1 /*
2  * Copyright (C) 2019 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package android.net.ipsec.ike;
18 
19 import android.annotation.NonNull;
20 import android.annotation.SystemApi;
21 
22 import com.android.internal.net.ipsec.ike.exceptions.AuthenticationFailedException;
23 
24 import java.security.cert.X509Certificate;
25 import java.util.Objects;
26 
27 /**
28  * IkeKeyIdIdentification represents an IKE entity identification based on a Key ID.
29  *
30  * <p>Key ID is an octet stream that may be used to pass vendor-specific information necessary to do
31  * certain proprietary types of identification.
32  *
33  * @hide
34  */
35 @SystemApi
36 public final class IkeKeyIdIdentification extends IkeIdentification {
37     /** The KEY ID in octet stream. */
38     @NonNull public final byte[] keyId;
39 
40     /**
41      * Construct an instance of {@link IkeKeyIdIdentification} with a Key ID.
42      *
43      * @param keyId the Key ID in bytes.
44      */
IkeKeyIdIdentification(@onNull byte[] keyId)45     public IkeKeyIdIdentification(@NonNull byte[] keyId) {
46         super(ID_TYPE_KEY_ID);
47         this.keyId = keyId;
48     }
49 
50     /** @hide */
51     @Override
hashCode()52     public int hashCode() {
53         // idType is also hashed to prevent collisions with other IkeAuthentication subtypes
54         return Objects.hash(idType, keyId);
55     }
56 
57     /** @hide */
58     @Override
equals(Object o)59     public boolean equals(Object o) {
60         if (!(o instanceof IkeKeyIdIdentification)) return false;
61 
62         // idType already verified based on class type; no need to check again.
63         return keyId.equals(((IkeKeyIdIdentification) o).keyId);
64     }
65 
66     /** @hide */
67     @Override
getIdTypeString()68     public String getIdTypeString() {
69         return "Key ID";
70     }
71 
72     /** @hide */
73     @Override
validateEndCertIdOrThrow(X509Certificate endCert)74     public void validateEndCertIdOrThrow(X509Certificate endCert)
75             throws AuthenticationFailedException {
76         throw new AuthenticationFailedException(
77                 "Key ID cannot be used together with digital-signature-based authentication");
78     }
79 
80     /**
81      * Retrieve the byte-representation of the ID data.
82      *
83      * @return the byte-representation of the ID data.
84      * @hide
85      */
86     @Override
getEncodedIdData()87     public byte[] getEncodedIdData() {
88         return keyId;
89     }
90 }
91