Merge "[Passpoint] Remove EapMethod matching"

author: TreeHugger Robot <treehugger-gerrit@google.com> 2020-01-29 19:45:42 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2020-01-29 19:45:42 +0000
commit: 32d5be7ff79875476812a7b3974748c8a17eaf4a (patch)
tree: 55afb815c78b297f4ef1cabb8e63830842ec0da2
parent: 0fbf5ad9add3ad9cf80d5169cbc519db00e34006 (diff)
parent: f7d47380d5abcaab1db5e83c30555d39f24ed5b9 (diff)
5 files changed, 45 insertions, 125 deletions
diff --git a/service/java/com/android/server/wifi/hotspot2/ANQPMatcher.java b/service/java/com/android/server/wifi/hotspot2/ANQPMatcher.java
index 56836a4bb..e8d31d829 100644
--- a/service/java/com/android/server/wifi/hotspot2/ANQPMatcher.java
+++ b/service/java/com/android/server/wifi/hotspot2/ANQPMatcher.java
@@ -25,12 +25,8 @@ import com.android.server.wifi.hotspot2.anqp.NAIRealmData;
 import com.android.server.wifi.hotspot2.anqp.NAIRealmElement;
 import com.android.server.wifi.hotspot2.anqp.RoamingConsortiumElement;
 import com.android.server.wifi.hotspot2.anqp.ThreeGPPNetworkElement;
-import com.android.server.wifi.hotspot2.anqp.eap.AuthParam;
-import com.android.server.wifi.hotspot2.anqp.eap.EAPMethod;
 
 import java.util.List;
-import java.util.Map;
-import java.util.Set;
 
 /**
  * Utility class for providing matching functions against ANQP elements.
@@ -100,27 +96,19 @@ public class ANQPMatcher {
      *
      * @param element The NAI Realm ANQP element
      * @param realm The realm of the provider's credential
-     * @param eapMethodID The EAP Method ID of the provider's credential
-     * @param authParam The authentication parameter of the provider's credential
      * @return an integer indicating the match status
      */
-    public static int matchNAIRealm(NAIRealmElement element, String realm, int eapMethodID,
-            AuthParam authParam) {
+    public static int matchNAIRealm(NAIRealmElement element, String realm) {
         if (element == null || element.getRealmDataList().isEmpty()) {
             return AuthMatch.INDETERMINATE;
         }
 
-        int bestMatch = AuthMatch.NONE;
         for (NAIRealmData realmData : element.getRealmDataList()) {
-            int match = matchNAIRealmData(realmData, realm, eapMethodID, authParam);
-            if (match > bestMatch) {
-                bestMatch = match;
-                if (bestMatch == AuthMatch.EXACT) {
-                    break;
-                }
+            if (matchNAIRealmData(realmData, realm) == AuthMatch.REALM) {
+                return AuthMatch.REALM;
             }
         }
-        return bestMatch;
+        return AuthMatch.NONE;
     }
 
     /**
@@ -150,70 +138,17 @@ public class ANQPMatcher {
      *
      * @param realmData The NAI Realm data
      * @param realm The realm of the provider's credential
-     * @param eapMethodID The EAP Method ID of the provider's credential
-     * @param authParam The authentication parameter of the provider's credential
      * @return an integer indicating the match status
      */
-    private static int matchNAIRealmData(NAIRealmData realmData, String realm, int eapMethodID,
-            AuthParam authParam) {
+    private static int matchNAIRealmData(NAIRealmData realmData, String realm) {
         // Check for realm domain name match.
-        int realmMatch = AuthMatch.NONE;
         for (String realmStr : realmData.getRealms()) {
             if (DomainMatcher.arg2SubdomainOfArg1(realm, realmStr)) {
-                realmMatch = AuthMatch.REALM;
-                break;
+                return AuthMatch.REALM;
             }
         }
 
-        if (realmData.getEAPMethods().isEmpty()) {
-            return realmMatch;
-        }
-
-        // Check for EAP method match.
-        int eapMethodMatch = AuthMatch.NONE;
-        for (EAPMethod eapMethod : realmData.getEAPMethods()) {
-            eapMethodMatch = matchEAPMethod(eapMethod, eapMethodID, authParam);
-            if (eapMethodMatch != AuthMatch.NONE) {
-                break;
-            }
-        }
-
-        if (eapMethodMatch == AuthMatch.NONE) {
-            return AuthMatch.NONE;
-        }
-
-        if (realmMatch == AuthMatch.NONE) {
-            return eapMethodMatch;
-        }
-        return realmMatch | eapMethodMatch;
-    }
-
-    /**
-     * Match the given EAPMethod against the authentication method of a provider.
-     *
-     * @param method The EAP Method
-     * @param eapMethodID The EAP Method ID of the provider's credential
-     * @param authParam The authentication parameter of the provider's credential
-     * @return an integer indicating the match status
-     */
-    private static int matchEAPMethod(EAPMethod method, int eapMethodID, AuthParam authParam) {
-        if (method.getEAPMethodID() != eapMethodID) {
-            return AuthMatch.NONE;
-        }
-        // Check for authentication parameter match.
-        if (authParam != null) {
-            Map<Integer, Set<AuthParam>> authParams = method.getAuthParams();
-            if (authParams.isEmpty()) {
-                // no auth methods to match
-                return AuthMatch.METHOD;
-            }
-            Set<AuthParam> paramSet = authParams.get(authParam.getAuthTypeID());
-            if (paramSet == null || !paramSet.contains(authParam)) {
-                return AuthMatch.NONE;
-            }
-            return AuthMatch.METHOD_PARAM;
-        }
-        return AuthMatch.METHOD;
+        return AuthMatch.NONE;
     }
 
     /**
diff --git a/service/java/com/android/server/wifi/hotspot2/AuthMatch.java b/service/java/com/android/server/wifi/hotspot2/AuthMatch.java
index 3abf35fb6..caf6ca887 100644
--- a/service/java/com/android/server/wifi/hotspot2/AuthMatch.java
+++ b/service/java/com/android/server/wifi/hotspot2/AuthMatch.java
@@ -27,10 +27,6 @@ public abstract class AuthMatch {
     public static final int NONE = -1;
     public static final int INDETERMINATE = 0;
     public static final int REALM = 0x04;
-    public static final int METHOD = 0x02;
-    public static final int PARAM = 0x01;
-    public static final int METHOD_PARAM = METHOD | PARAM;
-    public static final int EXACT = REALM | METHOD | PARAM;
 
     public static String toString(int match) {
         if (match < 0) {
@@ -44,12 +40,6 @@ public abstract class AuthMatch {
         if ((match & REALM) != 0) {
             sb.append("Realm");
         }
-        if ((match & METHOD) != 0) {
-            sb.append("Method");
-        }
-        if ((match & PARAM) != 0) {
-            sb.append("Param");
-        }
         return sb.toString();
     }
 }
diff --git a/service/java/com/android/server/wifi/hotspot2/PasspointProvider.java b/service/java/com/android/server/wifi/hotspot2/PasspointProvider.java
index 7fe8fdbd2..3913ca892 100644
--- a/service/java/com/android/server/wifi/hotspot2/PasspointProvider.java
+++ b/service/java/com/android/server/wifi/hotspot2/PasspointProvider.java
@@ -382,6 +382,7 @@ public class PasspointProvider {
     public PasspointMatch match(Map<ANQPElementType, ANQPElement> anqpElements,
             RoamingConsortium roamingConsortium) {
 
+        // If the profile requires a SIM credential, make sure that the installed SIM matches
         String matchingSimImsi = null;
         if (mConfig.getCredential().getSimCredential() != null) {
             matchingSimImsi = getMatchingSimImsi();
@@ -391,25 +392,22 @@ public class PasspointProvider {
             }
         }
 
-        PasspointMatch providerMatch = matchProviderExceptFor3GPP(
-                anqpElements, roamingConsortium, matchingSimImsi);
+        // Match FQDN for Home provider or RCOI(s) for Roaming provider
+        // For SIM credential, the FQDN is in the format of wlan.mnc*.mcc*.3gppnetwork.org
+        PasspointMatch providerMatch = matchFqdnAndRcoi(anqpElements, roamingConsortium,
+                matchingSimImsi);
 
-        // 3GPP Network matching.
+        // 3GPP Network matching
         if (providerMatch == PasspointMatch.None && ANQPMatcher.matchThreeGPPNetwork(
                 (ThreeGPPNetworkElement) anqpElements.get(ANQPElementType.ANQP3GPPNetwork),
                 mImsiParameter, matchingSimImsi)) {
             return PasspointMatch.RoamingProvider;
         }
 
-        // Perform authentication match against the NAI Realm.
+        // Perform NAI Realm matching
         int authMatch = ANQPMatcher.matchNAIRealm(
                 (NAIRealmElement) anqpElements.get(ANQPElementType.ANQPNAIRealm),
-                mConfig.getCredential().getRealm(), mEAPMethodID, mAuthParam);
-
-        // In case of Auth mismatch, demote provider match.
-        if (authMatch == AuthMatch.NONE) {
-            return PasspointMatch.None;
-        }
+                mConfig.getCredential().getRealm());
 
         // In case of no realm match, return provider match as is.
         if ((authMatch & AuthMatch.REALM) == 0) {
@@ -671,14 +669,14 @@ public class PasspointProvider {
     }
 
     /**
-     * Perform a provider match based on the given ANQP elements except for matching 3GPP Network.
+     * Perform a provider match based on the given ANQP elements for FQDN and RCOI
      *
      * @param anqpElements List of ANQP elements
      * @param roamingConsortium Roaming Consortium information element from the AP
+     * @param matchingSIMImsi Installed SIM IMSI that matches the SIM credential ANQP element
      * @return {@link PasspointMatch}
      */
-    private PasspointMatch matchProviderExceptFor3GPP(
-            Map<ANQPElementType, ANQPElement> anqpElements,
+    private PasspointMatch matchFqdnAndRcoi(Map<ANQPElementType, ANQPElement> anqpElements,
             RoamingConsortium roamingConsortium, String matchingSIMImsi) {
         // Domain name matching.
         if (ANQPMatcher.matchDomainName(
diff --git a/tests/wifitests/src/com/android/server/wifi/hotspot2/ANQPMatcherTest.java b/tests/wifitests/src/com/android/server/wifi/hotspot2/ANQPMatcherTest.java
index 7a30ae069..7b23534fd 100644
--- a/tests/wifitests/src/com/android/server/wifi/hotspot2/ANQPMatcherTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/hotspot2/ANQPMatcherTest.java
@@ -34,7 +34,6 @@ import com.android.server.wifi.hotspot2.anqp.RoamingConsortiumElement;
 import com.android.server.wifi.hotspot2.anqp.ThreeGPPNetworkElement;
 import com.android.server.wifi.hotspot2.anqp.eap.AuthParam;
 import com.android.server.wifi.hotspot2.anqp.eap.EAPMethod;
-import com.android.server.wifi.hotspot2.anqp.eap.InnerAuthEAP;
 import com.android.server.wifi.hotspot2.anqp.eap.NonEAPInnerAuth;
 
 import org.junit.Test;
@@ -124,8 +123,7 @@ public class ANQPMatcherTest extends WifiBaseTest {
      */
     @Test
     public void matchNAIRealmWithNullElement() throws Exception {
-        assertEquals(AuthMatch.INDETERMINATE, ANQPMatcher.matchNAIRealm(null, "test.com",
-                EAPConstants.EAP_TLS, new InnerAuthEAP(EAPConstants.EAP_TTLS)));
+        assertEquals(AuthMatch.INDETERMINATE, ANQPMatcher.matchNAIRealm(null, "test.com"));
     }
 
     /**
@@ -137,8 +135,7 @@ public class ANQPMatcherTest extends WifiBaseTest {
     @Test
     public void matchNAIRealmWithEmtpyRealmData() throws Exception {
         NAIRealmElement element = new NAIRealmElement(new ArrayList<NAIRealmData>());
-        assertEquals(AuthMatch.INDETERMINATE, ANQPMatcher.matchNAIRealm(element, "test.com",
-                EAPConstants.EAP_TLS, null));
+        assertEquals(AuthMatch.INDETERMINATE, ANQPMatcher.matchNAIRealm(element, "test.com"));
     }
 
     /**
@@ -154,8 +151,7 @@ public class ANQPMatcherTest extends WifiBaseTest {
                 Arrays.asList(new String[] {realm}), new ArrayList<EAPMethod>());
         NAIRealmElement element = new NAIRealmElement(
                 Arrays.asList(new NAIRealmData[] {realmData}));
-        assertEquals(AuthMatch.REALM, ANQPMatcher.matchNAIRealm(element, realm,
-                EAPConstants.EAP_TLS, null));
+        assertEquals(AuthMatch.REALM, ANQPMatcher.matchNAIRealm(element, realm));
     }
 
     /**
@@ -170,7 +166,6 @@ public class ANQPMatcherTest extends WifiBaseTest {
         // Test data.
         String providerRealm = "test.com";
         String anqpRealm = "test2.com";
-        NonEAPInnerAuth authParam = new NonEAPInnerAuth(NonEAPInnerAuth.AUTH_TYPE_MSCHAP);
         int eapMethodID = EAPConstants.EAP_TLS;
 
         // Setup NAI Realm element that has EAP method and no auth params.
@@ -180,8 +175,7 @@ public class ANQPMatcherTest extends WifiBaseTest {
         NAIRealmElement element = new NAIRealmElement(
                 Arrays.asList(new NAIRealmData[]{realmData}));
 
-        assertEquals(AuthMatch.METHOD,
-                ANQPMatcher.matchNAIRealm(element, providerRealm, eapMethodID, authParam));
+        assertEquals(AuthMatch.NONE, ANQPMatcher.matchNAIRealm(element, providerRealm));
     }
 
     /**
@@ -203,8 +197,7 @@ public class ANQPMatcherTest extends WifiBaseTest {
         NAIRealmElement element = new NAIRealmElement(
                 Arrays.asList(new NAIRealmData[] {realmData}));
 
-        assertEquals(AuthMatch.REALM | AuthMatch.METHOD,
-                ANQPMatcher.matchNAIRealm(element, realm, eapMethodID, null));
+        assertEquals(AuthMatch.REALM, ANQPMatcher.matchNAIRealm(element, realm));
     }
 
     /**
@@ -232,12 +225,11 @@ public class ANQPMatcherTest extends WifiBaseTest {
         NAIRealmElement element = new NAIRealmElement(
                 Arrays.asList(new NAIRealmData[] {realmData}));
 
-        assertEquals(AuthMatch.EXACT,
-                ANQPMatcher.matchNAIRealm(element, realm, eapMethodID, authParam));
+        assertEquals(AuthMatch.REALM, ANQPMatcher.matchNAIRealm(element, realm));
     }
 
     /**
-     * Verify that a mismatch (AuthMatch.NONE) will be returned when the specified EAP method
+     * Verify that a REALM match will be returned when the specified EAP method
      * doesn't match with the corresponding EAP method in the NAI Realm ANQP element.
      *
      * @throws Exception
@@ -260,12 +252,11 @@ public class ANQPMatcherTest extends WifiBaseTest {
         NAIRealmElement element = new NAIRealmElement(
                 Arrays.asList(new NAIRealmData[] {realmData}));
 
-        assertEquals(AuthMatch.NONE,
-                ANQPMatcher.matchNAIRealm(element, realm, EAPConstants.EAP_TLS, null));
+        assertEquals(AuthMatch.REALM, ANQPMatcher.matchNAIRealm(element, realm));
     }
 
     /**
-     * Verify that a mismatch (AuthMatch.NONE) will be returned when the specified authentication
+     * Verify that a REALM match will be returned when the specified authentication
      * parameter doesn't match with the corresponding authentication parameter in the NAI Realm
      * ANQP element.
      *
@@ -290,9 +281,7 @@ public class ANQPMatcherTest extends WifiBaseTest {
                 Arrays.asList(new NAIRealmData[] {realmData}));
 
         // Mismatch in authentication type.
-        assertEquals(AuthMatch.NONE,
-                ANQPMatcher.matchNAIRealm(element, realm, EAPConstants.EAP_TTLS,
-                        new NonEAPInnerAuth(NonEAPInnerAuth.AUTH_TYPE_PAP)));
+        assertEquals(AuthMatch.REALM, ANQPMatcher.matchNAIRealm(element, realm));
     }
 
     /**
diff --git a/tests/wifitests/src/com/android/server/wifi/hotspot2/PasspointProviderTest.java b/tests/wifitests/src/com/android/server/wifi/hotspot2/PasspointProviderTest.java
index b20699d42..c5a7d1da4 100644
--- a/tests/wifitests/src/com/android/server/wifi/hotspot2/PasspointProviderTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/hotspot2/PasspointProviderTest.java
@@ -666,9 +666,10 @@ public class PasspointProviderTest extends WifiBaseTest {
     }
 
     /**
-     * Verify that there is no match when the provider's FQDN matches a domain name in the
-     * Domain Name ANQP element but the provider's credential doesn't match the authentication
-     * method provided in the NAI realm.
+     * Verify that Home provider is matched even when the provider's FQDN matches a domain name in
+     * the Domain Name ANQP element but the provider's credential doesn't match the authentication
+     * method provided in the NAI realm. This can happen when the infrastructure provider is not
+     * the identity provider, and authentication method matching is not required in the spec.
      *
      * @throws Exception
      */
@@ -686,7 +687,8 @@ public class PasspointProviderTest extends WifiBaseTest {
         anqpElementMap.put(ANQPElementType.ANQPNAIRealm,
                 createNAIRealmElement(TEST_REALM, EAPConstants.EAP_TLS, null));
 
-        assertEquals(PasspointMatch.None, mProvider.match(anqpElementMap, mRoamingConsortium));
+        assertEquals(PasspointMatch.HomeProvider,
+                mProvider.match(anqpElementMap, mRoamingConsortium));
     }
 
     /**
@@ -795,8 +797,8 @@ public class PasspointProviderTest extends WifiBaseTest {
     }
 
     /**
-     * Verify that there is no match when a roaming consortium OI matches an OI
-     * in the roaming consortium ANQP element and but NAI realm is not matched.
+     * Verify that there is Roaming provider match when a roaming consortium OI matches an OI
+     * in the roaming consortium ANQP element and regardless of NAI realm mismatch.
      *
      * @throws Exception
      */
@@ -815,7 +817,7 @@ public class PasspointProviderTest extends WifiBaseTest {
         anqpElementMap.put(ANQPElementType.ANQPNAIRealm,
                 createNAIRealmElement(TEST_REALM, EAPConstants.EAP_TLS, null));
 
-        assertEquals(PasspointMatch.None,
+        assertEquals(PasspointMatch.RoamingProvider,
                 mProvider.match(anqpElementMap, mRoamingConsortium));
     }
 
@@ -870,8 +872,14 @@ public class PasspointProviderTest extends WifiBaseTest {
     }
 
     /**
-     * Verify that there is no match when a roaming consortium OI matches an OI
+     * Verify that there is Roaming provider match when a roaming consortium OI matches an OI
      * in the roaming consortium information element, but NAI realm is not matched.
+     * This can happen in roaming federation where the infrastructure provider is not the
+     * identity provider.
+     * Page 133 in the Hotspot2.0 specification states:
+     * Per subclause 11.25.8 of [2], if the value of HomeOI matches an OI in the Roaming
+     * Consortium advertised by a hotspot operator, successful authentication with that hotspot
+     * is possible.
      *
      * @throws Exception
      */
@@ -891,7 +899,7 @@ public class PasspointProviderTest extends WifiBaseTest {
         anqpElementMap.put(ANQPElementType.ANQPNAIRealm,
                 createNAIRealmElement(TEST_REALM, EAPConstants.EAP_TLS, null));
 
-        assertEquals(PasspointMatch.None,
+        assertEquals(PasspointMatch.RoamingProvider,
                 mProvider.match(anqpElementMap, mRoamingConsortium));
     }
author	TreeHugger Robot <treehugger-gerrit@google.com>	2020-01-29 19:45:42 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2020-01-29 19:45:42 +0000
commit	32d5be7ff79875476812a7b3974748c8a17eaf4a (patch)
tree	55afb815c78b297f4ef1cabb8e63830842ec0da2
parent	0fbf5ad9add3ad9cf80d5169cbc519db00e34006 (diff)
parent	f7d47380d5abcaab1db5e83c30555d39f24ed5b9 (diff)