Gitiles
Code Review Sign In
gerrit.omnirom.org / android_external_wpa_supplicant_8 / ce48b4a7040f16e400702cb19324379a0f50a03b / . / hs20 / client / osu_client.c
blob: a7ddd19110369ed215128f674cd08cd9267ed56e [file] [log] [blame]
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]1/*
2 * Hotspot 2.0 OSU client
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3 * Copyright (c) 2012-2014, Qualcomm Atheros, Inc.
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9#include "includes.h"
10#include <time.h>
11#include <sys/stat.h>
Dmitry Shmidt7f656022015-02-25 14:36:37 -0800[diff] [blame]12#ifdef ANDROID
13#include "private/android_filesystem_config.h"
14#endif /* ANDROID */
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]15
16#include "common.h"
17#include "utils/browser.h"
18#include "utils/base64.h"
19#include "utils/xml-utils.h"
20#include "utils/http-utils.h"
21#include "common/wpa_ctrl.h"
22#include "common/wpa_helpers.h"
23#include "eap_common/eap_defs.h"
24#include "crypto/crypto.h"
25#include "crypto/sha256.h"
26#include "osu_client.h"
27
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]28const char *spp_xsd_fname = "spp.xsd";
29
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]30
31void write_result(struct hs20_osu_client *ctx, const char *fmt, ...)
32{
33 va_list ap;
34 FILE *f;
35 char buf[500];
36
37 va_start(ap, fmt);
38 vsnprintf(buf, sizeof(buf), fmt, ap);
39 va_end(ap);
40 write_summary(ctx, "%s", buf);
41
42 if (!ctx->result_file)
43 return;
44
45 f = fopen(ctx->result_file, "w");
46 if (f == NULL)
47 return;
48
49 va_start(ap, fmt);
50 vfprintf(f, fmt, ap);
51 va_end(ap);
52 fprintf(f, "\n");
53 fclose(f);
54}
55
56
57void write_summary(struct hs20_osu_client *ctx, const char *fmt, ...)
58{
59 va_list ap;
60 FILE *f;
61
62 if (!ctx->summary_file)
63 return;
64
65 f = fopen(ctx->summary_file, "a");
66 if (f == NULL)
67 return;
68
69 va_start(ap, fmt);
70 vfprintf(f, fmt, ap);
71 va_end(ap);
72 fprintf(f, "\n");
73 fclose(f);
74}
75
76
77void debug_dump_node(struct hs20_osu_client *ctx, const char *title,
78 xml_node_t *node)
79{
80 char *str = xml_node_to_str(ctx->xml, node);
81 wpa_printf(MSG_DEBUG, "[hs20] %s: '%s'", title, str);
82 free(str);
83}
84
85
86static int valid_fqdn(const char *fqdn)
87{
88 const char *pos;
89
90 /* TODO: could make this more complete.. */
91 if (strchr(fqdn, '.') == 0 || strlen(fqdn) > 255)
92 return 0;
93 for (pos = fqdn; *pos; pos++) {
94 if (*pos >= 'a' && *pos <= 'z')
95 continue;
96 if (*pos >= 'A' && *pos <= 'Z')
97 continue;
98 if (*pos >= '0' && *pos <= '9')
99 continue;
100 if (*pos == '-' || *pos == '.' || *pos == '_')
101 continue;
102 return 0;
103 }
104 return 1;
105}
106
107
Roshan Pius3a1667e2018-07-03 15:17:14 -0700[diff] [blame]108static int android_update_permission(const char *path, mode_t mode)
109{
110#ifdef ANDROID
111 /* we need to change file/folder permission for Android */
112
113 if (!path) {
114 wpa_printf(MSG_ERROR, "file path null");
115 return -1;
116 }
117
118 /* Allow processes running with Group ID as AID_WIFI,
119 * to read files from SP, SP/<fqdn>, Cert and osu-info directories */
120 if (chown(path, -1, AID_WIFI)) {
121 wpa_printf(MSG_INFO, "CTRL: Could not chown directory: %s",
122 strerror(errno));
123 return -1;
124 }
125
126 if (chmod(path, mode) < 0) {
127 wpa_printf(MSG_INFO, "CTRL: Could not chmod directory: %s",
128 strerror(errno));
129 return -1;
130 }
131#endif /* ANDROID */
132
133 return 0;
134}
135
136
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]137int osu_get_certificate(struct hs20_osu_client *ctx, xml_node_t *getcert)
138{
139 xml_node_t *node;
140 char *url, *user = NULL, *pw = NULL;
141 char *proto;
142 int ret = -1;
143
144 proto = xml_node_get_attr_value(ctx->xml, getcert,
145 "enrollmentProtocol");
146 if (!proto)
147 return -1;
148 wpa_printf(MSG_INFO, "getCertificate - enrollmentProtocol=%s", proto);
149 write_summary(ctx, "getCertificate - enrollmentProtocol=%s", proto);
150 if (os_strcasecmp(proto, "EST") != 0) {
151 wpa_printf(MSG_INFO, "Unsupported enrollmentProtocol");
152 xml_node_get_attr_value_free(ctx->xml, proto);
153 return -1;
154 }
155 xml_node_get_attr_value_free(ctx->xml, proto);
156
157 node = get_node(ctx->xml, getcert, "enrollmentServerURI");
158 if (node == NULL) {
159 wpa_printf(MSG_INFO, "Could not find enrollmentServerURI node");
160 xml_node_get_attr_value_free(ctx->xml, proto);
161 return -1;
162 }
163 url = xml_node_get_text(ctx->xml, node);
164 if (url == NULL) {
165 wpa_printf(MSG_INFO, "Could not get URL text");
166 return -1;
167 }
168 wpa_printf(MSG_INFO, "enrollmentServerURI: %s", url);
169 write_summary(ctx, "enrollmentServerURI: %s", url);
170
171 node = get_node(ctx->xml, getcert, "estUserID");
172 if (node == NULL && !ctx->client_cert_present) {
173 wpa_printf(MSG_INFO, "Could not find estUserID node");
174 goto fail;
175 }
176 if (node) {
177 user = xml_node_get_text(ctx->xml, node);
178 if (user == NULL) {
179 wpa_printf(MSG_INFO, "Could not get estUserID text");
180 goto fail;
181 }
182 wpa_printf(MSG_INFO, "estUserID: %s", user);
183 write_summary(ctx, "estUserID: %s", user);
184 }
185
186 node = get_node(ctx->xml, getcert, "estPassword");
187 if (node == NULL && !ctx->client_cert_present) {
188 wpa_printf(MSG_INFO, "Could not find estPassword node");
189 goto fail;
190 }
191 if (node) {
192 pw = xml_node_get_base64_text(ctx->xml, node, NULL);
193 if (pw == NULL) {
194 wpa_printf(MSG_INFO, "Could not get estPassword text");
195 goto fail;
196 }
197 wpa_printf(MSG_INFO, "estPassword: %s", pw);
198 }
199
200 mkdir("Cert", S_IRWXU);
Roshan Pius3a1667e2018-07-03 15:17:14 -0700[diff] [blame]201 android_update_permission("Cert", S_IRWXU | S_IRWXG);
202
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]203 if (est_load_cacerts(ctx, url) < 0 ||
204 est_build_csr(ctx, url) < 0 ||
205 est_simple_enroll(ctx, url, user, pw) < 0)
206 goto fail;
207
208 ret = 0;
209fail:
210 xml_node_get_text_free(ctx->xml, url);
211 xml_node_get_text_free(ctx->xml, user);
212 xml_node_get_text_free(ctx->xml, pw);
213
214 return ret;
215}
216
217
218static int process_est_cert(struct hs20_osu_client *ctx, xml_node_t *cert,
219 const char *fqdn)
220{
221 u8 digest1[SHA256_MAC_LEN], digest2[SHA256_MAC_LEN];
222 char *der, *pem;
223 size_t der_len, pem_len;
224 char *fingerprint;
225 char buf[200];
226
227 wpa_printf(MSG_INFO, "PPS for certificate credential - fqdn=%s", fqdn);
228
229 fingerprint = xml_node_get_text(ctx->xml, cert);
230 if (fingerprint == NULL)
231 return -1;
232 if (hexstr2bin(fingerprint, digest1, SHA256_MAC_LEN) < 0) {
233 wpa_printf(MSG_INFO, "Invalid SHA256 hash value");
234 write_result(ctx, "Invalid client certificate SHA256 hash value in PPS");
235 xml_node_get_text_free(ctx->xml, fingerprint);
236 return -1;
237 }
238 xml_node_get_text_free(ctx->xml, fingerprint);
239
240 der = os_readfile("Cert/est_cert.der", &der_len);
241 if (der == NULL) {
242 wpa_printf(MSG_INFO, "Could not find client certificate from EST");
243 write_result(ctx, "Could not find client certificate from EST");
244 return -1;
245 }
246
247 if (sha256_vector(1, (const u8 **) &der, &der_len, digest2) < 0) {
248 os_free(der);
249 return -1;
250 }
251 os_free(der);
252
253 if (os_memcmp(digest1, digest2, sizeof(digest1)) != 0) {
254 wpa_printf(MSG_INFO, "Client certificate from EST does not match fingerprint from PPS MO");
255 write_result(ctx, "Client certificate from EST does not match fingerprint from PPS MO");
256 return -1;
257 }
258
259 wpa_printf(MSG_INFO, "Client certificate from EST matches PPS MO");
260 unlink("Cert/est_cert.der");
261
262 os_snprintf(buf, sizeof(buf), "SP/%s/client-ca.pem", fqdn);
263 if (rename("Cert/est-cacerts.pem", buf) < 0) {
264 wpa_printf(MSG_INFO, "Could not move est-cacerts.pem to client-ca.pem: %s",
265 strerror(errno));
266 return -1;
267 }
268 pem = os_readfile(buf, &pem_len);
269
270 os_snprintf(buf, sizeof(buf), "SP/%s/client-cert.pem", fqdn);
271 if (rename("Cert/est_cert.pem", buf) < 0) {
272 wpa_printf(MSG_INFO, "Could not move est_cert.pem to client-cert.pem: %s",
273 strerror(errno));
274 os_free(pem);
275 return -1;
276 }
277
278 if (pem) {
279 FILE *f = fopen(buf, "a");
280 if (f) {
281 fwrite(pem, pem_len, 1, f);
282 fclose(f);
283 }
284 os_free(pem);
285 }
286
287 os_snprintf(buf, sizeof(buf), "SP/%s/client-key.pem", fqdn);
288 if (rename("Cert/privkey-plain.pem", buf) < 0) {
289 wpa_printf(MSG_INFO, "Could not move privkey-plain.pem to client-key.pem: %s",
290 strerror(errno));
291 return -1;
292 }
293
294 unlink("Cert/est-req.b64");
295 unlink("Cert/est-req.pem");
296 unlink("Cert/est-resp.raw");
297 rmdir("Cert");
298
299 return 0;
300}
301
302
303#define TMP_CERT_DL_FILE "tmp-cert-download"
304
305static int download_cert(struct hs20_osu_client *ctx, xml_node_t *params,
306 const char *fname)
307{
308 xml_node_t *url_node, *hash_node;
309 char *url, *hash;
310 char *cert;
311 size_t len;
312 u8 digest1[SHA256_MAC_LEN], digest2[SHA256_MAC_LEN];
313 int res;
314 unsigned char *b64;
315 FILE *f;
316
317 url_node = get_node(ctx->xml, params, "CertURL");
318 hash_node = get_node(ctx->xml, params, "CertSHA256Fingerprint");
319 if (url_node == NULL || hash_node == NULL)
320 return -1;
321 url = xml_node_get_text(ctx->xml, url_node);
322 hash = xml_node_get_text(ctx->xml, hash_node);
323 if (url == NULL || hash == NULL) {
324 xml_node_get_text_free(ctx->xml, url);
325 xml_node_get_text_free(ctx->xml, hash);
326 return -1;
327 }
328
329 wpa_printf(MSG_INFO, "CertURL: %s", url);
330 wpa_printf(MSG_INFO, "SHA256 hash: %s", hash);
331
332 if (hexstr2bin(hash, digest1, SHA256_MAC_LEN) < 0) {
333 wpa_printf(MSG_INFO, "Invalid SHA256 hash value");
334 write_result(ctx, "Invalid SHA256 hash value for downloaded certificate");
335 xml_node_get_text_free(ctx->xml, hash);
336 return -1;
337 }
338 xml_node_get_text_free(ctx->xml, hash);
339
340 write_summary(ctx, "Download certificate from %s", url);
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]341 ctx->no_osu_cert_validation = 1;
342 http_ocsp_set(ctx->http, 1);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]343 res = http_download_file(ctx->http, url, TMP_CERT_DL_FILE, NULL);
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]344 http_ocsp_set(ctx->http,
345 (ctx->workarounds & WORKAROUND_OCSP_OPTIONAL) ? 1 : 2);
346 ctx->no_osu_cert_validation = 0;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]347 xml_node_get_text_free(ctx->xml, url);
348 if (res < 0)
349 return -1;
350
351 cert = os_readfile(TMP_CERT_DL_FILE, &len);
352 remove(TMP_CERT_DL_FILE);
353 if (cert == NULL)
354 return -1;
355
356 if (sha256_vector(1, (const u8 **) &cert, &len, digest2) < 0) {
357 os_free(cert);
358 return -1;
359 }
360
361 if (os_memcmp(digest1, digest2, sizeof(digest1)) != 0) {
362 wpa_printf(MSG_INFO, "Downloaded certificate fingerprint did not match");
363 write_result(ctx, "Downloaded certificate fingerprint did not match");
364 os_free(cert);
365 return -1;
366 }
367
368 b64 = base64_encode((unsigned char *) cert, len, NULL);
369 os_free(cert);
370 if (b64 == NULL)
371 return -1;
372
373 f = fopen(fname, "wb");
374 if (f == NULL) {
375 os_free(b64);
376 return -1;
377 }
378
379 fprintf(f, "-----BEGIN CERTIFICATE-----\n"
380 "%s"
381 "-----END CERTIFICATE-----\n",
382 b64);
383
384 os_free(b64);
385 fclose(f);
386
387 wpa_printf(MSG_INFO, "Downloaded certificate into %s and validated fingerprint",
388 fname);
389 write_summary(ctx, "Downloaded certificate into %s and validated fingerprint",
390 fname);
391
392 return 0;
393}
394
395
396static int cmd_dl_osu_ca(struct hs20_osu_client *ctx, const char *pps_fname,
397 const char *ca_fname)
398{
399 xml_node_t *pps, *node;
400 int ret;
401
402 pps = node_from_file(ctx->xml, pps_fname);
403 if (pps == NULL) {
404 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
405 return -1;
406 }
407
408 node = get_child_node(ctx->xml, pps,
409 "SubscriptionUpdate/TrustRoot");
410 if (node == NULL) {
411 wpa_printf(MSG_INFO, "No SubscriptionUpdate/TrustRoot/CertURL found from PPS");
412 xml_node_free(ctx->xml, pps);
413 return -1;
414 }
415
416 ret = download_cert(ctx, node, ca_fname);
417 xml_node_free(ctx->xml, pps);
418
419 return ret;
420}
421
422
423static int cmd_dl_polupd_ca(struct hs20_osu_client *ctx, const char *pps_fname,
424 const char *ca_fname)
425{
426 xml_node_t *pps, *node;
427 int ret;
428
429 pps = node_from_file(ctx->xml, pps_fname);
430 if (pps == NULL) {
431 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
432 return -1;
433 }
434
435 node = get_child_node(ctx->xml, pps,
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]436 "Policy/PolicyUpdate/TrustRoot");
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]437 if (node == NULL) {
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]438 wpa_printf(MSG_INFO, "No Policy/PolicyUpdate/TrustRoot/CertURL found from PPS");
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]439 xml_node_free(ctx->xml, pps);
440 return -1;
441 }
442
443 ret = download_cert(ctx, node, ca_fname);
444 xml_node_free(ctx->xml, pps);
445
446 return ret;
447}
448
449
450static int cmd_dl_aaa_ca(struct hs20_osu_client *ctx, const char *pps_fname,
451 const char *ca_fname)
452{
453 xml_node_t *pps, *node, *aaa;
454 int ret;
455
456 pps = node_from_file(ctx->xml, pps_fname);
457 if (pps == NULL) {
458 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
459 return -1;
460 }
461
462 node = get_child_node(ctx->xml, pps,
463 "AAAServerTrustRoot");
464 if (node == NULL) {
465 wpa_printf(MSG_INFO, "No AAAServerTrustRoot/CertURL found from PPS");
466 xml_node_free(ctx->xml, pps);
467 return -1;
468 }
469
470 aaa = xml_node_first_child(ctx->xml, node);
471 if (aaa == NULL) {
472 wpa_printf(MSG_INFO, "No AAAServerTrustRoot/CertURL found from PPS");
473 xml_node_free(ctx->xml, pps);
474 return -1;
475 }
476
477 ret = download_cert(ctx, aaa, ca_fname);
478 xml_node_free(ctx->xml, pps);
479
480 return ret;
481}
482
483
484static int download_trust_roots(struct hs20_osu_client *ctx,
485 const char *pps_fname)
486{
487 char *dir, *pos;
488 char fname[300];
489 int ret;
490
491 dir = os_strdup(pps_fname);
492 if (dir == NULL)
493 return -1;
494 pos = os_strrchr(dir, '/');
495 if (pos == NULL) {
496 os_free(dir);
497 return -1;
498 }
499 *pos = '\0';
500
501 snprintf(fname, sizeof(fname), "%s/ca.pem", dir);
502 ret = cmd_dl_osu_ca(ctx, pps_fname, fname);
503 snprintf(fname, sizeof(fname), "%s/polupd-ca.pem", dir);
504 cmd_dl_polupd_ca(ctx, pps_fname, fname);
505 snprintf(fname, sizeof(fname), "%s/aaa-ca.pem", dir);
506 cmd_dl_aaa_ca(ctx, pps_fname, fname);
507
508 os_free(dir);
509
510 return ret;
511}
512
513
514static int server_dnsname_suffix_match(struct hs20_osu_client *ctx,
515 const char *fqdn)
516{
517 size_t match_len, len, i;
518 const char *val;
519
520 match_len = os_strlen(fqdn);
521
522 for (i = 0; i < ctx->server_dnsname_count; i++) {
523 wpa_printf(MSG_INFO,
524 "Checking suffix match against server dNSName %s",
525 ctx->server_dnsname[i]);
526 val = ctx->server_dnsname[i];
527 len = os_strlen(val);
528
529 if (match_len > len)
530 continue;
531
532 if (os_strncasecmp(val + len - match_len, fqdn, match_len) != 0)
533 continue; /* no match */
534
535 if (match_len == len)
536 return 1; /* exact match */
537
538 if (val[len - match_len - 1] == '.')
539 return 1; /* full label match completes suffix match */
540
541 /* Reject due to incomplete label match */
542 }
543
544 /* None of the dNSName(s) matched */
545 return 0;
546}
547
548
549int hs20_add_pps_mo(struct hs20_osu_client *ctx, const char *uri,
550 xml_node_t *add_mo, char *fname, size_t fname_len)
551{
552 char *str;
553 char *fqdn, *pos;
554 xml_node_t *tnds, *mo, *cert;
555 const char *name;
556 int ret;
557
558 if (strncmp(uri, "./Wi-Fi/", 8) != 0) {
559 wpa_printf(MSG_INFO, "Unsupported location for addMO to add PPS MO: '%s'",
560 uri);
561 write_result(ctx, "Unsupported location for addMO to add PPS MO: '%s'",
562 uri);
563 return -1;
564 }
565
566 fqdn = strdup(uri + 8);
567 if (fqdn == NULL)
568 return -1;
569 pos = strchr(fqdn, '/');
570 if (pos) {
571 if (os_strcasecmp(pos, "/PerProviderSubscription") != 0) {
572 wpa_printf(MSG_INFO, "Unsupported location for addMO to add PPS MO (extra directory): '%s'",
573 uri);
574 write_result(ctx, "Unsupported location for addMO to "
575 "add PPS MO (extra directory): '%s'", uri);
Dmitry Shmidt41712582015-06-29 11:02:15 -0700[diff] [blame]576 free(fqdn);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]577 return -1;
578 }
579 *pos = '\0'; /* remove trailing slash and PPS node name */
580 }
581 wpa_printf(MSG_INFO, "SP FQDN: %s", fqdn);
582
583 if (!server_dnsname_suffix_match(ctx, fqdn)) {
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]584 wpa_printf(MSG_INFO,
585 "FQDN '%s' for new PPS MO did not have suffix match with server's dNSName values, count: %d",
586 fqdn, (int) ctx->server_dnsname_count);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]587 write_result(ctx, "FQDN '%s' for new PPS MO did not have suffix match with server's dNSName values",
588 fqdn);
589 free(fqdn);
590 return -1;
591 }
592
593 if (!valid_fqdn(fqdn)) {
594 wpa_printf(MSG_INFO, "Invalid FQDN '%s'", fqdn);
595 write_result(ctx, "Invalid FQDN '%s'", fqdn);
596 free(fqdn);
597 return -1;
598 }
599
600 mkdir("SP", S_IRWXU);
601 snprintf(fname, fname_len, "SP/%s", fqdn);
602 if (mkdir(fname, S_IRWXU) < 0) {
603 if (errno != EEXIST) {
604 int err = errno;
605 wpa_printf(MSG_INFO, "mkdir(%s) failed: %s",
606 fname, strerror(err));
607 free(fqdn);
608 return -1;
609 }
610 }
611
Roshan Pius3a1667e2018-07-03 15:17:14 -0700[diff] [blame]612 android_update_permission("SP", S_IRWXU | S_IRGRP | S_IXGRP);
613 android_update_permission(fname, S_IRWXU | S_IRGRP | S_IXGRP);
Dmitry Shmidt7f656022015-02-25 14:36:37 -0800[diff] [blame]614
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]615 snprintf(fname, fname_len, "SP/%s/pps.xml", fqdn);
616
617 if (os_file_exists(fname)) {
618 wpa_printf(MSG_INFO, "PPS file '%s' exists - reject addMO",
619 fname);
620 write_result(ctx, "PPS file '%s' exists - reject addMO",
621 fname);
622 free(fqdn);
623 return -2;
624 }
625 wpa_printf(MSG_INFO, "Using PPS file: %s", fname);
626
627 str = xml_node_get_text(ctx->xml, add_mo);
628 if (str == NULL) {
629 wpa_printf(MSG_INFO, "Could not extract MO text");
630 free(fqdn);
631 return -1;
632 }
633 wpa_printf(MSG_DEBUG, "[hs20] addMO text: '%s'", str);
634
635 tnds = xml_node_from_buf(ctx->xml, str);
636 xml_node_get_text_free(ctx->xml, str);
637 if (tnds == NULL) {
638 wpa_printf(MSG_INFO, "[hs20] Could not parse addMO text");
639 free(fqdn);
640 return -1;
641 }
642
643 mo = tnds_to_mo(ctx->xml, tnds);
644 if (mo == NULL) {
645 wpa_printf(MSG_INFO, "[hs20] Could not parse addMO TNDS text");
646 free(fqdn);
647 return -1;
648 }
649
650 debug_dump_node(ctx, "Parsed TNDS", mo);
651
652 name = xml_node_get_localname(ctx->xml, mo);
653 if (os_strcasecmp(name, "PerProviderSubscription") != 0) {
654 wpa_printf(MSG_INFO, "[hs20] Unexpected PPS MO root node name '%s'",
655 name);
656 free(fqdn);
657 return -1;
658 }
659
660 cert = get_child_node(ctx->xml, mo,
661 "Credential/DigitalCertificate/"
662 "CertSHA256Fingerprint");
663 if (cert && process_est_cert(ctx, cert, fqdn) < 0) {
664 xml_node_free(ctx->xml, mo);
665 free(fqdn);
666 return -1;
667 }
668 free(fqdn);
669
670 if (node_to_file(ctx->xml, fname, mo) < 0) {
671 wpa_printf(MSG_INFO, "Could not write MO to file");
672 xml_node_free(ctx->xml, mo);
673 return -1;
674 }
675 xml_node_free(ctx->xml, mo);
676
677 wpa_printf(MSG_INFO, "A new PPS MO added as '%s'", fname);
678 write_summary(ctx, "A new PPS MO added as '%s'", fname);
679
680 ret = download_trust_roots(ctx, fname);
681 if (ret < 0) {
682 wpa_printf(MSG_INFO, "Remove invalid PPS MO file");
683 write_summary(ctx, "Remove invalid PPS MO file");
684 unlink(fname);
685 }
686
687 return ret;
688}
689
690
691int update_pps_file(struct hs20_osu_client *ctx, const char *pps_fname,
692 xml_node_t *pps)
693{
694 char *str;
695 FILE *f;
696 char backup[300];
697
698 if (ctx->client_cert_present) {
699 xml_node_t *cert;
700 cert = get_child_node(ctx->xml, pps,
701 "Credential/DigitalCertificate/"
702 "CertSHA256Fingerprint");
703 if (cert && os_file_exists("Cert/est_cert.der") &&
704 process_est_cert(ctx, cert, ctx->fqdn) < 0) {
705 wpa_printf(MSG_INFO, "EST certificate update processing failed on PPS MO update");
706 return -1;
707 }
708 }
709
710 wpa_printf(MSG_INFO, "Updating PPS MO %s", pps_fname);
711
712 str = xml_node_to_str(ctx->xml, pps);
Dmitry Shmidt7f656022015-02-25 14:36:37 -0800[diff] [blame]713 if (str == NULL) {
714 wpa_printf(MSG_ERROR, "No node found");
715 return -1;
716 }
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]717 wpa_printf(MSG_MSGDUMP, "[hs20] Updated PPS: '%s'", str);
718
719 snprintf(backup, sizeof(backup), "%s.bak", pps_fname);
720 rename(pps_fname, backup);
721 f = fopen(pps_fname, "w");
722 if (f == NULL) {
723 wpa_printf(MSG_INFO, "Could not write PPS");
724 rename(backup, pps_fname);
725 free(str);
726 return -1;
727 }
728 fprintf(f, "%s\n", str);
729 fclose(f);
730
731 free(str);
732
733 return 0;
734}
735
736
737void get_user_pw(struct hs20_osu_client *ctx, xml_node_t *pps,
738 const char *alt_loc, char **user, char **pw)
739{
740 xml_node_t *node;
741
742 node = get_child_node(ctx->xml, pps,
743 "Credential/UsernamePassword/Username");
744 if (node)
745 *user = xml_node_get_text(ctx->xml, node);
746
747 node = get_child_node(ctx->xml, pps,
748 "Credential/UsernamePassword/Password");
749 if (node)
750 *pw = xml_node_get_base64_text(ctx->xml, node, NULL);
751
752 node = get_child_node(ctx->xml, pps, alt_loc);
753 if (node) {
754 xml_node_t *a;
755 a = get_node(ctx->xml, node, "Username");
756 if (a) {
757 xml_node_get_text_free(ctx->xml, *user);
758 *user = xml_node_get_text(ctx->xml, a);
759 wpa_printf(MSG_INFO, "Use OSU username '%s'", *user);
760 }
761
762 a = get_node(ctx->xml, node, "Password");
763 if (a) {
764 free(*pw);
765 *pw = xml_node_get_base64_text(ctx->xml, a, NULL);
766 wpa_printf(MSG_INFO, "Use OSU password");
767 }
768 }
769}
770
771
772/* Remove old credentials based on HomeSP/FQDN */
773static void remove_sp_creds(struct hs20_osu_client *ctx, const char *fqdn)
774{
775 char cmd[300];
776 os_snprintf(cmd, sizeof(cmd), "REMOVE_CRED provisioning_sp=%s", fqdn);
777 if (wpa_command(ctx->ifname, cmd) < 0)
778 wpa_printf(MSG_INFO, "Failed to remove old credential(s)");
779}
780
781
782static void set_pps_cred_policy_spe(struct hs20_osu_client *ctx, int id,
783 xml_node_t *spe)
784{
785 xml_node_t *ssid;
786 char *txt;
787
788 ssid = get_node(ctx->xml, spe, "SSID");
789 if (ssid == NULL)
790 return;
791 txt = xml_node_get_text(ctx->xml, ssid);
792 if (txt == NULL)
793 return;
794 wpa_printf(MSG_DEBUG, "- Policy/SPExclusionList/<X+>/SSID = %s", txt);
795 if (set_cred_quoted(ctx->ifname, id, "excluded_ssid", txt) < 0)
796 wpa_printf(MSG_INFO, "Failed to set cred excluded_ssid");
797 xml_node_get_text_free(ctx->xml, txt);
798}
799
800
801static void set_pps_cred_policy_spel(struct hs20_osu_client *ctx, int id,
802 xml_node_t *spel)
803{
804 xml_node_t *child;
805
806 xml_node_for_each_child(ctx->xml, child, spel) {
807 xml_node_for_each_check(ctx->xml, child);
808 set_pps_cred_policy_spe(ctx, id, child);
809 }
810}
811
812
813static void set_pps_cred_policy_prp(struct hs20_osu_client *ctx, int id,
814 xml_node_t *prp)
815{
816 xml_node_t *node;
817 char *txt = NULL, *pos;
818 char *prio, *country_buf = NULL;
819 const char *country;
820 char val[200];
821 int priority;
822
823 node = get_node(ctx->xml, prp, "Priority");
824 if (node == NULL)
825 return;
826 prio = xml_node_get_text(ctx->xml, node);
827 if (prio == NULL)
828 return;
829 wpa_printf(MSG_INFO, "- Policy/PreferredRoamingPartnerList/<X+>/Priority = %s",
830 prio);
831 priority = atoi(prio);
832 xml_node_get_text_free(ctx->xml, prio);
833
834 node = get_node(ctx->xml, prp, "Country");
835 if (node) {
836 country_buf = xml_node_get_text(ctx->xml, node);
837 if (country_buf == NULL)
838 return;
839 country = country_buf;
840 wpa_printf(MSG_INFO, "- Policy/PreferredRoamingPartnerList/<X+>/Country = %s",
841 country);
842 } else {
843 country = "*";
844 }
845
846 node = get_node(ctx->xml, prp, "FQDN_Match");
847 if (node == NULL)
848 goto out;
849 txt = xml_node_get_text(ctx->xml, node);
850 if (txt == NULL)
851 goto out;
852 wpa_printf(MSG_INFO, "- Policy/PreferredRoamingPartnerList/<X+>/FQDN_Match = %s",
853 txt);
854 pos = strrchr(txt, ',');
855 if (pos == NULL)
856 goto out;
857 *pos++ = '\0';
858
859 snprintf(val, sizeof(val), "%s,%d,%d,%s", txt,
860 strcmp(pos, "includeSubdomains") != 0, priority, country);
861 if (set_cred_quoted(ctx->ifname, id, "roaming_partner", val) < 0)
862 wpa_printf(MSG_INFO, "Failed to set cred roaming_partner");
863out:
864 xml_node_get_text_free(ctx->xml, country_buf);
865 xml_node_get_text_free(ctx->xml, txt);
866}
867
868
869static void set_pps_cred_policy_prpl(struct hs20_osu_client *ctx, int id,
870 xml_node_t *prpl)
871{
872 xml_node_t *child;
873
874 xml_node_for_each_child(ctx->xml, child, prpl) {
875 xml_node_for_each_check(ctx->xml, child);
876 set_pps_cred_policy_prp(ctx, id, child);
877 }
878}
879
880
881static void set_pps_cred_policy_min_backhaul(struct hs20_osu_client *ctx, int id,
882 xml_node_t *min_backhaul)
883{
884 xml_node_t *node;
885 char *type, *dl = NULL, *ul = NULL;
886 int home;
887
888 node = get_node(ctx->xml, min_backhaul, "NetworkType");
889 if (node == NULL) {
890 wpa_printf(MSG_INFO, "Ignore MinBackhaulThreshold without mandatory NetworkType node");
891 return;
892 }
893
894 type = xml_node_get_text(ctx->xml, node);
895 if (type == NULL)
896 return;
897 wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold/<X+>/NetworkType = %s",
898 type);
899 if (os_strcasecmp(type, "home") == 0)
900 home = 1;
901 else if (os_strcasecmp(type, "roaming") == 0)
902 home = 0;
903 else {
904 wpa_printf(MSG_INFO, "Ignore MinBackhaulThreshold with invalid NetworkType");
905 xml_node_get_text_free(ctx->xml, type);
906 return;
907 }
908 xml_node_get_text_free(ctx->xml, type);
909
910 node = get_node(ctx->xml, min_backhaul, "DLBandwidth");
911 if (node)
912 dl = xml_node_get_text(ctx->xml, node);
913
914 node = get_node(ctx->xml, min_backhaul, "ULBandwidth");
915 if (node)
916 ul = xml_node_get_text(ctx->xml, node);
917
918 if (dl == NULL && ul == NULL) {
919 wpa_printf(MSG_INFO, "Ignore MinBackhaulThreshold without either DLBandwidth or ULBandwidth nodes");
920 return;
921 }
922
923 if (dl)
924 wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold/<X+>/DLBandwidth = %s",
925 dl);
926 if (ul)
927 wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold/<X+>/ULBandwidth = %s",
928 ul);
929
930 if (home) {
931 if (dl &&
932 set_cred(ctx->ifname, id, "min_dl_bandwidth_home", dl) < 0)
933 wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
934 if (ul &&
935 set_cred(ctx->ifname, id, "min_ul_bandwidth_home", ul) < 0)
936 wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
937 } else {
938 if (dl &&
939 set_cred(ctx->ifname, id, "min_dl_bandwidth_roaming", dl) <
940 0)
941 wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
942 if (ul &&
943 set_cred(ctx->ifname, id, "min_ul_bandwidth_roaming", ul) <
944 0)
945 wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
946 }
947
948 xml_node_get_text_free(ctx->xml, dl);
949 xml_node_get_text_free(ctx->xml, ul);
950}
951
952
953static void set_pps_cred_policy_min_backhaul_list(struct hs20_osu_client *ctx,
954 int id, xml_node_t *node)
955{
956 xml_node_t *child;
957
958 wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold");
959
960 xml_node_for_each_child(ctx->xml, child, node) {
961 xml_node_for_each_check(ctx->xml, child);
962 set_pps_cred_policy_min_backhaul(ctx, id, child);
963 }
964}
965
966
967static void set_pps_cred_policy_update(struct hs20_osu_client *ctx, int id,
968 xml_node_t *node)
969{
970 wpa_printf(MSG_INFO, "- Policy/PolicyUpdate");
971 /* Not used in wpa_supplicant */
972}
973
974
975static void set_pps_cred_policy_required_proto_port(struct hs20_osu_client *ctx,
976 int id, xml_node_t *tuple)
977{
978 xml_node_t *node;
979 char *proto, *port;
980 char *buf;
981 size_t buflen;
982
983 node = get_node(ctx->xml, tuple, "IPProtocol");
984 if (node == NULL) {
985 wpa_printf(MSG_INFO, "Ignore RequiredProtoPortTuple without mandatory IPProtocol node");
986 return;
987 }
988
989 proto = xml_node_get_text(ctx->xml, node);
990 if (proto == NULL)
991 return;
992
993 wpa_printf(MSG_INFO, "- Policy/RequiredProtoPortTuple/<X+>/IPProtocol = %s",
994 proto);
995
996 node = get_node(ctx->xml, tuple, "PortNumber");
997 port = node ? xml_node_get_text(ctx->xml, node) : NULL;
998 if (port) {
999 wpa_printf(MSG_INFO, "- Policy/RequiredProtoPortTuple/<X+>/PortNumber = %s",
1000 port);
1001 buflen = os_strlen(proto) + os_strlen(port) + 10;
1002 buf = os_malloc(buflen);
1003 if (buf)
1004 os_snprintf(buf, buflen, "%s:%s", proto, port);
1005 xml_node_get_text_free(ctx->xml, port);
1006 } else {
1007 buflen = os_strlen(proto) + 10;
1008 buf = os_malloc(buflen);
1009 if (buf)
1010 os_snprintf(buf, buflen, "%s", proto);
1011 }
1012
1013 xml_node_get_text_free(ctx->xml, proto);
1014
1015 if (buf == NULL)
1016 return;
1017
1018 if (set_cred(ctx->ifname, id, "req_conn_capab", buf) < 0)
1019 wpa_printf(MSG_INFO, "Could not set req_conn_capab");
1020
1021 os_free(buf);
1022}
1023
1024
1025static void set_pps_cred_policy_required_proto_ports(struct hs20_osu_client *ctx,
1026 int id, xml_node_t *node)
1027{
1028 xml_node_t *child;
1029
1030 wpa_printf(MSG_INFO, "- Policy/RequiredProtoPortTuple");
1031
1032 xml_node_for_each_child(ctx->xml, child, node) {
1033 xml_node_for_each_check(ctx->xml, child);
1034 set_pps_cred_policy_required_proto_port(ctx, id, child);
1035 }
1036}
1037
1038
1039static void set_pps_cred_policy_max_bss_load(struct hs20_osu_client *ctx, int id,
1040 xml_node_t *node)
1041{
1042 char *str = xml_node_get_text(ctx->xml, node);
1043 if (str == NULL)
1044 return;
1045 wpa_printf(MSG_INFO, "- Policy/MaximumBSSLoadValue - %s", str);
1046 if (set_cred(ctx->ifname, id, "max_bss_load", str) < 0)
1047 wpa_printf(MSG_INFO, "Failed to set cred max_bss_load limit");
1048 xml_node_get_text_free(ctx->xml, str);
1049}
1050
1051
1052static void set_pps_cred_policy(struct hs20_osu_client *ctx, int id,
1053 xml_node_t *node)
1054{
1055 xml_node_t *child;
1056 const char *name;
1057
1058 wpa_printf(MSG_INFO, "- Policy");
1059
1060 xml_node_for_each_child(ctx->xml, child, node) {
1061 xml_node_for_each_check(ctx->xml, child);
1062 name = xml_node_get_localname(ctx->xml, child);
1063 if (os_strcasecmp(name, "PreferredRoamingPartnerList") == 0)
1064 set_pps_cred_policy_prpl(ctx, id, child);
1065 else if (os_strcasecmp(name, "MinBackhaulThreshold") == 0)
1066 set_pps_cred_policy_min_backhaul_list(ctx, id, child);
1067 else if (os_strcasecmp(name, "PolicyUpdate") == 0)
1068 set_pps_cred_policy_update(ctx, id, child);
1069 else if (os_strcasecmp(name, "SPExclusionList") == 0)
1070 set_pps_cred_policy_spel(ctx, id, child);
1071 else if (os_strcasecmp(name, "RequiredProtoPortTuple") == 0)
1072 set_pps_cred_policy_required_proto_ports(ctx, id, child);
1073 else if (os_strcasecmp(name, "MaximumBSSLoadValue") == 0)
1074 set_pps_cred_policy_max_bss_load(ctx, id, child);
1075 else
1076 wpa_printf(MSG_INFO, "Unknown Policy node '%s'", name);
1077 }
1078}
1079
1080
1081static void set_pps_cred_priority(struct hs20_osu_client *ctx, int id,
1082 xml_node_t *node)
1083{
1084 char *str = xml_node_get_text(ctx->xml, node);
1085 if (str == NULL)
1086 return;
1087 wpa_printf(MSG_INFO, "- CredentialPriority = %s", str);
1088 if (set_cred(ctx->ifname, id, "sp_priority", str) < 0)
1089 wpa_printf(MSG_INFO, "Failed to set cred sp_priority");
1090 xml_node_get_text_free(ctx->xml, str);
1091}
1092
1093
1094static void set_pps_cred_aaa_server_trust_root(struct hs20_osu_client *ctx,
1095 int id, xml_node_t *node)
1096{
1097 wpa_printf(MSG_INFO, "- AAAServerTrustRoot - TODO");
1098}
1099
1100
1101static void set_pps_cred_sub_update(struct hs20_osu_client *ctx, int id,
1102 xml_node_t *node)
1103{
1104 wpa_printf(MSG_INFO, "- SubscriptionUpdate");
1105 /* not used within wpa_supplicant */
1106}
1107
1108
1109static void set_pps_cred_home_sp_network_id(struct hs20_osu_client *ctx,
1110 int id, xml_node_t *node)
1111{
1112 xml_node_t *ssid_node, *hessid_node;
1113 char *ssid, *hessid;
1114
1115 ssid_node = get_node(ctx->xml, node, "SSID");
1116 if (ssid_node == NULL) {
1117 wpa_printf(MSG_INFO, "Ignore HomeSP/NetworkID without mandatory SSID node");
1118 return;
1119 }
1120
1121 hessid_node = get_node(ctx->xml, node, "HESSID");
1122
1123 ssid = xml_node_get_text(ctx->xml, ssid_node);
1124 if (ssid == NULL)
1125 return;
1126 hessid = hessid_node ? xml_node_get_text(ctx->xml, hessid_node) : NULL;
1127
1128 wpa_printf(MSG_INFO, "- HomeSP/NetworkID/<X+>/SSID = %s", ssid);
1129 if (hessid)
1130 wpa_printf(MSG_INFO, "- HomeSP/NetworkID/<X+>/HESSID = %s",
1131 hessid);
1132
1133 /* TODO: Configure to wpa_supplicant */
1134
1135 xml_node_get_text_free(ctx->xml, ssid);
1136 xml_node_get_text_free(ctx->xml, hessid);
1137}
1138
1139
1140static void set_pps_cred_home_sp_network_ids(struct hs20_osu_client *ctx,
1141 int id, xml_node_t *node)
1142{
1143 xml_node_t *child;
1144
1145 wpa_printf(MSG_INFO, "- HomeSP/NetworkID");
1146
1147 xml_node_for_each_child(ctx->xml, child, node) {
1148 xml_node_for_each_check(ctx->xml, child);
1149 set_pps_cred_home_sp_network_id(ctx, id, child);
1150 }
1151}
1152
1153
1154static void set_pps_cred_home_sp_friendly_name(struct hs20_osu_client *ctx,
1155 int id, xml_node_t *node)
1156{
1157 char *str = xml_node_get_text(ctx->xml, node);
1158 if (str == NULL)
1159 return;
1160 wpa_printf(MSG_INFO, "- HomeSP/FriendlyName = %s", str);
1161 /* not used within wpa_supplicant(?) */
1162 xml_node_get_text_free(ctx->xml, str);
1163}
1164
1165
1166static void set_pps_cred_home_sp_icon_url(struct hs20_osu_client *ctx,
1167 int id, xml_node_t *node)
1168{
1169 char *str = xml_node_get_text(ctx->xml, node);
1170 if (str == NULL)
1171 return;
1172 wpa_printf(MSG_INFO, "- HomeSP/IconURL = %s", str);
1173 /* not used within wpa_supplicant */
1174 xml_node_get_text_free(ctx->xml, str);
1175}
1176
1177
1178static void set_pps_cred_home_sp_fqdn(struct hs20_osu_client *ctx, int id,
1179 xml_node_t *node)
1180{
1181 char *str = xml_node_get_text(ctx->xml, node);
1182 if (str == NULL)
1183 return;
1184 wpa_printf(MSG_INFO, "- HomeSP/FQDN = %s", str);
1185 if (set_cred_quoted(ctx->ifname, id, "domain", str) < 0)
1186 wpa_printf(MSG_INFO, "Failed to set cred domain");
1187 if (set_cred_quoted(ctx->ifname, id, "domain_suffix_match", str) < 0)
1188 wpa_printf(MSG_INFO, "Failed to set cred domain_suffix_match");
1189 xml_node_get_text_free(ctx->xml, str);
1190}
1191
1192
1193static void set_pps_cred_home_sp_oi(struct hs20_osu_client *ctx, int id,
1194 xml_node_t *node)
1195{
1196 xml_node_t *child;
1197 const char *name;
1198 char *homeoi = NULL;
1199 int required = 0;
1200 char *str;
1201
1202 xml_node_for_each_child(ctx->xml, child, node) {
1203 xml_node_for_each_check(ctx->xml, child);
1204 name = xml_node_get_localname(ctx->xml, child);
1205 if (strcasecmp(name, "HomeOI") == 0 && !homeoi) {
1206 homeoi = xml_node_get_text(ctx->xml, child);
1207 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+>/HomeOI = %s",
1208 homeoi);
1209 } else if (strcasecmp(name, "HomeOIRequired") == 0) {
1210 str = xml_node_get_text(ctx->xml, child);
1211 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+>/HomeOIRequired = '%s'",
1212 str);
1213 if (str == NULL)
1214 continue;
1215 required = strcasecmp(str, "true") == 0;
1216 xml_node_get_text_free(ctx->xml, str);
1217 } else
1218 wpa_printf(MSG_INFO, "Unknown HomeOIList node '%s'",
1219 name);
1220 }
1221
1222 if (homeoi == NULL) {
1223 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+> without HomeOI ignored");
1224 return;
1225 }
1226
1227 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+> '%s' required=%d",
1228 homeoi, required);
1229
1230 if (required) {
1231 if (set_cred(ctx->ifname, id, "required_roaming_consortium",
1232 homeoi) < 0)
1233 wpa_printf(MSG_INFO, "Failed to set cred required_roaming_consortium");
1234 } else {
Hai Shalomce48b4a2018-09-05 11:41:35 -0700[diff] [blame^]1235 if (set_cred(ctx->ifname, id, "roaming_consortium", homeoi) < 0)
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]1236 wpa_printf(MSG_INFO, "Failed to set cred roaming_consortium");
1237 }
1238
1239 xml_node_get_text_free(ctx->xml, homeoi);
1240}
1241
1242
1243static void set_pps_cred_home_sp_oi_list(struct hs20_osu_client *ctx, int id,
1244 xml_node_t *node)
1245{
1246 xml_node_t *child;
1247
1248 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList");
1249
1250 xml_node_for_each_child(ctx->xml, child, node) {
1251 xml_node_for_each_check(ctx->xml, child);
1252 set_pps_cred_home_sp_oi(ctx, id, child);
1253 }
1254}
1255
1256
1257static void set_pps_cred_home_sp_other_partner(struct hs20_osu_client *ctx,
1258 int id, xml_node_t *node)
1259{
1260 xml_node_t *child;
1261 const char *name;
1262 char *fqdn = NULL;
1263
1264 xml_node_for_each_child(ctx->xml, child, node) {
1265 xml_node_for_each_check(ctx->xml, child);
1266 name = xml_node_get_localname(ctx->xml, child);
1267 if (os_strcasecmp(name, "FQDN") == 0 && !fqdn) {
1268 fqdn = xml_node_get_text(ctx->xml, child);
1269 wpa_printf(MSG_INFO, "- HomeSP/OtherHomePartners/<X+>/FQDN = %s",
1270 fqdn);
1271 } else
1272 wpa_printf(MSG_INFO, "Unknown OtherHomePartners node '%s'",
1273 name);
1274 }
1275
1276 if (fqdn == NULL) {
1277 wpa_printf(MSG_INFO, "- HomeSP/OtherHomePartners/<X+> without FQDN ignored");
1278 return;
1279 }
1280
1281 if (set_cred_quoted(ctx->ifname, id, "domain", fqdn) < 0)
1282 wpa_printf(MSG_INFO, "Failed to set cred domain for OtherHomePartners node");
1283
1284 xml_node_get_text_free(ctx->xml, fqdn);
1285}
1286
1287
1288static void set_pps_cred_home_sp_other_partners(struct hs20_osu_client *ctx,
1289 int id,
1290 xml_node_t *node)
1291{
1292 xml_node_t *child;
1293
1294 wpa_printf(MSG_INFO, "- HomeSP/OtherHomePartners");
1295
1296 xml_node_for_each_child(ctx->xml, child, node) {
1297 xml_node_for_each_check(ctx->xml, child);
1298 set_pps_cred_home_sp_other_partner(ctx, id, child);
1299 }
1300}
1301
1302
1303static void set_pps_cred_home_sp_roaming_consortium_oi(
1304 struct hs20_osu_client *ctx, int id, xml_node_t *node)
1305{
1306 char *str = xml_node_get_text(ctx->xml, node);
1307 if (str == NULL)
1308 return;
1309 wpa_printf(MSG_INFO, "- HomeSP/RoamingConsortiumOI = %s", str);
Roshan Pius3a1667e2018-07-03 15:17:14 -0700[diff] [blame]1310 if (set_cred_quoted(ctx->ifname, id, "roaming_consortiums",
1311 str) < 0)
1312 wpa_printf(MSG_INFO, "Failed to set cred roaming_consortiums");
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]1313 xml_node_get_text_free(ctx->xml, str);
1314}
1315
1316
1317static void set_pps_cred_home_sp(struct hs20_osu_client *ctx, int id,
1318 xml_node_t *node)
1319{
1320 xml_node_t *child;
1321 const char *name;
1322
1323 wpa_printf(MSG_INFO, "- HomeSP");
1324
1325 xml_node_for_each_child(ctx->xml, child, node) {
1326 xml_node_for_each_check(ctx->xml, child);
1327 name = xml_node_get_localname(ctx->xml, child);
1328 if (os_strcasecmp(name, "NetworkID") == 0)
1329 set_pps_cred_home_sp_network_ids(ctx, id, child);
1330 else if (os_strcasecmp(name, "FriendlyName") == 0)
1331 set_pps_cred_home_sp_friendly_name(ctx, id, child);
1332 else if (os_strcasecmp(name, "IconURL") == 0)
1333 set_pps_cred_home_sp_icon_url(ctx, id, child);
1334 else if (os_strcasecmp(name, "FQDN") == 0)
1335 set_pps_cred_home_sp_fqdn(ctx, id, child);
1336 else if (os_strcasecmp(name, "HomeOIList") == 0)
1337 set_pps_cred_home_sp_oi_list(ctx, id, child);
1338 else if (os_strcasecmp(name, "OtherHomePartners") == 0)
1339 set_pps_cred_home_sp_other_partners(ctx, id, child);
1340 else if (os_strcasecmp(name, "RoamingConsortiumOI") == 0)
1341 set_pps_cred_home_sp_roaming_consortium_oi(ctx, id,
1342 child);
1343 else
1344 wpa_printf(MSG_INFO, "Unknown HomeSP node '%s'", name);
1345 }
1346}
1347
1348
1349static void set_pps_cred_sub_params(struct hs20_osu_client *ctx, int id,
1350 xml_node_t *node)
1351{
1352 wpa_printf(MSG_INFO, "- SubscriptionParameters");
1353 /* not used within wpa_supplicant */
1354}
1355
1356
1357static void set_pps_cred_creation_date(struct hs20_osu_client *ctx, int id,
1358 xml_node_t *node)
1359{
1360 char *str = xml_node_get_text(ctx->xml, node);
1361 if (str == NULL)
1362 return;
1363 wpa_printf(MSG_INFO, "- Credential/CreationDate = %s", str);
1364 /* not used within wpa_supplicant */
1365 xml_node_get_text_free(ctx->xml, str);
1366}
1367
1368
1369static void set_pps_cred_expiration_date(struct hs20_osu_client *ctx, int id,
1370 xml_node_t *node)
1371{
1372 char *str = xml_node_get_text(ctx->xml, node);
1373 if (str == NULL)
1374 return;
1375 wpa_printf(MSG_INFO, "- Credential/ExpirationDate = %s", str);
1376 /* not used within wpa_supplicant */
1377 xml_node_get_text_free(ctx->xml, str);
1378}
1379
1380
1381static void set_pps_cred_username(struct hs20_osu_client *ctx, int id,
1382 xml_node_t *node)
1383{
1384 char *str = xml_node_get_text(ctx->xml, node);
1385 if (str == NULL)
1386 return;
1387 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/Username = %s",
1388 str);
1389 if (set_cred_quoted(ctx->ifname, id, "username", str) < 0)
1390 wpa_printf(MSG_INFO, "Failed to set cred username");
1391 xml_node_get_text_free(ctx->xml, str);
1392}
1393
1394
1395static void set_pps_cred_password(struct hs20_osu_client *ctx, int id,
1396 xml_node_t *node)
1397{
1398 int len, i;
1399 char *pw, *hex, *pos, *end;
1400
1401 pw = xml_node_get_base64_text(ctx->xml, node, &len);
1402 if (pw == NULL)
1403 return;
1404
1405 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/Password = %s", pw);
1406
1407 hex = malloc(len * 2 + 1);
1408 if (hex == NULL) {
1409 free(pw);
1410 return;
1411 }
1412 end = hex + len * 2 + 1;
1413 pos = hex;
1414 for (i = 0; i < len; i++) {
1415 snprintf(pos, end - pos, "%02x", pw[i]);
1416 pos += 2;
1417 }
1418 free(pw);
1419
1420 if (set_cred(ctx->ifname, id, "password", hex) < 0)
1421 wpa_printf(MSG_INFO, "Failed to set cred password");
1422 free(hex);
1423}
1424
1425
1426static void set_pps_cred_machine_managed(struct hs20_osu_client *ctx, int id,
1427 xml_node_t *node)
1428{
1429 char *str = xml_node_get_text(ctx->xml, node);
1430 if (str == NULL)
1431 return;
1432 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/MachineManaged = %s",
1433 str);
1434 /* not used within wpa_supplicant */
1435 xml_node_get_text_free(ctx->xml, str);
1436}
1437
1438
1439static void set_pps_cred_soft_token_app(struct hs20_osu_client *ctx, int id,
1440 xml_node_t *node)
1441{
1442 char *str = xml_node_get_text(ctx->xml, node);
1443 if (str == NULL)
1444 return;
1445 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/SoftTokenApp = %s",
1446 str);
1447 /* not used within wpa_supplicant */
1448 xml_node_get_text_free(ctx->xml, str);
1449}
1450
1451
1452static void set_pps_cred_able_to_share(struct hs20_osu_client *ctx, int id,
1453 xml_node_t *node)
1454{
1455 char *str = xml_node_get_text(ctx->xml, node);
1456 if (str == NULL)
1457 return;
1458 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/AbleToShare = %s",
1459 str);
1460 /* not used within wpa_supplicant */
1461 xml_node_get_text_free(ctx->xml, str);
1462}
1463
1464
Roshan Pius3a1667e2018-07-03 15:17:14 -0700[diff] [blame]1465static void set_pps_cred_eap_method_eap_type(struct hs20_osu_client *ctx,
1466 int id, xml_node_t *node)
1467{
1468 char *str = xml_node_get_text(ctx->xml, node);
1469 int type;
1470 const char *eap_method = NULL;
1471
1472 if (!str)
1473 return;
1474 wpa_printf(MSG_INFO,
1475 "- Credential/UsernamePassword/EAPMethod/EAPType = %s", str);
1476 type = atoi(str);
1477 switch (type) {
1478 case EAP_TYPE_TLS:
1479 eap_method = "TLS";
1480 break;
1481 case EAP_TYPE_TTLS:
1482 eap_method = "TTLS";
1483 break;
1484 case EAP_TYPE_PEAP:
1485 eap_method = "PEAP";
1486 break;
1487 case EAP_TYPE_PWD:
1488 eap_method = "PWD";
1489 break;
1490 }
1491 xml_node_get_text_free(ctx->xml, str);
1492 if (!eap_method) {
1493 wpa_printf(MSG_INFO, "Unknown EAPType value");
1494 return;
1495 }
1496
1497 if (set_cred(ctx->ifname, id, "eap", eap_method) < 0)
1498 wpa_printf(MSG_INFO, "Failed to set cred eap");
1499}
1500
1501
1502static void set_pps_cred_eap_method_inner_method(struct hs20_osu_client *ctx,
1503 int id, xml_node_t *node)
1504{
1505 char *str = xml_node_get_text(ctx->xml, node);
1506 const char *phase2 = NULL;
1507
1508 if (!str)
1509 return;
1510 wpa_printf(MSG_INFO,
1511 "- Credential/UsernamePassword/EAPMethod/InnerMethod = %s",
1512 str);
1513 if (os_strcmp(str, "PAP") == 0)
1514 phase2 = "auth=PAP";
1515 else if (os_strcmp(str, "CHAP") == 0)
1516 phase2 = "auth=CHAP";
1517 else if (os_strcmp(str, "MS-CHAP") == 0)
1518 phase2 = "auth=MSCHAP";
1519 else if (os_strcmp(str, "MS-CHAP-V2") == 0)
1520 phase2 = "auth=MSCHAPV2";
1521 xml_node_get_text_free(ctx->xml, str);
1522 if (!phase2) {
1523 wpa_printf(MSG_INFO, "Unknown InnerMethod value");
1524 return;
1525 }
1526
1527 if (set_cred_quoted(ctx->ifname, id, "phase2", phase2) < 0)
1528 wpa_printf(MSG_INFO, "Failed to set cred phase2");
1529}
1530
1531
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]1532static void set_pps_cred_eap_method(struct hs20_osu_client *ctx, int id,
1533 xml_node_t *node)
1534{
Roshan Pius3a1667e2018-07-03 15:17:14 -0700[diff] [blame]1535 xml_node_t *child;
1536 const char *name;
1537
1538 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/EAPMethod");
1539
1540 xml_node_for_each_child(ctx->xml, child, node) {
1541 xml_node_for_each_check(ctx->xml, child);
1542 name = xml_node_get_localname(ctx->xml, child);
1543 if (os_strcasecmp(name, "EAPType") == 0)
1544 set_pps_cred_eap_method_eap_type(ctx, id, child);
1545 else if (os_strcasecmp(name, "InnerMethod") == 0)
1546 set_pps_cred_eap_method_inner_method(ctx, id, child);
1547 else
1548 wpa_printf(MSG_INFO, "Unknown Credential/UsernamePassword/EAPMethod node '%s'",
1549 name);
1550 }
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]1551}
1552
1553
1554static void set_pps_cred_username_password(struct hs20_osu_client *ctx, int id,
1555 xml_node_t *node)
1556{
1557 xml_node_t *child;
1558 const char *name;
1559
1560 wpa_printf(MSG_INFO, "- Credential/UsernamePassword");
1561
1562 xml_node_for_each_child(ctx->xml, child, node) {
1563 xml_node_for_each_check(ctx->xml, child);
1564 name = xml_node_get_localname(ctx->xml, child);
1565 if (os_strcasecmp(name, "Username") == 0)
1566 set_pps_cred_username(ctx, id, child);
1567 else if (os_strcasecmp(name, "Password") == 0)
1568 set_pps_cred_password(ctx, id, child);
1569 else if (os_strcasecmp(name, "MachineManaged") == 0)
1570 set_pps_cred_machine_managed(ctx, id, child);
1571 else if (os_strcasecmp(name, "SoftTokenApp") == 0)
1572 set_pps_cred_soft_token_app(ctx, id, child);
1573 else if (os_strcasecmp(name, "AbleToShare") == 0)
1574 set_pps_cred_able_to_share(ctx, id, child);
1575 else if (os_strcasecmp(name, "EAPMethod") == 0)
1576 set_pps_cred_eap_method(ctx, id, child);
1577 else
1578 wpa_printf(MSG_INFO, "Unknown Credential/UsernamePassword node '%s'",
1579 name);
1580 }
1581}
1582
1583
1584static void set_pps_cred_digital_cert(struct hs20_osu_client *ctx, int id,
1585 xml_node_t *node, const char *fqdn)
1586{
1587 char buf[200], dir[200];
1588
1589 wpa_printf(MSG_INFO, "- Credential/DigitalCertificate");
1590
1591 if (getcwd(dir, sizeof(dir)) == NULL)
1592 return;
1593
1594 /* TODO: could build username from Subject of Subject AltName */
1595 if (set_cred_quoted(ctx->ifname, id, "username", "cert") < 0) {
1596 wpa_printf(MSG_INFO, "Failed to set username");
1597 }
1598
1599 snprintf(buf, sizeof(buf), "%s/SP/%s/client-cert.pem", dir, fqdn);
1600 if (os_file_exists(buf)) {
1601 if (set_cred_quoted(ctx->ifname, id, "client_cert", buf) < 0) {
1602 wpa_printf(MSG_INFO, "Failed to set client_cert");
1603 }
1604 }
1605
1606 snprintf(buf, sizeof(buf), "%s/SP/%s/client-key.pem", dir, fqdn);
1607 if (os_file_exists(buf)) {
1608 if (set_cred_quoted(ctx->ifname, id, "private_key", buf) < 0) {
1609 wpa_printf(MSG_INFO, "Failed to set private_key");
1610 }
1611 }
1612}
1613
1614
1615static void set_pps_cred_realm(struct hs20_osu_client *ctx, int id,
1616 xml_node_t *node, const char *fqdn, int sim)
1617{
1618 char *str = xml_node_get_text(ctx->xml, node);
1619 char buf[200], dir[200];
1620
1621 if (str == NULL)
1622 return;
1623
1624 wpa_printf(MSG_INFO, "- Credential/Realm = %s", str);
1625 if (set_cred_quoted(ctx->ifname, id, "realm", str) < 0)
1626 wpa_printf(MSG_INFO, "Failed to set cred realm");
1627 xml_node_get_text_free(ctx->xml, str);
1628
1629 if (sim)
1630 return;
1631
1632 if (getcwd(dir, sizeof(dir)) == NULL)
1633 return;
1634 snprintf(buf, sizeof(buf), "%s/SP/%s/aaa-ca.pem", dir, fqdn);
1635 if (os_file_exists(buf)) {
1636 if (set_cred_quoted(ctx->ifname, id, "ca_cert", buf) < 0) {
1637 wpa_printf(MSG_INFO, "Failed to set CA cert");
1638 }
1639 }
1640}
1641
1642
1643static void set_pps_cred_check_aaa_cert_status(struct hs20_osu_client *ctx,
1644 int id, xml_node_t *node)
1645{
1646 char *str = xml_node_get_text(ctx->xml, node);
1647
1648 if (str == NULL)
1649 return;
1650
1651 wpa_printf(MSG_INFO, "- Credential/CheckAAAServerCertStatus = %s", str);
1652 if (os_strcasecmp(str, "true") == 0 &&
1653 set_cred(ctx->ifname, id, "ocsp", "2") < 0)
1654 wpa_printf(MSG_INFO, "Failed to set cred ocsp");
1655 xml_node_get_text_free(ctx->xml, str);
1656}
1657
1658
1659static void set_pps_cred_sim(struct hs20_osu_client *ctx, int id,
1660 xml_node_t *sim, xml_node_t *realm)
1661{
1662 xml_node_t *node;
1663 char *imsi, *eaptype, *str, buf[20];
1664 int type;
1665 int mnc_len = 3;
1666 size_t imsi_len;
1667
1668 node = get_node(ctx->xml, sim, "EAPType");
1669 if (node == NULL) {
1670 wpa_printf(MSG_INFO, "No SIM/EAPType node in credential");
1671 return;
1672 }
1673 eaptype = xml_node_get_text(ctx->xml, node);
1674 if (eaptype == NULL) {
1675 wpa_printf(MSG_INFO, "Could not extract SIM/EAPType");
1676 return;
1677 }
1678 wpa_printf(MSG_INFO, " - Credential/SIM/EAPType = %s", eaptype);
1679 type = atoi(eaptype);
1680 xml_node_get_text_free(ctx->xml, eaptype);
1681
1682 switch (type) {
1683 case EAP_TYPE_SIM:
1684 if (set_cred(ctx->ifname, id, "eap", "SIM") < 0)
1685 wpa_printf(MSG_INFO, "Could not set eap=SIM");
1686 break;
1687 case EAP_TYPE_AKA:
1688 if (set_cred(ctx->ifname, id, "eap", "AKA") < 0)
1689 wpa_printf(MSG_INFO, "Could not set eap=SIM");
1690 break;
1691 case EAP_TYPE_AKA_PRIME:
1692 if (set_cred(ctx->ifname, id, "eap", "AKA'") < 0)
1693 wpa_printf(MSG_INFO, "Could not set eap=SIM");
1694 break;
1695 default:
1696 wpa_printf(MSG_INFO, "Unsupported SIM/EAPType %d", type);
1697 return;
1698 }
1699
1700 node = get_node(ctx->xml, sim, "IMSI");
1701 if (node == NULL) {
1702 wpa_printf(MSG_INFO, "No SIM/IMSI node in credential");
1703 return;
1704 }
1705 imsi = xml_node_get_text(ctx->xml, node);
1706 if (imsi == NULL) {
1707 wpa_printf(MSG_INFO, "Could not extract SIM/IMSI");
1708 return;
1709 }
1710 wpa_printf(MSG_INFO, " - Credential/SIM/IMSI = %s", imsi);
1711 imsi_len = os_strlen(imsi);
1712 if (imsi_len < 7 || imsi_len + 2 > sizeof(buf)) {
1713 wpa_printf(MSG_INFO, "Invalid IMSI length");
1714 xml_node_get_text_free(ctx->xml, imsi);
1715 return;
1716 }
1717
1718 str = xml_node_get_text(ctx->xml, node);
1719 if (str) {
1720 char *pos;
1721 pos = os_strstr(str, "mnc");
1722 if (pos && os_strlen(pos) >= 6) {
1723 if (os_strncmp(imsi + 3, pos + 3, 3) == 0)
1724 mnc_len = 3;
1725 else if (os_strncmp(imsi + 3, pos + 4, 2) == 0)
1726 mnc_len = 2;
1727 }
1728 xml_node_get_text_free(ctx->xml, str);
1729 }
1730
1731 os_memcpy(buf, imsi, 3 + mnc_len);
1732 buf[3 + mnc_len] = '-';
1733 os_strlcpy(buf + 3 + mnc_len + 1, imsi + 3 + mnc_len,
1734 sizeof(buf) - 3 - mnc_len - 1);
1735
1736 xml_node_get_text_free(ctx->xml, imsi);
1737
1738 if (set_cred_quoted(ctx->ifname, id, "imsi", buf) < 0)
1739 wpa_printf(MSG_INFO, "Could not set IMSI");
1740
1741 if (set_cred_quoted(ctx->ifname, id, "milenage",
1742 "90dca4eda45b53cf0f12d7c9c3bc6a89:"
1743 "cb9cccc4b9258e6dca4760379fb82581:000000000123") <
1744 0)
1745 wpa_printf(MSG_INFO, "Could not set Milenage parameters");
1746}
1747
1748
1749static void set_pps_cred_credential(struct hs20_osu_client *ctx, int id,
1750 xml_node_t *node, const char *fqdn)
1751{
1752 xml_node_t *child, *sim, *realm;
1753 const char *name;
1754
1755 wpa_printf(MSG_INFO, "- Credential");
1756
1757 sim = get_node(ctx->xml, node, "SIM");
1758 realm = get_node(ctx->xml, node, "Realm");
1759
1760 xml_node_for_each_child(ctx->xml, child, node) {
1761 xml_node_for_each_check(ctx->xml, child);
1762 name = xml_node_get_localname(ctx->xml, child);
1763 if (os_strcasecmp(name, "CreationDate") == 0)
1764 set_pps_cred_creation_date(ctx, id, child);
1765 else if (os_strcasecmp(name, "ExpirationDate") == 0)
1766 set_pps_cred_expiration_date(ctx, id, child);
1767 else if (os_strcasecmp(name, "UsernamePassword") == 0)
1768 set_pps_cred_username_password(ctx, id, child);
1769 else if (os_strcasecmp(name, "DigitalCertificate") == 0)
1770 set_pps_cred_digital_cert(ctx, id, child, fqdn);
1771 else if (os_strcasecmp(name, "Realm") == 0)
1772 set_pps_cred_realm(ctx, id, child, fqdn, sim != NULL);
1773 else if (os_strcasecmp(name, "CheckAAAServerCertStatus") == 0)
1774 set_pps_cred_check_aaa_cert_status(ctx, id, child);
1775 else if (os_strcasecmp(name, "SIM") == 0)
1776 set_pps_cred_sim(ctx, id, child, realm);
1777 else
1778 wpa_printf(MSG_INFO, "Unknown Credential node '%s'",
1779 name);
1780 }
1781}
1782
1783
1784static void set_pps_credential(struct hs20_osu_client *ctx, int id,
1785 xml_node_t *cred, const char *fqdn)
1786{
1787 xml_node_t *child;
1788 const char *name;
1789
1790 xml_node_for_each_child(ctx->xml, child, cred) {
1791 xml_node_for_each_check(ctx->xml, child);
1792 name = xml_node_get_localname(ctx->xml, child);
1793 if (os_strcasecmp(name, "Policy") == 0)
1794 set_pps_cred_policy(ctx, id, child);
1795 else if (os_strcasecmp(name, "CredentialPriority") == 0)
1796 set_pps_cred_priority(ctx, id, child);
1797 else if (os_strcasecmp(name, "AAAServerTrustRoot") == 0)
1798 set_pps_cred_aaa_server_trust_root(ctx, id, child);
1799 else if (os_strcasecmp(name, "SubscriptionUpdate") == 0)
1800 set_pps_cred_sub_update(ctx, id, child);
1801 else if (os_strcasecmp(name, "HomeSP") == 0)
1802 set_pps_cred_home_sp(ctx, id, child);
1803 else if (os_strcasecmp(name, "SubscriptionParameters") == 0)
1804 set_pps_cred_sub_params(ctx, id, child);
1805 else if (os_strcasecmp(name, "Credential") == 0)
1806 set_pps_cred_credential(ctx, id, child, fqdn);
1807 else
1808 wpa_printf(MSG_INFO, "Unknown credential node '%s'",
1809 name);
1810 }
1811}
1812
1813
1814static void set_pps(struct hs20_osu_client *ctx, xml_node_t *pps,
1815 const char *fqdn)
1816{
1817 xml_node_t *child;
1818 const char *name;
1819 int id;
1820 char *update_identifier = NULL;
1821
1822 /*
1823 * TODO: Could consider more complex mechanism that would remove
1824 * credentials only if there are changes in the information sent to
1825 * wpa_supplicant.
1826 */
1827 remove_sp_creds(ctx, fqdn);
1828
1829 xml_node_for_each_child(ctx->xml, child, pps) {
1830 xml_node_for_each_check(ctx->xml, child);
1831 name = xml_node_get_localname(ctx->xml, child);
1832 if (os_strcasecmp(name, "UpdateIdentifier") == 0) {
1833 update_identifier = xml_node_get_text(ctx->xml, child);
1834 if (update_identifier) {
1835 wpa_printf(MSG_INFO, "- UpdateIdentifier = %s",
1836 update_identifier);
1837 break;
1838 }
1839 }
1840 }
1841
1842 xml_node_for_each_child(ctx->xml, child, pps) {
1843 xml_node_for_each_check(ctx->xml, child);
1844 name = xml_node_get_localname(ctx->xml, child);
1845 if (os_strcasecmp(name, "UpdateIdentifier") == 0)
1846 continue;
1847 id = add_cred(ctx->ifname);
1848 if (id < 0) {
1849 wpa_printf(MSG_INFO, "Failed to add credential to wpa_supplicant");
1850 write_summary(ctx, "Failed to add credential to wpa_supplicant");
1851 break;
1852 }
1853 write_summary(ctx, "Add a credential to wpa_supplicant");
1854 if (update_identifier &&
1855 set_cred(ctx->ifname, id, "update_identifier",
1856 update_identifier) < 0)
1857 wpa_printf(MSG_INFO, "Failed to set update_identifier");
1858 if (set_cred_quoted(ctx->ifname, id, "provisioning_sp", fqdn) <
1859 0)
1860 wpa_printf(MSG_INFO, "Failed to set provisioning_sp");
1861 wpa_printf(MSG_INFO, "credential localname: '%s'", name);
1862 set_pps_credential(ctx, id, child, fqdn);
1863 ctx->pps_cred_set = 1;
1864 }
1865
1866 xml_node_get_text_free(ctx->xml, update_identifier);
1867}
1868
1869
1870void cmd_set_pps(struct hs20_osu_client *ctx, const char *pps_fname)
1871{
1872 xml_node_t *pps;
1873 const char *fqdn;
1874 char *fqdn_buf = NULL, *pos;
1875
1876 pps = node_from_file(ctx->xml, pps_fname);
1877 if (pps == NULL) {
1878 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
1879 return;
1880 }
1881
1882 fqdn = os_strstr(pps_fname, "SP/");
1883 if (fqdn) {
1884 fqdn_buf = os_strdup(fqdn + 3);
1885 if (fqdn_buf == NULL)
1886 return;
1887 pos = os_strchr(fqdn_buf, '/');
1888 if (pos)
1889 *pos = '\0';
1890 fqdn = fqdn_buf;
1891 } else
1892 fqdn = "wi-fi.org";
1893
1894 wpa_printf(MSG_INFO, "Set PPS MO info to wpa_supplicant - SP FQDN %s",
1895 fqdn);
1896 set_pps(ctx, pps, fqdn);
1897
1898 os_free(fqdn_buf);
1899 xml_node_free(ctx->xml, pps);
1900}
1901
1902
1903static int cmd_get_fqdn(struct hs20_osu_client *ctx, const char *pps_fname)
1904{
1905 xml_node_t *pps, *node;
1906 char *fqdn = NULL;
1907
1908 pps = node_from_file(ctx->xml, pps_fname);
1909 if (pps == NULL) {
1910 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
1911 return -1;
1912 }
1913
1914 node = get_child_node(ctx->xml, pps, "HomeSP/FQDN");
1915 if (node)
1916 fqdn = xml_node_get_text(ctx->xml, node);
1917
1918 xml_node_free(ctx->xml, pps);
1919
1920 if (fqdn) {
1921 FILE *f = fopen("pps-fqdn", "w");
1922 if (f) {
1923 fprintf(f, "%s", fqdn);
1924 fclose(f);
1925 }
1926 xml_node_get_text_free(ctx->xml, fqdn);
1927 return 0;
1928 }
1929
1930 xml_node_get_text_free(ctx->xml, fqdn);
1931 return -1;
1932}
1933
1934
1935static void cmd_to_tnds(struct hs20_osu_client *ctx, const char *in_fname,
1936 const char *out_fname, const char *urn, int use_path)
1937{
1938 xml_node_t *mo, *node;
1939
1940 mo = node_from_file(ctx->xml, in_fname);
1941 if (mo == NULL) {
1942 wpa_printf(MSG_INFO, "Could not read or parse '%s'", in_fname);
1943 return;
1944 }
1945
1946 node = mo_to_tnds(ctx->xml, mo, use_path, urn, NULL);
1947 if (node) {
1948 node_to_file(ctx->xml, out_fname, node);
1949 xml_node_free(ctx->xml, node);
1950 }
1951
1952 xml_node_free(ctx->xml, mo);
1953}
1954
1955
1956static void cmd_from_tnds(struct hs20_osu_client *ctx, const char *in_fname,
1957 const char *out_fname)
1958{
1959 xml_node_t *tnds, *mo;
1960
1961 tnds = node_from_file(ctx->xml, in_fname);
1962 if (tnds == NULL) {
1963 wpa_printf(MSG_INFO, "Could not read or parse '%s'", in_fname);
1964 return;
1965 }
1966
1967 mo = tnds_to_mo(ctx->xml, tnds);
1968 if (mo) {
1969 node_to_file(ctx->xml, out_fname, mo);
1970 xml_node_free(ctx->xml, mo);
1971 }
1972
1973 xml_node_free(ctx->xml, tnds);
1974}
1975
1976
1977struct osu_icon {
1978 int id;
1979 char lang[4];
1980 char mime_type[256];
1981 char filename[256];
1982};
1983
1984struct osu_data {
1985 char bssid[20];
1986 char url[256];
1987 unsigned int methods;
1988 char osu_ssid[33];
1989 char osu_nai[256];
1990 struct osu_lang_text friendly_name[MAX_OSU_VALS];
1991 size_t friendly_name_count;
1992 struct osu_lang_text serv_desc[MAX_OSU_VALS];
1993 size_t serv_desc_count;
1994 struct osu_icon icon[MAX_OSU_VALS];
1995 size_t icon_count;
1996};
1997
1998
1999static struct osu_data * parse_osu_providers(const char *fname, size_t *count)
2000{
2001 FILE *f;
2002 char buf[1000];
2003 struct osu_data *osu = NULL, *last = NULL;
2004 size_t osu_count = 0;
2005 char *pos, *end;
2006
2007 f = fopen(fname, "r");
2008 if (f == NULL) {
2009 wpa_printf(MSG_ERROR, "Could not open %s", fname);
2010 return NULL;
2011 }
2012
2013 while (fgets(buf, sizeof(buf), f)) {
2014 pos = strchr(buf, '\n');
2015 if (pos)
2016 *pos = '\0';
2017
2018 if (strncmp(buf, "OSU-PROVIDER ", 13) == 0) {
2019 last = realloc(osu, (osu_count + 1) * sizeof(*osu));
2020 if (last == NULL)
2021 break;
2022 osu = last;
2023 last = &osu[osu_count++];
2024 memset(last, 0, sizeof(*last));
2025 snprintf(last->bssid, sizeof(last->bssid), "%s",
2026 buf + 13);
2027 continue;
2028 }
2029 if (!last)
2030 continue;
2031
2032 if (strncmp(buf, "uri=", 4) == 0) {
2033 snprintf(last->url, sizeof(last->url), "%s", buf + 4);
2034 continue;
2035 }
2036
2037 if (strncmp(buf, "methods=", 8) == 0) {
2038 last->methods = strtol(buf + 8, NULL, 16);
2039 continue;
2040 }
2041
2042 if (strncmp(buf, "osu_ssid=", 9) == 0) {
2043 snprintf(last->osu_ssid, sizeof(last->osu_ssid),
2044 "%s", buf + 9);
2045 continue;
2046 }
2047
2048 if (os_strncmp(buf, "osu_nai=", 8) == 0) {
2049 os_snprintf(last->osu_nai, sizeof(last->osu_nai),
2050 "%s", buf + 8);
2051 continue;
2052 }
2053
2054 if (strncmp(buf, "friendly_name=", 14) == 0) {
2055 struct osu_lang_text *txt;
2056 if (last->friendly_name_count == MAX_OSU_VALS)
2057 continue;
2058 pos = strchr(buf + 14, ':');
2059 if (pos == NULL)
2060 continue;
2061 *pos++ = '\0';
2062 txt = &last->friendly_name[last->friendly_name_count++];
2063 snprintf(txt->lang, sizeof(txt->lang), "%s", buf + 14);
2064 snprintf(txt->text, sizeof(txt->text), "%s", pos);
2065 }
2066
2067 if (strncmp(buf, "desc=", 5) == 0) {
2068 struct osu_lang_text *txt;
2069 if (last->serv_desc_count == MAX_OSU_VALS)
2070 continue;
2071 pos = strchr(buf + 5, ':');
2072 if (pos == NULL)
2073 continue;
2074 *pos++ = '\0';
2075 txt = &last->serv_desc[last->serv_desc_count++];
2076 snprintf(txt->lang, sizeof(txt->lang), "%s", buf + 5);
2077 snprintf(txt->text, sizeof(txt->text), "%s", pos);
2078 }
2079
2080 if (strncmp(buf, "icon=", 5) == 0) {
2081 struct osu_icon *icon;
2082 if (last->icon_count == MAX_OSU_VALS)
2083 continue;
2084 icon = &last->icon[last->icon_count++];
2085 icon->id = atoi(buf + 5);
2086 pos = strchr(buf, ':');
2087 if (pos == NULL)
2088 continue;
2089 pos = strchr(pos + 1, ':');
2090 if (pos == NULL)
2091 continue;
2092 pos = strchr(pos + 1, ':');
2093 if (pos == NULL)
2094 continue;
2095 pos++;
2096 end = strchr(pos, ':');
2097 if (!end)
2098 continue;
2099 *end = '\0';
2100 snprintf(icon->lang, sizeof(icon->lang), "%s", pos);
2101 pos = end + 1;
2102
2103 end = strchr(pos, ':');
2104 if (end)
2105 *end = '\0';
2106 snprintf(icon->mime_type, sizeof(icon->mime_type),
2107 "%s", pos);
2108 if (!pos)
2109 continue;
2110 pos = end + 1;
2111
2112 end = strchr(pos, ':');
2113 if (end)
2114 *end = '\0';
2115 snprintf(icon->filename, sizeof(icon->filename),
2116 "%s", pos);
2117 continue;
2118 }
2119 }
2120
2121 fclose(f);
2122
2123 *count = osu_count;
2124 return osu;
2125}
2126
2127
2128static int osu_connect(struct hs20_osu_client *ctx, const char *bssid,
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2129 const char *ssid, const char *url,
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2130 unsigned int methods, int no_prod_assoc,
2131 const char *osu_nai)
2132{
2133 int id;
2134 const char *ifname = ctx->ifname;
2135 char buf[200];
2136 struct wpa_ctrl *mon;
2137 int res;
2138
2139 id = add_network(ifname);
2140 if (id < 0)
2141 return -1;
2142 if (set_network_quoted(ifname, id, "ssid", ssid) < 0)
2143 return -1;
2144 if (osu_nai && os_strlen(osu_nai) > 0) {
2145 char dir[255], fname[300];
2146 if (getcwd(dir, sizeof(dir)) == NULL)
2147 return -1;
2148 os_snprintf(fname, sizeof(fname), "%s/osu-ca.pem", dir);
2149
2150 if (set_network(ifname, id, "proto", "OSEN") < 0 ||
2151 set_network(ifname, id, "key_mgmt", "OSEN") < 0 ||
2152 set_network(ifname, id, "pairwise", "CCMP") < 0 ||
Hai Shalomc9e41a12018-07-31 14:41:42 -0700[diff] [blame]2153 set_network(ifname, id, "group", "GTK_NOT_USED CCMP") < 0 ||
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2154 set_network(ifname, id, "eap", "WFA-UNAUTH-TLS") < 0 ||
2155 set_network(ifname, id, "ocsp", "2") < 0 ||
2156 set_network_quoted(ifname, id, "identity", osu_nai) < 0 ||
2157 set_network_quoted(ifname, id, "ca_cert", fname) < 0)
2158 return -1;
2159 } else {
2160 if (set_network(ifname, id, "key_mgmt", "NONE") < 0)
2161 return -1;
2162 }
2163
2164 mon = open_wpa_mon(ifname);
2165 if (mon == NULL)
2166 return -1;
2167
2168 wpa_printf(MSG_INFO, "Associate with OSU SSID");
2169 write_summary(ctx, "Associate with OSU SSID");
2170 snprintf(buf, sizeof(buf), "SELECT_NETWORK %d", id);
2171 if (wpa_command(ifname, buf) < 0)
2172 return -1;
2173
2174 res = get_wpa_cli_event(mon, "CTRL-EVENT-CONNECTED",
2175 buf, sizeof(buf));
2176
2177 wpa_ctrl_detach(mon);
2178 wpa_ctrl_close(mon);
2179
2180 if (res < 0) {
2181 wpa_printf(MSG_INFO, "Could not connect");
2182 write_summary(ctx, "Could not connect to OSU network");
2183 wpa_printf(MSG_INFO, "Remove OSU network connection");
2184 snprintf(buf, sizeof(buf), "REMOVE_NETWORK %d", id);
2185 wpa_command(ifname, buf);
2186 return -1;
2187 }
2188
2189 write_summary(ctx, "Waiting for IP address for subscription registration");
2190 if (wait_ip_addr(ifname, 15) < 0) {
2191 wpa_printf(MSG_INFO, "Could not get IP address for WLAN - try connection anyway");
2192 }
2193
2194 if (no_prod_assoc) {
2195 if (res < 0)
2196 return -1;
2197 wpa_printf(MSG_INFO, "No production connection used for testing purposes");
2198 write_summary(ctx, "No production connection used for testing purposes");
2199 return 0;
2200 }
2201
2202 ctx->no_reconnect = 1;
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]2203 if (methods & 0x02) {
2204 wpa_printf(MSG_DEBUG, "Calling cmd_prov from osu_connect");
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2205 res = cmd_prov(ctx, url);
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]2206 } else if (methods & 0x01) {
2207 wpa_printf(MSG_DEBUG,
2208 "Calling cmd_oma_dm_prov from osu_connect");
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2209 res = cmd_oma_dm_prov(ctx, url);
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]2210 }
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2211
2212 wpa_printf(MSG_INFO, "Remove OSU network connection");
2213 write_summary(ctx, "Remove OSU network connection");
2214 snprintf(buf, sizeof(buf), "REMOVE_NETWORK %d", id);
2215 wpa_command(ifname, buf);
2216
2217 if (res < 0)
2218 return -1;
2219
2220 wpa_printf(MSG_INFO, "Requesting reconnection with updated configuration");
2221 write_summary(ctx, "Requesting reconnection with updated configuration");
2222 if (wpa_command(ctx->ifname, "INTERWORKING_SELECT auto") < 0) {
2223 wpa_printf(MSG_INFO, "Failed to request wpa_supplicant to reconnect");
2224 write_summary(ctx, "Failed to request wpa_supplicant to reconnect");
2225 return -1;
2226 }
2227
2228 return 0;
2229}
2230
2231
2232static int cmd_osu_select(struct hs20_osu_client *ctx, const char *dir,
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2233 int connect, int no_prod_assoc,
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2234 const char *friendly_name)
2235{
2236 char fname[255];
2237 FILE *f;
2238 struct osu_data *osu = NULL, *last = NULL;
Dmitry Shmidtebd93af2017-02-21 13:40:44 -0800[diff] [blame]2239 size_t osu_count = 0, i, j;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2240 int ret;
2241
2242 write_summary(ctx, "OSU provider selection");
2243
2244 if (dir == NULL) {
2245 wpa_printf(MSG_INFO, "Missing dir parameter to osu_select");
2246 return -1;
2247 }
2248
2249 snprintf(fname, sizeof(fname), "%s/osu-providers.txt", dir);
2250 osu = parse_osu_providers(fname, &osu_count);
2251 if (osu == NULL) {
Dmitry Shmidt912c6ec2015-03-30 13:16:51 -0700[diff] [blame]2252 wpa_printf(MSG_INFO, "Could not find any OSU providers from %s",
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2253 fname);
2254 write_result(ctx, "No OSU providers available");
2255 return -1;
2256 }
2257
2258 if (friendly_name) {
2259 for (i = 0; i < osu_count; i++) {
2260 last = &osu[i];
2261 for (j = 0; j < last->friendly_name_count; j++) {
2262 if (os_strcmp(last->friendly_name[j].text,
2263 friendly_name) == 0)
2264 break;
2265 }
2266 if (j < last->friendly_name_count)
2267 break;
2268 }
2269 if (i == osu_count) {
2270 wpa_printf(MSG_INFO, "Requested operator friendly name '%s' not found in the list of available providers",
2271 friendly_name);
2272 write_summary(ctx, "Requested operator friendly name '%s' not found in the list of available providers",
2273 friendly_name);
2274 free(osu);
2275 return -1;
2276 }
2277
2278 wpa_printf(MSG_INFO, "OSU Provider selected based on requested operator friendly name '%s'",
2279 friendly_name);
2280 write_summary(ctx, "OSU Provider selected based on requested operator friendly name '%s'",
2281 friendly_name);
2282 ret = i + 1;
2283 goto selected;
2284 }
2285
2286 snprintf(fname, sizeof(fname), "%s/osu-providers.html", dir);
2287 f = fopen(fname, "w");
2288 if (f == NULL) {
2289 wpa_printf(MSG_INFO, "Could not open %s", fname);
2290 free(osu);
2291 return -1;
2292 }
2293
2294 fprintf(f, "<html><head>"
2295 "<meta http-equiv=\"Content-type\" content=\"text/html; "
2296 "charset=utf-8\"<title>Select service operator</title>"
2297 "</head><body><h1>Select service operator</h1>\n");
2298
2299 if (osu_count == 0)
2300 fprintf(f, "No online signup available\n");
2301
2302 for (i = 0; i < osu_count; i++) {
2303 last = &osu[i];
2304#ifdef ANDROID
2305 fprintf(f, "<p>\n"
2306 "<a href=\"http://localhost:12345/osu/%d\">"
2307 "<table><tr><td>", (int) i + 1);
2308#else /* ANDROID */
2309 fprintf(f, "<p>\n"
2310 "<a href=\"osu://%d\">"
2311 "<table><tr><td>", (int) i + 1);
2312#endif /* ANDROID */
2313 for (j = 0; j < last->icon_count; j++) {
2314 fprintf(f, "<img src=\"osu-icon-%d.%s\">\n",
2315 last->icon[j].id,
2316 strcasecmp(last->icon[j].mime_type,
2317 "image/png") == 0 ? "png" : "icon");
2318 }
2319 fprintf(f, "<td>");
2320 for (j = 0; j < last->friendly_name_count; j++) {
2321 fprintf(f, "<small>[%s]</small> %s<br>\n",
2322 last->friendly_name[j].lang,
2323 last->friendly_name[j].text);
2324 }
2325 fprintf(f, "<tr><td colspan=2>");
2326 for (j = 0; j < last->serv_desc_count; j++) {
2327 fprintf(f, "<small>[%s]</small> %s<br>\n",
2328 last->serv_desc[j].lang,
2329 last->serv_desc[j].text);
2330 }
2331 fprintf(f, "</table></a><br><small>BSSID: %s<br>\n"
2332 "SSID: %s<br>\n",
2333 last->bssid, last->osu_ssid);
Dmitry Shmidt1d6bf422016-01-19 15:51:35 -0800[diff] [blame]2334 if (last->osu_nai[0])
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2335 fprintf(f, "NAI: %s<br>\n", last->osu_nai);
2336 fprintf(f, "URL: %s<br>\n"
2337 "methods:%s%s<br>\n"
2338 "</small></p>\n",
2339 last->url,
2340 last->methods & 0x01 ? " OMA-DM" : "",
2341 last->methods & 0x02 ? " SOAP-XML-SPP" : "");
2342 }
2343
2344 fprintf(f, "</body></html>\n");
2345
2346 fclose(f);
2347
2348 snprintf(fname, sizeof(fname), "file://%s/osu-providers.html", dir);
2349 write_summary(ctx, "Start web browser with OSU provider selection page");
2350 ret = hs20_web_browser(fname);
2351
2352selected:
2353 if (ret > 0 && (size_t) ret <= osu_count) {
2354 char *data;
2355 size_t data_len;
2356
2357 wpa_printf(MSG_INFO, "Selected OSU id=%d", ret);
2358 last = &osu[ret - 1];
2359 ret = 0;
2360 wpa_printf(MSG_INFO, "BSSID: %s", last->bssid);
2361 wpa_printf(MSG_INFO, "SSID: %s", last->osu_ssid);
2362 wpa_printf(MSG_INFO, "URL: %s", last->url);
2363 write_summary(ctx, "Selected OSU provider id=%d BSSID=%s SSID=%s URL=%s",
2364 ret, last->bssid, last->osu_ssid, last->url);
2365
2366 ctx->friendly_name_count = last->friendly_name_count;
2367 for (j = 0; j < last->friendly_name_count; j++) {
2368 wpa_printf(MSG_INFO, "FRIENDLY_NAME: [%s]%s",
2369 last->friendly_name[j].lang,
2370 last->friendly_name[j].text);
2371 os_strlcpy(ctx->friendly_name[j].lang,
2372 last->friendly_name[j].lang,
2373 sizeof(ctx->friendly_name[j].lang));
2374 os_strlcpy(ctx->friendly_name[j].text,
2375 last->friendly_name[j].text,
2376 sizeof(ctx->friendly_name[j].text));
2377 }
2378
2379 ctx->icon_count = last->icon_count;
2380 for (j = 0; j < last->icon_count; j++) {
2381 char fname[256];
2382
2383 os_snprintf(fname, sizeof(fname), "%s/osu-icon-%d.%s",
2384 dir, last->icon[j].id,
2385 strcasecmp(last->icon[j].mime_type,
2386 "image/png") == 0 ?
2387 "png" : "icon");
2388 wpa_printf(MSG_INFO, "ICON: %s (%s)",
2389 fname, last->icon[j].filename);
2390 os_strlcpy(ctx->icon_filename[j],
2391 last->icon[j].filename,
2392 sizeof(ctx->icon_filename[j]));
2393
2394 data = os_readfile(fname, &data_len);
2395 if (data) {
2396 sha256_vector(1, (const u8 **) &data, &data_len,
2397 ctx->icon_hash[j]);
2398 os_free(data);
2399 }
2400 }
2401
2402 if (connect == 2) {
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]2403 if (last->methods & 0x02) {
2404 wpa_printf(MSG_DEBUG,
2405 "Calling cmd_prov from cmd_osu_select");
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2406 ret = cmd_prov(ctx, last->url);
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]2407 } else if (last->methods & 0x01) {
2408 wpa_printf(MSG_DEBUG,
2409 "Calling cmd_oma_dm_prov from cmd_osu_select");
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2410 ret = cmd_oma_dm_prov(ctx, last->url);
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]2411 } else {
2412 wpa_printf(MSG_DEBUG,
2413 "No supported OSU provisioning method");
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2414 ret = -1;
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]2415 }
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2416 } else if (connect)
2417 ret = osu_connect(ctx, last->bssid, last->osu_ssid,
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2418 last->url, last->methods,
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2419 no_prod_assoc, last->osu_nai);
2420 } else
2421 ret = -1;
2422
2423 free(osu);
2424
2425 return ret;
2426}
2427
2428
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2429static int cmd_signup(struct hs20_osu_client *ctx, int no_prod_assoc,
2430 const char *friendly_name)
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2431{
2432 char dir[255];
2433 char fname[300], buf[400];
2434 struct wpa_ctrl *mon;
2435 const char *ifname;
2436 int res;
2437
2438 ifname = ctx->ifname;
2439
2440 if (getcwd(dir, sizeof(dir)) == NULL)
2441 return -1;
2442
2443 snprintf(fname, sizeof(fname), "%s/osu-info", dir);
Dmitry Shmidt9c175262016-03-03 10:20:07 -0800[diff] [blame]2444 if (mkdir(fname, S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH) < 0 &&
2445 errno != EEXIST) {
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2446 wpa_printf(MSG_INFO, "mkdir(%s) failed: %s",
2447 fname, strerror(errno));
2448 return -1;
2449 }
2450
Roshan Pius3a1667e2018-07-03 15:17:14 -0700[diff] [blame]2451 android_update_permission(fname, S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);
Dmitry Shmidt9c175262016-03-03 10:20:07 -0800[diff] [blame]2452
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2453 snprintf(buf, sizeof(buf), "SET osu_dir %s", fname);
2454 if (wpa_command(ifname, buf) < 0) {
2455 wpa_printf(MSG_INFO, "Failed to configure osu_dir to wpa_supplicant");
2456 return -1;
2457 }
2458
2459 mon = open_wpa_mon(ifname);
2460 if (mon == NULL)
2461 return -1;
2462
2463 wpa_printf(MSG_INFO, "Starting OSU fetch");
2464 write_summary(ctx, "Starting OSU provider information fetch");
2465 if (wpa_command(ifname, "FETCH_OSU") < 0) {
2466 wpa_printf(MSG_INFO, "Could not start OSU fetch");
2467 wpa_ctrl_detach(mon);
2468 wpa_ctrl_close(mon);
2469 return -1;
2470 }
2471 res = get_wpa_cli_event(mon, "OSU provider fetch completed",
2472 buf, sizeof(buf));
2473
2474 wpa_ctrl_detach(mon);
2475 wpa_ctrl_close(mon);
2476
2477 if (res < 0) {
2478 wpa_printf(MSG_INFO, "OSU fetch did not complete");
2479 write_summary(ctx, "OSU fetch did not complete");
2480 return -1;
2481 }
2482 wpa_printf(MSG_INFO, "OSU provider fetch completed");
2483
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2484 return cmd_osu_select(ctx, fname, 1, no_prod_assoc, friendly_name);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2485}
2486
2487
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2488static int cmd_sub_rem(struct hs20_osu_client *ctx, const char *address,
2489 const char *pps_fname, const char *ca_fname)
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2490{
2491 xml_node_t *pps, *node;
2492 char pps_fname_buf[300];
2493 char ca_fname_buf[200];
2494 char *cred_username = NULL;
2495 char *cred_password = NULL;
2496 char *sub_rem_uri = NULL;
2497 char client_cert_buf[200];
2498 char *client_cert = NULL;
2499 char client_key_buf[200];
2500 char *client_key = NULL;
2501 int spp;
2502
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2503 wpa_printf(MSG_INFO, "Subscription remediation requested with Server URL: %s",
2504 address);
2505
2506 if (!pps_fname) {
2507 char buf[256];
2508 wpa_printf(MSG_INFO, "Determining PPS file based on Home SP information");
2509 if (os_strncmp(address, "fqdn=", 5) == 0) {
2510 wpa_printf(MSG_INFO, "Use requested FQDN from command line");
2511 os_snprintf(buf, sizeof(buf), "%s", address + 5);
2512 address = NULL;
2513 } else if (get_wpa_status(ctx->ifname, "provisioning_sp", buf,
2514 sizeof(buf)) < 0) {
2515 wpa_printf(MSG_INFO, "Could not get provisioning Home SP FQDN from wpa_supplicant");
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2516 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2517 }
2518 os_free(ctx->fqdn);
2519 ctx->fqdn = os_strdup(buf);
2520 if (ctx->fqdn == NULL)
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2521 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2522 wpa_printf(MSG_INFO, "Home SP FQDN for current credential: %s",
2523 buf);
2524 os_snprintf(pps_fname_buf, sizeof(pps_fname_buf),
2525 "SP/%s/pps.xml", ctx->fqdn);
2526 pps_fname = pps_fname_buf;
2527
2528 os_snprintf(ca_fname_buf, sizeof(ca_fname_buf), "SP/%s/ca.pem",
2529 ctx->fqdn);
2530 ca_fname = ca_fname_buf;
2531 }
2532
2533 if (!os_file_exists(pps_fname)) {
2534 wpa_printf(MSG_INFO, "PPS file '%s' does not exist or is not accessible",
2535 pps_fname);
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2536 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2537 }
2538 wpa_printf(MSG_INFO, "Using PPS file: %s", pps_fname);
2539
2540 if (ca_fname && !os_file_exists(ca_fname)) {
2541 wpa_printf(MSG_INFO, "CA file '%s' does not exist or is not accessible",
2542 ca_fname);
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2543 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2544 }
2545 wpa_printf(MSG_INFO, "Using server trust root: %s", ca_fname);
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2546 ctx->ca_fname = ca_fname;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2547
2548 pps = node_from_file(ctx->xml, pps_fname);
2549 if (pps == NULL) {
2550 wpa_printf(MSG_INFO, "Could not read PPS MO");
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2551 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2552 }
2553
2554 if (!ctx->fqdn) {
2555 char *tmp;
2556 node = get_child_node(ctx->xml, pps, "HomeSP/FQDN");
2557 if (node == NULL) {
2558 wpa_printf(MSG_INFO, "No HomeSP/FQDN found from PPS");
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2559 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2560 }
2561 tmp = xml_node_get_text(ctx->xml, node);
2562 if (tmp == NULL) {
2563 wpa_printf(MSG_INFO, "No HomeSP/FQDN text found from PPS");
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2564 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2565 }
2566 ctx->fqdn = os_strdup(tmp);
2567 xml_node_get_text_free(ctx->xml, tmp);
2568 if (!ctx->fqdn) {
2569 wpa_printf(MSG_INFO, "No FQDN known");
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2570 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2571 }
2572 }
2573
2574 node = get_child_node(ctx->xml, pps,
2575 "SubscriptionUpdate/UpdateMethod");
2576 if (node) {
2577 char *tmp;
2578 tmp = xml_node_get_text(ctx->xml, node);
2579 if (tmp && os_strcasecmp(tmp, "OMA-DM-ClientInitiated") == 0)
2580 spp = 0;
2581 else
2582 spp = 1;
2583 } else {
2584 wpa_printf(MSG_INFO, "No UpdateMethod specified - assume SPP");
2585 spp = 1;
2586 }
2587
2588 get_user_pw(ctx, pps, "SubscriptionUpdate/UsernamePassword",
2589 &cred_username, &cred_password);
2590 if (cred_username)
2591 wpa_printf(MSG_INFO, "Using username: %s", cred_username);
2592 if (cred_password)
2593 wpa_printf(MSG_DEBUG, "Using password: %s", cred_password);
2594
2595 if (cred_username == NULL && cred_password == NULL &&
2596 get_child_node(ctx->xml, pps, "Credential/DigitalCertificate")) {
2597 wpa_printf(MSG_INFO, "Using client certificate");
2598 os_snprintf(client_cert_buf, sizeof(client_cert_buf),
2599 "SP/%s/client-cert.pem", ctx->fqdn);
2600 client_cert = client_cert_buf;
2601 os_snprintf(client_key_buf, sizeof(client_key_buf),
2602 "SP/%s/client-key.pem", ctx->fqdn);
2603 client_key = client_key_buf;
2604 ctx->client_cert_present = 1;
2605 }
2606
2607 node = get_child_node(ctx->xml, pps, "SubscriptionUpdate/URI");
2608 if (node) {
2609 sub_rem_uri = xml_node_get_text(ctx->xml, node);
2610 if (sub_rem_uri &&
2611 (!address || os_strcmp(address, sub_rem_uri) != 0)) {
2612 wpa_printf(MSG_INFO, "Override sub rem URI based on PPS: %s",
2613 sub_rem_uri);
2614 address = sub_rem_uri;
2615 }
2616 }
2617 if (!address) {
2618 wpa_printf(MSG_INFO, "Server URL not known");
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2619 return -1;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2620 }
2621
2622 write_summary(ctx, "Wait for IP address for subscriptiom remediation");
2623 wpa_printf(MSG_INFO, "Wait for IP address before starting subscription remediation");
2624
2625 if (wait_ip_addr(ctx->ifname, 15) < 0) {
2626 wpa_printf(MSG_INFO, "Could not get IP address for WLAN - try connection anyway");
2627 }
2628
2629 if (spp)
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2630 spp_sub_rem(ctx, address, pps_fname,
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2631 client_cert, client_key,
2632 cred_username, cred_password, pps);
2633 else
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2634 oma_dm_sub_rem(ctx, address, pps_fname,
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2635 client_cert, client_key,
2636 cred_username, cred_password, pps);
2637
2638 xml_node_get_text_free(ctx->xml, sub_rem_uri);
2639 xml_node_get_text_free(ctx->xml, cred_username);
Dmitry Shmidtc2817022014-07-02 10:32:10 -0700[diff] [blame]2640 str_clear_free(cred_password);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2641 xml_node_free(ctx->xml, pps);
Dmitry Shmidt2f74e362015-01-21 13:19:05 -0800[diff] [blame]2642 return 0;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2643}
2644
2645
2646static int cmd_pol_upd(struct hs20_osu_client *ctx, const char *address,
2647 const char *pps_fname, const char *ca_fname)
2648{
2649 xml_node_t *pps;
2650 xml_node_t *node;
2651 char pps_fname_buf[300];
2652 char ca_fname_buf[200];
2653 char *uri = NULL;
2654 char *cred_username = NULL;
2655 char *cred_password = NULL;
2656 char client_cert_buf[200];
2657 char *client_cert = NULL;
2658 char client_key_buf[200];
2659 char *client_key = NULL;
2660 int spp;
2661
2662 wpa_printf(MSG_INFO, "Policy update requested");
2663
2664 if (!pps_fname) {
2665 char buf[256];
2666 wpa_printf(MSG_INFO, "Determining PPS file based on Home SP information");
Dmitry Shmidte4663042016-04-04 10:07:49 -0700[diff] [blame]2667 if (address && os_strncmp(address, "fqdn=", 5) == 0) {
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2668 wpa_printf(MSG_INFO, "Use requested FQDN from command line");
2669 os_snprintf(buf, sizeof(buf), "%s", address + 5);
2670 address = NULL;
2671 } else if (get_wpa_status(ctx->ifname, "provisioning_sp", buf,
2672 sizeof(buf)) < 0) {
2673 wpa_printf(MSG_INFO, "Could not get provisioning Home SP FQDN from wpa_supplicant");
2674 return -1;
2675 }
2676 os_free(ctx->fqdn);
2677 ctx->fqdn = os_strdup(buf);
2678 if (ctx->fqdn == NULL)
2679 return -1;
2680 wpa_printf(MSG_INFO, "Home SP FQDN for current credential: %s",
2681 buf);
2682 os_snprintf(pps_fname_buf, sizeof(pps_fname_buf),
2683 "SP/%s/pps.xml", ctx->fqdn);
2684 pps_fname = pps_fname_buf;
2685
2686 os_snprintf(ca_fname_buf, sizeof(ca_fname_buf), "SP/%s/ca.pem",
2687 buf);
2688 ca_fname = ca_fname_buf;
2689 }
2690
2691 if (!os_file_exists(pps_fname)) {
2692 wpa_printf(MSG_INFO, "PPS file '%s' does not exist or is not accessible",
2693 pps_fname);
2694 return -1;
2695 }
2696 wpa_printf(MSG_INFO, "Using PPS file: %s", pps_fname);
2697
2698 if (ca_fname && !os_file_exists(ca_fname)) {
2699 wpa_printf(MSG_INFO, "CA file '%s' does not exist or is not accessible",
2700 ca_fname);
2701 return -1;
2702 }
2703 wpa_printf(MSG_INFO, "Using server trust root: %s", ca_fname);
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2704 ctx->ca_fname = ca_fname;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2705
2706 pps = node_from_file(ctx->xml, pps_fname);
2707 if (pps == NULL) {
2708 wpa_printf(MSG_INFO, "Could not read PPS MO");
2709 return -1;
2710 }
2711
2712 if (!ctx->fqdn) {
2713 char *tmp;
2714 node = get_child_node(ctx->xml, pps, "HomeSP/FQDN");
2715 if (node == NULL) {
2716 wpa_printf(MSG_INFO, "No HomeSP/FQDN found from PPS");
2717 return -1;
2718 }
2719 tmp = xml_node_get_text(ctx->xml, node);
2720 if (tmp == NULL) {
2721 wpa_printf(MSG_INFO, "No HomeSP/FQDN text found from PPS");
2722 return -1;
2723 }
2724 ctx->fqdn = os_strdup(tmp);
2725 xml_node_get_text_free(ctx->xml, tmp);
2726 if (!ctx->fqdn) {
2727 wpa_printf(MSG_INFO, "No FQDN known");
2728 return -1;
2729 }
2730 }
2731
2732 node = get_child_node(ctx->xml, pps,
2733 "Policy/PolicyUpdate/UpdateMethod");
2734 if (node) {
2735 char *tmp;
2736 tmp = xml_node_get_text(ctx->xml, node);
2737 if (tmp && os_strcasecmp(tmp, "OMA-DM-ClientInitiated") == 0)
2738 spp = 0;
2739 else
2740 spp = 1;
2741 } else {
2742 wpa_printf(MSG_INFO, "No UpdateMethod specified - assume SPP");
2743 spp = 1;
2744 }
2745
2746 get_user_pw(ctx, pps, "Policy/PolicyUpdate/UsernamePassword",
2747 &cred_username, &cred_password);
2748 if (cred_username)
2749 wpa_printf(MSG_INFO, "Using username: %s", cred_username);
2750 if (cred_password)
2751 wpa_printf(MSG_DEBUG, "Using password: %s", cred_password);
2752
2753 if (cred_username == NULL && cred_password == NULL &&
2754 get_child_node(ctx->xml, pps, "Credential/DigitalCertificate")) {
2755 wpa_printf(MSG_INFO, "Using client certificate");
2756 os_snprintf(client_cert_buf, sizeof(client_cert_buf),
2757 "SP/%s/client-cert.pem", ctx->fqdn);
2758 client_cert = client_cert_buf;
2759 os_snprintf(client_key_buf, sizeof(client_key_buf),
2760 "SP/%s/client-key.pem", ctx->fqdn);
2761 client_key = client_key_buf;
2762 }
2763
2764 if (!address) {
2765 node = get_child_node(ctx->xml, pps, "Policy/PolicyUpdate/URI");
2766 if (node) {
2767 uri = xml_node_get_text(ctx->xml, node);
2768 wpa_printf(MSG_INFO, "URI based on PPS: %s", uri);
2769 address = uri;
2770 }
2771 }
2772 if (!address) {
2773 wpa_printf(MSG_INFO, "Server URL not known");
2774 return -1;
2775 }
2776
2777 if (spp)
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2778 spp_pol_upd(ctx, address, pps_fname,
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2779 client_cert, client_key,
2780 cred_username, cred_password, pps);
2781 else
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2782 oma_dm_pol_upd(ctx, address, pps_fname,
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2783 client_cert, client_key,
2784 cred_username, cred_password, pps);
2785
2786 xml_node_get_text_free(ctx->xml, uri);
2787 xml_node_get_text_free(ctx->xml, cred_username);
Dmitry Shmidtc2817022014-07-02 10:32:10 -0700[diff] [blame]2788 str_clear_free(cred_password);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2789 xml_node_free(ctx->xml, pps);
2790
2791 return 0;
2792}
2793
2794
2795static char * get_hostname(const char *url)
2796{
2797 const char *pos, *end, *end2;
2798 char *ret;
2799
2800 if (url == NULL)
2801 return NULL;
2802
2803 pos = os_strchr(url, '/');
2804 if (pos == NULL)
2805 return NULL;
2806 pos++;
2807 if (*pos != '/')
2808 return NULL;
2809 pos++;
2810
2811 end = os_strchr(pos, '/');
2812 end2 = os_strchr(pos, ':');
Dmitry Shmidtb1e52102015-05-29 12:36:29 -0700[diff] [blame]2813 if ((end && end2 && end2 < end) || (!end && end2))
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2814 end = end2;
2815 if (end)
2816 end--;
2817 else {
2818 end = pos;
2819 while (*end)
2820 end++;
2821 if (end > pos)
2822 end--;
2823 }
2824
2825 ret = os_malloc(end - pos + 2);
2826 if (ret == NULL)
2827 return NULL;
2828
2829 os_memcpy(ret, pos, end - pos + 1);
2830 ret[end - pos + 1] = '\0';
2831
2832 return ret;
2833}
2834
2835
2836static int osu_cert_cb(void *_ctx, struct http_cert *cert)
2837{
2838 struct hs20_osu_client *ctx = _ctx;
2839 unsigned int i, j;
2840 int found;
2841 char *host = NULL;
2842
Dmitry Shmidtb1e52102015-05-29 12:36:29 -0700[diff] [blame]2843 wpa_printf(MSG_INFO, "osu_cert_cb(osu_cert_validation=%d, url=%s)",
2844 !ctx->no_osu_cert_validation, ctx->server_url);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2845
2846 host = get_hostname(ctx->server_url);
2847
2848 for (i = 0; i < ctx->server_dnsname_count; i++)
2849 os_free(ctx->server_dnsname[i]);
2850 os_free(ctx->server_dnsname);
2851 ctx->server_dnsname = os_calloc(cert->num_dnsname, sizeof(char *));
2852 ctx->server_dnsname_count = 0;
2853
2854 found = 0;
2855 for (i = 0; i < cert->num_dnsname; i++) {
2856 if (ctx->server_dnsname) {
2857 ctx->server_dnsname[ctx->server_dnsname_count] =
2858 os_strdup(cert->dnsname[i]);
2859 if (ctx->server_dnsname[ctx->server_dnsname_count])
2860 ctx->server_dnsname_count++;
2861 }
2862 if (host && os_strcasecmp(host, cert->dnsname[i]) == 0)
2863 found = 1;
2864 wpa_printf(MSG_INFO, "dNSName '%s'", cert->dnsname[i]);
2865 }
2866
2867 if (host && !found) {
2868 wpa_printf(MSG_INFO, "Server name from URL (%s) did not match any dNSName - abort connection",
2869 host);
2870 write_result(ctx, "Server name from URL (%s) did not match any dNSName - abort connection",
2871 host);
2872 os_free(host);
2873 return -1;
2874 }
2875
2876 os_free(host);
2877
2878 for (i = 0; i < cert->num_othername; i++) {
2879 if (os_strcmp(cert->othername[i].oid,
2880 "1.3.6.1.4.1.40808.1.1.1") == 0) {
2881 wpa_hexdump_ascii(MSG_INFO,
2882 "id-wfa-hotspot-friendlyName",
2883 cert->othername[i].data,
2884 cert->othername[i].len);
2885 }
2886 }
2887
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2888 for (j = 0; !ctx->no_osu_cert_validation &&
2889 j < ctx->friendly_name_count; j++) {
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2890 int found = 0;
2891 for (i = 0; i < cert->num_othername; i++) {
2892 if (os_strcmp(cert->othername[i].oid,
2893 "1.3.6.1.4.1.40808.1.1.1") != 0)
2894 continue;
2895 if (cert->othername[i].len < 3)
2896 continue;
2897 if (os_strncasecmp((char *) cert->othername[i].data,
2898 ctx->friendly_name[j].lang, 3) != 0)
2899 continue;
2900 if (os_strncmp((char *) cert->othername[i].data + 3,
2901 ctx->friendly_name[j].text,
2902 cert->othername[i].len - 3) == 0) {
2903 found = 1;
2904 break;
2905 }
2906 }
2907
2908 if (!found) {
2909 wpa_printf(MSG_INFO, "No friendly name match found for '[%s]%s'",
2910 ctx->friendly_name[j].lang,
2911 ctx->friendly_name[j].text);
2912 write_result(ctx, "No friendly name match found for '[%s]%s'",
2913 ctx->friendly_name[j].lang,
2914 ctx->friendly_name[j].text);
2915 return -1;
2916 }
2917 }
2918
2919 for (i = 0; i < cert->num_logo; i++) {
2920 struct http_logo *logo = &cert->logo[i];
2921
2922 wpa_printf(MSG_INFO, "logo hash alg %s uri '%s'",
2923 logo->alg_oid, logo->uri);
2924 wpa_hexdump_ascii(MSG_INFO, "hashValue",
2925 logo->hash, logo->hash_len);
2926 }
2927
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2928 for (j = 0; !ctx->no_osu_cert_validation && j < ctx->icon_count; j++) {
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2929 int found = 0;
2930 char *name = ctx->icon_filename[j];
2931 size_t name_len = os_strlen(name);
2932
Dmitry Shmidt912c6ec2015-03-30 13:16:51 -0700[diff] [blame]2933 wpa_printf(MSG_INFO,
2934 "[%i] Looking for icon file name '%s' match",
2935 j, name);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2936 for (i = 0; i < cert->num_logo; i++) {
2937 struct http_logo *logo = &cert->logo[i];
2938 size_t uri_len = os_strlen(logo->uri);
2939 char *pos;
2940
Dmitry Shmidt912c6ec2015-03-30 13:16:51 -0700[diff] [blame]2941 wpa_printf(MSG_INFO,
2942 "[%i] Comparing to '%s' uri_len=%d name_len=%d",
2943 i, logo->uri, (int) uri_len, (int) name_len);
2944 if (uri_len < 1 + name_len) {
2945 wpa_printf(MSG_INFO, "URI Length is too short");
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2946 continue;
Dmitry Shmidt912c6ec2015-03-30 13:16:51 -0700[diff] [blame]2947 }
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2948 pos = &logo->uri[uri_len - name_len - 1];
2949 if (*pos != '/')
2950 continue;
2951 pos++;
2952 if (os_strcmp(pos, name) == 0) {
2953 found = 1;
2954 break;
2955 }
2956 }
2957
2958 if (!found) {
2959 wpa_printf(MSG_INFO, "No icon filename match found for '%s'",
2960 name);
2961 write_result(ctx,
2962 "No icon filename match found for '%s'",
2963 name);
2964 return -1;
2965 }
2966 }
2967
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]2968 for (j = 0; !ctx->no_osu_cert_validation && j < ctx->icon_count; j++) {
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2969 int found = 0;
2970
2971 for (i = 0; i < cert->num_logo; i++) {
2972 struct http_logo *logo = &cert->logo[i];
2973
Dmitry Shmidt912c6ec2015-03-30 13:16:51 -0700[diff] [blame]2974 if (logo->hash_len != 32) {
2975 wpa_printf(MSG_INFO,
2976 "[%i][%i] Icon hash length invalid (should be 32): %d",
2977 j, i, (int) logo->hash_len);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2978 continue;
Dmitry Shmidt912c6ec2015-03-30 13:16:51 -0700[diff] [blame]2979 }
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2980 if (os_memcmp(logo->hash, ctx->icon_hash[j], 32) == 0) {
2981 found = 1;
2982 break;
2983 }
Dmitry Shmidt912c6ec2015-03-30 13:16:51 -0700[diff] [blame]2984
2985 wpa_printf(MSG_DEBUG,
2986 "[%u][%u] Icon hash did not match", j, i);
2987 wpa_hexdump_ascii(MSG_DEBUG, "logo->hash",
2988 logo->hash, 32);
2989 wpa_hexdump_ascii(MSG_DEBUG, "ctx->icon_hash[j]",
2990 ctx->icon_hash[j], 32);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2991 }
2992
2993 if (!found) {
Dmitry Shmidt912c6ec2015-03-30 13:16:51 -0700[diff] [blame]2994 wpa_printf(MSG_INFO,
2995 "No icon hash match (by hash) found");
2996 write_result(ctx,
2997 "No icon hash match (by hash) found");
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]2998 return -1;
2999 }
3000 }
3001
3002 return 0;
3003}
3004
3005
3006static int init_ctx(struct hs20_osu_client *ctx)
3007{
3008 xml_node_t *devinfo, *devid;
3009
3010 os_memset(ctx, 0, sizeof(*ctx));
3011 ctx->ifname = "wlan0";
3012 ctx->xml = xml_node_init_ctx(ctx, NULL);
3013 if (ctx->xml == NULL)
3014 return -1;
3015
3016 devinfo = node_from_file(ctx->xml, "devinfo.xml");
3017 if (!devinfo) {
3018 wpa_printf(MSG_ERROR, "devinfo.xml not found");
3019 return -1;
3020 }
3021
3022 devid = get_node(ctx->xml, devinfo, "DevId");
3023 if (devid) {
3024 char *tmp = xml_node_get_text(ctx->xml, devid);
3025 if (tmp) {
3026 ctx->devid = os_strdup(tmp);
3027 xml_node_get_text_free(ctx->xml, tmp);
3028 }
3029 }
3030 xml_node_free(ctx->xml, devinfo);
3031
3032 if (ctx->devid == NULL) {
3033 wpa_printf(MSG_ERROR, "Could not fetch DevId from devinfo.xml");
3034 return -1;
3035 }
3036
3037 ctx->http = http_init_ctx(ctx, ctx->xml);
3038 if (ctx->http == NULL) {
3039 xml_node_deinit_ctx(ctx->xml);
3040 return -1;
3041 }
3042 http_ocsp_set(ctx->http, 2);
3043 http_set_cert_cb(ctx->http, osu_cert_cb, ctx);
3044
3045 return 0;
3046}
3047
3048
3049static void deinit_ctx(struct hs20_osu_client *ctx)
3050{
3051 size_t i;
3052
3053 http_deinit_ctx(ctx->http);
3054 xml_node_deinit_ctx(ctx->xml);
3055 os_free(ctx->fqdn);
3056 os_free(ctx->server_url);
3057 os_free(ctx->devid);
3058
3059 for (i = 0; i < ctx->server_dnsname_count; i++)
3060 os_free(ctx->server_dnsname[i]);
3061 os_free(ctx->server_dnsname);
3062}
3063
3064
3065static void check_workarounds(struct hs20_osu_client *ctx)
3066{
3067 FILE *f;
3068 char buf[100];
3069 unsigned long int val = 0;
3070
3071 f = fopen("hs20-osu-client.workarounds", "r");
3072 if (f == NULL)
3073 return;
3074
3075 if (fgets(buf, sizeof(buf), f))
3076 val = strtoul(buf, NULL, 16);
3077
3078 fclose(f);
3079
3080 if (val) {
3081 wpa_printf(MSG_INFO, "Workarounds enabled: 0x%lx", val);
3082 ctx->workarounds = val;
3083 if (ctx->workarounds & WORKAROUND_OCSP_OPTIONAL)
3084 http_ocsp_set(ctx->http, 1);
3085 }
3086}
3087
3088
3089static void usage(void)
3090{
3091 printf("usage: hs20-osu-client [-dddqqKt] [-S<station ifname>] \\\n"
3092 " [-w<wpa_supplicant ctrl_iface dir>] "
3093 "[-r<result file>] [-f<debug file>] \\\n"
3094 " [-s<summary file>] \\\n"
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]3095 " [-x<spp.xsd file name>] \\\n"
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3096 " <command> [arguments..]\n"
3097 "commands:\n"
3098 "- to_tnds <XML MO> <XML MO in TNDS format> [URN]\n"
3099 "- to_tnds2 <XML MO> <XML MO in TNDS format (Path) "
3100 "[URN]>\n"
3101 "- from_tnds <XML MO in TNDS format> <XML MO>\n"
3102 "- set_pps <PerProviderSubscription XML file name>\n"
3103 "- get_fqdn <PerProviderSubscription XML file name>\n"
3104 "- pol_upd [Server URL] [PPS] [CA cert]\n"
3105 "- sub_rem <Server URL> [PPS] [CA cert]\n"
3106 "- prov <Server URL> [CA cert]\n"
3107 "- oma_dm_prov <Server URL> [CA cert]\n"
3108 "- sim_prov <Server URL> [CA cert]\n"
3109 "- oma_dm_sim_prov <Server URL> [CA cert]\n"
3110 "- signup [CA cert]\n"
3111 "- dl_osu_ca <PPS> <CA file>\n"
3112 "- dl_polupd_ca <PPS> <CA file>\n"
3113 "- dl_aaa_ca <PPS> <CA file>\n"
3114 "- browser <URL>\n"
3115 "- parse_cert <X.509 certificate (DER)>\n"
3116 "- osu_select <OSU info directory> [CA cert]\n");
3117}
3118
3119
3120int main(int argc, char *argv[])
3121{
3122 struct hs20_osu_client ctx;
3123 int c;
3124 int ret = 0;
3125 int no_prod_assoc = 0;
3126 const char *friendly_name = NULL;
3127 const char *wpa_debug_file_path = NULL;
3128 extern char *wpas_ctrl_path;
3129 extern int wpa_debug_level;
3130 extern int wpa_debug_show_keys;
3131 extern int wpa_debug_timestamp;
3132
3133 if (init_ctx(&ctx) < 0)
3134 return -1;
3135
3136 for (;;) {
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]3137 c = getopt(argc, argv, "df:hKNO:qr:s:S:tw:x:");
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3138 if (c < 0)
3139 break;
3140 switch (c) {
3141 case 'd':
3142 if (wpa_debug_level > 0)
3143 wpa_debug_level--;
3144 break;
3145 case 'f':
3146 wpa_debug_file_path = optarg;
3147 break;
3148 case 'K':
3149 wpa_debug_show_keys++;
3150 break;
3151 case 'N':
3152 no_prod_assoc = 1;
3153 break;
3154 case 'O':
3155 friendly_name = optarg;
3156 break;
3157 case 'q':
3158 wpa_debug_level++;
3159 break;
3160 case 'r':
3161 ctx.result_file = optarg;
3162 break;
3163 case 's':
3164 ctx.summary_file = optarg;
3165 break;
3166 case 'S':
3167 ctx.ifname = optarg;
3168 break;
3169 case 't':
3170 wpa_debug_timestamp++;
3171 break;
3172 case 'w':
3173 wpas_ctrl_path = optarg;
3174 break;
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]3175 case 'x':
3176 spp_xsd_fname = optarg;
3177 break;
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3178 case 'h':
3179 default:
3180 usage();
3181 exit(0);
3182 break;
3183 }
3184 }
3185
3186 if (argc - optind < 1) {
3187 usage();
3188 exit(0);
3189 }
3190
3191 wpa_debug_open_file(wpa_debug_file_path);
3192
3193#ifdef __linux__
3194 setlinebuf(stdout);
3195#endif /* __linux__ */
3196
3197 if (ctx.result_file)
3198 unlink(ctx.result_file);
3199 wpa_printf(MSG_DEBUG, "===[hs20-osu-client START - command: %s ]======"
3200 "================", argv[optind]);
3201 check_workarounds(&ctx);
3202
3203 if (strcmp(argv[optind], "to_tnds") == 0) {
3204 if (argc - optind < 2) {
3205 usage();
3206 exit(0);
3207 }
3208 cmd_to_tnds(&ctx, argv[optind + 1], argv[optind + 2],
3209 argc > optind + 3 ? argv[optind + 3] : NULL,
3210 0);
3211 } else if (strcmp(argv[optind], "to_tnds2") == 0) {
3212 if (argc - optind < 2) {
3213 usage();
3214 exit(0);
3215 }
3216 cmd_to_tnds(&ctx, argv[optind + 1], argv[optind + 2],
3217 argc > optind + 3 ? argv[optind + 3] : NULL,
3218 1);
3219 } else if (strcmp(argv[optind], "from_tnds") == 0) {
3220 if (argc - optind < 2) {
3221 usage();
3222 exit(0);
3223 }
3224 cmd_from_tnds(&ctx, argv[optind + 1], argv[optind + 2]);
3225 } else if (strcmp(argv[optind], "sub_rem") == 0) {
3226 if (argc - optind < 2) {
3227 usage();
3228 exit(0);
3229 }
Dmitry Shmidte4663042016-04-04 10:07:49 -0700[diff] [blame]3230 ret = cmd_sub_rem(&ctx, argv[optind + 1],
3231 argc > optind + 2 ? argv[optind + 2] : NULL,
3232 argc > optind + 3 ? argv[optind + 3] : NULL);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3233 } else if (strcmp(argv[optind], "pol_upd") == 0) {
Dmitry Shmidte4663042016-04-04 10:07:49 -0700[diff] [blame]3234 ret = cmd_pol_upd(&ctx,
3235 argc > optind + 1 ? argv[optind + 1] : NULL,
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3236 argc > optind + 2 ? argv[optind + 2] : NULL,
3237 argc > optind + 3 ? argv[optind + 3] : NULL);
3238 } else if (strcmp(argv[optind], "prov") == 0) {
3239 if (argc - optind < 2) {
3240 usage();
3241 exit(0);
3242 }
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3243 ctx.ca_fname = argv[optind + 2];
Dmitry Shmidtaf9da312015-04-03 10:03:11 -0700[diff] [blame]3244 wpa_printf(MSG_DEBUG, "Calling cmd_prov from main");
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3245 cmd_prov(&ctx, argv[optind + 1]);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3246 } else if (strcmp(argv[optind], "sim_prov") == 0) {
3247 if (argc - optind < 2) {
3248 usage();
3249 exit(0);
3250 }
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3251 ctx.ca_fname = argv[optind + 2];
3252 cmd_sim_prov(&ctx, argv[optind + 1]);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3253 } else if (strcmp(argv[optind], "dl_osu_ca") == 0) {
3254 if (argc - optind < 2) {
3255 usage();
3256 exit(0);
3257 }
3258 cmd_dl_osu_ca(&ctx, argv[optind + 1], argv[optind + 2]);
3259 } else if (strcmp(argv[optind], "dl_polupd_ca") == 0) {
3260 if (argc - optind < 2) {
3261 usage();
3262 exit(0);
3263 }
3264 cmd_dl_polupd_ca(&ctx, argv[optind + 1], argv[optind + 2]);
3265 } else if (strcmp(argv[optind], "dl_aaa_ca") == 0) {
3266 if (argc - optind < 2) {
3267 usage();
3268 exit(0);
3269 }
3270 cmd_dl_aaa_ca(&ctx, argv[optind + 1], argv[optind + 2]);
3271 } else if (strcmp(argv[optind], "osu_select") == 0) {
3272 if (argc - optind < 2) {
3273 usage();
3274 exit(0);
3275 }
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3276 ctx.ca_fname = argc > optind + 2 ? argv[optind + 2] : NULL;
3277 cmd_osu_select(&ctx, argv[optind + 1], 2, 1, NULL);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3278 } else if (strcmp(argv[optind], "signup") == 0) {
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3279 ctx.ca_fname = argc > optind + 1 ? argv[optind + 1] : NULL;
3280 ret = cmd_signup(&ctx, no_prod_assoc, friendly_name);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3281 } else if (strcmp(argv[optind], "set_pps") == 0) {
3282 if (argc - optind < 2) {
3283 usage();
3284 exit(0);
3285 }
3286 cmd_set_pps(&ctx, argv[optind + 1]);
3287 } else if (strcmp(argv[optind], "get_fqdn") == 0) {
3288 if (argc - optind < 1) {
3289 usage();
3290 exit(0);
3291 }
3292 ret = cmd_get_fqdn(&ctx, argv[optind + 1]);
3293 } else if (strcmp(argv[optind], "oma_dm_prov") == 0) {
3294 if (argc - optind < 2) {
3295 usage();
3296 exit(0);
3297 }
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3298 ctx.ca_fname = argv[optind + 2];
3299 cmd_oma_dm_prov(&ctx, argv[optind + 1]);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3300 } else if (strcmp(argv[optind], "oma_dm_sim_prov") == 0) {
3301 if (argc - optind < 2) {
3302 usage();
3303 exit(0);
3304 }
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3305 ctx.ca_fname = argv[optind + 2];
3306 if (cmd_oma_dm_sim_prov(&ctx, argv[optind + 1]) < 0) {
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3307 write_summary(&ctx, "Failed to complete OMA DM SIM provisioning");
3308 return -1;
3309 }
3310 } else if (strcmp(argv[optind], "oma_dm_add") == 0) {
3311 if (argc - optind < 2) {
3312 usage();
3313 exit(0);
3314 }
3315 cmd_oma_dm_add(&ctx, argv[optind + 1], argv[optind + 2]);
3316 } else if (strcmp(argv[optind], "oma_dm_replace") == 0) {
3317 if (argc - optind < 2) {
3318 usage();
3319 exit(0);
3320 }
3321 cmd_oma_dm_replace(&ctx, argv[optind + 1], argv[optind + 2]);
3322 } else if (strcmp(argv[optind], "est_csr") == 0) {
3323 if (argc - optind < 2) {
3324 usage();
3325 exit(0);
3326 }
3327 mkdir("Cert", S_IRWXU);
3328 est_build_csr(&ctx, argv[optind + 1]);
3329 } else if (strcmp(argv[optind], "browser") == 0) {
3330 int ret;
3331
3332 if (argc - optind < 2) {
3333 usage();
3334 exit(0);
3335 }
3336
3337 wpa_printf(MSG_INFO, "Launch web browser to URL %s",
3338 argv[optind + 1]);
3339 ret = hs20_web_browser(argv[optind + 1]);
3340 wpa_printf(MSG_INFO, "Web browser result: %d", ret);
3341 } else if (strcmp(argv[optind], "parse_cert") == 0) {
3342 if (argc - optind < 2) {
3343 usage();
3344 exit(0);
3345 }
3346
3347 wpa_debug_level = MSG_MSGDUMP;
3348 http_parse_x509_certificate(ctx.http, argv[optind + 1]);
3349 wpa_debug_level = MSG_INFO;
3350 } else {
3351 wpa_printf(MSG_INFO, "Unknown command '%s'", argv[optind]);
3352 }
3353
Dmitry Shmidt6cb1f652014-03-21 10:54:03 -0700[diff] [blame]3354 deinit_ctx(&ctx);
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3355 wpa_printf(MSG_DEBUG,
3356 "===[hs20-osu-client END ]======================");
3357
3358 wpa_debug_close_file();
Dmitry Shmidtd5dc24e2014-03-12 14:22:04 -0700[diff] [blame]3359
3360 return ret;
3361}