WifiEnterpriseConfig.java revision 492ed589df3609a15dd6a33709fc8d855ec1072d
19b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff/* 29b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * Copyright (C) 2013 The Android Open Source Project 39b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * 49b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * Licensed under the Apache License, Version 2.0 (the "License"); 59b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * you may not use this file except in compliance with the License. 69b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * You may obtain a copy of the License at 79b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * 89b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * http://www.apache.org/licenses/LICENSE-2.0 99b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * 109b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * Unless required by applicable law or agreed to in writing, software 119b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * distributed under the License is distributed on an "AS IS" BASIS, 129b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 139b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * See the License for the specific language governing permissions and 149b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * limitations under the License. 159b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff */ 169b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriffpackage android.net.wifi; 179b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 18a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xuimport android.annotation.Nullable; 199b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriffimport android.os.Parcel; 209b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriffimport android.os.Parcelable; 219b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriffimport android.security.Credentials; 229b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriffimport android.text.TextUtils; 23274042519d84ad837f03572865bc096a537c73fbPaul Stewartimport android.util.Log; 2426d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff 2526d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriffimport java.io.ByteArrayInputStream; 26a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xuimport java.nio.charset.StandardCharsets; 2726d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriffimport java.security.KeyFactory; 2826d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriffimport java.security.NoSuchAlgorithmException; 2926d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriffimport java.security.PrivateKey; 3026d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriffimport java.security.cert.CertificateEncodingException; 3126d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriffimport java.security.cert.CertificateException; 3226d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriffimport java.security.cert.CertificateFactory; 3326d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriffimport java.security.cert.X509Certificate; 3426d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriffimport java.security.spec.InvalidKeySpecException; 3526d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriffimport java.security.spec.PKCS8EncodedKeySpec; 369b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriffimport java.util.HashMap; 379b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriffimport java.util.Map; 389b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 39ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde/** 40fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff * Enterprise configuration details for Wi-Fi. Stores details about the EAP method 41fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff * and any associated credentials. 42fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff */ 439b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriffpublic class WifiEnterpriseConfig implements Parcelable { 449b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 45ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde /** @hide */ 46ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde public static final String EMPTY_VALUE = "NULL"; 47ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde /** @hide */ 48ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde public static final String EAP_KEY = "eap"; 49ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde /** @hide */ 50ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde public static final String PHASE2_KEY = "phase2"; 51ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde /** @hide */ 52ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde public static final String IDENTITY_KEY = "identity"; 53ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde /** @hide */ 54ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde public static final String ANON_IDENTITY_KEY = "anonymous_identity"; 55ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde /** @hide */ 56ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde public static final String PASSWORD_KEY = "password"; 57ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde /** @hide */ 58ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde public static final String SUBJECT_MATCH_KEY = "subject_match"; 59ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde /** @hide */ 60b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande public static final String ALTSUBJECT_MATCH_KEY = "altsubject_match"; 61b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande /** @hide */ 62c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist public static final String DOM_SUFFIX_MATCH_KEY = "domain_suffix_match"; 63c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist /** @hide */ 64ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde public static final String OPP_KEY_CACHING = "proactive_key_caching"; 65ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde /** 66ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde * String representing the keystore OpenSSL ENGINE's ID. 67ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde * @hide 68ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde */ 69ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde public static final String ENGINE_ID_KEYSTORE = "keystore"; 70ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde 71ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde /** 72ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde * String representing the keystore URI used for wpa_supplicant. 73ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde * @hide 74ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde */ 75ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde public static final String KEYSTORE_URI = "keystore://"; 76ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde 77ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde /** 78a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * String representing the keystore URI used for wpa_supplicant, 79a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * Unlike #KEYSTORE_URI, this supports a list of space-delimited aliases 80a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * @hide 81a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu */ 82a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu public static final String KEYSTORES_URI = "keystores://"; 83a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu 84a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu /** 85ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde * String to set the engine value to when it should be enabled. 86ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde * @hide 87ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde */ 88ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde public static final String ENGINE_ENABLE = "1"; 89ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde 90ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde /** 91ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde * String to set the engine value to when it should be disabled. 92ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde * @hide 93ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde */ 94ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde public static final String ENGINE_DISABLE = "0"; 95ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde 96ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde /** @hide */ 97ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde public static final String CA_CERT_PREFIX = KEYSTORE_URI + Credentials.CA_CERTIFICATE; 98ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde /** @hide */ 99ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde public static final String CLIENT_CERT_PREFIX = KEYSTORE_URI + Credentials.USER_CERTIFICATE; 100ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde /** @hide */ 101ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde public static final String CLIENT_CERT_KEY = "client_cert"; 102ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde /** @hide */ 103ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde public static final String CA_CERT_KEY = "ca_cert"; 104ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde /** @hide */ 105c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan public static final String CA_PATH_KEY = "ca_path"; 106c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan /** @hide */ 107ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde public static final String ENGINE_KEY = "engine"; 108ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde /** @hide */ 109ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde public static final String ENGINE_ID_KEY = "engine_id"; 110ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde /** @hide */ 111ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde public static final String PRIVATE_KEY_ID_KEY = "key_id"; 112b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande /** @hide */ 113b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande public static final String REALM_KEY = "realm"; 114b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande /** @hide */ 115b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande public static final String PLMN_KEY = "plmn"; 1162452e54de65312163b1073fc699a432e2dd2a704xinhe /** @hide */ 1172452e54de65312163b1073fc699a432e2dd2a704xinhe public static final String PHASE1_KEY = "phase1"; 118a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu /** @hide */ 119a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu public static final String CA_CERT_ALIAS_DELIMITER = " "; 120b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande 1212452e54de65312163b1073fc699a432e2dd2a704xinhe /** {@hide} */ 1222452e54de65312163b1073fc699a432e2dd2a704xinhe public static final String ENABLE_TLS_1_2 = "\"tls_disable_tlsv1_2=0\""; 1232452e54de65312163b1073fc699a432e2dd2a704xinhe /** {@hide} */ 1242452e54de65312163b1073fc699a432e2dd2a704xinhe public static final String DISABLE_TLS_1_2 = "\"tls_disable_tlsv1_2=1\""; 125ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde 126274042519d84ad837f03572865bc096a537c73fbPaul Stewart // Fields to copy verbatim from wpa_supplicant. 127274042519d84ad837f03572865bc096a537c73fbPaul Stewart private static final String[] SUPPLICANT_CONFIG_KEYS = new String[] { 128274042519d84ad837f03572865bc096a537c73fbPaul Stewart IDENTITY_KEY, 129274042519d84ad837f03572865bc096a537c73fbPaul Stewart ANON_IDENTITY_KEY, 130274042519d84ad837f03572865bc096a537c73fbPaul Stewart PASSWORD_KEY, 131274042519d84ad837f03572865bc096a537c73fbPaul Stewart CLIENT_CERT_KEY, 132274042519d84ad837f03572865bc096a537c73fbPaul Stewart CA_CERT_KEY, 133274042519d84ad837f03572865bc096a537c73fbPaul Stewart SUBJECT_MATCH_KEY, 134274042519d84ad837f03572865bc096a537c73fbPaul Stewart ENGINE_KEY, 135274042519d84ad837f03572865bc096a537c73fbPaul Stewart ENGINE_ID_KEY, 136274042519d84ad837f03572865bc096a537c73fbPaul Stewart PRIVATE_KEY_ID_KEY, 137274042519d84ad837f03572865bc096a537c73fbPaul Stewart ALTSUBJECT_MATCH_KEY, 138274042519d84ad837f03572865bc096a537c73fbPaul Stewart DOM_SUFFIX_MATCH_KEY, 139274042519d84ad837f03572865bc096a537c73fbPaul Stewart CA_PATH_KEY 140274042519d84ad837f03572865bc096a537c73fbPaul Stewart }; 141274042519d84ad837f03572865bc096a537c73fbPaul Stewart 1429b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff private HashMap<String, String> mFields = new HashMap<String, String>(); 1432452e54de65312163b1073fc699a432e2dd2a704xinhe //By default, we enable TLS1.2. However, due to a known bug on some radius, we may disable it to 1442452e54de65312163b1073fc699a432e2dd2a704xinhe // fall back to TLS 1.1. 1452452e54de65312163b1073fc699a432e2dd2a704xinhe private boolean mTls12Enable = true; 146a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu private X509Certificate[] mCaCerts; 14726d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff private PrivateKey mClientPrivateKey; 14826d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff private X509Certificate mClientCertificate; 149274042519d84ad837f03572865bc096a537c73fbPaul Stewart private int mEapMethod = Eap.NONE; 150274042519d84ad837f03572865bc096a537c73fbPaul Stewart private int mPhase2Method = Phase2.NONE; 151274042519d84ad837f03572865bc096a537c73fbPaul Stewart 152274042519d84ad837f03572865bc096a537c73fbPaul Stewart private static final String TAG = "WifiEnterpriseConfig"; 1539b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 1549b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public WifiEnterpriseConfig() { 155e095675c872f40f630aa3f9189eb5c02f3cfee6dIrfan Sheriff // Do not set defaults so that the enterprise fields that are not changed 156e095675c872f40f630aa3f9189eb5c02f3cfee6dIrfan Sheriff // by API are not changed underneath 157e095675c872f40f630aa3f9189eb5c02f3cfee6dIrfan Sheriff // This is essential because an app may not have all fields like password 158e095675c872f40f630aa3f9189eb5c02f3cfee6dIrfan Sheriff // available. It allows modification of subset of fields. 159e095675c872f40f630aa3f9189eb5c02f3cfee6dIrfan Sheriff 1609b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 1619b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 1629b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff /** Copy constructor */ 1639b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public WifiEnterpriseConfig(WifiEnterpriseConfig source) { 1649b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff for (String key : source.mFields.keySet()) { 1659b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff mFields.put(key, source.mFields.get(key)); 1669b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 167274042519d84ad837f03572865bc096a537c73fbPaul Stewart mEapMethod = source.mEapMethod; 168274042519d84ad837f03572865bc096a537c73fbPaul Stewart mPhase2Method = source.mPhase2Method; 1699b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 1709b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 1719b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff @Override 1729b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public int describeContents() { 1739b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff return 0; 1749b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 1759b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 17686ee9640ee6d6bd9bb655af830eea5515400f25bIrfan Sheriff @Override 1779b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public void writeToParcel(Parcel dest, int flags) { 1789b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff dest.writeInt(mFields.size()); 1799b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff for (Map.Entry<String, String> entry : mFields.entrySet()) { 1809b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff dest.writeString(entry.getKey()); 1819b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff dest.writeString(entry.getValue()); 1829b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 18326d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff 184274042519d84ad837f03572865bc096a537c73fbPaul Stewart dest.writeInt(mEapMethod); 185274042519d84ad837f03572865bc096a537c73fbPaul Stewart dest.writeInt(mPhase2Method); 186a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu writeCertificates(dest, mCaCerts); 18726d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff 18826d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff if (mClientPrivateKey != null) { 18926d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff String algorithm = mClientPrivateKey.getAlgorithm(); 19026d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff byte[] userKeyBytes = mClientPrivateKey.getEncoded(); 19126d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff dest.writeInt(userKeyBytes.length); 19226d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff dest.writeByteArray(userKeyBytes); 19326d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff dest.writeString(algorithm); 19426d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } else { 19526d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff dest.writeInt(0); 19626d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } 19726d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff 19826d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff writeCertificate(dest, mClientCertificate); 1992452e54de65312163b1073fc699a432e2dd2a704xinhe dest.writeInt(mTls12Enable ? 1: 0); 20026d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } 20126d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff 202a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu private void writeCertificates(Parcel dest, X509Certificate[] cert) { 203a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu if (cert != null && cert.length != 0) { 204a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu dest.writeInt(cert.length); 205a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu for (int i = 0; i < cert.length; i++) { 206a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu writeCertificate(dest, cert[i]); 207a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 208a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } else { 209a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu dest.writeInt(0); 210a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 211a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 212a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu 21326d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff private void writeCertificate(Parcel dest, X509Certificate cert) { 21426d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff if (cert != null) { 21526d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff try { 21626d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff byte[] certBytes = cert.getEncoded(); 21726d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff dest.writeInt(certBytes.length); 21826d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff dest.writeByteArray(certBytes); 21926d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } catch (CertificateEncodingException e) { 22026d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff dest.writeInt(0); 22126d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } 22226d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } else { 22326d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff dest.writeInt(0); 22426d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } 2259b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 2269b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 2279b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public static final Creator<WifiEnterpriseConfig> CREATOR = 2289b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff new Creator<WifiEnterpriseConfig>() { 2299b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public WifiEnterpriseConfig createFromParcel(Parcel in) { 2309b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff WifiEnterpriseConfig enterpriseConfig = new WifiEnterpriseConfig(); 2319b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff int count = in.readInt(); 2329b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff for (int i = 0; i < count; i++) { 2339b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff String key = in.readString(); 2349b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff String value = in.readString(); 2359b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff enterpriseConfig.mFields.put(key, value); 2369b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 23726d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff 238274042519d84ad837f03572865bc096a537c73fbPaul Stewart enterpriseConfig.mEapMethod = in.readInt(); 239274042519d84ad837f03572865bc096a537c73fbPaul Stewart enterpriseConfig.mPhase2Method = in.readInt(); 240a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu enterpriseConfig.mCaCerts = readCertificates(in); 24126d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff 24226d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff PrivateKey userKey = null; 24326d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff int len = in.readInt(); 24426d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff if (len > 0) { 24526d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff try { 24626d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff byte[] bytes = new byte[len]; 24726d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff in.readByteArray(bytes); 24826d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff String algorithm = in.readString(); 24926d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff KeyFactory keyFactory = KeyFactory.getInstance(algorithm); 25026d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff userKey = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(bytes)); 25126d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } catch (NoSuchAlgorithmException e) { 25226d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff userKey = null; 25326d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } catch (InvalidKeySpecException e) { 25426d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff userKey = null; 25526d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } 25626d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } 25726d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff 25826d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff enterpriseConfig.mClientPrivateKey = userKey; 25926d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff enterpriseConfig.mClientCertificate = readCertificate(in); 2602452e54de65312163b1073fc699a432e2dd2a704xinhe enterpriseConfig.mTls12Enable = (in.readInt() == 1); 2619b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff return enterpriseConfig; 2629b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 2639b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 264a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu private X509Certificate[] readCertificates(Parcel in) { 265a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu X509Certificate[] certs = null; 266a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu int len = in.readInt(); 267a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu if (len > 0) { 268a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu certs = new X509Certificate[len]; 269a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu for (int i = 0; i < len; i++) { 270a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu certs[i] = readCertificate(in); 271a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 272a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 273a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu return certs; 274a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 275a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu 27626d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff private X509Certificate readCertificate(Parcel in) { 27726d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff X509Certificate cert = null; 27826d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff int len = in.readInt(); 27926d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff if (len > 0) { 28026d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff try { 28126d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff byte[] bytes = new byte[len]; 28226d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff in.readByteArray(bytes); 28326d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff CertificateFactory cFactory = CertificateFactory.getInstance("X.509"); 28426d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff cert = (X509Certificate) cFactory 28526d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff .generateCertificate(new ByteArrayInputStream(bytes)); 28626d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } catch (CertificateException e) { 28726d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff cert = null; 28826d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } 28926d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } 29026d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff return cert; 29126d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } 29226d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff 2939b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public WifiEnterpriseConfig[] newArray(int size) { 2949b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff return new WifiEnterpriseConfig[size]; 2959b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 2969b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff }; 2979b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 298fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff /** The Extensible Authentication Protocol method used */ 2999b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public static final class Eap { 300fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff /** No EAP method used. Represents an empty config */ 301e095675c872f40f630aa3f9189eb5c02f3cfee6dIrfan Sheriff public static final int NONE = -1; 302fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff /** Protected EAP */ 3039b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public static final int PEAP = 0; 304fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff /** EAP-Transport Layer Security */ 3059b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public static final int TLS = 1; 306fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff /** EAP-Tunneled Transport Layer Security */ 3079b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public static final int TTLS = 2; 308fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff /** EAP-Password */ 3099b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public static final int PWD = 3; 310c8505931420dd9a76acf940a56b31354cd0105b0Vinit Deshpande /** EAP-Subscriber Identity Module */ 3117fee7232ee2ae45fb3cd4fcce314e8f1101ae8dbRoger Chang public static final int SIM = 4; 312c8505931420dd9a76acf940a56b31354cd0105b0Vinit Deshpande /** EAP-Authentication and Key Agreement */ 3137fee7232ee2ae45fb3cd4fcce314e8f1101ae8dbRoger Chang public static final int AKA = 5; 314adf9e95ecc5d0867adf1dc2d7adcac958457b98eJean-Michel Bachot /** EAP-Authentication and Key Agreement Prime */ 315adf9e95ecc5d0867adf1dc2d7adcac958457b98eJean-Michel Bachot public static final int AKA_PRIME = 6; 316a772f0cf34f0db67997cb31fa44315c0933563daVinit Deshpande /** Hotspot 2.0 r2 OSEN */ 317a772f0cf34f0db67997cb31fa44315c0933563daVinit Deshpande public static final int UNAUTH_TLS = 7; 3189b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff /** @hide */ 319a772f0cf34f0db67997cb31fa44315c0933563daVinit Deshpande public static final String[] strings = 320a772f0cf34f0db67997cb31fa44315c0933563daVinit Deshpande { "PEAP", "TLS", "TTLS", "PWD", "SIM", "AKA", "AKA'", "WFA-UNAUTH-TLS" }; 32140843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff 32240843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff /** Prevent initialization */ 32340843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff private Eap() {} 3249b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 3259b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 326fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff /** The inner authentication method used */ 3279b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public static final class Phase2 { 3289b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public static final int NONE = 0; 329fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff /** Password Authentication Protocol */ 3309b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public static final int PAP = 1; 331fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff /** Microsoft Challenge Handshake Authentication Protocol */ 3329b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public static final int MSCHAP = 2; 333fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff /** Microsoft Challenge Handshake Authentication Protocol v2 */ 3349b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public static final int MSCHAPV2 = 3; 335fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff /** Generic Token Card */ 3369b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public static final int GTC = 4; 337274042519d84ad837f03572865bc096a537c73fbPaul Stewart private static final String AUTH_PREFIX = "auth="; 338274042519d84ad837f03572865bc096a537c73fbPaul Stewart private static final String AUTHEAP_PREFIX = "autheap="; 3399b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff /** @hide */ 340ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde public static final String[] strings = {EMPTY_VALUE, "PAP", "MSCHAP", 341ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde "MSCHAPV2", "GTC" }; 34240843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff 34340843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff /** Prevent initialization */ 34440843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff private Phase2() {} 3459b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 3469b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 347274042519d84ad837f03572865bc096a537c73fbPaul Stewart // Loader and saver interfaces for exchanging data with wpa_supplicant. 348274042519d84ad837f03572865bc096a537c73fbPaul Stewart // TODO: Decouple this object (which is just a placeholder of the configuration) 349274042519d84ad837f03572865bc096a537c73fbPaul Stewart // from the implementation that knows what wpa_supplicant wants. 350274042519d84ad837f03572865bc096a537c73fbPaul Stewart /** 351274042519d84ad837f03572865bc096a537c73fbPaul Stewart * Interface used for retrieving supplicant configuration from WifiEnterpriseConfig 352274042519d84ad837f03572865bc096a537c73fbPaul Stewart * @hide 353274042519d84ad837f03572865bc096a537c73fbPaul Stewart */ 354274042519d84ad837f03572865bc096a537c73fbPaul Stewart public interface SupplicantSaver { 355274042519d84ad837f03572865bc096a537c73fbPaul Stewart /** 356274042519d84ad837f03572865bc096a537c73fbPaul Stewart * Set a value within wpa_supplicant configuration 357274042519d84ad837f03572865bc096a537c73fbPaul Stewart * @param key index to set within wpa_supplciant 358274042519d84ad837f03572865bc096a537c73fbPaul Stewart * @param value the value for the key 359274042519d84ad837f03572865bc096a537c73fbPaul Stewart * @return true if successful; false otherwise 360274042519d84ad837f03572865bc096a537c73fbPaul Stewart */ 361274042519d84ad837f03572865bc096a537c73fbPaul Stewart boolean saveValue(String key, String value); 362274042519d84ad837f03572865bc096a537c73fbPaul Stewart } 363274042519d84ad837f03572865bc096a537c73fbPaul Stewart 364274042519d84ad837f03572865bc096a537c73fbPaul Stewart /** 365274042519d84ad837f03572865bc096a537c73fbPaul Stewart * Interface used for populating a WifiEnterpriseConfig from supplicant configuration 366274042519d84ad837f03572865bc096a537c73fbPaul Stewart * @hide 367274042519d84ad837f03572865bc096a537c73fbPaul Stewart */ 368274042519d84ad837f03572865bc096a537c73fbPaul Stewart public interface SupplicantLoader { 369274042519d84ad837f03572865bc096a537c73fbPaul Stewart /** 370274042519d84ad837f03572865bc096a537c73fbPaul Stewart * Returns a value within wpa_supplicant configuration 371274042519d84ad837f03572865bc096a537c73fbPaul Stewart * @param key index to set within wpa_supplciant 372274042519d84ad837f03572865bc096a537c73fbPaul Stewart * @return string value if successful; null otherwise 373274042519d84ad837f03572865bc096a537c73fbPaul Stewart */ 374274042519d84ad837f03572865bc096a537c73fbPaul Stewart String loadValue(String key); 375274042519d84ad837f03572865bc096a537c73fbPaul Stewart } 376274042519d84ad837f03572865bc096a537c73fbPaul Stewart 377274042519d84ad837f03572865bc096a537c73fbPaul Stewart /** 378274042519d84ad837f03572865bc096a537c73fbPaul Stewart * Internal use only; supply field values to wpa_supplicant config. The configuration 379274042519d84ad837f03572865bc096a537c73fbPaul Stewart * process aborts on the first failed call on {@code saver}. 380274042519d84ad837f03572865bc096a537c73fbPaul Stewart * @param saver proxy for setting configuration in wpa_supplciant 381274042519d84ad837f03572865bc096a537c73fbPaul Stewart * @return whether the save succeeded on all attempts 382274042519d84ad837f03572865bc096a537c73fbPaul Stewart * @hide 383274042519d84ad837f03572865bc096a537c73fbPaul Stewart */ 384274042519d84ad837f03572865bc096a537c73fbPaul Stewart public boolean saveToSupplicant(SupplicantSaver saver) { 385274042519d84ad837f03572865bc096a537c73fbPaul Stewart if (!isEapMethodValid()) { 386274042519d84ad837f03572865bc096a537c73fbPaul Stewart return false; 387274042519d84ad837f03572865bc096a537c73fbPaul Stewart } 388274042519d84ad837f03572865bc096a537c73fbPaul Stewart 389274042519d84ad837f03572865bc096a537c73fbPaul Stewart for (String key : mFields.keySet()) { 390274042519d84ad837f03572865bc096a537c73fbPaul Stewart if (!saver.saveValue(key, mFields.get(key))) { 391274042519d84ad837f03572865bc096a537c73fbPaul Stewart return false; 392274042519d84ad837f03572865bc096a537c73fbPaul Stewart } 393274042519d84ad837f03572865bc096a537c73fbPaul Stewart } 394274042519d84ad837f03572865bc096a537c73fbPaul Stewart 395274042519d84ad837f03572865bc096a537c73fbPaul Stewart if (!saver.saveValue(EAP_KEY, Eap.strings[mEapMethod])) { 396274042519d84ad837f03572865bc096a537c73fbPaul Stewart return false; 397274042519d84ad837f03572865bc096a537c73fbPaul Stewart } 398274042519d84ad837f03572865bc096a537c73fbPaul Stewart 399274042519d84ad837f03572865bc096a537c73fbPaul Stewart if (mEapMethod != Eap.TLS && mPhase2Method != Phase2.NONE) { 400274042519d84ad837f03572865bc096a537c73fbPaul Stewart boolean is_autheap = mEapMethod == Eap.TTLS && mPhase2Method == Phase2.GTC; 401274042519d84ad837f03572865bc096a537c73fbPaul Stewart String prefix = is_autheap ? Phase2.AUTHEAP_PREFIX : Phase2.AUTH_PREFIX; 402274042519d84ad837f03572865bc096a537c73fbPaul Stewart String value = convertToQuotedString(prefix + Phase2.strings[mPhase2Method]); 403274042519d84ad837f03572865bc096a537c73fbPaul Stewart return saver.saveValue(PHASE2_KEY, value); 404274042519d84ad837f03572865bc096a537c73fbPaul Stewart } else if (mPhase2Method == Phase2.NONE) { 405274042519d84ad837f03572865bc096a537c73fbPaul Stewart // By default, send a null phase 2 to clear old configuration values. 406274042519d84ad837f03572865bc096a537c73fbPaul Stewart return saver.saveValue(PHASE2_KEY, null); 407274042519d84ad837f03572865bc096a537c73fbPaul Stewart } else { 408274042519d84ad837f03572865bc096a537c73fbPaul Stewart Log.e(TAG, "WiFi enterprise configuration is invalid as it supplies a " 409274042519d84ad837f03572865bc096a537c73fbPaul Stewart + "phase 2 method but the phase1 method does not support it."); 410274042519d84ad837f03572865bc096a537c73fbPaul Stewart return false; 411274042519d84ad837f03572865bc096a537c73fbPaul Stewart } 412274042519d84ad837f03572865bc096a537c73fbPaul Stewart } 413274042519d84ad837f03572865bc096a537c73fbPaul Stewart 414274042519d84ad837f03572865bc096a537c73fbPaul Stewart /** 415274042519d84ad837f03572865bc096a537c73fbPaul Stewart * Internal use only; retrieve configuration from wpa_supplicant config. 416274042519d84ad837f03572865bc096a537c73fbPaul Stewart * @param loader proxy for retrieving configuration keys from wpa_supplicant 417ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde * @hide 418ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde */ 419274042519d84ad837f03572865bc096a537c73fbPaul Stewart public void loadFromSupplicant(SupplicantLoader loader) { 420274042519d84ad837f03572865bc096a537c73fbPaul Stewart for (String key : SUPPLICANT_CONFIG_KEYS) { 421274042519d84ad837f03572865bc096a537c73fbPaul Stewart String value = loader.loadValue(key); 422274042519d84ad837f03572865bc096a537c73fbPaul Stewart if (value == null) { 423274042519d84ad837f03572865bc096a537c73fbPaul Stewart mFields.put(key, EMPTY_VALUE); 424274042519d84ad837f03572865bc096a537c73fbPaul Stewart } else { 425274042519d84ad837f03572865bc096a537c73fbPaul Stewart mFields.put(key, value); 426274042519d84ad837f03572865bc096a537c73fbPaul Stewart } 427274042519d84ad837f03572865bc096a537c73fbPaul Stewart } 428274042519d84ad837f03572865bc096a537c73fbPaul Stewart String eapMethod = loader.loadValue(EAP_KEY); 429274042519d84ad837f03572865bc096a537c73fbPaul Stewart mEapMethod = getStringIndex(Eap.strings, eapMethod, Eap.NONE); 430274042519d84ad837f03572865bc096a537c73fbPaul Stewart 431274042519d84ad837f03572865bc096a537c73fbPaul Stewart String phase2Method = removeDoubleQuotes(loader.loadValue(PHASE2_KEY)); 432274042519d84ad837f03572865bc096a537c73fbPaul Stewart // Remove "auth=" or "autheap=" prefix. 433274042519d84ad837f03572865bc096a537c73fbPaul Stewart if (phase2Method.startsWith(Phase2.AUTH_PREFIX)) { 434274042519d84ad837f03572865bc096a537c73fbPaul Stewart phase2Method = phase2Method.substring(Phase2.AUTH_PREFIX.length()); 435274042519d84ad837f03572865bc096a537c73fbPaul Stewart } else if (phase2Method.startsWith(Phase2.AUTHEAP_PREFIX)) { 436274042519d84ad837f03572865bc096a537c73fbPaul Stewart phase2Method = phase2Method.substring(Phase2.AUTHEAP_PREFIX.length()); 437274042519d84ad837f03572865bc096a537c73fbPaul Stewart } 438274042519d84ad837f03572865bc096a537c73fbPaul Stewart mPhase2Method = getStringIndex(Phase2.strings, phase2Method, Phase2.NONE); 4399b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 4409b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 4419b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff /** 4429b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * Set the EAP authentication method. 4439b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @param eapMethod is one {@link Eap#PEAP}, {@link Eap#TLS}, {@link Eap#TTLS} or 4449b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * {@link Eap#PWD} 445fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff * @throws IllegalArgumentException on an invalid eap method 4469b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff */ 4479b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public void setEapMethod(int eapMethod) { 4489b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff switch (eapMethod) { 4499b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff /** Valid methods */ 45026a98001ad3ec626f18fd57165ccc404f80d4e51Vinit Deshpande case Eap.TLS: 45126a98001ad3ec626f18fd57165ccc404f80d4e51Vinit Deshpande setPhase2Method(Phase2.NONE); 45226a98001ad3ec626f18fd57165ccc404f80d4e51Vinit Deshpande /* fall through */ 4539b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff case Eap.PEAP: 4549b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff case Eap.PWD: 4559b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff case Eap.TTLS: 4567fee7232ee2ae45fb3cd4fcce314e8f1101ae8dbRoger Chang case Eap.SIM: 4577fee7232ee2ae45fb3cd4fcce314e8f1101ae8dbRoger Chang case Eap.AKA: 458adf9e95ecc5d0867adf1dc2d7adcac958457b98eJean-Michel Bachot case Eap.AKA_PRIME: 459274042519d84ad837f03572865bc096a537c73fbPaul Stewart mEapMethod = eapMethod; 460ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde mFields.put(OPP_KEY_CACHING, "1"); 4619b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff break; 4629b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff default: 4639b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff throw new IllegalArgumentException("Unknown EAP method"); 4649b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 4659b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 4669b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 4679b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff /** 4682452e54de65312163b1073fc699a432e2dd2a704xinhe * Set the TLS version 4692452e54de65312163b1073fc699a432e2dd2a704xinhe * @param enable: true -- enable TLS1.2 false -- disable TLS1.2 4702452e54de65312163b1073fc699a432e2dd2a704xinhe * @hide 4712452e54de65312163b1073fc699a432e2dd2a704xinhe */ 4722452e54de65312163b1073fc699a432e2dd2a704xinhe public void setTls12Enable(boolean enable) { 4732452e54de65312163b1073fc699a432e2dd2a704xinhe mTls12Enable = enable; 4742452e54de65312163b1073fc699a432e2dd2a704xinhe mFields.put(PHASE1_KEY, 4752452e54de65312163b1073fc699a432e2dd2a704xinhe enable ? ENABLE_TLS_1_2 : DISABLE_TLS_1_2); 4762452e54de65312163b1073fc699a432e2dd2a704xinhe } 4772452e54de65312163b1073fc699a432e2dd2a704xinhe 4782452e54de65312163b1073fc699a432e2dd2a704xinhe /** 4792452e54de65312163b1073fc699a432e2dd2a704xinhe * Get the TLS1.2 enabled or not 4802452e54de65312163b1073fc699a432e2dd2a704xinhe * @return eap method configured 4812452e54de65312163b1073fc699a432e2dd2a704xinhe * @hide 4822452e54de65312163b1073fc699a432e2dd2a704xinhe */ 4832452e54de65312163b1073fc699a432e2dd2a704xinhe public boolean getTls12Enable() { 4842452e54de65312163b1073fc699a432e2dd2a704xinhe return mTls12Enable; 4852452e54de65312163b1073fc699a432e2dd2a704xinhe } 4862452e54de65312163b1073fc699a432e2dd2a704xinhe 4872452e54de65312163b1073fc699a432e2dd2a704xinhe /** 4889b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * Get the eap method. 4899b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @return eap method configured 4909b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff */ 4919b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public int getEapMethod() { 492274042519d84ad837f03572865bc096a537c73fbPaul Stewart return mEapMethod; 4939b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 4949b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 4959b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff /** 4969b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * Set Phase 2 authentication method. Sets the inner authentication method to be used in 4979b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * phase 2 after setting up a secure channel 4989b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @param phase2Method is the inner authentication method and can be one of {@link Phase2#NONE}, 4999b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * {@link Phase2#PAP}, {@link Phase2#MSCHAP}, {@link Phase2#MSCHAPV2}, 5009b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * {@link Phase2#GTC} 501fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff * @throws IllegalArgumentException on an invalid phase2 method 5029b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * 5039b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff */ 5049b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public void setPhase2Method(int phase2Method) { 5059b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff switch (phase2Method) { 5069b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff case Phase2.NONE: 5079b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff case Phase2.PAP: 5089b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff case Phase2.MSCHAP: 5099b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff case Phase2.MSCHAPV2: 5109b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff case Phase2.GTC: 511274042519d84ad837f03572865bc096a537c73fbPaul Stewart mPhase2Method = phase2Method; 5129b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff break; 5139b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff default: 5149b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff throw new IllegalArgumentException("Unknown Phase 2 method"); 5159b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 5169b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 5179b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 5189b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff /** 5199b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * Get the phase 2 authentication method. 5209b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @return a phase 2 method defined at {@link Phase2} 5219b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * */ 5229b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public int getPhase2Method() { 523274042519d84ad837f03572865bc096a537c73fbPaul Stewart return mPhase2Method; 5249b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 5259b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 5269b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff /** 5279b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * Set the identity 5289b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @param identity 5299b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff */ 5309b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public void setIdentity(String identity) { 531ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde setFieldValue(IDENTITY_KEY, identity, ""); 5329b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 5339b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 5349b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff /** 5359b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * Get the identity 5369b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @return the identity 5379b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff */ 5389b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public String getIdentity() { 539ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde return getFieldValue(IDENTITY_KEY, ""); 5409b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 5419b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 5429b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff /** 5439b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * Set anonymous identity. This is used as the unencrypted identity with 5449b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * certain EAP types 5459b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @param anonymousIdentity the anonymous identity 5469b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff */ 5479b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public void setAnonymousIdentity(String anonymousIdentity) { 548ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde setFieldValue(ANON_IDENTITY_KEY, anonymousIdentity, ""); 5499b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 5509b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 551274042519d84ad837f03572865bc096a537c73fbPaul Stewart /** 552274042519d84ad837f03572865bc096a537c73fbPaul Stewart * Get the anonymous identity 5539b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @return anonymous identity 5549b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff */ 5559b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public String getAnonymousIdentity() { 556ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde return getFieldValue(ANON_IDENTITY_KEY, ""); 5579b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 5589b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 5599b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff /** 5609b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * Set the password. 5619b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @param password the password 5629b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff */ 5639b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public void setPassword(String password) { 564ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde setFieldValue(PASSWORD_KEY, password, ""); 5659b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 5669b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 5679b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff /** 56840843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff * Get the password. 56940843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff * 57040843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff * Returns locally set password value. For networks fetched from 57140843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff * framework, returns "*". 57240843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff */ 57340843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff public String getPassword() { 574ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde return getFieldValue(PASSWORD_KEY, ""); 57540843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff } 57640843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff 57740843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff /** 578a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * Encode a CA certificate alias so it does not contain illegal character. 579a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * @hide 580a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu */ 581a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu public static String encodeCaCertificateAlias(String alias) { 582a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu byte[] bytes = alias.getBytes(StandardCharsets.UTF_8); 583a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu StringBuilder sb = new StringBuilder(bytes.length * 2); 584a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu for (byte o : bytes) { 585a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu sb.append(String.format("%02x", o & 0xFF)); 586a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 587a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu return sb.toString(); 588a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 589a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu 590a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu /** 591a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * Decode a previously-encoded CA certificate alias. 592a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * @hide 593a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu */ 594a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu public static String decodeCaCertificateAlias(String alias) { 595a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu byte[] data = new byte[alias.length() >> 1]; 596a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu for (int n = 0, position = 0; n < alias.length(); n += 2, position++) { 597a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu data[position] = (byte) Integer.parseInt(alias.substring(n, n + 2), 16); 598a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 599a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu try { 600a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu return new String(data, StandardCharsets.UTF_8); 601a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } catch (NumberFormatException e) { 602a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu e.printStackTrace(); 603a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu return alias; 604a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 605a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 606a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu 607a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu /** 6089b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * Set CA certificate alias. 6099b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * 6109b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * <p> See the {@link android.security.KeyChain} for details on installing or choosing 6119b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * a certificate 6129b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * </p> 6139b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @param alias identifies the certificate 61426d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff * @hide 6159b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff */ 61626d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff public void setCaCertificateAlias(String alias) { 617ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde setFieldValue(CA_CERT_KEY, alias, CA_CERT_PREFIX); 6189b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 6199b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 6209b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff /** 621a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * Set CA certificate aliases. When creating installing the corresponding certificate to 622a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * the keystore, please use alias encoded by {@link #encodeCaCertificateAlias(String)}. 623a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * 624a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * <p> See the {@link android.security.KeyChain} for details on installing or choosing 625a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * a certificate. 626a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * </p> 627a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * @param aliases identifies the certificate 628a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * @hide 629a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu */ 630a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu public void setCaCertificateAliases(@Nullable String[] aliases) { 631a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu if (aliases == null) { 632a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu setFieldValue(CA_CERT_KEY, null, CA_CERT_PREFIX); 633a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } else if (aliases.length == 1) { 634a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu // Backwards compatibility: use the original cert prefix if setting only one alias. 635a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu setCaCertificateAlias(aliases[0]); 636a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } else { 637a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu // Use KEYSTORES_URI which supports multiple aliases. 638a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu StringBuilder sb = new StringBuilder(); 639a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu for (int i = 0; i < aliases.length; i++) { 640a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu if (i > 0) { 641a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu sb.append(CA_CERT_ALIAS_DELIMITER); 642a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 643a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu sb.append(encodeCaCertificateAlias(Credentials.CA_CERTIFICATE + aliases[i])); 644a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 645a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu setFieldValue(CA_CERT_KEY, sb.toString(), KEYSTORES_URI); 646a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 647a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 648a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu 649a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu /** 6509b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * Get CA certificate alias 6519b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @return alias to the CA certificate 65226d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff * @hide 6539b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff */ 65426d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff public String getCaCertificateAlias() { 655ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde return getFieldValue(CA_CERT_KEY, CA_CERT_PREFIX); 6569b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 6579b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 6589b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff /** 659a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * Get CA certificate aliases 660a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * @return alias to the CA certificate 661a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * @hide 662a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu */ 663a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu @Nullable public String[] getCaCertificateAliases() { 664a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu String value = getFieldValue(CA_CERT_KEY, ""); 665a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu if (value.startsWith(CA_CERT_PREFIX)) { 666a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu // Backwards compatibility: parse the original alias prefix. 667a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu return new String[] {getFieldValue(CA_CERT_KEY, CA_CERT_PREFIX)}; 668a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } else if (value.startsWith(KEYSTORES_URI)) { 669a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu String values = value.substring(KEYSTORES_URI.length()); 670a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu 671a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu String[] aliases = TextUtils.split(values, CA_CERT_ALIAS_DELIMITER); 672a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu for (int i = 0; i < aliases.length; i++) { 673a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu aliases[i] = decodeCaCertificateAlias(aliases[i]); 674a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu if (aliases[i].startsWith(Credentials.CA_CERTIFICATE)) { 675a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu aliases[i] = aliases[i].substring(Credentials.CA_CERTIFICATE.length()); 676a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 677a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 678a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu return aliases.length != 0 ? aliases : null; 679a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } else { 680a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu return TextUtils.isEmpty(value) ? null : new String[] {value}; 681a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 682a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 683a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu 684a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu /** 68526d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff * Specify a X.509 certificate that identifies the server. 68626d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff * 68726d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff * <p>A default name is automatically assigned to the certificate and used 688fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff * with this configuration. The framework takes care of installing the 689fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff * certificate when the config is saved and removing the certificate when 690fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff * the config is removed. 691fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff * 69226d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff * @param cert X.509 CA certificate 69326d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff * @throws IllegalArgumentException if not a CA certificate 69426d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff */ 695a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu public void setCaCertificate(@Nullable X509Certificate cert) { 6960b4732c2248fa2b92a44f045dfcadb3547076ef4Irfan Sheriff if (cert != null) { 6970b4732c2248fa2b92a44f045dfcadb3547076ef4Irfan Sheriff if (cert.getBasicConstraints() >= 0) { 698a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu mCaCerts = new X509Certificate[] {cert}; 6990b4732c2248fa2b92a44f045dfcadb3547076ef4Irfan Sheriff } else { 7000b4732c2248fa2b92a44f045dfcadb3547076ef4Irfan Sheriff throw new IllegalArgumentException("Not a CA certificate"); 7010b4732c2248fa2b92a44f045dfcadb3547076ef4Irfan Sheriff } 70226d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } else { 703a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu mCaCerts = null; 70426d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } 70526d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } 70626d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff 70726d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff /** 708a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * Get CA certificate. If multiple CA certificates are configured previously, 709a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * return the first one. 71040843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff * @return X.509 CA certificate 71140843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff */ 712a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu @Nullable public X509Certificate getCaCertificate() { 713a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu if (mCaCerts != null && mCaCerts.length > 0) { 714a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu return mCaCerts[0]; 715a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } else { 716a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu return null; 717a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 718a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 719a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu 720a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu /** 721a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * Specify a list of X.509 certificates that identifies the server. The validation 722a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * passes if the CA of server certificate matches one of the given certificates. 723a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu 724a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * <p>Default names are automatically assigned to the certificates and used 725a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * with this configuration. The framework takes care of installing the 726a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * certificates when the config is saved and removing the certificates when 727a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * the config is removed. 728a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * 729a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * @param certs X.509 CA certificates 730a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * @throws IllegalArgumentException if any of the provided certificates is 731a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * not a CA certificate 732a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu */ 733a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu public void setCaCertificates(@Nullable X509Certificate[] certs) { 734a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu if (certs != null) { 735a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu X509Certificate[] newCerts = new X509Certificate[certs.length]; 736a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu for (int i = 0; i < certs.length; i++) { 737a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu if (certs[i].getBasicConstraints() >= 0) { 738a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu newCerts[i] = certs[i]; 739a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } else { 740a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu throw new IllegalArgumentException("Not a CA certificate"); 741a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 742a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 743a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu mCaCerts = newCerts; 744a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } else { 745a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu mCaCerts = null; 746a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 747a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 748a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu 749a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu /** 750a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu * Get CA certificates. 751a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu */ 752a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu @Nullable public X509Certificate[] getCaCertificates() { 753492ed589df3609a15dd6a33709fc8d855ec1072dRubin Xu if (mCaCerts != null && mCaCerts.length > 0) { 754a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu return mCaCerts; 755a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } else { 756a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu return null; 757a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu } 75840843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff } 75940843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff 76040843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff /** 761ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde * @hide 762ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde */ 763ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde public void resetCaCertificate() { 764a0e3d62162e71fcf701edac84fddbf219bbaa45dRubin Xu mCaCerts = null; 765ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde } 766ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde 767c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan /** 768c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan * Set the ca_path directive on wpa_supplicant. 769c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan * 770c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan * From wpa_supplicant documentation: 771c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan * 772c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan * Directory path for CA certificate files (PEM). This path may contain 773c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan * multiple CA certificates in OpenSSL format. Common use for this is to 774c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan * point to system trusted CA list which is often installed into directory 775c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan * like /etc/ssl/certs. If configured, these certificates are added to the 776c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan * list of trusted CAs. ca_cert may also be included in that case, but it is 777c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan * not required. 778c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan * @param domain The path for CA certificate files 779c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan * @hide 780c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan */ 781c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan public void setCaPath(String path) { 782c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan setFieldValue(CA_PATH_KEY, path); 783c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan } 784c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan 785c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan /** 786c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan * Get the domain_suffix_match value. See setDomSuffixMatch. 787c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan * @return The path for CA certificate files. 788c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan * @hide 789c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan */ 790c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan public String getCaPath() { 791c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan return getFieldValue(CA_PATH_KEY, ""); 792c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan } 793c136cf95393fb8f646b95cccd038ca9cb3450214Samuel Tan 794ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde /** Set Client certificate alias. 7959b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * 7969b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * <p> See the {@link android.security.KeyChain} for details on installing or choosing 7979b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * a certificate 7989b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * </p> 7999b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @param alias identifies the certificate 80026d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff * @hide 8019b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff */ 80226d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff public void setClientCertificateAlias(String alias) { 803ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde setFieldValue(CLIENT_CERT_KEY, alias, CLIENT_CERT_PREFIX); 804ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde setFieldValue(PRIVATE_KEY_ID_KEY, alias, Credentials.USER_PRIVATE_KEY); 8059b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff // Also, set engine parameters 8069b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff if (TextUtils.isEmpty(alias)) { 807ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde mFields.put(ENGINE_KEY, ENGINE_DISABLE); 808ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde mFields.put(ENGINE_ID_KEY, EMPTY_VALUE); 8099b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } else { 810ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde mFields.put(ENGINE_KEY, ENGINE_ENABLE); 811ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde mFields.put(ENGINE_ID_KEY, convertToQuotedString(ENGINE_ID_KEYSTORE)); 8129b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 8139b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 8149b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 8159b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff /** 8169b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * Get client certificate alias 8179b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @return alias to the client certificate 81826d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff * @hide 8199b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff */ 82026d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff public String getClientCertificateAlias() { 821ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde return getFieldValue(CLIENT_CERT_KEY, CLIENT_CERT_PREFIX); 8229b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 8239b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 8249b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff /** 82526d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff * Specify a private key and client certificate for client authorization. 82626d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff * 82726d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff * <p>A default name is automatically assigned to the key entry and used 828fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff * with this configuration. The framework takes care of installing the 829fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff * key entry when the config is saved and removing the key entry when 830fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff * the config is removed. 831fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff 83226d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff * @param privateKey 83326d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff * @param clientCertificate 834fdc028383a01eaaa9bf93cb5d3ce50bd744eab52Irfan Sheriff * @throws IllegalArgumentException for an invalid key or certificate. 83526d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff */ 83626d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff public void setClientKeyEntry(PrivateKey privateKey, X509Certificate clientCertificate) { 83726d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff if (clientCertificate != null) { 83826d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff if (clientCertificate.getBasicConstraints() != -1) { 83926d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff throw new IllegalArgumentException("Cannot be a CA certificate"); 84026d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } 84126d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff if (privateKey == null) { 84226d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff throw new IllegalArgumentException("Client cert without a private key"); 84326d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } 84426d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff if (privateKey.getEncoded() == null) { 84526d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff throw new IllegalArgumentException("Private key cannot be encoded"); 84626d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } 84726d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } 84826d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff 84926d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff mClientPrivateKey = privateKey; 85026d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff mClientCertificate = clientCertificate; 85126d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } 85226d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff 85340843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff /** 85440843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff * Get client certificate 85540843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff * 85640843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff * @return X.509 client certificate 85740843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff */ 85840843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff public X509Certificate getClientCertificate() { 85940843589c46164c90fde29ad1c58291f17d4d9e6Irfan Sheriff return mClientCertificate; 86026d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } 86126d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff 862ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde /** 863ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde * @hide 864ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde */ 865ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde public void resetClientKeyEntry() { 866ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde mClientPrivateKey = null; 867ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde mClientCertificate = null; 86826d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } 86926d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff 870ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde /** 871ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde * @hide 872ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde */ 873ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde public PrivateKey getClientPrivateKey() { 874ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde return mClientPrivateKey; 87526d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } 87626d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff 87726d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff /** 878b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande * Set subject match (deprecated). This is the substring to be matched against the subject of 879b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande * the authentication server certificate. 8809b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @param subjectMatch substring to be matched 881b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande * @deprecated in favor of altSubjectMatch 8829b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff */ 8839b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public void setSubjectMatch(String subjectMatch) { 884ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde setFieldValue(SUBJECT_MATCH_KEY, subjectMatch, ""); 8859b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 8869b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 8879b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff /** 888b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande * Get subject match (deprecated) 8899b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @return the subject match string 890b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande * @deprecated in favor of altSubjectMatch 8919b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff */ 8929b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public String getSubjectMatch() { 893ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde return getFieldValue(SUBJECT_MATCH_KEY, ""); 8949b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 8959b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 896b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande /** 897b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande * Set alternate subject match. This is the substring to be matched against the 898b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande * alternate subject of the authentication server certificate. 899b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande * @param altSubjectMatch substring to be matched, for example 900b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande * DNS:server.example.com;EMAIL:server@example.com 901b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande */ 902b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande public void setAltSubjectMatch(String altSubjectMatch) { 903b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande setFieldValue(ALTSUBJECT_MATCH_KEY, altSubjectMatch, ""); 904b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande } 905b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande 906b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande /** 907b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande * Get alternate subject match 908b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande * @return the alternate subject match string 909b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande */ 910b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande public String getAltSubjectMatch() { 911b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande return getFieldValue(ALTSUBJECT_MATCH_KEY, ""); 912c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist } 913c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist 914c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist /** 915c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist * Set the domain_suffix_match directive on wpa_supplicant. This is the parameter to use 916c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist * for Hotspot 2.0 defined matching of AAA server certs per WFA HS2.0 spec, section 7.3.3.2, 917c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist * second paragraph. 918c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist * 919c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist * From wpa_supplicant documentation: 920c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist * Constraint for server domain name. If set, this FQDN is used as a suffix match requirement 921c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist * for the AAAserver certificate in SubjectAltName dNSName element(s). If a matching dNSName is 922c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist * found, this constraint is met. If no dNSName values are present, this constraint is matched 923c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist * against SubjectName CN using same suffix match comparison. 924c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist * Suffix match here means that the host/domain name is compared one label at a time starting 925c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist * from the top-level domain and all the labels in domain_suffix_match shall be included in the 926c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist * certificate. The certificate may include additional sub-level labels in addition to the 927c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist * required labels. 928c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist * For example, domain_suffix_match=example.com would match test.example.com but would not 929c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist * match test-example.com. 930c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist * @param domain The domain value 931c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist */ 93237f0820d6c23aa92a2b591327a734916131cb69aJan Nordqvist public void setDomainSuffixMatch(String domain) { 933c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist setFieldValue(DOM_SUFFIX_MATCH_KEY, domain); 934c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist } 935c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist 936c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist /** 937c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist * Get the domain_suffix_match value. See setDomSuffixMatch. 938c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist * @return The domain value. 939c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist */ 940a0d929e505432a8c84f3899696c910db16bd73bfVinit Deshpande public String getDomainSuffixMatch() { 941c91bc62f2bdca18c0ed96a740cbaa0383ea2860aJan Nordqvist return getFieldValue(DOM_SUFFIX_MATCH_KEY, ""); 942b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande } 943b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande 944b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande /** 945a0d929e505432a8c84f3899696c910db16bd73bfVinit Deshpande * Set realm for passpoint credential; realm identifies a set of networks where your 946a0d929e505432a8c84f3899696c910db16bd73bfVinit Deshpande * passpoint credential can be used 947b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande * @param realm the realm 948b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande */ 949b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande public void setRealm(String realm) { 950b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande setFieldValue(REALM_KEY, realm, ""); 951b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande } 952b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande 953b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande /** 954a0d929e505432a8c84f3899696c910db16bd73bfVinit Deshpande * Get realm for passpoint credential; see {@link #setRealm(String)} for more information 955b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande * @return the realm 956b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande */ 957b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande public String getRealm() { 958b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande return getFieldValue(REALM_KEY, ""); 959b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande } 960b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande 961b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande /** 962a0d929e505432a8c84f3899696c910db16bd73bfVinit Deshpande * Set plmn (Public Land Mobile Network) of the provider of passpoint credential 963a0d929e505432a8c84f3899696c910db16bd73bfVinit Deshpande * @param plmn the plmn value derived from mcc (mobile country code) & mnc (mobile network code) 964b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande */ 965b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande public void setPlmn(String plmn) { 966b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande setFieldValue(PLMN_KEY, plmn, ""); 967b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande } 968b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande 969b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande /** 970a0d929e505432a8c84f3899696c910db16bd73bfVinit Deshpande * Get plmn (Public Land Mobile Network) for passpoint credential; see {@link #setPlmn 971a0d929e505432a8c84f3899696c910db16bd73bfVinit Deshpande * (String)} for more information 972b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande * @return the plmn 973b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande */ 974b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande public String getPlmn() { 975b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande return getFieldValue(PLMN_KEY, ""); 976b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande } 977b21d2489c1bd330e39f4489c7f221ebb4dffc283Vinit Deshpande 97826d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff /** See {@link WifiConfiguration#getKeyIdForCredentials} @hide */ 979274042519d84ad837f03572865bc096a537c73fbPaul Stewart public String getKeyId(WifiEnterpriseConfig current) { 980274042519d84ad837f03572865bc096a537c73fbPaul Stewart // If EAP method is not initialized, use current config details 981274042519d84ad837f03572865bc096a537c73fbPaul Stewart if (mEapMethod == Eap.NONE) { 982274042519d84ad837f03572865bc096a537c73fbPaul Stewart return (current != null) ? current.getKeyId(null) : EMPTY_VALUE; 98326d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } 984274042519d84ad837f03572865bc096a537c73fbPaul Stewart if (!isEapMethodValid()) { 985274042519d84ad837f03572865bc096a537c73fbPaul Stewart return EMPTY_VALUE; 98626d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } 987274042519d84ad837f03572865bc096a537c73fbPaul Stewart return Eap.strings[mEapMethod] + "_" + Phase2.strings[mPhase2Method]; 98826d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff } 98926d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff 9909b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff private String removeDoubleQuotes(String string) { 9910b4732c2248fa2b92a44f045dfcadb3547076ef4Irfan Sheriff if (TextUtils.isEmpty(string)) return ""; 9929b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff int length = string.length(); 9939b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff if ((length > 1) && (string.charAt(0) == '"') 9949b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff && (string.charAt(length - 1) == '"')) { 9959b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff return string.substring(1, length - 1); 9969b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 9979b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff return string; 9989b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 9999b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 10009b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff private String convertToQuotedString(String string) { 10019b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff return "\"" + string + "\""; 10029b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 10039b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 1004274042519d84ad837f03572865bc096a537c73fbPaul Stewart /** 1005274042519d84ad837f03572865bc096a537c73fbPaul Stewart * Returns the index at which the toBeFound string is found in the array. 10069b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @param arr array of strings 10079b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @param toBeFound string to be found 10089b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @param defaultIndex default index to be returned when string is not found 10099b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @return the index into array 10109b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff */ 10119b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff private int getStringIndex(String arr[], String toBeFound, int defaultIndex) { 101226d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff if (TextUtils.isEmpty(toBeFound)) return defaultIndex; 10139b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff for (int i = 0; i < arr.length; i++) { 1014e095675c872f40f630aa3f9189eb5c02f3cfee6dIrfan Sheriff if (toBeFound.equals(arr[i])) return i; 10159b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 10169b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff return defaultIndex; 10179b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 10189b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 1019274042519d84ad837f03572865bc096a537c73fbPaul Stewart /** 1020274042519d84ad837f03572865bc096a537c73fbPaul Stewart * Returns the field value for the key. 10219b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @param key into the hash 10229b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @param prefix is the prefix that the value may have 10239b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @return value 1024ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde * @hide 10259b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff */ 1026ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde public String getFieldValue(String key, String prefix) { 1027274042519d84ad837f03572865bc096a537c73fbPaul Stewart // TODO: Should raise an exception if |key| is EAP_KEY or PHASE2_KEY since 1028274042519d84ad837f03572865bc096a537c73fbPaul Stewart // neither of these keys should be retrieved in this manner. 10299b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff String value = mFields.get(key); 103026d0076f0dbb021c4e5cc1b37b632b2223fd9278Irfan Sheriff // Uninitialized or known to be empty after reading from supplicant 1031ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde if (TextUtils.isEmpty(value) || EMPTY_VALUE.equals(value)) return ""; 1032dda5a7152fd6e5933503aba8e8badbbba0631839Vinit Deshapnde 1033dda5a7152fd6e5933503aba8e8badbbba0631839Vinit Deshapnde value = removeDoubleQuotes(value); 1034dda5a7152fd6e5933503aba8e8badbbba0631839Vinit Deshapnde if (value.startsWith(prefix)) { 1035dda5a7152fd6e5933503aba8e8badbbba0631839Vinit Deshapnde return value.substring(prefix.length()); 1036dda5a7152fd6e5933503aba8e8badbbba0631839Vinit Deshapnde } else { 1037dda5a7152fd6e5933503aba8e8badbbba0631839Vinit Deshapnde return value; 1038dda5a7152fd6e5933503aba8e8badbbba0631839Vinit Deshapnde } 10399b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 10409b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 1041274042519d84ad837f03572865bc096a537c73fbPaul Stewart /** 1042274042519d84ad837f03572865bc096a537c73fbPaul Stewart * Set a value with an optional prefix at key 10439b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @param key into the hash 10449b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @param value to be set 10459b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff * @param prefix an optional value to be prefixed to actual value 1046ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde * @hide 10479b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff */ 1048ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde public void setFieldValue(String key, String value, String prefix) { 1049274042519d84ad837f03572865bc096a537c73fbPaul Stewart // TODO: Should raise an exception if |key| is EAP_KEY or PHASE2_KEY since 1050274042519d84ad837f03572865bc096a537c73fbPaul Stewart // neither of these keys should be set in this manner. 10519b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff if (TextUtils.isEmpty(value)) { 1052ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde mFields.put(key, EMPTY_VALUE); 10539b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } else { 10549b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff mFields.put(key, convertToQuotedString(prefix + value)); 10559b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 10569b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 10579b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff 1058ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde 1059274042519d84ad837f03572865bc096a537c73fbPaul Stewart /** 1060274042519d84ad837f03572865bc096a537c73fbPaul Stewart * Set a value with an optional prefix at key 1061ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde * @param key into the hash 1062ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde * @param value to be set 1063ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde * @param prefix an optional value to be prefixed to actual value 1064ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde * @hide 1065ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde */ 1066ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde public void setFieldValue(String key, String value) { 1067274042519d84ad837f03572865bc096a537c73fbPaul Stewart // TODO: Should raise an exception if |key| is EAP_KEY or PHASE2_KEY since 1068274042519d84ad837f03572865bc096a537c73fbPaul Stewart // neither of these keys should be set in this manner. 1069ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde if (TextUtils.isEmpty(value)) { 1070ffadfb9ffdced62db215319d3edc7717802088fbVinit Deshapnde mFields.put(key, EMPTY_VALUE); 1071ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde } else { 1072ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde mFields.put(key, convertToQuotedString(value)); 1073ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde } 1074ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde } 1075ade8de3c4a021d6b0e753d77be148236af5f39efVinit Deshapnde 10769b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff @Override 10779b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff public String toString() { 10789b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff StringBuffer sb = new StringBuffer(); 10799b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff for (String key : mFields.keySet()) { 10809b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff sb.append(key).append(" ").append(mFields.get(key)).append("\n"); 10819b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 10829b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff return sb.toString(); 10839b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff } 1084274042519d84ad837f03572865bc096a537c73fbPaul Stewart 1085274042519d84ad837f03572865bc096a537c73fbPaul Stewart /** 1086274042519d84ad837f03572865bc096a537c73fbPaul Stewart * Returns whether the EAP method data is valid, i.e., whether mEapMethod and mPhase2Method 1087274042519d84ad837f03572865bc096a537c73fbPaul Stewart * are valid indices into {@code Eap.strings[]} and {@code Phase2.strings[]} respectively. 1088274042519d84ad837f03572865bc096a537c73fbPaul Stewart */ 1089274042519d84ad837f03572865bc096a537c73fbPaul Stewart private boolean isEapMethodValid() { 1090274042519d84ad837f03572865bc096a537c73fbPaul Stewart if (mEapMethod == Eap.NONE) { 1091274042519d84ad837f03572865bc096a537c73fbPaul Stewart Log.e(TAG, "WiFi enterprise configuration is invalid as it supplies no EAP method."); 1092274042519d84ad837f03572865bc096a537c73fbPaul Stewart return false; 1093274042519d84ad837f03572865bc096a537c73fbPaul Stewart } 1094274042519d84ad837f03572865bc096a537c73fbPaul Stewart if (mEapMethod < 0 || mEapMethod >= Eap.strings.length) { 1095274042519d84ad837f03572865bc096a537c73fbPaul Stewart Log.e(TAG, "mEapMethod is invald for WiFi enterprise configuration: " + mEapMethod); 1096274042519d84ad837f03572865bc096a537c73fbPaul Stewart return false; 1097274042519d84ad837f03572865bc096a537c73fbPaul Stewart } 1098274042519d84ad837f03572865bc096a537c73fbPaul Stewart if (mPhase2Method < 0 || mPhase2Method >= Phase2.strings.length) { 1099274042519d84ad837f03572865bc096a537c73fbPaul Stewart Log.e(TAG, "mPhase2Method is invald for WiFi enterprise configuration: " 1100274042519d84ad837f03572865bc096a537c73fbPaul Stewart + mPhase2Method); 1101274042519d84ad837f03572865bc096a537c73fbPaul Stewart return false; 1102274042519d84ad837f03572865bc096a537c73fbPaul Stewart } 1103274042519d84ad837f03572865bc096a537c73fbPaul Stewart return true; 1104274042519d84ad837f03572865bc096a537c73fbPaul Stewart } 11059b81319002634cf7118055f7aafaa26c27d4e5e8Irfan Sheriff} 1106