/*
* Copyright (C) 2019 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package android.net.eap;
import static com.android.internal.net.eap.message.EapData.EAP_TYPE_AKA;
import static com.android.internal.net.eap.message.EapData.EAP_TYPE_AKA_PRIME;
import static com.android.internal.net.eap.message.EapData.EAP_TYPE_MSCHAP_V2;
import static com.android.internal.net.eap.message.EapData.EAP_TYPE_SIM;
import static com.android.internal.net.eap.message.EapData.EAP_TYPE_TTLS;
import android.annotation.NonNull;
import android.annotation.Nullable;
import android.annotation.SystemApi;
import android.telephony.Annotation.UiccAppType;
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.net.eap.message.EapData.EapMethod;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
/**
* EapSessionConfig represents a container for EAP method configuration.
*
*
The EAP authentication server decides which EAP method is used, so clients are encouraged to
* provide configs for several EAP methods.
*
* @hide
*/
@SystemApi
public final class EapSessionConfig {
/** @hide */
@VisibleForTesting static final byte[] DEFAULT_IDENTITY = new byte[0];
// IANA -> EapMethodConfig for that method
/** @hide */
public final Map eapConfigs;
/** @hide */
public final byte[] eapIdentity;
/** @hide */
@VisibleForTesting
public EapSessionConfig(Map eapConfigs, byte[] eapIdentity) {
this.eapConfigs = Collections.unmodifiableMap(eapConfigs);
this.eapIdentity = eapIdentity;
}
/** Retrieves client's EAP Identity */
@NonNull
public byte[] getEapIdentity() {
return eapIdentity;
}
/**
* Retrieves configuration for EAP SIM
*
* @return the configuration for EAP SIM, or null if it was not set
*/
@Nullable
public EapSimConfig getEapSimConfig() {
return (EapSimConfig) eapConfigs.get(EAP_TYPE_SIM);
}
/**
* Retrieves configuration for EAP AKA
*
* @return the configuration for EAP AKA, or null if it was not set
*/
@Nullable
public EapAkaConfig getEapAkaConfig() {
return (EapAkaConfig) eapConfigs.get(EAP_TYPE_AKA);
}
/**
* Retrieves configuration for EAP AKA'
*
* @return the configuration for EAP AKA', or null if it was not set
*/
@Nullable
public EapAkaPrimeConfig getEapAkaPrimeConfig() {
return (EapAkaPrimeConfig) eapConfigs.get(EAP_TYPE_AKA_PRIME);
}
/**
* Retrieves configuration for EAP MSCHAPV2
*
* @return the configuration for EAP MSCHAPV2, or null if it was not set
*/
@Nullable
public EapMsChapV2Config getEapMsChapV2onfig() {
return (EapMsChapV2Config) eapConfigs.get(EAP_TYPE_MSCHAP_V2);
}
/**
* Retrieves configuration for EAP-TTLS
*
* @return the configuration for EAP-TTLS, or null if it was not set
* @hide
*/
@Nullable
public EapTtlsConfig getEapTtlsConfig() {
return (EapTtlsConfig) eapConfigs.get(EAP_TYPE_TTLS);
}
/** This class can be used to incrementally construct an {@link EapSessionConfig}. */
public static final class Builder {
private final Map mEapConfigs;
private byte[] mEapIdentity;
/** Constructs and returns a new Builder for constructing an {@link EapSessionConfig}. */
public Builder() {
mEapConfigs = new HashMap<>();
mEapIdentity = DEFAULT_IDENTITY;
}
/**
* Sets the client's EAP Identity.
*
* @param eapIdentity byte[] representing the client's EAP Identity.
* @return Builder this, to facilitate chaining.
*/
@NonNull
public Builder setEapIdentity(@NonNull byte[] eapIdentity) {
this.mEapIdentity = eapIdentity.clone();
return this;
}
/**
* Sets the configuration for EAP SIM.
*
* @param subId int the client's subId to be authenticated.
* @param apptype the {@link UiccAppType} apptype to be used for authentication.
* @return Builder this, to facilitate chaining.
*/
@NonNull
public Builder setEapSimConfig(int subId, @UiccAppType int apptype) {
mEapConfigs.put(EAP_TYPE_SIM, new EapSimConfig(subId, apptype));
return this;
}
/**
* Sets the configuration for EAP AKA.
*
* @param subId int the client's subId to be authenticated.
* @param apptype the {@link UiccAppType} apptype to be used for authentication.
* @return Builder this, to facilitate chaining.
*/
@NonNull
public Builder setEapAkaConfig(int subId, @UiccAppType int apptype) {
mEapConfigs.put(EAP_TYPE_AKA, new EapAkaConfig(subId, apptype));
return this;
}
/**
* Sets the configuration for EAP AKA'.
*
* @param subId int the client's subId to be authenticated.
* @param apptype the {@link UiccAppType} apptype to be used for authentication.
* @param networkName String the network name to be used for authentication.
* @param allowMismatchedNetworkNames indicates whether the EAP library can ignore potential
* mismatches between the given network name and that received in an EAP-AKA' session.
* If false, mismatched network names will be handled as an Authentication Reject
* message.
* @return Builder this, to facilitate chaining.
*/
@NonNull
public Builder setEapAkaPrimeConfig(
int subId,
@UiccAppType int apptype,
@NonNull String networkName,
boolean allowMismatchedNetworkNames) {
mEapConfigs.put(
EAP_TYPE_AKA_PRIME,
new EapAkaPrimeConfig(
subId, apptype, networkName, allowMismatchedNetworkNames));
return this;
}
/**
* Sets the configuration for EAP MSCHAPv2.
*
* @param username String the client account's username to be authenticated.
* @param password String the client account's password to be authenticated.
* @return Builder this, to faciliate chaining.
*/
@NonNull
public Builder setEapMsChapV2Config(@NonNull String username, @NonNull String password) {
mEapConfigs.put(EAP_TYPE_MSCHAP_V2, new EapMsChapV2Config(username, password));
return this;
}
/**
* Sets the configuration for EAP-TTLS
*
* @return Builder this, to facilitate chaining
* @hide
*/
@NonNull
public Builder setEapTtlsConfig() {
mEapConfigs.put(EAP_TYPE_TTLS, new EapTtlsConfig());
return this;
}
/**
* Constructs and returns an EapSessionConfig with the configurations applied to this
* Builder.
*
* @return the EapSessionConfig constructed by this Builder.
*/
@NonNull
public EapSessionConfig build() {
if (mEapConfigs.isEmpty()) {
throw new IllegalStateException("Must have at least one EAP method configured");
}
return new EapSessionConfig(mEapConfigs, mEapIdentity);
}
}
/**
* EapMethodConfig represents a generic EAP method configuration.
*/
public abstract static class EapMethodConfig {
/** @hide */
@EapMethod public final int methodType;
/** @hide */
EapMethodConfig(@EapMethod int methodType) {
this.methodType = methodType;
}
/**
* Retrieves the EAP method type
*
* @return the IANA-defined EAP method constant
*/
public int getMethodType() {
return methodType;
}
/**
* Check if this is EAP-only safe method.
*
* @return whether the method is EAP-only safe
*
* @see RFC 5998#section 4, for safe eap
* methods
*
* @hide
*/
public boolean isEapOnlySafeMethod() {
return false;
}
}
/**
* EapUiccConfig represents the configs needed for EAP methods that rely on UICC cards for
* authentication.
*/
public abstract static class EapUiccConfig extends EapMethodConfig {
/** @hide */
public final int subId;
/** @hide */
public final int apptype;
private EapUiccConfig(@EapMethod int methodType, int subId, @UiccAppType int apptype) {
super(methodType);
this.subId = subId;
this.apptype = apptype;
}
/**
* Retrieves the subId
*
* @return the subId
*/
public int getSubId() {
return subId;
}
/**
* Retrieves the UICC app type
*
* @return the {@link UiccAppType} constant
*/
public int getAppType() {
return apptype;
}
/** @hide */
@Override
public boolean isEapOnlySafeMethod() {
return true;
}
}
/**
* EapSimConfig represents the configs needed for an EAP SIM session.
*/
public static class EapSimConfig extends EapUiccConfig {
/** @hide */
@VisibleForTesting
public EapSimConfig(int subId, @UiccAppType int apptype) {
super(EAP_TYPE_SIM, subId, apptype);
}
}
/**
* EapAkaConfig represents the configs needed for an EAP AKA session.
*/
public static class EapAkaConfig extends EapUiccConfig {
/** @hide */
@VisibleForTesting
public EapAkaConfig(int subId, @UiccAppType int apptype) {
this(EAP_TYPE_AKA, subId, apptype);
}
/** @hide */
EapAkaConfig(int methodType, int subId, @UiccAppType int apptype) {
super(methodType, subId, apptype);
}
}
/**
* EapAkaPrimeConfig represents the configs needed for an EAP-AKA' session.
*/
public static class EapAkaPrimeConfig extends EapAkaConfig {
/** @hide */
@NonNull public final String networkName;
/** @hide */
public final boolean allowMismatchedNetworkNames;
/** @hide */
@VisibleForTesting
public EapAkaPrimeConfig(
int subId,
@UiccAppType int apptype,
@NonNull String networkName,
boolean allowMismatchedNetworkNames) {
super(EAP_TYPE_AKA_PRIME, subId, apptype);
if (networkName == null) {
throw new IllegalArgumentException("NetworkName was null");
}
this.networkName = networkName;
this.allowMismatchedNetworkNames = allowMismatchedNetworkNames;
}
/**
* Retrieves the UICC app type
*
* @return the {@link UiccAppType} constant
*/
@NonNull
public String getNetworkName() {
return networkName;
}
/**
* Checks if mismatched network names are allowed
*
* @return whether network name mismatches are allowed
*/
public boolean allowsMismatchedNetworkNames() {
return allowMismatchedNetworkNames;
}
}
/**
* EapMsChapV2Config represents the configs needed for an EAP MSCHAPv2 session.
*/
public static class EapMsChapV2Config extends EapMethodConfig {
/** @hide */
@NonNull public final String username;
/** @hide */
@NonNull public final String password;
/** @hide */
@VisibleForTesting
public EapMsChapV2Config(String username, String password) {
super(EAP_TYPE_MSCHAP_V2);
if (username == null || password == null) {
throw new IllegalArgumentException("Username or password was null");
}
this.username = username;
this.password = password;
}
/**
* Retrieves the username
*
* @return the username to be used by MSCHAPV2
*/
@NonNull
public String getUsername() {
return username;
}
/**
* Retrieves the password
*
* @return the password to be used by MSCHAPV2
*/
@NonNull
public String getPassword() {
return password;
}
}
/**
* EapTtlsConfig represents the configs needed for an EAP-TTLS session.
*
* @hide
*/
public static class EapTtlsConfig extends EapMethodConfig {
/** @hide */
@VisibleForTesting
public EapTtlsConfig() {
super(EAP_TYPE_TTLS);
}
/** @hide */
@Override
public boolean isEapOnlySafeMethod() {
return true;
}
}
/**
* Checks if all the methods in the session are EAP-only safe
*
* @return whether all the methods in the session are EAP-only safe
*
* @see RFC 5998#section 4, for safe eap
* methods
*
* @hide
*/
public boolean areAllMethodsEapOnlySafe() {
for(Map.Entry eapConfigsEntry : eapConfigs.entrySet()) {
if (!eapConfigsEntry.getValue().isEapOnlySafeMethod()) {
return false;
}
}
return true;
}
}