summaryrefslogtreecommitdiff
path: root/service
diff options
context:
space:
mode:
authorPeter Qiu <zqiu@google.com>2016-12-15 15:22:31 -0800
committerPeter Qiu <zqiu@google.com>2017-01-07 19:06:28 -0800
commit87c6f1b149804685e46c18d2ad11262f611c9255 (patch)
tree2bd5c99f827275b949045228a3465a67fc04d04d /service
parentd28cfdde236d3d7c72f0c57ca7f18622b16d421a (diff)
hotspot2: add support for matching Passpoint provider
Added support for matching Passpoint provider based on the content of ANQP elements. While there: - updated IMSIParameter and added unit tests for it - added utility class ANQPMatcher for providing ANQP element matching functions Bug: 33246489 Test: frameworks/opt/net/wifi/tests/wifitests/runtests.sh Change-Id: Ibdd49aaf44a097c1ee523284888faace6b866485
Diffstat (limited to 'service')
-rw-r--r--service/java/com/android/server/wifi/IMSIParameter.java115
-rw-r--r--service/java/com/android/server/wifi/SIMAccessor.java2
-rw-r--r--service/java/com/android/server/wifi/hotspot2/ANQPMatcher.java257
-rw-r--r--service/java/com/android/server/wifi/hotspot2/AuthMatch.java35
-rw-r--r--service/java/com/android/server/wifi/hotspot2/PasspointManager.java13
-rw-r--r--service/java/com/android/server/wifi/hotspot2/PasspointObjectFactory.java5
-rw-r--r--service/java/com/android/server/wifi/hotspot2/PasspointProvider.java92
-rw-r--r--service/java/com/android/server/wifi/hotspot2/anqp/eap/NonEAPInnerAuth.java24
8 files changed, 483 insertions, 60 deletions
diff --git a/service/java/com/android/server/wifi/IMSIParameter.java b/service/java/com/android/server/wifi/IMSIParameter.java
index deea870bc..ab9ec0a28 100644
--- a/service/java/com/android/server/wifi/IMSIParameter.java
+++ b/service/java/com/android/server/wifi/IMSIParameter.java
@@ -1,8 +1,37 @@
+/*
+ * Copyright (C) 2016 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
package com.android.server.wifi;
-import java.io.IOException;
+import android.text.TextUtils;
+/**
+ * Class for storing an IMSI (International Mobile Subscriber Identity) parameter. The IMSI
+ * contains number (up to 15) of numerical digits. When an IMSI ends with a '*', the specified
+ * IMSI is a prefix.
+ */
public class IMSIParameter {
+ private static final int MAX_IMSI_LENGTH = 15;
+
+ /**
+ * MCC (Mobile Country Code) is a 3 digit number and MNC (Mobile Network Code) is also a 3
+ * digit number.
+ */
+ private static final int MCC_MNC_LENGTH = 6;
+
private final String mImsi;
private final boolean mPrefix;
@@ -11,11 +40,22 @@ public class IMSIParameter {
mPrefix = prefix;
}
- public IMSIParameter(String imsi) throws IOException {
- if (imsi == null || imsi.length() == 0) {
- throw new IOException("Bad IMSI: '" + imsi + "'");
+ /**
+ * Build an IMSIParameter object from the given string. A null will be returned for a
+ * malformed string.
+ *
+ * @param imsi The IMSI string
+ * @return {@link IMSIParameter}
+ */
+ public static IMSIParameter build(String imsi) {
+ if (TextUtils.isEmpty(imsi)) {
+ return null;
+ }
+ if (imsi.length() > MAX_IMSI_LENGTH) {
+ return null;
}
+ // Detect the first non-digit character.
int nonDigit;
char stopChar = '\0';
for (nonDigit = 0; nonDigit < imsi.length(); nonDigit++) {
@@ -26,48 +66,55 @@ public class IMSIParameter {
}
if (nonDigit == imsi.length()) {
- mImsi = imsi;
- mPrefix = false;
+ // Full IMSI.
+ return new IMSIParameter(imsi, false);
}
else if (nonDigit == imsi.length()-1 && stopChar == '*') {
- mImsi = imsi.substring(0, nonDigit);
- mPrefix = true;
- }
- else {
- throw new IOException("Bad IMSI: '" + imsi + "'");
+ // IMSI prefix.
+ return new IMSIParameter(imsi.substring(0, nonDigit), true);
}
+ return null;
}
- public boolean matches(String fullIMSI) {
+ /**
+ * Perform matching against the given full IMSI.
+ *
+ * @param fullIMSI The full IMSI to match against
+ * @return true if matched
+ */
+ public boolean matchesImsi(String fullIMSI) {
+ if (fullIMSI == null) {
+ return false;
+ }
+
if (mPrefix) {
+ // Prefix matching.
return mImsi.regionMatches(false, 0, fullIMSI, 0, mImsi.length());
- }
- else {
+ } else {
+ // Exact matching.
return mImsi.equals(fullIMSI);
}
}
+ /**
+ * Perform matching against the given MCC-MNC (Mobile Country Code and Mobile Network
+ * Code) combination.
+ *
+ * @param mccMnc The MCC-MNC to match against
+ * @return true if matched
+ */
public boolean matchesMccMnc(String mccMnc) {
- if (mPrefix) {
- // For a prefix match, the entire prefix must match the mcc+mnc
- return mImsi.regionMatches(false, 0, mccMnc, 0, mImsi.length());
+ if (mccMnc == null) {
+ return false;
}
- else {
- // For regular match, the entire length of mcc+mnc must match this IMSI
- return mImsi.regionMatches(false, 0, mccMnc, 0, mccMnc.length());
+ if (mccMnc.length() != MCC_MNC_LENGTH) {
+ return false;
}
- }
-
- public boolean isPrefix() {
- return mPrefix;
- }
-
- public String getImsi() {
- return mImsi;
- }
-
- public int prefixLength() {
- return mImsi.length();
+ int checkLength = MCC_MNC_LENGTH;
+ if (mPrefix && mImsi.length() < MCC_MNC_LENGTH) {
+ checkLength = mImsi.length();
+ }
+ return mImsi.regionMatches(false, 0, mccMnc, 0, checkLength);
}
@Override
@@ -75,12 +122,12 @@ public class IMSIParameter {
if (this == thatObject) {
return true;
}
- else if (thatObject == null || getClass() != thatObject.getClass()) {
+ if (!(thatObject instanceof IMSIParameter)) {
return false;
}
IMSIParameter that = (IMSIParameter) thatObject;
- return mPrefix == that.mPrefix && mImsi.equals(that.mImsi);
+ return mPrefix == that.mPrefix && TextUtils.equals(mImsi, that.mImsi);
}
@Override
diff --git a/service/java/com/android/server/wifi/SIMAccessor.java b/service/java/com/android/server/wifi/SIMAccessor.java
index d4decc4e5..21bfb9c51 100644
--- a/service/java/com/android/server/wifi/SIMAccessor.java
+++ b/service/java/com/android/server/wifi/SIMAccessor.java
@@ -23,7 +23,7 @@ public class SIMAccessor {
List<String> imsis = new ArrayList<>();
for (int subId : mSubscriptionManager.getActiveSubscriptionIdList()) {
String imsi = mTelephonyManager.getSubscriberId(subId);
- if (imsi != null && mccMnc.matches(imsi)) {
+ if (imsi != null && mccMnc.matchesImsi(imsi)) {
imsis.add(imsi);
}
}
diff --git a/service/java/com/android/server/wifi/hotspot2/ANQPMatcher.java b/service/java/com/android/server/wifi/hotspot2/ANQPMatcher.java
new file mode 100644
index 000000000..649534662
--- /dev/null
+++ b/service/java/com/android/server/wifi/hotspot2/ANQPMatcher.java
@@ -0,0 +1,257 @@
+/*
+ * Copyright (C) 2016 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.server.wifi.hotspot2;
+
+import com.android.server.wifi.IMSIParameter;
+import com.android.server.wifi.hotspot2.anqp.CellularNetwork;
+import com.android.server.wifi.hotspot2.anqp.DomainNameElement;
+import com.android.server.wifi.hotspot2.anqp.NAIRealmData;
+import com.android.server.wifi.hotspot2.anqp.NAIRealmElement;
+import com.android.server.wifi.hotspot2.anqp.RoamingConsortiumElement;
+import com.android.server.wifi.hotspot2.anqp.ThreeGPPNetworkElement;
+import com.android.server.wifi.hotspot2.anqp.eap.AuthParam;
+import com.android.server.wifi.hotspot2.anqp.eap.EAPMethod;
+
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+/**
+ * Utility class for providing matching functions against ANQP elements.
+ */
+public class ANQPMatcher {
+ /**
+ * Match the domain names in the ANQP element against the provider's FQDN and SIM credential.
+ * The Domain Name ANQP element might contain domains for 3GPP network (e.g.
+ * wlan.mnc*.mcc*.3gppnetwork.org), so we should match that against the provider's SIM
+ * credential if one is provided.
+ *
+ * @param element The Domain Name ANQP element
+ * @param fqdn The FQDN to compare against
+ * @param imsiParam The IMSI parameter of the provider
+ * @param simImsiList The list of IMSI from the installed SIM cards that matched provider's
+ * IMSI parameter
+ * @return true if a match is found
+ */
+ public static boolean matchDomainName(DomainNameElement element, String fqdn,
+ IMSIParameter imsiParam, List<String> simImsiList) {
+ if (element == null) {
+ return false;
+ }
+
+ for (String domain : element.getDomains()) {
+ if (DomainMatcher.arg2SubdomainOfArg1(fqdn, domain)) {
+ return true;
+ }
+
+ // Try to retrieve the MCC-MNC string from the domain (for 3GPP network domain) and
+ // match against the provider's SIM credential.
+ if (matchMccMnc(Utils.getMccMnc(Utils.splitDomain(domain)), imsiParam, simImsiList)) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ /**
+ * Match the roaming consortium OIs in the ANQP element against the roaming consortium OIs
+ * of a provider.
+ *
+ * @param element The Roaming Consortium ANQP element
+ * @param providerOIs The roaming consortium OIs of the provider
+ * @return true if a match is found
+ */
+ public static boolean matchRoamingConsortium(RoamingConsortiumElement element,
+ long[] providerOIs) {
+ if (element == null) {
+ return false;
+ }
+ if (providerOIs == null) {
+ return false;
+ }
+ List<Long> rcOIs = element.getOIs();
+ for (long oi : providerOIs) {
+ if (rcOIs.contains(oi)) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ /**
+ * Match the NAI realm in the ANQP element against the realm and authentication method of
+ * a provider.
+ *
+ * @param element The NAI Realm ANQP element
+ * @param realm The realm of the provider's credential
+ * @param eapMethodID The EAP Method ID of the provider's credential
+ * @param authParam The authentication parameter of the provider's credential
+ * @return an integer indicating the match status
+ */
+ public static int matchNAIRealm(NAIRealmElement element, String realm, int eapMethodID,
+ AuthParam authParam) {
+ if (element == null || element.getRealmDataList().isEmpty()) {
+ return AuthMatch.INDETERMINATE;
+ }
+
+ int bestMatch = AuthMatch.NONE;
+ for (NAIRealmData realmData : element.getRealmDataList()) {
+ int match = matchNAIRealmData(realmData, realm, eapMethodID, authParam);
+ if (match > bestMatch) {
+ bestMatch = match;
+ if (bestMatch == AuthMatch.EXACT) {
+ break;
+ }
+ }
+ }
+ return bestMatch;
+ }
+
+ /**
+ * Match the 3GPP Network in the ANQP element against the SIM credential of a provider.
+ *
+ * @param element 3GPP Network ANQP element
+ * @param imsiParam The IMSI parameter of the provider's SIM credential
+ * @param simImsiList The list of IMSI from the installed SIM cards that matched provider's
+ * IMSI parameter
+ * @return true if a matched is found
+ */
+ public static boolean matchThreeGPPNetwork(ThreeGPPNetworkElement element,
+ IMSIParameter imsiParam, List<String> simImsiList) {
+ if (element == null) {
+ return false;
+ }
+ for (CellularNetwork network : element.getNetworks()) {
+ if (matchCellularNetwork(network, imsiParam, simImsiList)) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ /**
+ * Match the given NAI Realm data against the realm and authentication method of a provider.
+ *
+ * @param realmData The NAI Realm data
+ * @param realm The realm of the provider's credential
+ * @param eapMethodID The EAP Method ID of the provider's credential
+ * @param authParam The authentication parameter of the provider's credential
+ * @return an integer indicating the match status
+ */
+ private static int matchNAIRealmData(NAIRealmData realmData, String realm, int eapMethodID,
+ AuthParam authParam) {
+ // Check for realm domain name match.
+ int realmMatch = AuthMatch.NONE;
+ for (String realmStr : realmData.getRealms()) {
+ if (DomainMatcher.arg2SubdomainOfArg1(realm, realmStr)) {
+ realmMatch = AuthMatch.REALM;
+ break;
+ }
+ }
+
+ if (realmMatch == AuthMatch.NONE || realmData.getEAPMethods().isEmpty()) {
+ return realmMatch;
+ }
+
+ // Check for EAP method match.
+ int eapMethodMatch = AuthMatch.NONE;
+ for (EAPMethod eapMethod : realmData.getEAPMethods()) {
+ eapMethodMatch = matchEAPMethod(eapMethod, eapMethodID, authParam);
+ if (eapMethodMatch != AuthMatch.NONE) {
+ break;
+ }
+ }
+
+ if (eapMethodMatch == AuthMatch.NONE) {
+ return AuthMatch.NONE;
+ }
+ return realmMatch | eapMethodMatch;
+ }
+
+ /**
+ * Match the given EAPMethod against the authentication method of a provider.
+ *
+ * @param method The EAP Method
+ * @param eapMethodID The EAP Method ID of the provider's credential
+ * @param authParam The authentication parameter of the provider's credential
+ * @return an integer indicating the match status
+ */
+ private static int matchEAPMethod(EAPMethod method, int eapMethodID, AuthParam authParam) {
+ if (method.getEAPMethodID() != eapMethodID) {
+ return AuthMatch.NONE;
+ }
+ // Check for authentication parameter match.
+ if (authParam != null) {
+ Map<Integer, Set<AuthParam>> authParams = method.getAuthParams();
+ Set<AuthParam> paramSet = authParams.get(authParam.getAuthTypeID());
+ if (paramSet == null || !paramSet.contains(authParam)) {
+ return AuthMatch.NONE;
+ }
+ return AuthMatch.METHOD_PARAM;
+ }
+ return AuthMatch.METHOD;
+ }
+
+ /**
+ * Match a cellular network information in the 3GPP Network ANQP element against the SIM
+ * credential of a provider.
+ *
+ * @param network The cellular network that contained list of PLMNs
+ * @param imsiParam IMSI parameter of the provider
+ * @param simImsiList The list of IMSI from the installed SIM cards that matched provider's
+ * IMSI parameter
+ * @return true if a match is found
+ */
+ private static boolean matchCellularNetwork(CellularNetwork network, IMSIParameter imsiParam,
+ List<String> simImsiList) {
+ for (String plmn : network.getPlmns()) {
+ if (matchMccMnc(plmn, imsiParam, simImsiList)) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ /**
+ * Match a MCC-MNC against the SIM credential of a provider.
+ *
+ * @param mccMnc The string containing MCC-MNC
+ * @param imsiParam The IMSI parameter of the provider
+ * @param simImsiList The list of IMSI from the installed SIM cards that matched provider's
+ * IMSI parameter
+ * @return true if a match is found
+ */
+ private static boolean matchMccMnc(String mccMnc, IMSIParameter imsiParam,
+ List<String> simImsiList) {
+ if (imsiParam == null || simImsiList == null) {
+ return false;
+ }
+ // Match against the IMSI parameter in the provider.
+ if (!imsiParam.matchesMccMnc(mccMnc)) {
+ return false;
+ }
+ // Additional check for verifying the match with IMSIs from the SIM cards, since the IMSI
+ // parameter might not contain the full 6-digit MCC MNC (e.g. IMSI parameter is an IMSI
+ // prefix that contained less than 6-digit of numbers "12345*").
+ for (String imsi : simImsiList) {
+ if (imsi.startsWith(mccMnc)) {
+ return true;
+ }
+ }
+ return false;
+ }
+}
diff --git a/service/java/com/android/server/wifi/hotspot2/AuthMatch.java b/service/java/com/android/server/wifi/hotspot2/AuthMatch.java
index cd988b548..3abf35fb6 100644
--- a/service/java/com/android/server/wifi/hotspot2/AuthMatch.java
+++ b/service/java/com/android/server/wifi/hotspot2/AuthMatch.java
@@ -1,3 +1,18 @@
+/*
+ * Copyright (C) 2016 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
package com.android.server.wifi.hotspot2;
/**
@@ -9,13 +24,13 @@ package com.android.server.wifi.hotspot2;
* must be maintained accordingly.
*/
public abstract class AuthMatch {
- public static final int None = -1;
- public static final int Indeterminate = 0;
- public static final int Realm = 0x04;
- public static final int Method = 0x02;
- public static final int Param = 0x01;
- public static final int MethodParam = Method | Param;
- public static final int Exact = Realm | Method | Param;
+ public static final int NONE = -1;
+ public static final int INDETERMINATE = 0;
+ public static final int REALM = 0x04;
+ public static final int METHOD = 0x02;
+ public static final int PARAM = 0x01;
+ public static final int METHOD_PARAM = METHOD | PARAM;
+ public static final int EXACT = REALM | METHOD | PARAM;
public static String toString(int match) {
if (match < 0) {
@@ -26,13 +41,13 @@ public abstract class AuthMatch {
}
StringBuilder sb = new StringBuilder();
- if ((match & Realm) != 0) {
+ if ((match & REALM) != 0) {
sb.append("Realm");
}
- if ((match & Method) != 0) {
+ if ((match & METHOD) != 0) {
sb.append("Method");
}
- if ((match & Param) != 0) {
+ if ((match & PARAM) != 0) {
sb.append("Param");
}
return sb.toString();
diff --git a/service/java/com/android/server/wifi/hotspot2/PasspointManager.java b/service/java/com/android/server/wifi/hotspot2/PasspointManager.java
index 31a0b5ef6..88b04a379 100644
--- a/service/java/com/android/server/wifi/hotspot2/PasspointManager.java
+++ b/service/java/com/android/server/wifi/hotspot2/PasspointManager.java
@@ -43,7 +43,6 @@ import com.android.server.wifi.WifiNative;
import com.android.server.wifi.hotspot2.anqp.ANQPElement;
import com.android.server.wifi.hotspot2.anqp.Constants;
-import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
@@ -177,20 +176,16 @@ public class PasspointManager {
// Verify IMSI against the IMSI of the installed SIM cards for SIM credential.
if (config.credential.simCredential != null) {
- try {
- if (mSimAccessor.getMatchingImsis(
- new IMSIParameter(config.credential.simCredential.imsi)) == null) {
- Log.e(TAG, "IMSI does not match any SIM card");
- return false;
- }
- } catch (IOException e) {
+ if (mSimAccessor.getMatchingImsis(
+ IMSIParameter.build(config.credential.simCredential.imsi)) == null) {
+ Log.e(TAG, "IMSI does not match any SIM card");
return false;
}
}
// Create a provider and install the necessary certificates and keys.
PasspointProvider newProvider = mObjectFactory.makePasspointProvider(
- config, mKeyStore, mProviderID++);
+ config, mKeyStore, mSimAccessor, mProviderID++);
if (!newProvider.installCertsAndKeys()) {
Log.e(TAG, "Failed to install certificates and keys to keystore");
diff --git a/service/java/com/android/server/wifi/hotspot2/PasspointObjectFactory.java b/service/java/com/android/server/wifi/hotspot2/PasspointObjectFactory.java
index b5793e7e0..69bf99a9e 100644
--- a/service/java/com/android/server/wifi/hotspot2/PasspointObjectFactory.java
+++ b/service/java/com/android/server/wifi/hotspot2/PasspointObjectFactory.java
@@ -19,6 +19,7 @@ package com.android.server.wifi.hotspot2;
import android.net.wifi.hotspot2.PasspointConfiguration;
import com.android.server.wifi.Clock;
+import com.android.server.wifi.SIMAccessor;
import com.android.server.wifi.WifiKeyStore;
import com.android.server.wifi.WifiNative;
@@ -48,8 +49,8 @@ public class PasspointObjectFactory{
* @return {@link PasspointProvider}
*/
public PasspointProvider makePasspointProvider(PasspointConfiguration config,
- WifiKeyStore keyStore, long providerId) {
- return new PasspointProvider(config, keyStore, providerId);
+ WifiKeyStore keyStore, SIMAccessor simAccessor, long providerId) {
+ return new PasspointProvider(config, keyStore, simAccessor, providerId);
}
/**
diff --git a/service/java/com/android/server/wifi/hotspot2/PasspointProvider.java b/service/java/com/android/server/wifi/hotspot2/PasspointProvider.java
index a0a52f6ea..61fb0352e 100644
--- a/service/java/com/android/server/wifi/hotspot2/PasspointProvider.java
+++ b/service/java/com/android/server/wifi/hotspot2/PasspointProvider.java
@@ -16,19 +16,29 @@
package com.android.server.wifi.hotspot2;
+import android.net.wifi.EAPConstants;
import android.net.wifi.hotspot2.PasspointConfiguration;
import android.security.Credentials;
import android.util.Log;
+import com.android.server.wifi.IMSIParameter;
+import com.android.server.wifi.SIMAccessor;
import com.android.server.wifi.WifiKeyStore;
import com.android.server.wifi.hotspot2.anqp.ANQPElement;
import com.android.server.wifi.hotspot2.anqp.Constants.ANQPElementType;
+import com.android.server.wifi.hotspot2.anqp.DomainNameElement;
+import com.android.server.wifi.hotspot2.anqp.NAIRealmElement;
+import com.android.server.wifi.hotspot2.anqp.RoamingConsortiumElement;
+import com.android.server.wifi.hotspot2.anqp.ThreeGPPNetworkElement;
+import com.android.server.wifi.hotspot2.anqp.eap.AuthParam;
+import com.android.server.wifi.hotspot2.anqp.eap.NonEAPInnerAuth;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
+import java.util.List;
import java.util.Map;
/**
@@ -53,12 +63,37 @@ public class PasspointProvider {
private String mClientPrivateKeyAlias;
private String mClientCertificateAlias;
+ private final IMSIParameter mImsiParameter;
+ private final List<String> mMatchingSIMImsiList;
+
+ private final int mEAPMethodID;
+ private final AuthParam mAuthParam;
+
public PasspointProvider(PasspointConfiguration config, WifiKeyStore keyStore,
- long providerId) {
+ SIMAccessor simAccessor, long providerId) {
// Maintain a copy of the configuration to avoid it being updated by others.
mConfig = new PasspointConfiguration(config);
mKeyStore = keyStore;
mProviderId = providerId;
+
+ // Setup EAP method and authentication parameter based on the credential.
+ if (mConfig.credential.userCredential != null) {
+ mEAPMethodID = EAPConstants.EAP_TTLS;
+ mAuthParam = new NonEAPInnerAuth(NonEAPInnerAuth.getAuthTypeID(
+ mConfig.credential.userCredential.nonEapInnerMethod));
+ mImsiParameter = null;
+ mMatchingSIMImsiList = null;
+ } else if (mConfig.credential.certCredential != null) {
+ mEAPMethodID = EAPConstants.EAP_TLS;
+ mAuthParam = null;
+ mImsiParameter = null;
+ mMatchingSIMImsiList = null;
+ } else {
+ mEAPMethodID = mConfig.credential.simCredential.eapType;
+ mAuthParam = null;
+ mImsiParameter = IMSIParameter.build(mConfig.credential.simCredential.imsi);
+ mMatchingSIMImsiList = simAccessor.getMatchingImsis(mImsiParameter);
+ }
}
public PasspointConfiguration getConfig() {
@@ -160,12 +195,31 @@ public class PasspointProvider {
/**
* Return the matching status with the given AP, based on the ANQP elements from the AP.
+ *
* @param anqpElements ANQP elements from the AP
- * @return {@link com.android.server.wifi.hotspot2.PasspointMatch}
+ * @return {@link PasspointMatch}
*/
public PasspointMatch match(Map<ANQPElementType, ANQPElement> anqpElements) {
- // TODO(b/33246489): To be implemented.
- return PasspointMatch.None;
+ PasspointMatch providerMatch = matchProvider(anqpElements);
+
+ // Perform authentication match against the NAI Realm.
+ int authMatch = ANQPMatcher.matchNAIRealm(
+ (NAIRealmElement) anqpElements.get(ANQPElementType.ANQPNAIRealm),
+ mConfig.credential.realm, mEAPMethodID, mAuthParam);
+
+ // Auth mismatch, demote provider match.
+ if (authMatch == AuthMatch.NONE) {
+ return PasspointMatch.None;
+ }
+
+ // No realm match, return provider match as is.
+ if ((authMatch & AuthMatch.REALM) == 0) {
+ return providerMatch;
+ }
+
+ // Realm match, promote provider match to roaming if no other provider match is found.
+ return providerMatch == PasspointMatch.None ? PasspointMatch.RoamingProvider
+ : providerMatch;
}
/**
@@ -207,4 +261,34 @@ public class PasspointProvider {
return null;
}
+
+ /**
+ * Perform a provider match based on the given ANQP elements.
+ *
+ * @param anqpElements List of ANQP elements
+ * @return {@link PasspointMatch}
+ */
+ private PasspointMatch matchProvider(Map<ANQPElementType, ANQPElement> anqpElements) {
+ // Domain name matching.
+ if (ANQPMatcher.matchDomainName(
+ (DomainNameElement) anqpElements.get(ANQPElementType.ANQPDomName),
+ mConfig.homeSp.fqdn, mImsiParameter, mMatchingSIMImsiList)) {
+ return PasspointMatch.HomeProvider;
+ }
+
+ // Roaming Consortium OI matching.
+ if (ANQPMatcher.matchRoamingConsortium(
+ (RoamingConsortiumElement) anqpElements.get(ANQPElementType.ANQPRoamingConsortium),
+ mConfig.homeSp.roamingConsortiumOIs)) {
+ return PasspointMatch.RoamingProvider;
+ }
+
+ // 3GPP Network matching.
+ if (ANQPMatcher.matchThreeGPPNetwork(
+ (ThreeGPPNetworkElement) anqpElements.get(ANQPElementType.ANQP3GPPNetwork),
+ mImsiParameter, mMatchingSIMImsiList)) {
+ return PasspointMatch.RoamingProvider;
+ }
+ return PasspointMatch.None;
+ }
}
diff --git a/service/java/com/android/server/wifi/hotspot2/anqp/eap/NonEAPInnerAuth.java b/service/java/com/android/server/wifi/hotspot2/anqp/eap/NonEAPInnerAuth.java
index 1afe0d099..b69339315 100644
--- a/service/java/com/android/server/wifi/hotspot2/anqp/eap/NonEAPInnerAuth.java
+++ b/service/java/com/android/server/wifi/hotspot2/anqp/eap/NonEAPInnerAuth.java
@@ -21,6 +21,8 @@ import com.android.internal.annotations.VisibleForTesting;
import java.net.ProtocolException;
import java.nio.BufferUnderflowException;
import java.nio.ByteBuffer;
+import java.util.HashMap;
+import java.util.Map;
/**
* The Non-EAP Inner Authentication Type authentication parameter, IEEE802.11-2012, table 8-188.
@@ -30,11 +32,20 @@ import java.nio.ByteBuffer;
* 1
*/
public class NonEAPInnerAuth extends AuthParam {
+ public static final int AUTH_TYPE_UNKNOWN = 0;
public static final int AUTH_TYPE_PAP = 1;
public static final int AUTH_TYPE_CHAP = 2;
public static final int AUTH_TYPE_MSCHAP = 3;
public static final int AUTH_TYPE_MSCHAPV2 = 4;
+ private static final Map<String, Integer> AUTH_TYPE_MAP = new HashMap<>();
+ static {
+ AUTH_TYPE_MAP.put("PAP", AUTH_TYPE_PAP);
+ AUTH_TYPE_MAP.put("CHAP", AUTH_TYPE_CHAP);
+ AUTH_TYPE_MAP.put("MS-CHAP", AUTH_TYPE_MSCHAP);
+ AUTH_TYPE_MAP.put("MS-CHAP-V2", AUTH_TYPE_MSCHAPV2);
+ }
+
@VisibleForTesting
public static final int EXPECTED_LENGTH_VALUE = 1;
@@ -61,6 +72,19 @@ public class NonEAPInnerAuth extends AuthParam {
return new NonEAPInnerAuth(authType);
}
+ /**
+ * Convert an authentication type string to an integer representation.
+ *
+ * @param typeStr The string of authentication type
+ * @return int
+ */
+ public static int getAuthTypeID(String typeStr) {
+ if (AUTH_TYPE_MAP.containsKey(typeStr)) {
+ return AUTH_TYPE_MAP.get(typeStr).intValue();
+ }
+ return AUTH_TYPE_UNKNOWN;
+ }
+
@Override
public boolean equals(Object thatObject) {
if (thatObject == this) {