diff options
4 files changed, 97 insertions, 19 deletions
diff --git a/service/java/com/android/server/wifi/hotspot2/OsuServerConnection.java b/service/java/com/android/server/wifi/hotspot2/OsuServerConnection.java index 94f584f72..92560932c 100644 --- a/service/java/com/android/server/wifi/hotspot2/OsuServerConnection.java +++ b/service/java/com/android/server/wifi/hotspot2/OsuServerConnection.java @@ -188,27 +188,25 @@ public class OsuServerConnection { * Validates the service provider by comparing its identities found in OSU Server cert * to the friendlyName obtained from ANQP exchange that is displayed to the user. * - * @param locale a {@link Locale} object used for matching the friendly name in - * subjectAltName section of the certificate along with - * {@param friendlyName}. - * @param friendlyName a string of the friendly name used for finding the same name in - * subjectAltName section of the certificate. + * @param friendlyNames the friendly names used for finding the same name in + * subjectAltName section of the certificate, which is a map of language + * codes from ISO-639 and names. * @return boolean true if friendlyName shows up as one of the identities in the cert */ - public boolean validateProvider(Locale locale, - String friendlyName) { + public boolean validateProvider( + Map<String, String> friendlyNames) { - if (locale == null || TextUtils.isEmpty(friendlyName)) { + if (friendlyNames.size() == 0) { return false; } for (Pair<Locale, String> identity : ServiceProviderVerifier.getProviderNames( mTrustManager.getProviderCert())) { - if (identity.first == null) continue; + if (identity.first == null || TextUtils.isEmpty(identity.second)) continue; // Compare the language code for ISO-639. - if (identity.first.getISO3Language().equals(locale.getISO3Language()) && - TextUtils.equals(identity.second, friendlyName)) { + if (TextUtils.equals(identity.second, + friendlyNames.get(identity.first.getISO3Language()))) { if (mVerboseLoggingEnabled) { Log.v(TAG, "OSU certificate is valid for " + identity.first.getISO3Language() + "/" + identity.second); diff --git a/service/java/com/android/server/wifi/hotspot2/PasspointProvisioner.java b/service/java/com/android/server/wifi/hotspot2/PasspointProvisioner.java index bdd035fe4..137d9fa19 100644 --- a/service/java/com/android/server/wifi/hotspot2/PasspointProvisioner.java +++ b/service/java/com/android/server/wifi/hotspot2/PasspointProvisioner.java @@ -366,7 +366,7 @@ public class PasspointProvisioner { return; } if (!mOsuServerConnection.validateProvider( - Locale.getDefault(), mOsuProvider.getFriendlyName())) { + mOsuProvider.getFriendlyNameList())) { Log.e(TAG, "OSU Server certificate does not have the one matched with the selected " + "Service Name: " diff --git a/tests/wifitests/src/com/android/server/wifi/hotspot2/OsuServerConnectionTest.java b/tests/wifitests/src/com/android/server/wifi/hotspot2/OsuServerConnectionTest.java index 843caf1a9..9fa92c9a3 100644 --- a/tests/wifitests/src/com/android/server/wifi/hotspot2/OsuServerConnectionTest.java +++ b/tests/wifitests/src/com/android/server/wifi/hotspot2/OsuServerConnectionTest.java @@ -86,6 +86,7 @@ public class OsuServerConnectionTest { private static final String AUTH_TYPE = "ECDHE_RSA"; private static final String PROVIDER_NAME_VALID = "Boingo"; private static final String PROVIDER_NAME_INVALID = "Boingo1"; + private static final String TEST_PROVIDER_CHINESE_NAME = "宝音阁"; private static final int ENABLE_VERBOSE_LOGGING = 1; private static final int TEST_SESSION_ID = 1; @@ -144,7 +145,85 @@ public class OsuServerConnectionTest { trustManager.checkServerTrusted(new X509Certificate[1], AUTH_TYPE); verify(mOsuServerCallbacks).onServerValidationStatus(anyInt(), eq(true)); - assertTrue(mOsuServerConnection.validateProvider(Locale.US, PROVIDER_NAME_VALID)); + Map<String, String> providerNames = new HashMap<>(); + providerNames.put(Locale.US.getISO3Language(), PROVIDER_NAME_VALID); + assertTrue(mOsuServerConnection.validateProvider(providerNames)); + } finally { + session.finishMocking(); + } + } + + /** + * Verifies multiple languages of OsuProvider names are matched with cert + */ + @Test + public void verifyValidateProviderWithMultipleProviderLangs() throws Exception { + // static mocking + MockitoSession session = ExtendedMockito.mockitoSession().mockStatic( + ServiceProviderVerifier.class).startMocking(); + try { + when(ServiceProviderVerifier.getProviderNames(any(X509Certificate.class))).thenReturn( + mProviderIdentities); + establishServerConnection(); + TrustManager[] trustManagers = mTrustManagerCaptor.getValue(); + X509TrustManager trustManager = (X509TrustManager) trustManagers[0]; + trustManager.checkServerTrusted(new X509Certificate[1], AUTH_TYPE); + Map<String, String> friendlyNames = new HashMap<>(); + friendlyNames.put( + Locale.SIMPLIFIED_CHINESE.getISO3Language(), TEST_PROVIDER_CHINESE_NAME); + friendlyNames.put(Locale.US.getISO3Language(), PROVIDER_NAME_VALID); + + assertTrue(mOsuServerConnection.validateProvider(friendlyNames)); + } finally { + session.finishMocking(); + } + } + + /** + * Verifies wrong language of OsuProvider name is mismatched with cert + */ + @Test + public void verifyValidateProviderWithMismatchedProviderLang() throws Exception { + // static mocking + MockitoSession session = ExtendedMockito.mockitoSession().mockStatic( + ServiceProviderVerifier.class).startMocking(); + try { + when(ServiceProviderVerifier.getProviderNames(any(X509Certificate.class))).thenReturn( + mProviderIdentities); + establishServerConnection(); + TrustManager[] trustManagers = mTrustManagerCaptor.getValue(); + X509TrustManager trustManager = (X509TrustManager) trustManagers[0]; + trustManager.checkServerTrusted(new X509Certificate[1], AUTH_TYPE); + Map<String, String> friendlyNames = new HashMap<>(); + friendlyNames.put( + Locale.SIMPLIFIED_CHINESE.getISO3Language(), TEST_PROVIDER_CHINESE_NAME); + + assertFalse(mOsuServerConnection.validateProvider(friendlyNames)); + } finally { + session.finishMocking(); + } + } + + /** + * Verifies same language from different regions. + */ + @Test + public void verifyValidateProviderWithSameLangButDifferentRegion() throws Exception { + // static mocking + MockitoSession session = ExtendedMockito.mockitoSession().mockStatic( + ServiceProviderVerifier.class).startMocking(); + try { + when(ServiceProviderVerifier.getProviderNames(any(X509Certificate.class))).thenReturn( + mProviderIdentities); + establishServerConnection(); + TrustManager[] trustManagers = mTrustManagerCaptor.getValue(); + X509TrustManager trustManager = (X509TrustManager) trustManagers[0]; + trustManager.checkServerTrusted(new X509Certificate[1], AUTH_TYPE); + Map<String, String> friendlyNames = new HashMap<>(); + friendlyNames.put( + Locale.CANADA.getISO3Language(), PROVIDER_NAME_VALID); + + assertTrue(mOsuServerConnection.validateProvider(friendlyNames)); } finally { session.finishMocking(); } @@ -250,7 +329,9 @@ public class OsuServerConnectionTest { trustManager.checkServerTrusted(new X509Certificate[1], AUTH_TYPE); verify(mOsuServerCallbacks).onServerValidationStatus(anyInt(), eq(true)); - assertFalse(mOsuServerConnection.validateProvider(Locale.US, PROVIDER_NAME_INVALID)); + Map<String, String> providerNames = new HashMap<>(); + providerNames.put(Locale.US.getISO3Language(), PROVIDER_NAME_INVALID); + assertFalse(mOsuServerConnection.validateProvider(providerNames)); } finally { session.finishMocking(); } diff --git a/tests/wifitests/src/com/android/server/wifi/hotspot2/PasspointProvisionerTest.java b/tests/wifitests/src/com/android/server/wifi/hotspot2/PasspointProvisionerTest.java index 10ce65067..64a7f9e2d 100644 --- a/tests/wifitests/src/com/android/server/wifi/hotspot2/PasspointProvisionerTest.java +++ b/tests/wifitests/src/com/android/server/wifi/hotspot2/PasspointProvisionerTest.java @@ -97,7 +97,6 @@ import java.util.ArrayList; import java.util.Arrays; import java.util.HashMap; import java.util.List; -import java.util.Locale; import java.util.Map; import javax.net.ssl.SSLContext; @@ -224,8 +223,8 @@ public class PasspointProvisionerTest { mPasspointManager, mWifiMetrics); when(mOsuNetworkConnection.connect(any(WifiSsid.class), any(), any())).thenReturn(true); when(mOsuServerConnection.connect(any(URL.class), any(Network.class))).thenReturn(true); - when(mOsuServerConnection.validateProvider(any(Locale.class), - any(String.class))).thenReturn(true); + when(mOsuServerConnection.validateProvider( + anyMap())).thenReturn(true); when(mOsuServerConnection.canValidateServer()).thenReturn(true); mPasspointProvisioner.enableVerboseLogging(1); mOsuProvider = PasspointProvisioningTestUtil.generateOsuProvider(true); @@ -728,8 +727,8 @@ public class PasspointProvisionerTest { */ @Test public void verifyProviderVerificationFailure() throws RemoteException { - when(mOsuServerConnection.validateProvider(any(Locale.class), - any(String.class))).thenReturn(false); + when(mOsuServerConnection.validateProvider( + anyMap())).thenReturn(false); stopAfterStep(STEP_SERVER_CONNECT); // Wait for OSU server validation callback |