Gitiles
Code Review Sign In
gerrit.omnirom.org / android_external_wpa_supplicant_8 / 7f65602d49069f96a7bb44da8bd79ffe8d4c6a98 / . / hs20 / client / osu_client.c
blob: de7f351da244528b3bff647b14c889cc6aadc3c6 [file] [log] [blame]
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]1/*
2 * Hotspot 2.0 OSU client
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3 * Copyright (c) 2012-2014, Qualcomm Atheros, Inc.
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9#include "includes.h"
10#include <time.h>
11#include <sys/stat.h>
Dmitry Shmidt7f656022015-02-25 14:36:37 -0800[diff] [blame^]12#ifdef ANDROID
13#include "private/android_filesystem_config.h"
14#endif /* ANDROID */
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]15
16#include "common.h"
17#include "utils/browser.h"
18#include "utils/base64.h"
19#include "utils/xml-utils.h"
20#include "utils/http-utils.h"
21#include "common/wpa_ctrl.h"
22#include "common/wpa_helpers.h"
23#include "eap_common/eap_defs.h"
24#include "crypto/crypto.h"
25#include "crypto/sha256.h"
26#include "osu_client.h"
27
28
29void write_result(struct hs20_osu_client *ctx, const char *fmt, ...)
30{
31 va_list ap;
32 FILE *f;
33 char buf[500];
34
35 va_start(ap, fmt);
36 vsnprintf(buf, sizeof(buf), fmt, ap);
37 va_end(ap);
38 write_summary(ctx, "%s", buf);
39
40 if (!ctx->result_file)
41 return;
42
43 f = fopen(ctx->result_file, "w");
44 if (f == NULL)
45 return;
46
47 va_start(ap, fmt);
48 vfprintf(f, fmt, ap);
49 va_end(ap);
50 fprintf(f, "\n");
51 fclose(f);
52}
53
54
55void write_summary(struct hs20_osu_client *ctx, const char *fmt, ...)
56{
57 va_list ap;
58 FILE *f;
59
60 if (!ctx->summary_file)
61 return;
62
63 f = fopen(ctx->summary_file, "a");
64 if (f == NULL)
65 return;
66
67 va_start(ap, fmt);
68 vfprintf(f, fmt, ap);
69 va_end(ap);
70 fprintf(f, "\n");
71 fclose(f);
72}
73
74
75void debug_dump_node(struct hs20_osu_client *ctx, const char *title,
76 xml_node_t *node)
77{
78 char *str = xml_node_to_str(ctx->xml, node);
79 wpa_printf(MSG_DEBUG, "[hs20] %s: '%s'", title, str);
80 free(str);
81}
82
83
84static int valid_fqdn(const char *fqdn)
85{
86 const char *pos;
87
88 /* TODO: could make this more complete.. */
89 if (strchr(fqdn, '.') == 0 || strlen(fqdn) > 255)
90 return 0;
91 for (pos = fqdn; *pos; pos++) {
92 if (*pos >= 'a' && *pos <= 'z')
93 continue;
94 if (*pos >= 'A' && *pos <= 'Z')
95 continue;
96 if (*pos >= '0' && *pos <= '9')
97 continue;
98 if (*pos == '-' || *pos == '.' || *pos == '_')
99 continue;
100 return 0;
101 }
102 return 1;
103}
104
105
106int osu_get_certificate(struct hs20_osu_client *ctx, xml_node_t *getcert)
107{
108 xml_node_t *node;
109 char *url, *user = NULL, *pw = NULL;
110 char *proto;
111 int ret = -1;
112
113 proto = xml_node_get_attr_value(ctx->xml, getcert,
114 "enrollmentProtocol");
115 if (!proto)
116 return -1;
117 wpa_printf(MSG_INFO, "getCertificate - enrollmentProtocol=%s", proto);
118 write_summary(ctx, "getCertificate - enrollmentProtocol=%s", proto);
119 if (os_strcasecmp(proto, "EST") != 0) {
120 wpa_printf(MSG_INFO, "Unsupported enrollmentProtocol");
121 xml_node_get_attr_value_free(ctx->xml, proto);
122 return -1;
123 }
124 xml_node_get_attr_value_free(ctx->xml, proto);
125
126 node = get_node(ctx->xml, getcert, "enrollmentServerURI");
127 if (node == NULL) {
128 wpa_printf(MSG_INFO, "Could not find enrollmentServerURI node");
129 xml_node_get_attr_value_free(ctx->xml, proto);
130 return -1;
131 }
132 url = xml_node_get_text(ctx->xml, node);
133 if (url == NULL) {
134 wpa_printf(MSG_INFO, "Could not get URL text");
135 return -1;
136 }
137 wpa_printf(MSG_INFO, "enrollmentServerURI: %s", url);
138 write_summary(ctx, "enrollmentServerURI: %s", url);
139
140 node = get_node(ctx->xml, getcert, "estUserID");
141 if (node == NULL && !ctx->client_cert_present) {
142 wpa_printf(MSG_INFO, "Could not find estUserID node");
143 goto fail;
144 }
145 if (node) {
146 user = xml_node_get_text(ctx->xml, node);
147 if (user == NULL) {
148 wpa_printf(MSG_INFO, "Could not get estUserID text");
149 goto fail;
150 }
151 wpa_printf(MSG_INFO, "estUserID: %s", user);
152 write_summary(ctx, "estUserID: %s", user);
153 }
154
155 node = get_node(ctx->xml, getcert, "estPassword");
156 if (node == NULL && !ctx->client_cert_present) {
157 wpa_printf(MSG_INFO, "Could not find estPassword node");
158 goto fail;
159 }
160 if (node) {
161 pw = xml_node_get_base64_text(ctx->xml, node, NULL);
162 if (pw == NULL) {
163 wpa_printf(MSG_INFO, "Could not get estPassword text");
164 goto fail;
165 }
166 wpa_printf(MSG_INFO, "estPassword: %s", pw);
167 }
168
169 mkdir("Cert", S_IRWXU);
170 if (est_load_cacerts(ctx, url) < 0 ||
171 est_build_csr(ctx, url) < 0 ||
172 est_simple_enroll(ctx, url, user, pw) < 0)
173 goto fail;
174
175 ret = 0;
176fail:
177 xml_node_get_text_free(ctx->xml, url);
178 xml_node_get_text_free(ctx->xml, user);
179 xml_node_get_text_free(ctx->xml, pw);
180
181 return ret;
182}
183
184
185static int process_est_cert(struct hs20_osu_client *ctx, xml_node_t *cert,
186 const char *fqdn)
187{
188 u8 digest1[SHA256_MAC_LEN], digest2[SHA256_MAC_LEN];
189 char *der, *pem;
190 size_t der_len, pem_len;
191 char *fingerprint;
192 char buf[200];
193
194 wpa_printf(MSG_INFO, "PPS for certificate credential - fqdn=%s", fqdn);
195
196 fingerprint = xml_node_get_text(ctx->xml, cert);
197 if (fingerprint == NULL)
198 return -1;
199 if (hexstr2bin(fingerprint, digest1, SHA256_MAC_LEN) < 0) {
200 wpa_printf(MSG_INFO, "Invalid SHA256 hash value");
201 write_result(ctx, "Invalid client certificate SHA256 hash value in PPS");
202 xml_node_get_text_free(ctx->xml, fingerprint);
203 return -1;
204 }
205 xml_node_get_text_free(ctx->xml, fingerprint);
206
207 der = os_readfile("Cert/est_cert.der", &der_len);
208 if (der == NULL) {
209 wpa_printf(MSG_INFO, "Could not find client certificate from EST");
210 write_result(ctx, "Could not find client certificate from EST");
211 return -1;
212 }
213
214 if (sha256_vector(1, (const u8 **) &der, &der_len, digest2) < 0) {
215 os_free(der);
216 return -1;
217 }
218 os_free(der);
219
220 if (os_memcmp(digest1, digest2, sizeof(digest1)) != 0) {
221 wpa_printf(MSG_INFO, "Client certificate from EST does not match fingerprint from PPS MO");
222 write_result(ctx, "Client certificate from EST does not match fingerprint from PPS MO");
223 return -1;
224 }
225
226 wpa_printf(MSG_INFO, "Client certificate from EST matches PPS MO");
227 unlink("Cert/est_cert.der");
228
229 os_snprintf(buf, sizeof(buf), "SP/%s/client-ca.pem", fqdn);
230 if (rename("Cert/est-cacerts.pem", buf) < 0) {
231 wpa_printf(MSG_INFO, "Could not move est-cacerts.pem to client-ca.pem: %s",
232 strerror(errno));
233 return -1;
234 }
235 pem = os_readfile(buf, &pem_len);
236
237 os_snprintf(buf, sizeof(buf), "SP/%s/client-cert.pem", fqdn);
238 if (rename("Cert/est_cert.pem", buf) < 0) {
239 wpa_printf(MSG_INFO, "Could not move est_cert.pem to client-cert.pem: %s",
240 strerror(errno));
241 os_free(pem);
242 return -1;
243 }
244
245 if (pem) {
246 FILE *f = fopen(buf, "a");
247 if (f) {
248 fwrite(pem, pem_len, 1, f);
249 fclose(f);
250 }
251 os_free(pem);
252 }
253
254 os_snprintf(buf, sizeof(buf), "SP/%s/client-key.pem", fqdn);
255 if (rename("Cert/privkey-plain.pem", buf) < 0) {
256 wpa_printf(MSG_INFO, "Could not move privkey-plain.pem to client-key.pem: %s",
257 strerror(errno));
258 return -1;
259 }
260
261 unlink("Cert/est-req.b64");
262 unlink("Cert/est-req.pem");
263 unlink("Cert/est-resp.raw");
264 rmdir("Cert");
265
266 return 0;
267}
268
269
270#define TMP_CERT_DL_FILE "tmp-cert-download"
271
272static int download_cert(struct hs20_osu_client *ctx, xml_node_t *params,
273 const char *fname)
274{
275 xml_node_t *url_node, *hash_node;
276 char *url, *hash;
277 char *cert;
278 size_t len;
279 u8 digest1[SHA256_MAC_LEN], digest2[SHA256_MAC_LEN];
280 int res;
281 unsigned char *b64;
282 FILE *f;
283
284 url_node = get_node(ctx->xml, params, "CertURL");
285 hash_node = get_node(ctx->xml, params, "CertSHA256Fingerprint");
286 if (url_node == NULL || hash_node == NULL)
287 return -1;
288 url = xml_node_get_text(ctx->xml, url_node);
289 hash = xml_node_get_text(ctx->xml, hash_node);
290 if (url == NULL || hash == NULL) {
291 xml_node_get_text_free(ctx->xml, url);
292 xml_node_get_text_free(ctx->xml, hash);
293 return -1;
294 }
295
296 wpa_printf(MSG_INFO, "CertURL: %s", url);
297 wpa_printf(MSG_INFO, "SHA256 hash: %s", hash);
298
299 if (hexstr2bin(hash, digest1, SHA256_MAC_LEN) < 0) {
300 wpa_printf(MSG_INFO, "Invalid SHA256 hash value");
301 write_result(ctx, "Invalid SHA256 hash value for downloaded certificate");
302 xml_node_get_text_free(ctx->xml, hash);
303 return -1;
304 }
305 xml_node_get_text_free(ctx->xml, hash);
306
307 write_summary(ctx, "Download certificate from %s", url);
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]308 ctx->no_osu_cert_validation = 1;
309 http_ocsp_set(ctx->http, 1);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]310 res = http_download_file(ctx->http, url, TMP_CERT_DL_FILE, NULL);
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]311 http_ocsp_set(ctx->http,
312 (ctx->workarounds & WORKAROUND_OCSP_OPTIONAL) ? 1 : 2);
313 ctx->no_osu_cert_validation = 0;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]314 xml_node_get_text_free(ctx->xml, url);
315 if (res < 0)
316 return -1;
317
318 cert = os_readfile(TMP_CERT_DL_FILE, &len);
319 remove(TMP_CERT_DL_FILE);
320 if (cert == NULL)
321 return -1;
322
323 if (sha256_vector(1, (const u8 **) &cert, &len, digest2) < 0) {
324 os_free(cert);
325 return -1;
326 }
327
328 if (os_memcmp(digest1, digest2, sizeof(digest1)) != 0) {
329 wpa_printf(MSG_INFO, "Downloaded certificate fingerprint did not match");
330 write_result(ctx, "Downloaded certificate fingerprint did not match");
331 os_free(cert);
332 return -1;
333 }
334
335 b64 = base64_encode((unsigned char *) cert, len, NULL);
336 os_free(cert);
337 if (b64 == NULL)
338 return -1;
339
340 f = fopen(fname, "wb");
341 if (f == NULL) {
342 os_free(b64);
343 return -1;
344 }
345
346 fprintf(f, "-----BEGIN CERTIFICATE-----\n"
347 "%s"
348 "-----END CERTIFICATE-----\n",
349 b64);
350
351 os_free(b64);
352 fclose(f);
353
354 wpa_printf(MSG_INFO, "Downloaded certificate into %s and validated fingerprint",
355 fname);
356 write_summary(ctx, "Downloaded certificate into %s and validated fingerprint",
357 fname);
358
359 return 0;
360}
361
362
363static int cmd_dl_osu_ca(struct hs20_osu_client *ctx, const char *pps_fname,
364 const char *ca_fname)
365{
366 xml_node_t *pps, *node;
367 int ret;
368
369 pps = node_from_file(ctx->xml, pps_fname);
370 if (pps == NULL) {
371 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
372 return -1;
373 }
374
375 node = get_child_node(ctx->xml, pps,
376 "SubscriptionUpdate/TrustRoot");
377 if (node == NULL) {
378 wpa_printf(MSG_INFO, "No SubscriptionUpdate/TrustRoot/CertURL found from PPS");
379 xml_node_free(ctx->xml, pps);
380 return -1;
381 }
382
383 ret = download_cert(ctx, node, ca_fname);
384 xml_node_free(ctx->xml, pps);
385
386 return ret;
387}
388
389
390static int cmd_dl_polupd_ca(struct hs20_osu_client *ctx, const char *pps_fname,
391 const char *ca_fname)
392{
393 xml_node_t *pps, *node;
394 int ret;
395
396 pps = node_from_file(ctx->xml, pps_fname);
397 if (pps == NULL) {
398 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
399 return -1;
400 }
401
402 node = get_child_node(ctx->xml, pps,
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]403 "Policy/PolicyUpdate/TrustRoot");
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]404 if (node == NULL) {
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]405 wpa_printf(MSG_INFO, "No Policy/PolicyUpdate/TrustRoot/CertURL found from PPS");
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]406 xml_node_free(ctx->xml, pps);
407 return -1;
408 }
409
410 ret = download_cert(ctx, node, ca_fname);
411 xml_node_free(ctx->xml, pps);
412
413 return ret;
414}
415
416
417static int cmd_dl_aaa_ca(struct hs20_osu_client *ctx, const char *pps_fname,
418 const char *ca_fname)
419{
420 xml_node_t *pps, *node, *aaa;
421 int ret;
422
423 pps = node_from_file(ctx->xml, pps_fname);
424 if (pps == NULL) {
425 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
426 return -1;
427 }
428
429 node = get_child_node(ctx->xml, pps,
430 "AAAServerTrustRoot");
431 if (node == NULL) {
432 wpa_printf(MSG_INFO, "No AAAServerTrustRoot/CertURL found from PPS");
433 xml_node_free(ctx->xml, pps);
434 return -1;
435 }
436
437 aaa = xml_node_first_child(ctx->xml, node);
438 if (aaa == NULL) {
439 wpa_printf(MSG_INFO, "No AAAServerTrustRoot/CertURL found from PPS");
440 xml_node_free(ctx->xml, pps);
441 return -1;
442 }
443
444 ret = download_cert(ctx, aaa, ca_fname);
445 xml_node_free(ctx->xml, pps);
446
447 return ret;
448}
449
450
451static int download_trust_roots(struct hs20_osu_client *ctx,
452 const char *pps_fname)
453{
454 char *dir, *pos;
455 char fname[300];
456 int ret;
457
458 dir = os_strdup(pps_fname);
459 if (dir == NULL)
460 return -1;
461 pos = os_strrchr(dir, '/');
462 if (pos == NULL) {
463 os_free(dir);
464 return -1;
465 }
466 *pos = '\0';
467
468 snprintf(fname, sizeof(fname), "%s/ca.pem", dir);
469 ret = cmd_dl_osu_ca(ctx, pps_fname, fname);
470 snprintf(fname, sizeof(fname), "%s/polupd-ca.pem", dir);
471 cmd_dl_polupd_ca(ctx, pps_fname, fname);
472 snprintf(fname, sizeof(fname), "%s/aaa-ca.pem", dir);
473 cmd_dl_aaa_ca(ctx, pps_fname, fname);
474
475 os_free(dir);
476
477 return ret;
478}
479
480
481static int server_dnsname_suffix_match(struct hs20_osu_client *ctx,
482 const char *fqdn)
483{
484 size_t match_len, len, i;
485 const char *val;
486
487 match_len = os_strlen(fqdn);
488
489 for (i = 0; i < ctx->server_dnsname_count; i++) {
490 wpa_printf(MSG_INFO,
491 "Checking suffix match against server dNSName %s",
492 ctx->server_dnsname[i]);
493 val = ctx->server_dnsname[i];
494 len = os_strlen(val);
495
496 if (match_len > len)
497 continue;
498
499 if (os_strncasecmp(val + len - match_len, fqdn, match_len) != 0)
500 continue; /* no match */
501
502 if (match_len == len)
503 return 1; /* exact match */
504
505 if (val[len - match_len - 1] == '.')
506 return 1; /* full label match completes suffix match */
507
508 /* Reject due to incomplete label match */
509 }
510
511 /* None of the dNSName(s) matched */
512 return 0;
513}
514
515
516int hs20_add_pps_mo(struct hs20_osu_client *ctx, const char *uri,
517 xml_node_t *add_mo, char *fname, size_t fname_len)
518{
519 char *str;
520 char *fqdn, *pos;
521 xml_node_t *tnds, *mo, *cert;
522 const char *name;
523 int ret;
524
525 if (strncmp(uri, "./Wi-Fi/", 8) != 0) {
526 wpa_printf(MSG_INFO, "Unsupported location for addMO to add PPS MO: '%s'",
527 uri);
528 write_result(ctx, "Unsupported location for addMO to add PPS MO: '%s'",
529 uri);
530 return -1;
531 }
532
533 fqdn = strdup(uri + 8);
534 if (fqdn == NULL)
535 return -1;
536 pos = strchr(fqdn, '/');
537 if (pos) {
538 if (os_strcasecmp(pos, "/PerProviderSubscription") != 0) {
539 wpa_printf(MSG_INFO, "Unsupported location for addMO to add PPS MO (extra directory): '%s'",
540 uri);
541 write_result(ctx, "Unsupported location for addMO to "
542 "add PPS MO (extra directory): '%s'", uri);
543 return -1;
544 }
545 *pos = '\0'; /* remove trailing slash and PPS node name */
546 }
547 wpa_printf(MSG_INFO, "SP FQDN: %s", fqdn);
548
549 if (!server_dnsname_suffix_match(ctx, fqdn)) {
550 wpa_printf(MSG_INFO, "FQDN '%s' for new PPS MO did not have suffix match with server's dNSName values",
551 fqdn);
552 write_result(ctx, "FQDN '%s' for new PPS MO did not have suffix match with server's dNSName values",
553 fqdn);
554 free(fqdn);
555 return -1;
556 }
557
558 if (!valid_fqdn(fqdn)) {
559 wpa_printf(MSG_INFO, "Invalid FQDN '%s'", fqdn);
560 write_result(ctx, "Invalid FQDN '%s'", fqdn);
561 free(fqdn);
562 return -1;
563 }
564
565 mkdir("SP", S_IRWXU);
566 snprintf(fname, fname_len, "SP/%s", fqdn);
567 if (mkdir(fname, S_IRWXU) < 0) {
568 if (errno != EEXIST) {
569 int err = errno;
570 wpa_printf(MSG_INFO, "mkdir(%s) failed: %s",
571 fname, strerror(err));
572 free(fqdn);
573 return -1;
574 }
575 }
576
Dmitry Shmidt7f656022015-02-25 14:36:37 -0800[diff] [blame^]577#ifdef ANDROID
578 /* Allow processes running with Group ID as AID_WIFI,
579 * to read files from SP/<fqdn> directory */
580 if (chown(fname, -1, AID_WIFI)) {
581 wpa_printf(MSG_INFO, "CTRL: Could not chown directory: %s",
582 strerror(errno));
583 /* Try to continue anyway */
584 }
585 if (chmod(fname, S_IRWXU | S_IRGRP | S_IXGRP) < 0) {
586 wpa_printf(MSG_INFO, "CTRL: Could not chmod directory: %s",
587 strerror(errno));
588 /* Try to continue anyway */
589 }
590#endif /* ANDROID */
591
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]592 snprintf(fname, fname_len, "SP/%s/pps.xml", fqdn);
593
594 if (os_file_exists(fname)) {
595 wpa_printf(MSG_INFO, "PPS file '%s' exists - reject addMO",
596 fname);
597 write_result(ctx, "PPS file '%s' exists - reject addMO",
598 fname);
599 free(fqdn);
600 return -2;
601 }
602 wpa_printf(MSG_INFO, "Using PPS file: %s", fname);
603
604 str = xml_node_get_text(ctx->xml, add_mo);
605 if (str == NULL) {
606 wpa_printf(MSG_INFO, "Could not extract MO text");
607 free(fqdn);
608 return -1;
609 }
610 wpa_printf(MSG_DEBUG, "[hs20] addMO text: '%s'", str);
611
612 tnds = xml_node_from_buf(ctx->xml, str);
613 xml_node_get_text_free(ctx->xml, str);
614 if (tnds == NULL) {
615 wpa_printf(MSG_INFO, "[hs20] Could not parse addMO text");
616 free(fqdn);
617 return -1;
618 }
619
620 mo = tnds_to_mo(ctx->xml, tnds);
621 if (mo == NULL) {
622 wpa_printf(MSG_INFO, "[hs20] Could not parse addMO TNDS text");
623 free(fqdn);
624 return -1;
625 }
626
627 debug_dump_node(ctx, "Parsed TNDS", mo);
628
629 name = xml_node_get_localname(ctx->xml, mo);
630 if (os_strcasecmp(name, "PerProviderSubscription") != 0) {
631 wpa_printf(MSG_INFO, "[hs20] Unexpected PPS MO root node name '%s'",
632 name);
633 free(fqdn);
634 return -1;
635 }
636
637 cert = get_child_node(ctx->xml, mo,
638 "Credential/DigitalCertificate/"
639 "CertSHA256Fingerprint");
640 if (cert && process_est_cert(ctx, cert, fqdn) < 0) {
641 xml_node_free(ctx->xml, mo);
642 free(fqdn);
643 return -1;
644 }
645 free(fqdn);
646
647 if (node_to_file(ctx->xml, fname, mo) < 0) {
648 wpa_printf(MSG_INFO, "Could not write MO to file");
649 xml_node_free(ctx->xml, mo);
650 return -1;
651 }
652 xml_node_free(ctx->xml, mo);
653
654 wpa_printf(MSG_INFO, "A new PPS MO added as '%s'", fname);
655 write_summary(ctx, "A new PPS MO added as '%s'", fname);
656
657 ret = download_trust_roots(ctx, fname);
658 if (ret < 0) {
659 wpa_printf(MSG_INFO, "Remove invalid PPS MO file");
660 write_summary(ctx, "Remove invalid PPS MO file");
661 unlink(fname);
662 }
663
664 return ret;
665}
666
667
668int update_pps_file(struct hs20_osu_client *ctx, const char *pps_fname,
669 xml_node_t *pps)
670{
671 char *str;
672 FILE *f;
673 char backup[300];
674
675 if (ctx->client_cert_present) {
676 xml_node_t *cert;
677 cert = get_child_node(ctx->xml, pps,
678 "Credential/DigitalCertificate/"
679 "CertSHA256Fingerprint");
680 if (cert && os_file_exists("Cert/est_cert.der") &&
681 process_est_cert(ctx, cert, ctx->fqdn) < 0) {
682 wpa_printf(MSG_INFO, "EST certificate update processing failed on PPS MO update");
683 return -1;
684 }
685 }
686
687 wpa_printf(MSG_INFO, "Updating PPS MO %s", pps_fname);
688
689 str = xml_node_to_str(ctx->xml, pps);
Dmitry Shmidt7f656022015-02-25 14:36:37 -0800[diff] [blame^]690 if (str == NULL) {
691 wpa_printf(MSG_ERROR, "No node found");
692 return -1;
693 }
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]694 wpa_printf(MSG_MSGDUMP, "[hs20] Updated PPS: '%s'", str);
695
696 snprintf(backup, sizeof(backup), "%s.bak", pps_fname);
697 rename(pps_fname, backup);
698 f = fopen(pps_fname, "w");
699 if (f == NULL) {
700 wpa_printf(MSG_INFO, "Could not write PPS");
701 rename(backup, pps_fname);
702 free(str);
703 return -1;
704 }
705 fprintf(f, "%s\n", str);
706 fclose(f);
707
708 free(str);
709
710 return 0;
711}
712
713
714void get_user_pw(struct hs20_osu_client *ctx, xml_node_t *pps,
715 const char *alt_loc, char **user, char **pw)
716{
717 xml_node_t *node;
718
719 node = get_child_node(ctx->xml, pps,
720 "Credential/UsernamePassword/Username");
721 if (node)
722 *user = xml_node_get_text(ctx->xml, node);
723
724 node = get_child_node(ctx->xml, pps,
725 "Credential/UsernamePassword/Password");
726 if (node)
727 *pw = xml_node_get_base64_text(ctx->xml, node, NULL);
728
729 node = get_child_node(ctx->xml, pps, alt_loc);
730 if (node) {
731 xml_node_t *a;
732 a = get_node(ctx->xml, node, "Username");
733 if (a) {
734 xml_node_get_text_free(ctx->xml, *user);
735 *user = xml_node_get_text(ctx->xml, a);
736 wpa_printf(MSG_INFO, "Use OSU username '%s'", *user);
737 }
738
739 a = get_node(ctx->xml, node, "Password");
740 if (a) {
741 free(*pw);
742 *pw = xml_node_get_base64_text(ctx->xml, a, NULL);
743 wpa_printf(MSG_INFO, "Use OSU password");
744 }
745 }
746}
747
748
749/* Remove old credentials based on HomeSP/FQDN */
750static void remove_sp_creds(struct hs20_osu_client *ctx, const char *fqdn)
751{
752 char cmd[300];
753 os_snprintf(cmd, sizeof(cmd), "REMOVE_CRED provisioning_sp=%s", fqdn);
754 if (wpa_command(ctx->ifname, cmd) < 0)
755 wpa_printf(MSG_INFO, "Failed to remove old credential(s)");
756}
757
758
759static void set_pps_cred_policy_spe(struct hs20_osu_client *ctx, int id,
760 xml_node_t *spe)
761{
762 xml_node_t *ssid;
763 char *txt;
764
765 ssid = get_node(ctx->xml, spe, "SSID");
766 if (ssid == NULL)
767 return;
768 txt = xml_node_get_text(ctx->xml, ssid);
769 if (txt == NULL)
770 return;
771 wpa_printf(MSG_DEBUG, "- Policy/SPExclusionList/<X+>/SSID = %s", txt);
772 if (set_cred_quoted(ctx->ifname, id, "excluded_ssid", txt) < 0)
773 wpa_printf(MSG_INFO, "Failed to set cred excluded_ssid");
774 xml_node_get_text_free(ctx->xml, txt);
775}
776
777
778static void set_pps_cred_policy_spel(struct hs20_osu_client *ctx, int id,
779 xml_node_t *spel)
780{
781 xml_node_t *child;
782
783 xml_node_for_each_child(ctx->xml, child, spel) {
784 xml_node_for_each_check(ctx->xml, child);
785 set_pps_cred_policy_spe(ctx, id, child);
786 }
787}
788
789
790static void set_pps_cred_policy_prp(struct hs20_osu_client *ctx, int id,
791 xml_node_t *prp)
792{
793 xml_node_t *node;
794 char *txt = NULL, *pos;
795 char *prio, *country_buf = NULL;
796 const char *country;
797 char val[200];
798 int priority;
799
800 node = get_node(ctx->xml, prp, "Priority");
801 if (node == NULL)
802 return;
803 prio = xml_node_get_text(ctx->xml, node);
804 if (prio == NULL)
805 return;
806 wpa_printf(MSG_INFO, "- Policy/PreferredRoamingPartnerList/<X+>/Priority = %s",
807 prio);
808 priority = atoi(prio);
809 xml_node_get_text_free(ctx->xml, prio);
810
811 node = get_node(ctx->xml, prp, "Country");
812 if (node) {
813 country_buf = xml_node_get_text(ctx->xml, node);
814 if (country_buf == NULL)
815 return;
816 country = country_buf;
817 wpa_printf(MSG_INFO, "- Policy/PreferredRoamingPartnerList/<X+>/Country = %s",
818 country);
819 } else {
820 country = "*";
821 }
822
823 node = get_node(ctx->xml, prp, "FQDN_Match");
824 if (node == NULL)
825 goto out;
826 txt = xml_node_get_text(ctx->xml, node);
827 if (txt == NULL)
828 goto out;
829 wpa_printf(MSG_INFO, "- Policy/PreferredRoamingPartnerList/<X+>/FQDN_Match = %s",
830 txt);
831 pos = strrchr(txt, ',');
832 if (pos == NULL)
833 goto out;
834 *pos++ = '\0';
835
836 snprintf(val, sizeof(val), "%s,%d,%d,%s", txt,
837 strcmp(pos, "includeSubdomains") != 0, priority, country);
838 if (set_cred_quoted(ctx->ifname, id, "roaming_partner", val) < 0)
839 wpa_printf(MSG_INFO, "Failed to set cred roaming_partner");
840out:
841 xml_node_get_text_free(ctx->xml, country_buf);
842 xml_node_get_text_free(ctx->xml, txt);
843}
844
845
846static void set_pps_cred_policy_prpl(struct hs20_osu_client *ctx, int id,
847 xml_node_t *prpl)
848{
849 xml_node_t *child;
850
851 xml_node_for_each_child(ctx->xml, child, prpl) {
852 xml_node_for_each_check(ctx->xml, child);
853 set_pps_cred_policy_prp(ctx, id, child);
854 }
855}
856
857
858static void set_pps_cred_policy_min_backhaul(struct hs20_osu_client *ctx, int id,
859 xml_node_t *min_backhaul)
860{
861 xml_node_t *node;
862 char *type, *dl = NULL, *ul = NULL;
863 int home;
864
865 node = get_node(ctx->xml, min_backhaul, "NetworkType");
866 if (node == NULL) {
867 wpa_printf(MSG_INFO, "Ignore MinBackhaulThreshold without mandatory NetworkType node");
868 return;
869 }
870
871 type = xml_node_get_text(ctx->xml, node);
872 if (type == NULL)
873 return;
874 wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold/<X+>/NetworkType = %s",
875 type);
876 if (os_strcasecmp(type, "home") == 0)
877 home = 1;
878 else if (os_strcasecmp(type, "roaming") == 0)
879 home = 0;
880 else {
881 wpa_printf(MSG_INFO, "Ignore MinBackhaulThreshold with invalid NetworkType");
882 xml_node_get_text_free(ctx->xml, type);
883 return;
884 }
885 xml_node_get_text_free(ctx->xml, type);
886
887 node = get_node(ctx->xml, min_backhaul, "DLBandwidth");
888 if (node)
889 dl = xml_node_get_text(ctx->xml, node);
890
891 node = get_node(ctx->xml, min_backhaul, "ULBandwidth");
892 if (node)
893 ul = xml_node_get_text(ctx->xml, node);
894
895 if (dl == NULL && ul == NULL) {
896 wpa_printf(MSG_INFO, "Ignore MinBackhaulThreshold without either DLBandwidth or ULBandwidth nodes");
897 return;
898 }
899
900 if (dl)
901 wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold/<X+>/DLBandwidth = %s",
902 dl);
903 if (ul)
904 wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold/<X+>/ULBandwidth = %s",
905 ul);
906
907 if (home) {
908 if (dl &&
909 set_cred(ctx->ifname, id, "min_dl_bandwidth_home", dl) < 0)
910 wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
911 if (ul &&
912 set_cred(ctx->ifname, id, "min_ul_bandwidth_home", ul) < 0)
913 wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
914 } else {
915 if (dl &&
916 set_cred(ctx->ifname, id, "min_dl_bandwidth_roaming", dl) <
917 0)
918 wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
919 if (ul &&
920 set_cred(ctx->ifname, id, "min_ul_bandwidth_roaming", ul) <
921 0)
922 wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
923 }
924
925 xml_node_get_text_free(ctx->xml, dl);
926 xml_node_get_text_free(ctx->xml, ul);
927}
928
929
930static void set_pps_cred_policy_min_backhaul_list(struct hs20_osu_client *ctx,
931 int id, xml_node_t *node)
932{
933 xml_node_t *child;
934
935 wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold");
936
937 xml_node_for_each_child(ctx->xml, child, node) {
938 xml_node_for_each_check(ctx->xml, child);
939 set_pps_cred_policy_min_backhaul(ctx, id, child);
940 }
941}
942
943
944static void set_pps_cred_policy_update(struct hs20_osu_client *ctx, int id,
945 xml_node_t *node)
946{
947 wpa_printf(MSG_INFO, "- Policy/PolicyUpdate");
948 /* Not used in wpa_supplicant */
949}
950
951
952static void set_pps_cred_policy_required_proto_port(struct hs20_osu_client *ctx,
953 int id, xml_node_t *tuple)
954{
955 xml_node_t *node;
956 char *proto, *port;
957 char *buf;
958 size_t buflen;
959
960 node = get_node(ctx->xml, tuple, "IPProtocol");
961 if (node == NULL) {
962 wpa_printf(MSG_INFO, "Ignore RequiredProtoPortTuple without mandatory IPProtocol node");
963 return;
964 }
965
966 proto = xml_node_get_text(ctx->xml, node);
967 if (proto == NULL)
968 return;
969
970 wpa_printf(MSG_INFO, "- Policy/RequiredProtoPortTuple/<X+>/IPProtocol = %s",
971 proto);
972
973 node = get_node(ctx->xml, tuple, "PortNumber");
974 port = node ? xml_node_get_text(ctx->xml, node) : NULL;
975 if (port) {
976 wpa_printf(MSG_INFO, "- Policy/RequiredProtoPortTuple/<X+>/PortNumber = %s",
977 port);
978 buflen = os_strlen(proto) + os_strlen(port) + 10;
979 buf = os_malloc(buflen);
980 if (buf)
981 os_snprintf(buf, buflen, "%s:%s", proto, port);
982 xml_node_get_text_free(ctx->xml, port);
983 } else {
984 buflen = os_strlen(proto) + 10;
985 buf = os_malloc(buflen);
986 if (buf)
987 os_snprintf(buf, buflen, "%s", proto);
988 }
989
990 xml_node_get_text_free(ctx->xml, proto);
991
992 if (buf == NULL)
993 return;
994
995 if (set_cred(ctx->ifname, id, "req_conn_capab", buf) < 0)
996 wpa_printf(MSG_INFO, "Could not set req_conn_capab");
997
998 os_free(buf);
999}
1000
1001
1002static void set_pps_cred_policy_required_proto_ports(struct hs20_osu_client *ctx,
1003 int id, xml_node_t *node)
1004{
1005 xml_node_t *child;
1006
1007 wpa_printf(MSG_INFO, "- Policy/RequiredProtoPortTuple");
1008
1009 xml_node_for_each_child(ctx->xml, child, node) {
1010 xml_node_for_each_check(ctx->xml, child);
1011 set_pps_cred_policy_required_proto_port(ctx, id, child);
1012 }
1013}
1014
1015
1016static void set_pps_cred_policy_max_bss_load(struct hs20_osu_client *ctx, int id,
1017 xml_node_t *node)
1018{
1019 char *str = xml_node_get_text(ctx->xml, node);
1020 if (str == NULL)
1021 return;
1022 wpa_printf(MSG_INFO, "- Policy/MaximumBSSLoadValue - %s", str);
1023 if (set_cred(ctx->ifname, id, "max_bss_load", str) < 0)
1024 wpa_printf(MSG_INFO, "Failed to set cred max_bss_load limit");
1025 xml_node_get_text_free(ctx->xml, str);
1026}
1027
1028
1029static void set_pps_cred_policy(struct hs20_osu_client *ctx, int id,
1030 xml_node_t *node)
1031{
1032 xml_node_t *child;
1033 const char *name;
1034
1035 wpa_printf(MSG_INFO, "- Policy");
1036
1037 xml_node_for_each_child(ctx->xml, child, node) {
1038 xml_node_for_each_check(ctx->xml, child);
1039 name = xml_node_get_localname(ctx->xml, child);
1040 if (os_strcasecmp(name, "PreferredRoamingPartnerList") == 0)
1041 set_pps_cred_policy_prpl(ctx, id, child);
1042 else if (os_strcasecmp(name, "MinBackhaulThreshold") == 0)
1043 set_pps_cred_policy_min_backhaul_list(ctx, id, child);
1044 else if (os_strcasecmp(name, "PolicyUpdate") == 0)
1045 set_pps_cred_policy_update(ctx, id, child);
1046 else if (os_strcasecmp(name, "SPExclusionList") == 0)
1047 set_pps_cred_policy_spel(ctx, id, child);
1048 else if (os_strcasecmp(name, "RequiredProtoPortTuple") == 0)
1049 set_pps_cred_policy_required_proto_ports(ctx, id, child);
1050 else if (os_strcasecmp(name, "MaximumBSSLoadValue") == 0)
1051 set_pps_cred_policy_max_bss_load(ctx, id, child);
1052 else
1053 wpa_printf(MSG_INFO, "Unknown Policy node '%s'", name);
1054 }
1055}
1056
1057
1058static void set_pps_cred_priority(struct hs20_osu_client *ctx, int id,
1059 xml_node_t *node)
1060{
1061 char *str = xml_node_get_text(ctx->xml, node);
1062 if (str == NULL)
1063 return;
1064 wpa_printf(MSG_INFO, "- CredentialPriority = %s", str);
1065 if (set_cred(ctx->ifname, id, "sp_priority", str) < 0)
1066 wpa_printf(MSG_INFO, "Failed to set cred sp_priority");
1067 xml_node_get_text_free(ctx->xml, str);
1068}
1069
1070
1071static void set_pps_cred_aaa_server_trust_root(struct hs20_osu_client *ctx,
1072 int id, xml_node_t *node)
1073{
1074 wpa_printf(MSG_INFO, "- AAAServerTrustRoot - TODO");
1075}
1076
1077
1078static void set_pps_cred_sub_update(struct hs20_osu_client *ctx, int id,
1079 xml_node_t *node)
1080{
1081 wpa_printf(MSG_INFO, "- SubscriptionUpdate");
1082 /* not used within wpa_supplicant */
1083}
1084
1085
1086static void set_pps_cred_home_sp_network_id(struct hs20_osu_client *ctx,
1087 int id, xml_node_t *node)
1088{
1089 xml_node_t *ssid_node, *hessid_node;
1090 char *ssid, *hessid;
1091
1092 ssid_node = get_node(ctx->xml, node, "SSID");
1093 if (ssid_node == NULL) {
1094 wpa_printf(MSG_INFO, "Ignore HomeSP/NetworkID without mandatory SSID node");
1095 return;
1096 }
1097
1098 hessid_node = get_node(ctx->xml, node, "HESSID");
1099
1100 ssid = xml_node_get_text(ctx->xml, ssid_node);
1101 if (ssid == NULL)
1102 return;
1103 hessid = hessid_node ? xml_node_get_text(ctx->xml, hessid_node) : NULL;
1104
1105 wpa_printf(MSG_INFO, "- HomeSP/NetworkID/<X+>/SSID = %s", ssid);
1106 if (hessid)
1107 wpa_printf(MSG_INFO, "- HomeSP/NetworkID/<X+>/HESSID = %s",
1108 hessid);
1109
1110 /* TODO: Configure to wpa_supplicant */
1111
1112 xml_node_get_text_free(ctx->xml, ssid);
1113 xml_node_get_text_free(ctx->xml, hessid);
1114}
1115
1116
1117static void set_pps_cred_home_sp_network_ids(struct hs20_osu_client *ctx,
1118 int id, xml_node_t *node)
1119{
1120 xml_node_t *child;
1121
1122 wpa_printf(MSG_INFO, "- HomeSP/NetworkID");
1123
1124 xml_node_for_each_child(ctx->xml, child, node) {
1125 xml_node_for_each_check(ctx->xml, child);
1126 set_pps_cred_home_sp_network_id(ctx, id, child);
1127 }
1128}
1129
1130
1131static void set_pps_cred_home_sp_friendly_name(struct hs20_osu_client *ctx,
1132 int id, xml_node_t *node)
1133{
1134 char *str = xml_node_get_text(ctx->xml, node);
1135 if (str == NULL)
1136 return;
1137 wpa_printf(MSG_INFO, "- HomeSP/FriendlyName = %s", str);
1138 /* not used within wpa_supplicant(?) */
1139 xml_node_get_text_free(ctx->xml, str);
1140}
1141
1142
1143static void set_pps_cred_home_sp_icon_url(struct hs20_osu_client *ctx,
1144 int id, xml_node_t *node)
1145{
1146 char *str = xml_node_get_text(ctx->xml, node);
1147 if (str == NULL)
1148 return;
1149 wpa_printf(MSG_INFO, "- HomeSP/IconURL = %s", str);
1150 /* not used within wpa_supplicant */
1151 xml_node_get_text_free(ctx->xml, str);
1152}
1153
1154
1155static void set_pps_cred_home_sp_fqdn(struct hs20_osu_client *ctx, int id,
1156 xml_node_t *node)
1157{
1158 char *str = xml_node_get_text(ctx->xml, node);
1159 if (str == NULL)
1160 return;
1161 wpa_printf(MSG_INFO, "- HomeSP/FQDN = %s", str);
1162 if (set_cred_quoted(ctx->ifname, id, "domain", str) < 0)
1163 wpa_printf(MSG_INFO, "Failed to set cred domain");
1164 if (set_cred_quoted(ctx->ifname, id, "domain_suffix_match", str) < 0)
1165 wpa_printf(MSG_INFO, "Failed to set cred domain_suffix_match");
1166 xml_node_get_text_free(ctx->xml, str);
1167}
1168
1169
1170static void set_pps_cred_home_sp_oi(struct hs20_osu_client *ctx, int id,
1171 xml_node_t *node)
1172{
1173 xml_node_t *child;
1174 const char *name;
1175 char *homeoi = NULL;
1176 int required = 0;
1177 char *str;
1178
1179 xml_node_for_each_child(ctx->xml, child, node) {
1180 xml_node_for_each_check(ctx->xml, child);
1181 name = xml_node_get_localname(ctx->xml, child);
1182 if (strcasecmp(name, "HomeOI") == 0 && !homeoi) {
1183 homeoi = xml_node_get_text(ctx->xml, child);
1184 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+>/HomeOI = %s",
1185 homeoi);
1186 } else if (strcasecmp(name, "HomeOIRequired") == 0) {
1187 str = xml_node_get_text(ctx->xml, child);
1188 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+>/HomeOIRequired = '%s'",
1189 str);
1190 if (str == NULL)
1191 continue;
1192 required = strcasecmp(str, "true") == 0;
1193 xml_node_get_text_free(ctx->xml, str);
1194 } else
1195 wpa_printf(MSG_INFO, "Unknown HomeOIList node '%s'",
1196 name);
1197 }
1198
1199 if (homeoi == NULL) {
1200 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+> without HomeOI ignored");
1201 return;
1202 }
1203
1204 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+> '%s' required=%d",
1205 homeoi, required);
1206
1207 if (required) {
1208 if (set_cred(ctx->ifname, id, "required_roaming_consortium",
1209 homeoi) < 0)
1210 wpa_printf(MSG_INFO, "Failed to set cred required_roaming_consortium");
1211 } else {
1212 if (set_cred_quoted(ctx->ifname, id, "roaming_consortium",
1213 homeoi) < 0)
1214 wpa_printf(MSG_INFO, "Failed to set cred roaming_consortium");
1215 }
1216
1217 xml_node_get_text_free(ctx->xml, homeoi);
1218}
1219
1220
1221static void set_pps_cred_home_sp_oi_list(struct hs20_osu_client *ctx, int id,
1222 xml_node_t *node)
1223{
1224 xml_node_t *child;
1225
1226 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList");
1227
1228 xml_node_for_each_child(ctx->xml, child, node) {
1229 xml_node_for_each_check(ctx->xml, child);
1230 set_pps_cred_home_sp_oi(ctx, id, child);
1231 }
1232}
1233
1234
1235static void set_pps_cred_home_sp_other_partner(struct hs20_osu_client *ctx,
1236 int id, xml_node_t *node)
1237{
1238 xml_node_t *child;
1239 const char *name;
1240 char *fqdn = NULL;
1241
1242 xml_node_for_each_child(ctx->xml, child, node) {
1243 xml_node_for_each_check(ctx->xml, child);
1244 name = xml_node_get_localname(ctx->xml, child);
1245 if (os_strcasecmp(name, "FQDN") == 0 && !fqdn) {
1246 fqdn = xml_node_get_text(ctx->xml, child);
1247 wpa_printf(MSG_INFO, "- HomeSP/OtherHomePartners/<X+>/FQDN = %s",
1248 fqdn);
1249 } else
1250 wpa_printf(MSG_INFO, "Unknown OtherHomePartners node '%s'",
1251 name);
1252 }
1253
1254 if (fqdn == NULL) {
1255 wpa_printf(MSG_INFO, "- HomeSP/OtherHomePartners/<X+> without FQDN ignored");
1256 return;
1257 }
1258
1259 if (set_cred_quoted(ctx->ifname, id, "domain", fqdn) < 0)
1260 wpa_printf(MSG_INFO, "Failed to set cred domain for OtherHomePartners node");
1261
1262 xml_node_get_text_free(ctx->xml, fqdn);
1263}
1264
1265
1266static void set_pps_cred_home_sp_other_partners(struct hs20_osu_client *ctx,
1267 int id,
1268 xml_node_t *node)
1269{
1270 xml_node_t *child;
1271
1272 wpa_printf(MSG_INFO, "- HomeSP/OtherHomePartners");
1273
1274 xml_node_for_each_child(ctx->xml, child, node) {
1275 xml_node_for_each_check(ctx->xml, child);
1276 set_pps_cred_home_sp_other_partner(ctx, id, child);
1277 }
1278}
1279
1280
1281static void set_pps_cred_home_sp_roaming_consortium_oi(
1282 struct hs20_osu_client *ctx, int id, xml_node_t *node)
1283{
1284 char *str = xml_node_get_text(ctx->xml, node);
1285 if (str == NULL)
1286 return;
1287 wpa_printf(MSG_INFO, "- HomeSP/RoamingConsortiumOI = %s", str);
1288 /* TODO: Set to wpa_supplicant */
1289 xml_node_get_text_free(ctx->xml, str);
1290}
1291
1292
1293static void set_pps_cred_home_sp(struct hs20_osu_client *ctx, int id,
1294 xml_node_t *node)
1295{
1296 xml_node_t *child;
1297 const char *name;
1298
1299 wpa_printf(MSG_INFO, "- HomeSP");
1300
1301 xml_node_for_each_child(ctx->xml, child, node) {
1302 xml_node_for_each_check(ctx->xml, child);
1303 name = xml_node_get_localname(ctx->xml, child);
1304 if (os_strcasecmp(name, "NetworkID") == 0)
1305 set_pps_cred_home_sp_network_ids(ctx, id, child);
1306 else if (os_strcasecmp(name, "FriendlyName") == 0)
1307 set_pps_cred_home_sp_friendly_name(ctx, id, child);
1308 else if (os_strcasecmp(name, "IconURL") == 0)
1309 set_pps_cred_home_sp_icon_url(ctx, id, child);
1310 else if (os_strcasecmp(name, "FQDN") == 0)
1311 set_pps_cred_home_sp_fqdn(ctx, id, child);
1312 else if (os_strcasecmp(name, "HomeOIList") == 0)
1313 set_pps_cred_home_sp_oi_list(ctx, id, child);
1314 else if (os_strcasecmp(name, "OtherHomePartners") == 0)
1315 set_pps_cred_home_sp_other_partners(ctx, id, child);
1316 else if (os_strcasecmp(name, "RoamingConsortiumOI") == 0)
1317 set_pps_cred_home_sp_roaming_consortium_oi(ctx, id,
1318 child);
1319 else
1320 wpa_printf(MSG_INFO, "Unknown HomeSP node '%s'", name);
1321 }
1322}
1323
1324
1325static void set_pps_cred_sub_params(struct hs20_osu_client *ctx, int id,
1326 xml_node_t *node)
1327{
1328 wpa_printf(MSG_INFO, "- SubscriptionParameters");
1329 /* not used within wpa_supplicant */
1330}
1331
1332
1333static void set_pps_cred_creation_date(struct hs20_osu_client *ctx, int id,
1334 xml_node_t *node)
1335{
1336 char *str = xml_node_get_text(ctx->xml, node);
1337 if (str == NULL)
1338 return;
1339 wpa_printf(MSG_INFO, "- Credential/CreationDate = %s", str);
1340 /* not used within wpa_supplicant */
1341 xml_node_get_text_free(ctx->xml, str);
1342}
1343
1344
1345static void set_pps_cred_expiration_date(struct hs20_osu_client *ctx, int id,
1346 xml_node_t *node)
1347{
1348 char *str = xml_node_get_text(ctx->xml, node);
1349 if (str == NULL)
1350 return;
1351 wpa_printf(MSG_INFO, "- Credential/ExpirationDate = %s", str);
1352 /* not used within wpa_supplicant */
1353 xml_node_get_text_free(ctx->xml, str);
1354}
1355
1356
1357static void set_pps_cred_username(struct hs20_osu_client *ctx, int id,
1358 xml_node_t *node)
1359{
1360 char *str = xml_node_get_text(ctx->xml, node);
1361 if (str == NULL)
1362 return;
1363 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/Username = %s",
1364 str);
1365 if (set_cred_quoted(ctx->ifname, id, "username", str) < 0)
1366 wpa_printf(MSG_INFO, "Failed to set cred username");
1367 xml_node_get_text_free(ctx->xml, str);
1368}
1369
1370
1371static void set_pps_cred_password(struct hs20_osu_client *ctx, int id,
1372 xml_node_t *node)
1373{
1374 int len, i;
1375 char *pw, *hex, *pos, *end;
1376
1377 pw = xml_node_get_base64_text(ctx->xml, node, &len);
1378 if (pw == NULL)
1379 return;
1380
1381 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/Password = %s", pw);
1382
1383 hex = malloc(len * 2 + 1);
1384 if (hex == NULL) {
1385 free(pw);
1386 return;
1387 }
1388 end = hex + len * 2 + 1;
1389 pos = hex;
1390 for (i = 0; i < len; i++) {
1391 snprintf(pos, end - pos, "%02x", pw[i]);
1392 pos += 2;
1393 }
1394 free(pw);
1395
1396 if (set_cred(ctx->ifname, id, "password", hex) < 0)
1397 wpa_printf(MSG_INFO, "Failed to set cred password");
1398 free(hex);
1399}
1400
1401
1402static void set_pps_cred_machine_managed(struct hs20_osu_client *ctx, int id,
1403 xml_node_t *node)
1404{
1405 char *str = xml_node_get_text(ctx->xml, node);
1406 if (str == NULL)
1407 return;
1408 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/MachineManaged = %s",
1409 str);
1410 /* not used within wpa_supplicant */
1411 xml_node_get_text_free(ctx->xml, str);
1412}
1413
1414
1415static void set_pps_cred_soft_token_app(struct hs20_osu_client *ctx, int id,
1416 xml_node_t *node)
1417{
1418 char *str = xml_node_get_text(ctx->xml, node);
1419 if (str == NULL)
1420 return;
1421 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/SoftTokenApp = %s",
1422 str);
1423 /* not used within wpa_supplicant */
1424 xml_node_get_text_free(ctx->xml, str);
1425}
1426
1427
1428static void set_pps_cred_able_to_share(struct hs20_osu_client *ctx, int id,
1429 xml_node_t *node)
1430{
1431 char *str = xml_node_get_text(ctx->xml, node);
1432 if (str == NULL)
1433 return;
1434 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/AbleToShare = %s",
1435 str);
1436 /* not used within wpa_supplicant */
1437 xml_node_get_text_free(ctx->xml, str);
1438}
1439
1440
1441static void set_pps_cred_eap_method(struct hs20_osu_client *ctx, int id,
1442 xml_node_t *node)
1443{
1444 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/EAPMethod - TODO");
1445}
1446
1447
1448static void set_pps_cred_username_password(struct hs20_osu_client *ctx, int id,
1449 xml_node_t *node)
1450{
1451 xml_node_t *child;
1452 const char *name;
1453
1454 wpa_printf(MSG_INFO, "- Credential/UsernamePassword");
1455
1456 xml_node_for_each_child(ctx->xml, child, node) {
1457 xml_node_for_each_check(ctx->xml, child);
1458 name = xml_node_get_localname(ctx->xml, child);
1459 if (os_strcasecmp(name, "Username") == 0)
1460 set_pps_cred_username(ctx, id, child);
1461 else if (os_strcasecmp(name, "Password") == 0)
1462 set_pps_cred_password(ctx, id, child);
1463 else if (os_strcasecmp(name, "MachineManaged") == 0)
1464 set_pps_cred_machine_managed(ctx, id, child);
1465 else if (os_strcasecmp(name, "SoftTokenApp") == 0)
1466 set_pps_cred_soft_token_app(ctx, id, child);
1467 else if (os_strcasecmp(name, "AbleToShare") == 0)
1468 set_pps_cred_able_to_share(ctx, id, child);
1469 else if (os_strcasecmp(name, "EAPMethod") == 0)
1470 set_pps_cred_eap_method(ctx, id, child);
1471 else
1472 wpa_printf(MSG_INFO, "Unknown Credential/UsernamePassword node '%s'",
1473 name);
1474 }
1475}
1476
1477
1478static void set_pps_cred_digital_cert(struct hs20_osu_client *ctx, int id,
1479 xml_node_t *node, const char *fqdn)
1480{
1481 char buf[200], dir[200];
1482
1483 wpa_printf(MSG_INFO, "- Credential/DigitalCertificate");
1484
1485 if (getcwd(dir, sizeof(dir)) == NULL)
1486 return;
1487
1488 /* TODO: could build username from Subject of Subject AltName */
1489 if (set_cred_quoted(ctx->ifname, id, "username", "cert") < 0) {
1490 wpa_printf(MSG_INFO, "Failed to set username");
1491 }
1492
1493 snprintf(buf, sizeof(buf), "%s/SP/%s/client-cert.pem", dir, fqdn);
1494 if (os_file_exists(buf)) {
1495 if (set_cred_quoted(ctx->ifname, id, "client_cert", buf) < 0) {
1496 wpa_printf(MSG_INFO, "Failed to set client_cert");
1497 }
1498 }
1499
1500 snprintf(buf, sizeof(buf), "%s/SP/%s/client-key.pem", dir, fqdn);
1501 if (os_file_exists(buf)) {
1502 if (set_cred_quoted(ctx->ifname, id, "private_key", buf) < 0) {
1503 wpa_printf(MSG_INFO, "Failed to set private_key");
1504 }
1505 }
1506}
1507
1508
1509static void set_pps_cred_realm(struct hs20_osu_client *ctx, int id,
1510 xml_node_t *node, const char *fqdn, int sim)
1511{
1512 char *str = xml_node_get_text(ctx->xml, node);
1513 char buf[200], dir[200];
1514
1515 if (str == NULL)
1516 return;
1517
1518 wpa_printf(MSG_INFO, "- Credential/Realm = %s", str);
1519 if (set_cred_quoted(ctx->ifname, id, "realm", str) < 0)
1520 wpa_printf(MSG_INFO, "Failed to set cred realm");
1521 xml_node_get_text_free(ctx->xml, str);
1522
1523 if (sim)
1524 return;
1525
1526 if (getcwd(dir, sizeof(dir)) == NULL)
1527 return;
1528 snprintf(buf, sizeof(buf), "%s/SP/%s/aaa-ca.pem", dir, fqdn);
1529 if (os_file_exists(buf)) {
1530 if (set_cred_quoted(ctx->ifname, id, "ca_cert", buf) < 0) {
1531 wpa_printf(MSG_INFO, "Failed to set CA cert");
1532 }
1533 }
1534}
1535
1536
1537static void set_pps_cred_check_aaa_cert_status(struct hs20_osu_client *ctx,
1538 int id, xml_node_t *node)
1539{
1540 char *str = xml_node_get_text(ctx->xml, node);
1541
1542 if (str == NULL)
1543 return;
1544
1545 wpa_printf(MSG_INFO, "- Credential/CheckAAAServerCertStatus = %s", str);
1546 if (os_strcasecmp(str, "true") == 0 &&
1547 set_cred(ctx->ifname, id, "ocsp", "2") < 0)
1548 wpa_printf(MSG_INFO, "Failed to set cred ocsp");
1549 xml_node_get_text_free(ctx->xml, str);
1550}
1551
1552
1553static void set_pps_cred_sim(struct hs20_osu_client *ctx, int id,
1554 xml_node_t *sim, xml_node_t *realm)
1555{
1556 xml_node_t *node;
1557 char *imsi, *eaptype, *str, buf[20];
1558 int type;
1559 int mnc_len = 3;
1560 size_t imsi_len;
1561
1562 node = get_node(ctx->xml, sim, "EAPType");
1563 if (node == NULL) {
1564 wpa_printf(MSG_INFO, "No SIM/EAPType node in credential");
1565 return;
1566 }
1567 eaptype = xml_node_get_text(ctx->xml, node);
1568 if (eaptype == NULL) {
1569 wpa_printf(MSG_INFO, "Could not extract SIM/EAPType");
1570 return;
1571 }
1572 wpa_printf(MSG_INFO, " - Credential/SIM/EAPType = %s", eaptype);
1573 type = atoi(eaptype);
1574 xml_node_get_text_free(ctx->xml, eaptype);
1575
1576 switch (type) {
1577 case EAP_TYPE_SIM:
1578 if (set_cred(ctx->ifname, id, "eap", "SIM") < 0)
1579 wpa_printf(MSG_INFO, "Could not set eap=SIM");
1580 break;
1581 case EAP_TYPE_AKA:
1582 if (set_cred(ctx->ifname, id, "eap", "AKA") < 0)
1583 wpa_printf(MSG_INFO, "Could not set eap=SIM");
1584 break;
1585 case EAP_TYPE_AKA_PRIME:
1586 if (set_cred(ctx->ifname, id, "eap", "AKA'") < 0)
1587 wpa_printf(MSG_INFO, "Could not set eap=SIM");
1588 break;
1589 default:
1590 wpa_printf(MSG_INFO, "Unsupported SIM/EAPType %d", type);
1591 return;
1592 }
1593
1594 node = get_node(ctx->xml, sim, "IMSI");
1595 if (node == NULL) {
1596 wpa_printf(MSG_INFO, "No SIM/IMSI node in credential");
1597 return;
1598 }
1599 imsi = xml_node_get_text(ctx->xml, node);
1600 if (imsi == NULL) {
1601 wpa_printf(MSG_INFO, "Could not extract SIM/IMSI");
1602 return;
1603 }
1604 wpa_printf(MSG_INFO, " - Credential/SIM/IMSI = %s", imsi);
1605 imsi_len = os_strlen(imsi);
1606 if (imsi_len < 7 || imsi_len + 2 > sizeof(buf)) {
1607 wpa_printf(MSG_INFO, "Invalid IMSI length");
1608 xml_node_get_text_free(ctx->xml, imsi);
1609 return;
1610 }
1611
1612 str = xml_node_get_text(ctx->xml, node);
1613 if (str) {
1614 char *pos;
1615 pos = os_strstr(str, "mnc");
1616 if (pos && os_strlen(pos) >= 6) {
1617 if (os_strncmp(imsi + 3, pos + 3, 3) == 0)
1618 mnc_len = 3;
1619 else if (os_strncmp(imsi + 3, pos + 4, 2) == 0)
1620 mnc_len = 2;
1621 }
1622 xml_node_get_text_free(ctx->xml, str);
1623 }
1624
1625 os_memcpy(buf, imsi, 3 + mnc_len);
1626 buf[3 + mnc_len] = '-';
1627 os_strlcpy(buf + 3 + mnc_len + 1, imsi + 3 + mnc_len,
1628 sizeof(buf) - 3 - mnc_len - 1);
1629
1630 xml_node_get_text_free(ctx->xml, imsi);
1631
1632 if (set_cred_quoted(ctx->ifname, id, "imsi", buf) < 0)
1633 wpa_printf(MSG_INFO, "Could not set IMSI");
1634
1635 if (set_cred_quoted(ctx->ifname, id, "milenage",
1636 "90dca4eda45b53cf0f12d7c9c3bc6a89:"
1637 "cb9cccc4b9258e6dca4760379fb82581:000000000123") <
1638 0)
1639 wpa_printf(MSG_INFO, "Could not set Milenage parameters");
1640}
1641
1642
1643static void set_pps_cred_credential(struct hs20_osu_client *ctx, int id,
1644 xml_node_t *node, const char *fqdn)
1645{
1646 xml_node_t *child, *sim, *realm;
1647 const char *name;
1648
1649 wpa_printf(MSG_INFO, "- Credential");
1650
1651 sim = get_node(ctx->xml, node, "SIM");
1652 realm = get_node(ctx->xml, node, "Realm");
1653
1654 xml_node_for_each_child(ctx->xml, child, node) {
1655 xml_node_for_each_check(ctx->xml, child);
1656 name = xml_node_get_localname(ctx->xml, child);
1657 if (os_strcasecmp(name, "CreationDate") == 0)
1658 set_pps_cred_creation_date(ctx, id, child);
1659 else if (os_strcasecmp(name, "ExpirationDate") == 0)
1660 set_pps_cred_expiration_date(ctx, id, child);
1661 else if (os_strcasecmp(name, "UsernamePassword") == 0)
1662 set_pps_cred_username_password(ctx, id, child);
1663 else if (os_strcasecmp(name, "DigitalCertificate") == 0)
1664 set_pps_cred_digital_cert(ctx, id, child, fqdn);
1665 else if (os_strcasecmp(name, "Realm") == 0)
1666 set_pps_cred_realm(ctx, id, child, fqdn, sim != NULL);
1667 else if (os_strcasecmp(name, "CheckAAAServerCertStatus") == 0)
1668 set_pps_cred_check_aaa_cert_status(ctx, id, child);
1669 else if (os_strcasecmp(name, "SIM") == 0)
1670 set_pps_cred_sim(ctx, id, child, realm);
1671 else
1672 wpa_printf(MSG_INFO, "Unknown Credential node '%s'",
1673 name);
1674 }
1675}
1676
1677
1678static void set_pps_credential(struct hs20_osu_client *ctx, int id,
1679 xml_node_t *cred, const char *fqdn)
1680{
1681 xml_node_t *child;
1682 const char *name;
1683
1684 xml_node_for_each_child(ctx->xml, child, cred) {
1685 xml_node_for_each_check(ctx->xml, child);
1686 name = xml_node_get_localname(ctx->xml, child);
1687 if (os_strcasecmp(name, "Policy") == 0)
1688 set_pps_cred_policy(ctx, id, child);
1689 else if (os_strcasecmp(name, "CredentialPriority") == 0)
1690 set_pps_cred_priority(ctx, id, child);
1691 else if (os_strcasecmp(name, "AAAServerTrustRoot") == 0)
1692 set_pps_cred_aaa_server_trust_root(ctx, id, child);
1693 else if (os_strcasecmp(name, "SubscriptionUpdate") == 0)
1694 set_pps_cred_sub_update(ctx, id, child);
1695 else if (os_strcasecmp(name, "HomeSP") == 0)
1696 set_pps_cred_home_sp(ctx, id, child);
1697 else if (os_strcasecmp(name, "SubscriptionParameters") == 0)
1698 set_pps_cred_sub_params(ctx, id, child);
1699 else if (os_strcasecmp(name, "Credential") == 0)
1700 set_pps_cred_credential(ctx, id, child, fqdn);
1701 else
1702 wpa_printf(MSG_INFO, "Unknown credential node '%s'",
1703 name);
1704 }
1705}
1706
1707
1708static void set_pps(struct hs20_osu_client *ctx, xml_node_t *pps,
1709 const char *fqdn)
1710{
1711 xml_node_t *child;
1712 const char *name;
1713 int id;
1714 char *update_identifier = NULL;
1715
1716 /*
1717 * TODO: Could consider more complex mechanism that would remove
1718 * credentials only if there are changes in the information sent to
1719 * wpa_supplicant.
1720 */
1721 remove_sp_creds(ctx, fqdn);
1722
1723 xml_node_for_each_child(ctx->xml, child, pps) {
1724 xml_node_for_each_check(ctx->xml, child);
1725 name = xml_node_get_localname(ctx->xml, child);
1726 if (os_strcasecmp(name, "UpdateIdentifier") == 0) {
1727 update_identifier = xml_node_get_text(ctx->xml, child);
1728 if (update_identifier) {
1729 wpa_printf(MSG_INFO, "- UpdateIdentifier = %s",
1730 update_identifier);
1731 break;
1732 }
1733 }
1734 }
1735
1736 xml_node_for_each_child(ctx->xml, child, pps) {
1737 xml_node_for_each_check(ctx->xml, child);
1738 name = xml_node_get_localname(ctx->xml, child);
1739 if (os_strcasecmp(name, "UpdateIdentifier") == 0)
1740 continue;
1741 id = add_cred(ctx->ifname);
1742 if (id < 0) {
1743 wpa_printf(MSG_INFO, "Failed to add credential to wpa_supplicant");
1744 write_summary(ctx, "Failed to add credential to wpa_supplicant");
1745 break;
1746 }
1747 write_summary(ctx, "Add a credential to wpa_supplicant");
1748 if (update_identifier &&
1749 set_cred(ctx->ifname, id, "update_identifier",
1750 update_identifier) < 0)
1751 wpa_printf(MSG_INFO, "Failed to set update_identifier");
1752 if (set_cred_quoted(ctx->ifname, id, "provisioning_sp", fqdn) <
1753 0)
1754 wpa_printf(MSG_INFO, "Failed to set provisioning_sp");
1755 wpa_printf(MSG_INFO, "credential localname: '%s'", name);
1756 set_pps_credential(ctx, id, child, fqdn);
1757 ctx->pps_cred_set = 1;
1758 }
1759
1760 xml_node_get_text_free(ctx->xml, update_identifier);
1761}
1762
1763
1764void cmd_set_pps(struct hs20_osu_client *ctx, const char *pps_fname)
1765{
1766 xml_node_t *pps;
1767 const char *fqdn;
1768 char *fqdn_buf = NULL, *pos;
1769
1770 pps = node_from_file(ctx->xml, pps_fname);
1771 if (pps == NULL) {
1772 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
1773 return;
1774 }
1775
1776 fqdn = os_strstr(pps_fname, "SP/");
1777 if (fqdn) {
1778 fqdn_buf = os_strdup(fqdn + 3);
1779 if (fqdn_buf == NULL)
1780 return;
1781 pos = os_strchr(fqdn_buf, '/');
1782 if (pos)
1783 *pos = '\0';
1784 fqdn = fqdn_buf;
1785 } else
1786 fqdn = "wi-fi.org";
1787
1788 wpa_printf(MSG_INFO, "Set PPS MO info to wpa_supplicant - SP FQDN %s",
1789 fqdn);
1790 set_pps(ctx, pps, fqdn);
1791
1792 os_free(fqdn_buf);
1793 xml_node_free(ctx->xml, pps);
1794}
1795
1796
1797static int cmd_get_fqdn(struct hs20_osu_client *ctx, const char *pps_fname)
1798{
1799 xml_node_t *pps, *node;
1800 char *fqdn = NULL;
1801
1802 pps = node_from_file(ctx->xml, pps_fname);
1803 if (pps == NULL) {
1804 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
1805 return -1;
1806 }
1807
1808 node = get_child_node(ctx->xml, pps, "HomeSP/FQDN");
1809 if (node)
1810 fqdn = xml_node_get_text(ctx->xml, node);
1811
1812 xml_node_free(ctx->xml, pps);
1813
1814 if (fqdn) {
1815 FILE *f = fopen("pps-fqdn", "w");
1816 if (f) {
1817 fprintf(f, "%s", fqdn);
1818 fclose(f);
1819 }
1820 xml_node_get_text_free(ctx->xml, fqdn);
1821 return 0;
1822 }
1823
1824 xml_node_get_text_free(ctx->xml, fqdn);
1825 return -1;
1826}
1827
1828
1829static void cmd_to_tnds(struct hs20_osu_client *ctx, const char *in_fname,
1830 const char *out_fname, const char *urn, int use_path)
1831{
1832 xml_node_t *mo, *node;
1833
1834 mo = node_from_file(ctx->xml, in_fname);
1835 if (mo == NULL) {
1836 wpa_printf(MSG_INFO, "Could not read or parse '%s'", in_fname);
1837 return;
1838 }
1839
1840 node = mo_to_tnds(ctx->xml, mo, use_path, urn, NULL);
1841 if (node) {
1842 node_to_file(ctx->xml, out_fname, node);
1843 xml_node_free(ctx->xml, node);
1844 }
1845
1846 xml_node_free(ctx->xml, mo);
1847}
1848
1849
1850static void cmd_from_tnds(struct hs20_osu_client *ctx, const char *in_fname,
1851 const char *out_fname)
1852{
1853 xml_node_t *tnds, *mo;
1854
1855 tnds = node_from_file(ctx->xml, in_fname);
1856 if (tnds == NULL) {
1857 wpa_printf(MSG_INFO, "Could not read or parse '%s'", in_fname);
1858 return;
1859 }
1860
1861 mo = tnds_to_mo(ctx->xml, tnds);
1862 if (mo) {
1863 node_to_file(ctx->xml, out_fname, mo);
1864 xml_node_free(ctx->xml, mo);
1865 }
1866
1867 xml_node_free(ctx->xml, tnds);
1868}
1869
1870
1871struct osu_icon {
1872 int id;
1873 char lang[4];
1874 char mime_type[256];
1875 char filename[256];
1876};
1877
1878struct osu_data {
1879 char bssid[20];
1880 char url[256];
1881 unsigned int methods;
1882 char osu_ssid[33];
1883 char osu_nai[256];
1884 struct osu_lang_text friendly_name[MAX_OSU_VALS];
1885 size_t friendly_name_count;
1886 struct osu_lang_text serv_desc[MAX_OSU_VALS];
1887 size_t serv_desc_count;
1888 struct osu_icon icon[MAX_OSU_VALS];
1889 size_t icon_count;
1890};
1891
1892
1893static struct osu_data * parse_osu_providers(const char *fname, size_t *count)
1894{
1895 FILE *f;
1896 char buf[1000];
1897 struct osu_data *osu = NULL, *last = NULL;
1898 size_t osu_count = 0;
1899 char *pos, *end;
1900
1901 f = fopen(fname, "r");
1902 if (f == NULL) {
1903 wpa_printf(MSG_ERROR, "Could not open %s", fname);
1904 return NULL;
1905 }
1906
1907 while (fgets(buf, sizeof(buf), f)) {
1908 pos = strchr(buf, '\n');
1909 if (pos)
1910 *pos = '\0';
1911
1912 if (strncmp(buf, "OSU-PROVIDER ", 13) == 0) {
1913 last = realloc(osu, (osu_count + 1) * sizeof(*osu));
1914 if (last == NULL)
1915 break;
1916 osu = last;
1917 last = &osu[osu_count++];
1918 memset(last, 0, sizeof(*last));
1919 snprintf(last->bssid, sizeof(last->bssid), "%s",
1920 buf + 13);
1921 continue;
1922 }
1923 if (!last)
1924 continue;
1925
1926 if (strncmp(buf, "uri=", 4) == 0) {
1927 snprintf(last->url, sizeof(last->url), "%s", buf + 4);
1928 continue;
1929 }
1930
1931 if (strncmp(buf, "methods=", 8) == 0) {
1932 last->methods = strtol(buf + 8, NULL, 16);
1933 continue;
1934 }
1935
1936 if (strncmp(buf, "osu_ssid=", 9) == 0) {
1937 snprintf(last->osu_ssid, sizeof(last->osu_ssid),
1938 "%s", buf + 9);
1939 continue;
1940 }
1941
1942 if (os_strncmp(buf, "osu_nai=", 8) == 0) {
1943 os_snprintf(last->osu_nai, sizeof(last->osu_nai),
1944 "%s", buf + 8);
1945 continue;
1946 }
1947
1948 if (strncmp(buf, "friendly_name=", 14) == 0) {
1949 struct osu_lang_text *txt;
1950 if (last->friendly_name_count == MAX_OSU_VALS)
1951 continue;
1952 pos = strchr(buf + 14, ':');
1953 if (pos == NULL)
1954 continue;
1955 *pos++ = '\0';
1956 txt = &last->friendly_name[last->friendly_name_count++];
1957 snprintf(txt->lang, sizeof(txt->lang), "%s", buf + 14);
1958 snprintf(txt->text, sizeof(txt->text), "%s", pos);
1959 }
1960
1961 if (strncmp(buf, "desc=", 5) == 0) {
1962 struct osu_lang_text *txt;
1963 if (last->serv_desc_count == MAX_OSU_VALS)
1964 continue;
1965 pos = strchr(buf + 5, ':');
1966 if (pos == NULL)
1967 continue;
1968 *pos++ = '\0';
1969 txt = &last->serv_desc[last->serv_desc_count++];
1970 snprintf(txt->lang, sizeof(txt->lang), "%s", buf + 5);
1971 snprintf(txt->text, sizeof(txt->text), "%s", pos);
1972 }
1973
1974 if (strncmp(buf, "icon=", 5) == 0) {
1975 struct osu_icon *icon;
1976 if (last->icon_count == MAX_OSU_VALS)
1977 continue;
1978 icon = &last->icon[last->icon_count++];
1979 icon->id = atoi(buf + 5);
1980 pos = strchr(buf, ':');
1981 if (pos == NULL)
1982 continue;
1983 pos = strchr(pos + 1, ':');
1984 if (pos == NULL)
1985 continue;
1986 pos = strchr(pos + 1, ':');
1987 if (pos == NULL)
1988 continue;
1989 pos++;
1990 end = strchr(pos, ':');
1991 if (!end)
1992 continue;
1993 *end = '\0';
1994 snprintf(icon->lang, sizeof(icon->lang), "%s", pos);
1995 pos = end + 1;
1996
1997 end = strchr(pos, ':');
1998 if (end)
1999 *end = '\0';
2000 snprintf(icon->mime_type, sizeof(icon->mime_type),
2001 "%s", pos);
2002 if (!pos)
2003 continue;
2004 pos = end + 1;
2005
2006 end = strchr(pos, ':');
2007 if (end)
2008 *end = '\0';
2009 snprintf(icon->filename, sizeof(icon->filename),
2010 "%s", pos);
2011 continue;
2012 }
2013 }
2014
2015 fclose(f);
2016
2017 *count = osu_count;
2018 return osu;
2019}
2020
2021
2022static int osu_connect(struct hs20_osu_client *ctx, const char *bssid,
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2023 const char *ssid, const char *url,
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2024 unsigned int methods, int no_prod_assoc,
2025 const char *osu_nai)
2026{
2027 int id;
2028 const char *ifname = ctx->ifname;
2029 char buf[200];
2030 struct wpa_ctrl *mon;
2031 int res;
2032
2033 id = add_network(ifname);
2034 if (id < 0)
2035 return -1;
2036 if (set_network_quoted(ifname, id, "ssid", ssid) < 0)
2037 return -1;
2038 if (osu_nai && os_strlen(osu_nai) > 0) {
2039 char dir[255], fname[300];
2040 if (getcwd(dir, sizeof(dir)) == NULL)
2041 return -1;
2042 os_snprintf(fname, sizeof(fname), "%s/osu-ca.pem", dir);
2043
2044 if (set_network(ifname, id, "proto", "OSEN") < 0 ||
2045 set_network(ifname, id, "key_mgmt", "OSEN") < 0 ||
2046 set_network(ifname, id, "pairwise", "CCMP") < 0 ||
2047 set_network(ifname, id, "group", "GTK_NOT_USED") < 0 ||
2048 set_network(ifname, id, "eap", "WFA-UNAUTH-TLS") < 0 ||
2049 set_network(ifname, id, "ocsp", "2") < 0 ||
2050 set_network_quoted(ifname, id, "identity", osu_nai) < 0 ||
2051 set_network_quoted(ifname, id, "ca_cert", fname) < 0)
2052 return -1;
2053 } else {
2054 if (set_network(ifname, id, "key_mgmt", "NONE") < 0)
2055 return -1;
2056 }
2057
2058 mon = open_wpa_mon(ifname);
2059 if (mon == NULL)
2060 return -1;
2061
2062 wpa_printf(MSG_INFO, "Associate with OSU SSID");
2063 write_summary(ctx, "Associate with OSU SSID");
2064 snprintf(buf, sizeof(buf), "SELECT_NETWORK %d", id);
2065 if (wpa_command(ifname, buf) < 0)
2066 return -1;
2067
2068 res = get_wpa_cli_event(mon, "CTRL-EVENT-CONNECTED",
2069 buf, sizeof(buf));
2070
2071 wpa_ctrl_detach(mon);
2072 wpa_ctrl_close(mon);
2073
2074 if (res < 0) {
2075 wpa_printf(MSG_INFO, "Could not connect");
2076 write_summary(ctx, "Could not connect to OSU network");
2077 wpa_printf(MSG_INFO, "Remove OSU network connection");
2078 snprintf(buf, sizeof(buf), "REMOVE_NETWORK %d", id);
2079 wpa_command(ifname, buf);
2080 return -1;
2081 }
2082
2083 write_summary(ctx, "Waiting for IP address for subscription registration");
2084 if (wait_ip_addr(ifname, 15) < 0) {
2085 wpa_printf(MSG_INFO, "Could not get IP address for WLAN - try connection anyway");
2086 }
2087
2088 if (no_prod_assoc) {
2089 if (res < 0)
2090 return -1;
2091 wpa_printf(MSG_INFO, "No production connection used for testing purposes");
2092 write_summary(ctx, "No production connection used for testing purposes");
2093 return 0;
2094 }
2095
2096 ctx->no_reconnect = 1;
2097 if (methods & 0x02)
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2098 res = cmd_prov(ctx, url);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2099 else if (methods & 0x01)
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2100 res = cmd_oma_dm_prov(ctx, url);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2101
2102 wpa_printf(MSG_INFO, "Remove OSU network connection");
2103 write_summary(ctx, "Remove OSU network connection");
2104 snprintf(buf, sizeof(buf), "REMOVE_NETWORK %d", id);
2105 wpa_command(ifname, buf);
2106
2107 if (res < 0)
2108 return -1;
2109
2110 wpa_printf(MSG_INFO, "Requesting reconnection with updated configuration");
2111 write_summary(ctx, "Requesting reconnection with updated configuration");
2112 if (wpa_command(ctx->ifname, "INTERWORKING_SELECT auto") < 0) {
2113 wpa_printf(MSG_INFO, "Failed to request wpa_supplicant to reconnect");
2114 write_summary(ctx, "Failed to request wpa_supplicant to reconnect");
2115 return -1;
2116 }
2117
2118 return 0;
2119}
2120
2121
2122static int cmd_osu_select(struct hs20_osu_client *ctx, const char *dir,
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2123 int connect, int no_prod_assoc,
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2124 const char *friendly_name)
2125{
2126 char fname[255];
2127 FILE *f;
2128 struct osu_data *osu = NULL, *last = NULL;
2129 size_t osu_count, i, j;
2130 int ret;
2131
2132 write_summary(ctx, "OSU provider selection");
2133
2134 if (dir == NULL) {
2135 wpa_printf(MSG_INFO, "Missing dir parameter to osu_select");
2136 return -1;
2137 }
2138
2139 snprintf(fname, sizeof(fname), "%s/osu-providers.txt", dir);
2140 osu = parse_osu_providers(fname, &osu_count);
2141 if (osu == NULL) {
2142 wpa_printf(MSG_INFO, "Could not any OSU providers from %s",
2143 fname);
2144 write_result(ctx, "No OSU providers available");
2145 return -1;
2146 }
2147
2148 if (friendly_name) {
2149 for (i = 0; i < osu_count; i++) {
2150 last = &osu[i];
2151 for (j = 0; j < last->friendly_name_count; j++) {
2152 if (os_strcmp(last->friendly_name[j].text,
2153 friendly_name) == 0)
2154 break;
2155 }
2156 if (j < last->friendly_name_count)
2157 break;
2158 }
2159 if (i == osu_count) {
2160 wpa_printf(MSG_INFO, "Requested operator friendly name '%s' not found in the list of available providers",
2161 friendly_name);
2162 write_summary(ctx, "Requested operator friendly name '%s' not found in the list of available providers",
2163 friendly_name);
2164 free(osu);
2165 return -1;
2166 }
2167
2168 wpa_printf(MSG_INFO, "OSU Provider selected based on requested operator friendly name '%s'",
2169 friendly_name);
2170 write_summary(ctx, "OSU Provider selected based on requested operator friendly name '%s'",
2171 friendly_name);
2172 ret = i + 1;
2173 goto selected;
2174 }
2175
2176 snprintf(fname, sizeof(fname), "%s/osu-providers.html", dir);
2177 f = fopen(fname, "w");
2178 if (f == NULL) {
2179 wpa_printf(MSG_INFO, "Could not open %s", fname);
2180 free(osu);
2181 return -1;
2182 }
2183
2184 fprintf(f, "<html><head>"
2185 "<meta http-equiv=\"Content-type\" content=\"text/html; "
2186 "charset=utf-8\"<title>Select service operator</title>"
2187 "</head><body><h1>Select service operator</h1>\n");
2188
2189 if (osu_count == 0)
2190 fprintf(f, "No online signup available\n");
2191
2192 for (i = 0; i < osu_count; i++) {
2193 last = &osu[i];
2194#ifdef ANDROID
2195 fprintf(f, "<p>\n"
2196 "<a href=\"http://localhost:12345/osu/%d\">"
2197 "<table><tr><td>", (int) i + 1);
2198#else /* ANDROID */
2199 fprintf(f, "<p>\n"
2200 "<a href=\"osu://%d\">"
2201 "<table><tr><td>", (int) i + 1);
2202#endif /* ANDROID */
2203 for (j = 0; j < last->icon_count; j++) {
2204 fprintf(f, "<img src=\"osu-icon-%d.%s\">\n",
2205 last->icon[j].id,
2206 strcasecmp(last->icon[j].mime_type,
2207 "image/png") == 0 ? "png" : "icon");
2208 }
2209 fprintf(f, "<td>");
2210 for (j = 0; j < last->friendly_name_count; j++) {
2211 fprintf(f, "<small>[%s]</small> %s<br>\n",
2212 last->friendly_name[j].lang,
2213 last->friendly_name[j].text);
2214 }
2215 fprintf(f, "<tr><td colspan=2>");
2216 for (j = 0; j < last->serv_desc_count; j++) {
2217 fprintf(f, "<small>[%s]</small> %s<br>\n",
2218 last->serv_desc[j].lang,
2219 last->serv_desc[j].text);
2220 }
2221 fprintf(f, "</table></a><br><small>BSSID: %s<br>\n"
2222 "SSID: %s<br>\n",
2223 last->bssid, last->osu_ssid);
2224 if (last->osu_nai)
2225 fprintf(f, "NAI: %s<br>\n", last->osu_nai);
2226 fprintf(f, "URL: %s<br>\n"
2227 "methods:%s%s<br>\n"
2228 "</small></p>\n",
2229 last->url,
2230 last->methods & 0x01 ? " OMA-DM" : "",
2231 last->methods & 0x02 ? " SOAP-XML-SPP" : "");
2232 }
2233
2234 fprintf(f, "</body></html>\n");
2235
2236 fclose(f);
2237
2238 snprintf(fname, sizeof(fname), "file://%s/osu-providers.html", dir);
2239 write_summary(ctx, "Start web browser with OSU provider selection page");
2240 ret = hs20_web_browser(fname);
2241
2242selected:
2243 if (ret > 0 && (size_t) ret <= osu_count) {
2244 char *data;
2245 size_t data_len;
2246
2247 wpa_printf(MSG_INFO, "Selected OSU id=%d", ret);
2248 last = &osu[ret - 1];
2249 ret = 0;
2250 wpa_printf(MSG_INFO, "BSSID: %s", last->bssid);
2251 wpa_printf(MSG_INFO, "SSID: %s", last->osu_ssid);
2252 wpa_printf(MSG_INFO, "URL: %s", last->url);
2253 write_summary(ctx, "Selected OSU provider id=%d BSSID=%s SSID=%s URL=%s",
2254 ret, last->bssid, last->osu_ssid, last->url);
2255
2256 ctx->friendly_name_count = last->friendly_name_count;
2257 for (j = 0; j < last->friendly_name_count; j++) {
2258 wpa_printf(MSG_INFO, "FRIENDLY_NAME: [%s]%s",
2259 last->friendly_name[j].lang,
2260 last->friendly_name[j].text);
2261 os_strlcpy(ctx->friendly_name[j].lang,
2262 last->friendly_name[j].lang,
2263 sizeof(ctx->friendly_name[j].lang));
2264 os_strlcpy(ctx->friendly_name[j].text,
2265 last->friendly_name[j].text,
2266 sizeof(ctx->friendly_name[j].text));
2267 }
2268
2269 ctx->icon_count = last->icon_count;
2270 for (j = 0; j < last->icon_count; j++) {
2271 char fname[256];
2272
2273 os_snprintf(fname, sizeof(fname), "%s/osu-icon-%d.%s",
2274 dir, last->icon[j].id,
2275 strcasecmp(last->icon[j].mime_type,
2276 "image/png") == 0 ?
2277 "png" : "icon");
2278 wpa_printf(MSG_INFO, "ICON: %s (%s)",
2279 fname, last->icon[j].filename);
2280 os_strlcpy(ctx->icon_filename[j],
2281 last->icon[j].filename,
2282 sizeof(ctx->icon_filename[j]));
2283
2284 data = os_readfile(fname, &data_len);
2285 if (data) {
2286 sha256_vector(1, (const u8 **) &data, &data_len,
2287 ctx->icon_hash[j]);
2288 os_free(data);
2289 }
2290 }
2291
2292 if (connect == 2) {
2293 if (last->methods & 0x02)
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2294 ret = cmd_prov(ctx, last->url);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2295 else if (last->methods & 0x01)
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2296 ret = cmd_oma_dm_prov(ctx, last->url);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2297 else
2298 ret = -1;
2299 } else if (connect)
2300 ret = osu_connect(ctx, last->bssid, last->osu_ssid,
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2301 last->url, last->methods,
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2302 no_prod_assoc, last->osu_nai);
2303 } else
2304 ret = -1;
2305
2306 free(osu);
2307
2308 return ret;
2309}
2310
2311
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2312static int cmd_signup(struct hs20_osu_client *ctx, int no_prod_assoc,
2313 const char *friendly_name)
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2314{
2315 char dir[255];
2316 char fname[300], buf[400];
2317 struct wpa_ctrl *mon;
2318 const char *ifname;
2319 int res;
2320
2321 ifname = ctx->ifname;
2322
2323 if (getcwd(dir, sizeof(dir)) == NULL)
2324 return -1;
2325
2326 snprintf(fname, sizeof(fname), "%s/osu-info", dir);
2327 if (mkdir(fname, S_IRWXU | S_IRWXG) < 0 && errno != EEXIST) {
2328 wpa_printf(MSG_INFO, "mkdir(%s) failed: %s",
2329 fname, strerror(errno));
2330 return -1;
2331 }
2332
2333 snprintf(buf, sizeof(buf), "SET osu_dir %s", fname);
2334 if (wpa_command(ifname, buf) < 0) {
2335 wpa_printf(MSG_INFO, "Failed to configure osu_dir to wpa_supplicant");
2336 return -1;
2337 }
2338
2339 mon = open_wpa_mon(ifname);
2340 if (mon == NULL)
2341 return -1;
2342
2343 wpa_printf(MSG_INFO, "Starting OSU fetch");
2344 write_summary(ctx, "Starting OSU provider information fetch");
2345 if (wpa_command(ifname, "FETCH_OSU") < 0) {
2346 wpa_printf(MSG_INFO, "Could not start OSU fetch");
2347 wpa_ctrl_detach(mon);
2348 wpa_ctrl_close(mon);
2349 return -1;
2350 }
2351 res = get_wpa_cli_event(mon, "OSU provider fetch completed",
2352 buf, sizeof(buf));
2353
2354 wpa_ctrl_detach(mon);
2355 wpa_ctrl_close(mon);
2356
2357 if (res < 0) {
2358 wpa_printf(MSG_INFO, "OSU fetch did not complete");
2359 write_summary(ctx, "OSU fetch did not complete");
2360 return -1;
2361 }
2362 wpa_printf(MSG_INFO, "OSU provider fetch completed");
2363
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2364 return cmd_osu_select(ctx, fname, 1, no_prod_assoc, friendly_name);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2365}
2366
2367
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2368static int cmd_sub_rem(struct hs20_osu_client *ctx, const char *address,
2369 const char *pps_fname, const char *ca_fname)
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2370{
2371 xml_node_t *pps, *node;
2372 char pps_fname_buf[300];
2373 char ca_fname_buf[200];
2374 char *cred_username = NULL;
2375 char *cred_password = NULL;
2376 char *sub_rem_uri = NULL;
2377 char client_cert_buf[200];
2378 char *client_cert = NULL;
2379 char client_key_buf[200];
2380 char *client_key = NULL;
2381 int spp;
2382
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2383 wpa_printf(MSG_INFO, "Subscription remediation requested with Server URL: %s",
2384 address);
2385
2386 if (!pps_fname) {
2387 char buf[256];
2388 wpa_printf(MSG_INFO, "Determining PPS file based on Home SP information");
2389 if (os_strncmp(address, "fqdn=", 5) == 0) {
2390 wpa_printf(MSG_INFO, "Use requested FQDN from command line");
2391 os_snprintf(buf, sizeof(buf), "%s", address + 5);
2392 address = NULL;
2393 } else if (get_wpa_status(ctx->ifname, "provisioning_sp", buf,
2394 sizeof(buf)) < 0) {
2395 wpa_printf(MSG_INFO, "Could not get provisioning Home SP FQDN from wpa_supplicant");
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2396 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2397 }
2398 os_free(ctx->fqdn);
2399 ctx->fqdn = os_strdup(buf);
2400 if (ctx->fqdn == NULL)
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2401 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2402 wpa_printf(MSG_INFO, "Home SP FQDN for current credential: %s",
2403 buf);
2404 os_snprintf(pps_fname_buf, sizeof(pps_fname_buf),
2405 "SP/%s/pps.xml", ctx->fqdn);
2406 pps_fname = pps_fname_buf;
2407
2408 os_snprintf(ca_fname_buf, sizeof(ca_fname_buf), "SP/%s/ca.pem",
2409 ctx->fqdn);
2410 ca_fname = ca_fname_buf;
2411 }
2412
2413 if (!os_file_exists(pps_fname)) {
2414 wpa_printf(MSG_INFO, "PPS file '%s' does not exist or is not accessible",
2415 pps_fname);
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2416 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2417 }
2418 wpa_printf(MSG_INFO, "Using PPS file: %s", pps_fname);
2419
2420 if (ca_fname && !os_file_exists(ca_fname)) {
2421 wpa_printf(MSG_INFO, "CA file '%s' does not exist or is not accessible",
2422 ca_fname);
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2423 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2424 }
2425 wpa_printf(MSG_INFO, "Using server trust root: %s", ca_fname);
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2426 ctx->ca_fname = ca_fname;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2427
2428 pps = node_from_file(ctx->xml, pps_fname);
2429 if (pps == NULL) {
2430 wpa_printf(MSG_INFO, "Could not read PPS MO");
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2431 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2432 }
2433
2434 if (!ctx->fqdn) {
2435 char *tmp;
2436 node = get_child_node(ctx->xml, pps, "HomeSP/FQDN");
2437 if (node == NULL) {
2438 wpa_printf(MSG_INFO, "No HomeSP/FQDN found from PPS");
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2439 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2440 }
2441 tmp = xml_node_get_text(ctx->xml, node);
2442 if (tmp == NULL) {
2443 wpa_printf(MSG_INFO, "No HomeSP/FQDN text found from PPS");
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2444 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2445 }
2446 ctx->fqdn = os_strdup(tmp);
2447 xml_node_get_text_free(ctx->xml, tmp);
2448 if (!ctx->fqdn) {
2449 wpa_printf(MSG_INFO, "No FQDN known");
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2450 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2451 }
2452 }
2453
2454 node = get_child_node(ctx->xml, pps,
2455 "SubscriptionUpdate/UpdateMethod");
2456 if (node) {
2457 char *tmp;
2458 tmp = xml_node_get_text(ctx->xml, node);
2459 if (tmp && os_strcasecmp(tmp, "OMA-DM-ClientInitiated") == 0)
2460 spp = 0;
2461 else
2462 spp = 1;
2463 } else {
2464 wpa_printf(MSG_INFO, "No UpdateMethod specified - assume SPP");
2465 spp = 1;
2466 }
2467
2468 get_user_pw(ctx, pps, "SubscriptionUpdate/UsernamePassword",
2469 &cred_username, &cred_password);
2470 if (cred_username)
2471 wpa_printf(MSG_INFO, "Using username: %s", cred_username);
2472 if (cred_password)
2473 wpa_printf(MSG_DEBUG, "Using password: %s", cred_password);
2474
2475 if (cred_username == NULL && cred_password == NULL &&
2476 get_child_node(ctx->xml, pps, "Credential/DigitalCertificate")) {
2477 wpa_printf(MSG_INFO, "Using client certificate");
2478 os_snprintf(client_cert_buf, sizeof(client_cert_buf),
2479 "SP/%s/client-cert.pem", ctx->fqdn);
2480 client_cert = client_cert_buf;
2481 os_snprintf(client_key_buf, sizeof(client_key_buf),
2482 "SP/%s/client-key.pem", ctx->fqdn);
2483 client_key = client_key_buf;
2484 ctx->client_cert_present = 1;
2485 }
2486
2487 node = get_child_node(ctx->xml, pps, "SubscriptionUpdate/URI");
2488 if (node) {
2489 sub_rem_uri = xml_node_get_text(ctx->xml, node);
2490 if (sub_rem_uri &&
2491 (!address || os_strcmp(address, sub_rem_uri) != 0)) {
2492 wpa_printf(MSG_INFO, "Override sub rem URI based on PPS: %s",
2493 sub_rem_uri);
2494 address = sub_rem_uri;
2495 }
2496 }
2497 if (!address) {
2498 wpa_printf(MSG_INFO, "Server URL not known");
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2499 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2500 }
2501
2502 write_summary(ctx, "Wait for IP address for subscriptiom remediation");
2503 wpa_printf(MSG_INFO, "Wait for IP address before starting subscription remediation");
2504
2505 if (wait_ip_addr(ctx->ifname, 15) < 0) {
2506 wpa_printf(MSG_INFO, "Could not get IP address for WLAN - try connection anyway");
2507 }
2508
2509 if (spp)
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2510 spp_sub_rem(ctx, address, pps_fname,
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2511 client_cert, client_key,
2512 cred_username, cred_password, pps);
2513 else
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2514 oma_dm_sub_rem(ctx, address, pps_fname,
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2515 client_cert, client_key,
2516 cred_username, cred_password, pps);
2517
2518 xml_node_get_text_free(ctx->xml, sub_rem_uri);
2519 xml_node_get_text_free(ctx->xml, cred_username);
Dmitry Shmidtc2817022014-07-02 10:32:10 -0700[diff] [blame]2520 str_clear_free(cred_password);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2521 xml_node_free(ctx->xml, pps);
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2522 return 0;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2523}
2524
2525
2526static int cmd_pol_upd(struct hs20_osu_client *ctx, const char *address,
2527 const char *pps_fname, const char *ca_fname)
2528{
2529 xml_node_t *pps;
2530 xml_node_t *node;
2531 char pps_fname_buf[300];
2532 char ca_fname_buf[200];
2533 char *uri = NULL;
2534 char *cred_username = NULL;
2535 char *cred_password = NULL;
2536 char client_cert_buf[200];
2537 char *client_cert = NULL;
2538 char client_key_buf[200];
2539 char *client_key = NULL;
2540 int spp;
2541
2542 wpa_printf(MSG_INFO, "Policy update requested");
2543
2544 if (!pps_fname) {
2545 char buf[256];
2546 wpa_printf(MSG_INFO, "Determining PPS file based on Home SP information");
2547 if (os_strncmp(address, "fqdn=", 5) == 0) {
2548 wpa_printf(MSG_INFO, "Use requested FQDN from command line");
2549 os_snprintf(buf, sizeof(buf), "%s", address + 5);
2550 address = NULL;
2551 } else if (get_wpa_status(ctx->ifname, "provisioning_sp", buf,
2552 sizeof(buf)) < 0) {
2553 wpa_printf(MSG_INFO, "Could not get provisioning Home SP FQDN from wpa_supplicant");
2554 return -1;
2555 }
2556 os_free(ctx->fqdn);
2557 ctx->fqdn = os_strdup(buf);
2558 if (ctx->fqdn == NULL)
2559 return -1;
2560 wpa_printf(MSG_INFO, "Home SP FQDN for current credential: %s",
2561 buf);
2562 os_snprintf(pps_fname_buf, sizeof(pps_fname_buf),
2563 "SP/%s/pps.xml", ctx->fqdn);
2564 pps_fname = pps_fname_buf;
2565
2566 os_snprintf(ca_fname_buf, sizeof(ca_fname_buf), "SP/%s/ca.pem",
2567 buf);
2568 ca_fname = ca_fname_buf;
2569 }
2570
2571 if (!os_file_exists(pps_fname)) {
2572 wpa_printf(MSG_INFO, "PPS file '%s' does not exist or is not accessible",
2573 pps_fname);
2574 return -1;
2575 }
2576 wpa_printf(MSG_INFO, "Using PPS file: %s", pps_fname);
2577
2578 if (ca_fname && !os_file_exists(ca_fname)) {
2579 wpa_printf(MSG_INFO, "CA file '%s' does not exist or is not accessible",
2580 ca_fname);
2581 return -1;
2582 }
2583 wpa_printf(MSG_INFO, "Using server trust root: %s", ca_fname);
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2584 ctx->ca_fname = ca_fname;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2585
2586 pps = node_from_file(ctx->xml, pps_fname);
2587 if (pps == NULL) {
2588 wpa_printf(MSG_INFO, "Could not read PPS MO");
2589 return -1;
2590 }
2591
2592 if (!ctx->fqdn) {
2593 char *tmp;
2594 node = get_child_node(ctx->xml, pps, "HomeSP/FQDN");
2595 if (node == NULL) {
2596 wpa_printf(MSG_INFO, "No HomeSP/FQDN found from PPS");
2597 return -1;
2598 }
2599 tmp = xml_node_get_text(ctx->xml, node);
2600 if (tmp == NULL) {
2601 wpa_printf(MSG_INFO, "No HomeSP/FQDN text found from PPS");
2602 return -1;
2603 }
2604 ctx->fqdn = os_strdup(tmp);
2605 xml_node_get_text_free(ctx->xml, tmp);
2606 if (!ctx->fqdn) {
2607 wpa_printf(MSG_INFO, "No FQDN known");
2608 return -1;
2609 }
2610 }
2611
2612 node = get_child_node(ctx->xml, pps,
2613 "Policy/PolicyUpdate/UpdateMethod");
2614 if (node) {
2615 char *tmp;
2616 tmp = xml_node_get_text(ctx->xml, node);
2617 if (tmp && os_strcasecmp(tmp, "OMA-DM-ClientInitiated") == 0)
2618 spp = 0;
2619 else
2620 spp = 1;
2621 } else {
2622 wpa_printf(MSG_INFO, "No UpdateMethod specified - assume SPP");
2623 spp = 1;
2624 }
2625
2626 get_user_pw(ctx, pps, "Policy/PolicyUpdate/UsernamePassword",
2627 &cred_username, &cred_password);
2628 if (cred_username)
2629 wpa_printf(MSG_INFO, "Using username: %s", cred_username);
2630 if (cred_password)
2631 wpa_printf(MSG_DEBUG, "Using password: %s", cred_password);
2632
2633 if (cred_username == NULL && cred_password == NULL &&
2634 get_child_node(ctx->xml, pps, "Credential/DigitalCertificate")) {
2635 wpa_printf(MSG_INFO, "Using client certificate");
2636 os_snprintf(client_cert_buf, sizeof(client_cert_buf),
2637 "SP/%s/client-cert.pem", ctx->fqdn);
2638 client_cert = client_cert_buf;
2639 os_snprintf(client_key_buf, sizeof(client_key_buf),
2640 "SP/%s/client-key.pem", ctx->fqdn);
2641 client_key = client_key_buf;
2642 }
2643
2644 if (!address) {
2645 node = get_child_node(ctx->xml, pps, "Policy/PolicyUpdate/URI");
2646 if (node) {
2647 uri = xml_node_get_text(ctx->xml, node);
2648 wpa_printf(MSG_INFO, "URI based on PPS: %s", uri);
2649 address = uri;
2650 }
2651 }
2652 if (!address) {
2653 wpa_printf(MSG_INFO, "Server URL not known");
2654 return -1;
2655 }
2656
2657 if (spp)
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2658 spp_pol_upd(ctx, address, pps_fname,
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2659 client_cert, client_key,
2660 cred_username, cred_password, pps);
2661 else
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2662 oma_dm_pol_upd(ctx, address, pps_fname,
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2663 client_cert, client_key,
2664 cred_username, cred_password, pps);
2665
2666 xml_node_get_text_free(ctx->xml, uri);
2667 xml_node_get_text_free(ctx->xml, cred_username);
Dmitry Shmidtc2817022014-07-02 10:32:10 -0700[diff] [blame]2668 str_clear_free(cred_password);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2669 xml_node_free(ctx->xml, pps);
2670
2671 return 0;
2672}
2673
2674
2675static char * get_hostname(const char *url)
2676{
2677 const char *pos, *end, *end2;
2678 char *ret;
2679
2680 if (url == NULL)
2681 return NULL;
2682
2683 pos = os_strchr(url, '/');
2684 if (pos == NULL)
2685 return NULL;
2686 pos++;
2687 if (*pos != '/')
2688 return NULL;
2689 pos++;
2690
2691 end = os_strchr(pos, '/');
2692 end2 = os_strchr(pos, ':');
2693 if (end && end2 && end2 < end)
2694 end = end2;
2695 if (end)
2696 end--;
2697 else {
2698 end = pos;
2699 while (*end)
2700 end++;
2701 if (end > pos)
2702 end--;
2703 }
2704
2705 ret = os_malloc(end - pos + 2);
2706 if (ret == NULL)
2707 return NULL;
2708
2709 os_memcpy(ret, pos, end - pos + 1);
2710 ret[end - pos + 1] = '\0';
2711
2712 return ret;
2713}
2714
2715
2716static int osu_cert_cb(void *_ctx, struct http_cert *cert)
2717{
2718 struct hs20_osu_client *ctx = _ctx;
2719 unsigned int i, j;
2720 int found;
2721 char *host = NULL;
2722
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2723 wpa_printf(MSG_INFO, "osu_cert_cb(osu_cert_validation=%d)",
2724 !ctx->no_osu_cert_validation);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2725
2726 host = get_hostname(ctx->server_url);
2727
2728 for (i = 0; i < ctx->server_dnsname_count; i++)
2729 os_free(ctx->server_dnsname[i]);
2730 os_free(ctx->server_dnsname);
2731 ctx->server_dnsname = os_calloc(cert->num_dnsname, sizeof(char *));
2732 ctx->server_dnsname_count = 0;
2733
2734 found = 0;
2735 for (i = 0; i < cert->num_dnsname; i++) {
2736 if (ctx->server_dnsname) {
2737 ctx->server_dnsname[ctx->server_dnsname_count] =
2738 os_strdup(cert->dnsname[i]);
2739 if (ctx->server_dnsname[ctx->server_dnsname_count])
2740 ctx->server_dnsname_count++;
2741 }
2742 if (host && os_strcasecmp(host, cert->dnsname[i]) == 0)
2743 found = 1;
2744 wpa_printf(MSG_INFO, "dNSName '%s'", cert->dnsname[i]);
2745 }
2746
2747 if (host && !found) {
2748 wpa_printf(MSG_INFO, "Server name from URL (%s) did not match any dNSName - abort connection",
2749 host);
2750 write_result(ctx, "Server name from URL (%s) did not match any dNSName - abort connection",
2751 host);
2752 os_free(host);
2753 return -1;
2754 }
2755
2756 os_free(host);
2757
2758 for (i = 0; i < cert->num_othername; i++) {
2759 if (os_strcmp(cert->othername[i].oid,
2760 "1.3.6.1.4.1.40808.1.1.1") == 0) {
2761 wpa_hexdump_ascii(MSG_INFO,
2762 "id-wfa-hotspot-friendlyName",
2763 cert->othername[i].data,
2764 cert->othername[i].len);
2765 }
2766 }
2767
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2768 for (j = 0; !ctx->no_osu_cert_validation &&
2769 j < ctx->friendly_name_count; j++) {
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2770 int found = 0;
2771 for (i = 0; i < cert->num_othername; i++) {
2772 if (os_strcmp(cert->othername[i].oid,
2773 "1.3.6.1.4.1.40808.1.1.1") != 0)
2774 continue;
2775 if (cert->othername[i].len < 3)
2776 continue;
2777 if (os_strncasecmp((char *) cert->othername[i].data,
2778 ctx->friendly_name[j].lang, 3) != 0)
2779 continue;
2780 if (os_strncmp((char *) cert->othername[i].data + 3,
2781 ctx->friendly_name[j].text,
2782 cert->othername[i].len - 3) == 0) {
2783 found = 1;
2784 break;
2785 }
2786 }
2787
2788 if (!found) {
2789 wpa_printf(MSG_INFO, "No friendly name match found for '[%s]%s'",
2790 ctx->friendly_name[j].lang,
2791 ctx->friendly_name[j].text);
2792 write_result(ctx, "No friendly name match found for '[%s]%s'",
2793 ctx->friendly_name[j].lang,
2794 ctx->friendly_name[j].text);
2795 return -1;
2796 }
2797 }
2798
2799 for (i = 0; i < cert->num_logo; i++) {
2800 struct http_logo *logo = &cert->logo[i];
2801
2802 wpa_printf(MSG_INFO, "logo hash alg %s uri '%s'",
2803 logo->alg_oid, logo->uri);
2804 wpa_hexdump_ascii(MSG_INFO, "hashValue",
2805 logo->hash, logo->hash_len);
2806 }
2807
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2808 for (j = 0; !ctx->no_osu_cert_validation && j < ctx->icon_count; j++) {
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2809 int found = 0;
2810 char *name = ctx->icon_filename[j];
2811 size_t name_len = os_strlen(name);
2812
2813 wpa_printf(MSG_INFO, "Looking for icon file name '%s' match",
2814 name);
2815 for (i = 0; i < cert->num_logo; i++) {
2816 struct http_logo *logo = &cert->logo[i];
2817 size_t uri_len = os_strlen(logo->uri);
2818 char *pos;
2819
2820 wpa_printf(MSG_INFO, "Comparing to '%s' uri_len=%d name_len=%d",
2821 logo->uri, (int) uri_len, (int) name_len);
2822 if (uri_len < 1 + name_len)
2823 continue;
2824 pos = &logo->uri[uri_len - name_len - 1];
2825 if (*pos != '/')
2826 continue;
2827 pos++;
2828 if (os_strcmp(pos, name) == 0) {
2829 found = 1;
2830 break;
2831 }
2832 }
2833
2834 if (!found) {
2835 wpa_printf(MSG_INFO, "No icon filename match found for '%s'",
2836 name);
2837 write_result(ctx,
2838 "No icon filename match found for '%s'",
2839 name);
2840 return -1;
2841 }
2842 }
2843
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2844 for (j = 0; !ctx->no_osu_cert_validation && j < ctx->icon_count; j++) {
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2845 int found = 0;
2846
2847 for (i = 0; i < cert->num_logo; i++) {
2848 struct http_logo *logo = &cert->logo[i];
2849
2850 if (logo->hash_len != 32)
2851 continue;
2852 if (os_memcmp(logo->hash, ctx->icon_hash[j], 32) == 0) {
2853 found = 1;
2854 break;
2855 }
2856 }
2857
2858 if (!found) {
2859 wpa_printf(MSG_INFO, "No icon hash match found");
2860 write_result(ctx, "No icon hash match found");
2861 return -1;
2862 }
2863 }
2864
2865 return 0;
2866}
2867
2868
2869static int init_ctx(struct hs20_osu_client *ctx)
2870{
2871 xml_node_t *devinfo, *devid;
2872
2873 os_memset(ctx, 0, sizeof(*ctx));
2874 ctx->ifname = "wlan0";
2875 ctx->xml = xml_node_init_ctx(ctx, NULL);
2876 if (ctx->xml == NULL)
2877 return -1;
2878
2879 devinfo = node_from_file(ctx->xml, "devinfo.xml");
2880 if (!devinfo) {
2881 wpa_printf(MSG_ERROR, "devinfo.xml not found");
2882 return -1;
2883 }
2884
2885 devid = get_node(ctx->xml, devinfo, "DevId");
2886 if (devid) {
2887 char *tmp = xml_node_get_text(ctx->xml, devid);
2888 if (tmp) {
2889 ctx->devid = os_strdup(tmp);
2890 xml_node_get_text_free(ctx->xml, tmp);
2891 }
2892 }
2893 xml_node_free(ctx->xml, devinfo);
2894
2895 if (ctx->devid == NULL) {
2896 wpa_printf(MSG_ERROR, "Could not fetch DevId from devinfo.xml");
2897 return -1;
2898 }
2899
2900 ctx->http = http_init_ctx(ctx, ctx->xml);
2901 if (ctx->http == NULL) {
2902 xml_node_deinit_ctx(ctx->xml);
2903 return -1;
2904 }
2905 http_ocsp_set(ctx->http, 2);
2906 http_set_cert_cb(ctx->http, osu_cert_cb, ctx);
2907
2908 return 0;
2909}
2910
2911
2912static void deinit_ctx(struct hs20_osu_client *ctx)
2913{
2914 size_t i;
2915
2916 http_deinit_ctx(ctx->http);
2917 xml_node_deinit_ctx(ctx->xml);
2918 os_free(ctx->fqdn);
2919 os_free(ctx->server_url);
2920 os_free(ctx->devid);
2921
2922 for (i = 0; i < ctx->server_dnsname_count; i++)
2923 os_free(ctx->server_dnsname[i]);
2924 os_free(ctx->server_dnsname);
2925}
2926
2927
2928static void check_workarounds(struct hs20_osu_client *ctx)
2929{
2930 FILE *f;
2931 char buf[100];
2932 unsigned long int val = 0;
2933
2934 f = fopen("hs20-osu-client.workarounds", "r");
2935 if (f == NULL)
2936 return;
2937
2938 if (fgets(buf, sizeof(buf), f))
2939 val = strtoul(buf, NULL, 16);
2940
2941 fclose(f);
2942
2943 if (val) {
2944 wpa_printf(MSG_INFO, "Workarounds enabled: 0x%lx", val);
2945 ctx->workarounds = val;
2946 if (ctx->workarounds & WORKAROUND_OCSP_OPTIONAL)
2947 http_ocsp_set(ctx->http, 1);
2948 }
2949}
2950
2951
2952static void usage(void)
2953{
2954 printf("usage: hs20-osu-client [-dddqqKt] [-S<station ifname>] \\\n"
2955 " [-w<wpa_supplicant ctrl_iface dir>] "
2956 "[-r<result file>] [-f<debug file>] \\\n"
2957 " [-s<summary file>] \\\n"
2958 " <command> [arguments..]\n"
2959 "commands:\n"
2960 "- to_tnds <XML MO> <XML MO in TNDS format> [URN]\n"
2961 "- to_tnds2 <XML MO> <XML MO in TNDS format (Path) "
2962 "[URN]>\n"
2963 "- from_tnds <XML MO in TNDS format> <XML MO>\n"
2964 "- set_pps <PerProviderSubscription XML file name>\n"
2965 "- get_fqdn <PerProviderSubscription XML file name>\n"
2966 "- pol_upd [Server URL] [PPS] [CA cert]\n"
2967 "- sub_rem <Server URL> [PPS] [CA cert]\n"
2968 "- prov <Server URL> [CA cert]\n"
2969 "- oma_dm_prov <Server URL> [CA cert]\n"
2970 "- sim_prov <Server URL> [CA cert]\n"
2971 "- oma_dm_sim_prov <Server URL> [CA cert]\n"
2972 "- signup [CA cert]\n"
2973 "- dl_osu_ca <PPS> <CA file>\n"
2974 "- dl_polupd_ca <PPS> <CA file>\n"
2975 "- dl_aaa_ca <PPS> <CA file>\n"
2976 "- browser <URL>\n"
2977 "- parse_cert <X.509 certificate (DER)>\n"
2978 "- osu_select <OSU info directory> [CA cert]\n");
2979}
2980
2981
2982int main(int argc, char *argv[])
2983{
2984 struct hs20_osu_client ctx;
2985 int c;
2986 int ret = 0;
2987 int no_prod_assoc = 0;
2988 const char *friendly_name = NULL;
2989 const char *wpa_debug_file_path = NULL;
2990 extern char *wpas_ctrl_path;
2991 extern int wpa_debug_level;
2992 extern int wpa_debug_show_keys;
2993 extern int wpa_debug_timestamp;
2994
2995 if (init_ctx(&ctx) < 0)
2996 return -1;
2997
2998 for (;;) {
2999 c = getopt(argc, argv, "df:hi:KNO:qr:s:S:tw:");
3000 if (c < 0)
3001 break;
3002 switch (c) {
3003 case 'd':
3004 if (wpa_debug_level > 0)
3005 wpa_debug_level--;
3006 break;
3007 case 'f':
3008 wpa_debug_file_path = optarg;
3009 break;
3010 case 'K':
3011 wpa_debug_show_keys++;
3012 break;
3013 case 'N':
3014 no_prod_assoc = 1;
3015 break;
3016 case 'O':
3017 friendly_name = optarg;
3018 break;
3019 case 'q':
3020 wpa_debug_level++;
3021 break;
3022 case 'r':
3023 ctx.result_file = optarg;
3024 break;
3025 case 's':
3026 ctx.summary_file = optarg;
3027 break;
3028 case 'S':
3029 ctx.ifname = optarg;
3030 break;
3031 case 't':
3032 wpa_debug_timestamp++;
3033 break;
3034 case 'w':
3035 wpas_ctrl_path = optarg;
3036 break;
3037 case 'h':
3038 default:
3039 usage();
3040 exit(0);
3041 break;
3042 }
3043 }
3044
3045 if (argc - optind < 1) {
3046 usage();
3047 exit(0);
3048 }
3049
3050 wpa_debug_open_file(wpa_debug_file_path);
3051
3052#ifdef __linux__
3053 setlinebuf(stdout);
3054#endif /* __linux__ */
3055
3056 if (ctx.result_file)
3057 unlink(ctx.result_file);
3058 wpa_printf(MSG_DEBUG, "===[hs20-osu-client START - command: %s ]======"
3059 "================", argv[optind]);
3060 check_workarounds(&ctx);
3061
3062 if (strcmp(argv[optind], "to_tnds") == 0) {
3063 if (argc - optind < 2) {
3064 usage();
3065 exit(0);
3066 }
3067 cmd_to_tnds(&ctx, argv[optind + 1], argv[optind + 2],
3068 argc > optind + 3 ? argv[optind + 3] : NULL,
3069 0);
3070 } else if (strcmp(argv[optind], "to_tnds2") == 0) {
3071 if (argc - optind < 2) {
3072 usage();
3073 exit(0);
3074 }
3075 cmd_to_tnds(&ctx, argv[optind + 1], argv[optind + 2],
3076 argc > optind + 3 ? argv[optind + 3] : NULL,
3077 1);
3078 } else if (strcmp(argv[optind], "from_tnds") == 0) {
3079 if (argc - optind < 2) {
3080 usage();
3081 exit(0);
3082 }
3083 cmd_from_tnds(&ctx, argv[optind + 1], argv[optind + 2]);
3084 } else if (strcmp(argv[optind], "sub_rem") == 0) {
3085 if (argc - optind < 2) {
3086 usage();
3087 exit(0);
3088 }
3089 if (argc - optind < 2)
3090 wpa_printf(MSG_ERROR, "Server URL missing from command line");
3091 else
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]3092 ret = cmd_sub_rem(&ctx, argv[optind + 1],
3093 argc > optind + 2 ?
3094 argv[optind + 2] : NULL,
3095 argc > optind + 3 ?
3096 argv[optind + 3] : NULL);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3097 } else if (strcmp(argv[optind], "pol_upd") == 0) {
3098 if (argc - optind < 2) {
3099 usage();
3100 exit(0);
3101 }
3102 ret = cmd_pol_upd(&ctx, argc > 2 ? argv[optind + 1] : NULL,
3103 argc > optind + 2 ? argv[optind + 2] : NULL,
3104 argc > optind + 3 ? argv[optind + 3] : NULL);
3105 } else if (strcmp(argv[optind], "prov") == 0) {
3106 if (argc - optind < 2) {
3107 usage();
3108 exit(0);
3109 }
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3110 ctx.ca_fname = argv[optind + 2];
3111 cmd_prov(&ctx, argv[optind + 1]);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3112 } else if (strcmp(argv[optind], "sim_prov") == 0) {
3113 if (argc - optind < 2) {
3114 usage();
3115 exit(0);
3116 }
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3117 ctx.ca_fname = argv[optind + 2];
3118 cmd_sim_prov(&ctx, argv[optind + 1]);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3119 } else if (strcmp(argv[optind], "dl_osu_ca") == 0) {
3120 if (argc - optind < 2) {
3121 usage();
3122 exit(0);
3123 }
3124 cmd_dl_osu_ca(&ctx, argv[optind + 1], argv[optind + 2]);
3125 } else if (strcmp(argv[optind], "dl_polupd_ca") == 0) {
3126 if (argc - optind < 2) {
3127 usage();
3128 exit(0);
3129 }
3130 cmd_dl_polupd_ca(&ctx, argv[optind + 1], argv[optind + 2]);
3131 } else if (strcmp(argv[optind], "dl_aaa_ca") == 0) {
3132 if (argc - optind < 2) {
3133 usage();
3134 exit(0);
3135 }
3136 cmd_dl_aaa_ca(&ctx, argv[optind + 1], argv[optind + 2]);
3137 } else if (strcmp(argv[optind], "osu_select") == 0) {
3138 if (argc - optind < 2) {
3139 usage();
3140 exit(0);
3141 }
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3142 ctx.ca_fname = argc > optind + 2 ? argv[optind + 2] : NULL;
3143 cmd_osu_select(&ctx, argv[optind + 1], 2, 1, NULL);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3144 } else if (strcmp(argv[optind], "signup") == 0) {
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3145 ctx.ca_fname = argc > optind + 1 ? argv[optind + 1] : NULL;
3146 ret = cmd_signup(&ctx, no_prod_assoc, friendly_name);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3147 } else if (strcmp(argv[optind], "set_pps") == 0) {
3148 if (argc - optind < 2) {
3149 usage();
3150 exit(0);
3151 }
3152 cmd_set_pps(&ctx, argv[optind + 1]);
3153 } else if (strcmp(argv[optind], "get_fqdn") == 0) {
3154 if (argc - optind < 1) {
3155 usage();
3156 exit(0);
3157 }
3158 ret = cmd_get_fqdn(&ctx, argv[optind + 1]);
3159 } else if (strcmp(argv[optind], "oma_dm_prov") == 0) {
3160 if (argc - optind < 2) {
3161 usage();
3162 exit(0);
3163 }
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3164 ctx.ca_fname = argv[optind + 2];
3165 cmd_oma_dm_prov(&ctx, argv[optind + 1]);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3166 } else if (strcmp(argv[optind], "oma_dm_sim_prov") == 0) {
3167 if (argc - optind < 2) {
3168 usage();
3169 exit(0);
3170 }
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3171 ctx.ca_fname = argv[optind + 2];
3172 if (cmd_oma_dm_sim_prov(&ctx, argv[optind + 1]) < 0) {
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3173 write_summary(&ctx, "Failed to complete OMA DM SIM provisioning");
3174 return -1;
3175 }
3176 } else if (strcmp(argv[optind], "oma_dm_add") == 0) {
3177 if (argc - optind < 2) {
3178 usage();
3179 exit(0);
3180 }
3181 cmd_oma_dm_add(&ctx, argv[optind + 1], argv[optind + 2]);
3182 } else if (strcmp(argv[optind], "oma_dm_replace") == 0) {
3183 if (argc - optind < 2) {
3184 usage();
3185 exit(0);
3186 }
3187 cmd_oma_dm_replace(&ctx, argv[optind + 1], argv[optind + 2]);
3188 } else if (strcmp(argv[optind], "est_csr") == 0) {
3189 if (argc - optind < 2) {
3190 usage();
3191 exit(0);
3192 }
3193 mkdir("Cert", S_IRWXU);
3194 est_build_csr(&ctx, argv[optind + 1]);
3195 } else if (strcmp(argv[optind], "browser") == 0) {
3196 int ret;
3197
3198 if (argc - optind < 2) {
3199 usage();
3200 exit(0);
3201 }
3202
3203 wpa_printf(MSG_INFO, "Launch web browser to URL %s",
3204 argv[optind + 1]);
3205 ret = hs20_web_browser(argv[optind + 1]);
3206 wpa_printf(MSG_INFO, "Web browser result: %d", ret);
3207 } else if (strcmp(argv[optind], "parse_cert") == 0) {
3208 if (argc - optind < 2) {
3209 usage();
3210 exit(0);
3211 }
3212
3213 wpa_debug_level = MSG_MSGDUMP;
3214 http_parse_x509_certificate(ctx.http, argv[optind + 1]);
3215 wpa_debug_level = MSG_INFO;
3216 } else {
3217 wpa_printf(MSG_INFO, "Unknown command '%s'", argv[optind]);
3218 }
3219
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3220 deinit_ctx(&ctx);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3221 wpa_printf(MSG_DEBUG,
3222 "===[hs20-osu-client END ]======================");
3223
3224 wpa_debug_close_file();
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3225
3226 return ret;
3227}