WifiEnterpriseConfig.java revision e095675c872f40f630aa3f9189eb5c02f3cfee6d
1/* 2 * Copyright (C) 2013 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16package android.net.wifi; 17 18import android.os.Parcel; 19import android.os.Parcelable; 20import android.security.Credentials; 21import android.text.TextUtils; 22 23import java.util.HashMap; 24import java.util.Map; 25 26/** Enterprise configuration details for Wi-Fi @hide */ 27public class WifiEnterpriseConfig implements Parcelable { 28 private static final String TAG = "WifiEnterpriseConfig"; 29 /** 30 * In old configurations, the "private_key" field was used. However, newer 31 * configurations use the key_id field with the engine_id set to "keystore". 32 * If this field is found in the configuration, the migration code is 33 * triggered. 34 */ 35 private static final String OLD_PRIVATE_KEY_NAME = "private_key"; 36 37 /** 38 * String representing the keystore OpenSSL ENGINE's ID. 39 */ 40 private static final String ENGINE_ID_KEYSTORE = "keystore"; 41 42 /** 43 * String representing the keystore URI used for wpa_supplicant. 44 */ 45 private static final String KEYSTORE_URI = "keystore://"; 46 47 /** 48 * String to set the engine value to when it should be enabled. 49 */ 50 private static final String ENGINE_ENABLE = "1"; 51 52 /** 53 * String to set the engine value to when it should be disabled. 54 */ 55 private static final String ENGINE_DISABLE = "0"; 56 57 private static final String CA_CERT_PREFIX = KEYSTORE_URI + Credentials.CA_CERTIFICATE; 58 private static final String CLIENT_CERT_PREFIX = KEYSTORE_URI + Credentials.USER_CERTIFICATE; 59 60 private static final String EAP_KEY = "eap"; 61 private static final String PHASE2_KEY = "phase2"; 62 private static final String IDENTITY_KEY = "identity"; 63 private static final String ANON_IDENTITY_KEY = "anonymous_identity"; 64 private static final String PASSWORD_KEY = "password"; 65 private static final String CLIENT_CERT_KEY = "client_cert"; 66 private static final String CA_CERT_KEY = "ca_cert"; 67 private static final String SUBJECT_MATCH_KEY = "subject_match"; 68 private static final String ENGINE_KEY = "engine"; 69 private static final String ENGINE_ID_KEY = "engine_id"; 70 private static final String PRIVATE_KEY_ID_KEY = "key_id"; 71 72 private HashMap<String, String> mFields = new HashMap<String, String>(); 73 74 /** This represents an empty value of an enterprise field. 75 * NULL is used at wpa_supplicant to indicate an empty value 76 */ 77 static final String EMPTY_VALUE = "NULL"; 78 79 public WifiEnterpriseConfig() { 80 // Do not set defaults so that the enterprise fields that are not changed 81 // by API are not changed underneath 82 // This is essential because an app may not have all fields like password 83 // available. It allows modification of subset of fields. 84 85 } 86 87 /** Copy constructor */ 88 public WifiEnterpriseConfig(WifiEnterpriseConfig source) { 89 for (String key : source.mFields.keySet()) { 90 mFields.put(key, source.mFields.get(key)); 91 } 92 } 93 94 @Override 95 public int describeContents() { 96 return 0; 97 } 98 99 @Override 100 public void writeToParcel(Parcel dest, int flags) { 101 dest.writeInt(mFields.size()); 102 for (Map.Entry<String, String> entry : mFields.entrySet()) { 103 dest.writeString(entry.getKey()); 104 dest.writeString(entry.getValue()); 105 } 106 } 107 108 public static final Creator<WifiEnterpriseConfig> CREATOR = 109 new Creator<WifiEnterpriseConfig>() { 110 public WifiEnterpriseConfig createFromParcel(Parcel in) { 111 WifiEnterpriseConfig enterpriseConfig = new WifiEnterpriseConfig(); 112 int count = in.readInt(); 113 for (int i = 0; i < count; i++) { 114 String key = in.readString(); 115 String value = in.readString(); 116 enterpriseConfig.mFields.put(key, value); 117 } 118 return enterpriseConfig; 119 } 120 121 public WifiEnterpriseConfig[] newArray(int size) { 122 return new WifiEnterpriseConfig[size]; 123 } 124 }; 125 126 public static final class Eap { 127 /* NONE represents an empty enterprise config */ 128 public static final int NONE = -1; 129 public static final int PEAP = 0; 130 public static final int TLS = 1; 131 public static final int TTLS = 2; 132 public static final int PWD = 3; 133 /** @hide */ 134 public static final String[] strings = { "PEAP", "TLS", "TTLS", "PWD" }; 135 } 136 137 public static final class Phase2 { 138 public static final int NONE = 0; 139 public static final int PAP = 1; 140 public static final int MSCHAP = 2; 141 public static final int MSCHAPV2 = 3; 142 public static final int GTC = 4; 143 private static final String PREFIX = "auth="; 144 /** @hide */ 145 public static final String[] strings = {EMPTY_VALUE, "PAP", "MSCHAP", "MSCHAPV2", "GTC" }; 146 } 147 148 /** Internal use only @hide */ 149 public HashMap<String, String> getFields() { 150 return mFields; 151 } 152 153 /** Internal use only @hide */ 154 public static String[] getSupplicantKeys() { 155 return new String[] { EAP_KEY, PHASE2_KEY, IDENTITY_KEY, ANON_IDENTITY_KEY, PASSWORD_KEY, 156 CLIENT_CERT_KEY, CA_CERT_KEY, SUBJECT_MATCH_KEY, ENGINE_KEY, ENGINE_ID_KEY, 157 PRIVATE_KEY_ID_KEY }; 158 } 159 160 /** 161 * Set the EAP authentication method. 162 * @param eapMethod is one {@link Eap#PEAP}, {@link Eap#TLS}, {@link Eap#TTLS} or 163 * {@link Eap#PWD} 164 */ 165 public void setEapMethod(int eapMethod) { 166 switch (eapMethod) { 167 /** Valid methods */ 168 case Eap.PEAP: 169 case Eap.PWD: 170 case Eap.TLS: 171 case Eap.TTLS: 172 mFields.put(EAP_KEY, Eap.strings[eapMethod]); 173 break; 174 default: 175 throw new IllegalArgumentException("Unknown EAP method"); 176 } 177 } 178 179 /** 180 * Get the eap method. 181 * @return eap method configured 182 */ 183 public int getEapMethod() { 184 String eapMethod = mFields.get(EAP_KEY); 185 return getStringIndex(Eap.strings, eapMethod, Eap.NONE); 186 } 187 188 /** 189 * Set Phase 2 authentication method. Sets the inner authentication method to be used in 190 * phase 2 after setting up a secure channel 191 * @param phase2Method is the inner authentication method and can be one of {@link Phase2#NONE}, 192 * {@link Phase2#PAP}, {@link Phase2#MSCHAP}, {@link Phase2#MSCHAPV2}, 193 * {@link Phase2#GTC} 194 * 195 */ 196 public void setPhase2Method(int phase2Method) { 197 switch (phase2Method) { 198 case Phase2.NONE: 199 mFields.put(PHASE2_KEY, EMPTY_VALUE); 200 break; 201 /** Valid methods */ 202 case Phase2.PAP: 203 case Phase2.MSCHAP: 204 case Phase2.MSCHAPV2: 205 case Phase2.GTC: 206 mFields.put(PHASE2_KEY, convertToQuotedString( 207 Phase2.PREFIX + Phase2.strings[phase2Method])); 208 break; 209 default: 210 throw new IllegalArgumentException("Unknown Phase 2 method"); 211 } 212 } 213 214 /** 215 * Get the phase 2 authentication method. 216 * @return a phase 2 method defined at {@link Phase2} 217 * */ 218 public int getPhase2Method() { 219 String phase2Method = removeDoubleQuotes(mFields.get(PHASE2_KEY)); 220 // Remove auth= prefix 221 if (phase2Method.startsWith(Phase2.PREFIX)) { 222 phase2Method = phase2Method.substring(Phase2.PREFIX.length()); 223 } 224 return getStringIndex(Phase2.strings, phase2Method, Phase2.NONE); 225 } 226 227 /** 228 * Set the identity 229 * @param identity 230 */ 231 public void setIdentity(String identity) { 232 setFieldValue(IDENTITY_KEY, identity, ""); 233 } 234 235 /** 236 * Get the identity 237 * @return the identity 238 */ 239 public String getIdentity() { 240 return getFieldValue(IDENTITY_KEY, ""); 241 } 242 243 /** 244 * Set anonymous identity. This is used as the unencrypted identity with 245 * certain EAP types 246 * @param anonymousIdentity the anonymous identity 247 */ 248 public void setAnonymousIdentity(String anonymousIdentity) { 249 setFieldValue(ANON_IDENTITY_KEY, anonymousIdentity, ""); 250 } 251 252 /** Get the anonymous identity 253 * @return anonymous identity 254 */ 255 public String getAnonymousIdentity() { 256 return getFieldValue(ANON_IDENTITY_KEY, ""); 257 } 258 259 /** 260 * Set the password. 261 * @param password the password 262 */ 263 public void setPassword(String password) { 264 setFieldValue(PASSWORD_KEY, password, ""); 265 } 266 267 /** 268 * Set CA certificate alias. 269 * 270 * <p> See the {@link android.security.KeyChain} for details on installing or choosing 271 * a certificate 272 * </p> 273 * @param alias identifies the certificate 274 */ 275 public void setCaCertificate(String alias) { 276 setFieldValue(CA_CERT_KEY, alias, CA_CERT_PREFIX); 277 } 278 279 /** 280 * Get CA certificate alias 281 * @return alias to the CA certificate 282 */ 283 public String getCaCertificate() { 284 return getFieldValue(CA_CERT_KEY, CA_CERT_PREFIX); 285 } 286 287 /** 288 * Set Client certificate alias. 289 * 290 * <p> See the {@link android.security.KeyChain} for details on installing or choosing 291 * a certificate 292 * </p> 293 * @param alias identifies the certificate 294 */ 295 public void setClientCertificate(String alias) { 296 setFieldValue(CLIENT_CERT_KEY, alias, CLIENT_CERT_PREFIX); 297 setFieldValue(PRIVATE_KEY_ID_KEY, alias, Credentials.USER_PRIVATE_KEY); 298 // Also, set engine parameters 299 if (TextUtils.isEmpty(alias)) { 300 mFields.put(ENGINE_KEY, ENGINE_DISABLE); 301 mFields.put(ENGINE_ID_KEY, EMPTY_VALUE); 302 } else { 303 mFields.put(ENGINE_KEY, ENGINE_ENABLE); 304 mFields.put(ENGINE_ID_KEY, convertToQuotedString(ENGINE_ID_KEYSTORE)); 305 } 306 } 307 308 /** 309 * Get client certificate alias 310 * @return alias to the client certificate 311 */ 312 public String getClientCertificate() { 313 return getFieldValue(CLIENT_CERT_KEY, CLIENT_CERT_PREFIX); 314 } 315 316 /** 317 * Set subject match. This is the substring to be matched against the subject of the 318 * authentication server certificate. 319 * @param subjectMatch substring to be matched 320 */ 321 public void setSubjectMatch(String subjectMatch) { 322 setFieldValue(SUBJECT_MATCH_KEY, subjectMatch, ""); 323 } 324 325 /** 326 * Get subject match 327 * @return the subject match string 328 */ 329 public String getSubjectMatch() { 330 return getFieldValue(SUBJECT_MATCH_KEY, ""); 331 } 332 333 /** Migrates the old style TLS config to the new config style. This should only be used 334 * when restoring an old wpa_supplicant.conf or upgrading from a previous 335 * platform version. 336 * @return true if the config was updated 337 * @hide 338 */ 339 public boolean migrateOldEapTlsNative(WifiNative wifiNative, int netId) { 340 String oldPrivateKey = wifiNative.getNetworkVariable(netId, OLD_PRIVATE_KEY_NAME); 341 /* 342 * If the old configuration value is not present, then there is nothing 343 * to do. 344 */ 345 if (TextUtils.isEmpty(oldPrivateKey)) { 346 return false; 347 } else { 348 // Also ignore it if it's empty quotes. 349 oldPrivateKey = removeDoubleQuotes(oldPrivateKey); 350 if (TextUtils.isEmpty(oldPrivateKey)) { 351 return false; 352 } 353 } 354 355 mFields.put(ENGINE_KEY, ENGINE_ENABLE); 356 mFields.put(ENGINE_ID_KEY, convertToQuotedString(ENGINE_ID_KEYSTORE)); 357 358 /* 359 * The old key started with the keystore:// URI prefix, but we don't 360 * need that anymore. Trim it off if it exists. 361 */ 362 final String keyName; 363 if (oldPrivateKey.startsWith(KEYSTORE_URI)) { 364 keyName = new String(oldPrivateKey.substring(KEYSTORE_URI.length())); 365 } else { 366 keyName = oldPrivateKey; 367 } 368 mFields.put(PRIVATE_KEY_ID_KEY, convertToQuotedString(keyName)); 369 370 wifiNative.setNetworkVariable(netId, ENGINE_KEY, mFields.get(ENGINE_KEY)); 371 wifiNative.setNetworkVariable(netId, ENGINE_ID_KEY, mFields.get(ENGINE_ID_KEY)); 372 wifiNative.setNetworkVariable(netId, PRIVATE_KEY_ID_KEY, mFields.get(PRIVATE_KEY_ID_KEY)); 373 // Remove old private_key string so we don't run this again. 374 wifiNative.setNetworkVariable(netId, OLD_PRIVATE_KEY_NAME, EMPTY_VALUE); 375 return true; 376 } 377 378 private String removeDoubleQuotes(String string) { 379 int length = string.length(); 380 if ((length > 1) && (string.charAt(0) == '"') 381 && (string.charAt(length - 1) == '"')) { 382 return string.substring(1, length - 1); 383 } 384 return string; 385 } 386 387 private String convertToQuotedString(String string) { 388 return "\"" + string + "\""; 389 } 390 391 /** Returns the index at which the toBeFound string is found in the array. 392 * @param arr array of strings 393 * @param toBeFound string to be found 394 * @param defaultIndex default index to be returned when string is not found 395 * @return the index into array 396 */ 397 private int getStringIndex(String arr[], String toBeFound, int defaultIndex) { 398 for (int i = 0; i < arr.length; i++) { 399 if (toBeFound.equals(arr[i])) return i; 400 } 401 return defaultIndex; 402 } 403 404 /** Returns the field value for the key. 405 * @param key into the hash 406 * @param prefix is the prefix that the value may have 407 * @return value 408 */ 409 private String getFieldValue(String key, String prefix) { 410 String value = mFields.get(key); 411 if (EMPTY_VALUE.equals(value)) return ""; 412 return removeDoubleQuotes(value).substring(prefix.length()); 413 } 414 415 /** Set a value with an optional prefix at key 416 * @param key into the hash 417 * @param value to be set 418 * @param prefix an optional value to be prefixed to actual value 419 */ 420 private void setFieldValue(String key, String value, String prefix) { 421 if (TextUtils.isEmpty(value)) { 422 mFields.put(key, EMPTY_VALUE); 423 } else { 424 mFields.put(key, convertToQuotedString(prefix + value)); 425 } 426 } 427 428 @Override 429 public String toString() { 430 StringBuffer sb = new StringBuffer(); 431 for (String key : mFields.keySet()) { 432 sb.append(key).append(" ").append(mFields.get(key)).append("\n"); 433 } 434 return sb.toString(); 435 } 436} 437