Gitiles
Code Review Sign In
gerrit.omnirom.org / android_external_wpa_supplicant_8 / 1d6bf427f4769edb60865a3999d01eeb8f8fcb19 / . / hs20 / client / osu_client.c
blob: 35793c800f20e432f5849a75539582d615f3f9eb [file] [log] [blame]
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]1/*
2 * Hotspot 2.0 OSU client
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3 * Copyright (c) 2012-2014, Qualcomm Atheros, Inc.
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9#include "includes.h"
10#include <time.h>
11#include <sys/stat.h>
Dmitry Shmidt7f656022015-02-25 14:36:37 -0800[diff] [blame]12#ifdef ANDROID
13#include "private/android_filesystem_config.h"
14#endif /* ANDROID */
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]15
16#include "common.h"
17#include "utils/browser.h"
18#include "utils/base64.h"
19#include "utils/xml-utils.h"
20#include "utils/http-utils.h"
21#include "common/wpa_ctrl.h"
22#include "common/wpa_helpers.h"
23#include "eap_common/eap_defs.h"
24#include "crypto/crypto.h"
25#include "crypto/sha256.h"
26#include "osu_client.h"
27
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]28const char *spp_xsd_fname = "spp.xsd";
29
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]30
31void write_result(struct hs20_osu_client *ctx, const char *fmt, ...)
32{
33 va_list ap;
34 FILE *f;
35 char buf[500];
36
37 va_start(ap, fmt);
38 vsnprintf(buf, sizeof(buf), fmt, ap);
39 va_end(ap);
40 write_summary(ctx, "%s", buf);
41
42 if (!ctx->result_file)
43 return;
44
45 f = fopen(ctx->result_file, "w");
46 if (f == NULL)
47 return;
48
49 va_start(ap, fmt);
50 vfprintf(f, fmt, ap);
51 va_end(ap);
52 fprintf(f, "\n");
53 fclose(f);
54}
55
56
57void write_summary(struct hs20_osu_client *ctx, const char *fmt, ...)
58{
59 va_list ap;
60 FILE *f;
61
62 if (!ctx->summary_file)
63 return;
64
65 f = fopen(ctx->summary_file, "a");
66 if (f == NULL)
67 return;
68
69 va_start(ap, fmt);
70 vfprintf(f, fmt, ap);
71 va_end(ap);
72 fprintf(f, "\n");
73 fclose(f);
74}
75
76
77void debug_dump_node(struct hs20_osu_client *ctx, const char *title,
78 xml_node_t *node)
79{
80 char *str = xml_node_to_str(ctx->xml, node);
81 wpa_printf(MSG_DEBUG, "[hs20] %s: '%s'", title, str);
82 free(str);
83}
84
85
86static int valid_fqdn(const char *fqdn)
87{
88 const char *pos;
89
90 /* TODO: could make this more complete.. */
91 if (strchr(fqdn, '.') == 0 || strlen(fqdn) > 255)
92 return 0;
93 for (pos = fqdn; *pos; pos++) {
94 if (*pos >= 'a' && *pos <= 'z')
95 continue;
96 if (*pos >= 'A' && *pos <= 'Z')
97 continue;
98 if (*pos >= '0' && *pos <= '9')
99 continue;
100 if (*pos == '-' || *pos == '.' || *pos == '_')
101 continue;
102 return 0;
103 }
104 return 1;
105}
106
107
108int osu_get_certificate(struct hs20_osu_client *ctx, xml_node_t *getcert)
109{
110 xml_node_t *node;
111 char *url, *user = NULL, *pw = NULL;
112 char *proto;
113 int ret = -1;
114
115 proto = xml_node_get_attr_value(ctx->xml, getcert,
116 "enrollmentProtocol");
117 if (!proto)
118 return -1;
119 wpa_printf(MSG_INFO, "getCertificate - enrollmentProtocol=%s", proto);
120 write_summary(ctx, "getCertificate - enrollmentProtocol=%s", proto);
121 if (os_strcasecmp(proto, "EST") != 0) {
122 wpa_printf(MSG_INFO, "Unsupported enrollmentProtocol");
123 xml_node_get_attr_value_free(ctx->xml, proto);
124 return -1;
125 }
126 xml_node_get_attr_value_free(ctx->xml, proto);
127
128 node = get_node(ctx->xml, getcert, "enrollmentServerURI");
129 if (node == NULL) {
130 wpa_printf(MSG_INFO, "Could not find enrollmentServerURI node");
131 xml_node_get_attr_value_free(ctx->xml, proto);
132 return -1;
133 }
134 url = xml_node_get_text(ctx->xml, node);
135 if (url == NULL) {
136 wpa_printf(MSG_INFO, "Could not get URL text");
137 return -1;
138 }
139 wpa_printf(MSG_INFO, "enrollmentServerURI: %s", url);
140 write_summary(ctx, "enrollmentServerURI: %s", url);
141
142 node = get_node(ctx->xml, getcert, "estUserID");
143 if (node == NULL && !ctx->client_cert_present) {
144 wpa_printf(MSG_INFO, "Could not find estUserID node");
145 goto fail;
146 }
147 if (node) {
148 user = xml_node_get_text(ctx->xml, node);
149 if (user == NULL) {
150 wpa_printf(MSG_INFO, "Could not get estUserID text");
151 goto fail;
152 }
153 wpa_printf(MSG_INFO, "estUserID: %s", user);
154 write_summary(ctx, "estUserID: %s", user);
155 }
156
157 node = get_node(ctx->xml, getcert, "estPassword");
158 if (node == NULL && !ctx->client_cert_present) {
159 wpa_printf(MSG_INFO, "Could not find estPassword node");
160 goto fail;
161 }
162 if (node) {
163 pw = xml_node_get_base64_text(ctx->xml, node, NULL);
164 if (pw == NULL) {
165 wpa_printf(MSG_INFO, "Could not get estPassword text");
166 goto fail;
167 }
168 wpa_printf(MSG_INFO, "estPassword: %s", pw);
169 }
170
171 mkdir("Cert", S_IRWXU);
172 if (est_load_cacerts(ctx, url) < 0 ||
173 est_build_csr(ctx, url) < 0 ||
174 est_simple_enroll(ctx, url, user, pw) < 0)
175 goto fail;
176
177 ret = 0;
178fail:
179 xml_node_get_text_free(ctx->xml, url);
180 xml_node_get_text_free(ctx->xml, user);
181 xml_node_get_text_free(ctx->xml, pw);
182
183 return ret;
184}
185
186
187static int process_est_cert(struct hs20_osu_client *ctx, xml_node_t *cert,
188 const char *fqdn)
189{
190 u8 digest1[SHA256_MAC_LEN], digest2[SHA256_MAC_LEN];
191 char *der, *pem;
192 size_t der_len, pem_len;
193 char *fingerprint;
194 char buf[200];
195
196 wpa_printf(MSG_INFO, "PPS for certificate credential - fqdn=%s", fqdn);
197
198 fingerprint = xml_node_get_text(ctx->xml, cert);
199 if (fingerprint == NULL)
200 return -1;
201 if (hexstr2bin(fingerprint, digest1, SHA256_MAC_LEN) < 0) {
202 wpa_printf(MSG_INFO, "Invalid SHA256 hash value");
203 write_result(ctx, "Invalid client certificate SHA256 hash value in PPS");
204 xml_node_get_text_free(ctx->xml, fingerprint);
205 return -1;
206 }
207 xml_node_get_text_free(ctx->xml, fingerprint);
208
209 der = os_readfile("Cert/est_cert.der", &der_len);
210 if (der == NULL) {
211 wpa_printf(MSG_INFO, "Could not find client certificate from EST");
212 write_result(ctx, "Could not find client certificate from EST");
213 return -1;
214 }
215
216 if (sha256_vector(1, (const u8 **) &der, &der_len, digest2) < 0) {
217 os_free(der);
218 return -1;
219 }
220 os_free(der);
221
222 if (os_memcmp(digest1, digest2, sizeof(digest1)) != 0) {
223 wpa_printf(MSG_INFO, "Client certificate from EST does not match fingerprint from PPS MO");
224 write_result(ctx, "Client certificate from EST does not match fingerprint from PPS MO");
225 return -1;
226 }
227
228 wpa_printf(MSG_INFO, "Client certificate from EST matches PPS MO");
229 unlink("Cert/est_cert.der");
230
231 os_snprintf(buf, sizeof(buf), "SP/%s/client-ca.pem", fqdn);
232 if (rename("Cert/est-cacerts.pem", buf) < 0) {
233 wpa_printf(MSG_INFO, "Could not move est-cacerts.pem to client-ca.pem: %s",
234 strerror(errno));
235 return -1;
236 }
237 pem = os_readfile(buf, &pem_len);
238
239 os_snprintf(buf, sizeof(buf), "SP/%s/client-cert.pem", fqdn);
240 if (rename("Cert/est_cert.pem", buf) < 0) {
241 wpa_printf(MSG_INFO, "Could not move est_cert.pem to client-cert.pem: %s",
242 strerror(errno));
243 os_free(pem);
244 return -1;
245 }
246
247 if (pem) {
248 FILE *f = fopen(buf, "a");
249 if (f) {
250 fwrite(pem, pem_len, 1, f);
251 fclose(f);
252 }
253 os_free(pem);
254 }
255
256 os_snprintf(buf, sizeof(buf), "SP/%s/client-key.pem", fqdn);
257 if (rename("Cert/privkey-plain.pem", buf) < 0) {
258 wpa_printf(MSG_INFO, "Could not move privkey-plain.pem to client-key.pem: %s",
259 strerror(errno));
260 return -1;
261 }
262
263 unlink("Cert/est-req.b64");
264 unlink("Cert/est-req.pem");
265 unlink("Cert/est-resp.raw");
266 rmdir("Cert");
267
268 return 0;
269}
270
271
272#define TMP_CERT_DL_FILE "tmp-cert-download"
273
274static int download_cert(struct hs20_osu_client *ctx, xml_node_t *params,
275 const char *fname)
276{
277 xml_node_t *url_node, *hash_node;
278 char *url, *hash;
279 char *cert;
280 size_t len;
281 u8 digest1[SHA256_MAC_LEN], digest2[SHA256_MAC_LEN];
282 int res;
283 unsigned char *b64;
284 FILE *f;
285
286 url_node = get_node(ctx->xml, params, "CertURL");
287 hash_node = get_node(ctx->xml, params, "CertSHA256Fingerprint");
288 if (url_node == NULL || hash_node == NULL)
289 return -1;
290 url = xml_node_get_text(ctx->xml, url_node);
291 hash = xml_node_get_text(ctx->xml, hash_node);
292 if (url == NULL || hash == NULL) {
293 xml_node_get_text_free(ctx->xml, url);
294 xml_node_get_text_free(ctx->xml, hash);
295 return -1;
296 }
297
298 wpa_printf(MSG_INFO, "CertURL: %s", url);
299 wpa_printf(MSG_INFO, "SHA256 hash: %s", hash);
300
301 if (hexstr2bin(hash, digest1, SHA256_MAC_LEN) < 0) {
302 wpa_printf(MSG_INFO, "Invalid SHA256 hash value");
303 write_result(ctx, "Invalid SHA256 hash value for downloaded certificate");
304 xml_node_get_text_free(ctx->xml, hash);
305 return -1;
306 }
307 xml_node_get_text_free(ctx->xml, hash);
308
309 write_summary(ctx, "Download certificate from %s", url);
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]310 ctx->no_osu_cert_validation = 1;
311 http_ocsp_set(ctx->http, 1);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]312 res = http_download_file(ctx->http, url, TMP_CERT_DL_FILE, NULL);
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]313 http_ocsp_set(ctx->http,
314 (ctx->workarounds & WORKAROUND_OCSP_OPTIONAL) ? 1 : 2);
315 ctx->no_osu_cert_validation = 0;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]316 xml_node_get_text_free(ctx->xml, url);
317 if (res < 0)
318 return -1;
319
320 cert = os_readfile(TMP_CERT_DL_FILE, &len);
321 remove(TMP_CERT_DL_FILE);
322 if (cert == NULL)
323 return -1;
324
325 if (sha256_vector(1, (const u8 **) &cert, &len, digest2) < 0) {
326 os_free(cert);
327 return -1;
328 }
329
330 if (os_memcmp(digest1, digest2, sizeof(digest1)) != 0) {
331 wpa_printf(MSG_INFO, "Downloaded certificate fingerprint did not match");
332 write_result(ctx, "Downloaded certificate fingerprint did not match");
333 os_free(cert);
334 return -1;
335 }
336
337 b64 = base64_encode((unsigned char *) cert, len, NULL);
338 os_free(cert);
339 if (b64 == NULL)
340 return -1;
341
342 f = fopen(fname, "wb");
343 if (f == NULL) {
344 os_free(b64);
345 return -1;
346 }
347
348 fprintf(f, "-----BEGIN CERTIFICATE-----\n"
349 "%s"
350 "-----END CERTIFICATE-----\n",
351 b64);
352
353 os_free(b64);
354 fclose(f);
355
356 wpa_printf(MSG_INFO, "Downloaded certificate into %s and validated fingerprint",
357 fname);
358 write_summary(ctx, "Downloaded certificate into %s and validated fingerprint",
359 fname);
360
361 return 0;
362}
363
364
365static int cmd_dl_osu_ca(struct hs20_osu_client *ctx, const char *pps_fname,
366 const char *ca_fname)
367{
368 xml_node_t *pps, *node;
369 int ret;
370
371 pps = node_from_file(ctx->xml, pps_fname);
372 if (pps == NULL) {
373 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
374 return -1;
375 }
376
377 node = get_child_node(ctx->xml, pps,
378 "SubscriptionUpdate/TrustRoot");
379 if (node == NULL) {
380 wpa_printf(MSG_INFO, "No SubscriptionUpdate/TrustRoot/CertURL found from PPS");
381 xml_node_free(ctx->xml, pps);
382 return -1;
383 }
384
385 ret = download_cert(ctx, node, ca_fname);
386 xml_node_free(ctx->xml, pps);
387
388 return ret;
389}
390
391
392static int cmd_dl_polupd_ca(struct hs20_osu_client *ctx, const char *pps_fname,
393 const char *ca_fname)
394{
395 xml_node_t *pps, *node;
396 int ret;
397
398 pps = node_from_file(ctx->xml, pps_fname);
399 if (pps == NULL) {
400 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
401 return -1;
402 }
403
404 node = get_child_node(ctx->xml, pps,
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]405 "Policy/PolicyUpdate/TrustRoot");
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]406 if (node == NULL) {
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]407 wpa_printf(MSG_INFO, "No Policy/PolicyUpdate/TrustRoot/CertURL found from PPS");
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]408 xml_node_free(ctx->xml, pps);
409 return -1;
410 }
411
412 ret = download_cert(ctx, node, ca_fname);
413 xml_node_free(ctx->xml, pps);
414
415 return ret;
416}
417
418
419static int cmd_dl_aaa_ca(struct hs20_osu_client *ctx, const char *pps_fname,
420 const char *ca_fname)
421{
422 xml_node_t *pps, *node, *aaa;
423 int ret;
424
425 pps = node_from_file(ctx->xml, pps_fname);
426 if (pps == NULL) {
427 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
428 return -1;
429 }
430
431 node = get_child_node(ctx->xml, pps,
432 "AAAServerTrustRoot");
433 if (node == NULL) {
434 wpa_printf(MSG_INFO, "No AAAServerTrustRoot/CertURL found from PPS");
435 xml_node_free(ctx->xml, pps);
436 return -1;
437 }
438
439 aaa = xml_node_first_child(ctx->xml, node);
440 if (aaa == NULL) {
441 wpa_printf(MSG_INFO, "No AAAServerTrustRoot/CertURL found from PPS");
442 xml_node_free(ctx->xml, pps);
443 return -1;
444 }
445
446 ret = download_cert(ctx, aaa, ca_fname);
447 xml_node_free(ctx->xml, pps);
448
449 return ret;
450}
451
452
453static int download_trust_roots(struct hs20_osu_client *ctx,
454 const char *pps_fname)
455{
456 char *dir, *pos;
457 char fname[300];
458 int ret;
459
460 dir = os_strdup(pps_fname);
461 if (dir == NULL)
462 return -1;
463 pos = os_strrchr(dir, '/');
464 if (pos == NULL) {
465 os_free(dir);
466 return -1;
467 }
468 *pos = '\0';
469
470 snprintf(fname, sizeof(fname), "%s/ca.pem", dir);
471 ret = cmd_dl_osu_ca(ctx, pps_fname, fname);
472 snprintf(fname, sizeof(fname), "%s/polupd-ca.pem", dir);
473 cmd_dl_polupd_ca(ctx, pps_fname, fname);
474 snprintf(fname, sizeof(fname), "%s/aaa-ca.pem", dir);
475 cmd_dl_aaa_ca(ctx, pps_fname, fname);
476
477 os_free(dir);
478
479 return ret;
480}
481
482
483static int server_dnsname_suffix_match(struct hs20_osu_client *ctx,
484 const char *fqdn)
485{
486 size_t match_len, len, i;
487 const char *val;
488
489 match_len = os_strlen(fqdn);
490
491 for (i = 0; i < ctx->server_dnsname_count; i++) {
492 wpa_printf(MSG_INFO,
493 "Checking suffix match against server dNSName %s",
494 ctx->server_dnsname[i]);
495 val = ctx->server_dnsname[i];
496 len = os_strlen(val);
497
498 if (match_len > len)
499 continue;
500
501 if (os_strncasecmp(val + len - match_len, fqdn, match_len) != 0)
502 continue; /* no match */
503
504 if (match_len == len)
505 return 1; /* exact match */
506
507 if (val[len - match_len - 1] == '.')
508 return 1; /* full label match completes suffix match */
509
510 /* Reject due to incomplete label match */
511 }
512
513 /* None of the dNSName(s) matched */
514 return 0;
515}
516
517
518int hs20_add_pps_mo(struct hs20_osu_client *ctx, const char *uri,
519 xml_node_t *add_mo, char *fname, size_t fname_len)
520{
521 char *str;
522 char *fqdn, *pos;
523 xml_node_t *tnds, *mo, *cert;
524 const char *name;
525 int ret;
526
527 if (strncmp(uri, "./Wi-Fi/", 8) != 0) {
528 wpa_printf(MSG_INFO, "Unsupported location for addMO to add PPS MO: '%s'",
529 uri);
530 write_result(ctx, "Unsupported location for addMO to add PPS MO: '%s'",
531 uri);
532 return -1;
533 }
534
535 fqdn = strdup(uri + 8);
536 if (fqdn == NULL)
537 return -1;
538 pos = strchr(fqdn, '/');
539 if (pos) {
540 if (os_strcasecmp(pos, "/PerProviderSubscription") != 0) {
541 wpa_printf(MSG_INFO, "Unsupported location for addMO to add PPS MO (extra directory): '%s'",
542 uri);
543 write_result(ctx, "Unsupported location for addMO to "
544 "add PPS MO (extra directory): '%s'", uri);
Dmitry Shmidt41712582015-06-29 11:02:15 -0700[diff] [blame]545 free(fqdn);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]546 return -1;
547 }
548 *pos = '\0'; /* remove trailing slash and PPS node name */
549 }
550 wpa_printf(MSG_INFO, "SP FQDN: %s", fqdn);
551
552 if (!server_dnsname_suffix_match(ctx, fqdn)) {
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]553 wpa_printf(MSG_INFO,
554 "FQDN '%s' for new PPS MO did not have suffix match with server's dNSName values, count: %d",
555 fqdn, (int) ctx->server_dnsname_count);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]556 write_result(ctx, "FQDN '%s' for new PPS MO did not have suffix match with server's dNSName values",
557 fqdn);
558 free(fqdn);
559 return -1;
560 }
561
562 if (!valid_fqdn(fqdn)) {
563 wpa_printf(MSG_INFO, "Invalid FQDN '%s'", fqdn);
564 write_result(ctx, "Invalid FQDN '%s'", fqdn);
565 free(fqdn);
566 return -1;
567 }
568
569 mkdir("SP", S_IRWXU);
570 snprintf(fname, fname_len, "SP/%s", fqdn);
571 if (mkdir(fname, S_IRWXU) < 0) {
572 if (errno != EEXIST) {
573 int err = errno;
574 wpa_printf(MSG_INFO, "mkdir(%s) failed: %s",
575 fname, strerror(err));
576 free(fqdn);
577 return -1;
578 }
579 }
580
Dmitry Shmidt7f656022015-02-25 14:36:37 -0800[diff] [blame]581#ifdef ANDROID
582 /* Allow processes running with Group ID as AID_WIFI,
583 * to read files from SP/<fqdn> directory */
584 if (chown(fname, -1, AID_WIFI)) {
585 wpa_printf(MSG_INFO, "CTRL: Could not chown directory: %s",
586 strerror(errno));
587 /* Try to continue anyway */
588 }
589 if (chmod(fname, S_IRWXU | S_IRGRP | S_IXGRP) < 0) {
590 wpa_printf(MSG_INFO, "CTRL: Could not chmod directory: %s",
591 strerror(errno));
592 /* Try to continue anyway */
593 }
594#endif /* ANDROID */
595
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]596 snprintf(fname, fname_len, "SP/%s/pps.xml", fqdn);
597
598 if (os_file_exists(fname)) {
599 wpa_printf(MSG_INFO, "PPS file '%s' exists - reject addMO",
600 fname);
601 write_result(ctx, "PPS file '%s' exists - reject addMO",
602 fname);
603 free(fqdn);
604 return -2;
605 }
606 wpa_printf(MSG_INFO, "Using PPS file: %s", fname);
607
608 str = xml_node_get_text(ctx->xml, add_mo);
609 if (str == NULL) {
610 wpa_printf(MSG_INFO, "Could not extract MO text");
611 free(fqdn);
612 return -1;
613 }
614 wpa_printf(MSG_DEBUG, "[hs20] addMO text: '%s'", str);
615
616 tnds = xml_node_from_buf(ctx->xml, str);
617 xml_node_get_text_free(ctx->xml, str);
618 if (tnds == NULL) {
619 wpa_printf(MSG_INFO, "[hs20] Could not parse addMO text");
620 free(fqdn);
621 return -1;
622 }
623
624 mo = tnds_to_mo(ctx->xml, tnds);
625 if (mo == NULL) {
626 wpa_printf(MSG_INFO, "[hs20] Could not parse addMO TNDS text");
627 free(fqdn);
628 return -1;
629 }
630
631 debug_dump_node(ctx, "Parsed TNDS", mo);
632
633 name = xml_node_get_localname(ctx->xml, mo);
634 if (os_strcasecmp(name, "PerProviderSubscription") != 0) {
635 wpa_printf(MSG_INFO, "[hs20] Unexpected PPS MO root node name '%s'",
636 name);
637 free(fqdn);
638 return -1;
639 }
640
641 cert = get_child_node(ctx->xml, mo,
642 "Credential/DigitalCertificate/"
643 "CertSHA256Fingerprint");
644 if (cert && process_est_cert(ctx, cert, fqdn) < 0) {
645 xml_node_free(ctx->xml, mo);
646 free(fqdn);
647 return -1;
648 }
649 free(fqdn);
650
651 if (node_to_file(ctx->xml, fname, mo) < 0) {
652 wpa_printf(MSG_INFO, "Could not write MO to file");
653 xml_node_free(ctx->xml, mo);
654 return -1;
655 }
656 xml_node_free(ctx->xml, mo);
657
658 wpa_printf(MSG_INFO, "A new PPS MO added as '%s'", fname);
659 write_summary(ctx, "A new PPS MO added as '%s'", fname);
660
661 ret = download_trust_roots(ctx, fname);
662 if (ret < 0) {
663 wpa_printf(MSG_INFO, "Remove invalid PPS MO file");
664 write_summary(ctx, "Remove invalid PPS MO file");
665 unlink(fname);
666 }
667
668 return ret;
669}
670
671
672int update_pps_file(struct hs20_osu_client *ctx, const char *pps_fname,
673 xml_node_t *pps)
674{
675 char *str;
676 FILE *f;
677 char backup[300];
678
679 if (ctx->client_cert_present) {
680 xml_node_t *cert;
681 cert = get_child_node(ctx->xml, pps,
682 "Credential/DigitalCertificate/"
683 "CertSHA256Fingerprint");
684 if (cert && os_file_exists("Cert/est_cert.der") &&
685 process_est_cert(ctx, cert, ctx->fqdn) < 0) {
686 wpa_printf(MSG_INFO, "EST certificate update processing failed on PPS MO update");
687 return -1;
688 }
689 }
690
691 wpa_printf(MSG_INFO, "Updating PPS MO %s", pps_fname);
692
693 str = xml_node_to_str(ctx->xml, pps);
Dmitry Shmidt7f656022015-02-25 14:36:37 -0800[diff] [blame]694 if (str == NULL) {
695 wpa_printf(MSG_ERROR, "No node found");
696 return -1;
697 }
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]698 wpa_printf(MSG_MSGDUMP, "[hs20] Updated PPS: '%s'", str);
699
700 snprintf(backup, sizeof(backup), "%s.bak", pps_fname);
701 rename(pps_fname, backup);
702 f = fopen(pps_fname, "w");
703 if (f == NULL) {
704 wpa_printf(MSG_INFO, "Could not write PPS");
705 rename(backup, pps_fname);
706 free(str);
707 return -1;
708 }
709 fprintf(f, "%s\n", str);
710 fclose(f);
711
712 free(str);
713
714 return 0;
715}
716
717
718void get_user_pw(struct hs20_osu_client *ctx, xml_node_t *pps,
719 const char *alt_loc, char **user, char **pw)
720{
721 xml_node_t *node;
722
723 node = get_child_node(ctx->xml, pps,
724 "Credential/UsernamePassword/Username");
725 if (node)
726 *user = xml_node_get_text(ctx->xml, node);
727
728 node = get_child_node(ctx->xml, pps,
729 "Credential/UsernamePassword/Password");
730 if (node)
731 *pw = xml_node_get_base64_text(ctx->xml, node, NULL);
732
733 node = get_child_node(ctx->xml, pps, alt_loc);
734 if (node) {
735 xml_node_t *a;
736 a = get_node(ctx->xml, node, "Username");
737 if (a) {
738 xml_node_get_text_free(ctx->xml, *user);
739 *user = xml_node_get_text(ctx->xml, a);
740 wpa_printf(MSG_INFO, "Use OSU username '%s'", *user);
741 }
742
743 a = get_node(ctx->xml, node, "Password");
744 if (a) {
745 free(*pw);
746 *pw = xml_node_get_base64_text(ctx->xml, a, NULL);
747 wpa_printf(MSG_INFO, "Use OSU password");
748 }
749 }
750}
751
752
753/* Remove old credentials based on HomeSP/FQDN */
754static void remove_sp_creds(struct hs20_osu_client *ctx, const char *fqdn)
755{
756 char cmd[300];
757 os_snprintf(cmd, sizeof(cmd), "REMOVE_CRED provisioning_sp=%s", fqdn);
758 if (wpa_command(ctx->ifname, cmd) < 0)
759 wpa_printf(MSG_INFO, "Failed to remove old credential(s)");
760}
761
762
763static void set_pps_cred_policy_spe(struct hs20_osu_client *ctx, int id,
764 xml_node_t *spe)
765{
766 xml_node_t *ssid;
767 char *txt;
768
769 ssid = get_node(ctx->xml, spe, "SSID");
770 if (ssid == NULL)
771 return;
772 txt = xml_node_get_text(ctx->xml, ssid);
773 if (txt == NULL)
774 return;
775 wpa_printf(MSG_DEBUG, "- Policy/SPExclusionList/<X+>/SSID = %s", txt);
776 if (set_cred_quoted(ctx->ifname, id, "excluded_ssid", txt) < 0)
777 wpa_printf(MSG_INFO, "Failed to set cred excluded_ssid");
778 xml_node_get_text_free(ctx->xml, txt);
779}
780
781
782static void set_pps_cred_policy_spel(struct hs20_osu_client *ctx, int id,
783 xml_node_t *spel)
784{
785 xml_node_t *child;
786
787 xml_node_for_each_child(ctx->xml, child, spel) {
788 xml_node_for_each_check(ctx->xml, child);
789 set_pps_cred_policy_spe(ctx, id, child);
790 }
791}
792
793
794static void set_pps_cred_policy_prp(struct hs20_osu_client *ctx, int id,
795 xml_node_t *prp)
796{
797 xml_node_t *node;
798 char *txt = NULL, *pos;
799 char *prio, *country_buf = NULL;
800 const char *country;
801 char val[200];
802 int priority;
803
804 node = get_node(ctx->xml, prp, "Priority");
805 if (node == NULL)
806 return;
807 prio = xml_node_get_text(ctx->xml, node);
808 if (prio == NULL)
809 return;
810 wpa_printf(MSG_INFO, "- Policy/PreferredRoamingPartnerList/<X+>/Priority = %s",
811 prio);
812 priority = atoi(prio);
813 xml_node_get_text_free(ctx->xml, prio);
814
815 node = get_node(ctx->xml, prp, "Country");
816 if (node) {
817 country_buf = xml_node_get_text(ctx->xml, node);
818 if (country_buf == NULL)
819 return;
820 country = country_buf;
821 wpa_printf(MSG_INFO, "- Policy/PreferredRoamingPartnerList/<X+>/Country = %s",
822 country);
823 } else {
824 country = "*";
825 }
826
827 node = get_node(ctx->xml, prp, "FQDN_Match");
828 if (node == NULL)
829 goto out;
830 txt = xml_node_get_text(ctx->xml, node);
831 if (txt == NULL)
832 goto out;
833 wpa_printf(MSG_INFO, "- Policy/PreferredRoamingPartnerList/<X+>/FQDN_Match = %s",
834 txt);
835 pos = strrchr(txt, ',');
836 if (pos == NULL)
837 goto out;
838 *pos++ = '\0';
839
840 snprintf(val, sizeof(val), "%s,%d,%d,%s", txt,
841 strcmp(pos, "includeSubdomains") != 0, priority, country);
842 if (set_cred_quoted(ctx->ifname, id, "roaming_partner", val) < 0)
843 wpa_printf(MSG_INFO, "Failed to set cred roaming_partner");
844out:
845 xml_node_get_text_free(ctx->xml, country_buf);
846 xml_node_get_text_free(ctx->xml, txt);
847}
848
849
850static void set_pps_cred_policy_prpl(struct hs20_osu_client *ctx, int id,
851 xml_node_t *prpl)
852{
853 xml_node_t *child;
854
855 xml_node_for_each_child(ctx->xml, child, prpl) {
856 xml_node_for_each_check(ctx->xml, child);
857 set_pps_cred_policy_prp(ctx, id, child);
858 }
859}
860
861
862static void set_pps_cred_policy_min_backhaul(struct hs20_osu_client *ctx, int id,
863 xml_node_t *min_backhaul)
864{
865 xml_node_t *node;
866 char *type, *dl = NULL, *ul = NULL;
867 int home;
868
869 node = get_node(ctx->xml, min_backhaul, "NetworkType");
870 if (node == NULL) {
871 wpa_printf(MSG_INFO, "Ignore MinBackhaulThreshold without mandatory NetworkType node");
872 return;
873 }
874
875 type = xml_node_get_text(ctx->xml, node);
876 if (type == NULL)
877 return;
878 wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold/<X+>/NetworkType = %s",
879 type);
880 if (os_strcasecmp(type, "home") == 0)
881 home = 1;
882 else if (os_strcasecmp(type, "roaming") == 0)
883 home = 0;
884 else {
885 wpa_printf(MSG_INFO, "Ignore MinBackhaulThreshold with invalid NetworkType");
886 xml_node_get_text_free(ctx->xml, type);
887 return;
888 }
889 xml_node_get_text_free(ctx->xml, type);
890
891 node = get_node(ctx->xml, min_backhaul, "DLBandwidth");
892 if (node)
893 dl = xml_node_get_text(ctx->xml, node);
894
895 node = get_node(ctx->xml, min_backhaul, "ULBandwidth");
896 if (node)
897 ul = xml_node_get_text(ctx->xml, node);
898
899 if (dl == NULL && ul == NULL) {
900 wpa_printf(MSG_INFO, "Ignore MinBackhaulThreshold without either DLBandwidth or ULBandwidth nodes");
901 return;
902 }
903
904 if (dl)
905 wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold/<X+>/DLBandwidth = %s",
906 dl);
907 if (ul)
908 wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold/<X+>/ULBandwidth = %s",
909 ul);
910
911 if (home) {
912 if (dl &&
913 set_cred(ctx->ifname, id, "min_dl_bandwidth_home", dl) < 0)
914 wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
915 if (ul &&
916 set_cred(ctx->ifname, id, "min_ul_bandwidth_home", ul) < 0)
917 wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
918 } else {
919 if (dl &&
920 set_cred(ctx->ifname, id, "min_dl_bandwidth_roaming", dl) <
921 0)
922 wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
923 if (ul &&
924 set_cred(ctx->ifname, id, "min_ul_bandwidth_roaming", ul) <
925 0)
926 wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
927 }
928
929 xml_node_get_text_free(ctx->xml, dl);
930 xml_node_get_text_free(ctx->xml, ul);
931}
932
933
934static void set_pps_cred_policy_min_backhaul_list(struct hs20_osu_client *ctx,
935 int id, xml_node_t *node)
936{
937 xml_node_t *child;
938
939 wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold");
940
941 xml_node_for_each_child(ctx->xml, child, node) {
942 xml_node_for_each_check(ctx->xml, child);
943 set_pps_cred_policy_min_backhaul(ctx, id, child);
944 }
945}
946
947
948static void set_pps_cred_policy_update(struct hs20_osu_client *ctx, int id,
949 xml_node_t *node)
950{
951 wpa_printf(MSG_INFO, "- Policy/PolicyUpdate");
952 /* Not used in wpa_supplicant */
953}
954
955
956static void set_pps_cred_policy_required_proto_port(struct hs20_osu_client *ctx,
957 int id, xml_node_t *tuple)
958{
959 xml_node_t *node;
960 char *proto, *port;
961 char *buf;
962 size_t buflen;
963
964 node = get_node(ctx->xml, tuple, "IPProtocol");
965 if (node == NULL) {
966 wpa_printf(MSG_INFO, "Ignore RequiredProtoPortTuple without mandatory IPProtocol node");
967 return;
968 }
969
970 proto = xml_node_get_text(ctx->xml, node);
971 if (proto == NULL)
972 return;
973
974 wpa_printf(MSG_INFO, "- Policy/RequiredProtoPortTuple/<X+>/IPProtocol = %s",
975 proto);
976
977 node = get_node(ctx->xml, tuple, "PortNumber");
978 port = node ? xml_node_get_text(ctx->xml, node) : NULL;
979 if (port) {
980 wpa_printf(MSG_INFO, "- Policy/RequiredProtoPortTuple/<X+>/PortNumber = %s",
981 port);
982 buflen = os_strlen(proto) + os_strlen(port) + 10;
983 buf = os_malloc(buflen);
984 if (buf)
985 os_snprintf(buf, buflen, "%s:%s", proto, port);
986 xml_node_get_text_free(ctx->xml, port);
987 } else {
988 buflen = os_strlen(proto) + 10;
989 buf = os_malloc(buflen);
990 if (buf)
991 os_snprintf(buf, buflen, "%s", proto);
992 }
993
994 xml_node_get_text_free(ctx->xml, proto);
995
996 if (buf == NULL)
997 return;
998
999 if (set_cred(ctx->ifname, id, "req_conn_capab", buf) < 0)
1000 wpa_printf(MSG_INFO, "Could not set req_conn_capab");
1001
1002 os_free(buf);
1003}
1004
1005
1006static void set_pps_cred_policy_required_proto_ports(struct hs20_osu_client *ctx,
1007 int id, xml_node_t *node)
1008{
1009 xml_node_t *child;
1010
1011 wpa_printf(MSG_INFO, "- Policy/RequiredProtoPortTuple");
1012
1013 xml_node_for_each_child(ctx->xml, child, node) {
1014 xml_node_for_each_check(ctx->xml, child);
1015 set_pps_cred_policy_required_proto_port(ctx, id, child);
1016 }
1017}
1018
1019
1020static void set_pps_cred_policy_max_bss_load(struct hs20_osu_client *ctx, int id,
1021 xml_node_t *node)
1022{
1023 char *str = xml_node_get_text(ctx->xml, node);
1024 if (str == NULL)
1025 return;
1026 wpa_printf(MSG_INFO, "- Policy/MaximumBSSLoadValue - %s", str);
1027 if (set_cred(ctx->ifname, id, "max_bss_load", str) < 0)
1028 wpa_printf(MSG_INFO, "Failed to set cred max_bss_load limit");
1029 xml_node_get_text_free(ctx->xml, str);
1030}
1031
1032
1033static void set_pps_cred_policy(struct hs20_osu_client *ctx, int id,
1034 xml_node_t *node)
1035{
1036 xml_node_t *child;
1037 const char *name;
1038
1039 wpa_printf(MSG_INFO, "- Policy");
1040
1041 xml_node_for_each_child(ctx->xml, child, node) {
1042 xml_node_for_each_check(ctx->xml, child);
1043 name = xml_node_get_localname(ctx->xml, child);
1044 if (os_strcasecmp(name, "PreferredRoamingPartnerList") == 0)
1045 set_pps_cred_policy_prpl(ctx, id, child);
1046 else if (os_strcasecmp(name, "MinBackhaulThreshold") == 0)
1047 set_pps_cred_policy_min_backhaul_list(ctx, id, child);
1048 else if (os_strcasecmp(name, "PolicyUpdate") == 0)
1049 set_pps_cred_policy_update(ctx, id, child);
1050 else if (os_strcasecmp(name, "SPExclusionList") == 0)
1051 set_pps_cred_policy_spel(ctx, id, child);
1052 else if (os_strcasecmp(name, "RequiredProtoPortTuple") == 0)
1053 set_pps_cred_policy_required_proto_ports(ctx, id, child);
1054 else if (os_strcasecmp(name, "MaximumBSSLoadValue") == 0)
1055 set_pps_cred_policy_max_bss_load(ctx, id, child);
1056 else
1057 wpa_printf(MSG_INFO, "Unknown Policy node '%s'", name);
1058 }
1059}
1060
1061
1062static void set_pps_cred_priority(struct hs20_osu_client *ctx, int id,
1063 xml_node_t *node)
1064{
1065 char *str = xml_node_get_text(ctx->xml, node);
1066 if (str == NULL)
1067 return;
1068 wpa_printf(MSG_INFO, "- CredentialPriority = %s", str);
1069 if (set_cred(ctx->ifname, id, "sp_priority", str) < 0)
1070 wpa_printf(MSG_INFO, "Failed to set cred sp_priority");
1071 xml_node_get_text_free(ctx->xml, str);
1072}
1073
1074
1075static void set_pps_cred_aaa_server_trust_root(struct hs20_osu_client *ctx,
1076 int id, xml_node_t *node)
1077{
1078 wpa_printf(MSG_INFO, "- AAAServerTrustRoot - TODO");
1079}
1080
1081
1082static void set_pps_cred_sub_update(struct hs20_osu_client *ctx, int id,
1083 xml_node_t *node)
1084{
1085 wpa_printf(MSG_INFO, "- SubscriptionUpdate");
1086 /* not used within wpa_supplicant */
1087}
1088
1089
1090static void set_pps_cred_home_sp_network_id(struct hs20_osu_client *ctx,
1091 int id, xml_node_t *node)
1092{
1093 xml_node_t *ssid_node, *hessid_node;
1094 char *ssid, *hessid;
1095
1096 ssid_node = get_node(ctx->xml, node, "SSID");
1097 if (ssid_node == NULL) {
1098 wpa_printf(MSG_INFO, "Ignore HomeSP/NetworkID without mandatory SSID node");
1099 return;
1100 }
1101
1102 hessid_node = get_node(ctx->xml, node, "HESSID");
1103
1104 ssid = xml_node_get_text(ctx->xml, ssid_node);
1105 if (ssid == NULL)
1106 return;
1107 hessid = hessid_node ? xml_node_get_text(ctx->xml, hessid_node) : NULL;
1108
1109 wpa_printf(MSG_INFO, "- HomeSP/NetworkID/<X+>/SSID = %s", ssid);
1110 if (hessid)
1111 wpa_printf(MSG_INFO, "- HomeSP/NetworkID/<X+>/HESSID = %s",
1112 hessid);
1113
1114 /* TODO: Configure to wpa_supplicant */
1115
1116 xml_node_get_text_free(ctx->xml, ssid);
1117 xml_node_get_text_free(ctx->xml, hessid);
1118}
1119
1120
1121static void set_pps_cred_home_sp_network_ids(struct hs20_osu_client *ctx,
1122 int id, xml_node_t *node)
1123{
1124 xml_node_t *child;
1125
1126 wpa_printf(MSG_INFO, "- HomeSP/NetworkID");
1127
1128 xml_node_for_each_child(ctx->xml, child, node) {
1129 xml_node_for_each_check(ctx->xml, child);
1130 set_pps_cred_home_sp_network_id(ctx, id, child);
1131 }
1132}
1133
1134
1135static void set_pps_cred_home_sp_friendly_name(struct hs20_osu_client *ctx,
1136 int id, xml_node_t *node)
1137{
1138 char *str = xml_node_get_text(ctx->xml, node);
1139 if (str == NULL)
1140 return;
1141 wpa_printf(MSG_INFO, "- HomeSP/FriendlyName = %s", str);
1142 /* not used within wpa_supplicant(?) */
1143 xml_node_get_text_free(ctx->xml, str);
1144}
1145
1146
1147static void set_pps_cred_home_sp_icon_url(struct hs20_osu_client *ctx,
1148 int id, xml_node_t *node)
1149{
1150 char *str = xml_node_get_text(ctx->xml, node);
1151 if (str == NULL)
1152 return;
1153 wpa_printf(MSG_INFO, "- HomeSP/IconURL = %s", str);
1154 /* not used within wpa_supplicant */
1155 xml_node_get_text_free(ctx->xml, str);
1156}
1157
1158
1159static void set_pps_cred_home_sp_fqdn(struct hs20_osu_client *ctx, int id,
1160 xml_node_t *node)
1161{
1162 char *str = xml_node_get_text(ctx->xml, node);
1163 if (str == NULL)
1164 return;
1165 wpa_printf(MSG_INFO, "- HomeSP/FQDN = %s", str);
1166 if (set_cred_quoted(ctx->ifname, id, "domain", str) < 0)
1167 wpa_printf(MSG_INFO, "Failed to set cred domain");
1168 if (set_cred_quoted(ctx->ifname, id, "domain_suffix_match", str) < 0)
1169 wpa_printf(MSG_INFO, "Failed to set cred domain_suffix_match");
1170 xml_node_get_text_free(ctx->xml, str);
1171}
1172
1173
1174static void set_pps_cred_home_sp_oi(struct hs20_osu_client *ctx, int id,
1175 xml_node_t *node)
1176{
1177 xml_node_t *child;
1178 const char *name;
1179 char *homeoi = NULL;
1180 int required = 0;
1181 char *str;
1182
1183 xml_node_for_each_child(ctx->xml, child, node) {
1184 xml_node_for_each_check(ctx->xml, child);
1185 name = xml_node_get_localname(ctx->xml, child);
1186 if (strcasecmp(name, "HomeOI") == 0 && !homeoi) {
1187 homeoi = xml_node_get_text(ctx->xml, child);
1188 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+>/HomeOI = %s",
1189 homeoi);
1190 } else if (strcasecmp(name, "HomeOIRequired") == 0) {
1191 str = xml_node_get_text(ctx->xml, child);
1192 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+>/HomeOIRequired = '%s'",
1193 str);
1194 if (str == NULL)
1195 continue;
1196 required = strcasecmp(str, "true") == 0;
1197 xml_node_get_text_free(ctx->xml, str);
1198 } else
1199 wpa_printf(MSG_INFO, "Unknown HomeOIList node '%s'",
1200 name);
1201 }
1202
1203 if (homeoi == NULL) {
1204 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+> without HomeOI ignored");
1205 return;
1206 }
1207
1208 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+> '%s' required=%d",
1209 homeoi, required);
1210
1211 if (required) {
1212 if (set_cred(ctx->ifname, id, "required_roaming_consortium",
1213 homeoi) < 0)
1214 wpa_printf(MSG_INFO, "Failed to set cred required_roaming_consortium");
1215 } else {
1216 if (set_cred_quoted(ctx->ifname, id, "roaming_consortium",
1217 homeoi) < 0)
1218 wpa_printf(MSG_INFO, "Failed to set cred roaming_consortium");
1219 }
1220
1221 xml_node_get_text_free(ctx->xml, homeoi);
1222}
1223
1224
1225static void set_pps_cred_home_sp_oi_list(struct hs20_osu_client *ctx, int id,
1226 xml_node_t *node)
1227{
1228 xml_node_t *child;
1229
1230 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList");
1231
1232 xml_node_for_each_child(ctx->xml, child, node) {
1233 xml_node_for_each_check(ctx->xml, child);
1234 set_pps_cred_home_sp_oi(ctx, id, child);
1235 }
1236}
1237
1238
1239static void set_pps_cred_home_sp_other_partner(struct hs20_osu_client *ctx,
1240 int id, xml_node_t *node)
1241{
1242 xml_node_t *child;
1243 const char *name;
1244 char *fqdn = NULL;
1245
1246 xml_node_for_each_child(ctx->xml, child, node) {
1247 xml_node_for_each_check(ctx->xml, child);
1248 name = xml_node_get_localname(ctx->xml, child);
1249 if (os_strcasecmp(name, "FQDN") == 0 && !fqdn) {
1250 fqdn = xml_node_get_text(ctx->xml, child);
1251 wpa_printf(MSG_INFO, "- HomeSP/OtherHomePartners/<X+>/FQDN = %s",
1252 fqdn);
1253 } else
1254 wpa_printf(MSG_INFO, "Unknown OtherHomePartners node '%s'",
1255 name);
1256 }
1257
1258 if (fqdn == NULL) {
1259 wpa_printf(MSG_INFO, "- HomeSP/OtherHomePartners/<X+> without FQDN ignored");
1260 return;
1261 }
1262
1263 if (set_cred_quoted(ctx->ifname, id, "domain", fqdn) < 0)
1264 wpa_printf(MSG_INFO, "Failed to set cred domain for OtherHomePartners node");
1265
1266 xml_node_get_text_free(ctx->xml, fqdn);
1267}
1268
1269
1270static void set_pps_cred_home_sp_other_partners(struct hs20_osu_client *ctx,
1271 int id,
1272 xml_node_t *node)
1273{
1274 xml_node_t *child;
1275
1276 wpa_printf(MSG_INFO, "- HomeSP/OtherHomePartners");
1277
1278 xml_node_for_each_child(ctx->xml, child, node) {
1279 xml_node_for_each_check(ctx->xml, child);
1280 set_pps_cred_home_sp_other_partner(ctx, id, child);
1281 }
1282}
1283
1284
1285static void set_pps_cred_home_sp_roaming_consortium_oi(
1286 struct hs20_osu_client *ctx, int id, xml_node_t *node)
1287{
1288 char *str = xml_node_get_text(ctx->xml, node);
1289 if (str == NULL)
1290 return;
1291 wpa_printf(MSG_INFO, "- HomeSP/RoamingConsortiumOI = %s", str);
1292 /* TODO: Set to wpa_supplicant */
1293 xml_node_get_text_free(ctx->xml, str);
1294}
1295
1296
1297static void set_pps_cred_home_sp(struct hs20_osu_client *ctx, int id,
1298 xml_node_t *node)
1299{
1300 xml_node_t *child;
1301 const char *name;
1302
1303 wpa_printf(MSG_INFO, "- HomeSP");
1304
1305 xml_node_for_each_child(ctx->xml, child, node) {
1306 xml_node_for_each_check(ctx->xml, child);
1307 name = xml_node_get_localname(ctx->xml, child);
1308 if (os_strcasecmp(name, "NetworkID") == 0)
1309 set_pps_cred_home_sp_network_ids(ctx, id, child);
1310 else if (os_strcasecmp(name, "FriendlyName") == 0)
1311 set_pps_cred_home_sp_friendly_name(ctx, id, child);
1312 else if (os_strcasecmp(name, "IconURL") == 0)
1313 set_pps_cred_home_sp_icon_url(ctx, id, child);
1314 else if (os_strcasecmp(name, "FQDN") == 0)
1315 set_pps_cred_home_sp_fqdn(ctx, id, child);
1316 else if (os_strcasecmp(name, "HomeOIList") == 0)
1317 set_pps_cred_home_sp_oi_list(ctx, id, child);
1318 else if (os_strcasecmp(name, "OtherHomePartners") == 0)
1319 set_pps_cred_home_sp_other_partners(ctx, id, child);
1320 else if (os_strcasecmp(name, "RoamingConsortiumOI") == 0)
1321 set_pps_cred_home_sp_roaming_consortium_oi(ctx, id,
1322 child);
1323 else
1324 wpa_printf(MSG_INFO, "Unknown HomeSP node '%s'", name);
1325 }
1326}
1327
1328
1329static void set_pps_cred_sub_params(struct hs20_osu_client *ctx, int id,
1330 xml_node_t *node)
1331{
1332 wpa_printf(MSG_INFO, "- SubscriptionParameters");
1333 /* not used within wpa_supplicant */
1334}
1335
1336
1337static void set_pps_cred_creation_date(struct hs20_osu_client *ctx, int id,
1338 xml_node_t *node)
1339{
1340 char *str = xml_node_get_text(ctx->xml, node);
1341 if (str == NULL)
1342 return;
1343 wpa_printf(MSG_INFO, "- Credential/CreationDate = %s", str);
1344 /* not used within wpa_supplicant */
1345 xml_node_get_text_free(ctx->xml, str);
1346}
1347
1348
1349static void set_pps_cred_expiration_date(struct hs20_osu_client *ctx, int id,
1350 xml_node_t *node)
1351{
1352 char *str = xml_node_get_text(ctx->xml, node);
1353 if (str == NULL)
1354 return;
1355 wpa_printf(MSG_INFO, "- Credential/ExpirationDate = %s", str);
1356 /* not used within wpa_supplicant */
1357 xml_node_get_text_free(ctx->xml, str);
1358}
1359
1360
1361static void set_pps_cred_username(struct hs20_osu_client *ctx, int id,
1362 xml_node_t *node)
1363{
1364 char *str = xml_node_get_text(ctx->xml, node);
1365 if (str == NULL)
1366 return;
1367 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/Username = %s",
1368 str);
1369 if (set_cred_quoted(ctx->ifname, id, "username", str) < 0)
1370 wpa_printf(MSG_INFO, "Failed to set cred username");
1371 xml_node_get_text_free(ctx->xml, str);
1372}
1373
1374
1375static void set_pps_cred_password(struct hs20_osu_client *ctx, int id,
1376 xml_node_t *node)
1377{
1378 int len, i;
1379 char *pw, *hex, *pos, *end;
1380
1381 pw = xml_node_get_base64_text(ctx->xml, node, &len);
1382 if (pw == NULL)
1383 return;
1384
1385 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/Password = %s", pw);
1386
1387 hex = malloc(len * 2 + 1);
1388 if (hex == NULL) {
1389 free(pw);
1390 return;
1391 }
1392 end = hex + len * 2 + 1;
1393 pos = hex;
1394 for (i = 0; i < len; i++) {
1395 snprintf(pos, end - pos, "%02x", pw[i]);
1396 pos += 2;
1397 }
1398 free(pw);
1399
1400 if (set_cred(ctx->ifname, id, "password", hex) < 0)
1401 wpa_printf(MSG_INFO, "Failed to set cred password");
1402 free(hex);
1403}
1404
1405
1406static void set_pps_cred_machine_managed(struct hs20_osu_client *ctx, int id,
1407 xml_node_t *node)
1408{
1409 char *str = xml_node_get_text(ctx->xml, node);
1410 if (str == NULL)
1411 return;
1412 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/MachineManaged = %s",
1413 str);
1414 /* not used within wpa_supplicant */
1415 xml_node_get_text_free(ctx->xml, str);
1416}
1417
1418
1419static void set_pps_cred_soft_token_app(struct hs20_osu_client *ctx, int id,
1420 xml_node_t *node)
1421{
1422 char *str = xml_node_get_text(ctx->xml, node);
1423 if (str == NULL)
1424 return;
1425 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/SoftTokenApp = %s",
1426 str);
1427 /* not used within wpa_supplicant */
1428 xml_node_get_text_free(ctx->xml, str);
1429}
1430
1431
1432static void set_pps_cred_able_to_share(struct hs20_osu_client *ctx, int id,
1433 xml_node_t *node)
1434{
1435 char *str = xml_node_get_text(ctx->xml, node);
1436 if (str == NULL)
1437 return;
1438 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/AbleToShare = %s",
1439 str);
1440 /* not used within wpa_supplicant */
1441 xml_node_get_text_free(ctx->xml, str);
1442}
1443
1444
1445static void set_pps_cred_eap_method(struct hs20_osu_client *ctx, int id,
1446 xml_node_t *node)
1447{
1448 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/EAPMethod - TODO");
1449}
1450
1451
1452static void set_pps_cred_username_password(struct hs20_osu_client *ctx, int id,
1453 xml_node_t *node)
1454{
1455 xml_node_t *child;
1456 const char *name;
1457
1458 wpa_printf(MSG_INFO, "- Credential/UsernamePassword");
1459
1460 xml_node_for_each_child(ctx->xml, child, node) {
1461 xml_node_for_each_check(ctx->xml, child);
1462 name = xml_node_get_localname(ctx->xml, child);
1463 if (os_strcasecmp(name, "Username") == 0)
1464 set_pps_cred_username(ctx, id, child);
1465 else if (os_strcasecmp(name, "Password") == 0)
1466 set_pps_cred_password(ctx, id, child);
1467 else if (os_strcasecmp(name, "MachineManaged") == 0)
1468 set_pps_cred_machine_managed(ctx, id, child);
1469 else if (os_strcasecmp(name, "SoftTokenApp") == 0)
1470 set_pps_cred_soft_token_app(ctx, id, child);
1471 else if (os_strcasecmp(name, "AbleToShare") == 0)
1472 set_pps_cred_able_to_share(ctx, id, child);
1473 else if (os_strcasecmp(name, "EAPMethod") == 0)
1474 set_pps_cred_eap_method(ctx, id, child);
1475 else
1476 wpa_printf(MSG_INFO, "Unknown Credential/UsernamePassword node '%s'",
1477 name);
1478 }
1479}
1480
1481
1482static void set_pps_cred_digital_cert(struct hs20_osu_client *ctx, int id,
1483 xml_node_t *node, const char *fqdn)
1484{
1485 char buf[200], dir[200];
1486
1487 wpa_printf(MSG_INFO, "- Credential/DigitalCertificate");
1488
1489 if (getcwd(dir, sizeof(dir)) == NULL)
1490 return;
1491
1492 /* TODO: could build username from Subject of Subject AltName */
1493 if (set_cred_quoted(ctx->ifname, id, "username", "cert") < 0) {
1494 wpa_printf(MSG_INFO, "Failed to set username");
1495 }
1496
1497 snprintf(buf, sizeof(buf), "%s/SP/%s/client-cert.pem", dir, fqdn);
1498 if (os_file_exists(buf)) {
1499 if (set_cred_quoted(ctx->ifname, id, "client_cert", buf) < 0) {
1500 wpa_printf(MSG_INFO, "Failed to set client_cert");
1501 }
1502 }
1503
1504 snprintf(buf, sizeof(buf), "%s/SP/%s/client-key.pem", dir, fqdn);
1505 if (os_file_exists(buf)) {
1506 if (set_cred_quoted(ctx->ifname, id, "private_key", buf) < 0) {
1507 wpa_printf(MSG_INFO, "Failed to set private_key");
1508 }
1509 }
1510}
1511
1512
1513static void set_pps_cred_realm(struct hs20_osu_client *ctx, int id,
1514 xml_node_t *node, const char *fqdn, int sim)
1515{
1516 char *str = xml_node_get_text(ctx->xml, node);
1517 char buf[200], dir[200];
1518
1519 if (str == NULL)
1520 return;
1521
1522 wpa_printf(MSG_INFO, "- Credential/Realm = %s", str);
1523 if (set_cred_quoted(ctx->ifname, id, "realm", str) < 0)
1524 wpa_printf(MSG_INFO, "Failed to set cred realm");
1525 xml_node_get_text_free(ctx->xml, str);
1526
1527 if (sim)
1528 return;
1529
1530 if (getcwd(dir, sizeof(dir)) == NULL)
1531 return;
1532 snprintf(buf, sizeof(buf), "%s/SP/%s/aaa-ca.pem", dir, fqdn);
1533 if (os_file_exists(buf)) {
1534 if (set_cred_quoted(ctx->ifname, id, "ca_cert", buf) < 0) {
1535 wpa_printf(MSG_INFO, "Failed to set CA cert");
1536 }
1537 }
1538}
1539
1540
1541static void set_pps_cred_check_aaa_cert_status(struct hs20_osu_client *ctx,
1542 int id, xml_node_t *node)
1543{
1544 char *str = xml_node_get_text(ctx->xml, node);
1545
1546 if (str == NULL)
1547 return;
1548
1549 wpa_printf(MSG_INFO, "- Credential/CheckAAAServerCertStatus = %s", str);
1550 if (os_strcasecmp(str, "true") == 0 &&
1551 set_cred(ctx->ifname, id, "ocsp", "2") < 0)
1552 wpa_printf(MSG_INFO, "Failed to set cred ocsp");
1553 xml_node_get_text_free(ctx->xml, str);
1554}
1555
1556
1557static void set_pps_cred_sim(struct hs20_osu_client *ctx, int id,
1558 xml_node_t *sim, xml_node_t *realm)
1559{
1560 xml_node_t *node;
1561 char *imsi, *eaptype, *str, buf[20];
1562 int type;
1563 int mnc_len = 3;
1564 size_t imsi_len;
1565
1566 node = get_node(ctx->xml, sim, "EAPType");
1567 if (node == NULL) {
1568 wpa_printf(MSG_INFO, "No SIM/EAPType node in credential");
1569 return;
1570 }
1571 eaptype = xml_node_get_text(ctx->xml, node);
1572 if (eaptype == NULL) {
1573 wpa_printf(MSG_INFO, "Could not extract SIM/EAPType");
1574 return;
1575 }
1576 wpa_printf(MSG_INFO, " - Credential/SIM/EAPType = %s", eaptype);
1577 type = atoi(eaptype);
1578 xml_node_get_text_free(ctx->xml, eaptype);
1579
1580 switch (type) {
1581 case EAP_TYPE_SIM:
1582 if (set_cred(ctx->ifname, id, "eap", "SIM") < 0)
1583 wpa_printf(MSG_INFO, "Could not set eap=SIM");
1584 break;
1585 case EAP_TYPE_AKA:
1586 if (set_cred(ctx->ifname, id, "eap", "AKA") < 0)
1587 wpa_printf(MSG_INFO, "Could not set eap=SIM");
1588 break;
1589 case EAP_TYPE_AKA_PRIME:
1590 if (set_cred(ctx->ifname, id, "eap", "AKA'") < 0)
1591 wpa_printf(MSG_INFO, "Could not set eap=SIM");
1592 break;
1593 default:
1594 wpa_printf(MSG_INFO, "Unsupported SIM/EAPType %d", type);
1595 return;
1596 }
1597
1598 node = get_node(ctx->xml, sim, "IMSI");
1599 if (node == NULL) {
1600 wpa_printf(MSG_INFO, "No SIM/IMSI node in credential");
1601 return;
1602 }
1603 imsi = xml_node_get_text(ctx->xml, node);
1604 if (imsi == NULL) {
1605 wpa_printf(MSG_INFO, "Could not extract SIM/IMSI");
1606 return;
1607 }
1608 wpa_printf(MSG_INFO, " - Credential/SIM/IMSI = %s", imsi);
1609 imsi_len = os_strlen(imsi);
1610 if (imsi_len < 7 || imsi_len + 2 > sizeof(buf)) {
1611 wpa_printf(MSG_INFO, "Invalid IMSI length");
1612 xml_node_get_text_free(ctx->xml, imsi);
1613 return;
1614 }
1615
1616 str = xml_node_get_text(ctx->xml, node);
1617 if (str) {
1618 char *pos;
1619 pos = os_strstr(str, "mnc");
1620 if (pos && os_strlen(pos) >= 6) {
1621 if (os_strncmp(imsi + 3, pos + 3, 3) == 0)
1622 mnc_len = 3;
1623 else if (os_strncmp(imsi + 3, pos + 4, 2) == 0)
1624 mnc_len = 2;
1625 }
1626 xml_node_get_text_free(ctx->xml, str);
1627 }
1628
1629 os_memcpy(buf, imsi, 3 + mnc_len);
1630 buf[3 + mnc_len] = '-';
1631 os_strlcpy(buf + 3 + mnc_len + 1, imsi + 3 + mnc_len,
1632 sizeof(buf) - 3 - mnc_len - 1);
1633
1634 xml_node_get_text_free(ctx->xml, imsi);
1635
1636 if (set_cred_quoted(ctx->ifname, id, "imsi", buf) < 0)
1637 wpa_printf(MSG_INFO, "Could not set IMSI");
1638
1639 if (set_cred_quoted(ctx->ifname, id, "milenage",
1640 "90dca4eda45b53cf0f12d7c9c3bc6a89:"
1641 "cb9cccc4b9258e6dca4760379fb82581:000000000123") <
1642 0)
1643 wpa_printf(MSG_INFO, "Could not set Milenage parameters");
1644}
1645
1646
1647static void set_pps_cred_credential(struct hs20_osu_client *ctx, int id,
1648 xml_node_t *node, const char *fqdn)
1649{
1650 xml_node_t *child, *sim, *realm;
1651 const char *name;
1652
1653 wpa_printf(MSG_INFO, "- Credential");
1654
1655 sim = get_node(ctx->xml, node, "SIM");
1656 realm = get_node(ctx->xml, node, "Realm");
1657
1658 xml_node_for_each_child(ctx->xml, child, node) {
1659 xml_node_for_each_check(ctx->xml, child);
1660 name = xml_node_get_localname(ctx->xml, child);
1661 if (os_strcasecmp(name, "CreationDate") == 0)
1662 set_pps_cred_creation_date(ctx, id, child);
1663 else if (os_strcasecmp(name, "ExpirationDate") == 0)
1664 set_pps_cred_expiration_date(ctx, id, child);
1665 else if (os_strcasecmp(name, "UsernamePassword") == 0)
1666 set_pps_cred_username_password(ctx, id, child);
1667 else if (os_strcasecmp(name, "DigitalCertificate") == 0)
1668 set_pps_cred_digital_cert(ctx, id, child, fqdn);
1669 else if (os_strcasecmp(name, "Realm") == 0)
1670 set_pps_cred_realm(ctx, id, child, fqdn, sim != NULL);
1671 else if (os_strcasecmp(name, "CheckAAAServerCertStatus") == 0)
1672 set_pps_cred_check_aaa_cert_status(ctx, id, child);
1673 else if (os_strcasecmp(name, "SIM") == 0)
1674 set_pps_cred_sim(ctx, id, child, realm);
1675 else
1676 wpa_printf(MSG_INFO, "Unknown Credential node '%s'",
1677 name);
1678 }
1679}
1680
1681
1682static void set_pps_credential(struct hs20_osu_client *ctx, int id,
1683 xml_node_t *cred, const char *fqdn)
1684{
1685 xml_node_t *child;
1686 const char *name;
1687
1688 xml_node_for_each_child(ctx->xml, child, cred) {
1689 xml_node_for_each_check(ctx->xml, child);
1690 name = xml_node_get_localname(ctx->xml, child);
1691 if (os_strcasecmp(name, "Policy") == 0)
1692 set_pps_cred_policy(ctx, id, child);
1693 else if (os_strcasecmp(name, "CredentialPriority") == 0)
1694 set_pps_cred_priority(ctx, id, child);
1695 else if (os_strcasecmp(name, "AAAServerTrustRoot") == 0)
1696 set_pps_cred_aaa_server_trust_root(ctx, id, child);
1697 else if (os_strcasecmp(name, "SubscriptionUpdate") == 0)
1698 set_pps_cred_sub_update(ctx, id, child);
1699 else if (os_strcasecmp(name, "HomeSP") == 0)
1700 set_pps_cred_home_sp(ctx, id, child);
1701 else if (os_strcasecmp(name, "SubscriptionParameters") == 0)
1702 set_pps_cred_sub_params(ctx, id, child);
1703 else if (os_strcasecmp(name, "Credential") == 0)
1704 set_pps_cred_credential(ctx, id, child, fqdn);
1705 else
1706 wpa_printf(MSG_INFO, "Unknown credential node '%s'",
1707 name);
1708 }
1709}
1710
1711
1712static void set_pps(struct hs20_osu_client *ctx, xml_node_t *pps,
1713 const char *fqdn)
1714{
1715 xml_node_t *child;
1716 const char *name;
1717 int id;
1718 char *update_identifier = NULL;
1719
1720 /*
1721 * TODO: Could consider more complex mechanism that would remove
1722 * credentials only if there are changes in the information sent to
1723 * wpa_supplicant.
1724 */
1725 remove_sp_creds(ctx, fqdn);
1726
1727 xml_node_for_each_child(ctx->xml, child, pps) {
1728 xml_node_for_each_check(ctx->xml, child);
1729 name = xml_node_get_localname(ctx->xml, child);
1730 if (os_strcasecmp(name, "UpdateIdentifier") == 0) {
1731 update_identifier = xml_node_get_text(ctx->xml, child);
1732 if (update_identifier) {
1733 wpa_printf(MSG_INFO, "- UpdateIdentifier = %s",
1734 update_identifier);
1735 break;
1736 }
1737 }
1738 }
1739
1740 xml_node_for_each_child(ctx->xml, child, pps) {
1741 xml_node_for_each_check(ctx->xml, child);
1742 name = xml_node_get_localname(ctx->xml, child);
1743 if (os_strcasecmp(name, "UpdateIdentifier") == 0)
1744 continue;
1745 id = add_cred(ctx->ifname);
1746 if (id < 0) {
1747 wpa_printf(MSG_INFO, "Failed to add credential to wpa_supplicant");
1748 write_summary(ctx, "Failed to add credential to wpa_supplicant");
1749 break;
1750 }
1751 write_summary(ctx, "Add a credential to wpa_supplicant");
1752 if (update_identifier &&
1753 set_cred(ctx->ifname, id, "update_identifier",
1754 update_identifier) < 0)
1755 wpa_printf(MSG_INFO, "Failed to set update_identifier");
1756 if (set_cred_quoted(ctx->ifname, id, "provisioning_sp", fqdn) <
1757 0)
1758 wpa_printf(MSG_INFO, "Failed to set provisioning_sp");
1759 wpa_printf(MSG_INFO, "credential localname: '%s'", name);
1760 set_pps_credential(ctx, id, child, fqdn);
1761 ctx->pps_cred_set = 1;
1762 }
1763
1764 xml_node_get_text_free(ctx->xml, update_identifier);
1765}
1766
1767
1768void cmd_set_pps(struct hs20_osu_client *ctx, const char *pps_fname)
1769{
1770 xml_node_t *pps;
1771 const char *fqdn;
1772 char *fqdn_buf = NULL, *pos;
1773
1774 pps = node_from_file(ctx->xml, pps_fname);
1775 if (pps == NULL) {
1776 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
1777 return;
1778 }
1779
1780 fqdn = os_strstr(pps_fname, "SP/");
1781 if (fqdn) {
1782 fqdn_buf = os_strdup(fqdn + 3);
1783 if (fqdn_buf == NULL)
1784 return;
1785 pos = os_strchr(fqdn_buf, '/');
1786 if (pos)
1787 *pos = '\0';
1788 fqdn = fqdn_buf;
1789 } else
1790 fqdn = "wi-fi.org";
1791
1792 wpa_printf(MSG_INFO, "Set PPS MO info to wpa_supplicant - SP FQDN %s",
1793 fqdn);
1794 set_pps(ctx, pps, fqdn);
1795
1796 os_free(fqdn_buf);
1797 xml_node_free(ctx->xml, pps);
1798}
1799
1800
1801static int cmd_get_fqdn(struct hs20_osu_client *ctx, const char *pps_fname)
1802{
1803 xml_node_t *pps, *node;
1804 char *fqdn = NULL;
1805
1806 pps = node_from_file(ctx->xml, pps_fname);
1807 if (pps == NULL) {
1808 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
1809 return -1;
1810 }
1811
1812 node = get_child_node(ctx->xml, pps, "HomeSP/FQDN");
1813 if (node)
1814 fqdn = xml_node_get_text(ctx->xml, node);
1815
1816 xml_node_free(ctx->xml, pps);
1817
1818 if (fqdn) {
1819 FILE *f = fopen("pps-fqdn", "w");
1820 if (f) {
1821 fprintf(f, "%s", fqdn);
1822 fclose(f);
1823 }
1824 xml_node_get_text_free(ctx->xml, fqdn);
1825 return 0;
1826 }
1827
1828 xml_node_get_text_free(ctx->xml, fqdn);
1829 return -1;
1830}
1831
1832
1833static void cmd_to_tnds(struct hs20_osu_client *ctx, const char *in_fname,
1834 const char *out_fname, const char *urn, int use_path)
1835{
1836 xml_node_t *mo, *node;
1837
1838 mo = node_from_file(ctx->xml, in_fname);
1839 if (mo == NULL) {
1840 wpa_printf(MSG_INFO, "Could not read or parse '%s'", in_fname);
1841 return;
1842 }
1843
1844 node = mo_to_tnds(ctx->xml, mo, use_path, urn, NULL);
1845 if (node) {
1846 node_to_file(ctx->xml, out_fname, node);
1847 xml_node_free(ctx->xml, node);
1848 }
1849
1850 xml_node_free(ctx->xml, mo);
1851}
1852
1853
1854static void cmd_from_tnds(struct hs20_osu_client *ctx, const char *in_fname,
1855 const char *out_fname)
1856{
1857 xml_node_t *tnds, *mo;
1858
1859 tnds = node_from_file(ctx->xml, in_fname);
1860 if (tnds == NULL) {
1861 wpa_printf(MSG_INFO, "Could not read or parse '%s'", in_fname);
1862 return;
1863 }
1864
1865 mo = tnds_to_mo(ctx->xml, tnds);
1866 if (mo) {
1867 node_to_file(ctx->xml, out_fname, mo);
1868 xml_node_free(ctx->xml, mo);
1869 }
1870
1871 xml_node_free(ctx->xml, tnds);
1872}
1873
1874
1875struct osu_icon {
1876 int id;
1877 char lang[4];
1878 char mime_type[256];
1879 char filename[256];
1880};
1881
1882struct osu_data {
1883 char bssid[20];
1884 char url[256];
1885 unsigned int methods;
1886 char osu_ssid[33];
1887 char osu_nai[256];
1888 struct osu_lang_text friendly_name[MAX_OSU_VALS];
1889 size_t friendly_name_count;
1890 struct osu_lang_text serv_desc[MAX_OSU_VALS];
1891 size_t serv_desc_count;
1892 struct osu_icon icon[MAX_OSU_VALS];
1893 size_t icon_count;
1894};
1895
1896
1897static struct osu_data * parse_osu_providers(const char *fname, size_t *count)
1898{
1899 FILE *f;
1900 char buf[1000];
1901 struct osu_data *osu = NULL, *last = NULL;
1902 size_t osu_count = 0;
1903 char *pos, *end;
1904
1905 f = fopen(fname, "r");
1906 if (f == NULL) {
1907 wpa_printf(MSG_ERROR, "Could not open %s", fname);
1908 return NULL;
1909 }
1910
1911 while (fgets(buf, sizeof(buf), f)) {
1912 pos = strchr(buf, '\n');
1913 if (pos)
1914 *pos = '\0';
1915
1916 if (strncmp(buf, "OSU-PROVIDER ", 13) == 0) {
1917 last = realloc(osu, (osu_count + 1) * sizeof(*osu));
1918 if (last == NULL)
1919 break;
1920 osu = last;
1921 last = &osu[osu_count++];
1922 memset(last, 0, sizeof(*last));
1923 snprintf(last->bssid, sizeof(last->bssid), "%s",
1924 buf + 13);
1925 continue;
1926 }
1927 if (!last)
1928 continue;
1929
1930 if (strncmp(buf, "uri=", 4) == 0) {
1931 snprintf(last->url, sizeof(last->url), "%s", buf + 4);
1932 continue;
1933 }
1934
1935 if (strncmp(buf, "methods=", 8) == 0) {
1936 last->methods = strtol(buf + 8, NULL, 16);
1937 continue;
1938 }
1939
1940 if (strncmp(buf, "osu_ssid=", 9) == 0) {
1941 snprintf(last->osu_ssid, sizeof(last->osu_ssid),
1942 "%s", buf + 9);
1943 continue;
1944 }
1945
1946 if (os_strncmp(buf, "osu_nai=", 8) == 0) {
1947 os_snprintf(last->osu_nai, sizeof(last->osu_nai),
1948 "%s", buf + 8);
1949 continue;
1950 }
1951
1952 if (strncmp(buf, "friendly_name=", 14) == 0) {
1953 struct osu_lang_text *txt;
1954 if (last->friendly_name_count == MAX_OSU_VALS)
1955 continue;
1956 pos = strchr(buf + 14, ':');
1957 if (pos == NULL)
1958 continue;
1959 *pos++ = '\0';
1960 txt = &last->friendly_name[last->friendly_name_count++];
1961 snprintf(txt->lang, sizeof(txt->lang), "%s", buf + 14);
1962 snprintf(txt->text, sizeof(txt->text), "%s", pos);
1963 }
1964
1965 if (strncmp(buf, "desc=", 5) == 0) {
1966 struct osu_lang_text *txt;
1967 if (last->serv_desc_count == MAX_OSU_VALS)
1968 continue;
1969 pos = strchr(buf + 5, ':');
1970 if (pos == NULL)
1971 continue;
1972 *pos++ = '\0';
1973 txt = &last->serv_desc[last->serv_desc_count++];
1974 snprintf(txt->lang, sizeof(txt->lang), "%s", buf + 5);
1975 snprintf(txt->text, sizeof(txt->text), "%s", pos);
1976 }
1977
1978 if (strncmp(buf, "icon=", 5) == 0) {
1979 struct osu_icon *icon;
1980 if (last->icon_count == MAX_OSU_VALS)
1981 continue;
1982 icon = &last->icon[last->icon_count++];
1983 icon->id = atoi(buf + 5);
1984 pos = strchr(buf, ':');
1985 if (pos == NULL)
1986 continue;
1987 pos = strchr(pos + 1, ':');
1988 if (pos == NULL)
1989 continue;
1990 pos = strchr(pos + 1, ':');
1991 if (pos == NULL)
1992 continue;
1993 pos++;
1994 end = strchr(pos, ':');
1995 if (!end)
1996 continue;
1997 *end = '\0';
1998 snprintf(icon->lang, sizeof(icon->lang), "%s", pos);
1999 pos = end + 1;
2000
2001 end = strchr(pos, ':');
2002 if (end)
2003 *end = '\0';
2004 snprintf(icon->mime_type, sizeof(icon->mime_type),
2005 "%s", pos);
2006 if (!pos)
2007 continue;
2008 pos = end + 1;
2009
2010 end = strchr(pos, ':');
2011 if (end)
2012 *end = '\0';
2013 snprintf(icon->filename, sizeof(icon->filename),
2014 "%s", pos);
2015 continue;
2016 }
2017 }
2018
2019 fclose(f);
2020
2021 *count = osu_count;
2022 return osu;
2023}
2024
2025
2026static int osu_connect(struct hs20_osu_client *ctx, const char *bssid,
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2027 const char *ssid, const char *url,
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2028 unsigned int methods, int no_prod_assoc,
2029 const char *osu_nai)
2030{
2031 int id;
2032 const char *ifname = ctx->ifname;
2033 char buf[200];
2034 struct wpa_ctrl *mon;
2035 int res;
2036
2037 id = add_network(ifname);
2038 if (id < 0)
2039 return -1;
2040 if (set_network_quoted(ifname, id, "ssid", ssid) < 0)
2041 return -1;
2042 if (osu_nai && os_strlen(osu_nai) > 0) {
2043 char dir[255], fname[300];
2044 if (getcwd(dir, sizeof(dir)) == NULL)
2045 return -1;
2046 os_snprintf(fname, sizeof(fname), "%s/osu-ca.pem", dir);
2047
2048 if (set_network(ifname, id, "proto", "OSEN") < 0 ||
2049 set_network(ifname, id, "key_mgmt", "OSEN") < 0 ||
2050 set_network(ifname, id, "pairwise", "CCMP") < 0 ||
2051 set_network(ifname, id, "group", "GTK_NOT_USED") < 0 ||
2052 set_network(ifname, id, "eap", "WFA-UNAUTH-TLS") < 0 ||
2053 set_network(ifname, id, "ocsp", "2") < 0 ||
2054 set_network_quoted(ifname, id, "identity", osu_nai) < 0 ||
2055 set_network_quoted(ifname, id, "ca_cert", fname) < 0)
2056 return -1;
2057 } else {
2058 if (set_network(ifname, id, "key_mgmt", "NONE") < 0)
2059 return -1;
2060 }
2061
2062 mon = open_wpa_mon(ifname);
2063 if (mon == NULL)
2064 return -1;
2065
2066 wpa_printf(MSG_INFO, "Associate with OSU SSID");
2067 write_summary(ctx, "Associate with OSU SSID");
2068 snprintf(buf, sizeof(buf), "SELECT_NETWORK %d", id);
2069 if (wpa_command(ifname, buf) < 0)
2070 return -1;
2071
2072 res = get_wpa_cli_event(mon, "CTRL-EVENT-CONNECTED",
2073 buf, sizeof(buf));
2074
2075 wpa_ctrl_detach(mon);
2076 wpa_ctrl_close(mon);
2077
2078 if (res < 0) {
2079 wpa_printf(MSG_INFO, "Could not connect");
2080 write_summary(ctx, "Could not connect to OSU network");
2081 wpa_printf(MSG_INFO, "Remove OSU network connection");
2082 snprintf(buf, sizeof(buf), "REMOVE_NETWORK %d", id);
2083 wpa_command(ifname, buf);
2084 return -1;
2085 }
2086
2087 write_summary(ctx, "Waiting for IP address for subscription registration");
2088 if (wait_ip_addr(ifname, 15) < 0) {
2089 wpa_printf(MSG_INFO, "Could not get IP address for WLAN - try connection anyway");
2090 }
2091
2092 if (no_prod_assoc) {
2093 if (res < 0)
2094 return -1;
2095 wpa_printf(MSG_INFO, "No production connection used for testing purposes");
2096 write_summary(ctx, "No production connection used for testing purposes");
2097 return 0;
2098 }
2099
2100 ctx->no_reconnect = 1;
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]2101 if (methods & 0x02) {
2102 wpa_printf(MSG_DEBUG, "Calling cmd_prov from osu_connect");
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2103 res = cmd_prov(ctx, url);
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]2104 } else if (methods & 0x01) {
2105 wpa_printf(MSG_DEBUG,
2106 "Calling cmd_oma_dm_prov from osu_connect");
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2107 res = cmd_oma_dm_prov(ctx, url);
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]2108 }
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2109
2110 wpa_printf(MSG_INFO, "Remove OSU network connection");
2111 write_summary(ctx, "Remove OSU network connection");
2112 snprintf(buf, sizeof(buf), "REMOVE_NETWORK %d", id);
2113 wpa_command(ifname, buf);
2114
2115 if (res < 0)
2116 return -1;
2117
2118 wpa_printf(MSG_INFO, "Requesting reconnection with updated configuration");
2119 write_summary(ctx, "Requesting reconnection with updated configuration");
2120 if (wpa_command(ctx->ifname, "INTERWORKING_SELECT auto") < 0) {
2121 wpa_printf(MSG_INFO, "Failed to request wpa_supplicant to reconnect");
2122 write_summary(ctx, "Failed to request wpa_supplicant to reconnect");
2123 return -1;
2124 }
2125
2126 return 0;
2127}
2128
2129
2130static int cmd_osu_select(struct hs20_osu_client *ctx, const char *dir,
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2131 int connect, int no_prod_assoc,
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2132 const char *friendly_name)
2133{
2134 char fname[255];
2135 FILE *f;
2136 struct osu_data *osu = NULL, *last = NULL;
2137 size_t osu_count, i, j;
2138 int ret;
2139
2140 write_summary(ctx, "OSU provider selection");
2141
2142 if (dir == NULL) {
2143 wpa_printf(MSG_INFO, "Missing dir parameter to osu_select");
2144 return -1;
2145 }
2146
2147 snprintf(fname, sizeof(fname), "%s/osu-providers.txt", dir);
2148 osu = parse_osu_providers(fname, &osu_count);
2149 if (osu == NULL) {
Dmitry Shmidt912c6ec2015-03-30 13:16:51 -0700[diff] [blame]2150 wpa_printf(MSG_INFO, "Could not find any OSU providers from %s",
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2151 fname);
2152 write_result(ctx, "No OSU providers available");
2153 return -1;
2154 }
2155
2156 if (friendly_name) {
2157 for (i = 0; i < osu_count; i++) {
2158 last = &osu[i];
2159 for (j = 0; j < last->friendly_name_count; j++) {
2160 if (os_strcmp(last->friendly_name[j].text,
2161 friendly_name) == 0)
2162 break;
2163 }
2164 if (j < last->friendly_name_count)
2165 break;
2166 }
2167 if (i == osu_count) {
2168 wpa_printf(MSG_INFO, "Requested operator friendly name '%s' not found in the list of available providers",
2169 friendly_name);
2170 write_summary(ctx, "Requested operator friendly name '%s' not found in the list of available providers",
2171 friendly_name);
2172 free(osu);
2173 return -1;
2174 }
2175
2176 wpa_printf(MSG_INFO, "OSU Provider selected based on requested operator friendly name '%s'",
2177 friendly_name);
2178 write_summary(ctx, "OSU Provider selected based on requested operator friendly name '%s'",
2179 friendly_name);
2180 ret = i + 1;
2181 goto selected;
2182 }
2183
2184 snprintf(fname, sizeof(fname), "%s/osu-providers.html", dir);
2185 f = fopen(fname, "w");
2186 if (f == NULL) {
2187 wpa_printf(MSG_INFO, "Could not open %s", fname);
2188 free(osu);
2189 return -1;
2190 }
2191
2192 fprintf(f, "<html><head>"
2193 "<meta http-equiv=\"Content-type\" content=\"text/html; "
2194 "charset=utf-8\"<title>Select service operator</title>"
2195 "</head><body><h1>Select service operator</h1>\n");
2196
2197 if (osu_count == 0)
2198 fprintf(f, "No online signup available\n");
2199
2200 for (i = 0; i < osu_count; i++) {
2201 last = &osu[i];
2202#ifdef ANDROID
2203 fprintf(f, "<p>\n"
2204 "<a href=\"http://localhost:12345/osu/%d\">"
2205 "<table><tr><td>", (int) i + 1);
2206#else /* ANDROID */
2207 fprintf(f, "<p>\n"
2208 "<a href=\"osu://%d\">"
2209 "<table><tr><td>", (int) i + 1);
2210#endif /* ANDROID */
2211 for (j = 0; j < last->icon_count; j++) {
2212 fprintf(f, "<img src=\"osu-icon-%d.%s\">\n",
2213 last->icon[j].id,
2214 strcasecmp(last->icon[j].mime_type,
2215 "image/png") == 0 ? "png" : "icon");
2216 }
2217 fprintf(f, "<td>");
2218 for (j = 0; j < last->friendly_name_count; j++) {
2219 fprintf(f, "<small>[%s]</small> %s<br>\n",
2220 last->friendly_name[j].lang,
2221 last->friendly_name[j].text);
2222 }
2223 fprintf(f, "<tr><td colspan=2>");
2224 for (j = 0; j < last->serv_desc_count; j++) {
2225 fprintf(f, "<small>[%s]</small> %s<br>\n",
2226 last->serv_desc[j].lang,
2227 last->serv_desc[j].text);
2228 }
2229 fprintf(f, "</table></a><br><small>BSSID: %s<br>\n"
2230 "SSID: %s<br>\n",
2231 last->bssid, last->osu_ssid);
Dmitry Shmidt1d6bf422016-01-19 15:51:35 -0800[diff] [blame^]2232 if (last->osu_nai[0])
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2233 fprintf(f, "NAI: %s<br>\n", last->osu_nai);
2234 fprintf(f, "URL: %s<br>\n"
2235 "methods:%s%s<br>\n"
2236 "</small></p>\n",
2237 last->url,
2238 last->methods & 0x01 ? " OMA-DM" : "",
2239 last->methods & 0x02 ? " SOAP-XML-SPP" : "");
2240 }
2241
2242 fprintf(f, "</body></html>\n");
2243
2244 fclose(f);
2245
2246 snprintf(fname, sizeof(fname), "file://%s/osu-providers.html", dir);
2247 write_summary(ctx, "Start web browser with OSU provider selection page");
2248 ret = hs20_web_browser(fname);
2249
2250selected:
2251 if (ret > 0 && (size_t) ret <= osu_count) {
2252 char *data;
2253 size_t data_len;
2254
2255 wpa_printf(MSG_INFO, "Selected OSU id=%d", ret);
2256 last = &osu[ret - 1];
2257 ret = 0;
2258 wpa_printf(MSG_INFO, "BSSID: %s", last->bssid);
2259 wpa_printf(MSG_INFO, "SSID: %s", last->osu_ssid);
2260 wpa_printf(MSG_INFO, "URL: %s", last->url);
2261 write_summary(ctx, "Selected OSU provider id=%d BSSID=%s SSID=%s URL=%s",
2262 ret, last->bssid, last->osu_ssid, last->url);
2263
2264 ctx->friendly_name_count = last->friendly_name_count;
2265 for (j = 0; j < last->friendly_name_count; j++) {
2266 wpa_printf(MSG_INFO, "FRIENDLY_NAME: [%s]%s",
2267 last->friendly_name[j].lang,
2268 last->friendly_name[j].text);
2269 os_strlcpy(ctx->friendly_name[j].lang,
2270 last->friendly_name[j].lang,
2271 sizeof(ctx->friendly_name[j].lang));
2272 os_strlcpy(ctx->friendly_name[j].text,
2273 last->friendly_name[j].text,
2274 sizeof(ctx->friendly_name[j].text));
2275 }
2276
2277 ctx->icon_count = last->icon_count;
2278 for (j = 0; j < last->icon_count; j++) {
2279 char fname[256];
2280
2281 os_snprintf(fname, sizeof(fname), "%s/osu-icon-%d.%s",
2282 dir, last->icon[j].id,
2283 strcasecmp(last->icon[j].mime_type,
2284 "image/png") == 0 ?
2285 "png" : "icon");
2286 wpa_printf(MSG_INFO, "ICON: %s (%s)",
2287 fname, last->icon[j].filename);
2288 os_strlcpy(ctx->icon_filename[j],
2289 last->icon[j].filename,
2290 sizeof(ctx->icon_filename[j]));
2291
2292 data = os_readfile(fname, &data_len);
2293 if (data) {
2294 sha256_vector(1, (const u8 **) &data, &data_len,
2295 ctx->icon_hash[j]);
2296 os_free(data);
2297 }
2298 }
2299
2300 if (connect == 2) {
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]2301 if (last->methods & 0x02) {
2302 wpa_printf(MSG_DEBUG,
2303 "Calling cmd_prov from cmd_osu_select");
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2304 ret = cmd_prov(ctx, last->url);
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]2305 } else if (last->methods & 0x01) {
2306 wpa_printf(MSG_DEBUG,
2307 "Calling cmd_oma_dm_prov from cmd_osu_select");
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2308 ret = cmd_oma_dm_prov(ctx, last->url);
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]2309 } else {
2310 wpa_printf(MSG_DEBUG,
2311 "No supported OSU provisioning method");
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2312 ret = -1;
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]2313 }
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2314 } else if (connect)
2315 ret = osu_connect(ctx, last->bssid, last->osu_ssid,
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2316 last->url, last->methods,
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2317 no_prod_assoc, last->osu_nai);
2318 } else
2319 ret = -1;
2320
2321 free(osu);
2322
2323 return ret;
2324}
2325
2326
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2327static int cmd_signup(struct hs20_osu_client *ctx, int no_prod_assoc,
2328 const char *friendly_name)
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2329{
2330 char dir[255];
2331 char fname[300], buf[400];
2332 struct wpa_ctrl *mon;
2333 const char *ifname;
2334 int res;
2335
2336 ifname = ctx->ifname;
2337
2338 if (getcwd(dir, sizeof(dir)) == NULL)
2339 return -1;
2340
2341 snprintf(fname, sizeof(fname), "%s/osu-info", dir);
2342 if (mkdir(fname, S_IRWXU | S_IRWXG) < 0 && errno != EEXIST) {
2343 wpa_printf(MSG_INFO, "mkdir(%s) failed: %s",
2344 fname, strerror(errno));
2345 return -1;
2346 }
2347
2348 snprintf(buf, sizeof(buf), "SET osu_dir %s", fname);
2349 if (wpa_command(ifname, buf) < 0) {
2350 wpa_printf(MSG_INFO, "Failed to configure osu_dir to wpa_supplicant");
2351 return -1;
2352 }
2353
2354 mon = open_wpa_mon(ifname);
2355 if (mon == NULL)
2356 return -1;
2357
2358 wpa_printf(MSG_INFO, "Starting OSU fetch");
2359 write_summary(ctx, "Starting OSU provider information fetch");
2360 if (wpa_command(ifname, "FETCH_OSU") < 0) {
2361 wpa_printf(MSG_INFO, "Could not start OSU fetch");
2362 wpa_ctrl_detach(mon);
2363 wpa_ctrl_close(mon);
2364 return -1;
2365 }
2366 res = get_wpa_cli_event(mon, "OSU provider fetch completed",
2367 buf, sizeof(buf));
2368
2369 wpa_ctrl_detach(mon);
2370 wpa_ctrl_close(mon);
2371
2372 if (res < 0) {
2373 wpa_printf(MSG_INFO, "OSU fetch did not complete");
2374 write_summary(ctx, "OSU fetch did not complete");
2375 return -1;
2376 }
2377 wpa_printf(MSG_INFO, "OSU provider fetch completed");
2378
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2379 return cmd_osu_select(ctx, fname, 1, no_prod_assoc, friendly_name);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2380}
2381
2382
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2383static int cmd_sub_rem(struct hs20_osu_client *ctx, const char *address,
2384 const char *pps_fname, const char *ca_fname)
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2385{
2386 xml_node_t *pps, *node;
2387 char pps_fname_buf[300];
2388 char ca_fname_buf[200];
2389 char *cred_username = NULL;
2390 char *cred_password = NULL;
2391 char *sub_rem_uri = NULL;
2392 char client_cert_buf[200];
2393 char *client_cert = NULL;
2394 char client_key_buf[200];
2395 char *client_key = NULL;
2396 int spp;
2397
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2398 wpa_printf(MSG_INFO, "Subscription remediation requested with Server URL: %s",
2399 address);
2400
2401 if (!pps_fname) {
2402 char buf[256];
2403 wpa_printf(MSG_INFO, "Determining PPS file based on Home SP information");
2404 if (os_strncmp(address, "fqdn=", 5) == 0) {
2405 wpa_printf(MSG_INFO, "Use requested FQDN from command line");
2406 os_snprintf(buf, sizeof(buf), "%s", address + 5);
2407 address = NULL;
2408 } else if (get_wpa_status(ctx->ifname, "provisioning_sp", buf,
2409 sizeof(buf)) < 0) {
2410 wpa_printf(MSG_INFO, "Could not get provisioning Home SP FQDN from wpa_supplicant");
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2411 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2412 }
2413 os_free(ctx->fqdn);
2414 ctx->fqdn = os_strdup(buf);
2415 if (ctx->fqdn == NULL)
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2416 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2417 wpa_printf(MSG_INFO, "Home SP FQDN for current credential: %s",
2418 buf);
2419 os_snprintf(pps_fname_buf, sizeof(pps_fname_buf),
2420 "SP/%s/pps.xml", ctx->fqdn);
2421 pps_fname = pps_fname_buf;
2422
2423 os_snprintf(ca_fname_buf, sizeof(ca_fname_buf), "SP/%s/ca.pem",
2424 ctx->fqdn);
2425 ca_fname = ca_fname_buf;
2426 }
2427
2428 if (!os_file_exists(pps_fname)) {
2429 wpa_printf(MSG_INFO, "PPS file '%s' does not exist or is not accessible",
2430 pps_fname);
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2431 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2432 }
2433 wpa_printf(MSG_INFO, "Using PPS file: %s", pps_fname);
2434
2435 if (ca_fname && !os_file_exists(ca_fname)) {
2436 wpa_printf(MSG_INFO, "CA file '%s' does not exist or is not accessible",
2437 ca_fname);
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2438 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2439 }
2440 wpa_printf(MSG_INFO, "Using server trust root: %s", ca_fname);
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2441 ctx->ca_fname = ca_fname;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2442
2443 pps = node_from_file(ctx->xml, pps_fname);
2444 if (pps == NULL) {
2445 wpa_printf(MSG_INFO, "Could not read PPS MO");
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2446 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2447 }
2448
2449 if (!ctx->fqdn) {
2450 char *tmp;
2451 node = get_child_node(ctx->xml, pps, "HomeSP/FQDN");
2452 if (node == NULL) {
2453 wpa_printf(MSG_INFO, "No HomeSP/FQDN found from PPS");
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2454 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2455 }
2456 tmp = xml_node_get_text(ctx->xml, node);
2457 if (tmp == NULL) {
2458 wpa_printf(MSG_INFO, "No HomeSP/FQDN text found from PPS");
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2459 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2460 }
2461 ctx->fqdn = os_strdup(tmp);
2462 xml_node_get_text_free(ctx->xml, tmp);
2463 if (!ctx->fqdn) {
2464 wpa_printf(MSG_INFO, "No FQDN known");
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2465 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2466 }
2467 }
2468
2469 node = get_child_node(ctx->xml, pps,
2470 "SubscriptionUpdate/UpdateMethod");
2471 if (node) {
2472 char *tmp;
2473 tmp = xml_node_get_text(ctx->xml, node);
2474 if (tmp && os_strcasecmp(tmp, "OMA-DM-ClientInitiated") == 0)
2475 spp = 0;
2476 else
2477 spp = 1;
2478 } else {
2479 wpa_printf(MSG_INFO, "No UpdateMethod specified - assume SPP");
2480 spp = 1;
2481 }
2482
2483 get_user_pw(ctx, pps, "SubscriptionUpdate/UsernamePassword",
2484 &cred_username, &cred_password);
2485 if (cred_username)
2486 wpa_printf(MSG_INFO, "Using username: %s", cred_username);
2487 if (cred_password)
2488 wpa_printf(MSG_DEBUG, "Using password: %s", cred_password);
2489
2490 if (cred_username == NULL && cred_password == NULL &&
2491 get_child_node(ctx->xml, pps, "Credential/DigitalCertificate")) {
2492 wpa_printf(MSG_INFO, "Using client certificate");
2493 os_snprintf(client_cert_buf, sizeof(client_cert_buf),
2494 "SP/%s/client-cert.pem", ctx->fqdn);
2495 client_cert = client_cert_buf;
2496 os_snprintf(client_key_buf, sizeof(client_key_buf),
2497 "SP/%s/client-key.pem", ctx->fqdn);
2498 client_key = client_key_buf;
2499 ctx->client_cert_present = 1;
2500 }
2501
2502 node = get_child_node(ctx->xml, pps, "SubscriptionUpdate/URI");
2503 if (node) {
2504 sub_rem_uri = xml_node_get_text(ctx->xml, node);
2505 if (sub_rem_uri &&
2506 (!address || os_strcmp(address, sub_rem_uri) != 0)) {
2507 wpa_printf(MSG_INFO, "Override sub rem URI based on PPS: %s",
2508 sub_rem_uri);
2509 address = sub_rem_uri;
2510 }
2511 }
2512 if (!address) {
2513 wpa_printf(MSG_INFO, "Server URL not known");
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2514 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2515 }
2516
2517 write_summary(ctx, "Wait for IP address for subscriptiom remediation");
2518 wpa_printf(MSG_INFO, "Wait for IP address before starting subscription remediation");
2519
2520 if (wait_ip_addr(ctx->ifname, 15) < 0) {
2521 wpa_printf(MSG_INFO, "Could not get IP address for WLAN - try connection anyway");
2522 }
2523
2524 if (spp)
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2525 spp_sub_rem(ctx, address, pps_fname,
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2526 client_cert, client_key,
2527 cred_username, cred_password, pps);
2528 else
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2529 oma_dm_sub_rem(ctx, address, pps_fname,
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2530 client_cert, client_key,
2531 cred_username, cred_password, pps);
2532
2533 xml_node_get_text_free(ctx->xml, sub_rem_uri);
2534 xml_node_get_text_free(ctx->xml, cred_username);
Dmitry Shmidtc2817022014-07-02 10:32:10 -0700[diff] [blame]2535 str_clear_free(cred_password);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2536 xml_node_free(ctx->xml, pps);
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2537 return 0;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2538}
2539
2540
2541static int cmd_pol_upd(struct hs20_osu_client *ctx, const char *address,
2542 const char *pps_fname, const char *ca_fname)
2543{
2544 xml_node_t *pps;
2545 xml_node_t *node;
2546 char pps_fname_buf[300];
2547 char ca_fname_buf[200];
2548 char *uri = NULL;
2549 char *cred_username = NULL;
2550 char *cred_password = NULL;
2551 char client_cert_buf[200];
2552 char *client_cert = NULL;
2553 char client_key_buf[200];
2554 char *client_key = NULL;
2555 int spp;
2556
2557 wpa_printf(MSG_INFO, "Policy update requested");
2558
2559 if (!pps_fname) {
2560 char buf[256];
2561 wpa_printf(MSG_INFO, "Determining PPS file based on Home SP information");
2562 if (os_strncmp(address, "fqdn=", 5) == 0) {
2563 wpa_printf(MSG_INFO, "Use requested FQDN from command line");
2564 os_snprintf(buf, sizeof(buf), "%s", address + 5);
2565 address = NULL;
2566 } else if (get_wpa_status(ctx->ifname, "provisioning_sp", buf,
2567 sizeof(buf)) < 0) {
2568 wpa_printf(MSG_INFO, "Could not get provisioning Home SP FQDN from wpa_supplicant");
2569 return -1;
2570 }
2571 os_free(ctx->fqdn);
2572 ctx->fqdn = os_strdup(buf);
2573 if (ctx->fqdn == NULL)
2574 return -1;
2575 wpa_printf(MSG_INFO, "Home SP FQDN for current credential: %s",
2576 buf);
2577 os_snprintf(pps_fname_buf, sizeof(pps_fname_buf),
2578 "SP/%s/pps.xml", ctx->fqdn);
2579 pps_fname = pps_fname_buf;
2580
2581 os_snprintf(ca_fname_buf, sizeof(ca_fname_buf), "SP/%s/ca.pem",
2582 buf);
2583 ca_fname = ca_fname_buf;
2584 }
2585
2586 if (!os_file_exists(pps_fname)) {
2587 wpa_printf(MSG_INFO, "PPS file '%s' does not exist or is not accessible",
2588 pps_fname);
2589 return -1;
2590 }
2591 wpa_printf(MSG_INFO, "Using PPS file: %s", pps_fname);
2592
2593 if (ca_fname && !os_file_exists(ca_fname)) {
2594 wpa_printf(MSG_INFO, "CA file '%s' does not exist or is not accessible",
2595 ca_fname);
2596 return -1;
2597 }
2598 wpa_printf(MSG_INFO, "Using server trust root: %s", ca_fname);
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2599 ctx->ca_fname = ca_fname;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2600
2601 pps = node_from_file(ctx->xml, pps_fname);
2602 if (pps == NULL) {
2603 wpa_printf(MSG_INFO, "Could not read PPS MO");
2604 return -1;
2605 }
2606
2607 if (!ctx->fqdn) {
2608 char *tmp;
2609 node = get_child_node(ctx->xml, pps, "HomeSP/FQDN");
2610 if (node == NULL) {
2611 wpa_printf(MSG_INFO, "No HomeSP/FQDN found from PPS");
2612 return -1;
2613 }
2614 tmp = xml_node_get_text(ctx->xml, node);
2615 if (tmp == NULL) {
2616 wpa_printf(MSG_INFO, "No HomeSP/FQDN text found from PPS");
2617 return -1;
2618 }
2619 ctx->fqdn = os_strdup(tmp);
2620 xml_node_get_text_free(ctx->xml, tmp);
2621 if (!ctx->fqdn) {
2622 wpa_printf(MSG_INFO, "No FQDN known");
2623 return -1;
2624 }
2625 }
2626
2627 node = get_child_node(ctx->xml, pps,
2628 "Policy/PolicyUpdate/UpdateMethod");
2629 if (node) {
2630 char *tmp;
2631 tmp = xml_node_get_text(ctx->xml, node);
2632 if (tmp && os_strcasecmp(tmp, "OMA-DM-ClientInitiated") == 0)
2633 spp = 0;
2634 else
2635 spp = 1;
2636 } else {
2637 wpa_printf(MSG_INFO, "No UpdateMethod specified - assume SPP");
2638 spp = 1;
2639 }
2640
2641 get_user_pw(ctx, pps, "Policy/PolicyUpdate/UsernamePassword",
2642 &cred_username, &cred_password);
2643 if (cred_username)
2644 wpa_printf(MSG_INFO, "Using username: %s", cred_username);
2645 if (cred_password)
2646 wpa_printf(MSG_DEBUG, "Using password: %s", cred_password);
2647
2648 if (cred_username == NULL && cred_password == NULL &&
2649 get_child_node(ctx->xml, pps, "Credential/DigitalCertificate")) {
2650 wpa_printf(MSG_INFO, "Using client certificate");
2651 os_snprintf(client_cert_buf, sizeof(client_cert_buf),
2652 "SP/%s/client-cert.pem", ctx->fqdn);
2653 client_cert = client_cert_buf;
2654 os_snprintf(client_key_buf, sizeof(client_key_buf),
2655 "SP/%s/client-key.pem", ctx->fqdn);
2656 client_key = client_key_buf;
2657 }
2658
2659 if (!address) {
2660 node = get_child_node(ctx->xml, pps, "Policy/PolicyUpdate/URI");
2661 if (node) {
2662 uri = xml_node_get_text(ctx->xml, node);
2663 wpa_printf(MSG_INFO, "URI based on PPS: %s", uri);
2664 address = uri;
2665 }
2666 }
2667 if (!address) {
2668 wpa_printf(MSG_INFO, "Server URL not known");
2669 return -1;
2670 }
2671
2672 if (spp)
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2673 spp_pol_upd(ctx, address, pps_fname,
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2674 client_cert, client_key,
2675 cred_username, cred_password, pps);
2676 else
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2677 oma_dm_pol_upd(ctx, address, pps_fname,
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2678 client_cert, client_key,
2679 cred_username, cred_password, pps);
2680
2681 xml_node_get_text_free(ctx->xml, uri);
2682 xml_node_get_text_free(ctx->xml, cred_username);
Dmitry Shmidtc2817022014-07-02 10:32:10 -0700[diff] [blame]2683 str_clear_free(cred_password);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2684 xml_node_free(ctx->xml, pps);
2685
2686 return 0;
2687}
2688
2689
2690static char * get_hostname(const char *url)
2691{
2692 const char *pos, *end, *end2;
2693 char *ret;
2694
2695 if (url == NULL)
2696 return NULL;
2697
2698 pos = os_strchr(url, '/');
2699 if (pos == NULL)
2700 return NULL;
2701 pos++;
2702 if (*pos != '/')
2703 return NULL;
2704 pos++;
2705
2706 end = os_strchr(pos, '/');
2707 end2 = os_strchr(pos, ':');
Dmitry Shmidtb1e52102015-05-29 12:36:29 -0700[diff] [blame]2708 if ((end && end2 && end2 < end) || (!end && end2))
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2709 end = end2;
2710 if (end)
2711 end--;
2712 else {
2713 end = pos;
2714 while (*end)
2715 end++;
2716 if (end > pos)
2717 end--;
2718 }
2719
2720 ret = os_malloc(end - pos + 2);
2721 if (ret == NULL)
2722 return NULL;
2723
2724 os_memcpy(ret, pos, end - pos + 1);
2725 ret[end - pos + 1] = '\0';
2726
2727 return ret;
2728}
2729
2730
2731static int osu_cert_cb(void *_ctx, struct http_cert *cert)
2732{
2733 struct hs20_osu_client *ctx = _ctx;
2734 unsigned int i, j;
2735 int found;
2736 char *host = NULL;
2737
Dmitry Shmidtb1e52102015-05-29 12:36:29 -0700[diff] [blame]2738 wpa_printf(MSG_INFO, "osu_cert_cb(osu_cert_validation=%d, url=%s)",
2739 !ctx->no_osu_cert_validation, ctx->server_url);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2740
2741 host = get_hostname(ctx->server_url);
2742
2743 for (i = 0; i < ctx->server_dnsname_count; i++)
2744 os_free(ctx->server_dnsname[i]);
2745 os_free(ctx->server_dnsname);
2746 ctx->server_dnsname = os_calloc(cert->num_dnsname, sizeof(char *));
2747 ctx->server_dnsname_count = 0;
2748
2749 found = 0;
2750 for (i = 0; i < cert->num_dnsname; i++) {
2751 if (ctx->server_dnsname) {
2752 ctx->server_dnsname[ctx->server_dnsname_count] =
2753 os_strdup(cert->dnsname[i]);
2754 if (ctx->server_dnsname[ctx->server_dnsname_count])
2755 ctx->server_dnsname_count++;
2756 }
2757 if (host && os_strcasecmp(host, cert->dnsname[i]) == 0)
2758 found = 1;
2759 wpa_printf(MSG_INFO, "dNSName '%s'", cert->dnsname[i]);
2760 }
2761
2762 if (host && !found) {
2763 wpa_printf(MSG_INFO, "Server name from URL (%s) did not match any dNSName - abort connection",
2764 host);
2765 write_result(ctx, "Server name from URL (%s) did not match any dNSName - abort connection",
2766 host);
2767 os_free(host);
2768 return -1;
2769 }
2770
2771 os_free(host);
2772
2773 for (i = 0; i < cert->num_othername; i++) {
2774 if (os_strcmp(cert->othername[i].oid,
2775 "1.3.6.1.4.1.40808.1.1.1") == 0) {
2776 wpa_hexdump_ascii(MSG_INFO,
2777 "id-wfa-hotspot-friendlyName",
2778 cert->othername[i].data,
2779 cert->othername[i].len);
2780 }
2781 }
2782
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2783 for (j = 0; !ctx->no_osu_cert_validation &&
2784 j < ctx->friendly_name_count; j++) {
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2785 int found = 0;
2786 for (i = 0; i < cert->num_othername; i++) {
2787 if (os_strcmp(cert->othername[i].oid,
2788 "1.3.6.1.4.1.40808.1.1.1") != 0)
2789 continue;
2790 if (cert->othername[i].len < 3)
2791 continue;
2792 if (os_strncasecmp((char *) cert->othername[i].data,
2793 ctx->friendly_name[j].lang, 3) != 0)
2794 continue;
2795 if (os_strncmp((char *) cert->othername[i].data + 3,
2796 ctx->friendly_name[j].text,
2797 cert->othername[i].len - 3) == 0) {
2798 found = 1;
2799 break;
2800 }
2801 }
2802
2803 if (!found) {
2804 wpa_printf(MSG_INFO, "No friendly name match found for '[%s]%s'",
2805 ctx->friendly_name[j].lang,
2806 ctx->friendly_name[j].text);
2807 write_result(ctx, "No friendly name match found for '[%s]%s'",
2808 ctx->friendly_name[j].lang,
2809 ctx->friendly_name[j].text);
2810 return -1;
2811 }
2812 }
2813
2814 for (i = 0; i < cert->num_logo; i++) {
2815 struct http_logo *logo = &cert->logo[i];
2816
2817 wpa_printf(MSG_INFO, "logo hash alg %s uri '%s'",
2818 logo->alg_oid, logo->uri);
2819 wpa_hexdump_ascii(MSG_INFO, "hashValue",
2820 logo->hash, logo->hash_len);
2821 }
2822
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2823 for (j = 0; !ctx->no_osu_cert_validation && j < ctx->icon_count; j++) {
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2824 int found = 0;
2825 char *name = ctx->icon_filename[j];
2826 size_t name_len = os_strlen(name);
2827
Dmitry Shmidt912c6ec2015-03-30 13:16:51 -0700[diff] [blame]2828 wpa_printf(MSG_INFO,
2829 "[%i] Looking for icon file name '%s' match",
2830 j, name);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2831 for (i = 0; i < cert->num_logo; i++) {
2832 struct http_logo *logo = &cert->logo[i];
2833 size_t uri_len = os_strlen(logo->uri);
2834 char *pos;
2835
Dmitry Shmidt912c6ec2015-03-30 13:16:51 -0700[diff] [blame]2836 wpa_printf(MSG_INFO,
2837 "[%i] Comparing to '%s' uri_len=%d name_len=%d",
2838 i, logo->uri, (int) uri_len, (int) name_len);
2839 if (uri_len < 1 + name_len) {
2840 wpa_printf(MSG_INFO, "URI Length is too short");
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2841 continue;
Dmitry Shmidt912c6ec2015-03-30 13:16:51 -0700[diff] [blame]2842 }
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2843 pos = &logo->uri[uri_len - name_len - 1];
2844 if (*pos != '/')
2845 continue;
2846 pos++;
2847 if (os_strcmp(pos, name) == 0) {
2848 found = 1;
2849 break;
2850 }
2851 }
2852
2853 if (!found) {
2854 wpa_printf(MSG_INFO, "No icon filename match found for '%s'",
2855 name);
2856 write_result(ctx,
2857 "No icon filename match found for '%s'",
2858 name);
2859 return -1;
2860 }
2861 }
2862
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2863 for (j = 0; !ctx->no_osu_cert_validation && j < ctx->icon_count; j++) {
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2864 int found = 0;
2865
2866 for (i = 0; i < cert->num_logo; i++) {
2867 struct http_logo *logo = &cert->logo[i];
2868
Dmitry Shmidt912c6ec2015-03-30 13:16:51 -0700[diff] [blame]2869 if (logo->hash_len != 32) {
2870 wpa_printf(MSG_INFO,
2871 "[%i][%i] Icon hash length invalid (should be 32): %d",
2872 j, i, (int) logo->hash_len);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2873 continue;
Dmitry Shmidt912c6ec2015-03-30 13:16:51 -0700[diff] [blame]2874 }
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2875 if (os_memcmp(logo->hash, ctx->icon_hash[j], 32) == 0) {
2876 found = 1;
2877 break;
2878 }
Dmitry Shmidt912c6ec2015-03-30 13:16:51 -0700[diff] [blame]2879
2880 wpa_printf(MSG_DEBUG,
2881 "[%u][%u] Icon hash did not match", j, i);
2882 wpa_hexdump_ascii(MSG_DEBUG, "logo->hash",
2883 logo->hash, 32);
2884 wpa_hexdump_ascii(MSG_DEBUG, "ctx->icon_hash[j]",
2885 ctx->icon_hash[j], 32);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2886 }
2887
2888 if (!found) {
Dmitry Shmidt912c6ec2015-03-30 13:16:51 -0700[diff] [blame]2889 wpa_printf(MSG_INFO,
2890 "No icon hash match (by hash) found");
2891 write_result(ctx,
2892 "No icon hash match (by hash) found");
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2893 return -1;
2894 }
2895 }
2896
2897 return 0;
2898}
2899
2900
2901static int init_ctx(struct hs20_osu_client *ctx)
2902{
2903 xml_node_t *devinfo, *devid;
2904
2905 os_memset(ctx, 0, sizeof(*ctx));
2906 ctx->ifname = "wlan0";
2907 ctx->xml = xml_node_init_ctx(ctx, NULL);
2908 if (ctx->xml == NULL)
2909 return -1;
2910
2911 devinfo = node_from_file(ctx->xml, "devinfo.xml");
2912 if (!devinfo) {
2913 wpa_printf(MSG_ERROR, "devinfo.xml not found");
2914 return -1;
2915 }
2916
2917 devid = get_node(ctx->xml, devinfo, "DevId");
2918 if (devid) {
2919 char *tmp = xml_node_get_text(ctx->xml, devid);
2920 if (tmp) {
2921 ctx->devid = os_strdup(tmp);
2922 xml_node_get_text_free(ctx->xml, tmp);
2923 }
2924 }
2925 xml_node_free(ctx->xml, devinfo);
2926
2927 if (ctx->devid == NULL) {
2928 wpa_printf(MSG_ERROR, "Could not fetch DevId from devinfo.xml");
2929 return -1;
2930 }
2931
2932 ctx->http = http_init_ctx(ctx, ctx->xml);
2933 if (ctx->http == NULL) {
2934 xml_node_deinit_ctx(ctx->xml);
2935 return -1;
2936 }
2937 http_ocsp_set(ctx->http, 2);
2938 http_set_cert_cb(ctx->http, osu_cert_cb, ctx);
2939
2940 return 0;
2941}
2942
2943
2944static void deinit_ctx(struct hs20_osu_client *ctx)
2945{
2946 size_t i;
2947
2948 http_deinit_ctx(ctx->http);
2949 xml_node_deinit_ctx(ctx->xml);
2950 os_free(ctx->fqdn);
2951 os_free(ctx->server_url);
2952 os_free(ctx->devid);
2953
2954 for (i = 0; i < ctx->server_dnsname_count; i++)
2955 os_free(ctx->server_dnsname[i]);
2956 os_free(ctx->server_dnsname);
2957}
2958
2959
2960static void check_workarounds(struct hs20_osu_client *ctx)
2961{
2962 FILE *f;
2963 char buf[100];
2964 unsigned long int val = 0;
2965
2966 f = fopen("hs20-osu-client.workarounds", "r");
2967 if (f == NULL)
2968 return;
2969
2970 if (fgets(buf, sizeof(buf), f))
2971 val = strtoul(buf, NULL, 16);
2972
2973 fclose(f);
2974
2975 if (val) {
2976 wpa_printf(MSG_INFO, "Workarounds enabled: 0x%lx", val);
2977 ctx->workarounds = val;
2978 if (ctx->workarounds & WORKAROUND_OCSP_OPTIONAL)
2979 http_ocsp_set(ctx->http, 1);
2980 }
2981}
2982
2983
2984static void usage(void)
2985{
2986 printf("usage: hs20-osu-client [-dddqqKt] [-S<station ifname>] \\\n"
2987 " [-w<wpa_supplicant ctrl_iface dir>] "
2988 "[-r<result file>] [-f<debug file>] \\\n"
2989 " [-s<summary file>] \\\n"
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]2990 " [-x<spp.xsd file name>] \\\n"
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2991 " <command> [arguments..]\n"
2992 "commands:\n"
2993 "- to_tnds <XML MO> <XML MO in TNDS format> [URN]\n"
2994 "- to_tnds2 <XML MO> <XML MO in TNDS format (Path) "
2995 "[URN]>\n"
2996 "- from_tnds <XML MO in TNDS format> <XML MO>\n"
2997 "- set_pps <PerProviderSubscription XML file name>\n"
2998 "- get_fqdn <PerProviderSubscription XML file name>\n"
2999 "- pol_upd [Server URL] [PPS] [CA cert]\n"
3000 "- sub_rem <Server URL> [PPS] [CA cert]\n"
3001 "- prov <Server URL> [CA cert]\n"
3002 "- oma_dm_prov <Server URL> [CA cert]\n"
3003 "- sim_prov <Server URL> [CA cert]\n"
3004 "- oma_dm_sim_prov <Server URL> [CA cert]\n"
3005 "- signup [CA cert]\n"
3006 "- dl_osu_ca <PPS> <CA file>\n"
3007 "- dl_polupd_ca <PPS> <CA file>\n"
3008 "- dl_aaa_ca <PPS> <CA file>\n"
3009 "- browser <URL>\n"
3010 "- parse_cert <X.509 certificate (DER)>\n"
3011 "- osu_select <OSU info directory> [CA cert]\n");
3012}
3013
3014
3015int main(int argc, char *argv[])
3016{
3017 struct hs20_osu_client ctx;
3018 int c;
3019 int ret = 0;
3020 int no_prod_assoc = 0;
3021 const char *friendly_name = NULL;
3022 const char *wpa_debug_file_path = NULL;
3023 extern char *wpas_ctrl_path;
3024 extern int wpa_debug_level;
3025 extern int wpa_debug_show_keys;
3026 extern int wpa_debug_timestamp;
3027
3028 if (init_ctx(&ctx) < 0)
3029 return -1;
3030
3031 for (;;) {
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]3032 c = getopt(argc, argv, "df:hKNO:qr:s:S:tw:x:");
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3033 if (c < 0)
3034 break;
3035 switch (c) {
3036 case 'd':
3037 if (wpa_debug_level > 0)
3038 wpa_debug_level--;
3039 break;
3040 case 'f':
3041 wpa_debug_file_path = optarg;
3042 break;
3043 case 'K':
3044 wpa_debug_show_keys++;
3045 break;
3046 case 'N':
3047 no_prod_assoc = 1;
3048 break;
3049 case 'O':
3050 friendly_name = optarg;
3051 break;
3052 case 'q':
3053 wpa_debug_level++;
3054 break;
3055 case 'r':
3056 ctx.result_file = optarg;
3057 break;
3058 case 's':
3059 ctx.summary_file = optarg;
3060 break;
3061 case 'S':
3062 ctx.ifname = optarg;
3063 break;
3064 case 't':
3065 wpa_debug_timestamp++;
3066 break;
3067 case 'w':
3068 wpas_ctrl_path = optarg;
3069 break;
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]3070 case 'x':
3071 spp_xsd_fname = optarg;
3072 break;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3073 case 'h':
3074 default:
3075 usage();
3076 exit(0);
3077 break;
3078 }
3079 }
3080
3081 if (argc - optind < 1) {
3082 usage();
3083 exit(0);
3084 }
3085
3086 wpa_debug_open_file(wpa_debug_file_path);
3087
3088#ifdef __linux__
3089 setlinebuf(stdout);
3090#endif /* __linux__ */
3091
3092 if (ctx.result_file)
3093 unlink(ctx.result_file);
3094 wpa_printf(MSG_DEBUG, "===[hs20-osu-client START - command: %s ]======"
3095 "================", argv[optind]);
3096 check_workarounds(&ctx);
3097
3098 if (strcmp(argv[optind], "to_tnds") == 0) {
3099 if (argc - optind < 2) {
3100 usage();
3101 exit(0);
3102 }
3103 cmd_to_tnds(&ctx, argv[optind + 1], argv[optind + 2],
3104 argc > optind + 3 ? argv[optind + 3] : NULL,
3105 0);
3106 } else if (strcmp(argv[optind], "to_tnds2") == 0) {
3107 if (argc - optind < 2) {
3108 usage();
3109 exit(0);
3110 }
3111 cmd_to_tnds(&ctx, argv[optind + 1], argv[optind + 2],
3112 argc > optind + 3 ? argv[optind + 3] : NULL,
3113 1);
3114 } else if (strcmp(argv[optind], "from_tnds") == 0) {
3115 if (argc - optind < 2) {
3116 usage();
3117 exit(0);
3118 }
3119 cmd_from_tnds(&ctx, argv[optind + 1], argv[optind + 2]);
3120 } else if (strcmp(argv[optind], "sub_rem") == 0) {
3121 if (argc - optind < 2) {
3122 usage();
3123 exit(0);
3124 }
3125 if (argc - optind < 2)
3126 wpa_printf(MSG_ERROR, "Server URL missing from command line");
3127 else
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]3128 ret = cmd_sub_rem(&ctx, argv[optind + 1],
3129 argc > optind + 2 ?
3130 argv[optind + 2] : NULL,
3131 argc > optind + 3 ?
3132 argv[optind + 3] : NULL);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3133 } else if (strcmp(argv[optind], "pol_upd") == 0) {
3134 if (argc - optind < 2) {
3135 usage();
3136 exit(0);
3137 }
3138 ret = cmd_pol_upd(&ctx, argc > 2 ? argv[optind + 1] : NULL,
3139 argc > optind + 2 ? argv[optind + 2] : NULL,
3140 argc > optind + 3 ? argv[optind + 3] : NULL);
3141 } else if (strcmp(argv[optind], "prov") == 0) {
3142 if (argc - optind < 2) {
3143 usage();
3144 exit(0);
3145 }
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3146 ctx.ca_fname = argv[optind + 2];
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]3147 wpa_printf(MSG_DEBUG, "Calling cmd_prov from main");
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3148 cmd_prov(&ctx, argv[optind + 1]);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3149 } else if (strcmp(argv[optind], "sim_prov") == 0) {
3150 if (argc - optind < 2) {
3151 usage();
3152 exit(0);
3153 }
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3154 ctx.ca_fname = argv[optind + 2];
3155 cmd_sim_prov(&ctx, argv[optind + 1]);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3156 } else if (strcmp(argv[optind], "dl_osu_ca") == 0) {
3157 if (argc - optind < 2) {
3158 usage();
3159 exit(0);
3160 }
3161 cmd_dl_osu_ca(&ctx, argv[optind + 1], argv[optind + 2]);
3162 } else if (strcmp(argv[optind], "dl_polupd_ca") == 0) {
3163 if (argc - optind < 2) {
3164 usage();
3165 exit(0);
3166 }
3167 cmd_dl_polupd_ca(&ctx, argv[optind + 1], argv[optind + 2]);
3168 } else if (strcmp(argv[optind], "dl_aaa_ca") == 0) {
3169 if (argc - optind < 2) {
3170 usage();
3171 exit(0);
3172 }
3173 cmd_dl_aaa_ca(&ctx, argv[optind + 1], argv[optind + 2]);
3174 } else if (strcmp(argv[optind], "osu_select") == 0) {
3175 if (argc - optind < 2) {
3176 usage();
3177 exit(0);
3178 }
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3179 ctx.ca_fname = argc > optind + 2 ? argv[optind + 2] : NULL;
3180 cmd_osu_select(&ctx, argv[optind + 1], 2, 1, NULL);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3181 } else if (strcmp(argv[optind], "signup") == 0) {
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3182 ctx.ca_fname = argc > optind + 1 ? argv[optind + 1] : NULL;
3183 ret = cmd_signup(&ctx, no_prod_assoc, friendly_name);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3184 } else if (strcmp(argv[optind], "set_pps") == 0) {
3185 if (argc - optind < 2) {
3186 usage();
3187 exit(0);
3188 }
3189 cmd_set_pps(&ctx, argv[optind + 1]);
3190 } else if (strcmp(argv[optind], "get_fqdn") == 0) {
3191 if (argc - optind < 1) {
3192 usage();
3193 exit(0);
3194 }
3195 ret = cmd_get_fqdn(&ctx, argv[optind + 1]);
3196 } else if (strcmp(argv[optind], "oma_dm_prov") == 0) {
3197 if (argc - optind < 2) {
3198 usage();
3199 exit(0);
3200 }
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3201 ctx.ca_fname = argv[optind + 2];
3202 cmd_oma_dm_prov(&ctx, argv[optind + 1]);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3203 } else if (strcmp(argv[optind], "oma_dm_sim_prov") == 0) {
3204 if (argc - optind < 2) {
3205 usage();
3206 exit(0);
3207 }
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3208 ctx.ca_fname = argv[optind + 2];
3209 if (cmd_oma_dm_sim_prov(&ctx, argv[optind + 1]) < 0) {
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3210 write_summary(&ctx, "Failed to complete OMA DM SIM provisioning");
3211 return -1;
3212 }
3213 } else if (strcmp(argv[optind], "oma_dm_add") == 0) {
3214 if (argc - optind < 2) {
3215 usage();
3216 exit(0);
3217 }
3218 cmd_oma_dm_add(&ctx, argv[optind + 1], argv[optind + 2]);
3219 } else if (strcmp(argv[optind], "oma_dm_replace") == 0) {
3220 if (argc - optind < 2) {
3221 usage();
3222 exit(0);
3223 }
3224 cmd_oma_dm_replace(&ctx, argv[optind + 1], argv[optind + 2]);
3225 } else if (strcmp(argv[optind], "est_csr") == 0) {
3226 if (argc - optind < 2) {
3227 usage();
3228 exit(0);
3229 }
3230 mkdir("Cert", S_IRWXU);
3231 est_build_csr(&ctx, argv[optind + 1]);
3232 } else if (strcmp(argv[optind], "browser") == 0) {
3233 int ret;
3234
3235 if (argc - optind < 2) {
3236 usage();
3237 exit(0);
3238 }
3239
3240 wpa_printf(MSG_INFO, "Launch web browser to URL %s",
3241 argv[optind + 1]);
3242 ret = hs20_web_browser(argv[optind + 1]);
3243 wpa_printf(MSG_INFO, "Web browser result: %d", ret);
3244 } else if (strcmp(argv[optind], "parse_cert") == 0) {
3245 if (argc - optind < 2) {
3246 usage();
3247 exit(0);
3248 }
3249
3250 wpa_debug_level = MSG_MSGDUMP;
3251 http_parse_x509_certificate(ctx.http, argv[optind + 1]);
3252 wpa_debug_level = MSG_INFO;
3253 } else {
3254 wpa_printf(MSG_INFO, "Unknown command '%s'", argv[optind]);
3255 }
3256
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3257 deinit_ctx(&ctx);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3258 wpa_printf(MSG_DEBUG,
3259 "===[hs20-osu-client END ]======================");
3260
3261 wpa_debug_close_file();
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3262
3263 return ret;
3264}