summaryrefslogtreecommitdiff
path: root/service
diff options
context:
space:
mode:
authorTreeHugger Robot <treehugger-gerrit@google.com>2019-08-03 18:11:16 +0000
committerAndroid (Google) Code Review <android-gerrit@google.com>2019-08-03 18:11:16 +0000
commitece7e1bb352a57ed82124173449b7d5b6d479e8e (patch)
treeac60e6c6ed4b58eac5256cf6baf1a2a6e16c1240 /service
parent43dbd2ea7c484a687b0019522e9b57715e3013a9 (diff)
parent1b0234a5ada2bdb2c0788eb274f84039302e3c98 (diff)
Merge "[Passpoint] OSU system exception when the URL is HTTP" into qt-qpr1-dev
Diffstat (limited to 'service')
-rw-r--r--service/java/com/android/server/wifi/hotspot2/OsuServerConnection.java61
1 files changed, 50 insertions, 11 deletions
diff --git a/service/java/com/android/server/wifi/hotspot2/OsuServerConnection.java b/service/java/com/android/server/wifi/hotspot2/OsuServerConnection.java
index c748ca1ac..94f584f72 100644
--- a/service/java/com/android/server/wifi/hotspot2/OsuServerConnection.java
+++ b/service/java/com/android/server/wifi/hotspot2/OsuServerConnection.java
@@ -43,6 +43,7 @@ import java.io.IOException;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.URL;
+import java.net.URLConnection;
import java.security.KeyManagementException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
@@ -163,7 +164,7 @@ public class OsuServerConnection {
*/
public boolean connect(@NonNull URL url, @NonNull Network network) {
if (url == null) {
- Log.e(TAG, "url is null");
+ Log.e(TAG, "URL is null");
return false;
}
if (network == null) {
@@ -171,6 +172,14 @@ public class OsuServerConnection {
return false;
}
+ String protocol = url.getProtocol();
+ // According to section 7.5.1 OSU operational requirements, in HS2.0 R3 specification,
+ // the URL must be HTTPS. Enforce it here.
+ if (!TextUtils.equals(protocol, "https")) {
+ Log.e(TAG, "OSU server URL must be HTTPS");
+ return false;
+ }
+
mHandler.post(() -> performTlsConnection(url, network));
return true;
}
@@ -271,13 +280,37 @@ public class OsuServerConnection {
mNetwork = network;
mUrl = url;
- HttpsURLConnection urlConnection;
+ URLConnection urlConnection;
+ HttpsURLConnection httpsURLConnection;
+
+ try {
+ urlConnection = mNetwork.openConnection(mUrl);
+ } catch (IOException e) {
+ Log.e(TAG, "Unable to establish a URL connection: " + e);
+ if (mOsuServerCallbacks != null) {
+ mOsuServerCallbacks.onServerConnectionStatus(
+ mOsuServerCallbacks.getSessionId(),
+ false);
+ }
+ return;
+ }
+
+ if (urlConnection instanceof HttpsURLConnection) {
+ httpsURLConnection = (HttpsURLConnection) urlConnection;
+ } else {
+ Log.e(TAG, "Invalid URL connection");
+ if (mOsuServerCallbacks != null) {
+ mOsuServerCallbacks.onServerConnectionStatus(mOsuServerCallbacks.getSessionId(),
+ false);
+ }
+ return;
+ }
+
try {
- urlConnection = (HttpsURLConnection) mNetwork.openConnection(mUrl);
- urlConnection.setSSLSocketFactory(mSocketFactory);
- urlConnection.setConnectTimeout(HttpsServiceConnection.DEFAULT_TIMEOUT_MS);
- urlConnection.setReadTimeout(HttpsServiceConnection.DEFAULT_TIMEOUT_MS);
- urlConnection.connect();
+ httpsURLConnection.setSSLSocketFactory(mSocketFactory);
+ httpsURLConnection.setConnectTimeout(HttpsServiceConnection.DEFAULT_TIMEOUT_MS);
+ httpsURLConnection.setReadTimeout(HttpsServiceConnection.DEFAULT_TIMEOUT_MS);
+ httpsURLConnection.connect();
} catch (IOException e) {
Log.e(TAG, "Unable to establish a URL connection: " + e);
if (mOsuServerCallbacks != null) {
@@ -286,7 +319,7 @@ public class OsuServerConnection {
}
return;
}
- mUrlConnection = urlConnection;
+ mUrlConnection = httpsURLConnection;
if (mOsuServerCallbacks != null) {
mOsuServerCallbacks.onServerConnectionStatus(mOsuServerCallbacks.getSessionId(), true);
}
@@ -572,9 +605,15 @@ public class OsuServerConnection {
(SSLSocket) null);
certsValid = true;
} catch (CertificateException e) {
- Log.e(TAG, "Unable to validate certs " + e);
- if (mVerboseLoggingEnabled) {
- e.printStackTrace();
+ Log.e(TAG, "Certificate validation failure: " + e);
+ int i = 0;
+ for (X509Certificate cert : chain) {
+ // Provide some more details about the invalid certificate
+ Log.e(TAG, "Cert " + i + " details: " + cert.getSubjectDN());
+ Log.e(TAG, "Not before: " + cert.getNotBefore() + ", not after: "
+ + cert.getNotAfter());
+ Log.e(TAG, "Cert " + i + " issuer: " + cert.getIssuerDN());
+ i++;
}
}
if (mOsuServerCallbacks != null) {