Gitiles
Code Review Sign In
gerrit.omnirom.org / android_external_wpa_supplicant_8 / af9da3180dc20f57df1fc1e1811f3df9fa9e6ab5 / . / hs20 / client / osu_client.c
blob: 5cd823eeb5cd518f4be2d6af9bb25d04abcae3af [file] [log] [blame]
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]1/*
2 * Hotspot 2.0 OSU client
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3 * Copyright (c) 2012-2014, Qualcomm Atheros, Inc.
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9#include "includes.h"
10#include <time.h>
11#include <sys/stat.h>
Dmitry Shmidt7f656022015-02-25 14:36:37 -0800[diff] [blame]12#ifdef ANDROID
13#include "private/android_filesystem_config.h"
14#endif /* ANDROID */
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]15
16#include "common.h"
17#include "utils/browser.h"
18#include "utils/base64.h"
19#include "utils/xml-utils.h"
20#include "utils/http-utils.h"
21#include "common/wpa_ctrl.h"
22#include "common/wpa_helpers.h"
23#include "eap_common/eap_defs.h"
24#include "crypto/crypto.h"
25#include "crypto/sha256.h"
26#include "osu_client.h"
27
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame^]28const char *spp_xsd_fname = "spp.xsd";
29
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]30
31void write_result(struct hs20_osu_client *ctx, const char *fmt, ...)
32{
33 va_list ap;
34 FILE *f;
35 char buf[500];
36
37 va_start(ap, fmt);
38 vsnprintf(buf, sizeof(buf), fmt, ap);
39 va_end(ap);
40 write_summary(ctx, "%s", buf);
41
42 if (!ctx->result_file)
43 return;
44
45 f = fopen(ctx->result_file, "w");
46 if (f == NULL)
47 return;
48
49 va_start(ap, fmt);
50 vfprintf(f, fmt, ap);
51 va_end(ap);
52 fprintf(f, "\n");
53 fclose(f);
54}
55
56
57void write_summary(struct hs20_osu_client *ctx, const char *fmt, ...)
58{
59 va_list ap;
60 FILE *f;
61
62 if (!ctx->summary_file)
63 return;
64
65 f = fopen(ctx->summary_file, "a");
66 if (f == NULL)
67 return;
68
69 va_start(ap, fmt);
70 vfprintf(f, fmt, ap);
71 va_end(ap);
72 fprintf(f, "\n");
73 fclose(f);
74}
75
76
77void debug_dump_node(struct hs20_osu_client *ctx, const char *title,
78 xml_node_t *node)
79{
80 char *str = xml_node_to_str(ctx->xml, node);
81 wpa_printf(MSG_DEBUG, "[hs20] %s: '%s'", title, str);
82 free(str);
83}
84
85
86static int valid_fqdn(const char *fqdn)
87{
88 const char *pos;
89
90 /* TODO: could make this more complete.. */
91 if (strchr(fqdn, '.') == 0 || strlen(fqdn) > 255)
92 return 0;
93 for (pos = fqdn; *pos; pos++) {
94 if (*pos >= 'a' && *pos <= 'z')
95 continue;
96 if (*pos >= 'A' && *pos <= 'Z')
97 continue;
98 if (*pos >= '0' && *pos <= '9')
99 continue;
100 if (*pos == '-' || *pos == '.' || *pos == '_')
101 continue;
102 return 0;
103 }
104 return 1;
105}
106
107
108int osu_get_certificate(struct hs20_osu_client *ctx, xml_node_t *getcert)
109{
110 xml_node_t *node;
111 char *url, *user = NULL, *pw = NULL;
112 char *proto;
113 int ret = -1;
114
115 proto = xml_node_get_attr_value(ctx->xml, getcert,
116 "enrollmentProtocol");
117 if (!proto)
118 return -1;
119 wpa_printf(MSG_INFO, "getCertificate - enrollmentProtocol=%s", proto);
120 write_summary(ctx, "getCertificate - enrollmentProtocol=%s", proto);
121 if (os_strcasecmp(proto, "EST") != 0) {
122 wpa_printf(MSG_INFO, "Unsupported enrollmentProtocol");
123 xml_node_get_attr_value_free(ctx->xml, proto);
124 return -1;
125 }
126 xml_node_get_attr_value_free(ctx->xml, proto);
127
128 node = get_node(ctx->xml, getcert, "enrollmentServerURI");
129 if (node == NULL) {
130 wpa_printf(MSG_INFO, "Could not find enrollmentServerURI node");
131 xml_node_get_attr_value_free(ctx->xml, proto);
132 return -1;
133 }
134 url = xml_node_get_text(ctx->xml, node);
135 if (url == NULL) {
136 wpa_printf(MSG_INFO, "Could not get URL text");
137 return -1;
138 }
139 wpa_printf(MSG_INFO, "enrollmentServerURI: %s", url);
140 write_summary(ctx, "enrollmentServerURI: %s", url);
141
142 node = get_node(ctx->xml, getcert, "estUserID");
143 if (node == NULL && !ctx->client_cert_present) {
144 wpa_printf(MSG_INFO, "Could not find estUserID node");
145 goto fail;
146 }
147 if (node) {
148 user = xml_node_get_text(ctx->xml, node);
149 if (user == NULL) {
150 wpa_printf(MSG_INFO, "Could not get estUserID text");
151 goto fail;
152 }
153 wpa_printf(MSG_INFO, "estUserID: %s", user);
154 write_summary(ctx, "estUserID: %s", user);
155 }
156
157 node = get_node(ctx->xml, getcert, "estPassword");
158 if (node == NULL && !ctx->client_cert_present) {
159 wpa_printf(MSG_INFO, "Could not find estPassword node");
160 goto fail;
161 }
162 if (node) {
163 pw = xml_node_get_base64_text(ctx->xml, node, NULL);
164 if (pw == NULL) {
165 wpa_printf(MSG_INFO, "Could not get estPassword text");
166 goto fail;
167 }
168 wpa_printf(MSG_INFO, "estPassword: %s", pw);
169 }
170
171 mkdir("Cert", S_IRWXU);
172 if (est_load_cacerts(ctx, url) < 0 ||
173 est_build_csr(ctx, url) < 0 ||
174 est_simple_enroll(ctx, url, user, pw) < 0)
175 goto fail;
176
177 ret = 0;
178fail:
179 xml_node_get_text_free(ctx->xml, url);
180 xml_node_get_text_free(ctx->xml, user);
181 xml_node_get_text_free(ctx->xml, pw);
182
183 return ret;
184}
185
186
187static int process_est_cert(struct hs20_osu_client *ctx, xml_node_t *cert,
188 const char *fqdn)
189{
190 u8 digest1[SHA256_MAC_LEN], digest2[SHA256_MAC_LEN];
191 char *der, *pem;
192 size_t der_len, pem_len;
193 char *fingerprint;
194 char buf[200];
195
196 wpa_printf(MSG_INFO, "PPS for certificate credential - fqdn=%s", fqdn);
197
198 fingerprint = xml_node_get_text(ctx->xml, cert);
199 if (fingerprint == NULL)
200 return -1;
201 if (hexstr2bin(fingerprint, digest1, SHA256_MAC_LEN) < 0) {
202 wpa_printf(MSG_INFO, "Invalid SHA256 hash value");
203 write_result(ctx, "Invalid client certificate SHA256 hash value in PPS");
204 xml_node_get_text_free(ctx->xml, fingerprint);
205 return -1;
206 }
207 xml_node_get_text_free(ctx->xml, fingerprint);
208
209 der = os_readfile("Cert/est_cert.der", &der_len);
210 if (der == NULL) {
211 wpa_printf(MSG_INFO, "Could not find client certificate from EST");
212 write_result(ctx, "Could not find client certificate from EST");
213 return -1;
214 }
215
216 if (sha256_vector(1, (const u8 **) &der, &der_len, digest2) < 0) {
217 os_free(der);
218 return -1;
219 }
220 os_free(der);
221
222 if (os_memcmp(digest1, digest2, sizeof(digest1)) != 0) {
223 wpa_printf(MSG_INFO, "Client certificate from EST does not match fingerprint from PPS MO");
224 write_result(ctx, "Client certificate from EST does not match fingerprint from PPS MO");
225 return -1;
226 }
227
228 wpa_printf(MSG_INFO, "Client certificate from EST matches PPS MO");
229 unlink("Cert/est_cert.der");
230
231 os_snprintf(buf, sizeof(buf), "SP/%s/client-ca.pem", fqdn);
232 if (rename("Cert/est-cacerts.pem", buf) < 0) {
233 wpa_printf(MSG_INFO, "Could not move est-cacerts.pem to client-ca.pem: %s",
234 strerror(errno));
235 return -1;
236 }
237 pem = os_readfile(buf, &pem_len);
238
239 os_snprintf(buf, sizeof(buf), "SP/%s/client-cert.pem", fqdn);
240 if (rename("Cert/est_cert.pem", buf) < 0) {
241 wpa_printf(MSG_INFO, "Could not move est_cert.pem to client-cert.pem: %s",
242 strerror(errno));
243 os_free(pem);
244 return -1;
245 }
246
247 if (pem) {
248 FILE *f = fopen(buf, "a");
249 if (f) {
250 fwrite(pem, pem_len, 1, f);
251 fclose(f);
252 }
253 os_free(pem);
254 }
255
256 os_snprintf(buf, sizeof(buf), "SP/%s/client-key.pem", fqdn);
257 if (rename("Cert/privkey-plain.pem", buf) < 0) {
258 wpa_printf(MSG_INFO, "Could not move privkey-plain.pem to client-key.pem: %s",
259 strerror(errno));
260 return -1;
261 }
262
263 unlink("Cert/est-req.b64");
264 unlink("Cert/est-req.pem");
265 unlink("Cert/est-resp.raw");
266 rmdir("Cert");
267
268 return 0;
269}
270
271
272#define TMP_CERT_DL_FILE "tmp-cert-download"
273
274static int download_cert(struct hs20_osu_client *ctx, xml_node_t *params,
275 const char *fname)
276{
277 xml_node_t *url_node, *hash_node;
278 char *url, *hash;
279 char *cert;
280 size_t len;
281 u8 digest1[SHA256_MAC_LEN], digest2[SHA256_MAC_LEN];
282 int res;
283 unsigned char *b64;
284 FILE *f;
285
286 url_node = get_node(ctx->xml, params, "CertURL");
287 hash_node = get_node(ctx->xml, params, "CertSHA256Fingerprint");
288 if (url_node == NULL || hash_node == NULL)
289 return -1;
290 url = xml_node_get_text(ctx->xml, url_node);
291 hash = xml_node_get_text(ctx->xml, hash_node);
292 if (url == NULL || hash == NULL) {
293 xml_node_get_text_free(ctx->xml, url);
294 xml_node_get_text_free(ctx->xml, hash);
295 return -1;
296 }
297
298 wpa_printf(MSG_INFO, "CertURL: %s", url);
299 wpa_printf(MSG_INFO, "SHA256 hash: %s", hash);
300
301 if (hexstr2bin(hash, digest1, SHA256_MAC_LEN) < 0) {
302 wpa_printf(MSG_INFO, "Invalid SHA256 hash value");
303 write_result(ctx, "Invalid SHA256 hash value for downloaded certificate");
304 xml_node_get_text_free(ctx->xml, hash);
305 return -1;
306 }
307 xml_node_get_text_free(ctx->xml, hash);
308
309 write_summary(ctx, "Download certificate from %s", url);
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]310 ctx->no_osu_cert_validation = 1;
311 http_ocsp_set(ctx->http, 1);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]312 res = http_download_file(ctx->http, url, TMP_CERT_DL_FILE, NULL);
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]313 http_ocsp_set(ctx->http,
314 (ctx->workarounds & WORKAROUND_OCSP_OPTIONAL) ? 1 : 2);
315 ctx->no_osu_cert_validation = 0;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]316 xml_node_get_text_free(ctx->xml, url);
317 if (res < 0)
318 return -1;
319
320 cert = os_readfile(TMP_CERT_DL_FILE, &len);
321 remove(TMP_CERT_DL_FILE);
322 if (cert == NULL)
323 return -1;
324
325 if (sha256_vector(1, (const u8 **) &cert, &len, digest2) < 0) {
326 os_free(cert);
327 return -1;
328 }
329
330 if (os_memcmp(digest1, digest2, sizeof(digest1)) != 0) {
331 wpa_printf(MSG_INFO, "Downloaded certificate fingerprint did not match");
332 write_result(ctx, "Downloaded certificate fingerprint did not match");
333 os_free(cert);
334 return -1;
335 }
336
337 b64 = base64_encode((unsigned char *) cert, len, NULL);
338 os_free(cert);
339 if (b64 == NULL)
340 return -1;
341
342 f = fopen(fname, "wb");
343 if (f == NULL) {
344 os_free(b64);
345 return -1;
346 }
347
348 fprintf(f, "-----BEGIN CERTIFICATE-----\n"
349 "%s"
350 "-----END CERTIFICATE-----\n",
351 b64);
352
353 os_free(b64);
354 fclose(f);
355
356 wpa_printf(MSG_INFO, "Downloaded certificate into %s and validated fingerprint",
357 fname);
358 write_summary(ctx, "Downloaded certificate into %s and validated fingerprint",
359 fname);
360
361 return 0;
362}
363
364
365static int cmd_dl_osu_ca(struct hs20_osu_client *ctx, const char *pps_fname,
366 const char *ca_fname)
367{
368 xml_node_t *pps, *node;
369 int ret;
370
371 pps = node_from_file(ctx->xml, pps_fname);
372 if (pps == NULL) {
373 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
374 return -1;
375 }
376
377 node = get_child_node(ctx->xml, pps,
378 "SubscriptionUpdate/TrustRoot");
379 if (node == NULL) {
380 wpa_printf(MSG_INFO, "No SubscriptionUpdate/TrustRoot/CertURL found from PPS");
381 xml_node_free(ctx->xml, pps);
382 return -1;
383 }
384
385 ret = download_cert(ctx, node, ca_fname);
386 xml_node_free(ctx->xml, pps);
387
388 return ret;
389}
390
391
392static int cmd_dl_polupd_ca(struct hs20_osu_client *ctx, const char *pps_fname,
393 const char *ca_fname)
394{
395 xml_node_t *pps, *node;
396 int ret;
397
398 pps = node_from_file(ctx->xml, pps_fname);
399 if (pps == NULL) {
400 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
401 return -1;
402 }
403
404 node = get_child_node(ctx->xml, pps,
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]405 "Policy/PolicyUpdate/TrustRoot");
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]406 if (node == NULL) {
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]407 wpa_printf(MSG_INFO, "No Policy/PolicyUpdate/TrustRoot/CertURL found from PPS");
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]408 xml_node_free(ctx->xml, pps);
409 return -1;
410 }
411
412 ret = download_cert(ctx, node, ca_fname);
413 xml_node_free(ctx->xml, pps);
414
415 return ret;
416}
417
418
419static int cmd_dl_aaa_ca(struct hs20_osu_client *ctx, const char *pps_fname,
420 const char *ca_fname)
421{
422 xml_node_t *pps, *node, *aaa;
423 int ret;
424
425 pps = node_from_file(ctx->xml, pps_fname);
426 if (pps == NULL) {
427 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
428 return -1;
429 }
430
431 node = get_child_node(ctx->xml, pps,
432 "AAAServerTrustRoot");
433 if (node == NULL) {
434 wpa_printf(MSG_INFO, "No AAAServerTrustRoot/CertURL found from PPS");
435 xml_node_free(ctx->xml, pps);
436 return -1;
437 }
438
439 aaa = xml_node_first_child(ctx->xml, node);
440 if (aaa == NULL) {
441 wpa_printf(MSG_INFO, "No AAAServerTrustRoot/CertURL found from PPS");
442 xml_node_free(ctx->xml, pps);
443 return -1;
444 }
445
446 ret = download_cert(ctx, aaa, ca_fname);
447 xml_node_free(ctx->xml, pps);
448
449 return ret;
450}
451
452
453static int download_trust_roots(struct hs20_osu_client *ctx,
454 const char *pps_fname)
455{
456 char *dir, *pos;
457 char fname[300];
458 int ret;
459
460 dir = os_strdup(pps_fname);
461 if (dir == NULL)
462 return -1;
463 pos = os_strrchr(dir, '/');
464 if (pos == NULL) {
465 os_free(dir);
466 return -1;
467 }
468 *pos = '\0';
469
470 snprintf(fname, sizeof(fname), "%s/ca.pem", dir);
471 ret = cmd_dl_osu_ca(ctx, pps_fname, fname);
472 snprintf(fname, sizeof(fname), "%s/polupd-ca.pem", dir);
473 cmd_dl_polupd_ca(ctx, pps_fname, fname);
474 snprintf(fname, sizeof(fname), "%s/aaa-ca.pem", dir);
475 cmd_dl_aaa_ca(ctx, pps_fname, fname);
476
477 os_free(dir);
478
479 return ret;
480}
481
482
483static int server_dnsname_suffix_match(struct hs20_osu_client *ctx,
484 const char *fqdn)
485{
486 size_t match_len, len, i;
487 const char *val;
488
489 match_len = os_strlen(fqdn);
490
491 for (i = 0; i < ctx->server_dnsname_count; i++) {
492 wpa_printf(MSG_INFO,
493 "Checking suffix match against server dNSName %s",
494 ctx->server_dnsname[i]);
495 val = ctx->server_dnsname[i];
496 len = os_strlen(val);
497
498 if (match_len > len)
499 continue;
500
501 if (os_strncasecmp(val + len - match_len, fqdn, match_len) != 0)
502 continue; /* no match */
503
504 if (match_len == len)
505 return 1; /* exact match */
506
507 if (val[len - match_len - 1] == '.')
508 return 1; /* full label match completes suffix match */
509
510 /* Reject due to incomplete label match */
511 }
512
513 /* None of the dNSName(s) matched */
514 return 0;
515}
516
517
518int hs20_add_pps_mo(struct hs20_osu_client *ctx, const char *uri,
519 xml_node_t *add_mo, char *fname, size_t fname_len)
520{
521 char *str;
522 char *fqdn, *pos;
523 xml_node_t *tnds, *mo, *cert;
524 const char *name;
525 int ret;
526
527 if (strncmp(uri, "./Wi-Fi/", 8) != 0) {
528 wpa_printf(MSG_INFO, "Unsupported location for addMO to add PPS MO: '%s'",
529 uri);
530 write_result(ctx, "Unsupported location for addMO to add PPS MO: '%s'",
531 uri);
532 return -1;
533 }
534
535 fqdn = strdup(uri + 8);
536 if (fqdn == NULL)
537 return -1;
538 pos = strchr(fqdn, '/');
539 if (pos) {
540 if (os_strcasecmp(pos, "/PerProviderSubscription") != 0) {
541 wpa_printf(MSG_INFO, "Unsupported location for addMO to add PPS MO (extra directory): '%s'",
542 uri);
543 write_result(ctx, "Unsupported location for addMO to "
544 "add PPS MO (extra directory): '%s'", uri);
545 return -1;
546 }
547 *pos = '\0'; /* remove trailing slash and PPS node name */
548 }
549 wpa_printf(MSG_INFO, "SP FQDN: %s", fqdn);
550
551 if (!server_dnsname_suffix_match(ctx, fqdn)) {
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame^]552 wpa_printf(MSG_INFO,
553 "FQDN '%s' for new PPS MO did not have suffix match with server's dNSName values, count: %d",
554 fqdn, (int) ctx->server_dnsname_count);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]555 write_result(ctx, "FQDN '%s' for new PPS MO did not have suffix match with server's dNSName values",
556 fqdn);
557 free(fqdn);
558 return -1;
559 }
560
561 if (!valid_fqdn(fqdn)) {
562 wpa_printf(MSG_INFO, "Invalid FQDN '%s'", fqdn);
563 write_result(ctx, "Invalid FQDN '%s'", fqdn);
564 free(fqdn);
565 return -1;
566 }
567
568 mkdir("SP", S_IRWXU);
569 snprintf(fname, fname_len, "SP/%s", fqdn);
570 if (mkdir(fname, S_IRWXU) < 0) {
571 if (errno != EEXIST) {
572 int err = errno;
573 wpa_printf(MSG_INFO, "mkdir(%s) failed: %s",
574 fname, strerror(err));
575 free(fqdn);
576 return -1;
577 }
578 }
579
Dmitry Shmidt7f656022015-02-25 14:36:37 -0800[diff] [blame]580#ifdef ANDROID
581 /* Allow processes running with Group ID as AID_WIFI,
582 * to read files from SP/<fqdn> directory */
583 if (chown(fname, -1, AID_WIFI)) {
584 wpa_printf(MSG_INFO, "CTRL: Could not chown directory: %s",
585 strerror(errno));
586 /* Try to continue anyway */
587 }
588 if (chmod(fname, S_IRWXU | S_IRGRP | S_IXGRP) < 0) {
589 wpa_printf(MSG_INFO, "CTRL: Could not chmod directory: %s",
590 strerror(errno));
591 /* Try to continue anyway */
592 }
593#endif /* ANDROID */
594
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]595 snprintf(fname, fname_len, "SP/%s/pps.xml", fqdn);
596
597 if (os_file_exists(fname)) {
598 wpa_printf(MSG_INFO, "PPS file '%s' exists - reject addMO",
599 fname);
600 write_result(ctx, "PPS file '%s' exists - reject addMO",
601 fname);
602 free(fqdn);
603 return -2;
604 }
605 wpa_printf(MSG_INFO, "Using PPS file: %s", fname);
606
607 str = xml_node_get_text(ctx->xml, add_mo);
608 if (str == NULL) {
609 wpa_printf(MSG_INFO, "Could not extract MO text");
610 free(fqdn);
611 return -1;
612 }
613 wpa_printf(MSG_DEBUG, "[hs20] addMO text: '%s'", str);
614
615 tnds = xml_node_from_buf(ctx->xml, str);
616 xml_node_get_text_free(ctx->xml, str);
617 if (tnds == NULL) {
618 wpa_printf(MSG_INFO, "[hs20] Could not parse addMO text");
619 free(fqdn);
620 return -1;
621 }
622
623 mo = tnds_to_mo(ctx->xml, tnds);
624 if (mo == NULL) {
625 wpa_printf(MSG_INFO, "[hs20] Could not parse addMO TNDS text");
626 free(fqdn);
627 return -1;
628 }
629
630 debug_dump_node(ctx, "Parsed TNDS", mo);
631
632 name = xml_node_get_localname(ctx->xml, mo);
633 if (os_strcasecmp(name, "PerProviderSubscription") != 0) {
634 wpa_printf(MSG_INFO, "[hs20] Unexpected PPS MO root node name '%s'",
635 name);
636 free(fqdn);
637 return -1;
638 }
639
640 cert = get_child_node(ctx->xml, mo,
641 "Credential/DigitalCertificate/"
642 "CertSHA256Fingerprint");
643 if (cert && process_est_cert(ctx, cert, fqdn) < 0) {
644 xml_node_free(ctx->xml, mo);
645 free(fqdn);
646 return -1;
647 }
648 free(fqdn);
649
650 if (node_to_file(ctx->xml, fname, mo) < 0) {
651 wpa_printf(MSG_INFO, "Could not write MO to file");
652 xml_node_free(ctx->xml, mo);
653 return -1;
654 }
655 xml_node_free(ctx->xml, mo);
656
657 wpa_printf(MSG_INFO, "A new PPS MO added as '%s'", fname);
658 write_summary(ctx, "A new PPS MO added as '%s'", fname);
659
660 ret = download_trust_roots(ctx, fname);
661 if (ret < 0) {
662 wpa_printf(MSG_INFO, "Remove invalid PPS MO file");
663 write_summary(ctx, "Remove invalid PPS MO file");
664 unlink(fname);
665 }
666
667 return ret;
668}
669
670
671int update_pps_file(struct hs20_osu_client *ctx, const char *pps_fname,
672 xml_node_t *pps)
673{
674 char *str;
675 FILE *f;
676 char backup[300];
677
678 if (ctx->client_cert_present) {
679 xml_node_t *cert;
680 cert = get_child_node(ctx->xml, pps,
681 "Credential/DigitalCertificate/"
682 "CertSHA256Fingerprint");
683 if (cert && os_file_exists("Cert/est_cert.der") &&
684 process_est_cert(ctx, cert, ctx->fqdn) < 0) {
685 wpa_printf(MSG_INFO, "EST certificate update processing failed on PPS MO update");
686 return -1;
687 }
688 }
689
690 wpa_printf(MSG_INFO, "Updating PPS MO %s", pps_fname);
691
692 str = xml_node_to_str(ctx->xml, pps);
Dmitry Shmidt7f656022015-02-25 14:36:37 -0800[diff] [blame]693 if (str == NULL) {
694 wpa_printf(MSG_ERROR, "No node found");
695 return -1;
696 }
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]697 wpa_printf(MSG_MSGDUMP, "[hs20] Updated PPS: '%s'", str);
698
699 snprintf(backup, sizeof(backup), "%s.bak", pps_fname);
700 rename(pps_fname, backup);
701 f = fopen(pps_fname, "w");
702 if (f == NULL) {
703 wpa_printf(MSG_INFO, "Could not write PPS");
704 rename(backup, pps_fname);
705 free(str);
706 return -1;
707 }
708 fprintf(f, "%s\n", str);
709 fclose(f);
710
711 free(str);
712
713 return 0;
714}
715
716
717void get_user_pw(struct hs20_osu_client *ctx, xml_node_t *pps,
718 const char *alt_loc, char **user, char **pw)
719{
720 xml_node_t *node;
721
722 node = get_child_node(ctx->xml, pps,
723 "Credential/UsernamePassword/Username");
724 if (node)
725 *user = xml_node_get_text(ctx->xml, node);
726
727 node = get_child_node(ctx->xml, pps,
728 "Credential/UsernamePassword/Password");
729 if (node)
730 *pw = xml_node_get_base64_text(ctx->xml, node, NULL);
731
732 node = get_child_node(ctx->xml, pps, alt_loc);
733 if (node) {
734 xml_node_t *a;
735 a = get_node(ctx->xml, node, "Username");
736 if (a) {
737 xml_node_get_text_free(ctx->xml, *user);
738 *user = xml_node_get_text(ctx->xml, a);
739 wpa_printf(MSG_INFO, "Use OSU username '%s'", *user);
740 }
741
742 a = get_node(ctx->xml, node, "Password");
743 if (a) {
744 free(*pw);
745 *pw = xml_node_get_base64_text(ctx->xml, a, NULL);
746 wpa_printf(MSG_INFO, "Use OSU password");
747 }
748 }
749}
750
751
752/* Remove old credentials based on HomeSP/FQDN */
753static void remove_sp_creds(struct hs20_osu_client *ctx, const char *fqdn)
754{
755 char cmd[300];
756 os_snprintf(cmd, sizeof(cmd), "REMOVE_CRED provisioning_sp=%s", fqdn);
757 if (wpa_command(ctx->ifname, cmd) < 0)
758 wpa_printf(MSG_INFO, "Failed to remove old credential(s)");
759}
760
761
762static void set_pps_cred_policy_spe(struct hs20_osu_client *ctx, int id,
763 xml_node_t *spe)
764{
765 xml_node_t *ssid;
766 char *txt;
767
768 ssid = get_node(ctx->xml, spe, "SSID");
769 if (ssid == NULL)
770 return;
771 txt = xml_node_get_text(ctx->xml, ssid);
772 if (txt == NULL)
773 return;
774 wpa_printf(MSG_DEBUG, "- Policy/SPExclusionList/<X+>/SSID = %s", txt);
775 if (set_cred_quoted(ctx->ifname, id, "excluded_ssid", txt) < 0)
776 wpa_printf(MSG_INFO, "Failed to set cred excluded_ssid");
777 xml_node_get_text_free(ctx->xml, txt);
778}
779
780
781static void set_pps_cred_policy_spel(struct hs20_osu_client *ctx, int id,
782 xml_node_t *spel)
783{
784 xml_node_t *child;
785
786 xml_node_for_each_child(ctx->xml, child, spel) {
787 xml_node_for_each_check(ctx->xml, child);
788 set_pps_cred_policy_spe(ctx, id, child);
789 }
790}
791
792
793static void set_pps_cred_policy_prp(struct hs20_osu_client *ctx, int id,
794 xml_node_t *prp)
795{
796 xml_node_t *node;
797 char *txt = NULL, *pos;
798 char *prio, *country_buf = NULL;
799 const char *country;
800 char val[200];
801 int priority;
802
803 node = get_node(ctx->xml, prp, "Priority");
804 if (node == NULL)
805 return;
806 prio = xml_node_get_text(ctx->xml, node);
807 if (prio == NULL)
808 return;
809 wpa_printf(MSG_INFO, "- Policy/PreferredRoamingPartnerList/<X+>/Priority = %s",
810 prio);
811 priority = atoi(prio);
812 xml_node_get_text_free(ctx->xml, prio);
813
814 node = get_node(ctx->xml, prp, "Country");
815 if (node) {
816 country_buf = xml_node_get_text(ctx->xml, node);
817 if (country_buf == NULL)
818 return;
819 country = country_buf;
820 wpa_printf(MSG_INFO, "- Policy/PreferredRoamingPartnerList/<X+>/Country = %s",
821 country);
822 } else {
823 country = "*";
824 }
825
826 node = get_node(ctx->xml, prp, "FQDN_Match");
827 if (node == NULL)
828 goto out;
829 txt = xml_node_get_text(ctx->xml, node);
830 if (txt == NULL)
831 goto out;
832 wpa_printf(MSG_INFO, "- Policy/PreferredRoamingPartnerList/<X+>/FQDN_Match = %s",
833 txt);
834 pos = strrchr(txt, ',');
835 if (pos == NULL)
836 goto out;
837 *pos++ = '\0';
838
839 snprintf(val, sizeof(val), "%s,%d,%d,%s", txt,
840 strcmp(pos, "includeSubdomains") != 0, priority, country);
841 if (set_cred_quoted(ctx->ifname, id, "roaming_partner", val) < 0)
842 wpa_printf(MSG_INFO, "Failed to set cred roaming_partner");
843out:
844 xml_node_get_text_free(ctx->xml, country_buf);
845 xml_node_get_text_free(ctx->xml, txt);
846}
847
848
849static void set_pps_cred_policy_prpl(struct hs20_osu_client *ctx, int id,
850 xml_node_t *prpl)
851{
852 xml_node_t *child;
853
854 xml_node_for_each_child(ctx->xml, child, prpl) {
855 xml_node_for_each_check(ctx->xml, child);
856 set_pps_cred_policy_prp(ctx, id, child);
857 }
858}
859
860
861static void set_pps_cred_policy_min_backhaul(struct hs20_osu_client *ctx, int id,
862 xml_node_t *min_backhaul)
863{
864 xml_node_t *node;
865 char *type, *dl = NULL, *ul = NULL;
866 int home;
867
868 node = get_node(ctx->xml, min_backhaul, "NetworkType");
869 if (node == NULL) {
870 wpa_printf(MSG_INFO, "Ignore MinBackhaulThreshold without mandatory NetworkType node");
871 return;
872 }
873
874 type = xml_node_get_text(ctx->xml, node);
875 if (type == NULL)
876 return;
877 wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold/<X+>/NetworkType = %s",
878 type);
879 if (os_strcasecmp(type, "home") == 0)
880 home = 1;
881 else if (os_strcasecmp(type, "roaming") == 0)
882 home = 0;
883 else {
884 wpa_printf(MSG_INFO, "Ignore MinBackhaulThreshold with invalid NetworkType");
885 xml_node_get_text_free(ctx->xml, type);
886 return;
887 }
888 xml_node_get_text_free(ctx->xml, type);
889
890 node = get_node(ctx->xml, min_backhaul, "DLBandwidth");
891 if (node)
892 dl = xml_node_get_text(ctx->xml, node);
893
894 node = get_node(ctx->xml, min_backhaul, "ULBandwidth");
895 if (node)
896 ul = xml_node_get_text(ctx->xml, node);
897
898 if (dl == NULL && ul == NULL) {
899 wpa_printf(MSG_INFO, "Ignore MinBackhaulThreshold without either DLBandwidth or ULBandwidth nodes");
900 return;
901 }
902
903 if (dl)
904 wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold/<X+>/DLBandwidth = %s",
905 dl);
906 if (ul)
907 wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold/<X+>/ULBandwidth = %s",
908 ul);
909
910 if (home) {
911 if (dl &&
912 set_cred(ctx->ifname, id, "min_dl_bandwidth_home", dl) < 0)
913 wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
914 if (ul &&
915 set_cred(ctx->ifname, id, "min_ul_bandwidth_home", ul) < 0)
916 wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
917 } else {
918 if (dl &&
919 set_cred(ctx->ifname, id, "min_dl_bandwidth_roaming", dl) <
920 0)
921 wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
922 if (ul &&
923 set_cred(ctx->ifname, id, "min_ul_bandwidth_roaming", ul) <
924 0)
925 wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
926 }
927
928 xml_node_get_text_free(ctx->xml, dl);
929 xml_node_get_text_free(ctx->xml, ul);
930}
931
932
933static void set_pps_cred_policy_min_backhaul_list(struct hs20_osu_client *ctx,
934 int id, xml_node_t *node)
935{
936 xml_node_t *child;
937
938 wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold");
939
940 xml_node_for_each_child(ctx->xml, child, node) {
941 xml_node_for_each_check(ctx->xml, child);
942 set_pps_cred_policy_min_backhaul(ctx, id, child);
943 }
944}
945
946
947static void set_pps_cred_policy_update(struct hs20_osu_client *ctx, int id,
948 xml_node_t *node)
949{
950 wpa_printf(MSG_INFO, "- Policy/PolicyUpdate");
951 /* Not used in wpa_supplicant */
952}
953
954
955static void set_pps_cred_policy_required_proto_port(struct hs20_osu_client *ctx,
956 int id, xml_node_t *tuple)
957{
958 xml_node_t *node;
959 char *proto, *port;
960 char *buf;
961 size_t buflen;
962
963 node = get_node(ctx->xml, tuple, "IPProtocol");
964 if (node == NULL) {
965 wpa_printf(MSG_INFO, "Ignore RequiredProtoPortTuple without mandatory IPProtocol node");
966 return;
967 }
968
969 proto = xml_node_get_text(ctx->xml, node);
970 if (proto == NULL)
971 return;
972
973 wpa_printf(MSG_INFO, "- Policy/RequiredProtoPortTuple/<X+>/IPProtocol = %s",
974 proto);
975
976 node = get_node(ctx->xml, tuple, "PortNumber");
977 port = node ? xml_node_get_text(ctx->xml, node) : NULL;
978 if (port) {
979 wpa_printf(MSG_INFO, "- Policy/RequiredProtoPortTuple/<X+>/PortNumber = %s",
980 port);
981 buflen = os_strlen(proto) + os_strlen(port) + 10;
982 buf = os_malloc(buflen);
983 if (buf)
984 os_snprintf(buf, buflen, "%s:%s", proto, port);
985 xml_node_get_text_free(ctx->xml, port);
986 } else {
987 buflen = os_strlen(proto) + 10;
988 buf = os_malloc(buflen);
989 if (buf)
990 os_snprintf(buf, buflen, "%s", proto);
991 }
992
993 xml_node_get_text_free(ctx->xml, proto);
994
995 if (buf == NULL)
996 return;
997
998 if (set_cred(ctx->ifname, id, "req_conn_capab", buf) < 0)
999 wpa_printf(MSG_INFO, "Could not set req_conn_capab");
1000
1001 os_free(buf);
1002}
1003
1004
1005static void set_pps_cred_policy_required_proto_ports(struct hs20_osu_client *ctx,
1006 int id, xml_node_t *node)
1007{
1008 xml_node_t *child;
1009
1010 wpa_printf(MSG_INFO, "- Policy/RequiredProtoPortTuple");
1011
1012 xml_node_for_each_child(ctx->xml, child, node) {
1013 xml_node_for_each_check(ctx->xml, child);
1014 set_pps_cred_policy_required_proto_port(ctx, id, child);
1015 }
1016}
1017
1018
1019static void set_pps_cred_policy_max_bss_load(struct hs20_osu_client *ctx, int id,
1020 xml_node_t *node)
1021{
1022 char *str = xml_node_get_text(ctx->xml, node);
1023 if (str == NULL)
1024 return;
1025 wpa_printf(MSG_INFO, "- Policy/MaximumBSSLoadValue - %s", str);
1026 if (set_cred(ctx->ifname, id, "max_bss_load", str) < 0)
1027 wpa_printf(MSG_INFO, "Failed to set cred max_bss_load limit");
1028 xml_node_get_text_free(ctx->xml, str);
1029}
1030
1031
1032static void set_pps_cred_policy(struct hs20_osu_client *ctx, int id,
1033 xml_node_t *node)
1034{
1035 xml_node_t *child;
1036 const char *name;
1037
1038 wpa_printf(MSG_INFO, "- Policy");
1039
1040 xml_node_for_each_child(ctx->xml, child, node) {
1041 xml_node_for_each_check(ctx->xml, child);
1042 name = xml_node_get_localname(ctx->xml, child);
1043 if (os_strcasecmp(name, "PreferredRoamingPartnerList") == 0)
1044 set_pps_cred_policy_prpl(ctx, id, child);
1045 else if (os_strcasecmp(name, "MinBackhaulThreshold") == 0)
1046 set_pps_cred_policy_min_backhaul_list(ctx, id, child);
1047 else if (os_strcasecmp(name, "PolicyUpdate") == 0)
1048 set_pps_cred_policy_update(ctx, id, child);
1049 else if (os_strcasecmp(name, "SPExclusionList") == 0)
1050 set_pps_cred_policy_spel(ctx, id, child);
1051 else if (os_strcasecmp(name, "RequiredProtoPortTuple") == 0)
1052 set_pps_cred_policy_required_proto_ports(ctx, id, child);
1053 else if (os_strcasecmp(name, "MaximumBSSLoadValue") == 0)
1054 set_pps_cred_policy_max_bss_load(ctx, id, child);
1055 else
1056 wpa_printf(MSG_INFO, "Unknown Policy node '%s'", name);
1057 }
1058}
1059
1060
1061static void set_pps_cred_priority(struct hs20_osu_client *ctx, int id,
1062 xml_node_t *node)
1063{
1064 char *str = xml_node_get_text(ctx->xml, node);
1065 if (str == NULL)
1066 return;
1067 wpa_printf(MSG_INFO, "- CredentialPriority = %s", str);
1068 if (set_cred(ctx->ifname, id, "sp_priority", str) < 0)
1069 wpa_printf(MSG_INFO, "Failed to set cred sp_priority");
1070 xml_node_get_text_free(ctx->xml, str);
1071}
1072
1073
1074static void set_pps_cred_aaa_server_trust_root(struct hs20_osu_client *ctx,
1075 int id, xml_node_t *node)
1076{
1077 wpa_printf(MSG_INFO, "- AAAServerTrustRoot - TODO");
1078}
1079
1080
1081static void set_pps_cred_sub_update(struct hs20_osu_client *ctx, int id,
1082 xml_node_t *node)
1083{
1084 wpa_printf(MSG_INFO, "- SubscriptionUpdate");
1085 /* not used within wpa_supplicant */
1086}
1087
1088
1089static void set_pps_cred_home_sp_network_id(struct hs20_osu_client *ctx,
1090 int id, xml_node_t *node)
1091{
1092 xml_node_t *ssid_node, *hessid_node;
1093 char *ssid, *hessid;
1094
1095 ssid_node = get_node(ctx->xml, node, "SSID");
1096 if (ssid_node == NULL) {
1097 wpa_printf(MSG_INFO, "Ignore HomeSP/NetworkID without mandatory SSID node");
1098 return;
1099 }
1100
1101 hessid_node = get_node(ctx->xml, node, "HESSID");
1102
1103 ssid = xml_node_get_text(ctx->xml, ssid_node);
1104 if (ssid == NULL)
1105 return;
1106 hessid = hessid_node ? xml_node_get_text(ctx->xml, hessid_node) : NULL;
1107
1108 wpa_printf(MSG_INFO, "- HomeSP/NetworkID/<X+>/SSID = %s", ssid);
1109 if (hessid)
1110 wpa_printf(MSG_INFO, "- HomeSP/NetworkID/<X+>/HESSID = %s",
1111 hessid);
1112
1113 /* TODO: Configure to wpa_supplicant */
1114
1115 xml_node_get_text_free(ctx->xml, ssid);
1116 xml_node_get_text_free(ctx->xml, hessid);
1117}
1118
1119
1120static void set_pps_cred_home_sp_network_ids(struct hs20_osu_client *ctx,
1121 int id, xml_node_t *node)
1122{
1123 xml_node_t *child;
1124
1125 wpa_printf(MSG_INFO, "- HomeSP/NetworkID");
1126
1127 xml_node_for_each_child(ctx->xml, child, node) {
1128 xml_node_for_each_check(ctx->xml, child);
1129 set_pps_cred_home_sp_network_id(ctx, id, child);
1130 }
1131}
1132
1133
1134static void set_pps_cred_home_sp_friendly_name(struct hs20_osu_client *ctx,
1135 int id, xml_node_t *node)
1136{
1137 char *str = xml_node_get_text(ctx->xml, node);
1138 if (str == NULL)
1139 return;
1140 wpa_printf(MSG_INFO, "- HomeSP/FriendlyName = %s", str);
1141 /* not used within wpa_supplicant(?) */
1142 xml_node_get_text_free(ctx->xml, str);
1143}
1144
1145
1146static void set_pps_cred_home_sp_icon_url(struct hs20_osu_client *ctx,
1147 int id, xml_node_t *node)
1148{
1149 char *str = xml_node_get_text(ctx->xml, node);
1150 if (str == NULL)
1151 return;
1152 wpa_printf(MSG_INFO, "- HomeSP/IconURL = %s", str);
1153 /* not used within wpa_supplicant */
1154 xml_node_get_text_free(ctx->xml, str);
1155}
1156
1157
1158static void set_pps_cred_home_sp_fqdn(struct hs20_osu_client *ctx, int id,
1159 xml_node_t *node)
1160{
1161 char *str = xml_node_get_text(ctx->xml, node);
1162 if (str == NULL)
1163 return;
1164 wpa_printf(MSG_INFO, "- HomeSP/FQDN = %s", str);
1165 if (set_cred_quoted(ctx->ifname, id, "domain", str) < 0)
1166 wpa_printf(MSG_INFO, "Failed to set cred domain");
1167 if (set_cred_quoted(ctx->ifname, id, "domain_suffix_match", str) < 0)
1168 wpa_printf(MSG_INFO, "Failed to set cred domain_suffix_match");
1169 xml_node_get_text_free(ctx->xml, str);
1170}
1171
1172
1173static void set_pps_cred_home_sp_oi(struct hs20_osu_client *ctx, int id,
1174 xml_node_t *node)
1175{
1176 xml_node_t *child;
1177 const char *name;
1178 char *homeoi = NULL;
1179 int required = 0;
1180 char *str;
1181
1182 xml_node_for_each_child(ctx->xml, child, node) {
1183 xml_node_for_each_check(ctx->xml, child);
1184 name = xml_node_get_localname(ctx->xml, child);
1185 if (strcasecmp(name, "HomeOI") == 0 && !homeoi) {
1186 homeoi = xml_node_get_text(ctx->xml, child);
1187 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+>/HomeOI = %s",
1188 homeoi);
1189 } else if (strcasecmp(name, "HomeOIRequired") == 0) {
1190 str = xml_node_get_text(ctx->xml, child);
1191 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+>/HomeOIRequired = '%s'",
1192 str);
1193 if (str == NULL)
1194 continue;
1195 required = strcasecmp(str, "true") == 0;
1196 xml_node_get_text_free(ctx->xml, str);
1197 } else
1198 wpa_printf(MSG_INFO, "Unknown HomeOIList node '%s'",
1199 name);
1200 }
1201
1202 if (homeoi == NULL) {
1203 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+> without HomeOI ignored");
1204 return;
1205 }
1206
1207 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+> '%s' required=%d",
1208 homeoi, required);
1209
1210 if (required) {
1211 if (set_cred(ctx->ifname, id, "required_roaming_consortium",
1212 homeoi) < 0)
1213 wpa_printf(MSG_INFO, "Failed to set cred required_roaming_consortium");
1214 } else {
1215 if (set_cred_quoted(ctx->ifname, id, "roaming_consortium",
1216 homeoi) < 0)
1217 wpa_printf(MSG_INFO, "Failed to set cred roaming_consortium");
1218 }
1219
1220 xml_node_get_text_free(ctx->xml, homeoi);
1221}
1222
1223
1224static void set_pps_cred_home_sp_oi_list(struct hs20_osu_client *ctx, int id,
1225 xml_node_t *node)
1226{
1227 xml_node_t *child;
1228
1229 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList");
1230
1231 xml_node_for_each_child(ctx->xml, child, node) {
1232 xml_node_for_each_check(ctx->xml, child);
1233 set_pps_cred_home_sp_oi(ctx, id, child);
1234 }
1235}
1236
1237
1238static void set_pps_cred_home_sp_other_partner(struct hs20_osu_client *ctx,
1239 int id, xml_node_t *node)
1240{
1241 xml_node_t *child;
1242 const char *name;
1243 char *fqdn = NULL;
1244
1245 xml_node_for_each_child(ctx->xml, child, node) {
1246 xml_node_for_each_check(ctx->xml, child);
1247 name = xml_node_get_localname(ctx->xml, child);
1248 if (os_strcasecmp(name, "FQDN") == 0 && !fqdn) {
1249 fqdn = xml_node_get_text(ctx->xml, child);
1250 wpa_printf(MSG_INFO, "- HomeSP/OtherHomePartners/<X+>/FQDN = %s",
1251 fqdn);
1252 } else
1253 wpa_printf(MSG_INFO, "Unknown OtherHomePartners node '%s'",
1254 name);
1255 }
1256
1257 if (fqdn == NULL) {
1258 wpa_printf(MSG_INFO, "- HomeSP/OtherHomePartners/<X+> without FQDN ignored");
1259 return;
1260 }
1261
1262 if (set_cred_quoted(ctx->ifname, id, "domain", fqdn) < 0)
1263 wpa_printf(MSG_INFO, "Failed to set cred domain for OtherHomePartners node");
1264
1265 xml_node_get_text_free(ctx->xml, fqdn);
1266}
1267
1268
1269static void set_pps_cred_home_sp_other_partners(struct hs20_osu_client *ctx,
1270 int id,
1271 xml_node_t *node)
1272{
1273 xml_node_t *child;
1274
1275 wpa_printf(MSG_INFO, "- HomeSP/OtherHomePartners");
1276
1277 xml_node_for_each_child(ctx->xml, child, node) {
1278 xml_node_for_each_check(ctx->xml, child);
1279 set_pps_cred_home_sp_other_partner(ctx, id, child);
1280 }
1281}
1282
1283
1284static void set_pps_cred_home_sp_roaming_consortium_oi(
1285 struct hs20_osu_client *ctx, int id, xml_node_t *node)
1286{
1287 char *str = xml_node_get_text(ctx->xml, node);
1288 if (str == NULL)
1289 return;
1290 wpa_printf(MSG_INFO, "- HomeSP/RoamingConsortiumOI = %s", str);
1291 /* TODO: Set to wpa_supplicant */
1292 xml_node_get_text_free(ctx->xml, str);
1293}
1294
1295
1296static void set_pps_cred_home_sp(struct hs20_osu_client *ctx, int id,
1297 xml_node_t *node)
1298{
1299 xml_node_t *child;
1300 const char *name;
1301
1302 wpa_printf(MSG_INFO, "- HomeSP");
1303
1304 xml_node_for_each_child(ctx->xml, child, node) {
1305 xml_node_for_each_check(ctx->xml, child);
1306 name = xml_node_get_localname(ctx->xml, child);
1307 if (os_strcasecmp(name, "NetworkID") == 0)
1308 set_pps_cred_home_sp_network_ids(ctx, id, child);
1309 else if (os_strcasecmp(name, "FriendlyName") == 0)
1310 set_pps_cred_home_sp_friendly_name(ctx, id, child);
1311 else if (os_strcasecmp(name, "IconURL") == 0)
1312 set_pps_cred_home_sp_icon_url(ctx, id, child);
1313 else if (os_strcasecmp(name, "FQDN") == 0)
1314 set_pps_cred_home_sp_fqdn(ctx, id, child);
1315 else if (os_strcasecmp(name, "HomeOIList") == 0)
1316 set_pps_cred_home_sp_oi_list(ctx, id, child);
1317 else if (os_strcasecmp(name, "OtherHomePartners") == 0)
1318 set_pps_cred_home_sp_other_partners(ctx, id, child);
1319 else if (os_strcasecmp(name, "RoamingConsortiumOI") == 0)
1320 set_pps_cred_home_sp_roaming_consortium_oi(ctx, id,
1321 child);
1322 else
1323 wpa_printf(MSG_INFO, "Unknown HomeSP node '%s'", name);
1324 }
1325}
1326
1327
1328static void set_pps_cred_sub_params(struct hs20_osu_client *ctx, int id,
1329 xml_node_t *node)
1330{
1331 wpa_printf(MSG_INFO, "- SubscriptionParameters");
1332 /* not used within wpa_supplicant */
1333}
1334
1335
1336static void set_pps_cred_creation_date(struct hs20_osu_client *ctx, int id,
1337 xml_node_t *node)
1338{
1339 char *str = xml_node_get_text(ctx->xml, node);
1340 if (str == NULL)
1341 return;
1342 wpa_printf(MSG_INFO, "- Credential/CreationDate = %s", str);
1343 /* not used within wpa_supplicant */
1344 xml_node_get_text_free(ctx->xml, str);
1345}
1346
1347
1348static void set_pps_cred_expiration_date(struct hs20_osu_client *ctx, int id,
1349 xml_node_t *node)
1350{
1351 char *str = xml_node_get_text(ctx->xml, node);
1352 if (str == NULL)
1353 return;
1354 wpa_printf(MSG_INFO, "- Credential/ExpirationDate = %s", str);
1355 /* not used within wpa_supplicant */
1356 xml_node_get_text_free(ctx->xml, str);
1357}
1358
1359
1360static void set_pps_cred_username(struct hs20_osu_client *ctx, int id,
1361 xml_node_t *node)
1362{
1363 char *str = xml_node_get_text(ctx->xml, node);
1364 if (str == NULL)
1365 return;
1366 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/Username = %s",
1367 str);
1368 if (set_cred_quoted(ctx->ifname, id, "username", str) < 0)
1369 wpa_printf(MSG_INFO, "Failed to set cred username");
1370 xml_node_get_text_free(ctx->xml, str);
1371}
1372
1373
1374static void set_pps_cred_password(struct hs20_osu_client *ctx, int id,
1375 xml_node_t *node)
1376{
1377 int len, i;
1378 char *pw, *hex, *pos, *end;
1379
1380 pw = xml_node_get_base64_text(ctx->xml, node, &len);
1381 if (pw == NULL)
1382 return;
1383
1384 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/Password = %s", pw);
1385
1386 hex = malloc(len * 2 + 1);
1387 if (hex == NULL) {
1388 free(pw);
1389 return;
1390 }
1391 end = hex + len * 2 + 1;
1392 pos = hex;
1393 for (i = 0; i < len; i++) {
1394 snprintf(pos, end - pos, "%02x", pw[i]);
1395 pos += 2;
1396 }
1397 free(pw);
1398
1399 if (set_cred(ctx->ifname, id, "password", hex) < 0)
1400 wpa_printf(MSG_INFO, "Failed to set cred password");
1401 free(hex);
1402}
1403
1404
1405static void set_pps_cred_machine_managed(struct hs20_osu_client *ctx, int id,
1406 xml_node_t *node)
1407{
1408 char *str = xml_node_get_text(ctx->xml, node);
1409 if (str == NULL)
1410 return;
1411 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/MachineManaged = %s",
1412 str);
1413 /* not used within wpa_supplicant */
1414 xml_node_get_text_free(ctx->xml, str);
1415}
1416
1417
1418static void set_pps_cred_soft_token_app(struct hs20_osu_client *ctx, int id,
1419 xml_node_t *node)
1420{
1421 char *str = xml_node_get_text(ctx->xml, node);
1422 if (str == NULL)
1423 return;
1424 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/SoftTokenApp = %s",
1425 str);
1426 /* not used within wpa_supplicant */
1427 xml_node_get_text_free(ctx->xml, str);
1428}
1429
1430
1431static void set_pps_cred_able_to_share(struct hs20_osu_client *ctx, int id,
1432 xml_node_t *node)
1433{
1434 char *str = xml_node_get_text(ctx->xml, node);
1435 if (str == NULL)
1436 return;
1437 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/AbleToShare = %s",
1438 str);
1439 /* not used within wpa_supplicant */
1440 xml_node_get_text_free(ctx->xml, str);
1441}
1442
1443
1444static void set_pps_cred_eap_method(struct hs20_osu_client *ctx, int id,
1445 xml_node_t *node)
1446{
1447 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/EAPMethod - TODO");
1448}
1449
1450
1451static void set_pps_cred_username_password(struct hs20_osu_client *ctx, int id,
1452 xml_node_t *node)
1453{
1454 xml_node_t *child;
1455 const char *name;
1456
1457 wpa_printf(MSG_INFO, "- Credential/UsernamePassword");
1458
1459 xml_node_for_each_child(ctx->xml, child, node) {
1460 xml_node_for_each_check(ctx->xml, child);
1461 name = xml_node_get_localname(ctx->xml, child);
1462 if (os_strcasecmp(name, "Username") == 0)
1463 set_pps_cred_username(ctx, id, child);
1464 else if (os_strcasecmp(name, "Password") == 0)
1465 set_pps_cred_password(ctx, id, child);
1466 else if (os_strcasecmp(name, "MachineManaged") == 0)
1467 set_pps_cred_machine_managed(ctx, id, child);
1468 else if (os_strcasecmp(name, "SoftTokenApp") == 0)
1469 set_pps_cred_soft_token_app(ctx, id, child);
1470 else if (os_strcasecmp(name, "AbleToShare") == 0)
1471 set_pps_cred_able_to_share(ctx, id, child);
1472 else if (os_strcasecmp(name, "EAPMethod") == 0)
1473 set_pps_cred_eap_method(ctx, id, child);
1474 else
1475 wpa_printf(MSG_INFO, "Unknown Credential/UsernamePassword node '%s'",
1476 name);
1477 }
1478}
1479
1480
1481static void set_pps_cred_digital_cert(struct hs20_osu_client *ctx, int id,
1482 xml_node_t *node, const char *fqdn)
1483{
1484 char buf[200], dir[200];
1485
1486 wpa_printf(MSG_INFO, "- Credential/DigitalCertificate");
1487
1488 if (getcwd(dir, sizeof(dir)) == NULL)
1489 return;
1490
1491 /* TODO: could build username from Subject of Subject AltName */
1492 if (set_cred_quoted(ctx->ifname, id, "username", "cert") < 0) {
1493 wpa_printf(MSG_INFO, "Failed to set username");
1494 }
1495
1496 snprintf(buf, sizeof(buf), "%s/SP/%s/client-cert.pem", dir, fqdn);
1497 if (os_file_exists(buf)) {
1498 if (set_cred_quoted(ctx->ifname, id, "client_cert", buf) < 0) {
1499 wpa_printf(MSG_INFO, "Failed to set client_cert");
1500 }
1501 }
1502
1503 snprintf(buf, sizeof(buf), "%s/SP/%s/client-key.pem", dir, fqdn);
1504 if (os_file_exists(buf)) {
1505 if (set_cred_quoted(ctx->ifname, id, "private_key", buf) < 0) {
1506 wpa_printf(MSG_INFO, "Failed to set private_key");
1507 }
1508 }
1509}
1510
1511
1512static void set_pps_cred_realm(struct hs20_osu_client *ctx, int id,
1513 xml_node_t *node, const char *fqdn, int sim)
1514{
1515 char *str = xml_node_get_text(ctx->xml, node);
1516 char buf[200], dir[200];
1517
1518 if (str == NULL)
1519 return;
1520
1521 wpa_printf(MSG_INFO, "- Credential/Realm = %s", str);
1522 if (set_cred_quoted(ctx->ifname, id, "realm", str) < 0)
1523 wpa_printf(MSG_INFO, "Failed to set cred realm");
1524 xml_node_get_text_free(ctx->xml, str);
1525
1526 if (sim)
1527 return;
1528
1529 if (getcwd(dir, sizeof(dir)) == NULL)
1530 return;
1531 snprintf(buf, sizeof(buf), "%s/SP/%s/aaa-ca.pem", dir, fqdn);
1532 if (os_file_exists(buf)) {
1533 if (set_cred_quoted(ctx->ifname, id, "ca_cert", buf) < 0) {
1534 wpa_printf(MSG_INFO, "Failed to set CA cert");
1535 }
1536 }
1537}
1538
1539
1540static void set_pps_cred_check_aaa_cert_status(struct hs20_osu_client *ctx,
1541 int id, xml_node_t *node)
1542{
1543 char *str = xml_node_get_text(ctx->xml, node);
1544
1545 if (str == NULL)
1546 return;
1547
1548 wpa_printf(MSG_INFO, "- Credential/CheckAAAServerCertStatus = %s", str);
1549 if (os_strcasecmp(str, "true") == 0 &&
1550 set_cred(ctx->ifname, id, "ocsp", "2") < 0)
1551 wpa_printf(MSG_INFO, "Failed to set cred ocsp");
1552 xml_node_get_text_free(ctx->xml, str);
1553}
1554
1555
1556static void set_pps_cred_sim(struct hs20_osu_client *ctx, int id,
1557 xml_node_t *sim, xml_node_t *realm)
1558{
1559 xml_node_t *node;
1560 char *imsi, *eaptype, *str, buf[20];
1561 int type;
1562 int mnc_len = 3;
1563 size_t imsi_len;
1564
1565 node = get_node(ctx->xml, sim, "EAPType");
1566 if (node == NULL) {
1567 wpa_printf(MSG_INFO, "No SIM/EAPType node in credential");
1568 return;
1569 }
1570 eaptype = xml_node_get_text(ctx->xml, node);
1571 if (eaptype == NULL) {
1572 wpa_printf(MSG_INFO, "Could not extract SIM/EAPType");
1573 return;
1574 }
1575 wpa_printf(MSG_INFO, " - Credential/SIM/EAPType = %s", eaptype);
1576 type = atoi(eaptype);
1577 xml_node_get_text_free(ctx->xml, eaptype);
1578
1579 switch (type) {
1580 case EAP_TYPE_SIM:
1581 if (set_cred(ctx->ifname, id, "eap", "SIM") < 0)
1582 wpa_printf(MSG_INFO, "Could not set eap=SIM");
1583 break;
1584 case EAP_TYPE_AKA:
1585 if (set_cred(ctx->ifname, id, "eap", "AKA") < 0)
1586 wpa_printf(MSG_INFO, "Could not set eap=SIM");
1587 break;
1588 case EAP_TYPE_AKA_PRIME:
1589 if (set_cred(ctx->ifname, id, "eap", "AKA'") < 0)
1590 wpa_printf(MSG_INFO, "Could not set eap=SIM");
1591 break;
1592 default:
1593 wpa_printf(MSG_INFO, "Unsupported SIM/EAPType %d", type);
1594 return;
1595 }
1596
1597 node = get_node(ctx->xml, sim, "IMSI");
1598 if (node == NULL) {
1599 wpa_printf(MSG_INFO, "No SIM/IMSI node in credential");
1600 return;
1601 }
1602 imsi = xml_node_get_text(ctx->xml, node);
1603 if (imsi == NULL) {
1604 wpa_printf(MSG_INFO, "Could not extract SIM/IMSI");
1605 return;
1606 }
1607 wpa_printf(MSG_INFO, " - Credential/SIM/IMSI = %s", imsi);
1608 imsi_len = os_strlen(imsi);
1609 if (imsi_len < 7 || imsi_len + 2 > sizeof(buf)) {
1610 wpa_printf(MSG_INFO, "Invalid IMSI length");
1611 xml_node_get_text_free(ctx->xml, imsi);
1612 return;
1613 }
1614
1615 str = xml_node_get_text(ctx->xml, node);
1616 if (str) {
1617 char *pos;
1618 pos = os_strstr(str, "mnc");
1619 if (pos && os_strlen(pos) >= 6) {
1620 if (os_strncmp(imsi + 3, pos + 3, 3) == 0)
1621 mnc_len = 3;
1622 else if (os_strncmp(imsi + 3, pos + 4, 2) == 0)
1623 mnc_len = 2;
1624 }
1625 xml_node_get_text_free(ctx->xml, str);
1626 }
1627
1628 os_memcpy(buf, imsi, 3 + mnc_len);
1629 buf[3 + mnc_len] = '-';
1630 os_strlcpy(buf + 3 + mnc_len + 1, imsi + 3 + mnc_len,
1631 sizeof(buf) - 3 - mnc_len - 1);
1632
1633 xml_node_get_text_free(ctx->xml, imsi);
1634
1635 if (set_cred_quoted(ctx->ifname, id, "imsi", buf) < 0)
1636 wpa_printf(MSG_INFO, "Could not set IMSI");
1637
1638 if (set_cred_quoted(ctx->ifname, id, "milenage",
1639 "90dca4eda45b53cf0f12d7c9c3bc6a89:"
1640 "cb9cccc4b9258e6dca4760379fb82581:000000000123") <
1641 0)
1642 wpa_printf(MSG_INFO, "Could not set Milenage parameters");
1643}
1644
1645
1646static void set_pps_cred_credential(struct hs20_osu_client *ctx, int id,
1647 xml_node_t *node, const char *fqdn)
1648{
1649 xml_node_t *child, *sim, *realm;
1650 const char *name;
1651
1652 wpa_printf(MSG_INFO, "- Credential");
1653
1654 sim = get_node(ctx->xml, node, "SIM");
1655 realm = get_node(ctx->xml, node, "Realm");
1656
1657 xml_node_for_each_child(ctx->xml, child, node) {
1658 xml_node_for_each_check(ctx->xml, child);
1659 name = xml_node_get_localname(ctx->xml, child);
1660 if (os_strcasecmp(name, "CreationDate") == 0)
1661 set_pps_cred_creation_date(ctx, id, child);
1662 else if (os_strcasecmp(name, "ExpirationDate") == 0)
1663 set_pps_cred_expiration_date(ctx, id, child);
1664 else if (os_strcasecmp(name, "UsernamePassword") == 0)
1665 set_pps_cred_username_password(ctx, id, child);
1666 else if (os_strcasecmp(name, "DigitalCertificate") == 0)
1667 set_pps_cred_digital_cert(ctx, id, child, fqdn);
1668 else if (os_strcasecmp(name, "Realm") == 0)
1669 set_pps_cred_realm(ctx, id, child, fqdn, sim != NULL);
1670 else if (os_strcasecmp(name, "CheckAAAServerCertStatus") == 0)
1671 set_pps_cred_check_aaa_cert_status(ctx, id, child);
1672 else if (os_strcasecmp(name, "SIM") == 0)
1673 set_pps_cred_sim(ctx, id, child, realm);
1674 else
1675 wpa_printf(MSG_INFO, "Unknown Credential node '%s'",
1676 name);
1677 }
1678}
1679
1680
1681static void set_pps_credential(struct hs20_osu_client *ctx, int id,
1682 xml_node_t *cred, const char *fqdn)
1683{
1684 xml_node_t *child;
1685 const char *name;
1686
1687 xml_node_for_each_child(ctx->xml, child, cred) {
1688 xml_node_for_each_check(ctx->xml, child);
1689 name = xml_node_get_localname(ctx->xml, child);
1690 if (os_strcasecmp(name, "Policy") == 0)
1691 set_pps_cred_policy(ctx, id, child);
1692 else if (os_strcasecmp(name, "CredentialPriority") == 0)
1693 set_pps_cred_priority(ctx, id, child);
1694 else if (os_strcasecmp(name, "AAAServerTrustRoot") == 0)
1695 set_pps_cred_aaa_server_trust_root(ctx, id, child);
1696 else if (os_strcasecmp(name, "SubscriptionUpdate") == 0)
1697 set_pps_cred_sub_update(ctx, id, child);
1698 else if (os_strcasecmp(name, "HomeSP") == 0)
1699 set_pps_cred_home_sp(ctx, id, child);
1700 else if (os_strcasecmp(name, "SubscriptionParameters") == 0)
1701 set_pps_cred_sub_params(ctx, id, child);
1702 else if (os_strcasecmp(name, "Credential") == 0)
1703 set_pps_cred_credential(ctx, id, child, fqdn);
1704 else
1705 wpa_printf(MSG_INFO, "Unknown credential node '%s'",
1706 name);
1707 }
1708}
1709
1710
1711static void set_pps(struct hs20_osu_client *ctx, xml_node_t *pps,
1712 const char *fqdn)
1713{
1714 xml_node_t *child;
1715 const char *name;
1716 int id;
1717 char *update_identifier = NULL;
1718
1719 /*
1720 * TODO: Could consider more complex mechanism that would remove
1721 * credentials only if there are changes in the information sent to
1722 * wpa_supplicant.
1723 */
1724 remove_sp_creds(ctx, fqdn);
1725
1726 xml_node_for_each_child(ctx->xml, child, pps) {
1727 xml_node_for_each_check(ctx->xml, child);
1728 name = xml_node_get_localname(ctx->xml, child);
1729 if (os_strcasecmp(name, "UpdateIdentifier") == 0) {
1730 update_identifier = xml_node_get_text(ctx->xml, child);
1731 if (update_identifier) {
1732 wpa_printf(MSG_INFO, "- UpdateIdentifier = %s",
1733 update_identifier);
1734 break;
1735 }
1736 }
1737 }
1738
1739 xml_node_for_each_child(ctx->xml, child, pps) {
1740 xml_node_for_each_check(ctx->xml, child);
1741 name = xml_node_get_localname(ctx->xml, child);
1742 if (os_strcasecmp(name, "UpdateIdentifier") == 0)
1743 continue;
1744 id = add_cred(ctx->ifname);
1745 if (id < 0) {
1746 wpa_printf(MSG_INFO, "Failed to add credential to wpa_supplicant");
1747 write_summary(ctx, "Failed to add credential to wpa_supplicant");
1748 break;
1749 }
1750 write_summary(ctx, "Add a credential to wpa_supplicant");
1751 if (update_identifier &&
1752 set_cred(ctx->ifname, id, "update_identifier",
1753 update_identifier) < 0)
1754 wpa_printf(MSG_INFO, "Failed to set update_identifier");
1755 if (set_cred_quoted(ctx->ifname, id, "provisioning_sp", fqdn) <
1756 0)
1757 wpa_printf(MSG_INFO, "Failed to set provisioning_sp");
1758 wpa_printf(MSG_INFO, "credential localname: '%s'", name);
1759 set_pps_credential(ctx, id, child, fqdn);
1760 ctx->pps_cred_set = 1;
1761 }
1762
1763 xml_node_get_text_free(ctx->xml, update_identifier);
1764}
1765
1766
1767void cmd_set_pps(struct hs20_osu_client *ctx, const char *pps_fname)
1768{
1769 xml_node_t *pps;
1770 const char *fqdn;
1771 char *fqdn_buf = NULL, *pos;
1772
1773 pps = node_from_file(ctx->xml, pps_fname);
1774 if (pps == NULL) {
1775 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
1776 return;
1777 }
1778
1779 fqdn = os_strstr(pps_fname, "SP/");
1780 if (fqdn) {
1781 fqdn_buf = os_strdup(fqdn + 3);
1782 if (fqdn_buf == NULL)
1783 return;
1784 pos = os_strchr(fqdn_buf, '/');
1785 if (pos)
1786 *pos = '\0';
1787 fqdn = fqdn_buf;
1788 } else
1789 fqdn = "wi-fi.org";
1790
1791 wpa_printf(MSG_INFO, "Set PPS MO info to wpa_supplicant - SP FQDN %s",
1792 fqdn);
1793 set_pps(ctx, pps, fqdn);
1794
1795 os_free(fqdn_buf);
1796 xml_node_free(ctx->xml, pps);
1797}
1798
1799
1800static int cmd_get_fqdn(struct hs20_osu_client *ctx, const char *pps_fname)
1801{
1802 xml_node_t *pps, *node;
1803 char *fqdn = NULL;
1804
1805 pps = node_from_file(ctx->xml, pps_fname);
1806 if (pps == NULL) {
1807 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
1808 return -1;
1809 }
1810
1811 node = get_child_node(ctx->xml, pps, "HomeSP/FQDN");
1812 if (node)
1813 fqdn = xml_node_get_text(ctx->xml, node);
1814
1815 xml_node_free(ctx->xml, pps);
1816
1817 if (fqdn) {
1818 FILE *f = fopen("pps-fqdn", "w");
1819 if (f) {
1820 fprintf(f, "%s", fqdn);
1821 fclose(f);
1822 }
1823 xml_node_get_text_free(ctx->xml, fqdn);
1824 return 0;
1825 }
1826
1827 xml_node_get_text_free(ctx->xml, fqdn);
1828 return -1;
1829}
1830
1831
1832static void cmd_to_tnds(struct hs20_osu_client *ctx, const char *in_fname,
1833 const char *out_fname, const char *urn, int use_path)
1834{
1835 xml_node_t *mo, *node;
1836
1837 mo = node_from_file(ctx->xml, in_fname);
1838 if (mo == NULL) {
1839 wpa_printf(MSG_INFO, "Could not read or parse '%s'", in_fname);
1840 return;
1841 }
1842
1843 node = mo_to_tnds(ctx->xml, mo, use_path, urn, NULL);
1844 if (node) {
1845 node_to_file(ctx->xml, out_fname, node);
1846 xml_node_free(ctx->xml, node);
1847 }
1848
1849 xml_node_free(ctx->xml, mo);
1850}
1851
1852
1853static void cmd_from_tnds(struct hs20_osu_client *ctx, const char *in_fname,
1854 const char *out_fname)
1855{
1856 xml_node_t *tnds, *mo;
1857
1858 tnds = node_from_file(ctx->xml, in_fname);
1859 if (tnds == NULL) {
1860 wpa_printf(MSG_INFO, "Could not read or parse '%s'", in_fname);
1861 return;
1862 }
1863
1864 mo = tnds_to_mo(ctx->xml, tnds);
1865 if (mo) {
1866 node_to_file(ctx->xml, out_fname, mo);
1867 xml_node_free(ctx->xml, mo);
1868 }
1869
1870 xml_node_free(ctx->xml, tnds);
1871}
1872
1873
1874struct osu_icon {
1875 int id;
1876 char lang[4];
1877 char mime_type[256];
1878 char filename[256];
1879};
1880
1881struct osu_data {
1882 char bssid[20];
1883 char url[256];
1884 unsigned int methods;
1885 char osu_ssid[33];
1886 char osu_nai[256];
1887 struct osu_lang_text friendly_name[MAX_OSU_VALS];
1888 size_t friendly_name_count;
1889 struct osu_lang_text serv_desc[MAX_OSU_VALS];
1890 size_t serv_desc_count;
1891 struct osu_icon icon[MAX_OSU_VALS];
1892 size_t icon_count;
1893};
1894
1895
1896static struct osu_data * parse_osu_providers(const char *fname, size_t *count)
1897{
1898 FILE *f;
1899 char buf[1000];
1900 struct osu_data *osu = NULL, *last = NULL;
1901 size_t osu_count = 0;
1902 char *pos, *end;
1903
1904 f = fopen(fname, "r");
1905 if (f == NULL) {
1906 wpa_printf(MSG_ERROR, "Could not open %s", fname);
1907 return NULL;
1908 }
1909
1910 while (fgets(buf, sizeof(buf), f)) {
1911 pos = strchr(buf, '\n');
1912 if (pos)
1913 *pos = '\0';
1914
1915 if (strncmp(buf, "OSU-PROVIDER ", 13) == 0) {
1916 last = realloc(osu, (osu_count + 1) * sizeof(*osu));
1917 if (last == NULL)
1918 break;
1919 osu = last;
1920 last = &osu[osu_count++];
1921 memset(last, 0, sizeof(*last));
1922 snprintf(last->bssid, sizeof(last->bssid), "%s",
1923 buf + 13);
1924 continue;
1925 }
1926 if (!last)
1927 continue;
1928
1929 if (strncmp(buf, "uri=", 4) == 0) {
1930 snprintf(last->url, sizeof(last->url), "%s", buf + 4);
1931 continue;
1932 }
1933
1934 if (strncmp(buf, "methods=", 8) == 0) {
1935 last->methods = strtol(buf + 8, NULL, 16);
1936 continue;
1937 }
1938
1939 if (strncmp(buf, "osu_ssid=", 9) == 0) {
1940 snprintf(last->osu_ssid, sizeof(last->osu_ssid),
1941 "%s", buf + 9);
1942 continue;
1943 }
1944
1945 if (os_strncmp(buf, "osu_nai=", 8) == 0) {
1946 os_snprintf(last->osu_nai, sizeof(last->osu_nai),
1947 "%s", buf + 8);
1948 continue;
1949 }
1950
1951 if (strncmp(buf, "friendly_name=", 14) == 0) {
1952 struct osu_lang_text *txt;
1953 if (last->friendly_name_count == MAX_OSU_VALS)
1954 continue;
1955 pos = strchr(buf + 14, ':');
1956 if (pos == NULL)
1957 continue;
1958 *pos++ = '\0';
1959 txt = &last->friendly_name[last->friendly_name_count++];
1960 snprintf(txt->lang, sizeof(txt->lang), "%s", buf + 14);
1961 snprintf(txt->text, sizeof(txt->text), "%s", pos);
1962 }
1963
1964 if (strncmp(buf, "desc=", 5) == 0) {
1965 struct osu_lang_text *txt;
1966 if (last->serv_desc_count == MAX_OSU_VALS)
1967 continue;
1968 pos = strchr(buf + 5, ':');
1969 if (pos == NULL)
1970 continue;
1971 *pos++ = '\0';
1972 txt = &last->serv_desc[last->serv_desc_count++];
1973 snprintf(txt->lang, sizeof(txt->lang), "%s", buf + 5);
1974 snprintf(txt->text, sizeof(txt->text), "%s", pos);
1975 }
1976
1977 if (strncmp(buf, "icon=", 5) == 0) {
1978 struct osu_icon *icon;
1979 if (last->icon_count == MAX_OSU_VALS)
1980 continue;
1981 icon = &last->icon[last->icon_count++];
1982 icon->id = atoi(buf + 5);
1983 pos = strchr(buf, ':');
1984 if (pos == NULL)
1985 continue;
1986 pos = strchr(pos + 1, ':');
1987 if (pos == NULL)
1988 continue;
1989 pos = strchr(pos + 1, ':');
1990 if (pos == NULL)
1991 continue;
1992 pos++;
1993 end = strchr(pos, ':');
1994 if (!end)
1995 continue;
1996 *end = '\0';
1997 snprintf(icon->lang, sizeof(icon->lang), "%s", pos);
1998 pos = end + 1;
1999
2000 end = strchr(pos, ':');
2001 if (end)
2002 *end = '\0';
2003 snprintf(icon->mime_type, sizeof(icon->mime_type),
2004 "%s", pos);
2005 if (!pos)
2006 continue;
2007 pos = end + 1;
2008
2009 end = strchr(pos, ':');
2010 if (end)
2011 *end = '\0';
2012 snprintf(icon->filename, sizeof(icon->filename),
2013 "%s", pos);
2014 continue;
2015 }
2016 }
2017
2018 fclose(f);
2019
2020 *count = osu_count;
2021 return osu;
2022}
2023
2024
2025static int osu_connect(struct hs20_osu_client *ctx, const char *bssid,
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2026 const char *ssid, const char *url,
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2027 unsigned int methods, int no_prod_assoc,
2028 const char *osu_nai)
2029{
2030 int id;
2031 const char *ifname = ctx->ifname;
2032 char buf[200];
2033 struct wpa_ctrl *mon;
2034 int res;
2035
2036 id = add_network(ifname);
2037 if (id < 0)
2038 return -1;
2039 if (set_network_quoted(ifname, id, "ssid", ssid) < 0)
2040 return -1;
2041 if (osu_nai && os_strlen(osu_nai) > 0) {
2042 char dir[255], fname[300];
2043 if (getcwd(dir, sizeof(dir)) == NULL)
2044 return -1;
2045 os_snprintf(fname, sizeof(fname), "%s/osu-ca.pem", dir);
2046
2047 if (set_network(ifname, id, "proto", "OSEN") < 0 ||
2048 set_network(ifname, id, "key_mgmt", "OSEN") < 0 ||
2049 set_network(ifname, id, "pairwise", "CCMP") < 0 ||
2050 set_network(ifname, id, "group", "GTK_NOT_USED") < 0 ||
2051 set_network(ifname, id, "eap", "WFA-UNAUTH-TLS") < 0 ||
2052 set_network(ifname, id, "ocsp", "2") < 0 ||
2053 set_network_quoted(ifname, id, "identity", osu_nai) < 0 ||
2054 set_network_quoted(ifname, id, "ca_cert", fname) < 0)
2055 return -1;
2056 } else {
2057 if (set_network(ifname, id, "key_mgmt", "NONE") < 0)
2058 return -1;
2059 }
2060
2061 mon = open_wpa_mon(ifname);
2062 if (mon == NULL)
2063 return -1;
2064
2065 wpa_printf(MSG_INFO, "Associate with OSU SSID");
2066 write_summary(ctx, "Associate with OSU SSID");
2067 snprintf(buf, sizeof(buf), "SELECT_NETWORK %d", id);
2068 if (wpa_command(ifname, buf) < 0)
2069 return -1;
2070
2071 res = get_wpa_cli_event(mon, "CTRL-EVENT-CONNECTED",
2072 buf, sizeof(buf));
2073
2074 wpa_ctrl_detach(mon);
2075 wpa_ctrl_close(mon);
2076
2077 if (res < 0) {
2078 wpa_printf(MSG_INFO, "Could not connect");
2079 write_summary(ctx, "Could not connect to OSU network");
2080 wpa_printf(MSG_INFO, "Remove OSU network connection");
2081 snprintf(buf, sizeof(buf), "REMOVE_NETWORK %d", id);
2082 wpa_command(ifname, buf);
2083 return -1;
2084 }
2085
2086 write_summary(ctx, "Waiting for IP address for subscription registration");
2087 if (wait_ip_addr(ifname, 15) < 0) {
2088 wpa_printf(MSG_INFO, "Could not get IP address for WLAN - try connection anyway");
2089 }
2090
2091 if (no_prod_assoc) {
2092 if (res < 0)
2093 return -1;
2094 wpa_printf(MSG_INFO, "No production connection used for testing purposes");
2095 write_summary(ctx, "No production connection used for testing purposes");
2096 return 0;
2097 }
2098
2099 ctx->no_reconnect = 1;
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame^]2100 if (methods & 0x02) {
2101 wpa_printf(MSG_DEBUG, "Calling cmd_prov from osu_connect");
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2102 res = cmd_prov(ctx, url);
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame^]2103 } else if (methods & 0x01) {
2104 wpa_printf(MSG_DEBUG,
2105 "Calling cmd_oma_dm_prov from osu_connect");
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2106 res = cmd_oma_dm_prov(ctx, url);
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame^]2107 }
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2108
2109 wpa_printf(MSG_INFO, "Remove OSU network connection");
2110 write_summary(ctx, "Remove OSU network connection");
2111 snprintf(buf, sizeof(buf), "REMOVE_NETWORK %d", id);
2112 wpa_command(ifname, buf);
2113
2114 if (res < 0)
2115 return -1;
2116
2117 wpa_printf(MSG_INFO, "Requesting reconnection with updated configuration");
2118 write_summary(ctx, "Requesting reconnection with updated configuration");
2119 if (wpa_command(ctx->ifname, "INTERWORKING_SELECT auto") < 0) {
2120 wpa_printf(MSG_INFO, "Failed to request wpa_supplicant to reconnect");
2121 write_summary(ctx, "Failed to request wpa_supplicant to reconnect");
2122 return -1;
2123 }
2124
2125 return 0;
2126}
2127
2128
2129static int cmd_osu_select(struct hs20_osu_client *ctx, const char *dir,
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2130 int connect, int no_prod_assoc,
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2131 const char *friendly_name)
2132{
2133 char fname[255];
2134 FILE *f;
2135 struct osu_data *osu = NULL, *last = NULL;
2136 size_t osu_count, i, j;
2137 int ret;
2138
2139 write_summary(ctx, "OSU provider selection");
2140
2141 if (dir == NULL) {
2142 wpa_printf(MSG_INFO, "Missing dir parameter to osu_select");
2143 return -1;
2144 }
2145
2146 snprintf(fname, sizeof(fname), "%s/osu-providers.txt", dir);
2147 osu = parse_osu_providers(fname, &osu_count);
2148 if (osu == NULL) {
Dmitry Shmidt912c6ec2015-03-30 13:16:51 -0700[diff] [blame]2149 wpa_printf(MSG_INFO, "Could not find any OSU providers from %s",
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2150 fname);
2151 write_result(ctx, "No OSU providers available");
2152 return -1;
2153 }
2154
2155 if (friendly_name) {
2156 for (i = 0; i < osu_count; i++) {
2157 last = &osu[i];
2158 for (j = 0; j < last->friendly_name_count; j++) {
2159 if (os_strcmp(last->friendly_name[j].text,
2160 friendly_name) == 0)
2161 break;
2162 }
2163 if (j < last->friendly_name_count)
2164 break;
2165 }
2166 if (i == osu_count) {
2167 wpa_printf(MSG_INFO, "Requested operator friendly name '%s' not found in the list of available providers",
2168 friendly_name);
2169 write_summary(ctx, "Requested operator friendly name '%s' not found in the list of available providers",
2170 friendly_name);
2171 free(osu);
2172 return -1;
2173 }
2174
2175 wpa_printf(MSG_INFO, "OSU Provider selected based on requested operator friendly name '%s'",
2176 friendly_name);
2177 write_summary(ctx, "OSU Provider selected based on requested operator friendly name '%s'",
2178 friendly_name);
2179 ret = i + 1;
2180 goto selected;
2181 }
2182
2183 snprintf(fname, sizeof(fname), "%s/osu-providers.html", dir);
2184 f = fopen(fname, "w");
2185 if (f == NULL) {
2186 wpa_printf(MSG_INFO, "Could not open %s", fname);
2187 free(osu);
2188 return -1;
2189 }
2190
2191 fprintf(f, "<html><head>"
2192 "<meta http-equiv=\"Content-type\" content=\"text/html; "
2193 "charset=utf-8\"<title>Select service operator</title>"
2194 "</head><body><h1>Select service operator</h1>\n");
2195
2196 if (osu_count == 0)
2197 fprintf(f, "No online signup available\n");
2198
2199 for (i = 0; i < osu_count; i++) {
2200 last = &osu[i];
2201#ifdef ANDROID
2202 fprintf(f, "<p>\n"
2203 "<a href=\"http://localhost:12345/osu/%d\">"
2204 "<table><tr><td>", (int) i + 1);
2205#else /* ANDROID */
2206 fprintf(f, "<p>\n"
2207 "<a href=\"osu://%d\">"
2208 "<table><tr><td>", (int) i + 1);
2209#endif /* ANDROID */
2210 for (j = 0; j < last->icon_count; j++) {
2211 fprintf(f, "<img src=\"osu-icon-%d.%s\">\n",
2212 last->icon[j].id,
2213 strcasecmp(last->icon[j].mime_type,
2214 "image/png") == 0 ? "png" : "icon");
2215 }
2216 fprintf(f, "<td>");
2217 for (j = 0; j < last->friendly_name_count; j++) {
2218 fprintf(f, "<small>[%s]</small> %s<br>\n",
2219 last->friendly_name[j].lang,
2220 last->friendly_name[j].text);
2221 }
2222 fprintf(f, "<tr><td colspan=2>");
2223 for (j = 0; j < last->serv_desc_count; j++) {
2224 fprintf(f, "<small>[%s]</small> %s<br>\n",
2225 last->serv_desc[j].lang,
2226 last->serv_desc[j].text);
2227 }
2228 fprintf(f, "</table></a><br><small>BSSID: %s<br>\n"
2229 "SSID: %s<br>\n",
2230 last->bssid, last->osu_ssid);
2231 if (last->osu_nai)
2232 fprintf(f, "NAI: %s<br>\n", last->osu_nai);
2233 fprintf(f, "URL: %s<br>\n"
2234 "methods:%s%s<br>\n"
2235 "</small></p>\n",
2236 last->url,
2237 last->methods & 0x01 ? " OMA-DM" : "",
2238 last->methods & 0x02 ? " SOAP-XML-SPP" : "");
2239 }
2240
2241 fprintf(f, "</body></html>\n");
2242
2243 fclose(f);
2244
2245 snprintf(fname, sizeof(fname), "file://%s/osu-providers.html", dir);
2246 write_summary(ctx, "Start web browser with OSU provider selection page");
2247 ret = hs20_web_browser(fname);
2248
2249selected:
2250 if (ret > 0 && (size_t) ret <= osu_count) {
2251 char *data;
2252 size_t data_len;
2253
2254 wpa_printf(MSG_INFO, "Selected OSU id=%d", ret);
2255 last = &osu[ret - 1];
2256 ret = 0;
2257 wpa_printf(MSG_INFO, "BSSID: %s", last->bssid);
2258 wpa_printf(MSG_INFO, "SSID: %s", last->osu_ssid);
2259 wpa_printf(MSG_INFO, "URL: %s", last->url);
2260 write_summary(ctx, "Selected OSU provider id=%d BSSID=%s SSID=%s URL=%s",
2261 ret, last->bssid, last->osu_ssid, last->url);
2262
2263 ctx->friendly_name_count = last->friendly_name_count;
2264 for (j = 0; j < last->friendly_name_count; j++) {
2265 wpa_printf(MSG_INFO, "FRIENDLY_NAME: [%s]%s",
2266 last->friendly_name[j].lang,
2267 last->friendly_name[j].text);
2268 os_strlcpy(ctx->friendly_name[j].lang,
2269 last->friendly_name[j].lang,
2270 sizeof(ctx->friendly_name[j].lang));
2271 os_strlcpy(ctx->friendly_name[j].text,
2272 last->friendly_name[j].text,
2273 sizeof(ctx->friendly_name[j].text));
2274 }
2275
2276 ctx->icon_count = last->icon_count;
2277 for (j = 0; j < last->icon_count; j++) {
2278 char fname[256];
2279
2280 os_snprintf(fname, sizeof(fname), "%s/osu-icon-%d.%s",
2281 dir, last->icon[j].id,
2282 strcasecmp(last->icon[j].mime_type,
2283 "image/png") == 0 ?
2284 "png" : "icon");
2285 wpa_printf(MSG_INFO, "ICON: %s (%s)",
2286 fname, last->icon[j].filename);
2287 os_strlcpy(ctx->icon_filename[j],
2288 last->icon[j].filename,
2289 sizeof(ctx->icon_filename[j]));
2290
2291 data = os_readfile(fname, &data_len);
2292 if (data) {
2293 sha256_vector(1, (const u8 **) &data, &data_len,
2294 ctx->icon_hash[j]);
2295 os_free(data);
2296 }
2297 }
2298
2299 if (connect == 2) {
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame^]2300 if (last->methods & 0x02) {
2301 wpa_printf(MSG_DEBUG,
2302 "Calling cmd_prov from cmd_osu_select");
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2303 ret = cmd_prov(ctx, last->url);
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame^]2304 } else if (last->methods & 0x01) {
2305 wpa_printf(MSG_DEBUG,
2306 "Calling cmd_oma_dm_prov from cmd_osu_select");
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2307 ret = cmd_oma_dm_prov(ctx, last->url);
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame^]2308 } else {
2309 wpa_printf(MSG_DEBUG,
2310 "No supported OSU provisioning method");
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2311 ret = -1;
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame^]2312 }
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2313 } else if (connect)
2314 ret = osu_connect(ctx, last->bssid, last->osu_ssid,
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2315 last->url, last->methods,
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2316 no_prod_assoc, last->osu_nai);
2317 } else
2318 ret = -1;
2319
2320 free(osu);
2321
2322 return ret;
2323}
2324
2325
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2326static int cmd_signup(struct hs20_osu_client *ctx, int no_prod_assoc,
2327 const char *friendly_name)
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2328{
2329 char dir[255];
2330 char fname[300], buf[400];
2331 struct wpa_ctrl *mon;
2332 const char *ifname;
2333 int res;
2334
2335 ifname = ctx->ifname;
2336
2337 if (getcwd(dir, sizeof(dir)) == NULL)
2338 return -1;
2339
2340 snprintf(fname, sizeof(fname), "%s/osu-info", dir);
2341 if (mkdir(fname, S_IRWXU | S_IRWXG) < 0 && errno != EEXIST) {
2342 wpa_printf(MSG_INFO, "mkdir(%s) failed: %s",
2343 fname, strerror(errno));
2344 return -1;
2345 }
2346
2347 snprintf(buf, sizeof(buf), "SET osu_dir %s", fname);
2348 if (wpa_command(ifname, buf) < 0) {
2349 wpa_printf(MSG_INFO, "Failed to configure osu_dir to wpa_supplicant");
2350 return -1;
2351 }
2352
2353 mon = open_wpa_mon(ifname);
2354 if (mon == NULL)
2355 return -1;
2356
2357 wpa_printf(MSG_INFO, "Starting OSU fetch");
2358 write_summary(ctx, "Starting OSU provider information fetch");
2359 if (wpa_command(ifname, "FETCH_OSU") < 0) {
2360 wpa_printf(MSG_INFO, "Could not start OSU fetch");
2361 wpa_ctrl_detach(mon);
2362 wpa_ctrl_close(mon);
2363 return -1;
2364 }
2365 res = get_wpa_cli_event(mon, "OSU provider fetch completed",
2366 buf, sizeof(buf));
2367
2368 wpa_ctrl_detach(mon);
2369 wpa_ctrl_close(mon);
2370
2371 if (res < 0) {
2372 wpa_printf(MSG_INFO, "OSU fetch did not complete");
2373 write_summary(ctx, "OSU fetch did not complete");
2374 return -1;
2375 }
2376 wpa_printf(MSG_INFO, "OSU provider fetch completed");
2377
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2378 return cmd_osu_select(ctx, fname, 1, no_prod_assoc, friendly_name);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2379}
2380
2381
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2382static int cmd_sub_rem(struct hs20_osu_client *ctx, const char *address,
2383 const char *pps_fname, const char *ca_fname)
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2384{
2385 xml_node_t *pps, *node;
2386 char pps_fname_buf[300];
2387 char ca_fname_buf[200];
2388 char *cred_username = NULL;
2389 char *cred_password = NULL;
2390 char *sub_rem_uri = NULL;
2391 char client_cert_buf[200];
2392 char *client_cert = NULL;
2393 char client_key_buf[200];
2394 char *client_key = NULL;
2395 int spp;
2396
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2397 wpa_printf(MSG_INFO, "Subscription remediation requested with Server URL: %s",
2398 address);
2399
2400 if (!pps_fname) {
2401 char buf[256];
2402 wpa_printf(MSG_INFO, "Determining PPS file based on Home SP information");
2403 if (os_strncmp(address, "fqdn=", 5) == 0) {
2404 wpa_printf(MSG_INFO, "Use requested FQDN from command line");
2405 os_snprintf(buf, sizeof(buf), "%s", address + 5);
2406 address = NULL;
2407 } else if (get_wpa_status(ctx->ifname, "provisioning_sp", buf,
2408 sizeof(buf)) < 0) {
2409 wpa_printf(MSG_INFO, "Could not get provisioning Home SP FQDN from wpa_supplicant");
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2410 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2411 }
2412 os_free(ctx->fqdn);
2413 ctx->fqdn = os_strdup(buf);
2414 if (ctx->fqdn == NULL)
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2415 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2416 wpa_printf(MSG_INFO, "Home SP FQDN for current credential: %s",
2417 buf);
2418 os_snprintf(pps_fname_buf, sizeof(pps_fname_buf),
2419 "SP/%s/pps.xml", ctx->fqdn);
2420 pps_fname = pps_fname_buf;
2421
2422 os_snprintf(ca_fname_buf, sizeof(ca_fname_buf), "SP/%s/ca.pem",
2423 ctx->fqdn);
2424 ca_fname = ca_fname_buf;
2425 }
2426
2427 if (!os_file_exists(pps_fname)) {
2428 wpa_printf(MSG_INFO, "PPS file '%s' does not exist or is not accessible",
2429 pps_fname);
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2430 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2431 }
2432 wpa_printf(MSG_INFO, "Using PPS file: %s", pps_fname);
2433
2434 if (ca_fname && !os_file_exists(ca_fname)) {
2435 wpa_printf(MSG_INFO, "CA file '%s' does not exist or is not accessible",
2436 ca_fname);
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2437 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2438 }
2439 wpa_printf(MSG_INFO, "Using server trust root: %s", ca_fname);
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2440 ctx->ca_fname = ca_fname;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2441
2442 pps = node_from_file(ctx->xml, pps_fname);
2443 if (pps == NULL) {
2444 wpa_printf(MSG_INFO, "Could not read PPS MO");
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2445 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2446 }
2447
2448 if (!ctx->fqdn) {
2449 char *tmp;
2450 node = get_child_node(ctx->xml, pps, "HomeSP/FQDN");
2451 if (node == NULL) {
2452 wpa_printf(MSG_INFO, "No HomeSP/FQDN found from PPS");
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2453 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2454 }
2455 tmp = xml_node_get_text(ctx->xml, node);
2456 if (tmp == NULL) {
2457 wpa_printf(MSG_INFO, "No HomeSP/FQDN text found from PPS");
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2458 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2459 }
2460 ctx->fqdn = os_strdup(tmp);
2461 xml_node_get_text_free(ctx->xml, tmp);
2462 if (!ctx->fqdn) {
2463 wpa_printf(MSG_INFO, "No FQDN known");
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2464 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2465 }
2466 }
2467
2468 node = get_child_node(ctx->xml, pps,
2469 "SubscriptionUpdate/UpdateMethod");
2470 if (node) {
2471 char *tmp;
2472 tmp = xml_node_get_text(ctx->xml, node);
2473 if (tmp && os_strcasecmp(tmp, "OMA-DM-ClientInitiated") == 0)
2474 spp = 0;
2475 else
2476 spp = 1;
2477 } else {
2478 wpa_printf(MSG_INFO, "No UpdateMethod specified - assume SPP");
2479 spp = 1;
2480 }
2481
2482 get_user_pw(ctx, pps, "SubscriptionUpdate/UsernamePassword",
2483 &cred_username, &cred_password);
2484 if (cred_username)
2485 wpa_printf(MSG_INFO, "Using username: %s", cred_username);
2486 if (cred_password)
2487 wpa_printf(MSG_DEBUG, "Using password: %s", cred_password);
2488
2489 if (cred_username == NULL && cred_password == NULL &&
2490 get_child_node(ctx->xml, pps, "Credential/DigitalCertificate")) {
2491 wpa_printf(MSG_INFO, "Using client certificate");
2492 os_snprintf(client_cert_buf, sizeof(client_cert_buf),
2493 "SP/%s/client-cert.pem", ctx->fqdn);
2494 client_cert = client_cert_buf;
2495 os_snprintf(client_key_buf, sizeof(client_key_buf),
2496 "SP/%s/client-key.pem", ctx->fqdn);
2497 client_key = client_key_buf;
2498 ctx->client_cert_present = 1;
2499 }
2500
2501 node = get_child_node(ctx->xml, pps, "SubscriptionUpdate/URI");
2502 if (node) {
2503 sub_rem_uri = xml_node_get_text(ctx->xml, node);
2504 if (sub_rem_uri &&
2505 (!address || os_strcmp(address, sub_rem_uri) != 0)) {
2506 wpa_printf(MSG_INFO, "Override sub rem URI based on PPS: %s",
2507 sub_rem_uri);
2508 address = sub_rem_uri;
2509 }
2510 }
2511 if (!address) {
2512 wpa_printf(MSG_INFO, "Server URL not known");
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2513 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2514 }
2515
2516 write_summary(ctx, "Wait for IP address for subscriptiom remediation");
2517 wpa_printf(MSG_INFO, "Wait for IP address before starting subscription remediation");
2518
2519 if (wait_ip_addr(ctx->ifname, 15) < 0) {
2520 wpa_printf(MSG_INFO, "Could not get IP address for WLAN - try connection anyway");
2521 }
2522
2523 if (spp)
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2524 spp_sub_rem(ctx, address, pps_fname,
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2525 client_cert, client_key,
2526 cred_username, cred_password, pps);
2527 else
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2528 oma_dm_sub_rem(ctx, address, pps_fname,
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2529 client_cert, client_key,
2530 cred_username, cred_password, pps);
2531
2532 xml_node_get_text_free(ctx->xml, sub_rem_uri);
2533 xml_node_get_text_free(ctx->xml, cred_username);
Dmitry Shmidtc2817022014-07-02 10:32:10 -0700[diff] [blame]2534 str_clear_free(cred_password);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2535 xml_node_free(ctx->xml, pps);
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2536 return 0;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2537}
2538
2539
2540static int cmd_pol_upd(struct hs20_osu_client *ctx, const char *address,
2541 const char *pps_fname, const char *ca_fname)
2542{
2543 xml_node_t *pps;
2544 xml_node_t *node;
2545 char pps_fname_buf[300];
2546 char ca_fname_buf[200];
2547 char *uri = NULL;
2548 char *cred_username = NULL;
2549 char *cred_password = NULL;
2550 char client_cert_buf[200];
2551 char *client_cert = NULL;
2552 char client_key_buf[200];
2553 char *client_key = NULL;
2554 int spp;
2555
2556 wpa_printf(MSG_INFO, "Policy update requested");
2557
2558 if (!pps_fname) {
2559 char buf[256];
2560 wpa_printf(MSG_INFO, "Determining PPS file based on Home SP information");
2561 if (os_strncmp(address, "fqdn=", 5) == 0) {
2562 wpa_printf(MSG_INFO, "Use requested FQDN from command line");
2563 os_snprintf(buf, sizeof(buf), "%s", address + 5);
2564 address = NULL;
2565 } else if (get_wpa_status(ctx->ifname, "provisioning_sp", buf,
2566 sizeof(buf)) < 0) {
2567 wpa_printf(MSG_INFO, "Could not get provisioning Home SP FQDN from wpa_supplicant");
2568 return -1;
2569 }
2570 os_free(ctx->fqdn);
2571 ctx->fqdn = os_strdup(buf);
2572 if (ctx->fqdn == NULL)
2573 return -1;
2574 wpa_printf(MSG_INFO, "Home SP FQDN for current credential: %s",
2575 buf);
2576 os_snprintf(pps_fname_buf, sizeof(pps_fname_buf),
2577 "SP/%s/pps.xml", ctx->fqdn);
2578 pps_fname = pps_fname_buf;
2579
2580 os_snprintf(ca_fname_buf, sizeof(ca_fname_buf), "SP/%s/ca.pem",
2581 buf);
2582 ca_fname = ca_fname_buf;
2583 }
2584
2585 if (!os_file_exists(pps_fname)) {
2586 wpa_printf(MSG_INFO, "PPS file '%s' does not exist or is not accessible",
2587 pps_fname);
2588 return -1;
2589 }
2590 wpa_printf(MSG_INFO, "Using PPS file: %s", pps_fname);
2591
2592 if (ca_fname && !os_file_exists(ca_fname)) {
2593 wpa_printf(MSG_INFO, "CA file '%s' does not exist or is not accessible",
2594 ca_fname);
2595 return -1;
2596 }
2597 wpa_printf(MSG_INFO, "Using server trust root: %s", ca_fname);
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2598 ctx->ca_fname = ca_fname;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2599
2600 pps = node_from_file(ctx->xml, pps_fname);
2601 if (pps == NULL) {
2602 wpa_printf(MSG_INFO, "Could not read PPS MO");
2603 return -1;
2604 }
2605
2606 if (!ctx->fqdn) {
2607 char *tmp;
2608 node = get_child_node(ctx->xml, pps, "HomeSP/FQDN");
2609 if (node == NULL) {
2610 wpa_printf(MSG_INFO, "No HomeSP/FQDN found from PPS");
2611 return -1;
2612 }
2613 tmp = xml_node_get_text(ctx->xml, node);
2614 if (tmp == NULL) {
2615 wpa_printf(MSG_INFO, "No HomeSP/FQDN text found from PPS");
2616 return -1;
2617 }
2618 ctx->fqdn = os_strdup(tmp);
2619 xml_node_get_text_free(ctx->xml, tmp);
2620 if (!ctx->fqdn) {
2621 wpa_printf(MSG_INFO, "No FQDN known");
2622 return -1;
2623 }
2624 }
2625
2626 node = get_child_node(ctx->xml, pps,
2627 "Policy/PolicyUpdate/UpdateMethod");
2628 if (node) {
2629 char *tmp;
2630 tmp = xml_node_get_text(ctx->xml, node);
2631 if (tmp && os_strcasecmp(tmp, "OMA-DM-ClientInitiated") == 0)
2632 spp = 0;
2633 else
2634 spp = 1;
2635 } else {
2636 wpa_printf(MSG_INFO, "No UpdateMethod specified - assume SPP");
2637 spp = 1;
2638 }
2639
2640 get_user_pw(ctx, pps, "Policy/PolicyUpdate/UsernamePassword",
2641 &cred_username, &cred_password);
2642 if (cred_username)
2643 wpa_printf(MSG_INFO, "Using username: %s", cred_username);
2644 if (cred_password)
2645 wpa_printf(MSG_DEBUG, "Using password: %s", cred_password);
2646
2647 if (cred_username == NULL && cred_password == NULL &&
2648 get_child_node(ctx->xml, pps, "Credential/DigitalCertificate")) {
2649 wpa_printf(MSG_INFO, "Using client certificate");
2650 os_snprintf(client_cert_buf, sizeof(client_cert_buf),
2651 "SP/%s/client-cert.pem", ctx->fqdn);
2652 client_cert = client_cert_buf;
2653 os_snprintf(client_key_buf, sizeof(client_key_buf),
2654 "SP/%s/client-key.pem", ctx->fqdn);
2655 client_key = client_key_buf;
2656 }
2657
2658 if (!address) {
2659 node = get_child_node(ctx->xml, pps, "Policy/PolicyUpdate/URI");
2660 if (node) {
2661 uri = xml_node_get_text(ctx->xml, node);
2662 wpa_printf(MSG_INFO, "URI based on PPS: %s", uri);
2663 address = uri;
2664 }
2665 }
2666 if (!address) {
2667 wpa_printf(MSG_INFO, "Server URL not known");
2668 return -1;
2669 }
2670
2671 if (spp)
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2672 spp_pol_upd(ctx, address, pps_fname,
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2673 client_cert, client_key,
2674 cred_username, cred_password, pps);
2675 else
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2676 oma_dm_pol_upd(ctx, address, pps_fname,
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2677 client_cert, client_key,
2678 cred_username, cred_password, pps);
2679
2680 xml_node_get_text_free(ctx->xml, uri);
2681 xml_node_get_text_free(ctx->xml, cred_username);
Dmitry Shmidtc2817022014-07-02 10:32:10 -0700[diff] [blame]2682 str_clear_free(cred_password);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2683 xml_node_free(ctx->xml, pps);
2684
2685 return 0;
2686}
2687
2688
2689static char * get_hostname(const char *url)
2690{
2691 const char *pos, *end, *end2;
2692 char *ret;
2693
2694 if (url == NULL)
2695 return NULL;
2696
2697 pos = os_strchr(url, '/');
2698 if (pos == NULL)
2699 return NULL;
2700 pos++;
2701 if (*pos != '/')
2702 return NULL;
2703 pos++;
2704
2705 end = os_strchr(pos, '/');
2706 end2 = os_strchr(pos, ':');
2707 if (end && end2 && end2 < end)
2708 end = end2;
2709 if (end)
2710 end--;
2711 else {
2712 end = pos;
2713 while (*end)
2714 end++;
2715 if (end > pos)
2716 end--;
2717 }
2718
2719 ret = os_malloc(end - pos + 2);
2720 if (ret == NULL)
2721 return NULL;
2722
2723 os_memcpy(ret, pos, end - pos + 1);
2724 ret[end - pos + 1] = '\0';
2725
2726 return ret;
2727}
2728
2729
2730static int osu_cert_cb(void *_ctx, struct http_cert *cert)
2731{
2732 struct hs20_osu_client *ctx = _ctx;
2733 unsigned int i, j;
2734 int found;
2735 char *host = NULL;
2736
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2737 wpa_printf(MSG_INFO, "osu_cert_cb(osu_cert_validation=%d)",
2738 !ctx->no_osu_cert_validation);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2739
2740 host = get_hostname(ctx->server_url);
2741
2742 for (i = 0; i < ctx->server_dnsname_count; i++)
2743 os_free(ctx->server_dnsname[i]);
2744 os_free(ctx->server_dnsname);
2745 ctx->server_dnsname = os_calloc(cert->num_dnsname, sizeof(char *));
2746 ctx->server_dnsname_count = 0;
2747
2748 found = 0;
2749 for (i = 0; i < cert->num_dnsname; i++) {
2750 if (ctx->server_dnsname) {
2751 ctx->server_dnsname[ctx->server_dnsname_count] =
2752 os_strdup(cert->dnsname[i]);
2753 if (ctx->server_dnsname[ctx->server_dnsname_count])
2754 ctx->server_dnsname_count++;
2755 }
2756 if (host && os_strcasecmp(host, cert->dnsname[i]) == 0)
2757 found = 1;
2758 wpa_printf(MSG_INFO, "dNSName '%s'", cert->dnsname[i]);
2759 }
2760
2761 if (host && !found) {
2762 wpa_printf(MSG_INFO, "Server name from URL (%s) did not match any dNSName - abort connection",
2763 host);
2764 write_result(ctx, "Server name from URL (%s) did not match any dNSName - abort connection",
2765 host);
2766 os_free(host);
2767 return -1;
2768 }
2769
2770 os_free(host);
2771
2772 for (i = 0; i < cert->num_othername; i++) {
2773 if (os_strcmp(cert->othername[i].oid,
2774 "1.3.6.1.4.1.40808.1.1.1") == 0) {
2775 wpa_hexdump_ascii(MSG_INFO,
2776 "id-wfa-hotspot-friendlyName",
2777 cert->othername[i].data,
2778 cert->othername[i].len);
2779 }
2780 }
2781
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2782 for (j = 0; !ctx->no_osu_cert_validation &&
2783 j < ctx->friendly_name_count; j++) {
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2784 int found = 0;
2785 for (i = 0; i < cert->num_othername; i++) {
2786 if (os_strcmp(cert->othername[i].oid,
2787 "1.3.6.1.4.1.40808.1.1.1") != 0)
2788 continue;
2789 if (cert->othername[i].len < 3)
2790 continue;
2791 if (os_strncasecmp((char *) cert->othername[i].data,
2792 ctx->friendly_name[j].lang, 3) != 0)
2793 continue;
2794 if (os_strncmp((char *) cert->othername[i].data + 3,
2795 ctx->friendly_name[j].text,
2796 cert->othername[i].len - 3) == 0) {
2797 found = 1;
2798 break;
2799 }
2800 }
2801
2802 if (!found) {
2803 wpa_printf(MSG_INFO, "No friendly name match found for '[%s]%s'",
2804 ctx->friendly_name[j].lang,
2805 ctx->friendly_name[j].text);
2806 write_result(ctx, "No friendly name match found for '[%s]%s'",
2807 ctx->friendly_name[j].lang,
2808 ctx->friendly_name[j].text);
2809 return -1;
2810 }
2811 }
2812
2813 for (i = 0; i < cert->num_logo; i++) {
2814 struct http_logo *logo = &cert->logo[i];
2815
2816 wpa_printf(MSG_INFO, "logo hash alg %s uri '%s'",
2817 logo->alg_oid, logo->uri);
2818 wpa_hexdump_ascii(MSG_INFO, "hashValue",
2819 logo->hash, logo->hash_len);
2820 }
2821
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2822 for (j = 0; !ctx->no_osu_cert_validation && j < ctx->icon_count; j++) {
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2823 int found = 0;
2824 char *name = ctx->icon_filename[j];
2825 size_t name_len = os_strlen(name);
2826
Dmitry Shmidt912c6ec2015-03-30 13:16:51 -0700[diff] [blame]2827 wpa_printf(MSG_INFO,
2828 "[%i] Looking for icon file name '%s' match",
2829 j, name);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2830 for (i = 0; i < cert->num_logo; i++) {
2831 struct http_logo *logo = &cert->logo[i];
2832 size_t uri_len = os_strlen(logo->uri);
2833 char *pos;
2834
Dmitry Shmidt912c6ec2015-03-30 13:16:51 -0700[diff] [blame]2835 wpa_printf(MSG_INFO,
2836 "[%i] Comparing to '%s' uri_len=%d name_len=%d",
2837 i, logo->uri, (int) uri_len, (int) name_len);
2838 if (uri_len < 1 + name_len) {
2839 wpa_printf(MSG_INFO, "URI Length is too short");
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2840 continue;
Dmitry Shmidt912c6ec2015-03-30 13:16:51 -0700[diff] [blame]2841 }
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2842 pos = &logo->uri[uri_len - name_len - 1];
2843 if (*pos != '/')
2844 continue;
2845 pos++;
2846 if (os_strcmp(pos, name) == 0) {
2847 found = 1;
2848 break;
2849 }
2850 }
2851
2852 if (!found) {
2853 wpa_printf(MSG_INFO, "No icon filename match found for '%s'",
2854 name);
2855 write_result(ctx,
2856 "No icon filename match found for '%s'",
2857 name);
2858 return -1;
2859 }
2860 }
2861
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2862 for (j = 0; !ctx->no_osu_cert_validation && j < ctx->icon_count; j++) {
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2863 int found = 0;
2864
2865 for (i = 0; i < cert->num_logo; i++) {
2866 struct http_logo *logo = &cert->logo[i];
2867
Dmitry Shmidt912c6ec2015-03-30 13:16:51 -0700[diff] [blame]2868 if (logo->hash_len != 32) {
2869 wpa_printf(MSG_INFO,
2870 "[%i][%i] Icon hash length invalid (should be 32): %d",
2871 j, i, (int) logo->hash_len);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2872 continue;
Dmitry Shmidt912c6ec2015-03-30 13:16:51 -0700[diff] [blame]2873 }
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2874 if (os_memcmp(logo->hash, ctx->icon_hash[j], 32) == 0) {
2875 found = 1;
2876 break;
2877 }
Dmitry Shmidt912c6ec2015-03-30 13:16:51 -0700[diff] [blame]2878
2879 wpa_printf(MSG_DEBUG,
2880 "[%u][%u] Icon hash did not match", j, i);
2881 wpa_hexdump_ascii(MSG_DEBUG, "logo->hash",
2882 logo->hash, 32);
2883 wpa_hexdump_ascii(MSG_DEBUG, "ctx->icon_hash[j]",
2884 ctx->icon_hash[j], 32);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2885 }
2886
2887 if (!found) {
Dmitry Shmidt912c6ec2015-03-30 13:16:51 -0700[diff] [blame]2888 wpa_printf(MSG_INFO,
2889 "No icon hash match (by hash) found");
2890 write_result(ctx,
2891 "No icon hash match (by hash) found");
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2892 return -1;
2893 }
2894 }
2895
2896 return 0;
2897}
2898
2899
2900static int init_ctx(struct hs20_osu_client *ctx)
2901{
2902 xml_node_t *devinfo, *devid;
2903
2904 os_memset(ctx, 0, sizeof(*ctx));
2905 ctx->ifname = "wlan0";
2906 ctx->xml = xml_node_init_ctx(ctx, NULL);
2907 if (ctx->xml == NULL)
2908 return -1;
2909
2910 devinfo = node_from_file(ctx->xml, "devinfo.xml");
2911 if (!devinfo) {
2912 wpa_printf(MSG_ERROR, "devinfo.xml not found");
2913 return -1;
2914 }
2915
2916 devid = get_node(ctx->xml, devinfo, "DevId");
2917 if (devid) {
2918 char *tmp = xml_node_get_text(ctx->xml, devid);
2919 if (tmp) {
2920 ctx->devid = os_strdup(tmp);
2921 xml_node_get_text_free(ctx->xml, tmp);
2922 }
2923 }
2924 xml_node_free(ctx->xml, devinfo);
2925
2926 if (ctx->devid == NULL) {
2927 wpa_printf(MSG_ERROR, "Could not fetch DevId from devinfo.xml");
2928 return -1;
2929 }
2930
2931 ctx->http = http_init_ctx(ctx, ctx->xml);
2932 if (ctx->http == NULL) {
2933 xml_node_deinit_ctx(ctx->xml);
2934 return -1;
2935 }
2936 http_ocsp_set(ctx->http, 2);
2937 http_set_cert_cb(ctx->http, osu_cert_cb, ctx);
2938
2939 return 0;
2940}
2941
2942
2943static void deinit_ctx(struct hs20_osu_client *ctx)
2944{
2945 size_t i;
2946
2947 http_deinit_ctx(ctx->http);
2948 xml_node_deinit_ctx(ctx->xml);
2949 os_free(ctx->fqdn);
2950 os_free(ctx->server_url);
2951 os_free(ctx->devid);
2952
2953 for (i = 0; i < ctx->server_dnsname_count; i++)
2954 os_free(ctx->server_dnsname[i]);
2955 os_free(ctx->server_dnsname);
2956}
2957
2958
2959static void check_workarounds(struct hs20_osu_client *ctx)
2960{
2961 FILE *f;
2962 char buf[100];
2963 unsigned long int val = 0;
2964
2965 f = fopen("hs20-osu-client.workarounds", "r");
2966 if (f == NULL)
2967 return;
2968
2969 if (fgets(buf, sizeof(buf), f))
2970 val = strtoul(buf, NULL, 16);
2971
2972 fclose(f);
2973
2974 if (val) {
2975 wpa_printf(MSG_INFO, "Workarounds enabled: 0x%lx", val);
2976 ctx->workarounds = val;
2977 if (ctx->workarounds & WORKAROUND_OCSP_OPTIONAL)
2978 http_ocsp_set(ctx->http, 1);
2979 }
2980}
2981
2982
2983static void usage(void)
2984{
2985 printf("usage: hs20-osu-client [-dddqqKt] [-S<station ifname>] \\\n"
2986 " [-w<wpa_supplicant ctrl_iface dir>] "
2987 "[-r<result file>] [-f<debug file>] \\\n"
2988 " [-s<summary file>] \\\n"
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame^]2989 " [-x<spp.xsd file name>] \\\n"
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2990 " <command> [arguments..]\n"
2991 "commands:\n"
2992 "- to_tnds <XML MO> <XML MO in TNDS format> [URN]\n"
2993 "- to_tnds2 <XML MO> <XML MO in TNDS format (Path) "
2994 "[URN]>\n"
2995 "- from_tnds <XML MO in TNDS format> <XML MO>\n"
2996 "- set_pps <PerProviderSubscription XML file name>\n"
2997 "- get_fqdn <PerProviderSubscription XML file name>\n"
2998 "- pol_upd [Server URL] [PPS] [CA cert]\n"
2999 "- sub_rem <Server URL> [PPS] [CA cert]\n"
3000 "- prov <Server URL> [CA cert]\n"
3001 "- oma_dm_prov <Server URL> [CA cert]\n"
3002 "- sim_prov <Server URL> [CA cert]\n"
3003 "- oma_dm_sim_prov <Server URL> [CA cert]\n"
3004 "- signup [CA cert]\n"
3005 "- dl_osu_ca <PPS> <CA file>\n"
3006 "- dl_polupd_ca <PPS> <CA file>\n"
3007 "- dl_aaa_ca <PPS> <CA file>\n"
3008 "- browser <URL>\n"
3009 "- parse_cert <X.509 certificate (DER)>\n"
3010 "- osu_select <OSU info directory> [CA cert]\n");
3011}
3012
3013
3014int main(int argc, char *argv[])
3015{
3016 struct hs20_osu_client ctx;
3017 int c;
3018 int ret = 0;
3019 int no_prod_assoc = 0;
3020 const char *friendly_name = NULL;
3021 const char *wpa_debug_file_path = NULL;
3022 extern char *wpas_ctrl_path;
3023 extern int wpa_debug_level;
3024 extern int wpa_debug_show_keys;
3025 extern int wpa_debug_timestamp;
3026
3027 if (init_ctx(&ctx) < 0)
3028 return -1;
3029
3030 for (;;) {
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame^]3031 c = getopt(argc, argv, "df:hKNO:qr:s:S:tw:x:");
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3032 if (c < 0)
3033 break;
3034 switch (c) {
3035 case 'd':
3036 if (wpa_debug_level > 0)
3037 wpa_debug_level--;
3038 break;
3039 case 'f':
3040 wpa_debug_file_path = optarg;
3041 break;
3042 case 'K':
3043 wpa_debug_show_keys++;
3044 break;
3045 case 'N':
3046 no_prod_assoc = 1;
3047 break;
3048 case 'O':
3049 friendly_name = optarg;
3050 break;
3051 case 'q':
3052 wpa_debug_level++;
3053 break;
3054 case 'r':
3055 ctx.result_file = optarg;
3056 break;
3057 case 's':
3058 ctx.summary_file = optarg;
3059 break;
3060 case 'S':
3061 ctx.ifname = optarg;
3062 break;
3063 case 't':
3064 wpa_debug_timestamp++;
3065 break;
3066 case 'w':
3067 wpas_ctrl_path = optarg;
3068 break;
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame^]3069 case 'x':
3070 spp_xsd_fname = optarg;
3071 break;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3072 case 'h':
3073 default:
3074 usage();
3075 exit(0);
3076 break;
3077 }
3078 }
3079
3080 if (argc - optind < 1) {
3081 usage();
3082 exit(0);
3083 }
3084
3085 wpa_debug_open_file(wpa_debug_file_path);
3086
3087#ifdef __linux__
3088 setlinebuf(stdout);
3089#endif /* __linux__ */
3090
3091 if (ctx.result_file)
3092 unlink(ctx.result_file);
3093 wpa_printf(MSG_DEBUG, "===[hs20-osu-client START - command: %s ]======"
3094 "================", argv[optind]);
3095 check_workarounds(&ctx);
3096
3097 if (strcmp(argv[optind], "to_tnds") == 0) {
3098 if (argc - optind < 2) {
3099 usage();
3100 exit(0);
3101 }
3102 cmd_to_tnds(&ctx, argv[optind + 1], argv[optind + 2],
3103 argc > optind + 3 ? argv[optind + 3] : NULL,
3104 0);
3105 } else if (strcmp(argv[optind], "to_tnds2") == 0) {
3106 if (argc - optind < 2) {
3107 usage();
3108 exit(0);
3109 }
3110 cmd_to_tnds(&ctx, argv[optind + 1], argv[optind + 2],
3111 argc > optind + 3 ? argv[optind + 3] : NULL,
3112 1);
3113 } else if (strcmp(argv[optind], "from_tnds") == 0) {
3114 if (argc - optind < 2) {
3115 usage();
3116 exit(0);
3117 }
3118 cmd_from_tnds(&ctx, argv[optind + 1], argv[optind + 2]);
3119 } else if (strcmp(argv[optind], "sub_rem") == 0) {
3120 if (argc - optind < 2) {
3121 usage();
3122 exit(0);
3123 }
3124 if (argc - optind < 2)
3125 wpa_printf(MSG_ERROR, "Server URL missing from command line");
3126 else
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]3127 ret = cmd_sub_rem(&ctx, argv[optind + 1],
3128 argc > optind + 2 ?
3129 argv[optind + 2] : NULL,
3130 argc > optind + 3 ?
3131 argv[optind + 3] : NULL);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3132 } else if (strcmp(argv[optind], "pol_upd") == 0) {
3133 if (argc - optind < 2) {
3134 usage();
3135 exit(0);
3136 }
3137 ret = cmd_pol_upd(&ctx, argc > 2 ? argv[optind + 1] : NULL,
3138 argc > optind + 2 ? argv[optind + 2] : NULL,
3139 argc > optind + 3 ? argv[optind + 3] : NULL);
3140 } else if (strcmp(argv[optind], "prov") == 0) {
3141 if (argc - optind < 2) {
3142 usage();
3143 exit(0);
3144 }
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3145 ctx.ca_fname = argv[optind + 2];
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame^]3146 wpa_printf(MSG_DEBUG, "Calling cmd_prov from main");
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3147 cmd_prov(&ctx, argv[optind + 1]);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3148 } else if (strcmp(argv[optind], "sim_prov") == 0) {
3149 if (argc - optind < 2) {
3150 usage();
3151 exit(0);
3152 }
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3153 ctx.ca_fname = argv[optind + 2];
3154 cmd_sim_prov(&ctx, argv[optind + 1]);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3155 } else if (strcmp(argv[optind], "dl_osu_ca") == 0) {
3156 if (argc - optind < 2) {
3157 usage();
3158 exit(0);
3159 }
3160 cmd_dl_osu_ca(&ctx, argv[optind + 1], argv[optind + 2]);
3161 } else if (strcmp(argv[optind], "dl_polupd_ca") == 0) {
3162 if (argc - optind < 2) {
3163 usage();
3164 exit(0);
3165 }
3166 cmd_dl_polupd_ca(&ctx, argv[optind + 1], argv[optind + 2]);
3167 } else if (strcmp(argv[optind], "dl_aaa_ca") == 0) {
3168 if (argc - optind < 2) {
3169 usage();
3170 exit(0);
3171 }
3172 cmd_dl_aaa_ca(&ctx, argv[optind + 1], argv[optind + 2]);
3173 } else if (strcmp(argv[optind], "osu_select") == 0) {
3174 if (argc - optind < 2) {
3175 usage();
3176 exit(0);
3177 }
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3178 ctx.ca_fname = argc > optind + 2 ? argv[optind + 2] : NULL;
3179 cmd_osu_select(&ctx, argv[optind + 1], 2, 1, NULL);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3180 } else if (strcmp(argv[optind], "signup") == 0) {
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3181 ctx.ca_fname = argc > optind + 1 ? argv[optind + 1] : NULL;
3182 ret = cmd_signup(&ctx, no_prod_assoc, friendly_name);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3183 } else if (strcmp(argv[optind], "set_pps") == 0) {
3184 if (argc - optind < 2) {
3185 usage();
3186 exit(0);
3187 }
3188 cmd_set_pps(&ctx, argv[optind + 1]);
3189 } else if (strcmp(argv[optind], "get_fqdn") == 0) {
3190 if (argc - optind < 1) {
3191 usage();
3192 exit(0);
3193 }
3194 ret = cmd_get_fqdn(&ctx, argv[optind + 1]);
3195 } else if (strcmp(argv[optind], "oma_dm_prov") == 0) {
3196 if (argc - optind < 2) {
3197 usage();
3198 exit(0);
3199 }
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3200 ctx.ca_fname = argv[optind + 2];
3201 cmd_oma_dm_prov(&ctx, argv[optind + 1]);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3202 } else if (strcmp(argv[optind], "oma_dm_sim_prov") == 0) {
3203 if (argc - optind < 2) {
3204 usage();
3205 exit(0);
3206 }
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3207 ctx.ca_fname = argv[optind + 2];
3208 if (cmd_oma_dm_sim_prov(&ctx, argv[optind + 1]) < 0) {
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3209 write_summary(&ctx, "Failed to complete OMA DM SIM provisioning");
3210 return -1;
3211 }
3212 } else if (strcmp(argv[optind], "oma_dm_add") == 0) {
3213 if (argc - optind < 2) {
3214 usage();
3215 exit(0);
3216 }
3217 cmd_oma_dm_add(&ctx, argv[optind + 1], argv[optind + 2]);
3218 } else if (strcmp(argv[optind], "oma_dm_replace") == 0) {
3219 if (argc - optind < 2) {
3220 usage();
3221 exit(0);
3222 }
3223 cmd_oma_dm_replace(&ctx, argv[optind + 1], argv[optind + 2]);
3224 } else if (strcmp(argv[optind], "est_csr") == 0) {
3225 if (argc - optind < 2) {
3226 usage();
3227 exit(0);
3228 }
3229 mkdir("Cert", S_IRWXU);
3230 est_build_csr(&ctx, argv[optind + 1]);
3231 } else if (strcmp(argv[optind], "browser") == 0) {
3232 int ret;
3233
3234 if (argc - optind < 2) {
3235 usage();
3236 exit(0);
3237 }
3238
3239 wpa_printf(MSG_INFO, "Launch web browser to URL %s",
3240 argv[optind + 1]);
3241 ret = hs20_web_browser(argv[optind + 1]);
3242 wpa_printf(MSG_INFO, "Web browser result: %d", ret);
3243 } else if (strcmp(argv[optind], "parse_cert") == 0) {
3244 if (argc - optind < 2) {
3245 usage();
3246 exit(0);
3247 }
3248
3249 wpa_debug_level = MSG_MSGDUMP;
3250 http_parse_x509_certificate(ctx.http, argv[optind + 1]);
3251 wpa_debug_level = MSG_INFO;
3252 } else {
3253 wpa_printf(MSG_INFO, "Unknown command '%s'", argv[optind]);
3254 }
3255
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3256 deinit_ctx(&ctx);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3257 wpa_printf(MSG_DEBUG,
3258 "===[hs20-osu-client END ]======================");
3259
3260 wpa_debug_close_file();
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3261
3262 return ret;
3263}