042519d84ad837f03572865bc096a537c73fbPaul Stewart /** 367274042519d84ad837f03572865bc096a537c73fbPaul Stewart * Internal use only; supply field values to wpa_supplicant config. The configuration 368274042519d84ad837f03572865bc096a537c73fbPaul Stewart * process aborts on the first failed call on {@code saver}. 369274042519d84ad837f03572865bc096a537c73fbPaul Stewart * @param saver proxy for setting configuration in wpa_supplciant 370274042519d84ad837f03572865bc096a537c73fbPaul Stewart * @return whether the save succeeded on all attempts 371274042519d84ad837f03572865bc096a537c73fbPaul Stewart * @hide 372274042519d84ad837f03572865bc096a537c73fbPaul Stewart */ 373274042519d84ad837f03572865bc096a537c73fbPaul Stewart public boolean saveToSupplicant(SupplicantSaver saver) { 374274042519d84ad837f03572865bc096a537c73fbPaul Stewart if (!isEapMethodValid()) { 375274042519d84ad837f03572865bc096a537c73fbPaul Stewart return false; 376274042519d84ad837f03572865bc096a537c73fbPaul Stewart } 377274042519d84ad837f03572865bc096a537c73fbPaul Stewart 378274042519d84ad837f03572865bc096a537c73fbPaul Stewart for (String key : mFields.keySet()) { 379274042519d84ad837f03572865bc096a537c73fbPaul Stewart if (!saver.saveValue(key, mFields.get(key))) { 380274042519d84ad837f03572865bc096a537c73fbPaul Stewart return false; 381274042519d84ad837f03572865bc096a537c73fbPaul Stewart } 382274042519d84ad837f03572865bc096a537c73fbPaul Stewart } 383274042519d84ad837f03572865bc096a537c73fbPaul Stewart 384274042519d84ad837f03572865bc096a537c73fbPaul Stewart if (!saver.saveValue(EAP_KEY, Eap.strings[mEapMethod])) { 385274042519d84ad837f03572865bc096a537c73fbPaul Stewart return false; 386274042519d84ad837f03572865bc096a537c73fbPaul Stewart } 387274042519d84ad837f03572865bc096a537c73fbPaul Stewart 388274042519d84ad837f03572865bc096a537c73fbPaul Stewart if (mEapMethod != Eap.TLS && mPhase2Method != Phase2.NONE) { 389274042519d84ad837f03572865bc096a537c73fbPaul Stewart boolean is_autheap = mEapMethod == Eap.TTLS && mPhase2Method == Phase2.GTC; 390274042519d84ad837f03572865bc096a537c73fbPaul Stewart String prefix = is_autheap ? Phase2.AUTHEAP_PREFIX : Phase2.AUTH_PREFIX; 391274042519d84ad837f03572865bc096a537c73fbPaul Stewart String value = convertToQuotedString(prefix + Phase2.strings[mPhase2Method]); 392274042519d84ad837f03572865bc096a537c73fbPaul Stewart return saver.saveValue(PHASE2_KEY, value); 393274042519d84ad837f03572865bc096a537c73fbPaul Stewart } else if (mPhase2Method == Phase2.NONE) { 394274042519d84ad837f03572865bc096a537c73fbPaul Stewart // By default, send a null phase 2 to clear old configuration values. 395274042519d84ad837f03572865bc096a537c73fbPaul Stewart return saver.saveValue(PHASE2_KEY, null); 396274042519d84ad837f03572865bc096a537c73fbPaul Stewart } else { 397274042519d84ad837f03572865bc096a537c73fbPaul Stewart Log.e(TAG, "WiFi enterprise configuration is invalid as it supplies a " 398274042519d84ad837f03572865bc096a537c73fbPaul Stewart + "phase 2 method but the phase1 method does not support it."); 399274042519d84ad837f03572865bc096a537c73fbPaul Stewart return false; 400274042519d84ad837f03572865bc096a537c73fbPaul Stewart } 401274042519d84ad837f03572865bc096a537c73fbPaul Stewart } 402274042519d84ad837f03572865bc096a537c73fbPaul Stewart 403274042519d84ad837f03572865bc096a537c73fbPaul Stewart /** 404274042519d84ad837f03572865bc096a537c73fbPaul Stewart * Internal use only; retrieve configuration from wpa_supplicant config. 405274042519d84ad837f03572865bc096a537c73fbPaul Stewart * @param loader proxy for retrieving configuration keys from wpa_supplicant 406ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde * @hide 407ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde */ 408274042519d84ad837f03572865bc096a537c73fbPaul Stewart public void loadFromSupplicant(SupplicantLoader loader) { 409274042519d84ad837f03572865bc096a537c73fbPaul Stewart for (String key : SUPPLICANT_CONFIG_KEYS) { 410274042519d84ad837f03572865bc096a537c73fbPaul Stewart String value = loader.loadValue(key); 411274042519d84ad837f03572865bc096a537c73fbPaul Stewart if (value == null) { 412274042519d84ad837f03572865bc096a537c73fbPaul Stewart mFields.put(key, EMPTY_VALUE); 413274042519d84ad837f03572865bc096a537c73fbPaul Stewart } else { 414274042519d84ad837f03572865bc096a537c73fbPaul Stewart mFields.put(key, value); 415274042519d84ad837f03572865bc096a537c73fbPaul Stewart } 416274042519d84ad837f03572865bc096a537c73fbPaul Stewart } 417274042519d84ad837f03572865bc096a537c73fbPaul Stewart String eapMethod = loader.loadValue(EAP_KEY); 418274042519d84ad837f03572865bc096a537c73fbPaul Stewart mEapMethod = getStringIndex(Eap.strings, eapMethod, Eap.NONE); 419274042519d84ad837f03572865bc096a537c73fbPaul Stewart 420274042519d84ad837f03572865bc096a537c73fbPaul Stewart String phase2Method = removeDoubleQuotes(loader.loadValue(PHASE2_KEY)); 421274042519d84ad837f03572865bc096a537c73fbPaul Stewart // Remove "auth=" or "autheap=" prefix. 422274042519d84ad837f03572865bc096a537c73fbPaul Stewart if (phase2Method.startsWith(Phase2.AUTH_PREFIX)) { 423274042519d84ad837f03572865bc096a537c73fbPaul Stewart phase2Method = phase2Method.substring(Phase2.AUTH_PREFIX.length()); 424274042519d84ad837f03572865bc096a537c73fbPaul Stewart } else if (phase2Method.startsWith(Phase2.AUTHEAP_PREFIX)) { 425274042519d84ad837f03572865bc096a537c73fbPaul Stewart phase2Method = phase2Method.substring(Phase2.AUTHEAP_PREFIX.length()); 426274042519d84ad837f03572865bc096a537c73fbPaul Stewart } 427274042519d84ad837f03572865bc096a537c73fbPaul Stewart mPhase2Method = getStringIndex(Phase2.strings, phase2Method, Phase2.NONE); 4289b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 4299b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 4309b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff /** 4319b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * Set the EAP authentication method. 4329b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @param eapMethod is one {@link Eap#PEAP}, {@link Eap#TLS}, {@link Eap#TTLS} or 4339b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * {@link Eap#PWD} 434fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff * @throws IllegalArgumentException on an invalid eap method 4359b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff */ 4369b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public void setEapMethod(int eapMethod) { 4379b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff switch (eapMethod) { 4389b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff /** Valid methods */ 43926a98001ad3ec626f18fd57165ccc404f80d4e51Vinit Deshpande case Eap.TLS: 44061b5a7689320274ce5fff9a9eae1866d8d696b9bJan Nordqvist case Eap.UNAUTH_TLS: 44126a98001ad3ec626f18fd57165ccc404f80d4e51Vinit Deshpande setPhase2Method(Phase2.NONE); 44226a98001ad3ec626f18fd57165ccc404f80d4e51Vinit Deshpande /* fall through */ 4439b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff case Eap.PEAP: 4449b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff case Eap.PWD: 4459b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff case Eap.TTLS: 4467fee7232ee2ae45fb3cd4fcce314e8f1101ae8dbRoger Chang case Eap.SIM: 4477fee7232ee2ae45fb3cd4fcce314e8f1101ae8dbRoger Chang case Eap.AKA: 448adf9e95ecc5d0867adf1dc2d7adcac958457b98eJean-Michel Bachot case Eap.AKA_PRIME: 449274042519d84ad837f03572865bc096a537c73fbPaul Stewart mEapMethod = eapMethod; 450ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde mFields.put(OPP_KEY_CACHING, "1"); 4519b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff break; 4529b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff default: 4539b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff throw new IllegalArgumentException("Unknown EAP method"); 4549b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 4559b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 4569b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 4579b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff /** 4589b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * Get the eap method. 4599b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @return eap method configured 4609b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff */ 4619b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public int getEapMethod() { 462274042519d84ad837f03572865bc096a537c73fbPaul Stewart return mEapMethod; 4639b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 4649b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 4659b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff /** 4669b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * Set Phase 2 authentication method. Sets the inner authentication method to be used in 4679b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * phase 2 after setting up a secure channel 4689b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @param phase2Method is the inner authentication method and can be one of {@link Phase2#NONE}, 4699b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * {@link Phase2#PAP}, {@link Phase2#MSCHAP}, {@link Phase2#MSCHAPV2}, 4709b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * {@link Phase2#GTC} 471fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff * @throws IllegalArgumentException on an invalid phase2 method 4729b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * 4739b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff */ 4749b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public void setPhase2Method(int phase2Method) { 4759b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff switch (phase2Method) { 4769b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff case Phase2.NONE: 4779b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff case Phase2.PAP: 4789b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff case Phase2.MSCHAP: 4799b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff case Phase2.MSCHAPV2: 4809b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff case Phase2.GTC: 481274042519d84ad837f03572865bc096a537c73fbPaul Stewart mPhase2Method = phase2Method; 4829b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff break; 4839b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff default: 4849b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff throw new IllegalArgumentException("Unknown Phase 2 method"); 4859b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 4869b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 4879b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 4889b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff /** 4899b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * Get the phase 2 authentication method. 4909b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @return a phase 2 method defined at {@link Phase2} 4919b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * */ 4929b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public int getPhase2Method() { 493274042519d84ad837f03572865bc096a537c73fbPaul Stewart return mPhase2Method; 4949b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 4959b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 4969b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff /** 4979b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * Set the identity 4989b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @param identity 4999b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff */ 5009b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public void setIdentity(String identity) { 501ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde setFieldValue(IDENTITY_KEY, identity, ""); 5029b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 5039b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 5049b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff /** 5059b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * Get the identity 5069b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @return the identity 5079b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff */ 5089b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public String getIdentity() { 509ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde return getFieldValue(IDENTITY_KEY, ""); 5109b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 5119b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 5129b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff /** 5139b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * Set anonymous identity. This is used as the unencrypted identity with 5149b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * certain EAP types 5159b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @param anonymousIdentity the anonymous identity 5169b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff */ 5179b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public void setAnonymousIdentity(String anonymousIdentity) { 518ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde setFieldValue(ANON_IDENTITY_KEY, anonymousIdentity, ""); 5199b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 5209b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 521274042519d84ad837f03572865bc096a537c73fbPaul Stewart /** 522274042519d84ad837f03572865bc096a537c73fbPaul Stewart * Get the anonymous identity 5239b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @return anonymous identity 5249b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff */ 5259b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public String getAnonymousIdentity() { 526ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde return getFieldValue(ANON_IDENTITY_KEY, ""); 5279b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 5289b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 5299b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff /** 5309b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * Set the password. 5319b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @param password the password 5329b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff */ 5339b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public void setPassword(String password) { 534ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde setFieldValue(PASSWORD_KEY, password, ""); 5359b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 5369b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 5379b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff /** 53840843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff * Get the password. 53940843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff * 54040843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff * Returns locally set password value. For networks fetched from 54140843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff * framework, returns "*". 54240843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff */ 54340843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff public String getPassword() { 544ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde return getFieldValue(PASSWORD_KEY, ""); 54540843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff } 54640843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff 54740843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff /** 548a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * Encode a CA certificate alias so it does not contain illegal character. 549a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * @hide 550a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu */ 551a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu public static String encodeCaCertificateAlias(String alias) { 552a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu byte[] bytes = alias.getBytes(StandardCharsets.UTF_8); 553a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu StringBuilder sb = new StringBuilder(bytes.length * 2); 554a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu for (byte o : bytes) { 555a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu sb.append(String.format("%02x", o & 0xFF)); 556a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 557a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu return sb.toString(); 558a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 559a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu 560a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu /** 561a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * Decode a previously-encoded CA certificate alias. 562a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * @hide 563a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu */ 564a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu public static String decodeCaCertificateAlias(String alias) { 565a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu byte[] data = new byte[alias.length() >> 1]; 566a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu for (int n = 0, position = 0; n < alias.length(); n += 2, position++) { 567a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu data[position] = (byte) Integer.parseInt(alias.substring(n, n + 2), 16); 568a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 569a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu try { 570a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu return new String(data, StandardCharsets.UTF_8); 571a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } catch (NumberFormatException e) { 572a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu e.printStackTrace(); 573a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu return alias; 574a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 575a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 576a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu 577a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu /** 5789b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * Set CA certificate alias. 5799b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * 5809b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * <p> See the {@link android.security.KeyChain} for details on installing or choosing 5819b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * a certificate 5829b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * </p> 5839b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @param alias identifies the certificate 58426d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff * @hide 5859b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff */ 58626d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff public void setCaCertificateAlias(String alias) { 587ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde setFieldValue(CA_CERT_KEY, alias, CA_CERT_PREFIX); 5889b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 5899b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 5909b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff /** 591a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * Set CA certificate aliases. When creating installing the corresponding certificate to 592a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * the keystore, please use alias encoded by {@link #encodeCaCertificateAlias(String)}. 593a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * 594a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * <p> See the {@link android.security.KeyChain} for details on installing or choosing 595a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * a certificate. 596a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * </p> 597a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * @param aliases identifies the certificate 598a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * @hide 599a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu */ 600a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu public void setCaCertificateAliases(@Nullable String[] aliases) { 601a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu if (aliases == null) { 602a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu setFieldValue(CA_CERT_KEY, null, CA_CERT_PREFIX); 603a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } else if (aliases.length == 1) { 604a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu // Backwards compatibility: use the original cert prefix if setting only one alias. 605a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu setCaCertificateAlias(aliases[0]); 606a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } else { 607a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu // Use KEYSTORES_URI which supports multiple aliases. 608a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu StringBuilder sb = new StringBuilder(); 609a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu for (int i = 0; i < aliases.length; i++) { 610a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu if (i > 0) { 611a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu sb.append(CA_CERT_ALIAS_DELIMITER); 612a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 613a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu sb.append(encodeCaCertificateAlias(Credentials.CA_CERTIFICATE + aliases[i])); 614a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 615a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu setFieldValue(CA_CERT_KEY, sb.toString(), KEYSTORES_URI); 616a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 617a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 618a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu 619a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu /** 6209b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * Get CA certificate alias 6219b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @return alias to the CA certificate 62226d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff * @hide 6239b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff */ 62426d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff public String getCaCertificateAlias() { 625ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde return getFieldValue(CA_CERT_KEY, CA_CERT_PREFIX); 6269b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 6279b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 6289b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff /** 629a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * Get CA certificate aliases 630a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * @return alias to the CA certificate 631a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * @hide 632a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu */ 633a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu @Nullable public String[] getCaCertificateAliases() { 634a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu String value = getFieldValue(CA_CERT_KEY, ""); 635a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu if (value.startsWith(CA_CERT_PREFIX)) { 636a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu // Backwards compatibility: parse the original alias prefix. 637a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu return new String[] {getFieldValue(CA_CERT_KEY, CA_CERT_PREFIX)}; 638a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } else if (value.startsWith(KEYSTORES_URI)) { 639a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu String values = value.substring(KEYSTORES_URI.length()); 640a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu 641a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu String[] aliases = TextUtils.split(values, CA_CERT_ALIAS_DELIMITER); 642a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu for (int i = 0; i < aliases.length; i++) { 643a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu aliases[i] = decodeCaCertificateAlias(aliases[i]); 644a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu if (aliases[i].startsWith(Credentials.CA_CERTIFICATE)) { 645a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu aliases[i] = aliases[i].substring(Credentials.CA_CERTIFICATE.length()); 646a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 647a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 648a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu return aliases.length != 0 ? aliases : null; 649a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } else { 650a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu return TextUtils.isEmpty(value) ? null : new String[] {value}; 651a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 652a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 653a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu 654a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu /** 65526d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff * Specify a X.509 certificate that identifies the server. 65626d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff * 65726d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff * <p>A default name is automatically assigned to the certificate and used 658fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff * with this configuration. The framework takes care of installing the 659fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff * certificate when the config is saved and removing the certificate when 660fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff * the config is removed. 661fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff * 66226d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff * @param cert X.509 CA certificate 66326d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff * @throws IllegalArgumentException if not a CA certificate 66426d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff */ 665a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu public void setCaCertificate(@Nullable X509Certificate cert) { 6660b4732c2248fa2b92a44f045dfcadb3547076ef4Irfan Sheriff if (cert != null) { 6670b4732c2248fa2b92a44f045dfcadb3547076ef4Irfan Sheriff if (cert.getBasicConstraints() >= 0) { 668a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu mCaCerts = new X509Certificate[] {cert}; 6690b4732c2248fa2b92a44f045dfcadb3547076ef4Irfan Sheriff } else { 6700b4732c2248fa2b92a44f045dfcadb3547076ef4Irfan Sheriff throw new IllegalArgumentException("Not a CA certificate"); 6710b4732c2248fa2b92a44f045dfcadb3547076ef4Irfan Sheriff } 67226d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } else { 673a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu mCaCerts = null; 67426d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } 67526d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } 67626d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff 67726d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff /** 678a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * Get CA certificate. If multiple CA certificates are configured previously, 679a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * return the first one. 68040843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff * @return X.509 CA certificate 68140843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff */ 682a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu @Nullable public X509Certificate getCaCertificate() { 683a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu if (mCaCerts != null && mCaCerts.length > 0) { 684a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu return mCaCerts[0]; 685a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } else { 686a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu return null; 687a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 688a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 689a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu 690a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu /** 691a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * Specify a list of X.509 certificates that identifies the server. The validation 692a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * passes if the CA of server certificate matches one of the given certificates. 693a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu 694a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * <p>Default names are automatically assigned to the certificates and used 695a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * with this configuration. The framework takes care of installing the 696a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * certificates when the config is saved and removing the certificates when 697a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * the config is removed. 698a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * 699a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * @param certs X.509 CA certificates 700a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * @throws IllegalArgumentException if any of the provided certificates is 701a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * not a CA certificate 702a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu */ 703a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu public void setCaCertificates(@Nullable X509Certificate[] certs) { 704a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu if (certs != null) { 705a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu X509Certificate[] newCerts = new X509Certificate[certs.length]; 706a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu for (int i = 0; i < certs.length; i++) { 707a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu if (certs[i].getBasicConstraints() >= 0) { 708a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu newCerts[i] = certs[i]; 709a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } else { 710a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu throw new IllegalArgumentException("Not a CA certificate"); 711a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 712a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 713a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu mCaCerts = newCerts; 714a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } else { 715a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu mCaCerts = null; 716a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 717a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 718a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu 719a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu /** 720a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * Get CA certificates. 721a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu */ 722a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu @Nullable public X509Certificate[] getCaCertificates() { 723492ed589df3609a15dd6a33709fc8d855ec1072dRubin Xu if (mCaCerts != null && mCaCerts.length > 0) { 724a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu return mCaCerts; 725a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } else { 726a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu return null; 727a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 72840843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff } 72940843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff 73040843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff /** 731ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde * @hide 732ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde */ 733ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde public void resetCaCertificate() { 734a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu mCaCerts = null; 735ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde } 736ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde 737c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan /** 738c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan * Set the ca_path directive on wpa_supplicant. 739c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan * 740c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan * From wpa_supplicant documentation: 741c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan * 742c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan * Directory path for CA certificate files (PEM). This path may contain 743c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan * multiple CA certificates in OpenSSL format. Common use for this is to 744c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan * point to system trusted CA list which is often installed into directory 745c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan * like /etc/ssl/certs. If configured, these certificates are added to the 746c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan * list of trusted CAs. ca_cert may also be included in that case, but it is 747c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan * not required. 748c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan * @param domain The path for CA certificate files 749c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan * @hide 750c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan */ 751c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan public void setCaPath(String path) { 752c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan setFieldValue(CA_PATH_KEY, path); 753c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan } 754c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan 755c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan /** 756c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan * Get the domain_suffix_match value. See setDomSuffixMatch. 757c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan * @return The path for CA certificate files. 758c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan * @hide 759c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan */ 760c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan public String getCaPath() { 761c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan return getFieldValue(CA_PATH_KEY, ""); 762c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan } 763c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan 764ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde /** Set Client certificate alias. 7659b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * 7669b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * <p> See the {@link android.security.KeyChain} for details on installing or choosing 7679b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * a certificate 7689b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * </p> 7699b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @param alias identifies the certificate 77026d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff * @hide 7719b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff */ 77226d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff public void setClientCertificateAlias(String alias) { 773ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde setFieldValue(CLIENT_CERT_KEY, alias, CLIENT_CERT_PREFIX); 774ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde setFieldValue(PRIVATE_KEY_ID_KEY, alias, Credentials.USER_PRIVATE_KEY); 7759b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff // Also, set engine parameters 7769b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff if (TextUtils.isEmpty(alias)) { 777ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde mFields.put(ENGINE_KEY, ENGINE_DISABLE); 778ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde mFields.put(ENGINE_ID_KEY, EMPTY_VALUE); 7799b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } else { 780ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde mFields.put(ENGINE_KEY, ENGINE_ENABLE); 781ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde mFields.put(ENGINE_ID_KEY, convertToQuotedString(ENGINE_ID_KEYSTORE)); 7829b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 7839b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 7849b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 7859b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff /** 7869b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * Get client certificate alias 7879b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @return alias to the client certificate 78826d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff * @hide 7899b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff */ 79026d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff public String getClientCertificateAlias() { 791ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde return getFieldValue(CLIENT_CERT_KEY, CLIENT_CERT_PREFIX); 7929b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 7939b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 7949b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff /** 79526d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff * Specify a private key and client certificate for client authorization. 79626d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff * 79726d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff * <p>A default name is automatically assigned to the key entry and used 798fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff * with this configuration. The framework takes care of installing the 799fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff * key entry when the config is saved and removing the key entry when 800fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff * the config is removed. 801fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff 80226d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff * @param privateKey 80326d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff * @param clientCertificate 804fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff * @throws IllegalArgumentException for an invalid key or certificate. 80526d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff */ 80626d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff public void setClientKeyEntry(PrivateKey privateKey, X509Certificate clientCertificate) { 80726d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff if (clientCertificate != null) { 80826d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff if (clientCertificate.getBasicConstraints() != -1) { 80926d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff throw new IllegalArgumentException("Cannot be a CA certificate"); 81026d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } 81126d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff if (privateKey == null) { 81226d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff throw new IllegalArgumentException("Client cert without a private key"); 81326d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } 81426d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff if (privateKey.getEncoded() == null) { 81526d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff throw new IllegalArgumentException("Private key cannot be encoded"); 81626d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } 81726d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } 81826d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff 81926d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff mClientPrivateKey = privateKey; 82026d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff mClientCertificate = clientCertificate; 82126d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } 82226d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff 82340843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff /** 82440843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff * Get client certificate 82540843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff * 82640843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff * @return X.509 client certificate 82740843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff */ 82840843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff public X509Certificate getClientCertificate() { 82940843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff return mClientCertificate; 83026d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } 83126d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff 832ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde /** 833ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde * @hide 834ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde */ 835ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde public void resetClientKeyEntry() { 836ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde mClientPrivateKey = null; 837ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde mClientCertificate = null; 83826d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } 83926d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff 840ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde /** 841ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde * @hide 842ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde */ 843ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde public PrivateKey getClientPrivateKey() { 844ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde return mClientPrivateKey; 84526d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } 84626d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff 84726d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff /** 848b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande * Set subject match (deprecated). This is the substring to be matched against the subject of 849b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande * the authentication server certificate. 8509b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @param subjectMatch substring to be matched 851b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande * @deprecated in favor of altSubjectMatch 8529b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff */ 8539b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public void setSubjectMatch(String subjectMatch) { 854ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde setFieldValue(SUBJECT_MATCH_KEY, subjectMatch, ""); 8559b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 8569b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 8579b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff /** 858b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande * Get subject match (deprecated) 8599b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @return the subject match string 860b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande * @deprecated in favor of altSubjectMatch 8619b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff */ 8629b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public String getSubjectMatch() { 863ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde return getFieldValue(SUBJECT_MATCH_KEY, ""); 8649b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 8659b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 866b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande /** 867b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande * Set alternate subject match. This is the substring to be matched against the 868b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande * alternate subject of the authentication server certificate. 869b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande * @param altSubjectMatch substring to be matched, for example 870b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande * DNS:server.example.com;EMAIL:server@example.com 871b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande */ 872b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande public void setAltSubjectMatch(String altSubjectMatch) { 873b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande setFieldValue(ALTSUBJECT_MATCH_KEY, altSubjectMatch, ""); 874b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande } 875b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande 876b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande /** 877b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande * Get alternate subject match 878b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande * @return the alternate subject match string 879b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande */ 880b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande public String getAltSubjectMatch() { 881b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande return getFieldValue(ALTSUBJECT_MATCH_KEY, ""); 882c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist } 883c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist 884c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist /** 885c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist * Set the domain_suffix_match directive on wpa_supplicant. This is the parameter to use 886c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist * for Hotspot 2.0 defined matching of AAA server certs per WFA HS2.0 spec, section 7.3.3.2, 887c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist * second paragraph. 888c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist * 889c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist * From wpa_supplicant documentation: 890c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist * Constraint for server domain name. If set, this FQDN is used as a suffix match requirement 891c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist * for the AAAserver certificate in SubjectAltName dNSName element(s). If a matching dNSName is 892c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist * found, this constraint is met. If no dNSName values are present, this constraint is matched 893c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist * against SubjectName CN using same suffix match comparison. 894c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist * Suffix match here means that the host/domain name is compared one label at a time starting 895c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist * from the top-level domain and all the labels in domain_suffix_match shall be included in the 896c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist * certificate. The certificate may include additional sub-level labels in addition to the 897c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist * required labels. 898c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist * For example, domain_suffix_match=example.com would match test.example.com but would not 899c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist * match test-example.com. 900c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist * @param domain The domain value 901c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist */ 90237f0820d6c23aa92a2b591327a734916131cb69aJan Nordqvist public void setDomainSuffixMatch(String domain) { 903c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist setFieldValue(DOM_SUFFIX_MATCH_KEY, domain); 904c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist } 905c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist 906c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist /** 907c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist * Get the domain_suffix_match value. See setDomSuffixMatch. 908c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist * @return The domain value. 909c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist */ 910a0d929e505432a8c84f3899696c910db16bd73bfVinit Deshpande public String getDomainSuffixMatch() { 911c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist return getFieldValue(DOM_SUFFIX_MATCH_KEY, ""); 912b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande } 913b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande 914b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande /** 915a0d929e505432a8c84f3899696c910db16bd73bfVinit Deshpande * Set realm for passpoint credential; realm identifies a set of networks where your 916a0d929e505432a8c84f3899696c910db16bd73bfVinit Deshpande * passpoint credential can be used 917b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande * @param realm the realm 918b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande */ 919b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande public void setRealm(String realm) { 920b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande setFieldValue(REALM_KEY, realm, ""); 921b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande } 922b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande 923b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande /** 924a0d929e505432a8c84f3899696c910db16bd73bfVinit Deshpande * Get realm for passpoint credential; see {@link #setRealm(String)} for more information 925b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande * @return the realm 926b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande */ 927b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande public String getRealm() { 928b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande return getFieldValue(REALM_KEY, ""); 929b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande } 930b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande 931b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande /** 932a0d929e505432a8c84f3899696c910db16bd73bfVinit Deshpande * Set plmn (Public Land Mobile Network) of the provider of passpoint credential 933a0d929e505432a8c84f3899696c910db16bd73bfVinit Deshpande * @param plmn the plmn value derived from mcc (mobile country code) & mnc (mobile network code) 934b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande */ 935b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande public void setPlmn(String plmn) { 936b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande setFieldValue(PLMN_KEY, plmn, ""); 937b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande } 938b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande 939b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande /** 940a0d929e505432a8c84f3899696c910db16bd73bfVinit Deshpande * Get plmn (Public Land Mobile Network) for passpoint credential; see {@link #setPlmn 941a0d929e505432a8c84f3899696c910db16bd73bfVinit Deshpande * (String)} for more information 942b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande * @return the plmn 943b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande */ 944b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande public String getPlmn() { 945b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande return getFieldValue(PLMN_KEY, ""); 946b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande } 947b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande 94826d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff /** See {@link WifiConfiguration#getKeyIdForCredentials} @hide */ 949274042519d84ad837f03572865bc096a537c73fbPaul Stewart public String getKeyId(WifiEnterpriseConfig current) { 950274042519d84ad837f03572865bc096a537c73fbPaul Stewart // If EAP method is not initialized, use current config details 951274042519d84ad837f03572865bc096a537c73fbPaul Stewart if (mEapMethod == Eap.NONE) { 952274042519d84ad837f03572865bc096a537c73fbPaul Stewart return (current != null) ? current.getKeyId(null) : EMPTY_VALUE; 95326d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } 954274042519d84ad837f03572865bc096a537c73fbPaul Stewart if (!isEapMethodValid()) { 955274042519d84ad837f03572865bc096a537c73fbPaul Stewart return EMPTY_VALUE; 95626d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } 957274042519d84ad837f03572865bc096a537c73fbPaul Stewart return Eap.strings[mEapMethod] + "_" + Phase2.strings[mPhase2Method]; 95826d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } 95926d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff 9609b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff private String removeDoubleQuotes(String string) { 9610b4732c2248fa2b92a44f045dfcadb3547076ef4Irfan Sheriff if (TextUtils.isEmpty(string)) return ""; 9629b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff int length = string.length(); 9639b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff if ((length > 1) && (string.charAt(0) == '"') 9649b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff && (string.charAt(length - 1) == '"')) { 9659b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff return string.substring(1, length - 1); 9669b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 9679b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff return string; 9689b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 9699b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 9709b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff private String convertToQuotedString(String string) { 9719b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff return "\"" + string + "\""; 9729b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 9739b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 974274042519d84ad837f03572865bc096a537c73fbPaul Stewart /** 975274042519d84ad837f03572865bc096a537c73fbPaul Stewart * Returns the index at which the toBeFound string is found in the array. 9769b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @param arr array of strings 9779b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @param toBeFound string to be found 9789b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @param defaultIndex default index to be returned when string is not found 9799b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @return the index into array 9809b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff */ 9819b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff private int getStringIndex(String arr[], String toBeFound, int defaultIndex) { 98226d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff if (TextUtils.isEmpty(toBeFound)) return defaultIndex; 9839b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff for (int i = 0; i < arr.length; i++) { 984e095675c872f40f630aa3f9189eb5c02f3cfee6dIrfan Sheriff if (toBeFound.equals(arr[i])) return i; 9859b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 9869b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff return defaultIndex; 9879b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 9889b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 989274042519d84ad837f03572865bc096a537c73fbPaul Stewart /** 990274042519d84ad837f03572865bc096a537c73fbPaul Stewart * Returns the field value for the key. 9919b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @param key into the hash 9929b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @param prefix is the prefix that the value may have 9939b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @return value 994ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde * @hide 9959b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff */ 996ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde public String getFieldValue(String key, String prefix) { 997274042519d84ad837f03572865bc096a537c73fbPaul Stewart // TODO: Should raise an exception if |key| is EAP_KEY or PHASE2_KEY since 998274042519d84ad837f03572865bc096a537c73fbPaul Stewart // neither of these keys should be retrieved in this manner. 9999b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff String value = mFields.get(key); 100026d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff // Uninitialized or known to be empty after reading from supplicant 1001ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde if (TextUtils.isEmpty(value) || EMPTY_VALUE.equals(value)) return ""; 1002dda5a7152fd6e5933503aba8e8badbbba0631839Vinit Deshapnde 1003dda5a7152fd6e5933503aba8e8badbbba0631839Vinit Deshapnde value = removeDoubleQuotes(value); 1004dda5a7152fd6e5933503aba8e8badbbba0631839Vinit Deshapnde if (value.startsWith(prefix)) { 1005dda5a7152fd6e5933503aba8e8badbbba0631839Vinit Deshapnde return value.substring(prefix.length()); 1006dda5a7152fd6e5933503aba8e8badbbba0631839Vinit Deshapnde } else { 1007dda5a7152fd6e5933503aba8e8badbbba0631839Vinit Deshapnde return value; 1008dda5a7152fd6e5933503aba8e8badbbba0631839Vinit Deshapnde } 10099b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 10109b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 1011274042519d84ad837f03572865bc096a537c73fbPaul Stewart /** 1012274042519d84ad837f03572865bc096a537c73fbPaul Stewart * Set a value with an optional prefix at key 10139b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @param key into the hash 10149b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @param value to be set 10159b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @param prefix an optional value to be prefixed to actual value 1016ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde * @hide 10179b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff */ 1018ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde public void setFieldValue(String key, String value, String prefix) { 1019274042519d84ad837f03572865bc096a537c73fbPaul Stewart // TODO: Should raise an exception if |key| is EAP_KEY or PHASE2_KEY since 1020274042519d84ad837f03572865bc096a537c73fbPaul Stewart // neither of these keys should be set in this manner. 10219b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff if (TextUtils.isEmpty(value)) { 1022ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde mFields.put(key, EMPTY_VALUE); 10239b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } else { 10249b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff mFields.put(key, convertToQuotedString(prefix + value)); 10259b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 10269b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 10279b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 1028ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde 1029274042519d84ad837f03572865bc096a537c73fbPaul Stewart /** 1030274042519d84ad837f03572865bc096a537c73fbPaul Stewart * Set a value with an optional prefix at key 1031ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde * @param key into the hash 1032ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde * @param value to be set 1033ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde * @param prefix an optional value to be prefixed to actual value 1034ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde * @hide 1035ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde */ 1036ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde public void setFieldValue(String key, String value) { 1037274042519d84ad837f03572865bc096a537c73fbPaul Stewart // TODO: Should raise an exception if |key| is EAP_KEY or PHASE2_KEY since 1038274042519d84ad837f03572865bc096a537c73fbPaul Stewart // neither of these keys should be set in this manner. 1039ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde if (TextUtils.isEmpty(value)) { 1040ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde mFields.put(key, EMPTY_VALUE); 1041ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde } else { 1042ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde mFields.put(key, convertToQuotedString(value)); 1043ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde } 1044ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde } 1045ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde 10469b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff @Override 10479b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public String toString() { 10489b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff StringBuffer sb = new StringBuffer(); 10499b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff for (String key : mFields.keySet()) { 1050ae64b185fca97c23f72d0e71f63d9511f6dd06cePaul Stewart // Don't display password in toString(). 1051c12bb1dd8ca3e7a41b381d9a087e91d990b8545fPaul Stewart String value = PASSWORD_KEY.equals(key) ? "<removed>" : mFields.get(key); 1052ae64b185fca97c23f72d0e71f63d9511f6dd06cePaul Stewart sb.append(key).append(" ").append(value).append("\n"); 10539b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 10549b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff return sb.toString(); 10559b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 1056274042519d84ad837f03572865bc096a537c73fbPaul Stewart 1057274042519d84ad837f03572865bc096a537c73fbPaul Stewart /** 1058274042519d84ad837f03572865bc096a537c73fbPaul Stewart * Returns whether the EAP method data is valid, i.e., whether mEapMethod and mPhase2Method 1059274042519d84ad837f03572865bc096a537c73fbPaul Stewart * are valid indices into {@code Eap.strings[]} and {@code Phase2.strings[]} respectively. 1060274042519d84ad837f03572865bc096a537c73fbPaul Stewart */ 1061274042519d84ad837f03572865bc096a537c73fbPaul Stewart private boolean isEapMethodValid() { 1062274042519d84ad837f03572865bc096a537c73fbPaul Stewart if (mEapMethod == Eap.NONE) { 1063274042519d84ad837f03572865bc096a537c73fbPaul Stewart Log.e(TAG, "WiFi enterprise configuration is invalid as it supplies no EAP method."); 1064274042519d84ad837f03572865bc096a537c73fbPaul Stewart return false; 1065274042519d84ad837f03572865bc096a537c73fbPaul Stewart } 1066274042519d84ad837f03572865bc096a537c73fbPaul Stewart if (mEapMethod < 0 || mEapMethod >= Eap.strings.length) { 1067274042519d84ad837f03572865bc096a537c73fbPaul Stewart Log.e(TAG, "mEapMethod is invald for WiFi enterprise configuration: " + mEapMethod); 1068274042519d84ad837f03572865bc096a537c73fbPaul Stewart return false; 1069274042519d84ad837f03572865bc096a537c73fbPaul Stewart } 1070274042519d84ad837f03572865bc096a537c73fbPaul Stewart if (mPhase2Method < 0 || mPhase2Method >= Phase2.strings.length) { 1071274042519d84ad837f03572865bc096a537c73fbPaul Stewart Log.e(TAG, "mPhase2Method is invald for WiFi enterprise configuration: " 1072274042519d84ad837f03572865bc096a537c73fbPaul Stewart + mPhase2Method); 1073274042519d84ad837f03572865bc096a537c73fbPaul Stewart return false; 1074274042519d84ad837f03572865bc096a537c73fbPaul Stewart } 1075274042519d84ad837f03572865bc096a537c73fbPaul Stewart return true; 1076274042519d84ad837f03572865bc096a537c73fbPaul Stewart } 10779b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff} 1078