Gitiles
Code Review Sign In
gerrit.omnirom.org / android_external_wpa_supplicant_8 / 2f74e36e84064ffa32f82f3decf36b653c7e4fad / . / hs20 / client / osu_client.c
blob: e452aa704d4ea29c0d7baad948ea24a59ab01def [file] [log] [blame]
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]1/*
2 * Hotspot 2.0 OSU client
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3 * Copyright (c) 2012-2014, Qualcomm Atheros, Inc.
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9#include "includes.h"
10#include <time.h>
11#include <sys/stat.h>
12
13#include "common.h"
14#include "utils/browser.h"
15#include "utils/base64.h"
16#include "utils/xml-utils.h"
17#include "utils/http-utils.h"
18#include "common/wpa_ctrl.h"
19#include "common/wpa_helpers.h"
20#include "eap_common/eap_defs.h"
21#include "crypto/crypto.h"
22#include "crypto/sha256.h"
23#include "osu_client.h"
24
25
26void write_result(struct hs20_osu_client *ctx, const char *fmt, ...)
27{
28 va_list ap;
29 FILE *f;
30 char buf[500];
31
32 va_start(ap, fmt);
33 vsnprintf(buf, sizeof(buf), fmt, ap);
34 va_end(ap);
35 write_summary(ctx, "%s", buf);
36
37 if (!ctx->result_file)
38 return;
39
40 f = fopen(ctx->result_file, "w");
41 if (f == NULL)
42 return;
43
44 va_start(ap, fmt);
45 vfprintf(f, fmt, ap);
46 va_end(ap);
47 fprintf(f, "\n");
48 fclose(f);
49}
50
51
52void write_summary(struct hs20_osu_client *ctx, const char *fmt, ...)
53{
54 va_list ap;
55 FILE *f;
56
57 if (!ctx->summary_file)
58 return;
59
60 f = fopen(ctx->summary_file, "a");
61 if (f == NULL)
62 return;
63
64 va_start(ap, fmt);
65 vfprintf(f, fmt, ap);
66 va_end(ap);
67 fprintf(f, "\n");
68 fclose(f);
69}
70
71
72void debug_dump_node(struct hs20_osu_client *ctx, const char *title,
73 xml_node_t *node)
74{
75 char *str = xml_node_to_str(ctx->xml, node);
76 wpa_printf(MSG_DEBUG, "[hs20] %s: '%s'", title, str);
77 free(str);
78}
79
80
81static int valid_fqdn(const char *fqdn)
82{
83 const char *pos;
84
85 /* TODO: could make this more complete.. */
86 if (strchr(fqdn, '.') == 0 || strlen(fqdn) > 255)
87 return 0;
88 for (pos = fqdn; *pos; pos++) {
89 if (*pos >= 'a' && *pos <= 'z')
90 continue;
91 if (*pos >= 'A' && *pos <= 'Z')
92 continue;
93 if (*pos >= '0' && *pos <= '9')
94 continue;
95 if (*pos == '-' || *pos == '.' || *pos == '_')
96 continue;
97 return 0;
98 }
99 return 1;
100}
101
102
103int osu_get_certificate(struct hs20_osu_client *ctx, xml_node_t *getcert)
104{
105 xml_node_t *node;
106 char *url, *user = NULL, *pw = NULL;
107 char *proto;
108 int ret = -1;
109
110 proto = xml_node_get_attr_value(ctx->xml, getcert,
111 "enrollmentProtocol");
112 if (!proto)
113 return -1;
114 wpa_printf(MSG_INFO, "getCertificate - enrollmentProtocol=%s", proto);
115 write_summary(ctx, "getCertificate - enrollmentProtocol=%s", proto);
116 if (os_strcasecmp(proto, "EST") != 0) {
117 wpa_printf(MSG_INFO, "Unsupported enrollmentProtocol");
118 xml_node_get_attr_value_free(ctx->xml, proto);
119 return -1;
120 }
121 xml_node_get_attr_value_free(ctx->xml, proto);
122
123 node = get_node(ctx->xml, getcert, "enrollmentServerURI");
124 if (node == NULL) {
125 wpa_printf(MSG_INFO, "Could not find enrollmentServerURI node");
126 xml_node_get_attr_value_free(ctx->xml, proto);
127 return -1;
128 }
129 url = xml_node_get_text(ctx->xml, node);
130 if (url == NULL) {
131 wpa_printf(MSG_INFO, "Could not get URL text");
132 return -1;
133 }
134 wpa_printf(MSG_INFO, "enrollmentServerURI: %s", url);
135 write_summary(ctx, "enrollmentServerURI: %s", url);
136
137 node = get_node(ctx->xml, getcert, "estUserID");
138 if (node == NULL && !ctx->client_cert_present) {
139 wpa_printf(MSG_INFO, "Could not find estUserID node");
140 goto fail;
141 }
142 if (node) {
143 user = xml_node_get_text(ctx->xml, node);
144 if (user == NULL) {
145 wpa_printf(MSG_INFO, "Could not get estUserID text");
146 goto fail;
147 }
148 wpa_printf(MSG_INFO, "estUserID: %s", user);
149 write_summary(ctx, "estUserID: %s", user);
150 }
151
152 node = get_node(ctx->xml, getcert, "estPassword");
153 if (node == NULL && !ctx->client_cert_present) {
154 wpa_printf(MSG_INFO, "Could not find estPassword node");
155 goto fail;
156 }
157 if (node) {
158 pw = xml_node_get_base64_text(ctx->xml, node, NULL);
159 if (pw == NULL) {
160 wpa_printf(MSG_INFO, "Could not get estPassword text");
161 goto fail;
162 }
163 wpa_printf(MSG_INFO, "estPassword: %s", pw);
164 }
165
166 mkdir("Cert", S_IRWXU);
167 if (est_load_cacerts(ctx, url) < 0 ||
168 est_build_csr(ctx, url) < 0 ||
169 est_simple_enroll(ctx, url, user, pw) < 0)
170 goto fail;
171
172 ret = 0;
173fail:
174 xml_node_get_text_free(ctx->xml, url);
175 xml_node_get_text_free(ctx->xml, user);
176 xml_node_get_text_free(ctx->xml, pw);
177
178 return ret;
179}
180
181
182static int process_est_cert(struct hs20_osu_client *ctx, xml_node_t *cert,
183 const char *fqdn)
184{
185 u8 digest1[SHA256_MAC_LEN], digest2[SHA256_MAC_LEN];
186 char *der, *pem;
187 size_t der_len, pem_len;
188 char *fingerprint;
189 char buf[200];
190
191 wpa_printf(MSG_INFO, "PPS for certificate credential - fqdn=%s", fqdn);
192
193 fingerprint = xml_node_get_text(ctx->xml, cert);
194 if (fingerprint == NULL)
195 return -1;
196 if (hexstr2bin(fingerprint, digest1, SHA256_MAC_LEN) < 0) {
197 wpa_printf(MSG_INFO, "Invalid SHA256 hash value");
198 write_result(ctx, "Invalid client certificate SHA256 hash value in PPS");
199 xml_node_get_text_free(ctx->xml, fingerprint);
200 return -1;
201 }
202 xml_node_get_text_free(ctx->xml, fingerprint);
203
204 der = os_readfile("Cert/est_cert.der", &der_len);
205 if (der == NULL) {
206 wpa_printf(MSG_INFO, "Could not find client certificate from EST");
207 write_result(ctx, "Could not find client certificate from EST");
208 return -1;
209 }
210
211 if (sha256_vector(1, (const u8 **) &der, &der_len, digest2) < 0) {
212 os_free(der);
213 return -1;
214 }
215 os_free(der);
216
217 if (os_memcmp(digest1, digest2, sizeof(digest1)) != 0) {
218 wpa_printf(MSG_INFO, "Client certificate from EST does not match fingerprint from PPS MO");
219 write_result(ctx, "Client certificate from EST does not match fingerprint from PPS MO");
220 return -1;
221 }
222
223 wpa_printf(MSG_INFO, "Client certificate from EST matches PPS MO");
224 unlink("Cert/est_cert.der");
225
226 os_snprintf(buf, sizeof(buf), "SP/%s/client-ca.pem", fqdn);
227 if (rename("Cert/est-cacerts.pem", buf) < 0) {
228 wpa_printf(MSG_INFO, "Could not move est-cacerts.pem to client-ca.pem: %s",
229 strerror(errno));
230 return -1;
231 }
232 pem = os_readfile(buf, &pem_len);
233
234 os_snprintf(buf, sizeof(buf), "SP/%s/client-cert.pem", fqdn);
235 if (rename("Cert/est_cert.pem", buf) < 0) {
236 wpa_printf(MSG_INFO, "Could not move est_cert.pem to client-cert.pem: %s",
237 strerror(errno));
238 os_free(pem);
239 return -1;
240 }
241
242 if (pem) {
243 FILE *f = fopen(buf, "a");
244 if (f) {
245 fwrite(pem, pem_len, 1, f);
246 fclose(f);
247 }
248 os_free(pem);
249 }
250
251 os_snprintf(buf, sizeof(buf), "SP/%s/client-key.pem", fqdn);
252 if (rename("Cert/privkey-plain.pem", buf) < 0) {
253 wpa_printf(MSG_INFO, "Could not move privkey-plain.pem to client-key.pem: %s",
254 strerror(errno));
255 return -1;
256 }
257
258 unlink("Cert/est-req.b64");
259 unlink("Cert/est-req.pem");
260 unlink("Cert/est-resp.raw");
261 rmdir("Cert");
262
263 return 0;
264}
265
266
267#define TMP_CERT_DL_FILE "tmp-cert-download"
268
269static int download_cert(struct hs20_osu_client *ctx, xml_node_t *params,
270 const char *fname)
271{
272 xml_node_t *url_node, *hash_node;
273 char *url, *hash;
274 char *cert;
275 size_t len;
276 u8 digest1[SHA256_MAC_LEN], digest2[SHA256_MAC_LEN];
277 int res;
278 unsigned char *b64;
279 FILE *f;
280
281 url_node = get_node(ctx->xml, params, "CertURL");
282 hash_node = get_node(ctx->xml, params, "CertSHA256Fingerprint");
283 if (url_node == NULL || hash_node == NULL)
284 return -1;
285 url = xml_node_get_text(ctx->xml, url_node);
286 hash = xml_node_get_text(ctx->xml, hash_node);
287 if (url == NULL || hash == NULL) {
288 xml_node_get_text_free(ctx->xml, url);
289 xml_node_get_text_free(ctx->xml, hash);
290 return -1;
291 }
292
293 wpa_printf(MSG_INFO, "CertURL: %s", url);
294 wpa_printf(MSG_INFO, "SHA256 hash: %s", hash);
295
296 if (hexstr2bin(hash, digest1, SHA256_MAC_LEN) < 0) {
297 wpa_printf(MSG_INFO, "Invalid SHA256 hash value");
298 write_result(ctx, "Invalid SHA256 hash value for downloaded certificate");
299 xml_node_get_text_free(ctx->xml, hash);
300 return -1;
301 }
302 xml_node_get_text_free(ctx->xml, hash);
303
304 write_summary(ctx, "Download certificate from %s", url);
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]305 ctx->no_osu_cert_validation = 1;
306 http_ocsp_set(ctx->http, 1);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]307 res = http_download_file(ctx->http, url, TMP_CERT_DL_FILE, NULL);
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]308 http_ocsp_set(ctx->http,
309 (ctx->workarounds & WORKAROUND_OCSP_OPTIONAL) ? 1 : 2);
310 ctx->no_osu_cert_validation = 0;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]311 xml_node_get_text_free(ctx->xml, url);
312 if (res < 0)
313 return -1;
314
315 cert = os_readfile(TMP_CERT_DL_FILE, &len);
316 remove(TMP_CERT_DL_FILE);
317 if (cert == NULL)
318 return -1;
319
320 if (sha256_vector(1, (const u8 **) &cert, &len, digest2) < 0) {
321 os_free(cert);
322 return -1;
323 }
324
325 if (os_memcmp(digest1, digest2, sizeof(digest1)) != 0) {
326 wpa_printf(MSG_INFO, "Downloaded certificate fingerprint did not match");
327 write_result(ctx, "Downloaded certificate fingerprint did not match");
328 os_free(cert);
329 return -1;
330 }
331
332 b64 = base64_encode((unsigned char *) cert, len, NULL);
333 os_free(cert);
334 if (b64 == NULL)
335 return -1;
336
337 f = fopen(fname, "wb");
338 if (f == NULL) {
339 os_free(b64);
340 return -1;
341 }
342
343 fprintf(f, "-----BEGIN CERTIFICATE-----\n"
344 "%s"
345 "-----END CERTIFICATE-----\n",
346 b64);
347
348 os_free(b64);
349 fclose(f);
350
351 wpa_printf(MSG_INFO, "Downloaded certificate into %s and validated fingerprint",
352 fname);
353 write_summary(ctx, "Downloaded certificate into %s and validated fingerprint",
354 fname);
355
356 return 0;
357}
358
359
360static int cmd_dl_osu_ca(struct hs20_osu_client *ctx, const char *pps_fname,
361 const char *ca_fname)
362{
363 xml_node_t *pps, *node;
364 int ret;
365
366 pps = node_from_file(ctx->xml, pps_fname);
367 if (pps == NULL) {
368 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
369 return -1;
370 }
371
372 node = get_child_node(ctx->xml, pps,
373 "SubscriptionUpdate/TrustRoot");
374 if (node == NULL) {
375 wpa_printf(MSG_INFO, "No SubscriptionUpdate/TrustRoot/CertURL found from PPS");
376 xml_node_free(ctx->xml, pps);
377 return -1;
378 }
379
380 ret = download_cert(ctx, node, ca_fname);
381 xml_node_free(ctx->xml, pps);
382
383 return ret;
384}
385
386
387static int cmd_dl_polupd_ca(struct hs20_osu_client *ctx, const char *pps_fname,
388 const char *ca_fname)
389{
390 xml_node_t *pps, *node;
391 int ret;
392
393 pps = node_from_file(ctx->xml, pps_fname);
394 if (pps == NULL) {
395 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
396 return -1;
397 }
398
399 node = get_child_node(ctx->xml, pps,
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame^]400 "Policy/PolicyUpdate/TrustRoot");
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]401 if (node == NULL) {
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame^]402 wpa_printf(MSG_INFO, "No Policy/PolicyUpdate/TrustRoot/CertURL found from PPS");
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]403 xml_node_free(ctx->xml, pps);
404 return -1;
405 }
406
407 ret = download_cert(ctx, node, ca_fname);
408 xml_node_free(ctx->xml, pps);
409
410 return ret;
411}
412
413
414static int cmd_dl_aaa_ca(struct hs20_osu_client *ctx, const char *pps_fname,
415 const char *ca_fname)
416{
417 xml_node_t *pps, *node, *aaa;
418 int ret;
419
420 pps = node_from_file(ctx->xml, pps_fname);
421 if (pps == NULL) {
422 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
423 return -1;
424 }
425
426 node = get_child_node(ctx->xml, pps,
427 "AAAServerTrustRoot");
428 if (node == NULL) {
429 wpa_printf(MSG_INFO, "No AAAServerTrustRoot/CertURL found from PPS");
430 xml_node_free(ctx->xml, pps);
431 return -1;
432 }
433
434 aaa = xml_node_first_child(ctx->xml, node);
435 if (aaa == NULL) {
436 wpa_printf(MSG_INFO, "No AAAServerTrustRoot/CertURL found from PPS");
437 xml_node_free(ctx->xml, pps);
438 return -1;
439 }
440
441 ret = download_cert(ctx, aaa, ca_fname);
442 xml_node_free(ctx->xml, pps);
443
444 return ret;
445}
446
447
448static int download_trust_roots(struct hs20_osu_client *ctx,
449 const char *pps_fname)
450{
451 char *dir, *pos;
452 char fname[300];
453 int ret;
454
455 dir = os_strdup(pps_fname);
456 if (dir == NULL)
457 return -1;
458 pos = os_strrchr(dir, '/');
459 if (pos == NULL) {
460 os_free(dir);
461 return -1;
462 }
463 *pos = '\0';
464
465 snprintf(fname, sizeof(fname), "%s/ca.pem", dir);
466 ret = cmd_dl_osu_ca(ctx, pps_fname, fname);
467 snprintf(fname, sizeof(fname), "%s/polupd-ca.pem", dir);
468 cmd_dl_polupd_ca(ctx, pps_fname, fname);
469 snprintf(fname, sizeof(fname), "%s/aaa-ca.pem", dir);
470 cmd_dl_aaa_ca(ctx, pps_fname, fname);
471
472 os_free(dir);
473
474 return ret;
475}
476
477
478static int server_dnsname_suffix_match(struct hs20_osu_client *ctx,
479 const char *fqdn)
480{
481 size_t match_len, len, i;
482 const char *val;
483
484 match_len = os_strlen(fqdn);
485
486 for (i = 0; i < ctx->server_dnsname_count; i++) {
487 wpa_printf(MSG_INFO,
488 "Checking suffix match against server dNSName %s",
489 ctx->server_dnsname[i]);
490 val = ctx->server_dnsname[i];
491 len = os_strlen(val);
492
493 if (match_len > len)
494 continue;
495
496 if (os_strncasecmp(val + len - match_len, fqdn, match_len) != 0)
497 continue; /* no match */
498
499 if (match_len == len)
500 return 1; /* exact match */
501
502 if (val[len - match_len - 1] == '.')
503 return 1; /* full label match completes suffix match */
504
505 /* Reject due to incomplete label match */
506 }
507
508 /* None of the dNSName(s) matched */
509 return 0;
510}
511
512
513int hs20_add_pps_mo(struct hs20_osu_client *ctx, const char *uri,
514 xml_node_t *add_mo, char *fname, size_t fname_len)
515{
516 char *str;
517 char *fqdn, *pos;
518 xml_node_t *tnds, *mo, *cert;
519 const char *name;
520 int ret;
521
522 if (strncmp(uri, "./Wi-Fi/", 8) != 0) {
523 wpa_printf(MSG_INFO, "Unsupported location for addMO to add PPS MO: '%s'",
524 uri);
525 write_result(ctx, "Unsupported location for addMO to add PPS MO: '%s'",
526 uri);
527 return -1;
528 }
529
530 fqdn = strdup(uri + 8);
531 if (fqdn == NULL)
532 return -1;
533 pos = strchr(fqdn, '/');
534 if (pos) {
535 if (os_strcasecmp(pos, "/PerProviderSubscription") != 0) {
536 wpa_printf(MSG_INFO, "Unsupported location for addMO to add PPS MO (extra directory): '%s'",
537 uri);
538 write_result(ctx, "Unsupported location for addMO to "
539 "add PPS MO (extra directory): '%s'", uri);
540 return -1;
541 }
542 *pos = '\0'; /* remove trailing slash and PPS node name */
543 }
544 wpa_printf(MSG_INFO, "SP FQDN: %s", fqdn);
545
546 if (!server_dnsname_suffix_match(ctx, fqdn)) {
547 wpa_printf(MSG_INFO, "FQDN '%s' for new PPS MO did not have suffix match with server's dNSName values",
548 fqdn);
549 write_result(ctx, "FQDN '%s' for new PPS MO did not have suffix match with server's dNSName values",
550 fqdn);
551 free(fqdn);
552 return -1;
553 }
554
555 if (!valid_fqdn(fqdn)) {
556 wpa_printf(MSG_INFO, "Invalid FQDN '%s'", fqdn);
557 write_result(ctx, "Invalid FQDN '%s'", fqdn);
558 free(fqdn);
559 return -1;
560 }
561
562 mkdir("SP", S_IRWXU);
563 snprintf(fname, fname_len, "SP/%s", fqdn);
564 if (mkdir(fname, S_IRWXU) < 0) {
565 if (errno != EEXIST) {
566 int err = errno;
567 wpa_printf(MSG_INFO, "mkdir(%s) failed: %s",
568 fname, strerror(err));
569 free(fqdn);
570 return -1;
571 }
572 }
573
574 snprintf(fname, fname_len, "SP/%s/pps.xml", fqdn);
575
576 if (os_file_exists(fname)) {
577 wpa_printf(MSG_INFO, "PPS file '%s' exists - reject addMO",
578 fname);
579 write_result(ctx, "PPS file '%s' exists - reject addMO",
580 fname);
581 free(fqdn);
582 return -2;
583 }
584 wpa_printf(MSG_INFO, "Using PPS file: %s", fname);
585
586 str = xml_node_get_text(ctx->xml, add_mo);
587 if (str == NULL) {
588 wpa_printf(MSG_INFO, "Could not extract MO text");
589 free(fqdn);
590 return -1;
591 }
592 wpa_printf(MSG_DEBUG, "[hs20] addMO text: '%s'", str);
593
594 tnds = xml_node_from_buf(ctx->xml, str);
595 xml_node_get_text_free(ctx->xml, str);
596 if (tnds == NULL) {
597 wpa_printf(MSG_INFO, "[hs20] Could not parse addMO text");
598 free(fqdn);
599 return -1;
600 }
601
602 mo = tnds_to_mo(ctx->xml, tnds);
603 if (mo == NULL) {
604 wpa_printf(MSG_INFO, "[hs20] Could not parse addMO TNDS text");
605 free(fqdn);
606 return -1;
607 }
608
609 debug_dump_node(ctx, "Parsed TNDS", mo);
610
611 name = xml_node_get_localname(ctx->xml, mo);
612 if (os_strcasecmp(name, "PerProviderSubscription") != 0) {
613 wpa_printf(MSG_INFO, "[hs20] Unexpected PPS MO root node name '%s'",
614 name);
615 free(fqdn);
616 return -1;
617 }
618
619 cert = get_child_node(ctx->xml, mo,
620 "Credential/DigitalCertificate/"
621 "CertSHA256Fingerprint");
622 if (cert && process_est_cert(ctx, cert, fqdn) < 0) {
623 xml_node_free(ctx->xml, mo);
624 free(fqdn);
625 return -1;
626 }
627 free(fqdn);
628
629 if (node_to_file(ctx->xml, fname, mo) < 0) {
630 wpa_printf(MSG_INFO, "Could not write MO to file");
631 xml_node_free(ctx->xml, mo);
632 return -1;
633 }
634 xml_node_free(ctx->xml, mo);
635
636 wpa_printf(MSG_INFO, "A new PPS MO added as '%s'", fname);
637 write_summary(ctx, "A new PPS MO added as '%s'", fname);
638
639 ret = download_trust_roots(ctx, fname);
640 if (ret < 0) {
641 wpa_printf(MSG_INFO, "Remove invalid PPS MO file");
642 write_summary(ctx, "Remove invalid PPS MO file");
643 unlink(fname);
644 }
645
646 return ret;
647}
648
649
650int update_pps_file(struct hs20_osu_client *ctx, const char *pps_fname,
651 xml_node_t *pps)
652{
653 char *str;
654 FILE *f;
655 char backup[300];
656
657 if (ctx->client_cert_present) {
658 xml_node_t *cert;
659 cert = get_child_node(ctx->xml, pps,
660 "Credential/DigitalCertificate/"
661 "CertSHA256Fingerprint");
662 if (cert && os_file_exists("Cert/est_cert.der") &&
663 process_est_cert(ctx, cert, ctx->fqdn) < 0) {
664 wpa_printf(MSG_INFO, "EST certificate update processing failed on PPS MO update");
665 return -1;
666 }
667 }
668
669 wpa_printf(MSG_INFO, "Updating PPS MO %s", pps_fname);
670
671 str = xml_node_to_str(ctx->xml, pps);
672 wpa_printf(MSG_MSGDUMP, "[hs20] Updated PPS: '%s'", str);
673
674 snprintf(backup, sizeof(backup), "%s.bak", pps_fname);
675 rename(pps_fname, backup);
676 f = fopen(pps_fname, "w");
677 if (f == NULL) {
678 wpa_printf(MSG_INFO, "Could not write PPS");
679 rename(backup, pps_fname);
680 free(str);
681 return -1;
682 }
683 fprintf(f, "%s\n", str);
684 fclose(f);
685
686 free(str);
687
688 return 0;
689}
690
691
692void get_user_pw(struct hs20_osu_client *ctx, xml_node_t *pps,
693 const char *alt_loc, char **user, char **pw)
694{
695 xml_node_t *node;
696
697 node = get_child_node(ctx->xml, pps,
698 "Credential/UsernamePassword/Username");
699 if (node)
700 *user = xml_node_get_text(ctx->xml, node);
701
702 node = get_child_node(ctx->xml, pps,
703 "Credential/UsernamePassword/Password");
704 if (node)
705 *pw = xml_node_get_base64_text(ctx->xml, node, NULL);
706
707 node = get_child_node(ctx->xml, pps, alt_loc);
708 if (node) {
709 xml_node_t *a;
710 a = get_node(ctx->xml, node, "Username");
711 if (a) {
712 xml_node_get_text_free(ctx->xml, *user);
713 *user = xml_node_get_text(ctx->xml, a);
714 wpa_printf(MSG_INFO, "Use OSU username '%s'", *user);
715 }
716
717 a = get_node(ctx->xml, node, "Password");
718 if (a) {
719 free(*pw);
720 *pw = xml_node_get_base64_text(ctx->xml, a, NULL);
721 wpa_printf(MSG_INFO, "Use OSU password");
722 }
723 }
724}
725
726
727/* Remove old credentials based on HomeSP/FQDN */
728static void remove_sp_creds(struct hs20_osu_client *ctx, const char *fqdn)
729{
730 char cmd[300];
731 os_snprintf(cmd, sizeof(cmd), "REMOVE_CRED provisioning_sp=%s", fqdn);
732 if (wpa_command(ctx->ifname, cmd) < 0)
733 wpa_printf(MSG_INFO, "Failed to remove old credential(s)");
734}
735
736
737static void set_pps_cred_policy_spe(struct hs20_osu_client *ctx, int id,
738 xml_node_t *spe)
739{
740 xml_node_t *ssid;
741 char *txt;
742
743 ssid = get_node(ctx->xml, spe, "SSID");
744 if (ssid == NULL)
745 return;
746 txt = xml_node_get_text(ctx->xml, ssid);
747 if (txt == NULL)
748 return;
749 wpa_printf(MSG_DEBUG, "- Policy/SPExclusionList/<X+>/SSID = %s", txt);
750 if (set_cred_quoted(ctx->ifname, id, "excluded_ssid", txt) < 0)
751 wpa_printf(MSG_INFO, "Failed to set cred excluded_ssid");
752 xml_node_get_text_free(ctx->xml, txt);
753}
754
755
756static void set_pps_cred_policy_spel(struct hs20_osu_client *ctx, int id,
757 xml_node_t *spel)
758{
759 xml_node_t *child;
760
761 xml_node_for_each_child(ctx->xml, child, spel) {
762 xml_node_for_each_check(ctx->xml, child);
763 set_pps_cred_policy_spe(ctx, id, child);
764 }
765}
766
767
768static void set_pps_cred_policy_prp(struct hs20_osu_client *ctx, int id,
769 xml_node_t *prp)
770{
771 xml_node_t *node;
772 char *txt = NULL, *pos;
773 char *prio, *country_buf = NULL;
774 const char *country;
775 char val[200];
776 int priority;
777
778 node = get_node(ctx->xml, prp, "Priority");
779 if (node == NULL)
780 return;
781 prio = xml_node_get_text(ctx->xml, node);
782 if (prio == NULL)
783 return;
784 wpa_printf(MSG_INFO, "- Policy/PreferredRoamingPartnerList/<X+>/Priority = %s",
785 prio);
786 priority = atoi(prio);
787 xml_node_get_text_free(ctx->xml, prio);
788
789 node = get_node(ctx->xml, prp, "Country");
790 if (node) {
791 country_buf = xml_node_get_text(ctx->xml, node);
792 if (country_buf == NULL)
793 return;
794 country = country_buf;
795 wpa_printf(MSG_INFO, "- Policy/PreferredRoamingPartnerList/<X+>/Country = %s",
796 country);
797 } else {
798 country = "*";
799 }
800
801 node = get_node(ctx->xml, prp, "FQDN_Match");
802 if (node == NULL)
803 goto out;
804 txt = xml_node_get_text(ctx->xml, node);
805 if (txt == NULL)
806 goto out;
807 wpa_printf(MSG_INFO, "- Policy/PreferredRoamingPartnerList/<X+>/FQDN_Match = %s",
808 txt);
809 pos = strrchr(txt, ',');
810 if (pos == NULL)
811 goto out;
812 *pos++ = '\0';
813
814 snprintf(val, sizeof(val), "%s,%d,%d,%s", txt,
815 strcmp(pos, "includeSubdomains") != 0, priority, country);
816 if (set_cred_quoted(ctx->ifname, id, "roaming_partner", val) < 0)
817 wpa_printf(MSG_INFO, "Failed to set cred roaming_partner");
818out:
819 xml_node_get_text_free(ctx->xml, country_buf);
820 xml_node_get_text_free(ctx->xml, txt);
821}
822
823
824static void set_pps_cred_policy_prpl(struct hs20_osu_client *ctx, int id,
825 xml_node_t *prpl)
826{
827 xml_node_t *child;
828
829 xml_node_for_each_child(ctx->xml, child, prpl) {
830 xml_node_for_each_check(ctx->xml, child);
831 set_pps_cred_policy_prp(ctx, id, child);
832 }
833}
834
835
836static void set_pps_cred_policy_min_backhaul(struct hs20_osu_client *ctx, int id,
837 xml_node_t *min_backhaul)
838{
839 xml_node_t *node;
840 char *type, *dl = NULL, *ul = NULL;
841 int home;
842
843 node = get_node(ctx->xml, min_backhaul, "NetworkType");
844 if (node == NULL) {
845 wpa_printf(MSG_INFO, "Ignore MinBackhaulThreshold without mandatory NetworkType node");
846 return;
847 }
848
849 type = xml_node_get_text(ctx->xml, node);
850 if (type == NULL)
851 return;
852 wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold/<X+>/NetworkType = %s",
853 type);
854 if (os_strcasecmp(type, "home") == 0)
855 home = 1;
856 else if (os_strcasecmp(type, "roaming") == 0)
857 home = 0;
858 else {
859 wpa_printf(MSG_INFO, "Ignore MinBackhaulThreshold with invalid NetworkType");
860 xml_node_get_text_free(ctx->xml, type);
861 return;
862 }
863 xml_node_get_text_free(ctx->xml, type);
864
865 node = get_node(ctx->xml, min_backhaul, "DLBandwidth");
866 if (node)
867 dl = xml_node_get_text(ctx->xml, node);
868
869 node = get_node(ctx->xml, min_backhaul, "ULBandwidth");
870 if (node)
871 ul = xml_node_get_text(ctx->xml, node);
872
873 if (dl == NULL && ul == NULL) {
874 wpa_printf(MSG_INFO, "Ignore MinBackhaulThreshold without either DLBandwidth or ULBandwidth nodes");
875 return;
876 }
877
878 if (dl)
879 wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold/<X+>/DLBandwidth = %s",
880 dl);
881 if (ul)
882 wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold/<X+>/ULBandwidth = %s",
883 ul);
884
885 if (home) {
886 if (dl &&
887 set_cred(ctx->ifname, id, "min_dl_bandwidth_home", dl) < 0)
888 wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
889 if (ul &&
890 set_cred(ctx->ifname, id, "min_ul_bandwidth_home", ul) < 0)
891 wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
892 } else {
893 if (dl &&
894 set_cred(ctx->ifname, id, "min_dl_bandwidth_roaming", dl) <
895 0)
896 wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
897 if (ul &&
898 set_cred(ctx->ifname, id, "min_ul_bandwidth_roaming", ul) <
899 0)
900 wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
901 }
902
903 xml_node_get_text_free(ctx->xml, dl);
904 xml_node_get_text_free(ctx->xml, ul);
905}
906
907
908static void set_pps_cred_policy_min_backhaul_list(struct hs20_osu_client *ctx,
909 int id, xml_node_t *node)
910{
911 xml_node_t *child;
912
913 wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold");
914
915 xml_node_for_each_child(ctx->xml, child, node) {
916 xml_node_for_each_check(ctx->xml, child);
917 set_pps_cred_policy_min_backhaul(ctx, id, child);
918 }
919}
920
921
922static void set_pps_cred_policy_update(struct hs20_osu_client *ctx, int id,
923 xml_node_t *node)
924{
925 wpa_printf(MSG_INFO, "- Policy/PolicyUpdate");
926 /* Not used in wpa_supplicant */
927}
928
929
930static void set_pps_cred_policy_required_proto_port(struct hs20_osu_client *ctx,
931 int id, xml_node_t *tuple)
932{
933 xml_node_t *node;
934 char *proto, *port;
935 char *buf;
936 size_t buflen;
937
938 node = get_node(ctx->xml, tuple, "IPProtocol");
939 if (node == NULL) {
940 wpa_printf(MSG_INFO, "Ignore RequiredProtoPortTuple without mandatory IPProtocol node");
941 return;
942 }
943
944 proto = xml_node_get_text(ctx->xml, node);
945 if (proto == NULL)
946 return;
947
948 wpa_printf(MSG_INFO, "- Policy/RequiredProtoPortTuple/<X+>/IPProtocol = %s",
949 proto);
950
951 node = get_node(ctx->xml, tuple, "PortNumber");
952 port = node ? xml_node_get_text(ctx->xml, node) : NULL;
953 if (port) {
954 wpa_printf(MSG_INFO, "- Policy/RequiredProtoPortTuple/<X+>/PortNumber = %s",
955 port);
956 buflen = os_strlen(proto) + os_strlen(port) + 10;
957 buf = os_malloc(buflen);
958 if (buf)
959 os_snprintf(buf, buflen, "%s:%s", proto, port);
960 xml_node_get_text_free(ctx->xml, port);
961 } else {
962 buflen = os_strlen(proto) + 10;
963 buf = os_malloc(buflen);
964 if (buf)
965 os_snprintf(buf, buflen, "%s", proto);
966 }
967
968 xml_node_get_text_free(ctx->xml, proto);
969
970 if (buf == NULL)
971 return;
972
973 if (set_cred(ctx->ifname, id, "req_conn_capab", buf) < 0)
974 wpa_printf(MSG_INFO, "Could not set req_conn_capab");
975
976 os_free(buf);
977}
978
979
980static void set_pps_cred_policy_required_proto_ports(struct hs20_osu_client *ctx,
981 int id, xml_node_t *node)
982{
983 xml_node_t *child;
984
985 wpa_printf(MSG_INFO, "- Policy/RequiredProtoPortTuple");
986
987 xml_node_for_each_child(ctx->xml, child, node) {
988 xml_node_for_each_check(ctx->xml, child);
989 set_pps_cred_policy_required_proto_port(ctx, id, child);
990 }
991}
992
993
994static void set_pps_cred_policy_max_bss_load(struct hs20_osu_client *ctx, int id,
995 xml_node_t *node)
996{
997 char *str = xml_node_get_text(ctx->xml, node);
998 if (str == NULL)
999 return;
1000 wpa_printf(MSG_INFO, "- Policy/MaximumBSSLoadValue - %s", str);
1001 if (set_cred(ctx->ifname, id, "max_bss_load", str) < 0)
1002 wpa_printf(MSG_INFO, "Failed to set cred max_bss_load limit");
1003 xml_node_get_text_free(ctx->xml, str);
1004}
1005
1006
1007static void set_pps_cred_policy(struct hs20_osu_client *ctx, int id,
1008 xml_node_t *node)
1009{
1010 xml_node_t *child;
1011 const char *name;
1012
1013 wpa_printf(MSG_INFO, "- Policy");
1014
1015 xml_node_for_each_child(ctx->xml, child, node) {
1016 xml_node_for_each_check(ctx->xml, child);
1017 name = xml_node_get_localname(ctx->xml, child);
1018 if (os_strcasecmp(name, "PreferredRoamingPartnerList") == 0)
1019 set_pps_cred_policy_prpl(ctx, id, child);
1020 else if (os_strcasecmp(name, "MinBackhaulThreshold") == 0)
1021 set_pps_cred_policy_min_backhaul_list(ctx, id, child);
1022 else if (os_strcasecmp(name, "PolicyUpdate") == 0)
1023 set_pps_cred_policy_update(ctx, id, child);
1024 else if (os_strcasecmp(name, "SPExclusionList") == 0)
1025 set_pps_cred_policy_spel(ctx, id, child);
1026 else if (os_strcasecmp(name, "RequiredProtoPortTuple") == 0)
1027 set_pps_cred_policy_required_proto_ports(ctx, id, child);
1028 else if (os_strcasecmp(name, "MaximumBSSLoadValue") == 0)
1029 set_pps_cred_policy_max_bss_load(ctx, id, child);
1030 else
1031 wpa_printf(MSG_INFO, "Unknown Policy node '%s'", name);
1032 }
1033}
1034
1035
1036static void set_pps_cred_priority(struct hs20_osu_client *ctx, int id,
1037 xml_node_t *node)
1038{
1039 char *str = xml_node_get_text(ctx->xml, node);
1040 if (str == NULL)
1041 return;
1042 wpa_printf(MSG_INFO, "- CredentialPriority = %s", str);
1043 if (set_cred(ctx->ifname, id, "sp_priority", str) < 0)
1044 wpa_printf(MSG_INFO, "Failed to set cred sp_priority");
1045 xml_node_get_text_free(ctx->xml, str);
1046}
1047
1048
1049static void set_pps_cred_aaa_server_trust_root(struct hs20_osu_client *ctx,
1050 int id, xml_node_t *node)
1051{
1052 wpa_printf(MSG_INFO, "- AAAServerTrustRoot - TODO");
1053}
1054
1055
1056static void set_pps_cred_sub_update(struct hs20_osu_client *ctx, int id,
1057 xml_node_t *node)
1058{
1059 wpa_printf(MSG_INFO, "- SubscriptionUpdate");
1060 /* not used within wpa_supplicant */
1061}
1062
1063
1064static void set_pps_cred_home_sp_network_id(struct hs20_osu_client *ctx,
1065 int id, xml_node_t *node)
1066{
1067 xml_node_t *ssid_node, *hessid_node;
1068 char *ssid, *hessid;
1069
1070 ssid_node = get_node(ctx->xml, node, "SSID");
1071 if (ssid_node == NULL) {
1072 wpa_printf(MSG_INFO, "Ignore HomeSP/NetworkID without mandatory SSID node");
1073 return;
1074 }
1075
1076 hessid_node = get_node(ctx->xml, node, "HESSID");
1077
1078 ssid = xml_node_get_text(ctx->xml, ssid_node);
1079 if (ssid == NULL)
1080 return;
1081 hessid = hessid_node ? xml_node_get_text(ctx->xml, hessid_node) : NULL;
1082
1083 wpa_printf(MSG_INFO, "- HomeSP/NetworkID/<X+>/SSID = %s", ssid);
1084 if (hessid)
1085 wpa_printf(MSG_INFO, "- HomeSP/NetworkID/<X+>/HESSID = %s",
1086 hessid);
1087
1088 /* TODO: Configure to wpa_supplicant */
1089
1090 xml_node_get_text_free(ctx->xml, ssid);
1091 xml_node_get_text_free(ctx->xml, hessid);
1092}
1093
1094
1095static void set_pps_cred_home_sp_network_ids(struct hs20_osu_client *ctx,
1096 int id, xml_node_t *node)
1097{
1098 xml_node_t *child;
1099
1100 wpa_printf(MSG_INFO, "- HomeSP/NetworkID");
1101
1102 xml_node_for_each_child(ctx->xml, child, node) {
1103 xml_node_for_each_check(ctx->xml, child);
1104 set_pps_cred_home_sp_network_id(ctx, id, child);
1105 }
1106}
1107
1108
1109static void set_pps_cred_home_sp_friendly_name(struct hs20_osu_client *ctx,
1110 int id, xml_node_t *node)
1111{
1112 char *str = xml_node_get_text(ctx->xml, node);
1113 if (str == NULL)
1114 return;
1115 wpa_printf(MSG_INFO, "- HomeSP/FriendlyName = %s", str);
1116 /* not used within wpa_supplicant(?) */
1117 xml_node_get_text_free(ctx->xml, str);
1118}
1119
1120
1121static void set_pps_cred_home_sp_icon_url(struct hs20_osu_client *ctx,
1122 int id, xml_node_t *node)
1123{
1124 char *str = xml_node_get_text(ctx->xml, node);
1125 if (str == NULL)
1126 return;
1127 wpa_printf(MSG_INFO, "- HomeSP/IconURL = %s", str);
1128 /* not used within wpa_supplicant */
1129 xml_node_get_text_free(ctx->xml, str);
1130}
1131
1132
1133static void set_pps_cred_home_sp_fqdn(struct hs20_osu_client *ctx, int id,
1134 xml_node_t *node)
1135{
1136 char *str = xml_node_get_text(ctx->xml, node);
1137 if (str == NULL)
1138 return;
1139 wpa_printf(MSG_INFO, "- HomeSP/FQDN = %s", str);
1140 if (set_cred_quoted(ctx->ifname, id, "domain", str) < 0)
1141 wpa_printf(MSG_INFO, "Failed to set cred domain");
1142 if (set_cred_quoted(ctx->ifname, id, "domain_suffix_match", str) < 0)
1143 wpa_printf(MSG_INFO, "Failed to set cred domain_suffix_match");
1144 xml_node_get_text_free(ctx->xml, str);
1145}
1146
1147
1148static void set_pps_cred_home_sp_oi(struct hs20_osu_client *ctx, int id,
1149 xml_node_t *node)
1150{
1151 xml_node_t *child;
1152 const char *name;
1153 char *homeoi = NULL;
1154 int required = 0;
1155 char *str;
1156
1157 xml_node_for_each_child(ctx->xml, child, node) {
1158 xml_node_for_each_check(ctx->xml, child);
1159 name = xml_node_get_localname(ctx->xml, child);
1160 if (strcasecmp(name, "HomeOI") == 0 && !homeoi) {
1161 homeoi = xml_node_get_text(ctx->xml, child);
1162 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+>/HomeOI = %s",
1163 homeoi);
1164 } else if (strcasecmp(name, "HomeOIRequired") == 0) {
1165 str = xml_node_get_text(ctx->xml, child);
1166 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+>/HomeOIRequired = '%s'",
1167 str);
1168 if (str == NULL)
1169 continue;
1170 required = strcasecmp(str, "true") == 0;
1171 xml_node_get_text_free(ctx->xml, str);
1172 } else
1173 wpa_printf(MSG_INFO, "Unknown HomeOIList node '%s'",
1174 name);
1175 }
1176
1177 if (homeoi == NULL) {
1178 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+> without HomeOI ignored");
1179 return;
1180 }
1181
1182 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+> '%s' required=%d",
1183 homeoi, required);
1184
1185 if (required) {
1186 if (set_cred(ctx->ifname, id, "required_roaming_consortium",
1187 homeoi) < 0)
1188 wpa_printf(MSG_INFO, "Failed to set cred required_roaming_consortium");
1189 } else {
1190 if (set_cred_quoted(ctx->ifname, id, "roaming_consortium",
1191 homeoi) < 0)
1192 wpa_printf(MSG_INFO, "Failed to set cred roaming_consortium");
1193 }
1194
1195 xml_node_get_text_free(ctx->xml, homeoi);
1196}
1197
1198
1199static void set_pps_cred_home_sp_oi_list(struct hs20_osu_client *ctx, int id,
1200 xml_node_t *node)
1201{
1202 xml_node_t *child;
1203
1204 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList");
1205
1206 xml_node_for_each_child(ctx->xml, child, node) {
1207 xml_node_for_each_check(ctx->xml, child);
1208 set_pps_cred_home_sp_oi(ctx, id, child);
1209 }
1210}
1211
1212
1213static void set_pps_cred_home_sp_other_partner(struct hs20_osu_client *ctx,
1214 int id, xml_node_t *node)
1215{
1216 xml_node_t *child;
1217 const char *name;
1218 char *fqdn = NULL;
1219
1220 xml_node_for_each_child(ctx->xml, child, node) {
1221 xml_node_for_each_check(ctx->xml, child);
1222 name = xml_node_get_localname(ctx->xml, child);
1223 if (os_strcasecmp(name, "FQDN") == 0 && !fqdn) {
1224 fqdn = xml_node_get_text(ctx->xml, child);
1225 wpa_printf(MSG_INFO, "- HomeSP/OtherHomePartners/<X+>/FQDN = %s",
1226 fqdn);
1227 } else
1228 wpa_printf(MSG_INFO, "Unknown OtherHomePartners node '%s'",
1229 name);
1230 }
1231
1232 if (fqdn == NULL) {
1233 wpa_printf(MSG_INFO, "- HomeSP/OtherHomePartners/<X+> without FQDN ignored");
1234 return;
1235 }
1236
1237 if (set_cred_quoted(ctx->ifname, id, "domain", fqdn) < 0)
1238 wpa_printf(MSG_INFO, "Failed to set cred domain for OtherHomePartners node");
1239
1240 xml_node_get_text_free(ctx->xml, fqdn);
1241}
1242
1243
1244static void set_pps_cred_home_sp_other_partners(struct hs20_osu_client *ctx,
1245 int id,
1246 xml_node_t *node)
1247{
1248 xml_node_t *child;
1249
1250 wpa_printf(MSG_INFO, "- HomeSP/OtherHomePartners");
1251
1252 xml_node_for_each_child(ctx->xml, child, node) {
1253 xml_node_for_each_check(ctx->xml, child);
1254 set_pps_cred_home_sp_other_partner(ctx, id, child);
1255 }
1256}
1257
1258
1259static void set_pps_cred_home_sp_roaming_consortium_oi(
1260 struct hs20_osu_client *ctx, int id, xml_node_t *node)
1261{
1262 char *str = xml_node_get_text(ctx->xml, node);
1263 if (str == NULL)
1264 return;
1265 wpa_printf(MSG_INFO, "- HomeSP/RoamingConsortiumOI = %s", str);
1266 /* TODO: Set to wpa_supplicant */
1267 xml_node_get_text_free(ctx->xml, str);
1268}
1269
1270
1271static void set_pps_cred_home_sp(struct hs20_osu_client *ctx, int id,
1272 xml_node_t *node)
1273{
1274 xml_node_t *child;
1275 const char *name;
1276
1277 wpa_printf(MSG_INFO, "- HomeSP");
1278
1279 xml_node_for_each_child(ctx->xml, child, node) {
1280 xml_node_for_each_check(ctx->xml, child);
1281 name = xml_node_get_localname(ctx->xml, child);
1282 if (os_strcasecmp(name, "NetworkID") == 0)
1283 set_pps_cred_home_sp_network_ids(ctx, id, child);
1284 else if (os_strcasecmp(name, "FriendlyName") == 0)
1285 set_pps_cred_home_sp_friendly_name(ctx, id, child);
1286 else if (os_strcasecmp(name, "IconURL") == 0)
1287 set_pps_cred_home_sp_icon_url(ctx, id, child);
1288 else if (os_strcasecmp(name, "FQDN") == 0)
1289 set_pps_cred_home_sp_fqdn(ctx, id, child);
1290 else if (os_strcasecmp(name, "HomeOIList") == 0)
1291 set_pps_cred_home_sp_oi_list(ctx, id, child);
1292 else if (os_strcasecmp(name, "OtherHomePartners") == 0)
1293 set_pps_cred_home_sp_other_partners(ctx, id, child);
1294 else if (os_strcasecmp(name, "RoamingConsortiumOI") == 0)
1295 set_pps_cred_home_sp_roaming_consortium_oi(ctx, id,
1296 child);
1297 else
1298 wpa_printf(MSG_INFO, "Unknown HomeSP node '%s'", name);
1299 }
1300}
1301
1302
1303static void set_pps_cred_sub_params(struct hs20_osu_client *ctx, int id,
1304 xml_node_t *node)
1305{
1306 wpa_printf(MSG_INFO, "- SubscriptionParameters");
1307 /* not used within wpa_supplicant */
1308}
1309
1310
1311static void set_pps_cred_creation_date(struct hs20_osu_client *ctx, int id,
1312 xml_node_t *node)
1313{
1314 char *str = xml_node_get_text(ctx->xml, node);
1315 if (str == NULL)
1316 return;
1317 wpa_printf(MSG_INFO, "- Credential/CreationDate = %s", str);
1318 /* not used within wpa_supplicant */
1319 xml_node_get_text_free(ctx->xml, str);
1320}
1321
1322
1323static void set_pps_cred_expiration_date(struct hs20_osu_client *ctx, int id,
1324 xml_node_t *node)
1325{
1326 char *str = xml_node_get_text(ctx->xml, node);
1327 if (str == NULL)
1328 return;
1329 wpa_printf(MSG_INFO, "- Credential/ExpirationDate = %s", str);
1330 /* not used within wpa_supplicant */
1331 xml_node_get_text_free(ctx->xml, str);
1332}
1333
1334
1335static void set_pps_cred_username(struct hs20_osu_client *ctx, int id,
1336 xml_node_t *node)
1337{
1338 char *str = xml_node_get_text(ctx->xml, node);
1339 if (str == NULL)
1340 return;
1341 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/Username = %s",
1342 str);
1343 if (set_cred_quoted(ctx->ifname, id, "username", str) < 0)
1344 wpa_printf(MSG_INFO, "Failed to set cred username");
1345 xml_node_get_text_free(ctx->xml, str);
1346}
1347
1348
1349static void set_pps_cred_password(struct hs20_osu_client *ctx, int id,
1350 xml_node_t *node)
1351{
1352 int len, i;
1353 char *pw, *hex, *pos, *end;
1354
1355 pw = xml_node_get_base64_text(ctx->xml, node, &len);
1356 if (pw == NULL)
1357 return;
1358
1359 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/Password = %s", pw);
1360
1361 hex = malloc(len * 2 + 1);
1362 if (hex == NULL) {
1363 free(pw);
1364 return;
1365 }
1366 end = hex + len * 2 + 1;
1367 pos = hex;
1368 for (i = 0; i < len; i++) {
1369 snprintf(pos, end - pos, "%02x", pw[i]);
1370 pos += 2;
1371 }
1372 free(pw);
1373
1374 if (set_cred(ctx->ifname, id, "password", hex) < 0)
1375 wpa_printf(MSG_INFO, "Failed to set cred password");
1376 free(hex);
1377}
1378
1379
1380static void set_pps_cred_machine_managed(struct hs20_osu_client *ctx, int id,
1381 xml_node_t *node)
1382{
1383 char *str = xml_node_get_text(ctx->xml, node);
1384 if (str == NULL)
1385 return;
1386 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/MachineManaged = %s",
1387 str);
1388 /* not used within wpa_supplicant */
1389 xml_node_get_text_free(ctx->xml, str);
1390}
1391
1392
1393static void set_pps_cred_soft_token_app(struct hs20_osu_client *ctx, int id,
1394 xml_node_t *node)
1395{
1396 char *str = xml_node_get_text(ctx->xml, node);
1397 if (str == NULL)
1398 return;
1399 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/SoftTokenApp = %s",
1400 str);
1401 /* not used within wpa_supplicant */
1402 xml_node_get_text_free(ctx->xml, str);
1403}
1404
1405
1406static void set_pps_cred_able_to_share(struct hs20_osu_client *ctx, int id,
1407 xml_node_t *node)
1408{
1409 char *str = xml_node_get_text(ctx->xml, node);
1410 if (str == NULL)
1411 return;
1412 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/AbleToShare = %s",
1413 str);
1414 /* not used within wpa_supplicant */
1415 xml_node_get_text_free(ctx->xml, str);
1416}
1417
1418
1419static void set_pps_cred_eap_method(struct hs20_osu_client *ctx, int id,
1420 xml_node_t *node)
1421{
1422 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/EAPMethod - TODO");
1423}
1424
1425
1426static void set_pps_cred_username_password(struct hs20_osu_client *ctx, int id,
1427 xml_node_t *node)
1428{
1429 xml_node_t *child;
1430 const char *name;
1431
1432 wpa_printf(MSG_INFO, "- Credential/UsernamePassword");
1433
1434 xml_node_for_each_child(ctx->xml, child, node) {
1435 xml_node_for_each_check(ctx->xml, child);
1436 name = xml_node_get_localname(ctx->xml, child);
1437 if (os_strcasecmp(name, "Username") == 0)
1438 set_pps_cred_username(ctx, id, child);
1439 else if (os_strcasecmp(name, "Password") == 0)
1440 set_pps_cred_password(ctx, id, child);
1441 else if (os_strcasecmp(name, "MachineManaged") == 0)
1442 set_pps_cred_machine_managed(ctx, id, child);
1443 else if (os_strcasecmp(name, "SoftTokenApp") == 0)
1444 set_pps_cred_soft_token_app(ctx, id, child);
1445 else if (os_strcasecmp(name, "AbleToShare") == 0)
1446 set_pps_cred_able_to_share(ctx, id, child);
1447 else if (os_strcasecmp(name, "EAPMethod") == 0)
1448 set_pps_cred_eap_method(ctx, id, child);
1449 else
1450 wpa_printf(MSG_INFO, "Unknown Credential/UsernamePassword node '%s'",
1451 name);
1452 }
1453}
1454
1455
1456static void set_pps_cred_digital_cert(struct hs20_osu_client *ctx, int id,
1457 xml_node_t *node, const char *fqdn)
1458{
1459 char buf[200], dir[200];
1460
1461 wpa_printf(MSG_INFO, "- Credential/DigitalCertificate");
1462
1463 if (getcwd(dir, sizeof(dir)) == NULL)
1464 return;
1465
1466 /* TODO: could build username from Subject of Subject AltName */
1467 if (set_cred_quoted(ctx->ifname, id, "username", "cert") < 0) {
1468 wpa_printf(MSG_INFO, "Failed to set username");
1469 }
1470
1471 snprintf(buf, sizeof(buf), "%s/SP/%s/client-cert.pem", dir, fqdn);
1472 if (os_file_exists(buf)) {
1473 if (set_cred_quoted(ctx->ifname, id, "client_cert", buf) < 0) {
1474 wpa_printf(MSG_INFO, "Failed to set client_cert");
1475 }
1476 }
1477
1478 snprintf(buf, sizeof(buf), "%s/SP/%s/client-key.pem", dir, fqdn);
1479 if (os_file_exists(buf)) {
1480 if (set_cred_quoted(ctx->ifname, id, "private_key", buf) < 0) {
1481 wpa_printf(MSG_INFO, "Failed to set private_key");
1482 }
1483 }
1484}
1485
1486
1487static void set_pps_cred_realm(struct hs20_osu_client *ctx, int id,
1488 xml_node_t *node, const char *fqdn, int sim)
1489{
1490 char *str = xml_node_get_text(ctx->xml, node);
1491 char buf[200], dir[200];
1492
1493 if (str == NULL)
1494 return;
1495
1496 wpa_printf(MSG_INFO, "- Credential/Realm = %s", str);
1497 if (set_cred_quoted(ctx->ifname, id, "realm", str) < 0)
1498 wpa_printf(MSG_INFO, "Failed to set cred realm");
1499 xml_node_get_text_free(ctx->xml, str);
1500
1501 if (sim)
1502 return;
1503
1504 if (getcwd(dir, sizeof(dir)) == NULL)
1505 return;
1506 snprintf(buf, sizeof(buf), "%s/SP/%s/aaa-ca.pem", dir, fqdn);
1507 if (os_file_exists(buf)) {
1508 if (set_cred_quoted(ctx->ifname, id, "ca_cert", buf) < 0) {
1509 wpa_printf(MSG_INFO, "Failed to set CA cert");
1510 }
1511 }
1512}
1513
1514
1515static void set_pps_cred_check_aaa_cert_status(struct hs20_osu_client *ctx,
1516 int id, xml_node_t *node)
1517{
1518 char *str = xml_node_get_text(ctx->xml, node);
1519
1520 if (str == NULL)
1521 return;
1522
1523 wpa_printf(MSG_INFO, "- Credential/CheckAAAServerCertStatus = %s", str);
1524 if (os_strcasecmp(str, "true") == 0 &&
1525 set_cred(ctx->ifname, id, "ocsp", "2") < 0)
1526 wpa_printf(MSG_INFO, "Failed to set cred ocsp");
1527 xml_node_get_text_free(ctx->xml, str);
1528}
1529
1530
1531static void set_pps_cred_sim(struct hs20_osu_client *ctx, int id,
1532 xml_node_t *sim, xml_node_t *realm)
1533{
1534 xml_node_t *node;
1535 char *imsi, *eaptype, *str, buf[20];
1536 int type;
1537 int mnc_len = 3;
1538 size_t imsi_len;
1539
1540 node = get_node(ctx->xml, sim, "EAPType");
1541 if (node == NULL) {
1542 wpa_printf(MSG_INFO, "No SIM/EAPType node in credential");
1543 return;
1544 }
1545 eaptype = xml_node_get_text(ctx->xml, node);
1546 if (eaptype == NULL) {
1547 wpa_printf(MSG_INFO, "Could not extract SIM/EAPType");
1548 return;
1549 }
1550 wpa_printf(MSG_INFO, " - Credential/SIM/EAPType = %s", eaptype);
1551 type = atoi(eaptype);
1552 xml_node_get_text_free(ctx->xml, eaptype);
1553
1554 switch (type) {
1555 case EAP_TYPE_SIM:
1556 if (set_cred(ctx->ifname, id, "eap", "SIM") < 0)
1557 wpa_printf(MSG_INFO, "Could not set eap=SIM");
1558 break;
1559 case EAP_TYPE_AKA:
1560 if (set_cred(ctx->ifname, id, "eap", "AKA") < 0)
1561 wpa_printf(MSG_INFO, "Could not set eap=SIM");
1562 break;
1563 case EAP_TYPE_AKA_PRIME:
1564 if (set_cred(ctx->ifname, id, "eap", "AKA'") < 0)
1565 wpa_printf(MSG_INFO, "Could not set eap=SIM");
1566 break;
1567 default:
1568 wpa_printf(MSG_INFO, "Unsupported SIM/EAPType %d", type);
1569 return;
1570 }
1571
1572 node = get_node(ctx->xml, sim, "IMSI");
1573 if (node == NULL) {
1574 wpa_printf(MSG_INFO, "No SIM/IMSI node in credential");
1575 return;
1576 }
1577 imsi = xml_node_get_text(ctx->xml, node);
1578 if (imsi == NULL) {
1579 wpa_printf(MSG_INFO, "Could not extract SIM/IMSI");
1580 return;
1581 }
1582 wpa_printf(MSG_INFO, " - Credential/SIM/IMSI = %s", imsi);
1583 imsi_len = os_strlen(imsi);
1584 if (imsi_len < 7 || imsi_len + 2 > sizeof(buf)) {
1585 wpa_printf(MSG_INFO, "Invalid IMSI length");
1586 xml_node_get_text_free(ctx->xml, imsi);
1587 return;
1588 }
1589
1590 str = xml_node_get_text(ctx->xml, node);
1591 if (str) {
1592 char *pos;
1593 pos = os_strstr(str, "mnc");
1594 if (pos && os_strlen(pos) >= 6) {
1595 if (os_strncmp(imsi + 3, pos + 3, 3) == 0)
1596 mnc_len = 3;
1597 else if (os_strncmp(imsi + 3, pos + 4, 2) == 0)
1598 mnc_len = 2;
1599 }
1600 xml_node_get_text_free(ctx->xml, str);
1601 }
1602
1603 os_memcpy(buf, imsi, 3 + mnc_len);
1604 buf[3 + mnc_len] = '-';
1605 os_strlcpy(buf + 3 + mnc_len + 1, imsi + 3 + mnc_len,
1606 sizeof(buf) - 3 - mnc_len - 1);
1607
1608 xml_node_get_text_free(ctx->xml, imsi);
1609
1610 if (set_cred_quoted(ctx->ifname, id, "imsi", buf) < 0)
1611 wpa_printf(MSG_INFO, "Could not set IMSI");
1612
1613 if (set_cred_quoted(ctx->ifname, id, "milenage",
1614 "90dca4eda45b53cf0f12d7c9c3bc6a89:"
1615 "cb9cccc4b9258e6dca4760379fb82581:000000000123") <
1616 0)
1617 wpa_printf(MSG_INFO, "Could not set Milenage parameters");
1618}
1619
1620
1621static void set_pps_cred_credential(struct hs20_osu_client *ctx, int id,
1622 xml_node_t *node, const char *fqdn)
1623{
1624 xml_node_t *child, *sim, *realm;
1625 const char *name;
1626
1627 wpa_printf(MSG_INFO, "- Credential");
1628
1629 sim = get_node(ctx->xml, node, "SIM");
1630 realm = get_node(ctx->xml, node, "Realm");
1631
1632 xml_node_for_each_child(ctx->xml, child, node) {
1633 xml_node_for_each_check(ctx->xml, child);
1634 name = xml_node_get_localname(ctx->xml, child);
1635 if (os_strcasecmp(name, "CreationDate") == 0)
1636 set_pps_cred_creation_date(ctx, id, child);
1637 else if (os_strcasecmp(name, "ExpirationDate") == 0)
1638 set_pps_cred_expiration_date(ctx, id, child);
1639 else if (os_strcasecmp(name, "UsernamePassword") == 0)
1640 set_pps_cred_username_password(ctx, id, child);
1641 else if (os_strcasecmp(name, "DigitalCertificate") == 0)
1642 set_pps_cred_digital_cert(ctx, id, child, fqdn);
1643 else if (os_strcasecmp(name, "Realm") == 0)
1644 set_pps_cred_realm(ctx, id, child, fqdn, sim != NULL);
1645 else if (os_strcasecmp(name, "CheckAAAServerCertStatus") == 0)
1646 set_pps_cred_check_aaa_cert_status(ctx, id, child);
1647 else if (os_strcasecmp(name, "SIM") == 0)
1648 set_pps_cred_sim(ctx, id, child, realm);
1649 else
1650 wpa_printf(MSG_INFO, "Unknown Credential node '%s'",
1651 name);
1652 }
1653}
1654
1655
1656static void set_pps_credential(struct hs20_osu_client *ctx, int id,
1657 xml_node_t *cred, const char *fqdn)
1658{
1659 xml_node_t *child;
1660 const char *name;
1661
1662 xml_node_for_each_child(ctx->xml, child, cred) {
1663 xml_node_for_each_check(ctx->xml, child);
1664 name = xml_node_get_localname(ctx->xml, child);
1665 if (os_strcasecmp(name, "Policy") == 0)
1666 set_pps_cred_policy(ctx, id, child);
1667 else if (os_strcasecmp(name, "CredentialPriority") == 0)
1668 set_pps_cred_priority(ctx, id, child);
1669 else if (os_strcasecmp(name, "AAAServerTrustRoot") == 0)
1670 set_pps_cred_aaa_server_trust_root(ctx, id, child);
1671 else if (os_strcasecmp(name, "SubscriptionUpdate") == 0)
1672 set_pps_cred_sub_update(ctx, id, child);
1673 else if (os_strcasecmp(name, "HomeSP") == 0)
1674 set_pps_cred_home_sp(ctx, id, child);
1675 else if (os_strcasecmp(name, "SubscriptionParameters") == 0)
1676 set_pps_cred_sub_params(ctx, id, child);
1677 else if (os_strcasecmp(name, "Credential") == 0)
1678 set_pps_cred_credential(ctx, id, child, fqdn);
1679 else
1680 wpa_printf(MSG_INFO, "Unknown credential node '%s'",
1681 name);
1682 }
1683}
1684
1685
1686static void set_pps(struct hs20_osu_client *ctx, xml_node_t *pps,
1687 const char *fqdn)
1688{
1689 xml_node_t *child;
1690 const char *name;
1691 int id;
1692 char *update_identifier = NULL;
1693
1694 /*
1695 * TODO: Could consider more complex mechanism that would remove
1696 * credentials only if there are changes in the information sent to
1697 * wpa_supplicant.
1698 */
1699 remove_sp_creds(ctx, fqdn);
1700
1701 xml_node_for_each_child(ctx->xml, child, pps) {
1702 xml_node_for_each_check(ctx->xml, child);
1703 name = xml_node_get_localname(ctx->xml, child);
1704 if (os_strcasecmp(name, "UpdateIdentifier") == 0) {
1705 update_identifier = xml_node_get_text(ctx->xml, child);
1706 if (update_identifier) {
1707 wpa_printf(MSG_INFO, "- UpdateIdentifier = %s",
1708 update_identifier);
1709 break;
1710 }
1711 }
1712 }
1713
1714 xml_node_for_each_child(ctx->xml, child, pps) {
1715 xml_node_for_each_check(ctx->xml, child);
1716 name = xml_node_get_localname(ctx->xml, child);
1717 if (os_strcasecmp(name, "UpdateIdentifier") == 0)
1718 continue;
1719 id = add_cred(ctx->ifname);
1720 if (id < 0) {
1721 wpa_printf(MSG_INFO, "Failed to add credential to wpa_supplicant");
1722 write_summary(ctx, "Failed to add credential to wpa_supplicant");
1723 break;
1724 }
1725 write_summary(ctx, "Add a credential to wpa_supplicant");
1726 if (update_identifier &&
1727 set_cred(ctx->ifname, id, "update_identifier",
1728 update_identifier) < 0)
1729 wpa_printf(MSG_INFO, "Failed to set update_identifier");
1730 if (set_cred_quoted(ctx->ifname, id, "provisioning_sp", fqdn) <
1731 0)
1732 wpa_printf(MSG_INFO, "Failed to set provisioning_sp");
1733 wpa_printf(MSG_INFO, "credential localname: '%s'", name);
1734 set_pps_credential(ctx, id, child, fqdn);
1735 ctx->pps_cred_set = 1;
1736 }
1737
1738 xml_node_get_text_free(ctx->xml, update_identifier);
1739}
1740
1741
1742void cmd_set_pps(struct hs20_osu_client *ctx, const char *pps_fname)
1743{
1744 xml_node_t *pps;
1745 const char *fqdn;
1746 char *fqdn_buf = NULL, *pos;
1747
1748 pps = node_from_file(ctx->xml, pps_fname);
1749 if (pps == NULL) {
1750 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
1751 return;
1752 }
1753
1754 fqdn = os_strstr(pps_fname, "SP/");
1755 if (fqdn) {
1756 fqdn_buf = os_strdup(fqdn + 3);
1757 if (fqdn_buf == NULL)
1758 return;
1759 pos = os_strchr(fqdn_buf, '/');
1760 if (pos)
1761 *pos = '\0';
1762 fqdn = fqdn_buf;
1763 } else
1764 fqdn = "wi-fi.org";
1765
1766 wpa_printf(MSG_INFO, "Set PPS MO info to wpa_supplicant - SP FQDN %s",
1767 fqdn);
1768 set_pps(ctx, pps, fqdn);
1769
1770 os_free(fqdn_buf);
1771 xml_node_free(ctx->xml, pps);
1772}
1773
1774
1775static int cmd_get_fqdn(struct hs20_osu_client *ctx, const char *pps_fname)
1776{
1777 xml_node_t *pps, *node;
1778 char *fqdn = NULL;
1779
1780 pps = node_from_file(ctx->xml, pps_fname);
1781 if (pps == NULL) {
1782 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
1783 return -1;
1784 }
1785
1786 node = get_child_node(ctx->xml, pps, "HomeSP/FQDN");
1787 if (node)
1788 fqdn = xml_node_get_text(ctx->xml, node);
1789
1790 xml_node_free(ctx->xml, pps);
1791
1792 if (fqdn) {
1793 FILE *f = fopen("pps-fqdn", "w");
1794 if (f) {
1795 fprintf(f, "%s", fqdn);
1796 fclose(f);
1797 }
1798 xml_node_get_text_free(ctx->xml, fqdn);
1799 return 0;
1800 }
1801
1802 xml_node_get_text_free(ctx->xml, fqdn);
1803 return -1;
1804}
1805
1806
1807static void cmd_to_tnds(struct hs20_osu_client *ctx, const char *in_fname,
1808 const char *out_fname, const char *urn, int use_path)
1809{
1810 xml_node_t *mo, *node;
1811
1812 mo = node_from_file(ctx->xml, in_fname);
1813 if (mo == NULL) {
1814 wpa_printf(MSG_INFO, "Could not read or parse '%s'", in_fname);
1815 return;
1816 }
1817
1818 node = mo_to_tnds(ctx->xml, mo, use_path, urn, NULL);
1819 if (node) {
1820 node_to_file(ctx->xml, out_fname, node);
1821 xml_node_free(ctx->xml, node);
1822 }
1823
1824 xml_node_free(ctx->xml, mo);
1825}
1826
1827
1828static void cmd_from_tnds(struct hs20_osu_client *ctx, const char *in_fname,
1829 const char *out_fname)
1830{
1831 xml_node_t *tnds, *mo;
1832
1833 tnds = node_from_file(ctx->xml, in_fname);
1834 if (tnds == NULL) {
1835 wpa_printf(MSG_INFO, "Could not read or parse '%s'", in_fname);
1836 return;
1837 }
1838
1839 mo = tnds_to_mo(ctx->xml, tnds);
1840 if (mo) {
1841 node_to_file(ctx->xml, out_fname, mo);
1842 xml_node_free(ctx->xml, mo);
1843 }
1844
1845 xml_node_free(ctx->xml, tnds);
1846}
1847
1848
1849struct osu_icon {
1850 int id;
1851 char lang[4];
1852 char mime_type[256];
1853 char filename[256];
1854};
1855
1856struct osu_data {
1857 char bssid[20];
1858 char url[256];
1859 unsigned int methods;
1860 char osu_ssid[33];
1861 char osu_nai[256];
1862 struct osu_lang_text friendly_name[MAX_OSU_VALS];
1863 size_t friendly_name_count;
1864 struct osu_lang_text serv_desc[MAX_OSU_VALS];
1865 size_t serv_desc_count;
1866 struct osu_icon icon[MAX_OSU_VALS];
1867 size_t icon_count;
1868};
1869
1870
1871static struct osu_data * parse_osu_providers(const char *fname, size_t *count)
1872{
1873 FILE *f;
1874 char buf[1000];
1875 struct osu_data *osu = NULL, *last = NULL;
1876 size_t osu_count = 0;
1877 char *pos, *end;
1878
1879 f = fopen(fname, "r");
1880 if (f == NULL) {
1881 wpa_printf(MSG_ERROR, "Could not open %s", fname);
1882 return NULL;
1883 }
1884
1885 while (fgets(buf, sizeof(buf), f)) {
1886 pos = strchr(buf, '\n');
1887 if (pos)
1888 *pos = '\0';
1889
1890 if (strncmp(buf, "OSU-PROVIDER ", 13) == 0) {
1891 last = realloc(osu, (osu_count + 1) * sizeof(*osu));
1892 if (last == NULL)
1893 break;
1894 osu = last;
1895 last = &osu[osu_count++];
1896 memset(last, 0, sizeof(*last));
1897 snprintf(last->bssid, sizeof(last->bssid), "%s",
1898 buf + 13);
1899 continue;
1900 }
1901 if (!last)
1902 continue;
1903
1904 if (strncmp(buf, "uri=", 4) == 0) {
1905 snprintf(last->url, sizeof(last->url), "%s", buf + 4);
1906 continue;
1907 }
1908
1909 if (strncmp(buf, "methods=", 8) == 0) {
1910 last->methods = strtol(buf + 8, NULL, 16);
1911 continue;
1912 }
1913
1914 if (strncmp(buf, "osu_ssid=", 9) == 0) {
1915 snprintf(last->osu_ssid, sizeof(last->osu_ssid),
1916 "%s", buf + 9);
1917 continue;
1918 }
1919
1920 if (os_strncmp(buf, "osu_nai=", 8) == 0) {
1921 os_snprintf(last->osu_nai, sizeof(last->osu_nai),
1922 "%s", buf + 8);
1923 continue;
1924 }
1925
1926 if (strncmp(buf, "friendly_name=", 14) == 0) {
1927 struct osu_lang_text *txt;
1928 if (last->friendly_name_count == MAX_OSU_VALS)
1929 continue;
1930 pos = strchr(buf + 14, ':');
1931 if (pos == NULL)
1932 continue;
1933 *pos++ = '\0';
1934 txt = &last->friendly_name[last->friendly_name_count++];
1935 snprintf(txt->lang, sizeof(txt->lang), "%s", buf + 14);
1936 snprintf(txt->text, sizeof(txt->text), "%s", pos);
1937 }
1938
1939 if (strncmp(buf, "desc=", 5) == 0) {
1940 struct osu_lang_text *txt;
1941 if (last->serv_desc_count == MAX_OSU_VALS)
1942 continue;
1943 pos = strchr(buf + 5, ':');
1944 if (pos == NULL)
1945 continue;
1946 *pos++ = '\0';
1947 txt = &last->serv_desc[last->serv_desc_count++];
1948 snprintf(txt->lang, sizeof(txt->lang), "%s", buf + 5);
1949 snprintf(txt->text, sizeof(txt->text), "%s", pos);
1950 }
1951
1952 if (strncmp(buf, "icon=", 5) == 0) {
1953 struct osu_icon *icon;
1954 if (last->icon_count == MAX_OSU_VALS)
1955 continue;
1956 icon = &last->icon[last->icon_count++];
1957 icon->id = atoi(buf + 5);
1958 pos = strchr(buf, ':');
1959 if (pos == NULL)
1960 continue;
1961 pos = strchr(pos + 1, ':');
1962 if (pos == NULL)
1963 continue;
1964 pos = strchr(pos + 1, ':');
1965 if (pos == NULL)
1966 continue;
1967 pos++;
1968 end = strchr(pos, ':');
1969 if (!end)
1970 continue;
1971 *end = '\0';
1972 snprintf(icon->lang, sizeof(icon->lang), "%s", pos);
1973 pos = end + 1;
1974
1975 end = strchr(pos, ':');
1976 if (end)
1977 *end = '\0';
1978 snprintf(icon->mime_type, sizeof(icon->mime_type),
1979 "%s", pos);
1980 if (!pos)
1981 continue;
1982 pos = end + 1;
1983
1984 end = strchr(pos, ':');
1985 if (end)
1986 *end = '\0';
1987 snprintf(icon->filename, sizeof(icon->filename),
1988 "%s", pos);
1989 continue;
1990 }
1991 }
1992
1993 fclose(f);
1994
1995 *count = osu_count;
1996 return osu;
1997}
1998
1999
2000static int osu_connect(struct hs20_osu_client *ctx, const char *bssid,
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2001 const char *ssid, const char *url,
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2002 unsigned int methods, int no_prod_assoc,
2003 const char *osu_nai)
2004{
2005 int id;
2006 const char *ifname = ctx->ifname;
2007 char buf[200];
2008 struct wpa_ctrl *mon;
2009 int res;
2010
2011 id = add_network(ifname);
2012 if (id < 0)
2013 return -1;
2014 if (set_network_quoted(ifname, id, "ssid", ssid) < 0)
2015 return -1;
2016 if (osu_nai && os_strlen(osu_nai) > 0) {
2017 char dir[255], fname[300];
2018 if (getcwd(dir, sizeof(dir)) == NULL)
2019 return -1;
2020 os_snprintf(fname, sizeof(fname), "%s/osu-ca.pem", dir);
2021
2022 if (set_network(ifname, id, "proto", "OSEN") < 0 ||
2023 set_network(ifname, id, "key_mgmt", "OSEN") < 0 ||
2024 set_network(ifname, id, "pairwise", "CCMP") < 0 ||
2025 set_network(ifname, id, "group", "GTK_NOT_USED") < 0 ||
2026 set_network(ifname, id, "eap", "WFA-UNAUTH-TLS") < 0 ||
2027 set_network(ifname, id, "ocsp", "2") < 0 ||
2028 set_network_quoted(ifname, id, "identity", osu_nai) < 0 ||
2029 set_network_quoted(ifname, id, "ca_cert", fname) < 0)
2030 return -1;
2031 } else {
2032 if (set_network(ifname, id, "key_mgmt", "NONE") < 0)
2033 return -1;
2034 }
2035
2036 mon = open_wpa_mon(ifname);
2037 if (mon == NULL)
2038 return -1;
2039
2040 wpa_printf(MSG_INFO, "Associate with OSU SSID");
2041 write_summary(ctx, "Associate with OSU SSID");
2042 snprintf(buf, sizeof(buf), "SELECT_NETWORK %d", id);
2043 if (wpa_command(ifname, buf) < 0)
2044 return -1;
2045
2046 res = get_wpa_cli_event(mon, "CTRL-EVENT-CONNECTED",
2047 buf, sizeof(buf));
2048
2049 wpa_ctrl_detach(mon);
2050 wpa_ctrl_close(mon);
2051
2052 if (res < 0) {
2053 wpa_printf(MSG_INFO, "Could not connect");
2054 write_summary(ctx, "Could not connect to OSU network");
2055 wpa_printf(MSG_INFO, "Remove OSU network connection");
2056 snprintf(buf, sizeof(buf), "REMOVE_NETWORK %d", id);
2057 wpa_command(ifname, buf);
2058 return -1;
2059 }
2060
2061 write_summary(ctx, "Waiting for IP address for subscription registration");
2062 if (wait_ip_addr(ifname, 15) < 0) {
2063 wpa_printf(MSG_INFO, "Could not get IP address for WLAN - try connection anyway");
2064 }
2065
2066 if (no_prod_assoc) {
2067 if (res < 0)
2068 return -1;
2069 wpa_printf(MSG_INFO, "No production connection used for testing purposes");
2070 write_summary(ctx, "No production connection used for testing purposes");
2071 return 0;
2072 }
2073
2074 ctx->no_reconnect = 1;
2075 if (methods & 0x02)
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2076 res = cmd_prov(ctx, url);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2077 else if (methods & 0x01)
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2078 res = cmd_oma_dm_prov(ctx, url);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2079
2080 wpa_printf(MSG_INFO, "Remove OSU network connection");
2081 write_summary(ctx, "Remove OSU network connection");
2082 snprintf(buf, sizeof(buf), "REMOVE_NETWORK %d", id);
2083 wpa_command(ifname, buf);
2084
2085 if (res < 0)
2086 return -1;
2087
2088 wpa_printf(MSG_INFO, "Requesting reconnection with updated configuration");
2089 write_summary(ctx, "Requesting reconnection with updated configuration");
2090 if (wpa_command(ctx->ifname, "INTERWORKING_SELECT auto") < 0) {
2091 wpa_printf(MSG_INFO, "Failed to request wpa_supplicant to reconnect");
2092 write_summary(ctx, "Failed to request wpa_supplicant to reconnect");
2093 return -1;
2094 }
2095
2096 return 0;
2097}
2098
2099
2100static int cmd_osu_select(struct hs20_osu_client *ctx, const char *dir,
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2101 int connect, int no_prod_assoc,
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2102 const char *friendly_name)
2103{
2104 char fname[255];
2105 FILE *f;
2106 struct osu_data *osu = NULL, *last = NULL;
2107 size_t osu_count, i, j;
2108 int ret;
2109
2110 write_summary(ctx, "OSU provider selection");
2111
2112 if (dir == NULL) {
2113 wpa_printf(MSG_INFO, "Missing dir parameter to osu_select");
2114 return -1;
2115 }
2116
2117 snprintf(fname, sizeof(fname), "%s/osu-providers.txt", dir);
2118 osu = parse_osu_providers(fname, &osu_count);
2119 if (osu == NULL) {
2120 wpa_printf(MSG_INFO, "Could not any OSU providers from %s",
2121 fname);
2122 write_result(ctx, "No OSU providers available");
2123 return -1;
2124 }
2125
2126 if (friendly_name) {
2127 for (i = 0; i < osu_count; i++) {
2128 last = &osu[i];
2129 for (j = 0; j < last->friendly_name_count; j++) {
2130 if (os_strcmp(last->friendly_name[j].text,
2131 friendly_name) == 0)
2132 break;
2133 }
2134 if (j < last->friendly_name_count)
2135 break;
2136 }
2137 if (i == osu_count) {
2138 wpa_printf(MSG_INFO, "Requested operator friendly name '%s' not found in the list of available providers",
2139 friendly_name);
2140 write_summary(ctx, "Requested operator friendly name '%s' not found in the list of available providers",
2141 friendly_name);
2142 free(osu);
2143 return -1;
2144 }
2145
2146 wpa_printf(MSG_INFO, "OSU Provider selected based on requested operator friendly name '%s'",
2147 friendly_name);
2148 write_summary(ctx, "OSU Provider selected based on requested operator friendly name '%s'",
2149 friendly_name);
2150 ret = i + 1;
2151 goto selected;
2152 }
2153
2154 snprintf(fname, sizeof(fname), "%s/osu-providers.html", dir);
2155 f = fopen(fname, "w");
2156 if (f == NULL) {
2157 wpa_printf(MSG_INFO, "Could not open %s", fname);
2158 free(osu);
2159 return -1;
2160 }
2161
2162 fprintf(f, "<html><head>"
2163 "<meta http-equiv=\"Content-type\" content=\"text/html; "
2164 "charset=utf-8\"<title>Select service operator</title>"
2165 "</head><body><h1>Select service operator</h1>\n");
2166
2167 if (osu_count == 0)
2168 fprintf(f, "No online signup available\n");
2169
2170 for (i = 0; i < osu_count; i++) {
2171 last = &osu[i];
2172#ifdef ANDROID
2173 fprintf(f, "<p>\n"
2174 "<a href=\"http://localhost:12345/osu/%d\">"
2175 "<table><tr><td>", (int) i + 1);
2176#else /* ANDROID */
2177 fprintf(f, "<p>\n"
2178 "<a href=\"osu://%d\">"
2179 "<table><tr><td>", (int) i + 1);
2180#endif /* ANDROID */
2181 for (j = 0; j < last->icon_count; j++) {
2182 fprintf(f, "<img src=\"osu-icon-%d.%s\">\n",
2183 last->icon[j].id,
2184 strcasecmp(last->icon[j].mime_type,
2185 "image/png") == 0 ? "png" : "icon");
2186 }
2187 fprintf(f, "<td>");
2188 for (j = 0; j < last->friendly_name_count; j++) {
2189 fprintf(f, "<small>[%s]</small> %s<br>\n",
2190 last->friendly_name[j].lang,
2191 last->friendly_name[j].text);
2192 }
2193 fprintf(f, "<tr><td colspan=2>");
2194 for (j = 0; j < last->serv_desc_count; j++) {
2195 fprintf(f, "<small>[%s]</small> %s<br>\n",
2196 last->serv_desc[j].lang,
2197 last->serv_desc[j].text);
2198 }
2199 fprintf(f, "</table></a><br><small>BSSID: %s<br>\n"
2200 "SSID: %s<br>\n",
2201 last->bssid, last->osu_ssid);
2202 if (last->osu_nai)
2203 fprintf(f, "NAI: %s<br>\n", last->osu_nai);
2204 fprintf(f, "URL: %s<br>\n"
2205 "methods:%s%s<br>\n"
2206 "</small></p>\n",
2207 last->url,
2208 last->methods & 0x01 ? " OMA-DM" : "",
2209 last->methods & 0x02 ? " SOAP-XML-SPP" : "");
2210 }
2211
2212 fprintf(f, "</body></html>\n");
2213
2214 fclose(f);
2215
2216 snprintf(fname, sizeof(fname), "file://%s/osu-providers.html", dir);
2217 write_summary(ctx, "Start web browser with OSU provider selection page");
2218 ret = hs20_web_browser(fname);
2219
2220selected:
2221 if (ret > 0 && (size_t) ret <= osu_count) {
2222 char *data;
2223 size_t data_len;
2224
2225 wpa_printf(MSG_INFO, "Selected OSU id=%d", ret);
2226 last = &osu[ret - 1];
2227 ret = 0;
2228 wpa_printf(MSG_INFO, "BSSID: %s", last->bssid);
2229 wpa_printf(MSG_INFO, "SSID: %s", last->osu_ssid);
2230 wpa_printf(MSG_INFO, "URL: %s", last->url);
2231 write_summary(ctx, "Selected OSU provider id=%d BSSID=%s SSID=%s URL=%s",
2232 ret, last->bssid, last->osu_ssid, last->url);
2233
2234 ctx->friendly_name_count = last->friendly_name_count;
2235 for (j = 0; j < last->friendly_name_count; j++) {
2236 wpa_printf(MSG_INFO, "FRIENDLY_NAME: [%s]%s",
2237 last->friendly_name[j].lang,
2238 last->friendly_name[j].text);
2239 os_strlcpy(ctx->friendly_name[j].lang,
2240 last->friendly_name[j].lang,
2241 sizeof(ctx->friendly_name[j].lang));
2242 os_strlcpy(ctx->friendly_name[j].text,
2243 last->friendly_name[j].text,
2244 sizeof(ctx->friendly_name[j].text));
2245 }
2246
2247 ctx->icon_count = last->icon_count;
2248 for (j = 0; j < last->icon_count; j++) {
2249 char fname[256];
2250
2251 os_snprintf(fname, sizeof(fname), "%s/osu-icon-%d.%s",
2252 dir, last->icon[j].id,
2253 strcasecmp(last->icon[j].mime_type,
2254 "image/png") == 0 ?
2255 "png" : "icon");
2256 wpa_printf(MSG_INFO, "ICON: %s (%s)",
2257 fname, last->icon[j].filename);
2258 os_strlcpy(ctx->icon_filename[j],
2259 last->icon[j].filename,
2260 sizeof(ctx->icon_filename[j]));
2261
2262 data = os_readfile(fname, &data_len);
2263 if (data) {
2264 sha256_vector(1, (const u8 **) &data, &data_len,
2265 ctx->icon_hash[j]);
2266 os_free(data);
2267 }
2268 }
2269
2270 if (connect == 2) {
2271 if (last->methods & 0x02)
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2272 ret = cmd_prov(ctx, last->url);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2273 else if (last->methods & 0x01)
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2274 ret = cmd_oma_dm_prov(ctx, last->url);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2275 else
2276 ret = -1;
2277 } else if (connect)
2278 ret = osu_connect(ctx, last->bssid, last->osu_ssid,
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2279 last->url, last->methods,
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2280 no_prod_assoc, last->osu_nai);
2281 } else
2282 ret = -1;
2283
2284 free(osu);
2285
2286 return ret;
2287}
2288
2289
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2290static int cmd_signup(struct hs20_osu_client *ctx, int no_prod_assoc,
2291 const char *friendly_name)
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2292{
2293 char dir[255];
2294 char fname[300], buf[400];
2295 struct wpa_ctrl *mon;
2296 const char *ifname;
2297 int res;
2298
2299 ifname = ctx->ifname;
2300
2301 if (getcwd(dir, sizeof(dir)) == NULL)
2302 return -1;
2303
2304 snprintf(fname, sizeof(fname), "%s/osu-info", dir);
2305 if (mkdir(fname, S_IRWXU | S_IRWXG) < 0 && errno != EEXIST) {
2306 wpa_printf(MSG_INFO, "mkdir(%s) failed: %s",
2307 fname, strerror(errno));
2308 return -1;
2309 }
2310
2311 snprintf(buf, sizeof(buf), "SET osu_dir %s", fname);
2312 if (wpa_command(ifname, buf) < 0) {
2313 wpa_printf(MSG_INFO, "Failed to configure osu_dir to wpa_supplicant");
2314 return -1;
2315 }
2316
2317 mon = open_wpa_mon(ifname);
2318 if (mon == NULL)
2319 return -1;
2320
2321 wpa_printf(MSG_INFO, "Starting OSU fetch");
2322 write_summary(ctx, "Starting OSU provider information fetch");
2323 if (wpa_command(ifname, "FETCH_OSU") < 0) {
2324 wpa_printf(MSG_INFO, "Could not start OSU fetch");
2325 wpa_ctrl_detach(mon);
2326 wpa_ctrl_close(mon);
2327 return -1;
2328 }
2329 res = get_wpa_cli_event(mon, "OSU provider fetch completed",
2330 buf, sizeof(buf));
2331
2332 wpa_ctrl_detach(mon);
2333 wpa_ctrl_close(mon);
2334
2335 if (res < 0) {
2336 wpa_printf(MSG_INFO, "OSU fetch did not complete");
2337 write_summary(ctx, "OSU fetch did not complete");
2338 return -1;
2339 }
2340 wpa_printf(MSG_INFO, "OSU provider fetch completed");
2341
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2342 return cmd_osu_select(ctx, fname, 1, no_prod_assoc, friendly_name);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2343}
2344
2345
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame^]2346static int cmd_sub_rem(struct hs20_osu_client *ctx, const char *address,
2347 const char *pps_fname, const char *ca_fname)
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2348{
2349 xml_node_t *pps, *node;
2350 char pps_fname_buf[300];
2351 char ca_fname_buf[200];
2352 char *cred_username = NULL;
2353 char *cred_password = NULL;
2354 char *sub_rem_uri = NULL;
2355 char client_cert_buf[200];
2356 char *client_cert = NULL;
2357 char client_key_buf[200];
2358 char *client_key = NULL;
2359 int spp;
2360
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2361 wpa_printf(MSG_INFO, "Subscription remediation requested with Server URL: %s",
2362 address);
2363
2364 if (!pps_fname) {
2365 char buf[256];
2366 wpa_printf(MSG_INFO, "Determining PPS file based on Home SP information");
2367 if (os_strncmp(address, "fqdn=", 5) == 0) {
2368 wpa_printf(MSG_INFO, "Use requested FQDN from command line");
2369 os_snprintf(buf, sizeof(buf), "%s", address + 5);
2370 address = NULL;
2371 } else if (get_wpa_status(ctx->ifname, "provisioning_sp", buf,
2372 sizeof(buf)) < 0) {
2373 wpa_printf(MSG_INFO, "Could not get provisioning Home SP FQDN from wpa_supplicant");
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame^]2374 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2375 }
2376 os_free(ctx->fqdn);
2377 ctx->fqdn = os_strdup(buf);
2378 if (ctx->fqdn == NULL)
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame^]2379 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2380 wpa_printf(MSG_INFO, "Home SP FQDN for current credential: %s",
2381 buf);
2382 os_snprintf(pps_fname_buf, sizeof(pps_fname_buf),
2383 "SP/%s/pps.xml", ctx->fqdn);
2384 pps_fname = pps_fname_buf;
2385
2386 os_snprintf(ca_fname_buf, sizeof(ca_fname_buf), "SP/%s/ca.pem",
2387 ctx->fqdn);
2388 ca_fname = ca_fname_buf;
2389 }
2390
2391 if (!os_file_exists(pps_fname)) {
2392 wpa_printf(MSG_INFO, "PPS file '%s' does not exist or is not accessible",
2393 pps_fname);
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame^]2394 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2395 }
2396 wpa_printf(MSG_INFO, "Using PPS file: %s", pps_fname);
2397
2398 if (ca_fname && !os_file_exists(ca_fname)) {
2399 wpa_printf(MSG_INFO, "CA file '%s' does not exist or is not accessible",
2400 ca_fname);
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame^]2401 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2402 }
2403 wpa_printf(MSG_INFO, "Using server trust root: %s", ca_fname);
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2404 ctx->ca_fname = ca_fname;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2405
2406 pps = node_from_file(ctx->xml, pps_fname);
2407 if (pps == NULL) {
2408 wpa_printf(MSG_INFO, "Could not read PPS MO");
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame^]2409 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2410 }
2411
2412 if (!ctx->fqdn) {
2413 char *tmp;
2414 node = get_child_node(ctx->xml, pps, "HomeSP/FQDN");
2415 if (node == NULL) {
2416 wpa_printf(MSG_INFO, "No HomeSP/FQDN found from PPS");
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame^]2417 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2418 }
2419 tmp = xml_node_get_text(ctx->xml, node);
2420 if (tmp == NULL) {
2421 wpa_printf(MSG_INFO, "No HomeSP/FQDN text found from PPS");
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame^]2422 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2423 }
2424 ctx->fqdn = os_strdup(tmp);
2425 xml_node_get_text_free(ctx->xml, tmp);
2426 if (!ctx->fqdn) {
2427 wpa_printf(MSG_INFO, "No FQDN known");
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame^]2428 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2429 }
2430 }
2431
2432 node = get_child_node(ctx->xml, pps,
2433 "SubscriptionUpdate/UpdateMethod");
2434 if (node) {
2435 char *tmp;
2436 tmp = xml_node_get_text(ctx->xml, node);
2437 if (tmp && os_strcasecmp(tmp, "OMA-DM-ClientInitiated") == 0)
2438 spp = 0;
2439 else
2440 spp = 1;
2441 } else {
2442 wpa_printf(MSG_INFO, "No UpdateMethod specified - assume SPP");
2443 spp = 1;
2444 }
2445
2446 get_user_pw(ctx, pps, "SubscriptionUpdate/UsernamePassword",
2447 &cred_username, &cred_password);
2448 if (cred_username)
2449 wpa_printf(MSG_INFO, "Using username: %s", cred_username);
2450 if (cred_password)
2451 wpa_printf(MSG_DEBUG, "Using password: %s", cred_password);
2452
2453 if (cred_username == NULL && cred_password == NULL &&
2454 get_child_node(ctx->xml, pps, "Credential/DigitalCertificate")) {
2455 wpa_printf(MSG_INFO, "Using client certificate");
2456 os_snprintf(client_cert_buf, sizeof(client_cert_buf),
2457 "SP/%s/client-cert.pem", ctx->fqdn);
2458 client_cert = client_cert_buf;
2459 os_snprintf(client_key_buf, sizeof(client_key_buf),
2460 "SP/%s/client-key.pem", ctx->fqdn);
2461 client_key = client_key_buf;
2462 ctx->client_cert_present = 1;
2463 }
2464
2465 node = get_child_node(ctx->xml, pps, "SubscriptionUpdate/URI");
2466 if (node) {
2467 sub_rem_uri = xml_node_get_text(ctx->xml, node);
2468 if (sub_rem_uri &&
2469 (!address || os_strcmp(address, sub_rem_uri) != 0)) {
2470 wpa_printf(MSG_INFO, "Override sub rem URI based on PPS: %s",
2471 sub_rem_uri);
2472 address = sub_rem_uri;
2473 }
2474 }
2475 if (!address) {
2476 wpa_printf(MSG_INFO, "Server URL not known");
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame^]2477 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2478 }
2479
2480 write_summary(ctx, "Wait for IP address for subscriptiom remediation");
2481 wpa_printf(MSG_INFO, "Wait for IP address before starting subscription remediation");
2482
2483 if (wait_ip_addr(ctx->ifname, 15) < 0) {
2484 wpa_printf(MSG_INFO, "Could not get IP address for WLAN - try connection anyway");
2485 }
2486
2487 if (spp)
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2488 spp_sub_rem(ctx, address, pps_fname,
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2489 client_cert, client_key,
2490 cred_username, cred_password, pps);
2491 else
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2492 oma_dm_sub_rem(ctx, address, pps_fname,
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2493 client_cert, client_key,
2494 cred_username, cred_password, pps);
2495
2496 xml_node_get_text_free(ctx->xml, sub_rem_uri);
2497 xml_node_get_text_free(ctx->xml, cred_username);
Dmitry Shmidtc2817022014-07-02 10:32:10 -0700[diff] [blame]2498 str_clear_free(cred_password);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2499 xml_node_free(ctx->xml, pps);
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame^]2500 return 0;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2501}
2502
2503
2504static int cmd_pol_upd(struct hs20_osu_client *ctx, const char *address,
2505 const char *pps_fname, const char *ca_fname)
2506{
2507 xml_node_t *pps;
2508 xml_node_t *node;
2509 char pps_fname_buf[300];
2510 char ca_fname_buf[200];
2511 char *uri = NULL;
2512 char *cred_username = NULL;
2513 char *cred_password = NULL;
2514 char client_cert_buf[200];
2515 char *client_cert = NULL;
2516 char client_key_buf[200];
2517 char *client_key = NULL;
2518 int spp;
2519
2520 wpa_printf(MSG_INFO, "Policy update requested");
2521
2522 if (!pps_fname) {
2523 char buf[256];
2524 wpa_printf(MSG_INFO, "Determining PPS file based on Home SP information");
2525 if (os_strncmp(address, "fqdn=", 5) == 0) {
2526 wpa_printf(MSG_INFO, "Use requested FQDN from command line");
2527 os_snprintf(buf, sizeof(buf), "%s", address + 5);
2528 address = NULL;
2529 } else if (get_wpa_status(ctx->ifname, "provisioning_sp", buf,
2530 sizeof(buf)) < 0) {
2531 wpa_printf(MSG_INFO, "Could not get provisioning Home SP FQDN from wpa_supplicant");
2532 return -1;
2533 }
2534 os_free(ctx->fqdn);
2535 ctx->fqdn = os_strdup(buf);
2536 if (ctx->fqdn == NULL)
2537 return -1;
2538 wpa_printf(MSG_INFO, "Home SP FQDN for current credential: %s",
2539 buf);
2540 os_snprintf(pps_fname_buf, sizeof(pps_fname_buf),
2541 "SP/%s/pps.xml", ctx->fqdn);
2542 pps_fname = pps_fname_buf;
2543
2544 os_snprintf(ca_fname_buf, sizeof(ca_fname_buf), "SP/%s/ca.pem",
2545 buf);
2546 ca_fname = ca_fname_buf;
2547 }
2548
2549 if (!os_file_exists(pps_fname)) {
2550 wpa_printf(MSG_INFO, "PPS file '%s' does not exist or is not accessible",
2551 pps_fname);
2552 return -1;
2553 }
2554 wpa_printf(MSG_INFO, "Using PPS file: %s", pps_fname);
2555
2556 if (ca_fname && !os_file_exists(ca_fname)) {
2557 wpa_printf(MSG_INFO, "CA file '%s' does not exist or is not accessible",
2558 ca_fname);
2559 return -1;
2560 }
2561 wpa_printf(MSG_INFO, "Using server trust root: %s", ca_fname);
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2562 ctx->ca_fname = ca_fname;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2563
2564 pps = node_from_file(ctx->xml, pps_fname);
2565 if (pps == NULL) {
2566 wpa_printf(MSG_INFO, "Could not read PPS MO");
2567 return -1;
2568 }
2569
2570 if (!ctx->fqdn) {
2571 char *tmp;
2572 node = get_child_node(ctx->xml, pps, "HomeSP/FQDN");
2573 if (node == NULL) {
2574 wpa_printf(MSG_INFO, "No HomeSP/FQDN found from PPS");
2575 return -1;
2576 }
2577 tmp = xml_node_get_text(ctx->xml, node);
2578 if (tmp == NULL) {
2579 wpa_printf(MSG_INFO, "No HomeSP/FQDN text found from PPS");
2580 return -1;
2581 }
2582 ctx->fqdn = os_strdup(tmp);
2583 xml_node_get_text_free(ctx->xml, tmp);
2584 if (!ctx->fqdn) {
2585 wpa_printf(MSG_INFO, "No FQDN known");
2586 return -1;
2587 }
2588 }
2589
2590 node = get_child_node(ctx->xml, pps,
2591 "Policy/PolicyUpdate/UpdateMethod");
2592 if (node) {
2593 char *tmp;
2594 tmp = xml_node_get_text(ctx->xml, node);
2595 if (tmp && os_strcasecmp(tmp, "OMA-DM-ClientInitiated") == 0)
2596 spp = 0;
2597 else
2598 spp = 1;
2599 } else {
2600 wpa_printf(MSG_INFO, "No UpdateMethod specified - assume SPP");
2601 spp = 1;
2602 }
2603
2604 get_user_pw(ctx, pps, "Policy/PolicyUpdate/UsernamePassword",
2605 &cred_username, &cred_password);
2606 if (cred_username)
2607 wpa_printf(MSG_INFO, "Using username: %s", cred_username);
2608 if (cred_password)
2609 wpa_printf(MSG_DEBUG, "Using password: %s", cred_password);
2610
2611 if (cred_username == NULL && cred_password == NULL &&
2612 get_child_node(ctx->xml, pps, "Credential/DigitalCertificate")) {
2613 wpa_printf(MSG_INFO, "Using client certificate");
2614 os_snprintf(client_cert_buf, sizeof(client_cert_buf),
2615 "SP/%s/client-cert.pem", ctx->fqdn);
2616 client_cert = client_cert_buf;
2617 os_snprintf(client_key_buf, sizeof(client_key_buf),
2618 "SP/%s/client-key.pem", ctx->fqdn);
2619 client_key = client_key_buf;
2620 }
2621
2622 if (!address) {
2623 node = get_child_node(ctx->xml, pps, "Policy/PolicyUpdate/URI");
2624 if (node) {
2625 uri = xml_node_get_text(ctx->xml, node);
2626 wpa_printf(MSG_INFO, "URI based on PPS: %s", uri);
2627 address = uri;
2628 }
2629 }
2630 if (!address) {
2631 wpa_printf(MSG_INFO, "Server URL not known");
2632 return -1;
2633 }
2634
2635 if (spp)
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2636 spp_pol_upd(ctx, address, pps_fname,
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2637 client_cert, client_key,
2638 cred_username, cred_password, pps);
2639 else
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2640 oma_dm_pol_upd(ctx, address, pps_fname,
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2641 client_cert, client_key,
2642 cred_username, cred_password, pps);
2643
2644 xml_node_get_text_free(ctx->xml, uri);
2645 xml_node_get_text_free(ctx->xml, cred_username);
Dmitry Shmidtc2817022014-07-02 10:32:10 -0700[diff] [blame]2646 str_clear_free(cred_password);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2647 xml_node_free(ctx->xml, pps);
2648
2649 return 0;
2650}
2651
2652
2653static char * get_hostname(const char *url)
2654{
2655 const char *pos, *end, *end2;
2656 char *ret;
2657
2658 if (url == NULL)
2659 return NULL;
2660
2661 pos = os_strchr(url, '/');
2662 if (pos == NULL)
2663 return NULL;
2664 pos++;
2665 if (*pos != '/')
2666 return NULL;
2667 pos++;
2668
2669 end = os_strchr(pos, '/');
2670 end2 = os_strchr(pos, ':');
2671 if (end && end2 && end2 < end)
2672 end = end2;
2673 if (end)
2674 end--;
2675 else {
2676 end = pos;
2677 while (*end)
2678 end++;
2679 if (end > pos)
2680 end--;
2681 }
2682
2683 ret = os_malloc(end - pos + 2);
2684 if (ret == NULL)
2685 return NULL;
2686
2687 os_memcpy(ret, pos, end - pos + 1);
2688 ret[end - pos + 1] = '\0';
2689
2690 return ret;
2691}
2692
2693
2694static int osu_cert_cb(void *_ctx, struct http_cert *cert)
2695{
2696 struct hs20_osu_client *ctx = _ctx;
2697 unsigned int i, j;
2698 int found;
2699 char *host = NULL;
2700
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2701 wpa_printf(MSG_INFO, "osu_cert_cb(osu_cert_validation=%d)",
2702 !ctx->no_osu_cert_validation);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2703
2704 host = get_hostname(ctx->server_url);
2705
2706 for (i = 0; i < ctx->server_dnsname_count; i++)
2707 os_free(ctx->server_dnsname[i]);
2708 os_free(ctx->server_dnsname);
2709 ctx->server_dnsname = os_calloc(cert->num_dnsname, sizeof(char *));
2710 ctx->server_dnsname_count = 0;
2711
2712 found = 0;
2713 for (i = 0; i < cert->num_dnsname; i++) {
2714 if (ctx->server_dnsname) {
2715 ctx->server_dnsname[ctx->server_dnsname_count] =
2716 os_strdup(cert->dnsname[i]);
2717 if (ctx->server_dnsname[ctx->server_dnsname_count])
2718 ctx->server_dnsname_count++;
2719 }
2720 if (host && os_strcasecmp(host, cert->dnsname[i]) == 0)
2721 found = 1;
2722 wpa_printf(MSG_INFO, "dNSName '%s'", cert->dnsname[i]);
2723 }
2724
2725 if (host && !found) {
2726 wpa_printf(MSG_INFO, "Server name from URL (%s) did not match any dNSName - abort connection",
2727 host);
2728 write_result(ctx, "Server name from URL (%s) did not match any dNSName - abort connection",
2729 host);
2730 os_free(host);
2731 return -1;
2732 }
2733
2734 os_free(host);
2735
2736 for (i = 0; i < cert->num_othername; i++) {
2737 if (os_strcmp(cert->othername[i].oid,
2738 "1.3.6.1.4.1.40808.1.1.1") == 0) {
2739 wpa_hexdump_ascii(MSG_INFO,
2740 "id-wfa-hotspot-friendlyName",
2741 cert->othername[i].data,
2742 cert->othername[i].len);
2743 }
2744 }
2745
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2746 for (j = 0; !ctx->no_osu_cert_validation &&
2747 j < ctx->friendly_name_count; j++) {
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2748 int found = 0;
2749 for (i = 0; i < cert->num_othername; i++) {
2750 if (os_strcmp(cert->othername[i].oid,
2751 "1.3.6.1.4.1.40808.1.1.1") != 0)
2752 continue;
2753 if (cert->othername[i].len < 3)
2754 continue;
2755 if (os_strncasecmp((char *) cert->othername[i].data,
2756 ctx->friendly_name[j].lang, 3) != 0)
2757 continue;
2758 if (os_strncmp((char *) cert->othername[i].data + 3,
2759 ctx->friendly_name[j].text,
2760 cert->othername[i].len - 3) == 0) {
2761 found = 1;
2762 break;
2763 }
2764 }
2765
2766 if (!found) {
2767 wpa_printf(MSG_INFO, "No friendly name match found for '[%s]%s'",
2768 ctx->friendly_name[j].lang,
2769 ctx->friendly_name[j].text);
2770 write_result(ctx, "No friendly name match found for '[%s]%s'",
2771 ctx->friendly_name[j].lang,
2772 ctx->friendly_name[j].text);
2773 return -1;
2774 }
2775 }
2776
2777 for (i = 0; i < cert->num_logo; i++) {
2778 struct http_logo *logo = &cert->logo[i];
2779
2780 wpa_printf(MSG_INFO, "logo hash alg %s uri '%s'",
2781 logo->alg_oid, logo->uri);
2782 wpa_hexdump_ascii(MSG_INFO, "hashValue",
2783 logo->hash, logo->hash_len);
2784 }
2785
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2786 for (j = 0; !ctx->no_osu_cert_validation && j < ctx->icon_count; j++) {
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2787 int found = 0;
2788 char *name = ctx->icon_filename[j];
2789 size_t name_len = os_strlen(name);
2790
2791 wpa_printf(MSG_INFO, "Looking for icon file name '%s' match",
2792 name);
2793 for (i = 0; i < cert->num_logo; i++) {
2794 struct http_logo *logo = &cert->logo[i];
2795 size_t uri_len = os_strlen(logo->uri);
2796 char *pos;
2797
2798 wpa_printf(MSG_INFO, "Comparing to '%s' uri_len=%d name_len=%d",
2799 logo->uri, (int) uri_len, (int) name_len);
2800 if (uri_len < 1 + name_len)
2801 continue;
2802 pos = &logo->uri[uri_len - name_len - 1];
2803 if (*pos != '/')
2804 continue;
2805 pos++;
2806 if (os_strcmp(pos, name) == 0) {
2807 found = 1;
2808 break;
2809 }
2810 }
2811
2812 if (!found) {
2813 wpa_printf(MSG_INFO, "No icon filename match found for '%s'",
2814 name);
2815 write_result(ctx,
2816 "No icon filename match found for '%s'",
2817 name);
2818 return -1;
2819 }
2820 }
2821
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2822 for (j = 0; !ctx->no_osu_cert_validation && j < ctx->icon_count; j++) {
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2823 int found = 0;
2824
2825 for (i = 0; i < cert->num_logo; i++) {
2826 struct http_logo *logo = &cert->logo[i];
2827
2828 if (logo->hash_len != 32)
2829 continue;
2830 if (os_memcmp(logo->hash, ctx->icon_hash[j], 32) == 0) {
2831 found = 1;
2832 break;
2833 }
2834 }
2835
2836 if (!found) {
2837 wpa_printf(MSG_INFO, "No icon hash match found");
2838 write_result(ctx, "No icon hash match found");
2839 return -1;
2840 }
2841 }
2842
2843 return 0;
2844}
2845
2846
2847static int init_ctx(struct hs20_osu_client *ctx)
2848{
2849 xml_node_t *devinfo, *devid;
2850
2851 os_memset(ctx, 0, sizeof(*ctx));
2852 ctx->ifname = "wlan0";
2853 ctx->xml = xml_node_init_ctx(ctx, NULL);
2854 if (ctx->xml == NULL)
2855 return -1;
2856
2857 devinfo = node_from_file(ctx->xml, "devinfo.xml");
2858 if (!devinfo) {
2859 wpa_printf(MSG_ERROR, "devinfo.xml not found");
2860 return -1;
2861 }
2862
2863 devid = get_node(ctx->xml, devinfo, "DevId");
2864 if (devid) {
2865 char *tmp = xml_node_get_text(ctx->xml, devid);
2866 if (tmp) {
2867 ctx->devid = os_strdup(tmp);
2868 xml_node_get_text_free(ctx->xml, tmp);
2869 }
2870 }
2871 xml_node_free(ctx->xml, devinfo);
2872
2873 if (ctx->devid == NULL) {
2874 wpa_printf(MSG_ERROR, "Could not fetch DevId from devinfo.xml");
2875 return -1;
2876 }
2877
2878 ctx->http = http_init_ctx(ctx, ctx->xml);
2879 if (ctx->http == NULL) {
2880 xml_node_deinit_ctx(ctx->xml);
2881 return -1;
2882 }
2883 http_ocsp_set(ctx->http, 2);
2884 http_set_cert_cb(ctx->http, osu_cert_cb, ctx);
2885
2886 return 0;
2887}
2888
2889
2890static void deinit_ctx(struct hs20_osu_client *ctx)
2891{
2892 size_t i;
2893
2894 http_deinit_ctx(ctx->http);
2895 xml_node_deinit_ctx(ctx->xml);
2896 os_free(ctx->fqdn);
2897 os_free(ctx->server_url);
2898 os_free(ctx->devid);
2899
2900 for (i = 0; i < ctx->server_dnsname_count; i++)
2901 os_free(ctx->server_dnsname[i]);
2902 os_free(ctx->server_dnsname);
2903}
2904
2905
2906static void check_workarounds(struct hs20_osu_client *ctx)
2907{
2908 FILE *f;
2909 char buf[100];
2910 unsigned long int val = 0;
2911
2912 f = fopen("hs20-osu-client.workarounds", "r");
2913 if (f == NULL)
2914 return;
2915
2916 if (fgets(buf, sizeof(buf), f))
2917 val = strtoul(buf, NULL, 16);
2918
2919 fclose(f);
2920
2921 if (val) {
2922 wpa_printf(MSG_INFO, "Workarounds enabled: 0x%lx", val);
2923 ctx->workarounds = val;
2924 if (ctx->workarounds & WORKAROUND_OCSP_OPTIONAL)
2925 http_ocsp_set(ctx->http, 1);
2926 }
2927}
2928
2929
2930static void usage(void)
2931{
2932 printf("usage: hs20-osu-client [-dddqqKt] [-S<station ifname>] \\\n"
2933 " [-w<wpa_supplicant ctrl_iface dir>] "
2934 "[-r<result file>] [-f<debug file>] \\\n"
2935 " [-s<summary file>] \\\n"
2936 " <command> [arguments..]\n"
2937 "commands:\n"
2938 "- to_tnds <XML MO> <XML MO in TNDS format> [URN]\n"
2939 "- to_tnds2 <XML MO> <XML MO in TNDS format (Path) "
2940 "[URN]>\n"
2941 "- from_tnds <XML MO in TNDS format> <XML MO>\n"
2942 "- set_pps <PerProviderSubscription XML file name>\n"
2943 "- get_fqdn <PerProviderSubscription XML file name>\n"
2944 "- pol_upd [Server URL] [PPS] [CA cert]\n"
2945 "- sub_rem <Server URL> [PPS] [CA cert]\n"
2946 "- prov <Server URL> [CA cert]\n"
2947 "- oma_dm_prov <Server URL> [CA cert]\n"
2948 "- sim_prov <Server URL> [CA cert]\n"
2949 "- oma_dm_sim_prov <Server URL> [CA cert]\n"
2950 "- signup [CA cert]\n"
2951 "- dl_osu_ca <PPS> <CA file>\n"
2952 "- dl_polupd_ca <PPS> <CA file>\n"
2953 "- dl_aaa_ca <PPS> <CA file>\n"
2954 "- browser <URL>\n"
2955 "- parse_cert <X.509 certificate (DER)>\n"
2956 "- osu_select <OSU info directory> [CA cert]\n");
2957}
2958
2959
2960int main(int argc, char *argv[])
2961{
2962 struct hs20_osu_client ctx;
2963 int c;
2964 int ret = 0;
2965 int no_prod_assoc = 0;
2966 const char *friendly_name = NULL;
2967 const char *wpa_debug_file_path = NULL;
2968 extern char *wpas_ctrl_path;
2969 extern int wpa_debug_level;
2970 extern int wpa_debug_show_keys;
2971 extern int wpa_debug_timestamp;
2972
2973 if (init_ctx(&ctx) < 0)
2974 return -1;
2975
2976 for (;;) {
2977 c = getopt(argc, argv, "df:hi:KNO:qr:s:S:tw:");
2978 if (c < 0)
2979 break;
2980 switch (c) {
2981 case 'd':
2982 if (wpa_debug_level > 0)
2983 wpa_debug_level--;
2984 break;
2985 case 'f':
2986 wpa_debug_file_path = optarg;
2987 break;
2988 case 'K':
2989 wpa_debug_show_keys++;
2990 break;
2991 case 'N':
2992 no_prod_assoc = 1;
2993 break;
2994 case 'O':
2995 friendly_name = optarg;
2996 break;
2997 case 'q':
2998 wpa_debug_level++;
2999 break;
3000 case 'r':
3001 ctx.result_file = optarg;
3002 break;
3003 case 's':
3004 ctx.summary_file = optarg;
3005 break;
3006 case 'S':
3007 ctx.ifname = optarg;
3008 break;
3009 case 't':
3010 wpa_debug_timestamp++;
3011 break;
3012 case 'w':
3013 wpas_ctrl_path = optarg;
3014 break;
3015 case 'h':
3016 default:
3017 usage();
3018 exit(0);
3019 break;
3020 }
3021 }
3022
3023 if (argc - optind < 1) {
3024 usage();
3025 exit(0);
3026 }
3027
3028 wpa_debug_open_file(wpa_debug_file_path);
3029
3030#ifdef __linux__
3031 setlinebuf(stdout);
3032#endif /* __linux__ */
3033
3034 if (ctx.result_file)
3035 unlink(ctx.result_file);
3036 wpa_printf(MSG_DEBUG, "===[hs20-osu-client START - command: %s ]======"
3037 "================", argv[optind]);
3038 check_workarounds(&ctx);
3039
3040 if (strcmp(argv[optind], "to_tnds") == 0) {
3041 if (argc - optind < 2) {
3042 usage();
3043 exit(0);
3044 }
3045 cmd_to_tnds(&ctx, argv[optind + 1], argv[optind + 2],
3046 argc > optind + 3 ? argv[optind + 3] : NULL,
3047 0);
3048 } else if (strcmp(argv[optind], "to_tnds2") == 0) {
3049 if (argc - optind < 2) {
3050 usage();
3051 exit(0);
3052 }
3053 cmd_to_tnds(&ctx, argv[optind + 1], argv[optind + 2],
3054 argc > optind + 3 ? argv[optind + 3] : NULL,
3055 1);
3056 } else if (strcmp(argv[optind], "from_tnds") == 0) {
3057 if (argc - optind < 2) {
3058 usage();
3059 exit(0);
3060 }
3061 cmd_from_tnds(&ctx, argv[optind + 1], argv[optind + 2]);
3062 } else if (strcmp(argv[optind], "sub_rem") == 0) {
3063 if (argc - optind < 2) {
3064 usage();
3065 exit(0);
3066 }
3067 if (argc - optind < 2)
3068 wpa_printf(MSG_ERROR, "Server URL missing from command line");
3069 else
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame^]3070 ret = cmd_sub_rem(&ctx, argv[optind + 1],
3071 argc > optind + 2 ?
3072 argv[optind + 2] : NULL,
3073 argc > optind + 3 ?
3074 argv[optind + 3] : NULL);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3075 } else if (strcmp(argv[optind], "pol_upd") == 0) {
3076 if (argc - optind < 2) {
3077 usage();
3078 exit(0);
3079 }
3080 ret = cmd_pol_upd(&ctx, argc > 2 ? argv[optind + 1] : NULL,
3081 argc > optind + 2 ? argv[optind + 2] : NULL,
3082 argc > optind + 3 ? argv[optind + 3] : NULL);
3083 } else if (strcmp(argv[optind], "prov") == 0) {
3084 if (argc - optind < 2) {
3085 usage();
3086 exit(0);
3087 }
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3088 ctx.ca_fname = argv[optind + 2];
3089 cmd_prov(&ctx, argv[optind + 1]);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3090 } else if (strcmp(argv[optind], "sim_prov") == 0) {
3091 if (argc - optind < 2) {
3092 usage();
3093 exit(0);
3094 }
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3095 ctx.ca_fname = argv[optind + 2];
3096 cmd_sim_prov(&ctx, argv[optind + 1]);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3097 } else if (strcmp(argv[optind], "dl_osu_ca") == 0) {
3098 if (argc - optind < 2) {
3099 usage();
3100 exit(0);
3101 }
3102 cmd_dl_osu_ca(&ctx, argv[optind + 1], argv[optind + 2]);
3103 } else if (strcmp(argv[optind], "dl_polupd_ca") == 0) {
3104 if (argc - optind < 2) {
3105 usage();
3106 exit(0);
3107 }
3108 cmd_dl_polupd_ca(&ctx, argv[optind + 1], argv[optind + 2]);
3109 } else if (strcmp(argv[optind], "dl_aaa_ca") == 0) {
3110 if (argc - optind < 2) {
3111 usage();
3112 exit(0);
3113 }
3114 cmd_dl_aaa_ca(&ctx, argv[optind + 1], argv[optind + 2]);
3115 } else if (strcmp(argv[optind], "osu_select") == 0) {
3116 if (argc - optind < 2) {
3117 usage();
3118 exit(0);
3119 }
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3120 ctx.ca_fname = argc > optind + 2 ? argv[optind + 2] : NULL;
3121 cmd_osu_select(&ctx, argv[optind + 1], 2, 1, NULL);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3122 } else if (strcmp(argv[optind], "signup") == 0) {
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3123 ctx.ca_fname = argc > optind + 1 ? argv[optind + 1] : NULL;
3124 ret = cmd_signup(&ctx, no_prod_assoc, friendly_name);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3125 } else if (strcmp(argv[optind], "set_pps") == 0) {
3126 if (argc - optind < 2) {
3127 usage();
3128 exit(0);
3129 }
3130 cmd_set_pps(&ctx, argv[optind + 1]);
3131 } else if (strcmp(argv[optind], "get_fqdn") == 0) {
3132 if (argc - optind < 1) {
3133 usage();
3134 exit(0);
3135 }
3136 ret = cmd_get_fqdn(&ctx, argv[optind + 1]);
3137 } else if (strcmp(argv[optind], "oma_dm_prov") == 0) {
3138 if (argc - optind < 2) {
3139 usage();
3140 exit(0);
3141 }
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3142 ctx.ca_fname = argv[optind + 2];
3143 cmd_oma_dm_prov(&ctx, argv[optind + 1]);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3144 } else if (strcmp(argv[optind], "oma_dm_sim_prov") == 0) {
3145 if (argc - optind < 2) {
3146 usage();
3147 exit(0);
3148 }
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3149 ctx.ca_fname = argv[optind + 2];
3150 if (cmd_oma_dm_sim_prov(&ctx, argv[optind + 1]) < 0) {
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3151 write_summary(&ctx, "Failed to complete OMA DM SIM provisioning");
3152 return -1;
3153 }
3154 } else if (strcmp(argv[optind], "oma_dm_add") == 0) {
3155 if (argc - optind < 2) {
3156 usage();
3157 exit(0);
3158 }
3159 cmd_oma_dm_add(&ctx, argv[optind + 1], argv[optind + 2]);
3160 } else if (strcmp(argv[optind], "oma_dm_replace") == 0) {
3161 if (argc - optind < 2) {
3162 usage();
3163 exit(0);
3164 }
3165 cmd_oma_dm_replace(&ctx, argv[optind + 1], argv[optind + 2]);
3166 } else if (strcmp(argv[optind], "est_csr") == 0) {
3167 if (argc - optind < 2) {
3168 usage();
3169 exit(0);
3170 }
3171 mkdir("Cert", S_IRWXU);
3172 est_build_csr(&ctx, argv[optind + 1]);
3173 } else if (strcmp(argv[optind], "browser") == 0) {
3174 int ret;
3175
3176 if (argc - optind < 2) {
3177 usage();
3178 exit(0);
3179 }
3180
3181 wpa_printf(MSG_INFO, "Launch web browser to URL %s",
3182 argv[optind + 1]);
3183 ret = hs20_web_browser(argv[optind + 1]);
3184 wpa_printf(MSG_INFO, "Web browser result: %d", ret);
3185 } else if (strcmp(argv[optind], "parse_cert") == 0) {
3186 if (argc - optind < 2) {
3187 usage();
3188 exit(0);
3189 }
3190
3191 wpa_debug_level = MSG_MSGDUMP;
3192 http_parse_x509_certificate(ctx.http, argv[optind + 1]);
3193 wpa_debug_level = MSG_INFO;
3194 } else {
3195 wpa_printf(MSG_INFO, "Unknown command '%s'", argv[optind]);
3196 }
3197
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3198 deinit_ctx(&ctx);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3199 wpa_printf(MSG_DEBUG,
3200 "===[hs20-osu-client END ]======================");
3201
3202 wpa_debug_close_file();
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3203
3204 return ret;
3205}