Merge "[Passpoint] Add support for OSEN"

4 files changed, 50 insertions, 14 deletions

diff --git a/service/java/com/android/server/wifi/hotspot2/OsuNetworkConnection.java b/service/java/com/android/server/wifi/hotspot2/OsuNetworkConnection.java
index 08899ae28..b3bab6432 100644
--- a/service/java/com/android/server/wifi/hotspot2/OsuNetworkConnection.java
+++ b/service/java/com/android/server/wifi/hotspot2/OsuNetworkConnection.java
@@ -28,6 +28,7 @@ import android.net.Network;
 import android.net.NetworkCapabilities;
 import android.net.NetworkRequest;
 import android.net.wifi.WifiConfiguration;
+import android.net.wifi.WifiEnterpriseConfig;
 import android.net.wifi.WifiInfo;
 import android.net.wifi.WifiManager;
 import android.net.wifi.WifiSsid;
@@ -192,9 +193,12 @@ public class OsuNetworkConnection {
         if (TextUtils.isEmpty(nai)) {
             config.allowedKeyManagement.set(WifiConfiguration.KeyMgmt.NONE);
         } else {
-            // TODO: Handle OSEN.
-            Log.w(TAG, "OSEN not supported");
-            return false;
+            // Setup OSEN connection with Unauthenticated user TLS and WFA Root certs
+            config.allowedKeyManagement.set(WifiConfiguration.KeyMgmt.OSEN);
+            config.allowedProtocols.set(WifiConfiguration.Protocol.OSEN);
+            config.enterpriseConfig.setDomainSuffixMatch(nai);
+            config.enterpriseConfig.setEapMethod(WifiEnterpriseConfig.Eap.UNAUTH_TLS);
+            config.enterpriseConfig.setCaPath(WfaKeyStore.DEFAULT_WFA_CERT_DIR);
         }
         mNetworkId = mWifiManager.addNetwork(config);
         if (mNetworkId < 0) {
diff --git a/service/java/com/android/server/wifi/hotspot2/WfaKeyStore.java b/service/java/com/android/server/wifi/hotspot2/WfaKeyStore.java
index 342ce1cd8..c85f7f963 100644
--- a/service/java/com/android/server/wifi/hotspot2/WfaKeyStore.java
+++ b/service/java/com/android/server/wifi/hotspot2/WfaKeyStore.java
@@ -34,7 +34,7 @@ public class WfaKeyStore {
     private static final String TAG = "PasspointWfaKeyStore";
     // The WFA Root certs are checked in to /system/ca-certificates/cacerts_wfa
     // The location on device is configured in the corresponding Android.mk
-    private static final String DEFAULT_WFA_CERT_DIR =
+    /* package */ static final String DEFAULT_WFA_CERT_DIR =
             Environment.getRootDirectory() + "/etc/security/cacerts_wfa";
 
     private boolean mVerboseLoggingEnabled = false;
diff --git a/service/java/com/android/server/wifi/util/InformationElementUtil.java b/service/java/com/android/server/wifi/util/InformationElementUtil.java
index 599a3a97c..3ed829d8c 100644
--- a/service/java/com/android/server/wifi/util/InformationElementUtil.java
+++ b/service/java/com/android/server/wifi/util/InformationElementUtil.java
@@ -417,6 +417,7 @@ public class InformationElementUtil {
         private static final int RSN_AKM_FT_SAE = 0x09ac0f00;
         private static final int RSN_AKM_OWE = 0x12ac0f00;
         private static final int RSN_AKM_EAP_SUITE_B_192 = 0x0cac0f00;
+        private static final int RSN_OSEN = 0x019a6f50;
 
         private static final int WPA_CIPHER_NONE = 0x00f25000;
         private static final int WPA_CIPHER_TKIP = 0x02f25000;
@@ -516,6 +517,9 @@ public class InformationElementUtil {
                         case RSN_AKM_EAP_SUITE_B_192:
                             rsnKeyManagement.add(ScanResult.KEY_MGMT_EAP_SUITE_B_192);
                             break;
+                        case RSN_OSEN:
+                            rsnKeyManagement.add(ScanResult.KEY_MGMT_OSEN);
+                            break;
                         default:
                             // do nothing
                             break;
@@ -742,6 +746,8 @@ public class InformationElementUtil {
                     return "WPA";
                 case ScanResult.PROTOCOL_RSN:
                     return "RSN";
+                case ScanResult.PROTOCOL_OSEN:
+                    return "OSEN";
                 default:
                     return "?";
             }
@@ -773,6 +779,8 @@ public class InformationElementUtil {
                     return "FT/SAE";
                 case ScanResult.KEY_MGMT_EAP_SUITE_B_192:
                     return "EAP_SUITE_B_192";
+                case ScanResult.KEY_MGMT_OSEN:
+                    return "OSEN";
                 default:
                     return "?";
             }
diff --git a/tests/wifitests/src/com/android/server/wifi/hotspot2/OsuNetworkConnectionTest.java b/tests/wifitests/src/com/android/server/wifi/hotspot2/OsuNetworkConnectionTest.java
index d45bbd586..8f3daa243 100644
--- a/tests/wifitests/src/com/android/server/wifi/hotspot2/OsuNetworkConnectionTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/hotspot2/OsuNetworkConnectionTest.java
@@ -39,6 +39,7 @@ import android.net.NetworkRequest;
 import android.net.NetworkUtils;
 import android.net.RouteInfo;
 import android.net.wifi.WifiConfiguration;
+import android.net.wifi.WifiEnterpriseConfig;
 import android.net.wifi.WifiInfo;
 import android.net.wifi.WifiManager;
 import android.net.wifi.WifiSsid;
@@ -170,16 +171,6 @@ public class OsuNetworkConnectionTest extends WifiBaseTest {
     }
 
     /**
-     * Verifies that connect() API returns false when OSU AP is a part of an OSEN
-     */
-    @Test
-    public void verifyOSENUnsupported() {
-        mNetworkConnection.init(mHandler);
-        assertEquals(false,
-                mNetworkConnection.connect(TEST_SSID, TEST_NAI_OSEN, TEST_PROVIDER_NAME));
-    }
-
-    /**
      * Verifies that connect() API returns false when WifiManager's addNetwork()
      * returns an invalid network ID
      */
@@ -328,4 +319,37 @@ public class OsuNetworkConnectionTest extends WifiBaseTest {
         assertFalse(networkRequestCaptor.getValue().hasCapability(NET_CAPABILITY_TRUSTED));
 
     }
+
+    /**
+     * Verifies that {@link WifiConfiguration} has been created properly for OSEN OSU network.
+     * It is supposed to create a network as ephemeral network with OSEN protocol and key management
+     * and suppress no internet access notification.
+     */
+    @Test
+    public void verifyWifiConfigurationForOsenOsuNetwork() {
+        mNetworkConnection.init(mHandler);
+
+        assertEquals(true, mNetworkConnection.connect(TEST_SSID, TEST_NAI_OSEN,
+                TEST_PROVIDER_NAME));
+
+        ArgumentCaptor<WifiConfiguration> wifiConfigurationCaptor = ArgumentCaptor.forClass(
+                WifiConfiguration.class);
+        verify(mWifiManager, times(1)).addNetwork(wifiConfigurationCaptor.capture());
+        WifiConfiguration wifiConfiguration = wifiConfigurationCaptor.getValue();
+        assertTrue(wifiConfiguration.isNoInternetAccessExpected());
+        assertTrue(wifiConfiguration.isEphemeral());
+        assertTrue(wifiConfiguration.osu);
+        assertTrue(wifiConfiguration.allowedProtocols.get(WifiConfiguration.Protocol.OSEN));
+        assertTrue(wifiConfiguration.allowedKeyManagement.get(WifiConfiguration.KeyMgmt.OSEN));
+        assertEquals(wifiConfiguration.enterpriseConfig.getEapMethod(),
+                WifiEnterpriseConfig.Eap.UNAUTH_TLS);
+        assertEquals(wifiConfiguration.enterpriseConfig.getCaPath(),
+                WfaKeyStore.DEFAULT_WFA_CERT_DIR);
+        ArgumentCaptor<NetworkRequest> networkRequestCaptor = ArgumentCaptor.forClass(
+                NetworkRequest.class);
+        verify(mConnectivityManager, times(1)).requestNetwork(networkRequestCaptor.capture(),
+                any(ConnectivityManager.NetworkCallback.class), any(Handler.class), anyInt());
+        assertFalse(networkRequestCaptor.getValue().hasCapability(NET_CAPABILITY_TRUSTED));
+
+    }
 }