Change system language, passpoint R2 failed to connect

The comparing of friendly names from AP are mismatched with subject names from OSU server certificate. it shouldn't use system default locale, the languages and names broadcasted by AP should be used. Bug: 139854572 Test: Change the device language to Chinese, connect to passpoint network; unit test. Change-Id: I7ac6dbc00c3701010d9643df46ac78a5de665876
author: Steven Liu <steveliu@google.com> 2019-08-23 15:20:15 -0700
committer: Steven Liu <steveliu@google.com> 2019-08-28 10:13:41 -0700
commit: 07969aeeab3a0caebef26d1b2921d53845101f56 (patch)
tree: 2ae4d2abce3eab21c009d641b9af7a81eed513ba
parent: 07ba9343d2142ee08bffa4febb1e7813d10d7774 (diff)
4 files changed, 97 insertions, 19 deletions
diff --git a/service/java/com/android/server/wifi/hotspot2/OsuServerConnection.java b/service/java/com/android/server/wifi/hotspot2/OsuServerConnection.java
index 94f584f72..92560932c 100644
--- a/service/java/com/android/server/wifi/hotspot2/OsuServerConnection.java
+++ b/service/java/com/android/server/wifi/hotspot2/OsuServerConnection.java
@@ -188,27 +188,25 @@ public class OsuServerConnection {
      * Validates the service provider by comparing its identities found in OSU Server cert
      * to the friendlyName obtained from ANQP exchange that is displayed to the user.
      *
-     * @param locale       a {@link Locale} object used for matching the friendly name in
-     *                     subjectAltName section of the certificate along with
-     *                     {@param friendlyName}.
-     * @param friendlyName a string of the friendly name used for finding the same name in
-     *                     subjectAltName section of the certificate.
+     * @param friendlyNames the friendly names used for finding the same name in
+     *                     subjectAltName section of the certificate, which is a map of language
+     *                     codes from ISO-639 and names.
      * @return boolean true if friendlyName shows up as one of the identities in the cert
      */
-    public boolean validateProvider(Locale locale,
-            String friendlyName) {
+    public boolean validateProvider(
+            Map<String, String> friendlyNames) {
 
-        if (locale == null || TextUtils.isEmpty(friendlyName)) {
+        if (friendlyNames.size() == 0) {
             return false;
         }
 
         for (Pair<Locale, String> identity : ServiceProviderVerifier.getProviderNames(
                 mTrustManager.getProviderCert())) {
-            if (identity.first == null) continue;
+            if (identity.first == null || TextUtils.isEmpty(identity.second)) continue;
 
             // Compare the language code for ISO-639.
-            if (identity.first.getISO3Language().equals(locale.getISO3Language()) &&
-                    TextUtils.equals(identity.second, friendlyName)) {
+            if (TextUtils.equals(identity.second,
+                    friendlyNames.get(identity.first.getISO3Language()))) {
                 if (mVerboseLoggingEnabled) {
                     Log.v(TAG, "OSU certificate is valid for "
                             + identity.first.getISO3Language() + "/" + identity.second);
diff --git a/service/java/com/android/server/wifi/hotspot2/PasspointProvisioner.java b/service/java/com/android/server/wifi/hotspot2/PasspointProvisioner.java
index bdd035fe4..137d9fa19 100644
--- a/service/java/com/android/server/wifi/hotspot2/PasspointProvisioner.java
+++ b/service/java/com/android/server/wifi/hotspot2/PasspointProvisioner.java
@@ -366,7 +366,7 @@ public class PasspointProvisioner {
                 return;
             }
             if (!mOsuServerConnection.validateProvider(
-                    Locale.getDefault(), mOsuProvider.getFriendlyName())) {
+                    mOsuProvider.getFriendlyNameList())) {
                 Log.e(TAG,
                         "OSU Server certificate does not have the one matched with the selected "
                                 + "Service Name: "
diff --git a/tests/wifitests/src/com/android/server/wifi/hotspot2/OsuServerConnectionTest.java b/tests/wifitests/src/com/android/server/wifi/hotspot2/OsuServerConnectionTest.java
index 843caf1a9..9fa92c9a3 100644
--- a/tests/wifitests/src/com/android/server/wifi/hotspot2/OsuServerConnectionTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/hotspot2/OsuServerConnectionTest.java
@@ -86,6 +86,7 @@ public class OsuServerConnectionTest {
     private static final String AUTH_TYPE = "ECDHE_RSA";
     private static final String PROVIDER_NAME_VALID = "Boingo";
     private static final String PROVIDER_NAME_INVALID = "Boingo1";
+    private static final String TEST_PROVIDER_CHINESE_NAME = "宝音阁";
     private static final int ENABLE_VERBOSE_LOGGING = 1;
     private static final int TEST_SESSION_ID = 1;
 
@@ -144,7 +145,85 @@ public class OsuServerConnectionTest {
             trustManager.checkServerTrusted(new X509Certificate[1], AUTH_TYPE);
 
             verify(mOsuServerCallbacks).onServerValidationStatus(anyInt(), eq(true));
-            assertTrue(mOsuServerConnection.validateProvider(Locale.US, PROVIDER_NAME_VALID));
+            Map<String, String> providerNames = new HashMap<>();
+            providerNames.put(Locale.US.getISO3Language(), PROVIDER_NAME_VALID);
+            assertTrue(mOsuServerConnection.validateProvider(providerNames));
+        } finally {
+            session.finishMocking();
+        }
+    }
+
+    /**
+     * Verifies multiple languages of OsuProvider names are matched with cert
+     */
+    @Test
+    public void verifyValidateProviderWithMultipleProviderLangs() throws Exception {
+        // static mocking
+        MockitoSession session = ExtendedMockito.mockitoSession().mockStatic(
+                ServiceProviderVerifier.class).startMocking();
+        try {
+            when(ServiceProviderVerifier.getProviderNames(any(X509Certificate.class))).thenReturn(
+                    mProviderIdentities);
+            establishServerConnection();
+            TrustManager[] trustManagers = mTrustManagerCaptor.getValue();
+            X509TrustManager trustManager = (X509TrustManager) trustManagers[0];
+            trustManager.checkServerTrusted(new X509Certificate[1], AUTH_TYPE);
+            Map<String, String> friendlyNames = new HashMap<>();
+            friendlyNames.put(
+                    Locale.SIMPLIFIED_CHINESE.getISO3Language(), TEST_PROVIDER_CHINESE_NAME);
+            friendlyNames.put(Locale.US.getISO3Language(), PROVIDER_NAME_VALID);
+
+            assertTrue(mOsuServerConnection.validateProvider(friendlyNames));
+        } finally {
+            session.finishMocking();
+        }
+    }
+
+    /**
+     * Verifies wrong language of OsuProvider name is mismatched with cert
+     */
+    @Test
+    public void verifyValidateProviderWithMismatchedProviderLang() throws Exception {
+        // static mocking
+        MockitoSession session = ExtendedMockito.mockitoSession().mockStatic(
+                ServiceProviderVerifier.class).startMocking();
+        try {
+            when(ServiceProviderVerifier.getProviderNames(any(X509Certificate.class))).thenReturn(
+                    mProviderIdentities);
+            establishServerConnection();
+            TrustManager[] trustManagers = mTrustManagerCaptor.getValue();
+            X509TrustManager trustManager = (X509TrustManager) trustManagers[0];
+            trustManager.checkServerTrusted(new X509Certificate[1], AUTH_TYPE);
+            Map<String, String> friendlyNames = new HashMap<>();
+            friendlyNames.put(
+                    Locale.SIMPLIFIED_CHINESE.getISO3Language(), TEST_PROVIDER_CHINESE_NAME);
+
+            assertFalse(mOsuServerConnection.validateProvider(friendlyNames));
+        } finally {
+            session.finishMocking();
+        }
+    }
+
+    /**
+     * Verifies same language from different regions.
+     */
+    @Test
+    public void verifyValidateProviderWithSameLangButDifferentRegion() throws Exception {
+        // static mocking
+        MockitoSession session = ExtendedMockito.mockitoSession().mockStatic(
+                ServiceProviderVerifier.class).startMocking();
+        try {
+            when(ServiceProviderVerifier.getProviderNames(any(X509Certificate.class))).thenReturn(
+                    mProviderIdentities);
+            establishServerConnection();
+            TrustManager[] trustManagers = mTrustManagerCaptor.getValue();
+            X509TrustManager trustManager = (X509TrustManager) trustManagers[0];
+            trustManager.checkServerTrusted(new X509Certificate[1], AUTH_TYPE);
+            Map<String, String> friendlyNames = new HashMap<>();
+            friendlyNames.put(
+                    Locale.CANADA.getISO3Language(), PROVIDER_NAME_VALID);
+
+            assertTrue(mOsuServerConnection.validateProvider(friendlyNames));
         } finally {
             session.finishMocking();
         }
@@ -250,7 +329,9 @@ public class OsuServerConnectionTest {
             trustManager.checkServerTrusted(new X509Certificate[1], AUTH_TYPE);
 
             verify(mOsuServerCallbacks).onServerValidationStatus(anyInt(), eq(true));
-            assertFalse(mOsuServerConnection.validateProvider(Locale.US, PROVIDER_NAME_INVALID));
+            Map<String, String> providerNames = new HashMap<>();
+            providerNames.put(Locale.US.getISO3Language(), PROVIDER_NAME_INVALID);
+            assertFalse(mOsuServerConnection.validateProvider(providerNames));
         } finally {
             session.finishMocking();
         }
diff --git a/tests/wifitests/src/com/android/server/wifi/hotspot2/PasspointProvisionerTest.java b/tests/wifitests/src/com/android/server/wifi/hotspot2/PasspointProvisionerTest.java
index 10ce65067..64a7f9e2d 100644
--- a/tests/wifitests/src/com/android/server/wifi/hotspot2/PasspointProvisionerTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/hotspot2/PasspointProvisionerTest.java
@@ -97,7 +97,6 @@ import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.HashMap;
 import java.util.List;
-import java.util.Locale;
 import java.util.Map;
 
 import javax.net.ssl.SSLContext;
@@ -224,8 +223,8 @@ public class PasspointProvisionerTest {
                 mPasspointManager, mWifiMetrics);
         when(mOsuNetworkConnection.connect(any(WifiSsid.class), any(), any())).thenReturn(true);
         when(mOsuServerConnection.connect(any(URL.class), any(Network.class))).thenReturn(true);
-        when(mOsuServerConnection.validateProvider(any(Locale.class),
-                any(String.class))).thenReturn(true);
+        when(mOsuServerConnection.validateProvider(
+                anyMap())).thenReturn(true);
         when(mOsuServerConnection.canValidateServer()).thenReturn(true);
         mPasspointProvisioner.enableVerboseLogging(1);
         mOsuProvider = PasspointProvisioningTestUtil.generateOsuProvider(true);
@@ -728,8 +727,8 @@ public class PasspointProvisionerTest {
      */
     @Test
     public void verifyProviderVerificationFailure() throws RemoteException {
-        when(mOsuServerConnection.validateProvider(any(Locale.class),
-                any(String.class))).thenReturn(false);
+        when(mOsuServerConnection.validateProvider(
+                anyMap())).thenReturn(false);
         stopAfterStep(STEP_SERVER_CONNECT);
 
         // Wait for OSU server validation callback
author	Steven Liu <steveliu@google.com>	2019-08-23 15:20:15 -0700
committer	Steven Liu <steveliu@google.com>	2019-08-28 10:13:41 -0700
commit	07969aeeab3a0caebef26d1b2921d53845101f56 (patch)
tree	2ae4d2abce3eab21c009d641b9af7a81eed513ba
parent	07ba9343d2142ee08bffa4febb1e7813d10d7774 (diff)