2 * Hotspot 2.0 OSU client
3 * Copyright (c) 2012-2013, Qualcomm Atheros, Inc.
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
14 #include "utils/browser.h"
15 #include "utils/base64.h"
16 #include "utils/xml-utils.h"
17 #include "utils/http-utils.h"
18 #include "common/wpa_ctrl.h"
19 #include "common/wpa_helpers.h"
20 #include "eap_common/eap_defs.h"
21 #include "crypto/crypto.h"
22 #include "crypto/sha256.h"
23 #include "osu_client.h"
26 void write_result(struct hs20_osu_client
*ctx
, const char *fmt
, ...)
33 vsnprintf(buf
, sizeof(buf
), fmt
, ap
);
35 write_summary(ctx
, "%s", buf
);
37 if (!ctx
->result_file
)
40 f
= fopen(ctx
->result_file
, "w");
52 void write_summary(struct hs20_osu_client
*ctx
, const char *fmt
, ...)
57 if (!ctx
->summary_file
)
60 f
= fopen(ctx
->summary_file
, "a");
72 void debug_dump_node(struct hs20_osu_client
*ctx
, const char *title
,
75 char *str
= xml_node_to_str(ctx
->xml
, node
);
76 wpa_printf(MSG_DEBUG
, "[hs20] %s: '%s'", title
, str
);
81 static int valid_fqdn(const char *fqdn
)
85 /* TODO: could make this more complete.. */
86 if (strchr(fqdn
, '.') == 0 || strlen(fqdn
) > 255)
88 for (pos
= fqdn
; *pos
; pos
++) {
89 if (*pos
>= 'a' && *pos
<= 'z')
91 if (*pos
>= 'A' && *pos
<= 'Z')
93 if (*pos
>= '0' && *pos
<= '9')
95 if (*pos
== '-' || *pos
== '.' || *pos
== '_')
103 int osu_get_certificate(struct hs20_osu_client
*ctx
, xml_node_t
*getcert
)
106 char *url
, *user
= NULL
, *pw
= NULL
;
110 proto
= xml_node_get_attr_value(ctx
->xml
, getcert
,
111 "enrollmentProtocol");
114 wpa_printf(MSG_INFO
, "getCertificate - enrollmentProtocol=%s", proto
);
115 write_summary(ctx
, "getCertificate - enrollmentProtocol=%s", proto
);
116 if (os_strcasecmp(proto
, "EST") != 0) {
117 wpa_printf(MSG_INFO
, "Unsupported enrollmentProtocol");
118 xml_node_get_attr_value_free(ctx
->xml
, proto
);
121 xml_node_get_attr_value_free(ctx
->xml
, proto
);
123 node
= get_node(ctx
->xml
, getcert
, "enrollmentServerURI");
125 wpa_printf(MSG_INFO
, "Could not find enrollmentServerURI node");
126 xml_node_get_attr_value_free(ctx
->xml
, proto
);
129 url
= xml_node_get_text(ctx
->xml
, node
);
131 wpa_printf(MSG_INFO
, "Could not get URL text");
134 wpa_printf(MSG_INFO
, "enrollmentServerURI: %s", url
);
135 write_summary(ctx
, "enrollmentServerURI: %s", url
);
137 node
= get_node(ctx
->xml
, getcert
, "estUserID");
138 if (node
== NULL
&& !ctx
->client_cert_present
) {
139 wpa_printf(MSG_INFO
, "Could not find estUserID node");
143 user
= xml_node_get_text(ctx
->xml
, node
);
145 wpa_printf(MSG_INFO
, "Could not get estUserID text");
148 wpa_printf(MSG_INFO
, "estUserID: %s", user
);
149 write_summary(ctx
, "estUserID: %s", user
);
152 node
= get_node(ctx
->xml
, getcert
, "estPassword");
153 if (node
== NULL
&& !ctx
->client_cert_present
) {
154 wpa_printf(MSG_INFO
, "Could not find estPassword node");
158 pw
= xml_node_get_base64_text(ctx
->xml
, node
, NULL
);
160 wpa_printf(MSG_INFO
, "Could not get estPassword text");
163 wpa_printf(MSG_INFO
, "estPassword: %s", pw
);
166 mkdir("Cert", S_IRWXU
);
167 if (est_load_cacerts(ctx
, url
) < 0 ||
168 est_build_csr(ctx
, url
) < 0 ||
169 est_simple_enroll(ctx
, url
, user
, pw
) < 0)
174 xml_node_get_text_free(ctx
->xml
, url
);
175 xml_node_get_text_free(ctx
->xml
, user
);
176 xml_node_get_text_free(ctx
->xml
, pw
);
182 static int process_est_cert(struct hs20_osu_client
*ctx
, xml_node_t
*cert
,
185 u8 digest1
[SHA256_MAC_LEN
], digest2
[SHA256_MAC_LEN
];
187 size_t der_len
, pem_len
;
191 wpa_printf(MSG_INFO
, "PPS for certificate credential - fqdn=%s", fqdn
);
193 fingerprint
= xml_node_get_text(ctx
->xml
, cert
);
194 if (fingerprint
== NULL
)
196 if (hexstr2bin(fingerprint
, digest1
, SHA256_MAC_LEN
) < 0) {
197 wpa_printf(MSG_INFO
, "Invalid SHA256 hash value");
198 write_result(ctx
, "Invalid client certificate SHA256 hash value in PPS");
199 xml_node_get_text_free(ctx
->xml
, fingerprint
);
202 xml_node_get_text_free(ctx
->xml
, fingerprint
);
204 der
= os_readfile("Cert/est_cert.der", &der_len
);
206 wpa_printf(MSG_INFO
, "Could not find client certificate from EST");
207 write_result(ctx
, "Could not find client certificate from EST");
211 if (sha256_vector(1, (const u8
**) &der
, &der_len
, digest2
) < 0) {
217 if (os_memcmp(digest1
, digest2
, sizeof(digest1
)) != 0) {
218 wpa_printf(MSG_INFO
, "Client certificate from EST does not match fingerprint from PPS MO");
219 write_result(ctx
, "Client certificate from EST does not match fingerprint from PPS MO");
223 wpa_printf(MSG_INFO
, "Client certificate from EST matches PPS MO");
224 unlink("Cert/est_cert.der");
226 os_snprintf(buf
, sizeof(buf
), "SP/%s/client-ca.pem", fqdn
);
227 if (rename("Cert/est-cacerts.pem", buf
) < 0) {
228 wpa_printf(MSG_INFO
, "Could not move est-cacerts.pem to client-ca.pem: %s",
232 pem
= os_readfile(buf
, &pem_len
);
234 os_snprintf(buf
, sizeof(buf
), "SP/%s/client-cert.pem", fqdn
);
235 if (rename("Cert/est_cert.pem", buf
) < 0) {
236 wpa_printf(MSG_INFO
, "Could not move est_cert.pem to client-cert.pem: %s",
243 FILE *f
= fopen(buf
, "a");
245 fwrite(pem
, pem_len
, 1, f
);
251 os_snprintf(buf
, sizeof(buf
), "SP/%s/client-key.pem", fqdn
);
252 if (rename("Cert/privkey-plain.pem", buf
) < 0) {
253 wpa_printf(MSG_INFO
, "Could not move privkey-plain.pem to client-key.pem: %s",
258 unlink("Cert/est-req.b64");
259 unlink("Cert/est-req.pem");
260 unlink("Cert/est-resp.raw");
267 #define TMP_CERT_DL_FILE "tmp-cert-download"
269 static int download_cert(struct hs20_osu_client
*ctx
, xml_node_t
*params
,
272 xml_node_t
*url_node
, *hash_node
;
276 u8 digest1
[SHA256_MAC_LEN
], digest2
[SHA256_MAC_LEN
];
281 url_node
= get_node(ctx
->xml
, params
, "CertURL");
282 hash_node
= get_node(ctx
->xml
, params
, "CertSHA256Fingerprint");
283 if (url_node
== NULL
|| hash_node
== NULL
)
285 url
= xml_node_get_text(ctx
->xml
, url_node
);
286 hash
= xml_node_get_text(ctx
->xml
, hash_node
);
287 if (url
== NULL
|| hash
== NULL
) {
288 xml_node_get_text_free(ctx
->xml
, url
);
289 xml_node_get_text_free(ctx
->xml
, hash
);
293 wpa_printf(MSG_INFO
, "CertURL: %s", url
);
294 wpa_printf(MSG_INFO
, "SHA256 hash: %s", hash
);
296 if (hexstr2bin(hash
, digest1
, SHA256_MAC_LEN
) < 0) {
297 wpa_printf(MSG_INFO
, "Invalid SHA256 hash value");
298 write_result(ctx
, "Invalid SHA256 hash value for downloaded certificate");
299 xml_node_get_text_free(ctx
->xml
, hash
);
302 xml_node_get_text_free(ctx
->xml
, hash
);
304 write_summary(ctx
, "Download certificate from %s", url
);
305 res
= http_download_file(ctx
->http
, url
, TMP_CERT_DL_FILE
, NULL
);
306 xml_node_get_text_free(ctx
->xml
, url
);
310 cert
= os_readfile(TMP_CERT_DL_FILE
, &len
);
311 remove(TMP_CERT_DL_FILE
);
315 if (sha256_vector(1, (const u8
**) &cert
, &len
, digest2
) < 0) {
320 if (os_memcmp(digest1
, digest2
, sizeof(digest1
)) != 0) {
321 wpa_printf(MSG_INFO
, "Downloaded certificate fingerprint did not match");
322 write_result(ctx
, "Downloaded certificate fingerprint did not match");
327 b64
= base64_encode((unsigned char *) cert
, len
, NULL
);
332 f
= fopen(fname
, "wb");
338 fprintf(f
, "-----BEGIN CERTIFICATE-----\n"
340 "-----END CERTIFICATE-----\n",
346 wpa_printf(MSG_INFO
, "Downloaded certificate into %s and validated fingerprint",
348 write_summary(ctx
, "Downloaded certificate into %s and validated fingerprint",
355 static int cmd_dl_osu_ca(struct hs20_osu_client
*ctx
, const char *pps_fname
,
356 const char *ca_fname
)
358 xml_node_t
*pps
, *node
;
361 pps
= node_from_file(ctx
->xml
, pps_fname
);
363 wpa_printf(MSG_INFO
, "Could not read or parse '%s'", pps_fname
);
367 node
= get_child_node(ctx
->xml
, pps
,
368 "SubscriptionUpdate/TrustRoot");
370 wpa_printf(MSG_INFO
, "No SubscriptionUpdate/TrustRoot/CertURL found from PPS");
371 xml_node_free(ctx
->xml
, pps
);
375 ret
= download_cert(ctx
, node
, ca_fname
);
376 xml_node_free(ctx
->xml
, pps
);
382 static int cmd_dl_polupd_ca(struct hs20_osu_client
*ctx
, const char *pps_fname
,
383 const char *ca_fname
)
385 xml_node_t
*pps
, *node
;
388 pps
= node_from_file(ctx
->xml
, pps_fname
);
390 wpa_printf(MSG_INFO
, "Could not read or parse '%s'", pps_fname
);
394 node
= get_child_node(ctx
->xml
, pps
,
395 "PolicyUpdate/TrustRoot");
397 wpa_printf(MSG_INFO
, "No PolicyUpdate/TrustRoot/CertURL found from PPS");
398 xml_node_free(ctx
->xml
, pps
);
402 ret
= download_cert(ctx
, node
, ca_fname
);
403 xml_node_free(ctx
->xml
, pps
);
409 static int cmd_dl_aaa_ca(struct hs20_osu_client
*ctx
, const char *pps_fname
,
410 const char *ca_fname
)
412 xml_node_t
*pps
, *node
, *aaa
;
415 pps
= node_from_file(ctx
->xml
, pps_fname
);
417 wpa_printf(MSG_INFO
, "Could not read or parse '%s'", pps_fname
);
421 node
= get_child_node(ctx
->xml
, pps
,
422 "AAAServerTrustRoot");
424 wpa_printf(MSG_INFO
, "No AAAServerTrustRoot/CertURL found from PPS");
425 xml_node_free(ctx
->xml
, pps
);
429 aaa
= xml_node_first_child(ctx
->xml
, node
);
431 wpa_printf(MSG_INFO
, "No AAAServerTrustRoot/CertURL found from PPS");
432 xml_node_free(ctx
->xml
, pps
);
436 ret
= download_cert(ctx
, aaa
, ca_fname
);
437 xml_node_free(ctx
->xml
, pps
);
443 static int download_trust_roots(struct hs20_osu_client
*ctx
,
444 const char *pps_fname
)
450 dir
= os_strdup(pps_fname
);
453 pos
= os_strrchr(dir
, '/');
460 snprintf(fname
, sizeof(fname
), "%s/ca.pem", dir
);
461 ret
= cmd_dl_osu_ca(ctx
, pps_fname
, fname
);
462 snprintf(fname
, sizeof(fname
), "%s/polupd-ca.pem", dir
);
463 cmd_dl_polupd_ca(ctx
, pps_fname
, fname
);
464 snprintf(fname
, sizeof(fname
), "%s/aaa-ca.pem", dir
);
465 cmd_dl_aaa_ca(ctx
, pps_fname
, fname
);
473 static int server_dnsname_suffix_match(struct hs20_osu_client
*ctx
,
476 size_t match_len
, len
, i
;
479 match_len
= os_strlen(fqdn
);
481 for (i
= 0; i
< ctx
->server_dnsname_count
; i
++) {
483 "Checking suffix match against server dNSName %s",
484 ctx
->server_dnsname
[i
]);
485 val
= ctx
->server_dnsname
[i
];
486 len
= os_strlen(val
);
491 if (os_strncasecmp(val
+ len
- match_len
, fqdn
, match_len
) != 0)
492 continue; /* no match */
494 if (match_len
== len
)
495 return 1; /* exact match */
497 if (val
[len
- match_len
- 1] == '.')
498 return 1; /* full label match completes suffix match */
500 /* Reject due to incomplete label match */
503 /* None of the dNSName(s) matched */
508 int hs20_add_pps_mo(struct hs20_osu_client
*ctx
, const char *uri
,
509 xml_node_t
*add_mo
, char *fname
, size_t fname_len
)
513 xml_node_t
*tnds
, *mo
, *cert
;
517 if (strncmp(uri
, "./Wi-Fi/", 8) != 0) {
518 wpa_printf(MSG_INFO
, "Unsupported location for addMO to add PPS MO: '%s'",
520 write_result(ctx
, "Unsupported location for addMO to add PPS MO: '%s'",
525 fqdn
= strdup(uri
+ 8);
528 pos
= strchr(fqdn
, '/');
530 if (os_strcasecmp(pos
, "/PerProviderSubscription") != 0) {
531 wpa_printf(MSG_INFO
, "Unsupported location for addMO to add PPS MO (extra directory): '%s'",
533 write_result(ctx
, "Unsupported location for addMO to "
534 "add PPS MO (extra directory): '%s'", uri
);
537 *pos
= '\0'; /* remove trailing slash and PPS node name */
539 wpa_printf(MSG_INFO
, "SP FQDN: %s", fqdn
);
541 if (!server_dnsname_suffix_match(ctx
, fqdn
)) {
542 wpa_printf(MSG_INFO
, "FQDN '%s' for new PPS MO did not have suffix match with server's dNSName values",
544 write_result(ctx
, "FQDN '%s' for new PPS MO did not have suffix match with server's dNSName values",
550 if (!valid_fqdn(fqdn
)) {
551 wpa_printf(MSG_INFO
, "Invalid FQDN '%s'", fqdn
);
552 write_result(ctx
, "Invalid FQDN '%s'", fqdn
);
557 mkdir("SP", S_IRWXU
);
558 snprintf(fname
, fname_len
, "SP/%s", fqdn
);
559 if (mkdir(fname
, S_IRWXU
) < 0) {
560 if (errno
!= EEXIST
) {
562 wpa_printf(MSG_INFO
, "mkdir(%s) failed: %s",
563 fname
, strerror(err
));
569 snprintf(fname
, fname_len
, "SP/%s/pps.xml", fqdn
);
571 if (os_file_exists(fname
)) {
572 wpa_printf(MSG_INFO
, "PPS file '%s' exists - reject addMO",
574 write_result(ctx
, "PPS file '%s' exists - reject addMO",
579 wpa_printf(MSG_INFO
, "Using PPS file: %s", fname
);
581 str
= xml_node_get_text(ctx
->xml
, add_mo
);
583 wpa_printf(MSG_INFO
, "Could not extract MO text");
587 wpa_printf(MSG_DEBUG
, "[hs20] addMO text: '%s'", str
);
589 tnds
= xml_node_from_buf(ctx
->xml
, str
);
590 xml_node_get_text_free(ctx
->xml
, str
);
592 wpa_printf(MSG_INFO
, "[hs20] Could not parse addMO text");
597 mo
= tnds_to_mo(ctx
->xml
, tnds
);
599 wpa_printf(MSG_INFO
, "[hs20] Could not parse addMO TNDS text");
604 debug_dump_node(ctx
, "Parsed TNDS", mo
);
606 name
= xml_node_get_localname(ctx
->xml
, mo
);
607 if (os_strcasecmp(name
, "PerProviderSubscription") != 0) {
608 wpa_printf(MSG_INFO
, "[hs20] Unexpected PPS MO root node name '%s'",
614 cert
= get_child_node(ctx
->xml
, mo
,
615 "Credential/DigitalCertificate/"
616 "CertSHA256Fingerprint");
617 if (cert
&& process_est_cert(ctx
, cert
, fqdn
) < 0) {
618 xml_node_free(ctx
->xml
, mo
);
624 if (node_to_file(ctx
->xml
, fname
, mo
) < 0) {
625 wpa_printf(MSG_INFO
, "Could not write MO to file");
626 xml_node_free(ctx
->xml
, mo
);
629 xml_node_free(ctx
->xml
, mo
);
631 wpa_printf(MSG_INFO
, "A new PPS MO added as '%s'", fname
);
632 write_summary(ctx
, "A new PPS MO added as '%s'", fname
);
634 ret
= download_trust_roots(ctx
, fname
);
636 wpa_printf(MSG_INFO
, "Remove invalid PPS MO file");
637 write_summary(ctx
, "Remove invalid PPS MO file");
645 int update_pps_file(struct hs20_osu_client
*ctx
, const char *pps_fname
,
652 if (ctx
->client_cert_present
) {
654 cert
= get_child_node(ctx
->xml
, pps
,
655 "Credential/DigitalCertificate/"
656 "CertSHA256Fingerprint");
657 if (cert
&& os_file_exists("Cert/est_cert.der") &&
658 process_est_cert(ctx
, cert
, ctx
->fqdn
) < 0) {
659 wpa_printf(MSG_INFO
, "EST certificate update processing failed on PPS MO update");
664 wpa_printf(MSG_INFO
, "Updating PPS MO %s", pps_fname
);
666 str
= xml_node_to_str(ctx
->xml
, pps
);
667 wpa_printf(MSG_MSGDUMP
, "[hs20] Updated PPS: '%s'", str
);
669 snprintf(backup
, sizeof(backup
), "%s.bak", pps_fname
);
670 rename(pps_fname
, backup
);
671 f
= fopen(pps_fname
, "w");
673 wpa_printf(MSG_INFO
, "Could not write PPS");
674 rename(backup
, pps_fname
);
678 fprintf(f
, "%s\n", str
);
687 void get_user_pw(struct hs20_osu_client
*ctx
, xml_node_t
*pps
,
688 const char *alt_loc
, char **user
, char **pw
)
692 node
= get_child_node(ctx
->xml
, pps
,
693 "Credential/UsernamePassword/Username");
695 *user
= xml_node_get_text(ctx
->xml
, node
);
697 node
= get_child_node(ctx
->xml
, pps
,
698 "Credential/UsernamePassword/Password");
700 *pw
= xml_node_get_base64_text(ctx
->xml
, node
, NULL
);
702 node
= get_child_node(ctx
->xml
, pps
, alt_loc
);
705 a
= get_node(ctx
->xml
, node
, "Username");
707 xml_node_get_text_free(ctx
->xml
, *user
);
708 *user
= xml_node_get_text(ctx
->xml
, a
);
709 wpa_printf(MSG_INFO
, "Use OSU username '%s'", *user
);
712 a
= get_node(ctx
->xml
, node
, "Password");
715 *pw
= xml_node_get_base64_text(ctx
->xml
, a
, NULL
);
716 wpa_printf(MSG_INFO
, "Use OSU password");
722 /* Remove old credentials based on HomeSP/FQDN */
723 static void remove_sp_creds(struct hs20_osu_client
*ctx
, const char *fqdn
)
726 os_snprintf(cmd
, sizeof(cmd
), "REMOVE_CRED provisioning_sp=%s", fqdn
);
727 if (wpa_command(ctx
->ifname
, cmd
) < 0)
728 wpa_printf(MSG_INFO
, "Failed to remove old credential(s)");
732 static void set_pps_cred_policy_spe(struct hs20_osu_client
*ctx
, int id
,
738 ssid
= get_node(ctx
->xml
, spe
, "SSID");
741 txt
= xml_node_get_text(ctx
->xml
, ssid
);
744 wpa_printf(MSG_DEBUG
, "- Policy/SPExclusionList/<X+>/SSID = %s", txt
);
745 if (set_cred_quoted(ctx
->ifname
, id
, "excluded_ssid", txt
) < 0)
746 wpa_printf(MSG_INFO
, "Failed to set cred excluded_ssid");
747 xml_node_get_text_free(ctx
->xml
, txt
);
751 static void set_pps_cred_policy_spel(struct hs20_osu_client
*ctx
, int id
,
756 xml_node_for_each_child(ctx
->xml
, child
, spel
) {
757 xml_node_for_each_check(ctx
->xml
, child
);
758 set_pps_cred_policy_spe(ctx
, id
, child
);
763 static void set_pps_cred_policy_prp(struct hs20_osu_client
*ctx
, int id
,
767 char *txt
= NULL
, *pos
;
768 char *prio
, *country_buf
= NULL
;
773 node
= get_node(ctx
->xml
, prp
, "Priority");
776 prio
= xml_node_get_text(ctx
->xml
, node
);
779 wpa_printf(MSG_INFO
, "- Policy/PreferredRoamingPartnerList/<X+>/Priority = %s",
781 priority
= atoi(prio
);
782 xml_node_get_text_free(ctx
->xml
, prio
);
784 node
= get_node(ctx
->xml
, prp
, "Country");
786 country_buf
= xml_node_get_text(ctx
->xml
, node
);
787 if (country_buf
== NULL
)
789 country
= country_buf
;
790 wpa_printf(MSG_INFO
, "- Policy/PreferredRoamingPartnerList/<X+>/Country = %s",
796 node
= get_node(ctx
->xml
, prp
, "FQDN_Match");
799 txt
= xml_node_get_text(ctx
->xml
, node
);
802 wpa_printf(MSG_INFO
, "- Policy/PreferredRoamingPartnerList/<X+>/FQDN_Match = %s",
804 pos
= strrchr(txt
, ',');
809 snprintf(val
, sizeof(val
), "%s,%d,%d,%s", txt
,
810 strcmp(pos
, "includeSubdomains") != 0, priority
, country
);
811 if (set_cred_quoted(ctx
->ifname
, id
, "roaming_partner", val
) < 0)
812 wpa_printf(MSG_INFO
, "Failed to set cred roaming_partner");
814 xml_node_get_text_free(ctx
->xml
, country_buf
);
815 xml_node_get_text_free(ctx
->xml
, txt
);
819 static void set_pps_cred_policy_prpl(struct hs20_osu_client
*ctx
, int id
,
824 xml_node_for_each_child(ctx
->xml
, child
, prpl
) {
825 xml_node_for_each_check(ctx
->xml
, child
);
826 set_pps_cred_policy_prp(ctx
, id
, child
);
831 static void set_pps_cred_policy_min_backhaul(struct hs20_osu_client
*ctx
, int id
,
832 xml_node_t
*min_backhaul
)
835 char *type
, *dl
= NULL
, *ul
= NULL
;
838 node
= get_node(ctx
->xml
, min_backhaul
, "NetworkType");
840 wpa_printf(MSG_INFO
, "Ignore MinBackhaulThreshold without mandatory NetworkType node");
844 type
= xml_node_get_text(ctx
->xml
, node
);
847 wpa_printf(MSG_INFO
, "- Policy/MinBackhaulThreshold/<X+>/NetworkType = %s",
849 if (os_strcasecmp(type
, "home") == 0)
851 else if (os_strcasecmp(type
, "roaming") == 0)
854 wpa_printf(MSG_INFO
, "Ignore MinBackhaulThreshold with invalid NetworkType");
855 xml_node_get_text_free(ctx
->xml
, type
);
858 xml_node_get_text_free(ctx
->xml
, type
);
860 node
= get_node(ctx
->xml
, min_backhaul
, "DLBandwidth");
862 dl
= xml_node_get_text(ctx
->xml
, node
);
864 node
= get_node(ctx
->xml
, min_backhaul
, "ULBandwidth");
866 ul
= xml_node_get_text(ctx
->xml
, node
);
868 if (dl
== NULL
&& ul
== NULL
) {
869 wpa_printf(MSG_INFO
, "Ignore MinBackhaulThreshold without either DLBandwidth or ULBandwidth nodes");
874 wpa_printf(MSG_INFO
, "- Policy/MinBackhaulThreshold/<X+>/DLBandwidth = %s",
877 wpa_printf(MSG_INFO
, "- Policy/MinBackhaulThreshold/<X+>/ULBandwidth = %s",
882 set_cred(ctx
->ifname
, id
, "min_dl_bandwidth_home", dl
) < 0)
883 wpa_printf(MSG_INFO
, "Failed to set cred bandwidth limit");
885 set_cred(ctx
->ifname
, id
, "min_ul_bandwidth_home", ul
) < 0)
886 wpa_printf(MSG_INFO
, "Failed to set cred bandwidth limit");
889 set_cred(ctx
->ifname
, id
, "min_dl_bandwidth_roaming", dl
) <
891 wpa_printf(MSG_INFO
, "Failed to set cred bandwidth limit");
893 set_cred(ctx
->ifname
, id
, "min_ul_bandwidth_roaming", ul
) <
895 wpa_printf(MSG_INFO
, "Failed to set cred bandwidth limit");
898 xml_node_get_text_free(ctx
->xml
, dl
);
899 xml_node_get_text_free(ctx
->xml
, ul
);
903 static void set_pps_cred_policy_min_backhaul_list(struct hs20_osu_client
*ctx
,
904 int id
, xml_node_t
*node
)
908 wpa_printf(MSG_INFO
, "- Policy/MinBackhaulThreshold");
910 xml_node_for_each_child(ctx
->xml
, child
, node
) {
911 xml_node_for_each_check(ctx
->xml
, child
);
912 set_pps_cred_policy_min_backhaul(ctx
, id
, child
);
917 static void set_pps_cred_policy_update(struct hs20_osu_client
*ctx
, int id
,
920 wpa_printf(MSG_INFO
, "- Policy/PolicyUpdate");
921 /* Not used in wpa_supplicant */
925 static void set_pps_cred_policy_required_proto_port(struct hs20_osu_client
*ctx
,
926 int id
, xml_node_t
*tuple
)
933 node
= get_node(ctx
->xml
, tuple
, "IPProtocol");
935 wpa_printf(MSG_INFO
, "Ignore RequiredProtoPortTuple without mandatory IPProtocol node");
939 proto
= xml_node_get_text(ctx
->xml
, node
);
943 wpa_printf(MSG_INFO
, "- Policy/RequiredProtoPortTuple/<X+>/IPProtocol = %s",
946 node
= get_node(ctx
->xml
, tuple
, "PortNumber");
947 port
= node
? xml_node_get_text(ctx
->xml
, node
) : NULL
;
949 wpa_printf(MSG_INFO
, "- Policy/RequiredProtoPortTuple/<X+>/PortNumber = %s",
951 buflen
= os_strlen(proto
) + os_strlen(port
) + 10;
952 buf
= os_malloc(buflen
);
954 os_snprintf(buf
, buflen
, "%s:%s", proto
, port
);
955 xml_node_get_text_free(ctx
->xml
, port
);
957 buflen
= os_strlen(proto
) + 10;
958 buf
= os_malloc(buflen
);
960 os_snprintf(buf
, buflen
, "%s", proto
);
963 xml_node_get_text_free(ctx
->xml
, proto
);
968 if (set_cred(ctx
->ifname
, id
, "req_conn_capab", buf
) < 0)
969 wpa_printf(MSG_INFO
, "Could not set req_conn_capab");
975 static void set_pps_cred_policy_required_proto_ports(struct hs20_osu_client
*ctx
,
976 int id
, xml_node_t
*node
)
980 wpa_printf(MSG_INFO
, "- Policy/RequiredProtoPortTuple");
982 xml_node_for_each_child(ctx
->xml
, child
, node
) {
983 xml_node_for_each_check(ctx
->xml
, child
);
984 set_pps_cred_policy_required_proto_port(ctx
, id
, child
);
989 static void set_pps_cred_policy_max_bss_load(struct hs20_osu_client
*ctx
, int id
,
992 char *str
= xml_node_get_text(ctx
->xml
, node
);
995 wpa_printf(MSG_INFO
, "- Policy/MaximumBSSLoadValue - %s", str
);
996 if (set_cred(ctx
->ifname
, id
, "max_bss_load", str
) < 0)
997 wpa_printf(MSG_INFO
, "Failed to set cred max_bss_load limit");
998 xml_node_get_text_free(ctx
->xml
, str
);
1002 static void set_pps_cred_policy(struct hs20_osu_client
*ctx
, int id
,
1008 wpa_printf(MSG_INFO
, "- Policy");
1010 xml_node_for_each_child(ctx
->xml
, child
, node
) {
1011 xml_node_for_each_check(ctx
->xml
, child
);
1012 name
= xml_node_get_localname(ctx
->xml
, child
);
1013 if (os_strcasecmp(name
, "PreferredRoamingPartnerList") == 0)
1014 set_pps_cred_policy_prpl(ctx
, id
, child
);
1015 else if (os_strcasecmp(name
, "MinBackhaulThreshold") == 0)
1016 set_pps_cred_policy_min_backhaul_list(ctx
, id
, child
);
1017 else if (os_strcasecmp(name
, "PolicyUpdate") == 0)
1018 set_pps_cred_policy_update(ctx
, id
, child
);
1019 else if (os_strcasecmp(name
, "SPExclusionList") == 0)
1020 set_pps_cred_policy_spel(ctx
, id
, child
);
1021 else if (os_strcasecmp(name
, "RequiredProtoPortTuple") == 0)
1022 set_pps_cred_policy_required_proto_ports(ctx
, id
, child
);
1023 else if (os_strcasecmp(name
, "MaximumBSSLoadValue") == 0)
1024 set_pps_cred_policy_max_bss_load(ctx
, id
, child
);
1026 wpa_printf(MSG_INFO
, "Unknown Policy node '%s'", name
);
1031 static void set_pps_cred_priority(struct hs20_osu_client
*ctx
, int id
,
1034 char *str
= xml_node_get_text(ctx
->xml
, node
);
1037 wpa_printf(MSG_INFO
, "- CredentialPriority = %s", str
);
1038 if (set_cred(ctx
->ifname
, id
, "sp_priority", str
) < 0)
1039 wpa_printf(MSG_INFO
, "Failed to set cred sp_priority");
1040 xml_node_get_text_free(ctx
->xml
, str
);
1044 static void set_pps_cred_aaa_server_trust_root(struct hs20_osu_client
*ctx
,
1045 int id
, xml_node_t
*node
)
1047 wpa_printf(MSG_INFO
, "- AAAServerTrustRoot - TODO");
1051 static void set_pps_cred_sub_update(struct hs20_osu_client
*ctx
, int id
,
1054 wpa_printf(MSG_INFO
, "- SubscriptionUpdate");
1055 /* not used within wpa_supplicant */
1059 static void set_pps_cred_home_sp_network_id(struct hs20_osu_client
*ctx
,
1060 int id
, xml_node_t
*node
)
1062 xml_node_t
*ssid_node
, *hessid_node
;
1063 char *ssid
, *hessid
;
1065 ssid_node
= get_node(ctx
->xml
, node
, "SSID");
1066 if (ssid_node
== NULL
) {
1067 wpa_printf(MSG_INFO
, "Ignore HomeSP/NetworkID without mandatory SSID node");
1071 hessid_node
= get_node(ctx
->xml
, node
, "HESSID");
1073 ssid
= xml_node_get_text(ctx
->xml
, ssid_node
);
1076 hessid
= hessid_node
? xml_node_get_text(ctx
->xml
, hessid_node
) : NULL
;
1078 wpa_printf(MSG_INFO
, "- HomeSP/NetworkID/<X+>/SSID = %s", ssid
);
1080 wpa_printf(MSG_INFO
, "- HomeSP/NetworkID/<X+>/HESSID = %s",
1083 /* TODO: Configure to wpa_supplicant */
1085 xml_node_get_text_free(ctx
->xml
, ssid
);
1086 xml_node_get_text_free(ctx
->xml
, hessid
);
1090 static void set_pps_cred_home_sp_network_ids(struct hs20_osu_client
*ctx
,
1091 int id
, xml_node_t
*node
)
1095 wpa_printf(MSG_INFO
, "- HomeSP/NetworkID");
1097 xml_node_for_each_child(ctx
->xml
, child
, node
) {
1098 xml_node_for_each_check(ctx
->xml
, child
);
1099 set_pps_cred_home_sp_network_id(ctx
, id
, child
);
1104 static void set_pps_cred_home_sp_friendly_name(struct hs20_osu_client
*ctx
,
1105 int id
, xml_node_t
*node
)
1107 char *str
= xml_node_get_text(ctx
->xml
, node
);
1110 wpa_printf(MSG_INFO
, "- HomeSP/FriendlyName = %s", str
);
1111 /* not used within wpa_supplicant(?) */
1112 xml_node_get_text_free(ctx
->xml
, str
);
1116 static void set_pps_cred_home_sp_icon_url(struct hs20_osu_client
*ctx
,
1117 int id
, xml_node_t
*node
)
1119 char *str
= xml_node_get_text(ctx
->xml
, node
);
1122 wpa_printf(MSG_INFO
, "- HomeSP/IconURL = %s", str
);
1123 /* not used within wpa_supplicant */
1124 xml_node_get_text_free(ctx
->xml
, str
);
1128 static void set_pps_cred_home_sp_fqdn(struct hs20_osu_client
*ctx
, int id
,
1131 char *str
= xml_node_get_text(ctx
->xml
, node
);
1134 wpa_printf(MSG_INFO
, "- HomeSP/FQDN = %s", str
);
1135 if (set_cred_quoted(ctx
->ifname
, id
, "domain", str
) < 0)
1136 wpa_printf(MSG_INFO
, "Failed to set cred domain");
1137 if (set_cred_quoted(ctx
->ifname
, id
, "domain_suffix_match", str
) < 0)
1138 wpa_printf(MSG_INFO
, "Failed to set cred domain_suffix_match");
1139 xml_node_get_text_free(ctx
->xml
, str
);
1143 static void set_pps_cred_home_sp_oi(struct hs20_osu_client
*ctx
, int id
,
1148 char *homeoi
= NULL
;
1152 xml_node_for_each_child(ctx
->xml
, child
, node
) {
1153 xml_node_for_each_check(ctx
->xml
, child
);
1154 name
= xml_node_get_localname(ctx
->xml
, child
);
1155 if (strcasecmp(name
, "HomeOI") == 0 && !homeoi
) {
1156 homeoi
= xml_node_get_text(ctx
->xml
, child
);
1157 wpa_printf(MSG_INFO
, "- HomeSP/HomeOIList/<X+>/HomeOI = %s",
1159 } else if (strcasecmp(name
, "HomeOIRequired") == 0) {
1160 str
= xml_node_get_text(ctx
->xml
, child
);
1161 wpa_printf(MSG_INFO
, "- HomeSP/HomeOIList/<X+>/HomeOIRequired = '%s'",
1165 required
= strcasecmp(str
, "true") == 0;
1166 xml_node_get_text_free(ctx
->xml
, str
);
1168 wpa_printf(MSG_INFO
, "Unknown HomeOIList node '%s'",
1172 if (homeoi
== NULL
) {
1173 wpa_printf(MSG_INFO
, "- HomeSP/HomeOIList/<X+> without HomeOI ignored");
1177 wpa_printf(MSG_INFO
, "- HomeSP/HomeOIList/<X+> '%s' required=%d",
1181 if (set_cred(ctx
->ifname
, id
, "required_roaming_consortium",
1183 wpa_printf(MSG_INFO
, "Failed to set cred required_roaming_consortium");
1185 if (set_cred_quoted(ctx
->ifname
, id
, "roaming_consortium",
1187 wpa_printf(MSG_INFO
, "Failed to set cred roaming_consortium");
1190 xml_node_get_text_free(ctx
->xml
, homeoi
);
1194 static void set_pps_cred_home_sp_oi_list(struct hs20_osu_client
*ctx
, int id
,
1199 wpa_printf(MSG_INFO
, "- HomeSP/HomeOIList");
1201 xml_node_for_each_child(ctx
->xml
, child
, node
) {
1202 xml_node_for_each_check(ctx
->xml
, child
);
1203 set_pps_cred_home_sp_oi(ctx
, id
, child
);
1208 static void set_pps_cred_home_sp_other_partner(struct hs20_osu_client
*ctx
,
1209 int id
, xml_node_t
*node
)
1215 xml_node_for_each_child(ctx
->xml
, child
, node
) {
1216 xml_node_for_each_check(ctx
->xml
, child
);
1217 name
= xml_node_get_localname(ctx
->xml
, child
);
1218 if (os_strcasecmp(name
, "FQDN") == 0 && !fqdn
) {
1219 fqdn
= xml_node_get_text(ctx
->xml
, child
);
1220 wpa_printf(MSG_INFO
, "- HomeSP/OtherHomePartners/<X+>/FQDN = %s",
1223 wpa_printf(MSG_INFO
, "Unknown OtherHomePartners node '%s'",
1228 wpa_printf(MSG_INFO
, "- HomeSP/OtherHomePartners/<X+> without FQDN ignored");
1232 if (set_cred_quoted(ctx
->ifname
, id
, "domain", fqdn
) < 0)
1233 wpa_printf(MSG_INFO
, "Failed to set cred domain for OtherHomePartners node");
1235 xml_node_get_text_free(ctx
->xml
, fqdn
);
1239 static void set_pps_cred_home_sp_other_partners(struct hs20_osu_client
*ctx
,
1245 wpa_printf(MSG_INFO
, "- HomeSP/OtherHomePartners");
1247 xml_node_for_each_child(ctx
->xml
, child
, node
) {
1248 xml_node_for_each_check(ctx
->xml
, child
);
1249 set_pps_cred_home_sp_other_partner(ctx
, id
, child
);
1254 static void set_pps_cred_home_sp_roaming_consortium_oi(
1255 struct hs20_osu_client
*ctx
, int id
, xml_node_t
*node
)
1257 char *str
= xml_node_get_text(ctx
->xml
, node
);
1260 wpa_printf(MSG_INFO
, "- HomeSP/RoamingConsortiumOI = %s", str
);
1261 /* TODO: Set to wpa_supplicant */
1262 xml_node_get_text_free(ctx
->xml
, str
);
1266 static void set_pps_cred_home_sp(struct hs20_osu_client
*ctx
, int id
,
1272 wpa_printf(MSG_INFO
, "- HomeSP");
1274 xml_node_for_each_child(ctx
->xml
, child
, node
) {
1275 xml_node_for_each_check(ctx
->xml
, child
);
1276 name
= xml_node_get_localname(ctx
->xml
, child
);
1277 if (os_strcasecmp(name
, "NetworkID") == 0)
1278 set_pps_cred_home_sp_network_ids(ctx
, id
, child
);
1279 else if (os_strcasecmp(name
, "FriendlyName") == 0)
1280 set_pps_cred_home_sp_friendly_name(ctx
, id
, child
);
1281 else if (os_strcasecmp(name
, "IconURL") == 0)
1282 set_pps_cred_home_sp_icon_url(ctx
, id
, child
);
1283 else if (os_strcasecmp(name
, "FQDN") == 0)
1284 set_pps_cred_home_sp_fqdn(ctx
, id
, child
);
1285 else if (os_strcasecmp(name
, "HomeOIList") == 0)
1286 set_pps_cred_home_sp_oi_list(ctx
, id
, child
);
1287 else if (os_strcasecmp(name
, "OtherHomePartners") == 0)
1288 set_pps_cred_home_sp_other_partners(ctx
, id
, child
);
1289 else if (os_strcasecmp(name
, "RoamingConsortiumOI") == 0)
1290 set_pps_cred_home_sp_roaming_consortium_oi(ctx
, id
,
1293 wpa_printf(MSG_INFO
, "Unknown HomeSP node '%s'", name
);
1298 static void set_pps_cred_sub_params(struct hs20_osu_client
*ctx
, int id
,
1301 wpa_printf(MSG_INFO
, "- SubscriptionParameters");
1302 /* not used within wpa_supplicant */
1306 static void set_pps_cred_creation_date(struct hs20_osu_client
*ctx
, int id
,
1309 char *str
= xml_node_get_text(ctx
->xml
, node
);
1312 wpa_printf(MSG_INFO
, "- Credential/CreationDate = %s", str
);
1313 /* not used within wpa_supplicant */
1314 xml_node_get_text_free(ctx
->xml
, str
);
1318 static void set_pps_cred_expiration_date(struct hs20_osu_client
*ctx
, int id
,
1321 char *str
= xml_node_get_text(ctx
->xml
, node
);
1324 wpa_printf(MSG_INFO
, "- Credential/ExpirationDate = %s", str
);
1325 /* not used within wpa_supplicant */
1326 xml_node_get_text_free(ctx
->xml
, str
);
1330 static void set_pps_cred_username(struct hs20_osu_client
*ctx
, int id
,
1333 char *str
= xml_node_get_text(ctx
->xml
, node
);
1336 wpa_printf(MSG_INFO
, "- Credential/UsernamePassword/Username = %s",
1338 if (set_cred_quoted(ctx
->ifname
, id
, "username", str
) < 0)
1339 wpa_printf(MSG_INFO
, "Failed to set cred username");
1340 xml_node_get_text_free(ctx
->xml
, str
);
1344 static void set_pps_cred_password(struct hs20_osu_client
*ctx
, int id
,
1348 char *pw
, *hex
, *pos
, *end
;
1350 pw
= xml_node_get_base64_text(ctx
->xml
, node
, &len
);
1354 wpa_printf(MSG_INFO
, "- Credential/UsernamePassword/Password = %s", pw
);
1356 hex
= malloc(len
* 2 + 1);
1361 end
= hex
+ len
* 2 + 1;
1363 for (i
= 0; i
< len
; i
++) {
1364 snprintf(pos
, end
- pos
, "%02x", pw
[i
]);
1369 if (set_cred(ctx
->ifname
, id
, "password", hex
) < 0)
1370 wpa_printf(MSG_INFO
, "Failed to set cred password");
1375 static void set_pps_cred_machine_managed(struct hs20_osu_client
*ctx
, int id
,
1378 char *str
= xml_node_get_text(ctx
->xml
, node
);
1381 wpa_printf(MSG_INFO
, "- Credential/UsernamePassword/MachineManaged = %s",
1383 /* not used within wpa_supplicant */
1384 xml_node_get_text_free(ctx
->xml
, str
);
1388 static void set_pps_cred_soft_token_app(struct hs20_osu_client
*ctx
, int id
,
1391 char *str
= xml_node_get_text(ctx
->xml
, node
);
1394 wpa_printf(MSG_INFO
, "- Credential/UsernamePassword/SoftTokenApp = %s",
1396 /* not used within wpa_supplicant */
1397 xml_node_get_text_free(ctx
->xml
, str
);
1401 static void set_pps_cred_able_to_share(struct hs20_osu_client
*ctx
, int id
,
1404 char *str
= xml_node_get_text(ctx
->xml
, node
);
1407 wpa_printf(MSG_INFO
, "- Credential/UsernamePassword/AbleToShare = %s",
1409 /* not used within wpa_supplicant */
1410 xml_node_get_text_free(ctx
->xml
, str
);
1414 static void set_pps_cred_eap_method(struct hs20_osu_client
*ctx
, int id
,
1417 wpa_printf(MSG_INFO
, "- Credential/UsernamePassword/EAPMethod - TODO");
1421 static void set_pps_cred_username_password(struct hs20_osu_client
*ctx
, int id
,
1427 wpa_printf(MSG_INFO
, "- Credential/UsernamePassword");
1429 xml_node_for_each_child(ctx
->xml
, child
, node
) {
1430 xml_node_for_each_check(ctx
->xml
, child
);
1431 name
= xml_node_get_localname(ctx
->xml
, child
);
1432 if (os_strcasecmp(name
, "Username") == 0)
1433 set_pps_cred_username(ctx
, id
, child
);
1434 else if (os_strcasecmp(name
, "Password") == 0)
1435 set_pps_cred_password(ctx
, id
, child
);
1436 else if (os_strcasecmp(name
, "MachineManaged") == 0)
1437 set_pps_cred_machine_managed(ctx
, id
, child
);
1438 else if (os_strcasecmp(name
, "SoftTokenApp") == 0)
1439 set_pps_cred_soft_token_app(ctx
, id
, child
);
1440 else if (os_strcasecmp(name
, "AbleToShare") == 0)
1441 set_pps_cred_able_to_share(ctx
, id
, child
);
1442 else if (os_strcasecmp(name
, "EAPMethod") == 0)
1443 set_pps_cred_eap_method(ctx
, id
, child
);
1445 wpa_printf(MSG_INFO
, "Unknown Credential/UsernamePassword node '%s'",
1451 static void set_pps_cred_digital_cert(struct hs20_osu_client
*ctx
, int id
,
1452 xml_node_t
*node
, const char *fqdn
)
1454 char buf
[200], dir
[200];
1456 wpa_printf(MSG_INFO
, "- Credential/DigitalCertificate");
1458 if (getcwd(dir
, sizeof(dir
)) == NULL
)
1461 /* TODO: could build username from Subject of Subject AltName */
1462 if (set_cred_quoted(ctx
->ifname
, id
, "username", "cert") < 0) {
1463 wpa_printf(MSG_INFO
, "Failed to set username");
1466 snprintf(buf
, sizeof(buf
), "%s/SP/%s/client-cert.pem", dir
, fqdn
);
1467 if (os_file_exists(buf
)) {
1468 if (set_cred_quoted(ctx
->ifname
, id
, "client_cert", buf
) < 0) {
1469 wpa_printf(MSG_INFO
, "Failed to set client_cert");
1473 snprintf(buf
, sizeof(buf
), "%s/SP/%s/client-key.pem", dir
, fqdn
);
1474 if (os_file_exists(buf
)) {
1475 if (set_cred_quoted(ctx
->ifname
, id
, "private_key", buf
) < 0) {
1476 wpa_printf(MSG_INFO
, "Failed to set private_key");
1482 static void set_pps_cred_realm(struct hs20_osu_client
*ctx
, int id
,
1483 xml_node_t
*node
, const char *fqdn
, int sim
)
1485 char *str
= xml_node_get_text(ctx
->xml
, node
);
1486 char buf
[200], dir
[200];
1491 wpa_printf(MSG_INFO
, "- Credential/Realm = %s", str
);
1492 if (set_cred_quoted(ctx
->ifname
, id
, "realm", str
) < 0)
1493 wpa_printf(MSG_INFO
, "Failed to set cred realm");
1494 xml_node_get_text_free(ctx
->xml
, str
);
1499 if (getcwd(dir
, sizeof(dir
)) == NULL
)
1501 snprintf(buf
, sizeof(buf
), "%s/SP/%s/aaa-ca.pem", dir
, fqdn
);
1502 if (os_file_exists(buf
)) {
1503 if (set_cred_quoted(ctx
->ifname
, id
, "ca_cert", buf
) < 0) {
1504 wpa_printf(MSG_INFO
, "Failed to set CA cert");
1510 static void set_pps_cred_check_aaa_cert_status(struct hs20_osu_client
*ctx
,
1511 int id
, xml_node_t
*node
)
1513 char *str
= xml_node_get_text(ctx
->xml
, node
);
1518 wpa_printf(MSG_INFO
, "- Credential/CheckAAAServerCertStatus = %s", str
);
1519 if (os_strcasecmp(str
, "true") == 0 &&
1520 set_cred(ctx
->ifname
, id
, "ocsp", "2") < 0)
1521 wpa_printf(MSG_INFO
, "Failed to set cred ocsp");
1522 xml_node_get_text_free(ctx
->xml
, str
);
1526 static void set_pps_cred_sim(struct hs20_osu_client
*ctx
, int id
,
1527 xml_node_t
*sim
, xml_node_t
*realm
)
1530 char *imsi
, *eaptype
, *str
, buf
[20];
1535 node
= get_node(ctx
->xml
, sim
, "EAPType");
1537 wpa_printf(MSG_INFO
, "No SIM/EAPType node in credential");
1540 eaptype
= xml_node_get_text(ctx
->xml
, node
);
1541 if (eaptype
== NULL
) {
1542 wpa_printf(MSG_INFO
, "Could not extract SIM/EAPType");
1545 wpa_printf(MSG_INFO
, " - Credential/SIM/EAPType = %s", eaptype
);
1546 type
= atoi(eaptype
);
1547 xml_node_get_text_free(ctx
->xml
, eaptype
);
1551 if (set_cred(ctx
->ifname
, id
, "eap", "SIM") < 0)
1552 wpa_printf(MSG_INFO
, "Could not set eap=SIM");
1555 if (set_cred(ctx
->ifname
, id
, "eap", "AKA") < 0)
1556 wpa_printf(MSG_INFO
, "Could not set eap=SIM");
1558 case EAP_TYPE_AKA_PRIME
:
1559 if (set_cred(ctx
->ifname
, id
, "eap", "AKA'") < 0)
1560 wpa_printf(MSG_INFO
, "Could not set eap=SIM");
1563 wpa_printf(MSG_INFO
, "Unsupported SIM/EAPType %d", type
);
1567 node
= get_node(ctx
->xml
, sim
, "IMSI");
1569 wpa_printf(MSG_INFO
, "No SIM/IMSI node in credential");
1572 imsi
= xml_node_get_text(ctx
->xml
, node
);
1574 wpa_printf(MSG_INFO
, "Could not extract SIM/IMSI");
1577 wpa_printf(MSG_INFO
, " - Credential/SIM/IMSI = %s", imsi
);
1578 imsi_len
= os_strlen(imsi
);
1579 if (imsi_len
< 7 || imsi_len
+ 2 > sizeof(buf
)) {
1580 wpa_printf(MSG_INFO
, "Invalid IMSI length");
1581 xml_node_get_text_free(ctx
->xml
, imsi
);
1585 str
= xml_node_get_text(ctx
->xml
, node
);
1588 pos
= os_strstr(str
, "mnc");
1589 if (pos
&& os_strlen(pos
) >= 6) {
1590 if (os_strncmp(imsi
+ 3, pos
+ 3, 3) == 0)
1592 else if (os_strncmp(imsi
+ 3, pos
+ 4, 2) == 0)
1595 xml_node_get_text_free(ctx
->xml
, str
);
1598 os_memcpy(buf
, imsi
, 3 + mnc_len
);
1599 buf
[3 + mnc_len
] = '-';
1600 os_strlcpy(buf
+ 3 + mnc_len
+ 1, imsi
+ 3 + mnc_len
,
1601 sizeof(buf
) - 3 - mnc_len
- 1);
1603 xml_node_get_text_free(ctx
->xml
, imsi
);
1605 if (set_cred_quoted(ctx
->ifname
, id
, "imsi", buf
) < 0)
1606 wpa_printf(MSG_INFO
, "Could not set IMSI");
1608 if (set_cred_quoted(ctx
->ifname
, id
, "milenage",
1609 "90dca4eda45b53cf0f12d7c9c3bc6a89:"
1610 "cb9cccc4b9258e6dca4760379fb82581:000000000123") <
1612 wpa_printf(MSG_INFO
, "Could not set Milenage parameters");
1616 static void set_pps_cred_credential(struct hs20_osu_client
*ctx
, int id
,
1617 xml_node_t
*node
, const char *fqdn
)
1619 xml_node_t
*child
, *sim
, *realm
;
1622 wpa_printf(MSG_INFO
, "- Credential");
1624 sim
= get_node(ctx
->xml
, node
, "SIM");
1625 realm
= get_node(ctx
->xml
, node
, "Realm");
1627 xml_node_for_each_child(ctx
->xml
, child
, node
) {
1628 xml_node_for_each_check(ctx
->xml
, child
);
1629 name
= xml_node_get_localname(ctx
->xml
, child
);
1630 if (os_strcasecmp(name
, "CreationDate") == 0)
1631 set_pps_cred_creation_date(ctx
, id
, child
);
1632 else if (os_strcasecmp(name
, "ExpirationDate") == 0)
1633 set_pps_cred_expiration_date(ctx
, id
, child
);
1634 else if (os_strcasecmp(name
, "UsernamePassword") == 0)
1635 set_pps_cred_username_password(ctx
, id
, child
);
1636 else if (os_strcasecmp(name
, "DigitalCertificate") == 0)
1637 set_pps_cred_digital_cert(ctx
, id
, child
, fqdn
);
1638 else if (os_strcasecmp(name
, "Realm") == 0)
1639 set_pps_cred_realm(ctx
, id
, child
, fqdn
, sim
!= NULL
);
1640 else if (os_strcasecmp(name
, "CheckAAAServerCertStatus") == 0)
1641 set_pps_cred_check_aaa_cert_status(ctx
, id
, child
);
1642 else if (os_strcasecmp(name
, "SIM") == 0)
1643 set_pps_cred_sim(ctx
, id
, child
, realm
);
1645 wpa_printf(MSG_INFO
, "Unknown Credential node '%s'",
1651 static void set_pps_credential(struct hs20_osu_client
*ctx
, int id
,
1652 xml_node_t
*cred
, const char *fqdn
)
1657 xml_node_for_each_child(ctx
->xml
, child
, cred
) {
1658 xml_node_for_each_check(ctx
->xml
, child
);
1659 name
= xml_node_get_localname(ctx
->xml
, child
);
1660 if (os_strcasecmp(name
, "Policy") == 0)
1661 set_pps_cred_policy(ctx
, id
, child
);
1662 else if (os_strcasecmp(name
, "CredentialPriority") == 0)
1663 set_pps_cred_priority(ctx
, id
, child
);
1664 else if (os_strcasecmp(name
, "AAAServerTrustRoot") == 0)
1665 set_pps_cred_aaa_server_trust_root(ctx
, id
, child
);
1666 else if (os_strcasecmp(name
, "SubscriptionUpdate") == 0)
1667 set_pps_cred_sub_update(ctx
, id
, child
);
1668 else if (os_strcasecmp(name
, "HomeSP") == 0)
1669 set_pps_cred_home_sp(ctx
, id
, child
);
1670 else if (os_strcasecmp(name
, "SubscriptionParameters") == 0)
1671 set_pps_cred_sub_params(ctx
, id
, child
);
1672 else if (os_strcasecmp(name
, "Credential") == 0)
1673 set_pps_cred_credential(ctx
, id
, child
, fqdn
);
1675 wpa_printf(MSG_INFO
, "Unknown credential node '%s'",
1681 static void set_pps(struct hs20_osu_client
*ctx
, xml_node_t
*pps
,
1687 char *update_identifier
= NULL
;
1690 * TODO: Could consider more complex mechanism that would remove
1691 * credentials only if there are changes in the information sent to
1694 remove_sp_creds(ctx
, fqdn
);
1696 xml_node_for_each_child(ctx
->xml
, child
, pps
) {
1697 xml_node_for_each_check(ctx
->xml
, child
);
1698 name
= xml_node_get_localname(ctx
->xml
, child
);
1699 if (os_strcasecmp(name
, "UpdateIdentifier") == 0) {
1700 update_identifier
= xml_node_get_text(ctx
->xml
, child
);
1701 if (update_identifier
) {
1702 wpa_printf(MSG_INFO
, "- UpdateIdentifier = %s",
1709 xml_node_for_each_child(ctx
->xml
, child
, pps
) {
1710 xml_node_for_each_check(ctx
->xml
, child
);
1711 name
= xml_node_get_localname(ctx
->xml
, child
);
1712 if (os_strcasecmp(name
, "UpdateIdentifier") == 0)
1714 id
= add_cred(ctx
->ifname
);
1716 wpa_printf(MSG_INFO
, "Failed to add credential to wpa_supplicant");
1717 write_summary(ctx
, "Failed to add credential to wpa_supplicant");
1720 write_summary(ctx
, "Add a credential to wpa_supplicant");
1721 if (update_identifier
&&
1722 set_cred(ctx
->ifname
, id
, "update_identifier",
1723 update_identifier
) < 0)
1724 wpa_printf(MSG_INFO
, "Failed to set update_identifier");
1725 if (set_cred_quoted(ctx
->ifname
, id
, "provisioning_sp", fqdn
) <
1727 wpa_printf(MSG_INFO
, "Failed to set provisioning_sp");
1728 wpa_printf(MSG_INFO
, "credential localname: '%s'", name
);
1729 set_pps_credential(ctx
, id
, child
, fqdn
);
1730 ctx
->pps_cred_set
= 1;
1733 xml_node_get_text_free(ctx
->xml
, update_identifier
);
1737 void cmd_set_pps(struct hs20_osu_client
*ctx
, const char *pps_fname
)
1741 char *fqdn_buf
= NULL
, *pos
;
1743 pps
= node_from_file(ctx
->xml
, pps_fname
);
1745 wpa_printf(MSG_INFO
, "Could not read or parse '%s'", pps_fname
);
1749 fqdn
= os_strstr(pps_fname
, "SP/");
1751 fqdn_buf
= os_strdup(fqdn
+ 3);
1752 if (fqdn_buf
== NULL
)
1754 pos
= os_strchr(fqdn_buf
, '/');
1761 wpa_printf(MSG_INFO
, "Set PPS MO info to wpa_supplicant - SP FQDN %s",
1763 set_pps(ctx
, pps
, fqdn
);
1766 xml_node_free(ctx
->xml
, pps
);
1770 static int cmd_get_fqdn(struct hs20_osu_client
*ctx
, const char *pps_fname
)
1772 xml_node_t
*pps
, *node
;
1775 pps
= node_from_file(ctx
->xml
, pps_fname
);
1777 wpa_printf(MSG_INFO
, "Could not read or parse '%s'", pps_fname
);
1781 node
= get_child_node(ctx
->xml
, pps
, "HomeSP/FQDN");
1783 fqdn
= xml_node_get_text(ctx
->xml
, node
);
1785 xml_node_free(ctx
->xml
, pps
);
1788 FILE *f
= fopen("pps-fqdn", "w");
1790 fprintf(f
, "%s", fqdn
);
1793 xml_node_get_text_free(ctx
->xml
, fqdn
);
1797 xml_node_get_text_free(ctx
->xml
, fqdn
);
1802 static void cmd_to_tnds(struct hs20_osu_client
*ctx
, const char *in_fname
,
1803 const char *out_fname
, const char *urn
, int use_path
)
1805 xml_node_t
*mo
, *node
;
1807 mo
= node_from_file(ctx
->xml
, in_fname
);
1809 wpa_printf(MSG_INFO
, "Could not read or parse '%s'", in_fname
);
1813 node
= mo_to_tnds(ctx
->xml
, mo
, use_path
, urn
, NULL
);
1815 node_to_file(ctx
->xml
, out_fname
, node
);
1816 xml_node_free(ctx
->xml
, node
);
1819 xml_node_free(ctx
->xml
, mo
);
1823 static void cmd_from_tnds(struct hs20_osu_client
*ctx
, const char *in_fname
,
1824 const char *out_fname
)
1826 xml_node_t
*tnds
, *mo
;
1828 tnds
= node_from_file(ctx
->xml
, in_fname
);
1830 wpa_printf(MSG_INFO
, "Could not read or parse '%s'", in_fname
);
1834 mo
= tnds_to_mo(ctx
->xml
, tnds
);
1836 node_to_file(ctx
->xml
, out_fname
, mo
);
1837 xml_node_free(ctx
->xml
, mo
);
1840 xml_node_free(ctx
->xml
, tnds
);
1847 char mime_type
[256];
1854 unsigned int methods
;
1857 struct osu_lang_text friendly_name
[MAX_OSU_VALS
];
1858 size_t friendly_name_count
;
1859 struct osu_lang_text serv_desc
[MAX_OSU_VALS
];
1860 size_t serv_desc_count
;
1861 struct osu_icon icon
[MAX_OSU_VALS
];
1866 static struct osu_data
* parse_osu_providers(const char *fname
, size_t *count
)
1870 struct osu_data
*osu
= NULL
, *last
= NULL
;
1871 size_t osu_count
= 0;
1874 f
= fopen(fname
, "r");
1876 wpa_printf(MSG_ERROR
, "Could not open %s", fname
);
1880 while (fgets(buf
, sizeof(buf
), f
)) {
1881 pos
= strchr(buf
, '\n');
1885 if (strncmp(buf
, "OSU-PROVIDER ", 13) == 0) {
1886 last
= realloc(osu
, (osu_count
+ 1) * sizeof(*osu
));
1890 last
= &osu
[osu_count
++];
1891 memset(last
, 0, sizeof(*last
));
1892 snprintf(last
->bssid
, sizeof(last
->bssid
), "%s",
1899 if (strncmp(buf
, "uri=", 4) == 0) {
1900 snprintf(last
->url
, sizeof(last
->url
), "%s", buf
+ 4);
1904 if (strncmp(buf
, "methods=", 8) == 0) {
1905 last
->methods
= strtol(buf
+ 8, NULL
, 16);
1909 if (strncmp(buf
, "osu_ssid=", 9) == 0) {
1910 snprintf(last
->osu_ssid
, sizeof(last
->osu_ssid
),
1915 if (os_strncmp(buf
, "osu_nai=", 8) == 0) {
1916 os_snprintf(last
->osu_nai
, sizeof(last
->osu_nai
),
1921 if (strncmp(buf
, "friendly_name=", 14) == 0) {
1922 struct osu_lang_text
*txt
;
1923 if (last
->friendly_name_count
== MAX_OSU_VALS
)
1925 pos
= strchr(buf
+ 14, ':');
1929 txt
= &last
->friendly_name
[last
->friendly_name_count
++];
1930 snprintf(txt
->lang
, sizeof(txt
->lang
), "%s", buf
+ 14);
1931 snprintf(txt
->text
, sizeof(txt
->text
), "%s", pos
);
1934 if (strncmp(buf
, "desc=", 5) == 0) {
1935 struct osu_lang_text
*txt
;
1936 if (last
->serv_desc_count
== MAX_OSU_VALS
)
1938 pos
= strchr(buf
+ 5, ':');
1942 txt
= &last
->serv_desc
[last
->serv_desc_count
++];
1943 snprintf(txt
->lang
, sizeof(txt
->lang
), "%s", buf
+ 5);
1944 snprintf(txt
->text
, sizeof(txt
->text
), "%s", pos
);
1947 if (strncmp(buf
, "icon=", 5) == 0) {
1948 struct osu_icon
*icon
;
1949 if (last
->icon_count
== MAX_OSU_VALS
)
1951 icon
= &last
->icon
[last
->icon_count
++];
1952 icon
->id
= atoi(buf
+ 5);
1953 pos
= strchr(buf
, ':');
1956 pos
= strchr(pos
+ 1, ':');
1959 pos
= strchr(pos
+ 1, ':');
1963 end
= strchr(pos
, ':');
1967 snprintf(icon
->lang
, sizeof(icon
->lang
), "%s", pos
);
1970 end
= strchr(pos
, ':');
1973 snprintf(icon
->mime_type
, sizeof(icon
->mime_type
),
1979 end
= strchr(pos
, ':');
1982 snprintf(icon
->filename
, sizeof(icon
->filename
),
1995 static int osu_connect(struct hs20_osu_client
*ctx
, const char *bssid
,
1996 const char *ssid
, const char *url
, const char *ca_fname
,
1997 unsigned int methods
, int no_prod_assoc
,
1998 const char *osu_nai
)
2001 const char *ifname
= ctx
->ifname
;
2003 struct wpa_ctrl
*mon
;
2006 id
= add_network(ifname
);
2009 if (set_network_quoted(ifname
, id
, "ssid", ssid
) < 0)
2011 if (osu_nai
&& os_strlen(osu_nai
) > 0) {
2012 char dir
[255], fname
[300];
2013 if (getcwd(dir
, sizeof(dir
)) == NULL
)
2015 os_snprintf(fname
, sizeof(fname
), "%s/osu-ca.pem", dir
);
2017 if (set_network(ifname
, id
, "proto", "OSEN") < 0 ||
2018 set_network(ifname
, id
, "key_mgmt", "OSEN") < 0 ||
2019 set_network(ifname
, id
, "pairwise", "CCMP") < 0 ||
2020 set_network(ifname
, id
, "group", "GTK_NOT_USED") < 0 ||
2021 set_network(ifname
, id
, "eap", "WFA-UNAUTH-TLS") < 0 ||
2022 set_network(ifname
, id
, "ocsp", "2") < 0 ||
2023 set_network_quoted(ifname
, id
, "identity", osu_nai
) < 0 ||
2024 set_network_quoted(ifname
, id
, "ca_cert", fname
) < 0)
2027 if (set_network(ifname
, id
, "key_mgmt", "NONE") < 0)
2031 mon
= open_wpa_mon(ifname
);
2035 wpa_printf(MSG_INFO
, "Associate with OSU SSID");
2036 write_summary(ctx
, "Associate with OSU SSID");
2037 snprintf(buf
, sizeof(buf
), "SELECT_NETWORK %d", id
);
2038 if (wpa_command(ifname
, buf
) < 0)
2041 res
= get_wpa_cli_event(mon
, "CTRL-EVENT-CONNECTED",
2044 wpa_ctrl_detach(mon
);
2045 wpa_ctrl_close(mon
);
2048 wpa_printf(MSG_INFO
, "Could not connect");
2049 write_summary(ctx
, "Could not connect to OSU network");
2050 wpa_printf(MSG_INFO
, "Remove OSU network connection");
2051 snprintf(buf
, sizeof(buf
), "REMOVE_NETWORK %d", id
);
2052 wpa_command(ifname
, buf
);
2056 write_summary(ctx
, "Waiting for IP address for subscription registration");
2057 if (wait_ip_addr(ifname
, 15) < 0) {
2058 wpa_printf(MSG_INFO
, "Could not get IP address for WLAN - try connection anyway");
2061 if (no_prod_assoc
) {
2064 wpa_printf(MSG_INFO
, "No production connection used for testing purposes");
2065 write_summary(ctx
, "No production connection used for testing purposes");
2069 ctx
->no_reconnect
= 1;
2071 res
= cmd_prov(ctx
, url
, ca_fname
);
2072 else if (methods
& 0x01)
2073 res
= cmd_oma_dm_prov(ctx
, url
, ca_fname
);
2075 wpa_printf(MSG_INFO
, "Remove OSU network connection");
2076 write_summary(ctx
, "Remove OSU network connection");
2077 snprintf(buf
, sizeof(buf
), "REMOVE_NETWORK %d", id
);
2078 wpa_command(ifname
, buf
);
2083 wpa_printf(MSG_INFO
, "Requesting reconnection with updated configuration");
2084 write_summary(ctx
, "Requesting reconnection with updated configuration");
2085 if (wpa_command(ctx
->ifname
, "INTERWORKING_SELECT auto") < 0) {
2086 wpa_printf(MSG_INFO
, "Failed to request wpa_supplicant to reconnect");
2087 write_summary(ctx
, "Failed to request wpa_supplicant to reconnect");
2095 static int cmd_osu_select(struct hs20_osu_client
*ctx
, const char *dir
,
2096 int connect
, const char *ca_fname
, int no_prod_assoc
,
2097 const char *friendly_name
)
2101 struct osu_data
*osu
= NULL
, *last
= NULL
;
2102 size_t osu_count
, i
, j
;
2105 write_summary(ctx
, "OSU provider selection");
2108 wpa_printf(MSG_INFO
, "Missing dir parameter to osu_select");
2112 snprintf(fname
, sizeof(fname
), "%s/osu-providers.txt", dir
);
2113 osu
= parse_osu_providers(fname
, &osu_count
);
2115 wpa_printf(MSG_INFO
, "Could not any OSU providers from %s",
2117 write_result(ctx
, "No OSU providers available");
2121 if (friendly_name
) {
2122 for (i
= 0; i
< osu_count
; i
++) {
2124 for (j
= 0; j
< last
->friendly_name_count
; j
++) {
2125 if (os_strcmp(last
->friendly_name
[j
].text
,
2126 friendly_name
) == 0)
2129 if (j
< last
->friendly_name_count
)
2132 if (i
== osu_count
) {
2133 wpa_printf(MSG_INFO
, "Requested operator friendly name '%s' not found in the list of available providers",
2135 write_summary(ctx
, "Requested operator friendly name '%s' not found in the list of available providers",
2141 wpa_printf(MSG_INFO
, "OSU Provider selected based on requested operator friendly name '%s'",
2143 write_summary(ctx
, "OSU Provider selected based on requested operator friendly name '%s'",
2149 snprintf(fname
, sizeof(fname
), "%s/osu-providers.html", dir
);
2150 f
= fopen(fname
, "w");
2152 wpa_printf(MSG_INFO
, "Could not open %s", fname
);
2157 fprintf(f
, "<html><head>"
2158 "<meta http-equiv=\"Content-type\" content=\"text/html; "
2159 "charset=utf-8\"<title>Select service operator</title>"
2160 "</head><body><h1>Select service operator</h1>\n");
2163 fprintf(f
, "No online signup available\n");
2165 for (i
= 0; i
< osu_count
; i
++) {
2169 "<a href=\"http://localhost:12345/osu/%d\">"
2170 "<table><tr><td>", (int) i
+ 1);
2173 "<a href=\"osu://%d\">"
2174 "<table><tr><td>", (int) i
+ 1);
2175 #endif /* ANDROID */
2176 for (j
= 0; j
< last
->icon_count
; j
++) {
2177 fprintf(f
, "<img src=\"osu-icon-%d.%s\">\n",
2179 strcasecmp(last
->icon
[j
].mime_type
,
2180 "image/png") == 0 ? "png" : "icon");
2183 for (j
= 0; j
< last
->friendly_name_count
; j
++) {
2184 fprintf(f
, "<small>[%s]</small> %s<br>\n",
2185 last
->friendly_name
[j
].lang
,
2186 last
->friendly_name
[j
].text
);
2188 fprintf(f
, "<tr><td colspan=2>");
2189 for (j
= 0; j
< last
->serv_desc_count
; j
++) {
2190 fprintf(f
, "<small>[%s]</small> %s<br>\n",
2191 last
->serv_desc
[j
].lang
,
2192 last
->serv_desc
[j
].text
);
2194 fprintf(f
, "</table></a><br><small>BSSID: %s<br>\n"
2196 last
->bssid
, last
->osu_ssid
);
2198 fprintf(f
, "NAI: %s<br>\n", last
->osu_nai
);
2199 fprintf(f
, "URL: %s<br>\n"
2200 "methods:%s%s<br>\n"
2203 last
->methods
& 0x01 ? " OMA-DM" : "",
2204 last
->methods
& 0x02 ? " SOAP-XML-SPP" : "");
2207 fprintf(f
, "</body></html>\n");
2211 snprintf(fname
, sizeof(fname
), "file://%s/osu-providers.html", dir
);
2212 write_summary(ctx
, "Start web browser with OSU provider selection page");
2213 ret
= hs20_web_browser(fname
);
2216 if (ret
> 0 && (size_t) ret
<= osu_count
) {
2220 wpa_printf(MSG_INFO
, "Selected OSU id=%d", ret
);
2221 last
= &osu
[ret
- 1];
2223 wpa_printf(MSG_INFO
, "BSSID: %s", last
->bssid
);
2224 wpa_printf(MSG_INFO
, "SSID: %s", last
->osu_ssid
);
2225 wpa_printf(MSG_INFO
, "URL: %s", last
->url
);
2226 write_summary(ctx
, "Selected OSU provider id=%d BSSID=%s SSID=%s URL=%s",
2227 ret
, last
->bssid
, last
->osu_ssid
, last
->url
);
2229 ctx
->friendly_name_count
= last
->friendly_name_count
;
2230 for (j
= 0; j
< last
->friendly_name_count
; j
++) {
2231 wpa_printf(MSG_INFO
, "FRIENDLY_NAME: [%s]%s",
2232 last
->friendly_name
[j
].lang
,
2233 last
->friendly_name
[j
].text
);
2234 os_strlcpy(ctx
->friendly_name
[j
].lang
,
2235 last
->friendly_name
[j
].lang
,
2236 sizeof(ctx
->friendly_name
[j
].lang
));
2237 os_strlcpy(ctx
->friendly_name
[j
].text
,
2238 last
->friendly_name
[j
].text
,
2239 sizeof(ctx
->friendly_name
[j
].text
));
2242 ctx
->icon_count
= last
->icon_count
;
2243 for (j
= 0; j
< last
->icon_count
; j
++) {
2246 os_snprintf(fname
, sizeof(fname
), "%s/osu-icon-%d.%s",
2247 dir
, last
->icon
[j
].id
,
2248 strcasecmp(last
->icon
[j
].mime_type
,
2251 wpa_printf(MSG_INFO
, "ICON: %s (%s)",
2252 fname
, last
->icon
[j
].filename
);
2253 os_strlcpy(ctx
->icon_filename
[j
],
2254 last
->icon
[j
].filename
,
2255 sizeof(ctx
->icon_filename
[j
]));
2257 data
= os_readfile(fname
, &data_len
);
2259 sha256_vector(1, (const u8
**) &data
, &data_len
,
2266 if (last
->methods
& 0x02)
2267 ret
= cmd_prov(ctx
, last
->url
, ca_fname
);
2268 else if (last
->methods
& 0x01)
2269 ret
= cmd_oma_dm_prov(ctx
, last
->url
, ca_fname
);
2273 ret
= osu_connect(ctx
, last
->bssid
, last
->osu_ssid
,
2274 last
->url
, ca_fname
, last
->methods
,
2275 no_prod_assoc
, last
->osu_nai
);
2285 static int cmd_signup(struct hs20_osu_client
*ctx
, const char *ca_fname
,
2286 int no_prod_assoc
, const char *friendly_name
)
2289 char fname
[300], buf
[400];
2290 struct wpa_ctrl
*mon
;
2294 ifname
= ctx
->ifname
;
2296 if (getcwd(dir
, sizeof(dir
)) == NULL
)
2299 snprintf(fname
, sizeof(fname
), "%s/osu-info", dir
);
2300 if (mkdir(fname
, S_IRWXU
| S_IRWXG
) < 0 && errno
!= EEXIST
) {
2301 wpa_printf(MSG_INFO
, "mkdir(%s) failed: %s",
2302 fname
, strerror(errno
));
2306 snprintf(buf
, sizeof(buf
), "SET osu_dir %s", fname
);
2307 if (wpa_command(ifname
, buf
) < 0) {
2308 wpa_printf(MSG_INFO
, "Failed to configure osu_dir to wpa_supplicant");
2312 mon
= open_wpa_mon(ifname
);
2316 wpa_printf(MSG_INFO
, "Starting OSU fetch");
2317 write_summary(ctx
, "Starting OSU provider information fetch");
2318 if (wpa_command(ifname
, "FETCH_OSU") < 0) {
2319 wpa_printf(MSG_INFO
, "Could not start OSU fetch");
2320 wpa_ctrl_detach(mon
);
2321 wpa_ctrl_close(mon
);
2324 res
= get_wpa_cli_event(mon
, "OSU provider fetch completed",
2327 wpa_ctrl_detach(mon
);
2328 wpa_ctrl_close(mon
);
2331 wpa_printf(MSG_INFO
, "OSU fetch did not complete");
2332 write_summary(ctx
, "OSU fetch did not complete");
2335 wpa_printf(MSG_INFO
, "OSU provider fetch completed");
2337 return cmd_osu_select(ctx
, fname
, 1, ca_fname
, no_prod_assoc
,
2342 static void cmd_sub_rem(struct hs20_osu_client
*ctx
, const char *address
,
2343 const char *pps_fname
, const char *ca_fname
)
2345 xml_node_t
*pps
, *node
;
2346 char pps_fname_buf
[300];
2347 char ca_fname_buf
[200];
2348 char *cred_username
= NULL
;
2349 char *cred_password
= NULL
;
2350 char *sub_rem_uri
= NULL
;
2351 char client_cert_buf
[200];
2352 char *client_cert
= NULL
;
2353 char client_key_buf
[200];
2354 char *client_key
= NULL
;
2357 ctx
->ca_fname
= ca_fname
;
2359 wpa_printf(MSG_INFO
, "Subscription remediation requested with Server URL: %s",
2364 wpa_printf(MSG_INFO
, "Determining PPS file based on Home SP information");
2365 if (os_strncmp(address
, "fqdn=", 5) == 0) {
2366 wpa_printf(MSG_INFO
, "Use requested FQDN from command line");
2367 os_snprintf(buf
, sizeof(buf
), "%s", address
+ 5);
2369 } else if (get_wpa_status(ctx
->ifname
, "provisioning_sp", buf
,
2371 wpa_printf(MSG_INFO
, "Could not get provisioning Home SP FQDN from wpa_supplicant");
2375 ctx
->fqdn
= os_strdup(buf
);
2376 if (ctx
->fqdn
== NULL
)
2378 wpa_printf(MSG_INFO
, "Home SP FQDN for current credential: %s",
2380 os_snprintf(pps_fname_buf
, sizeof(pps_fname_buf
),
2381 "SP/%s/pps.xml", ctx
->fqdn
);
2382 pps_fname
= pps_fname_buf
;
2384 os_snprintf(ca_fname_buf
, sizeof(ca_fname_buf
), "SP/%s/ca.pem",
2386 ca_fname
= ca_fname_buf
;
2389 if (!os_file_exists(pps_fname
)) {
2390 wpa_printf(MSG_INFO
, "PPS file '%s' does not exist or is not accessible",
2394 wpa_printf(MSG_INFO
, "Using PPS file: %s", pps_fname
);
2396 if (ca_fname
&& !os_file_exists(ca_fname
)) {
2397 wpa_printf(MSG_INFO
, "CA file '%s' does not exist or is not accessible",
2401 wpa_printf(MSG_INFO
, "Using server trust root: %s", ca_fname
);
2403 pps
= node_from_file(ctx
->xml
, pps_fname
);
2405 wpa_printf(MSG_INFO
, "Could not read PPS MO");
2411 node
= get_child_node(ctx
->xml
, pps
, "HomeSP/FQDN");
2413 wpa_printf(MSG_INFO
, "No HomeSP/FQDN found from PPS");
2416 tmp
= xml_node_get_text(ctx
->xml
, node
);
2418 wpa_printf(MSG_INFO
, "No HomeSP/FQDN text found from PPS");
2421 ctx
->fqdn
= os_strdup(tmp
);
2422 xml_node_get_text_free(ctx
->xml
, tmp
);
2424 wpa_printf(MSG_INFO
, "No FQDN known");
2429 node
= get_child_node(ctx
->xml
, pps
,
2430 "SubscriptionUpdate/UpdateMethod");
2433 tmp
= xml_node_get_text(ctx
->xml
, node
);
2434 if (tmp
&& os_strcasecmp(tmp
, "OMA-DM-ClientInitiated") == 0)
2439 wpa_printf(MSG_INFO
, "No UpdateMethod specified - assume SPP");
2443 get_user_pw(ctx
, pps
, "SubscriptionUpdate/UsernamePassword",
2444 &cred_username
, &cred_password
);
2446 wpa_printf(MSG_INFO
, "Using username: %s", cred_username
);
2448 wpa_printf(MSG_DEBUG
, "Using password: %s", cred_password
);
2450 if (cred_username
== NULL
&& cred_password
== NULL
&&
2451 get_child_node(ctx
->xml
, pps
, "Credential/DigitalCertificate")) {
2452 wpa_printf(MSG_INFO
, "Using client certificate");
2453 os_snprintf(client_cert_buf
, sizeof(client_cert_buf
),
2454 "SP/%s/client-cert.pem", ctx
->fqdn
);
2455 client_cert
= client_cert_buf
;
2456 os_snprintf(client_key_buf
, sizeof(client_key_buf
),
2457 "SP/%s/client-key.pem", ctx
->fqdn
);
2458 client_key
= client_key_buf
;
2459 ctx
->client_cert_present
= 1;
2462 node
= get_child_node(ctx
->xml
, pps
, "SubscriptionUpdate/URI");
2464 sub_rem_uri
= xml_node_get_text(ctx
->xml
, node
);
2466 (!address
|| os_strcmp(address
, sub_rem_uri
) != 0)) {
2467 wpa_printf(MSG_INFO
, "Override sub rem URI based on PPS: %s",
2469 address
= sub_rem_uri
;
2473 wpa_printf(MSG_INFO
, "Server URL not known");
2477 write_summary(ctx
, "Wait for IP address for subscriptiom remediation");
2478 wpa_printf(MSG_INFO
, "Wait for IP address before starting subscription remediation");
2480 if (wait_ip_addr(ctx
->ifname
, 15) < 0) {
2481 wpa_printf(MSG_INFO
, "Could not get IP address for WLAN - try connection anyway");
2485 spp_sub_rem(ctx
, address
, pps_fname
, ca_fname
,
2486 client_cert
, client_key
,
2487 cred_username
, cred_password
, pps
);
2489 oma_dm_sub_rem(ctx
, address
, pps_fname
, ca_fname
,
2490 client_cert
, client_key
,
2491 cred_username
, cred_password
, pps
);
2493 xml_node_get_text_free(ctx
->xml
, sub_rem_uri
);
2494 xml_node_get_text_free(ctx
->xml
, cred_username
);
2495 os_free(cred_password
);
2496 xml_node_free(ctx
->xml
, pps
);
2500 static int cmd_pol_upd(struct hs20_osu_client
*ctx
, const char *address
,
2501 const char *pps_fname
, const char *ca_fname
)
2505 char pps_fname_buf
[300];
2506 char ca_fname_buf
[200];
2508 char *cred_username
= NULL
;
2509 char *cred_password
= NULL
;
2510 char client_cert_buf
[200];
2511 char *client_cert
= NULL
;
2512 char client_key_buf
[200];
2513 char *client_key
= NULL
;
2516 wpa_printf(MSG_INFO
, "Policy update requested");
2520 wpa_printf(MSG_INFO
, "Determining PPS file based on Home SP information");
2521 if (os_strncmp(address
, "fqdn=", 5) == 0) {
2522 wpa_printf(MSG_INFO
, "Use requested FQDN from command line");
2523 os_snprintf(buf
, sizeof(buf
), "%s", address
+ 5);
2525 } else if (get_wpa_status(ctx
->ifname
, "provisioning_sp", buf
,
2527 wpa_printf(MSG_INFO
, "Could not get provisioning Home SP FQDN from wpa_supplicant");
2531 ctx
->fqdn
= os_strdup(buf
);
2532 if (ctx
->fqdn
== NULL
)
2534 wpa_printf(MSG_INFO
, "Home SP FQDN for current credential: %s",
2536 os_snprintf(pps_fname_buf
, sizeof(pps_fname_buf
),
2537 "SP/%s/pps.xml", ctx
->fqdn
);
2538 pps_fname
= pps_fname_buf
;
2540 os_snprintf(ca_fname_buf
, sizeof(ca_fname_buf
), "SP/%s/ca.pem",
2542 ca_fname
= ca_fname_buf
;
2545 if (!os_file_exists(pps_fname
)) {
2546 wpa_printf(MSG_INFO
, "PPS file '%s' does not exist or is not accessible",
2550 wpa_printf(MSG_INFO
, "Using PPS file: %s", pps_fname
);
2552 if (ca_fname
&& !os_file_exists(ca_fname
)) {
2553 wpa_printf(MSG_INFO
, "CA file '%s' does not exist or is not accessible",
2557 wpa_printf(MSG_INFO
, "Using server trust root: %s", ca_fname
);
2559 pps
= node_from_file(ctx
->xml
, pps_fname
);
2561 wpa_printf(MSG_INFO
, "Could not read PPS MO");
2567 node
= get_child_node(ctx
->xml
, pps
, "HomeSP/FQDN");
2569 wpa_printf(MSG_INFO
, "No HomeSP/FQDN found from PPS");
2572 tmp
= xml_node_get_text(ctx
->xml
, node
);
2574 wpa_printf(MSG_INFO
, "No HomeSP/FQDN text found from PPS");
2577 ctx
->fqdn
= os_strdup(tmp
);
2578 xml_node_get_text_free(ctx
->xml
, tmp
);
2580 wpa_printf(MSG_INFO
, "No FQDN known");
2585 node
= get_child_node(ctx
->xml
, pps
,
2586 "Policy/PolicyUpdate/UpdateMethod");
2589 tmp
= xml_node_get_text(ctx
->xml
, node
);
2590 if (tmp
&& os_strcasecmp(tmp
, "OMA-DM-ClientInitiated") == 0)
2595 wpa_printf(MSG_INFO
, "No UpdateMethod specified - assume SPP");
2599 get_user_pw(ctx
, pps
, "Policy/PolicyUpdate/UsernamePassword",
2600 &cred_username
, &cred_password
);
2602 wpa_printf(MSG_INFO
, "Using username: %s", cred_username
);
2604 wpa_printf(MSG_DEBUG
, "Using password: %s", cred_password
);
2606 if (cred_username
== NULL
&& cred_password
== NULL
&&
2607 get_child_node(ctx
->xml
, pps
, "Credential/DigitalCertificate")) {
2608 wpa_printf(MSG_INFO
, "Using client certificate");
2609 os_snprintf(client_cert_buf
, sizeof(client_cert_buf
),
2610 "SP/%s/client-cert.pem", ctx
->fqdn
);
2611 client_cert
= client_cert_buf
;
2612 os_snprintf(client_key_buf
, sizeof(client_key_buf
),
2613 "SP/%s/client-key.pem", ctx
->fqdn
);
2614 client_key
= client_key_buf
;
2618 node
= get_child_node(ctx
->xml
, pps
, "Policy/PolicyUpdate/URI");
2620 uri
= xml_node_get_text(ctx
->xml
, node
);
2621 wpa_printf(MSG_INFO
, "URI based on PPS: %s", uri
);
2626 wpa_printf(MSG_INFO
, "Server URL not known");
2631 spp_pol_upd(ctx
, address
, pps_fname
, ca_fname
,
2632 client_cert
, client_key
,
2633 cred_username
, cred_password
, pps
);
2635 oma_dm_pol_upd(ctx
, address
, pps_fname
, ca_fname
,
2636 client_cert
, client_key
,
2637 cred_username
, cred_password
, pps
);
2639 xml_node_get_text_free(ctx
->xml
, uri
);
2640 xml_node_get_text_free(ctx
->xml
, cred_username
);
2641 os_free(cred_password
);
2642 xml_node_free(ctx
->xml
, pps
);
2648 static char * get_hostname(const char *url
)
2650 const char *pos
, *end
, *end2
;
2656 pos
= os_strchr(url
, '/');
2664 end
= os_strchr(pos
, '/');
2665 end2
= os_strchr(pos
, ':');
2666 if (end
&& end2
&& end2
< end
)
2678 ret
= os_malloc(end
- pos
+ 2);
2682 os_memcpy(ret
, pos
, end
- pos
+ 1);
2683 ret
[end
- pos
+ 1] = '\0';
2689 static int osu_cert_cb(void *_ctx
, struct http_cert
*cert
)
2691 struct hs20_osu_client
*ctx
= _ctx
;
2696 wpa_printf(MSG_INFO
, "osu_cert_cb");
2698 host
= get_hostname(ctx
->server_url
);
2700 for (i
= 0; i
< ctx
->server_dnsname_count
; i
++)
2701 os_free(ctx
->server_dnsname
[i
]);
2702 os_free(ctx
->server_dnsname
);
2703 ctx
->server_dnsname
= os_calloc(cert
->num_dnsname
, sizeof(char *));
2704 ctx
->server_dnsname_count
= 0;
2707 for (i
= 0; i
< cert
->num_dnsname
; i
++) {
2708 if (ctx
->server_dnsname
) {
2709 ctx
->server_dnsname
[ctx
->server_dnsname_count
] =
2710 os_strdup(cert
->dnsname
[i
]);
2711 if (ctx
->server_dnsname
[ctx
->server_dnsname_count
])
2712 ctx
->server_dnsname_count
++;
2714 if (host
&& os_strcasecmp(host
, cert
->dnsname
[i
]) == 0)
2716 wpa_printf(MSG_INFO
, "dNSName '%s'", cert
->dnsname
[i
]);
2719 if (host
&& !found
) {
2720 wpa_printf(MSG_INFO
, "Server name from URL (%s) did not match any dNSName - abort connection",
2722 write_result(ctx
, "Server name from URL (%s) did not match any dNSName - abort connection",
2730 for (i
= 0; i
< cert
->num_othername
; i
++) {
2731 if (os_strcmp(cert
->othername
[i
].oid
,
2732 "1.3.6.1.4.1.40808.1.1.1") == 0) {
2733 wpa_hexdump_ascii(MSG_INFO
,
2734 "id-wfa-hotspot-friendlyName",
2735 cert
->othername
[i
].data
,
2736 cert
->othername
[i
].len
);
2740 for (j
= 0; j
< ctx
->friendly_name_count
; j
++) {
2742 for (i
= 0; i
< cert
->num_othername
; i
++) {
2743 if (os_strcmp(cert
->othername
[i
].oid
,
2744 "1.3.6.1.4.1.40808.1.1.1") != 0)
2746 if (cert
->othername
[i
].len
< 3)
2748 if (os_strncasecmp((char *) cert
->othername
[i
].data
,
2749 ctx
->friendly_name
[j
].lang
, 3) != 0)
2751 if (os_strncmp((char *) cert
->othername
[i
].data
+ 3,
2752 ctx
->friendly_name
[j
].text
,
2753 cert
->othername
[i
].len
- 3) == 0) {
2760 wpa_printf(MSG_INFO
, "No friendly name match found for '[%s]%s'",
2761 ctx
->friendly_name
[j
].lang
,
2762 ctx
->friendly_name
[j
].text
);
2763 write_result(ctx
, "No friendly name match found for '[%s]%s'",
2764 ctx
->friendly_name
[j
].lang
,
2765 ctx
->friendly_name
[j
].text
);
2770 for (i
= 0; i
< cert
->num_logo
; i
++) {
2771 struct http_logo
*logo
= &cert
->logo
[i
];
2773 wpa_printf(MSG_INFO
, "logo hash alg %s uri '%s'",
2774 logo
->alg_oid
, logo
->uri
);
2775 wpa_hexdump_ascii(MSG_INFO
, "hashValue",
2776 logo
->hash
, logo
->hash_len
);
2779 for (j
= 0; j
< ctx
->icon_count
; j
++) {
2781 char *name
= ctx
->icon_filename
[j
];
2782 size_t name_len
= os_strlen(name
);
2784 wpa_printf(MSG_INFO
, "Looking for icon file name '%s' match",
2786 for (i
= 0; i
< cert
->num_logo
; i
++) {
2787 struct http_logo
*logo
= &cert
->logo
[i
];
2788 size_t uri_len
= os_strlen(logo
->uri
);
2791 wpa_printf(MSG_INFO
, "Comparing to '%s' uri_len=%d name_len=%d",
2792 logo
->uri
, (int) uri_len
, (int) name_len
);
2793 if (uri_len
< 1 + name_len
)
2795 pos
= &logo
->uri
[uri_len
- name_len
- 1];
2799 if (os_strcmp(pos
, name
) == 0) {
2806 wpa_printf(MSG_INFO
, "No icon filename match found for '%s'",
2809 "No icon filename match found for '%s'",
2815 for (j
= 0; j
< ctx
->icon_count
; j
++) {
2818 for (i
= 0; i
< cert
->num_logo
; i
++) {
2819 struct http_logo
*logo
= &cert
->logo
[i
];
2821 if (logo
->hash_len
!= 32)
2823 if (os_memcmp(logo
->hash
, ctx
->icon_hash
[j
], 32) == 0) {
2830 wpa_printf(MSG_INFO
, "No icon hash match found");
2831 write_result(ctx
, "No icon hash match found");
2840 static int init_ctx(struct hs20_osu_client
*ctx
)
2842 xml_node_t
*devinfo
, *devid
;
2844 os_memset(ctx
, 0, sizeof(*ctx
));
2845 ctx
->ifname
= "wlan0";
2846 ctx
->xml
= xml_node_init_ctx(ctx
, NULL
);
2847 if (ctx
->xml
== NULL
)
2850 devinfo
= node_from_file(ctx
->xml
, "devinfo.xml");
2852 wpa_printf(MSG_ERROR
, "devinfo.xml not found");
2856 devid
= get_node(ctx
->xml
, devinfo
, "DevId");
2858 char *tmp
= xml_node_get_text(ctx
->xml
, devid
);
2860 ctx
->devid
= os_strdup(tmp
);
2861 xml_node_get_text_free(ctx
->xml
, tmp
);
2864 xml_node_free(ctx
->xml
, devinfo
);
2866 if (ctx
->devid
== NULL
) {
2867 wpa_printf(MSG_ERROR
, "Could not fetch DevId from devinfo.xml");
2871 ctx
->http
= http_init_ctx(ctx
, ctx
->xml
);
2872 if (ctx
->http
== NULL
) {
2873 xml_node_deinit_ctx(ctx
->xml
);
2876 http_ocsp_set(ctx
->http
, 2);
2877 http_set_cert_cb(ctx
->http
, osu_cert_cb
, ctx
);
2883 static void deinit_ctx(struct hs20_osu_client
*ctx
)
2887 http_deinit_ctx(ctx
->http
);
2888 xml_node_deinit_ctx(ctx
->xml
);
2890 os_free(ctx
->server_url
);
2891 os_free(ctx
->devid
);
2893 for (i
= 0; i
< ctx
->server_dnsname_count
; i
++)
2894 os_free(ctx
->server_dnsname
[i
]);
2895 os_free(ctx
->server_dnsname
);
2899 static void check_workarounds(struct hs20_osu_client
*ctx
)
2903 unsigned long int val
= 0;
2905 f
= fopen("hs20-osu-client.workarounds", "r");
2909 if (fgets(buf
, sizeof(buf
), f
))
2910 val
= strtoul(buf
, NULL
, 16);
2915 wpa_printf(MSG_INFO
, "Workarounds enabled: 0x%lx", val
);
2916 ctx
->workarounds
= val
;
2917 if (ctx
->workarounds
& WORKAROUND_OCSP_OPTIONAL
)
2918 http_ocsp_set(ctx
->http
, 1);
2923 static void usage(void)
2925 printf("usage: hs20-osu-client [-dddqqKt] [-S<station ifname>] \\\n"
2926 " [-w<wpa_supplicant ctrl_iface dir>] "
2927 "[-r<result file>] [-f<debug file>] \\\n"
2928 " [-s<summary file>] \\\n"
2929 " <command> [arguments..]\n"
2931 "- to_tnds <XML MO> <XML MO in TNDS format> [URN]\n"
2932 "- to_tnds2 <XML MO> <XML MO in TNDS format (Path) "
2934 "- from_tnds <XML MO in TNDS format> <XML MO>\n"
2935 "- set_pps <PerProviderSubscription XML file name>\n"
2936 "- get_fqdn <PerProviderSubscription XML file name>\n"
2937 "- pol_upd [Server URL] [PPS] [CA cert]\n"
2938 "- sub_rem <Server URL> [PPS] [CA cert]\n"
2939 "- prov <Server URL> [CA cert]\n"
2940 "- oma_dm_prov <Server URL> [CA cert]\n"
2941 "- sim_prov <Server URL> [CA cert]\n"
2942 "- oma_dm_sim_prov <Server URL> [CA cert]\n"
2943 "- signup [CA cert]\n"
2944 "- dl_osu_ca <PPS> <CA file>\n"
2945 "- dl_polupd_ca <PPS> <CA file>\n"
2946 "- dl_aaa_ca <PPS> <CA file>\n"
2948 "- osu_select <OSU info directory> [CA cert]\n");
2952 int main(int argc
, char *argv
[])
2954 struct hs20_osu_client ctx
;
2957 int no_prod_assoc
= 0;
2958 const char *friendly_name
= NULL
;
2959 const char *wpa_debug_file_path
= NULL
;
2960 extern char *wpas_ctrl_path
;
2961 extern int wpa_debug_level
;
2962 extern int wpa_debug_show_keys
;
2963 extern int wpa_debug_timestamp
;
2965 if (init_ctx(&ctx
) < 0)
2969 c
= getopt(argc
, argv
, "df:hi:KNO:qr:s:S:tw:");
2974 if (wpa_debug_level
> 0)
2978 wpa_debug_file_path
= optarg
;
2981 wpa_debug_show_keys
++;
2987 friendly_name
= optarg
;
2993 ctx
.result_file
= optarg
;
2996 ctx
.summary_file
= optarg
;
2999 ctx
.ifname
= optarg
;
3002 wpa_debug_timestamp
++;
3005 wpas_ctrl_path
= optarg
;
3015 if (argc
- optind
< 1) {
3020 wpa_debug_open_file(wpa_debug_file_path
);
3024 #endif /* __linux__ */
3026 if (ctx
.result_file
)
3027 unlink(ctx
.result_file
);
3028 wpa_printf(MSG_DEBUG
, "===[hs20-osu-client START - command: %s ]======"
3029 "================", argv
[optind
]);
3030 check_workarounds(&ctx
);
3032 if (strcmp(argv
[optind
], "to_tnds") == 0) {
3033 if (argc
- optind
< 2) {
3037 cmd_to_tnds(&ctx
, argv
[optind
+ 1], argv
[optind
+ 2],
3038 argc
> optind
+ 3 ? argv
[optind
+ 3] : NULL
,
3040 } else if (strcmp(argv
[optind
], "to_tnds2") == 0) {
3041 if (argc
- optind
< 2) {
3045 cmd_to_tnds(&ctx
, argv
[optind
+ 1], argv
[optind
+ 2],
3046 argc
> optind
+ 3 ? argv
[optind
+ 3] : NULL
,
3048 } else if (strcmp(argv
[optind
], "from_tnds") == 0) {
3049 if (argc
- optind
< 2) {
3053 cmd_from_tnds(&ctx
, argv
[optind
+ 1], argv
[optind
+ 2]);
3054 } else if (strcmp(argv
[optind
], "sub_rem") == 0) {
3055 if (argc
- optind
< 2) {
3059 if (argc
- optind
< 2)
3060 wpa_printf(MSG_ERROR
, "Server URL missing from command line");
3062 cmd_sub_rem(&ctx
, argv
[optind
+ 1],
3063 argc
> optind
+ 2 ? argv
[optind
+ 2] : NULL
,
3064 argc
> optind
+ 3 ? argv
[optind
+ 3] :
3066 } else if (strcmp(argv
[optind
], "pol_upd") == 0) {
3067 if (argc
- optind
< 2) {
3071 ret
= cmd_pol_upd(&ctx
, argc
> 2 ? argv
[optind
+ 1] : NULL
,
3072 argc
> optind
+ 2 ? argv
[optind
+ 2] : NULL
,
3073 argc
> optind
+ 3 ? argv
[optind
+ 3] : NULL
);
3074 } else if (strcmp(argv
[optind
], "prov") == 0) {
3075 if (argc
- optind
< 2) {
3079 cmd_prov(&ctx
, argv
[optind
+ 1], argv
[optind
+ 2]);
3080 } else if (strcmp(argv
[optind
], "sim_prov") == 0) {
3081 if (argc
- optind
< 2) {
3085 cmd_sim_prov(&ctx
, argv
[optind
+ 1], argv
[optind
+ 2]);
3086 } else if (strcmp(argv
[optind
], "dl_osu_ca") == 0) {
3087 if (argc
- optind
< 2) {
3091 cmd_dl_osu_ca(&ctx
, argv
[optind
+ 1], argv
[optind
+ 2]);
3092 } else if (strcmp(argv
[optind
], "dl_polupd_ca") == 0) {
3093 if (argc
- optind
< 2) {
3097 cmd_dl_polupd_ca(&ctx
, argv
[optind
+ 1], argv
[optind
+ 2]);
3098 } else if (strcmp(argv
[optind
], "dl_aaa_ca") == 0) {
3099 if (argc
- optind
< 2) {
3103 cmd_dl_aaa_ca(&ctx
, argv
[optind
+ 1], argv
[optind
+ 2]);
3104 } else if (strcmp(argv
[optind
], "osu_select") == 0) {
3105 if (argc
- optind
< 2) {
3109 cmd_osu_select(&ctx
, argv
[optind
+ 1], 2,
3110 argc
> optind
+ 2 ? argv
[optind
+ 2] : NULL
,
3112 } else if (strcmp(argv
[optind
], "signup") == 0) {
3113 ret
= cmd_signup(&ctx
,
3114 argc
> optind
+ 1 ? argv
[optind
+ 1] : NULL
,
3115 no_prod_assoc
, friendly_name
);
3116 } else if (strcmp(argv
[optind
], "set_pps") == 0) {
3117 if (argc
- optind
< 2) {
3121 cmd_set_pps(&ctx
, argv
[optind
+ 1]);
3122 } else if (strcmp(argv
[optind
], "get_fqdn") == 0) {
3123 if (argc
- optind
< 1) {
3127 ret
= cmd_get_fqdn(&ctx
, argv
[optind
+ 1]);
3128 } else if (strcmp(argv
[optind
], "oma_dm_prov") == 0) {
3129 if (argc
- optind
< 2) {
3133 cmd_oma_dm_prov(&ctx
, argv
[optind
+ 1], argv
[optind
+ 2]);
3134 } else if (strcmp(argv
[optind
], "oma_dm_sim_prov") == 0) {
3135 if (argc
- optind
< 2) {
3139 if (cmd_oma_dm_sim_prov(&ctx
, argv
[optind
+ 1],
3140 argv
[optind
+ 2]) < 0) {
3141 write_summary(&ctx
, "Failed to complete OMA DM SIM provisioning");
3144 } else if (strcmp(argv
[optind
], "oma_dm_add") == 0) {
3145 if (argc
- optind
< 2) {
3149 cmd_oma_dm_add(&ctx
, argv
[optind
+ 1], argv
[optind
+ 2]);
3150 } else if (strcmp(argv
[optind
], "oma_dm_replace") == 0) {
3151 if (argc
- optind
< 2) {
3155 cmd_oma_dm_replace(&ctx
, argv
[optind
+ 1], argv
[optind
+ 2]);
3156 } else if (strcmp(argv
[optind
], "est_csr") == 0) {
3157 if (argc
- optind
< 2) {
3161 mkdir("Cert", S_IRWXU
);
3162 est_build_csr(&ctx
, argv
[optind
+ 1]);
3163 } else if (strcmp(argv
[optind
], "browser") == 0) {
3166 if (argc
- optind
< 2) {
3171 wpa_printf(MSG_INFO
, "Launch web browser to URL %s",
3173 ret
= hs20_web_browser(argv
[optind
+ 1]);
3174 wpa_printf(MSG_INFO
, "Web browser result: %d", ret
);
3176 wpa_printf(MSG_INFO
, "Unknown command '%s'", argv
[optind
]);
3179 wpa_printf(MSG_DEBUG
,
3180 "===[hs20-osu-client END ]======================");
3182 wpa_debug_close_file();