2 * Hotspot 2.0 OSU client
3 * Copyright (c) 2012-2014, Qualcomm Atheros, Inc.
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
13 #include "private/android_filesystem_config.h"
17 #include "utils/browser.h"
18 #include "utils/base64.h"
19 #include "utils/xml-utils.h"
20 #include "utils/http-utils.h"
21 #include "common/wpa_ctrl.h"
22 #include "common/wpa_helpers.h"
23 #include "eap_common/eap_defs.h"
24 #include "crypto/crypto.h"
25 #include "crypto/sha256.h"
26 #include "osu_client.h"
28 const char *spp_xsd_fname
= "spp.xsd";
31 void write_result(struct hs20_osu_client
*ctx
, const char *fmt
, ...)
38 vsnprintf(buf
, sizeof(buf
), fmt
, ap
);
40 write_summary(ctx
, "%s", buf
);
42 if (!ctx
->result_file
)
45 f
= fopen(ctx
->result_file
, "w");
57 void write_summary(struct hs20_osu_client
*ctx
, const char *fmt
, ...)
62 if (!ctx
->summary_file
)
65 f
= fopen(ctx
->summary_file
, "a");
77 void debug_dump_node(struct hs20_osu_client
*ctx
, const char *title
,
80 char *str
= xml_node_to_str(ctx
->xml
, node
);
81 wpa_printf(MSG_DEBUG
, "[hs20] %s: '%s'", title
, str
);
86 static int valid_fqdn(const char *fqdn
)
90 /* TODO: could make this more complete.. */
91 if (strchr(fqdn
, '.') == 0 || strlen(fqdn
) > 255)
93 for (pos
= fqdn
; *pos
; pos
++) {
94 if (*pos
>= 'a' && *pos
<= 'z')
96 if (*pos
>= 'A' && *pos
<= 'Z')
98 if (*pos
>= '0' && *pos
<= '9')
100 if (*pos
== '-' || *pos
== '.' || *pos
== '_')
108 static int android_update_permission(const char *path
, mode_t mode
)
111 /* we need to change file/folder permission for Android */
114 wpa_printf(MSG_ERROR
, "file path null");
118 /* Allow processes running with Group ID as AID_WIFI,
119 * to read files from SP, SP/<fqdn>, Cert and osu-info directories */
120 if (chown(path
, -1, AID_WIFI
)) {
121 wpa_printf(MSG_INFO
, "CTRL: Could not chown directory: %s",
126 if (chmod(path
, mode
) < 0) {
127 wpa_printf(MSG_INFO
, "CTRL: Could not chmod directory: %s",
137 int osu_get_certificate(struct hs20_osu_client
*ctx
, xml_node_t
*getcert
)
140 char *url
, *user
= NULL
, *pw
= NULL
;
144 proto
= xml_node_get_attr_value(ctx
->xml
, getcert
,
145 "enrollmentProtocol");
148 wpa_printf(MSG_INFO
, "getCertificate - enrollmentProtocol=%s", proto
);
149 write_summary(ctx
, "getCertificate - enrollmentProtocol=%s", proto
);
150 if (os_strcasecmp(proto
, "EST") != 0) {
151 wpa_printf(MSG_INFO
, "Unsupported enrollmentProtocol");
152 xml_node_get_attr_value_free(ctx
->xml
, proto
);
155 xml_node_get_attr_value_free(ctx
->xml
, proto
);
157 node
= get_node(ctx
->xml
, getcert
, "enrollmentServerURI");
159 wpa_printf(MSG_INFO
, "Could not find enrollmentServerURI node");
160 xml_node_get_attr_value_free(ctx
->xml
, proto
);
163 url
= xml_node_get_text(ctx
->xml
, node
);
165 wpa_printf(MSG_INFO
, "Could not get URL text");
168 wpa_printf(MSG_INFO
, "enrollmentServerURI: %s", url
);
169 write_summary(ctx
, "enrollmentServerURI: %s", url
);
171 node
= get_node(ctx
->xml
, getcert
, "estUserID");
172 if (node
== NULL
&& !ctx
->client_cert_present
) {
173 wpa_printf(MSG_INFO
, "Could not find estUserID node");
177 user
= xml_node_get_text(ctx
->xml
, node
);
179 wpa_printf(MSG_INFO
, "Could not get estUserID text");
182 wpa_printf(MSG_INFO
, "estUserID: %s", user
);
183 write_summary(ctx
, "estUserID: %s", user
);
186 node
= get_node(ctx
->xml
, getcert
, "estPassword");
187 if (node
== NULL
&& !ctx
->client_cert_present
) {
188 wpa_printf(MSG_INFO
, "Could not find estPassword node");
192 pw
= xml_node_get_base64_text(ctx
->xml
, node
, NULL
);
194 wpa_printf(MSG_INFO
, "Could not get estPassword text");
197 wpa_printf(MSG_INFO
, "estPassword: %s", pw
);
200 mkdir("Cert", S_IRWXU
);
201 android_update_permission("Cert", S_IRWXU
| S_IRWXG
);
203 if (est_load_cacerts(ctx
, url
) < 0 ||
204 est_build_csr(ctx
, url
) < 0 ||
205 est_simple_enroll(ctx
, url
, user
, pw
) < 0)
210 xml_node_get_text_free(ctx
->xml
, url
);
211 xml_node_get_text_free(ctx
->xml
, user
);
212 xml_node_get_text_free(ctx
->xml
, pw
);
218 static int process_est_cert(struct hs20_osu_client
*ctx
, xml_node_t
*cert
,
221 u8 digest1
[SHA256_MAC_LEN
], digest2
[SHA256_MAC_LEN
];
223 size_t der_len
, pem_len
;
227 wpa_printf(MSG_INFO
, "PPS for certificate credential - fqdn=%s", fqdn
);
229 fingerprint
= xml_node_get_text(ctx
->xml
, cert
);
230 if (fingerprint
== NULL
)
232 if (hexstr2bin(fingerprint
, digest1
, SHA256_MAC_LEN
) < 0) {
233 wpa_printf(MSG_INFO
, "Invalid SHA256 hash value");
234 write_result(ctx
, "Invalid client certificate SHA256 hash value in PPS");
235 xml_node_get_text_free(ctx
->xml
, fingerprint
);
238 xml_node_get_text_free(ctx
->xml
, fingerprint
);
240 der
= os_readfile("Cert/est_cert.der", &der_len
);
242 wpa_printf(MSG_INFO
, "Could not find client certificate from EST");
243 write_result(ctx
, "Could not find client certificate from EST");
247 if (sha256_vector(1, (const u8
**) &der
, &der_len
, digest2
) < 0) {
253 if (os_memcmp(digest1
, digest2
, sizeof(digest1
)) != 0) {
254 wpa_printf(MSG_INFO
, "Client certificate from EST does not match fingerprint from PPS MO");
255 write_result(ctx
, "Client certificate from EST does not match fingerprint from PPS MO");
259 wpa_printf(MSG_INFO
, "Client certificate from EST matches PPS MO");
260 unlink("Cert/est_cert.der");
262 os_snprintf(buf
, sizeof(buf
), "SP/%s/client-ca.pem", fqdn
);
263 if (rename("Cert/est-cacerts.pem", buf
) < 0) {
264 wpa_printf(MSG_INFO
, "Could not move est-cacerts.pem to client-ca.pem: %s",
268 pem
= os_readfile(buf
, &pem_len
);
270 os_snprintf(buf
, sizeof(buf
), "SP/%s/client-cert.pem", fqdn
);
271 if (rename("Cert/est_cert.pem", buf
) < 0) {
272 wpa_printf(MSG_INFO
, "Could not move est_cert.pem to client-cert.pem: %s",
279 FILE *f
= fopen(buf
, "a");
281 fwrite(pem
, pem_len
, 1, f
);
287 os_snprintf(buf
, sizeof(buf
), "SP/%s/client-key.pem", fqdn
);
288 if (rename("Cert/privkey-plain.pem", buf
) < 0) {
289 wpa_printf(MSG_INFO
, "Could not move privkey-plain.pem to client-key.pem: %s",
294 unlink("Cert/est-req.b64");
295 unlink("Cert/est-req.pem");
302 #define TMP_CERT_DL_FILE "tmp-cert-download"
304 static int download_cert(struct hs20_osu_client
*ctx
, xml_node_t
*params
,
307 xml_node_t
*url_node
, *hash_node
;
311 u8 digest1
[SHA256_MAC_LEN
], digest2
[SHA256_MAC_LEN
];
316 url_node
= get_node(ctx
->xml
, params
, "CertURL");
317 hash_node
= get_node(ctx
->xml
, params
, "CertSHA256Fingerprint");
318 if (url_node
== NULL
|| hash_node
== NULL
)
320 url
= xml_node_get_text(ctx
->xml
, url_node
);
321 hash
= xml_node_get_text(ctx
->xml
, hash_node
);
322 if (url
== NULL
|| hash
== NULL
) {
323 xml_node_get_text_free(ctx
->xml
, url
);
324 xml_node_get_text_free(ctx
->xml
, hash
);
328 wpa_printf(MSG_INFO
, "CertURL: %s", url
);
329 wpa_printf(MSG_INFO
, "SHA256 hash: %s", hash
);
331 if (hexstr2bin(hash
, digest1
, SHA256_MAC_LEN
) < 0) {
332 wpa_printf(MSG_INFO
, "Invalid SHA256 hash value");
333 write_result(ctx
, "Invalid SHA256 hash value for downloaded certificate");
334 xml_node_get_text_free(ctx
->xml
, hash
);
337 xml_node_get_text_free(ctx
->xml
, hash
);
339 write_summary(ctx
, "Download certificate from %s", url
);
340 ctx
->no_osu_cert_validation
= 1;
341 http_ocsp_set(ctx
->http
, 1);
342 res
= http_download_file(ctx
->http
, url
, TMP_CERT_DL_FILE
, NULL
);
343 http_ocsp_set(ctx
->http
,
344 (ctx
->workarounds
& WORKAROUND_OCSP_OPTIONAL
) ? 1 : 2);
345 ctx
->no_osu_cert_validation
= 0;
346 xml_node_get_text_free(ctx
->xml
, url
);
350 cert
= os_readfile(TMP_CERT_DL_FILE
, &len
);
351 remove(TMP_CERT_DL_FILE
);
355 if (sha256_vector(1, (const u8
**) &cert
, &len
, digest2
) < 0) {
360 if (os_memcmp(digest1
, digest2
, sizeof(digest1
)) != 0) {
361 wpa_printf(MSG_INFO
, "Downloaded certificate fingerprint did not match");
362 write_result(ctx
, "Downloaded certificate fingerprint did not match");
367 b64
= base64_encode((unsigned char *) cert
, len
, NULL
);
372 f
= fopen(fname
, "wb");
378 fprintf(f
, "-----BEGIN CERTIFICATE-----\n"
380 "-----END CERTIFICATE-----\n",
386 wpa_printf(MSG_INFO
, "Downloaded certificate into %s and validated fingerprint",
388 write_summary(ctx
, "Downloaded certificate into %s and validated fingerprint",
395 static int cmd_dl_osu_ca(struct hs20_osu_client
*ctx
, const char *pps_fname
,
396 const char *ca_fname
)
398 xml_node_t
*pps
, *node
;
401 pps
= node_from_file(ctx
->xml
, pps_fname
);
403 wpa_printf(MSG_INFO
, "Could not read or parse '%s'", pps_fname
);
407 node
= get_child_node(ctx
->xml
, pps
,
408 "SubscriptionUpdate/TrustRoot");
410 wpa_printf(MSG_INFO
, "No SubscriptionUpdate/TrustRoot/CertURL found from PPS");
411 xml_node_free(ctx
->xml
, pps
);
415 ret
= download_cert(ctx
, node
, ca_fname
);
416 xml_node_free(ctx
->xml
, pps
);
422 static int cmd_dl_polupd_ca(struct hs20_osu_client
*ctx
, const char *pps_fname
,
423 const char *ca_fname
)
425 xml_node_t
*pps
, *node
;
428 pps
= node_from_file(ctx
->xml
, pps_fname
);
430 wpa_printf(MSG_INFO
, "Could not read or parse '%s'", pps_fname
);
434 node
= get_child_node(ctx
->xml
, pps
,
435 "Policy/PolicyUpdate/TrustRoot");
437 wpa_printf(MSG_INFO
, "No Policy/PolicyUpdate/TrustRoot/CertURL found from PPS");
438 xml_node_free(ctx
->xml
, pps
);
442 ret
= download_cert(ctx
, node
, ca_fname
);
443 xml_node_free(ctx
->xml
, pps
);
449 static int cmd_dl_aaa_ca(struct hs20_osu_client
*ctx
, const char *pps_fname
,
450 const char *ca_fname
)
452 xml_node_t
*pps
, *node
, *aaa
;
455 pps
= node_from_file(ctx
->xml
, pps_fname
);
457 wpa_printf(MSG_INFO
, "Could not read or parse '%s'", pps_fname
);
461 node
= get_child_node(ctx
->xml
, pps
,
462 "AAAServerTrustRoot");
464 wpa_printf(MSG_INFO
, "No AAAServerTrustRoot/CertURL found from PPS");
465 xml_node_free(ctx
->xml
, pps
);
469 aaa
= xml_node_first_child(ctx
->xml
, node
);
471 wpa_printf(MSG_INFO
, "No AAAServerTrustRoot/CertURL found from PPS");
472 xml_node_free(ctx
->xml
, pps
);
476 ret
= download_cert(ctx
, aaa
, ca_fname
);
477 xml_node_free(ctx
->xml
, pps
);
483 static int download_trust_roots(struct hs20_osu_client
*ctx
,
484 const char *pps_fname
)
490 dir
= os_strdup(pps_fname
);
493 pos
= os_strrchr(dir
, '/');
500 snprintf(fname
, sizeof(fname
), "%s/ca.pem", dir
);
501 ret
= cmd_dl_osu_ca(ctx
, pps_fname
, fname
);
502 snprintf(fname
, sizeof(fname
), "%s/polupd-ca.pem", dir
);
503 cmd_dl_polupd_ca(ctx
, pps_fname
, fname
);
504 snprintf(fname
, sizeof(fname
), "%s/aaa-ca.pem", dir
);
505 cmd_dl_aaa_ca(ctx
, pps_fname
, fname
);
513 static int server_dnsname_suffix_match(struct hs20_osu_client
*ctx
,
516 size_t match_len
, len
, i
;
519 match_len
= os_strlen(fqdn
);
521 for (i
= 0; i
< ctx
->server_dnsname_count
; i
++) {
523 "Checking suffix match against server dNSName %s",
524 ctx
->server_dnsname
[i
]);
525 val
= ctx
->server_dnsname
[i
];
526 len
= os_strlen(val
);
531 if (os_strncasecmp(val
+ len
- match_len
, fqdn
, match_len
) != 0)
532 continue; /* no match */
534 if (match_len
== len
)
535 return 1; /* exact match */
537 if (val
[len
- match_len
- 1] == '.')
538 return 1; /* full label match completes suffix match */
540 /* Reject due to incomplete label match */
543 /* None of the dNSName(s) matched */
548 int hs20_add_pps_mo(struct hs20_osu_client
*ctx
, const char *uri
,
549 xml_node_t
*add_mo
, char *fname
, size_t fname_len
)
553 xml_node_t
*tnds
, *mo
, *cert
;
557 if (strncmp(uri
, "./Wi-Fi/", 8) != 0) {
558 wpa_printf(MSG_INFO
, "Unsupported location for addMO to add PPS MO: '%s'",
560 write_result(ctx
, "Unsupported location for addMO to add PPS MO: '%s'",
565 fqdn
= strdup(uri
+ 8);
568 pos
= strchr(fqdn
, '/');
570 if (os_strcasecmp(pos
, "/PerProviderSubscription") != 0) {
571 wpa_printf(MSG_INFO
, "Unsupported location for addMO to add PPS MO (extra directory): '%s'",
573 write_result(ctx
, "Unsupported location for addMO to "
574 "add PPS MO (extra directory): '%s'", uri
);
578 *pos
= '\0'; /* remove trailing slash and PPS node name */
580 wpa_printf(MSG_INFO
, "SP FQDN: %s", fqdn
);
582 if (!server_dnsname_suffix_match(ctx
, fqdn
)) {
584 "FQDN '%s' for new PPS MO did not have suffix match with server's dNSName values, count: %d",
585 fqdn
, (int) ctx
->server_dnsname_count
);
586 write_result(ctx
, "FQDN '%s' for new PPS MO did not have suffix match with server's dNSName values",
592 if (!valid_fqdn(fqdn
)) {
593 wpa_printf(MSG_INFO
, "Invalid FQDN '%s'", fqdn
);
594 write_result(ctx
, "Invalid FQDN '%s'", fqdn
);
599 mkdir("SP", S_IRWXU
);
600 snprintf(fname
, fname_len
, "SP/%s", fqdn
);
601 if (mkdir(fname
, S_IRWXU
) < 0) {
602 if (errno
!= EEXIST
) {
604 wpa_printf(MSG_INFO
, "mkdir(%s) failed: %s",
605 fname
, strerror(err
));
611 android_update_permission("SP", S_IRWXU
| S_IRGRP
| S_IXGRP
);
612 android_update_permission(fname
, S_IRWXU
| S_IRGRP
| S_IXGRP
);
614 snprintf(fname
, fname_len
, "SP/%s/pps.xml", fqdn
);
616 if (os_file_exists(fname
)) {
617 wpa_printf(MSG_INFO
, "PPS file '%s' exists - reject addMO",
619 write_result(ctx
, "PPS file '%s' exists - reject addMO",
624 wpa_printf(MSG_INFO
, "Using PPS file: %s", fname
);
626 str
= xml_node_get_text(ctx
->xml
, add_mo
);
628 wpa_printf(MSG_INFO
, "Could not extract MO text");
632 wpa_printf(MSG_DEBUG
, "[hs20] addMO text: '%s'", str
);
634 tnds
= xml_node_from_buf(ctx
->xml
, str
);
635 xml_node_get_text_free(ctx
->xml
, str
);
637 wpa_printf(MSG_INFO
, "[hs20] Could not parse addMO text");
642 mo
= tnds_to_mo(ctx
->xml
, tnds
);
644 wpa_printf(MSG_INFO
, "[hs20] Could not parse addMO TNDS text");
649 debug_dump_node(ctx
, "Parsed TNDS", mo
);
651 name
= xml_node_get_localname(ctx
->xml
, mo
);
652 if (os_strcasecmp(name
, "PerProviderSubscription") != 0) {
653 wpa_printf(MSG_INFO
, "[hs20] Unexpected PPS MO root node name '%s'",
659 cert
= get_child_node(ctx
->xml
, mo
,
660 "Credential/DigitalCertificate/"
661 "CertSHA256Fingerprint");
662 if (cert
&& process_est_cert(ctx
, cert
, fqdn
) < 0) {
663 xml_node_free(ctx
->xml
, mo
);
669 if (node_to_file(ctx
->xml
, fname
, mo
) < 0) {
670 wpa_printf(MSG_INFO
, "Could not write MO to file");
671 xml_node_free(ctx
->xml
, mo
);
674 xml_node_free(ctx
->xml
, mo
);
676 wpa_printf(MSG_INFO
, "A new PPS MO added as '%s'", fname
);
677 write_summary(ctx
, "A new PPS MO added as '%s'", fname
);
679 ret
= download_trust_roots(ctx
, fname
);
681 wpa_printf(MSG_INFO
, "Remove invalid PPS MO file");
682 write_summary(ctx
, "Remove invalid PPS MO file");
690 int update_pps_file(struct hs20_osu_client
*ctx
, const char *pps_fname
,
697 if (ctx
->client_cert_present
) {
699 cert
= get_child_node(ctx
->xml
, pps
,
700 "Credential/DigitalCertificate/"
701 "CertSHA256Fingerprint");
702 if (cert
&& os_file_exists("Cert/est_cert.der") &&
703 process_est_cert(ctx
, cert
, ctx
->fqdn
) < 0) {
704 wpa_printf(MSG_INFO
, "EST certificate update processing failed on PPS MO update");
709 wpa_printf(MSG_INFO
, "Updating PPS MO %s", pps_fname
);
711 str
= xml_node_to_str(ctx
->xml
, pps
);
713 wpa_printf(MSG_ERROR
, "No node found");
716 wpa_printf(MSG_MSGDUMP
, "[hs20] Updated PPS: '%s'", str
);
718 snprintf(backup
, sizeof(backup
), "%s.bak", pps_fname
);
719 rename(pps_fname
, backup
);
720 f
= fopen(pps_fname
, "w");
722 wpa_printf(MSG_INFO
, "Could not write PPS");
723 rename(backup
, pps_fname
);
727 fprintf(f
, "%s\n", str
);
736 void get_user_pw(struct hs20_osu_client
*ctx
, xml_node_t
*pps
,
737 const char *alt_loc
, char **user
, char **pw
)
741 node
= get_child_node(ctx
->xml
, pps
,
742 "Credential/UsernamePassword/Username");
744 *user
= xml_node_get_text(ctx
->xml
, node
);
746 node
= get_child_node(ctx
->xml
, pps
,
747 "Credential/UsernamePassword/Password");
749 *pw
= xml_node_get_base64_text(ctx
->xml
, node
, NULL
);
751 node
= get_child_node(ctx
->xml
, pps
, alt_loc
);
754 a
= get_node(ctx
->xml
, node
, "Username");
756 xml_node_get_text_free(ctx
->xml
, *user
);
757 *user
= xml_node_get_text(ctx
->xml
, a
);
758 wpa_printf(MSG_INFO
, "Use OSU username '%s'", *user
);
761 a
= get_node(ctx
->xml
, node
, "Password");
764 *pw
= xml_node_get_base64_text(ctx
->xml
, a
, NULL
);
765 wpa_printf(MSG_INFO
, "Use OSU password");
771 /* Remove old credentials based on HomeSP/FQDN */
772 static void remove_sp_creds(struct hs20_osu_client
*ctx
, const char *fqdn
)
775 os_snprintf(cmd
, sizeof(cmd
), "REMOVE_CRED provisioning_sp=%s", fqdn
);
776 if (wpa_command(ctx
->ifname
, cmd
) < 0)
777 wpa_printf(MSG_INFO
, "Failed to remove old credential(s)");
781 static void set_pps_cred_policy_spe(struct hs20_osu_client
*ctx
, int id
,
787 ssid
= get_node(ctx
->xml
, spe
, "SSID");
790 txt
= xml_node_get_text(ctx
->xml
, ssid
);
793 wpa_printf(MSG_DEBUG
, "- Policy/SPExclusionList/<X+>/SSID = %s", txt
);
794 if (set_cred_quoted(ctx
->ifname
, id
, "excluded_ssid", txt
) < 0)
795 wpa_printf(MSG_INFO
, "Failed to set cred excluded_ssid");
796 xml_node_get_text_free(ctx
->xml
, txt
);
800 static void set_pps_cred_policy_spel(struct hs20_osu_client
*ctx
, int id
,
805 xml_node_for_each_child(ctx
->xml
, child
, spel
) {
806 xml_node_for_each_check(ctx
->xml
, child
);
807 set_pps_cred_policy_spe(ctx
, id
, child
);
812 static void set_pps_cred_policy_prp(struct hs20_osu_client
*ctx
, int id
,
816 char *txt
= NULL
, *pos
;
817 char *prio
, *country_buf
= NULL
;
822 node
= get_node(ctx
->xml
, prp
, "Priority");
825 prio
= xml_node_get_text(ctx
->xml
, node
);
828 wpa_printf(MSG_INFO
, "- Policy/PreferredRoamingPartnerList/<X+>/Priority = %s",
830 priority
= atoi(prio
);
831 xml_node_get_text_free(ctx
->xml
, prio
);
833 node
= get_node(ctx
->xml
, prp
, "Country");
835 country_buf
= xml_node_get_text(ctx
->xml
, node
);
836 if (country_buf
== NULL
)
838 country
= country_buf
;
839 wpa_printf(MSG_INFO
, "- Policy/PreferredRoamingPartnerList/<X+>/Country = %s",
845 node
= get_node(ctx
->xml
, prp
, "FQDN_Match");
848 txt
= xml_node_get_text(ctx
->xml
, node
);
851 wpa_printf(MSG_INFO
, "- Policy/PreferredRoamingPartnerList/<X+>/FQDN_Match = %s",
853 pos
= strrchr(txt
, ',');
858 snprintf(val
, sizeof(val
), "%s,%d,%d,%s", txt
,
859 strcmp(pos
, "includeSubdomains") != 0, priority
, country
);
860 if (set_cred_quoted(ctx
->ifname
, id
, "roaming_partner", val
) < 0)
861 wpa_printf(MSG_INFO
, "Failed to set cred roaming_partner");
863 xml_node_get_text_free(ctx
->xml
, country_buf
);
864 xml_node_get_text_free(ctx
->xml
, txt
);
868 static void set_pps_cred_policy_prpl(struct hs20_osu_client
*ctx
, int id
,
873 xml_node_for_each_child(ctx
->xml
, child
, prpl
) {
874 xml_node_for_each_check(ctx
->xml
, child
);
875 set_pps_cred_policy_prp(ctx
, id
, child
);
880 static void set_pps_cred_policy_min_backhaul(struct hs20_osu_client
*ctx
, int id
,
881 xml_node_t
*min_backhaul
)
884 char *type
, *dl
= NULL
, *ul
= NULL
;
887 node
= get_node(ctx
->xml
, min_backhaul
, "NetworkType");
889 wpa_printf(MSG_INFO
, "Ignore MinBackhaulThreshold without mandatory NetworkType node");
893 type
= xml_node_get_text(ctx
->xml
, node
);
896 wpa_printf(MSG_INFO
, "- Policy/MinBackhaulThreshold/<X+>/NetworkType = %s",
898 if (os_strcasecmp(type
, "home") == 0)
900 else if (os_strcasecmp(type
, "roaming") == 0)
903 wpa_printf(MSG_INFO
, "Ignore MinBackhaulThreshold with invalid NetworkType");
904 xml_node_get_text_free(ctx
->xml
, type
);
907 xml_node_get_text_free(ctx
->xml
, type
);
909 node
= get_node(ctx
->xml
, min_backhaul
, "DLBandwidth");
911 dl
= xml_node_get_text(ctx
->xml
, node
);
913 node
= get_node(ctx
->xml
, min_backhaul
, "ULBandwidth");
915 ul
= xml_node_get_text(ctx
->xml
, node
);
917 if (dl
== NULL
&& ul
== NULL
) {
918 wpa_printf(MSG_INFO
, "Ignore MinBackhaulThreshold without either DLBandwidth or ULBandwidth nodes");
923 wpa_printf(MSG_INFO
, "- Policy/MinBackhaulThreshold/<X+>/DLBandwidth = %s",
926 wpa_printf(MSG_INFO
, "- Policy/MinBackhaulThreshold/<X+>/ULBandwidth = %s",
931 set_cred(ctx
->ifname
, id
, "min_dl_bandwidth_home", dl
) < 0)
932 wpa_printf(MSG_INFO
, "Failed to set cred bandwidth limit");
934 set_cred(ctx
->ifname
, id
, "min_ul_bandwidth_home", ul
) < 0)
935 wpa_printf(MSG_INFO
, "Failed to set cred bandwidth limit");
938 set_cred(ctx
->ifname
, id
, "min_dl_bandwidth_roaming", dl
) <
940 wpa_printf(MSG_INFO
, "Failed to set cred bandwidth limit");
942 set_cred(ctx
->ifname
, id
, "min_ul_bandwidth_roaming", ul
) <
944 wpa_printf(MSG_INFO
, "Failed to set cred bandwidth limit");
947 xml_node_get_text_free(ctx
->xml
, dl
);
948 xml_node_get_text_free(ctx
->xml
, ul
);
952 static void set_pps_cred_policy_min_backhaul_list(struct hs20_osu_client
*ctx
,
953 int id
, xml_node_t
*node
)
957 wpa_printf(MSG_INFO
, "- Policy/MinBackhaulThreshold");
959 xml_node_for_each_child(ctx
->xml
, child
, node
) {
960 xml_node_for_each_check(ctx
->xml
, child
);
961 set_pps_cred_policy_min_backhaul(ctx
, id
, child
);
966 static void set_pps_cred_policy_update(struct hs20_osu_client
*ctx
, int id
,
969 wpa_printf(MSG_INFO
, "- Policy/PolicyUpdate");
970 /* Not used in wpa_supplicant */
974 static void set_pps_cred_policy_required_proto_port(struct hs20_osu_client
*ctx
,
975 int id
, xml_node_t
*tuple
)
982 node
= get_node(ctx
->xml
, tuple
, "IPProtocol");
984 wpa_printf(MSG_INFO
, "Ignore RequiredProtoPortTuple without mandatory IPProtocol node");
988 proto
= xml_node_get_text(ctx
->xml
, node
);
992 wpa_printf(MSG_INFO
, "- Policy/RequiredProtoPortTuple/<X+>/IPProtocol = %s",
995 node
= get_node(ctx
->xml
, tuple
, "PortNumber");
996 port
= node
? xml_node_get_text(ctx
->xml
, node
) : NULL
;
998 wpa_printf(MSG_INFO
, "- Policy/RequiredProtoPortTuple/<X+>/PortNumber = %s",
1000 buflen
= os_strlen(proto
) + os_strlen(port
) + 10;
1001 buf
= os_malloc(buflen
);
1003 os_snprintf(buf
, buflen
, "%s:%s", proto
, port
);
1004 xml_node_get_text_free(ctx
->xml
, port
);
1006 buflen
= os_strlen(proto
) + 10;
1007 buf
= os_malloc(buflen
);
1009 os_snprintf(buf
, buflen
, "%s", proto
);
1012 xml_node_get_text_free(ctx
->xml
, proto
);
1017 if (set_cred(ctx
->ifname
, id
, "req_conn_capab", buf
) < 0)
1018 wpa_printf(MSG_INFO
, "Could not set req_conn_capab");
1024 static void set_pps_cred_policy_required_proto_ports(struct hs20_osu_client
*ctx
,
1025 int id
, xml_node_t
*node
)
1029 wpa_printf(MSG_INFO
, "- Policy/RequiredProtoPortTuple");
1031 xml_node_for_each_child(ctx
->xml
, child
, node
) {
1032 xml_node_for_each_check(ctx
->xml
, child
);
1033 set_pps_cred_policy_required_proto_port(ctx
, id
, child
);
1038 static void set_pps_cred_policy_max_bss_load(struct hs20_osu_client
*ctx
, int id
,
1041 char *str
= xml_node_get_text(ctx
->xml
, node
);
1044 wpa_printf(MSG_INFO
, "- Policy/MaximumBSSLoadValue - %s", str
);
1045 if (set_cred(ctx
->ifname
, id
, "max_bss_load", str
) < 0)
1046 wpa_printf(MSG_INFO
, "Failed to set cred max_bss_load limit");
1047 xml_node_get_text_free(ctx
->xml
, str
);
1051 static void set_pps_cred_policy(struct hs20_osu_client
*ctx
, int id
,
1057 wpa_printf(MSG_INFO
, "- Policy");
1059 xml_node_for_each_child(ctx
->xml
, child
, node
) {
1060 xml_node_for_each_check(ctx
->xml
, child
);
1061 name
= xml_node_get_localname(ctx
->xml
, child
);
1062 if (os_strcasecmp(name
, "PreferredRoamingPartnerList") == 0)
1063 set_pps_cred_policy_prpl(ctx
, id
, child
);
1064 else if (os_strcasecmp(name
, "MinBackhaulThreshold") == 0)
1065 set_pps_cred_policy_min_backhaul_list(ctx
, id
, child
);
1066 else if (os_strcasecmp(name
, "PolicyUpdate") == 0)
1067 set_pps_cred_policy_update(ctx
, id
, child
);
1068 else if (os_strcasecmp(name
, "SPExclusionList") == 0)
1069 set_pps_cred_policy_spel(ctx
, id
, child
);
1070 else if (os_strcasecmp(name
, "RequiredProtoPortTuple") == 0)
1071 set_pps_cred_policy_required_proto_ports(ctx
, id
, child
);
1072 else if (os_strcasecmp(name
, "MaximumBSSLoadValue") == 0)
1073 set_pps_cred_policy_max_bss_load(ctx
, id
, child
);
1075 wpa_printf(MSG_INFO
, "Unknown Policy node '%s'", name
);
1080 static void set_pps_cred_priority(struct hs20_osu_client
*ctx
, int id
,
1083 char *str
= xml_node_get_text(ctx
->xml
, node
);
1086 wpa_printf(MSG_INFO
, "- CredentialPriority = %s", str
);
1087 if (set_cred(ctx
->ifname
, id
, "sp_priority", str
) < 0)
1088 wpa_printf(MSG_INFO
, "Failed to set cred sp_priority");
1089 xml_node_get_text_free(ctx
->xml
, str
);
1093 static void set_pps_cred_aaa_server_trust_root(struct hs20_osu_client
*ctx
,
1094 int id
, xml_node_t
*node
)
1096 wpa_printf(MSG_INFO
, "- AAAServerTrustRoot - TODO");
1100 static void set_pps_cred_sub_update(struct hs20_osu_client
*ctx
, int id
,
1103 wpa_printf(MSG_INFO
, "- SubscriptionUpdate");
1104 /* not used within wpa_supplicant */
1108 static void set_pps_cred_home_sp_network_id(struct hs20_osu_client
*ctx
,
1109 int id
, xml_node_t
*node
)
1111 xml_node_t
*ssid_node
, *hessid_node
;
1112 char *ssid
, *hessid
;
1114 ssid_node
= get_node(ctx
->xml
, node
, "SSID");
1115 if (ssid_node
== NULL
) {
1116 wpa_printf(MSG_INFO
, "Ignore HomeSP/NetworkID without mandatory SSID node");
1120 hessid_node
= get_node(ctx
->xml
, node
, "HESSID");
1122 ssid
= xml_node_get_text(ctx
->xml
, ssid_node
);
1125 hessid
= hessid_node
? xml_node_get_text(ctx
->xml
, hessid_node
) : NULL
;
1127 wpa_printf(MSG_INFO
, "- HomeSP/NetworkID/<X+>/SSID = %s", ssid
);
1129 wpa_printf(MSG_INFO
, "- HomeSP/NetworkID/<X+>/HESSID = %s",
1132 /* TODO: Configure to wpa_supplicant */
1134 xml_node_get_text_free(ctx
->xml
, ssid
);
1135 xml_node_get_text_free(ctx
->xml
, hessid
);
1139 static void set_pps_cred_home_sp_network_ids(struct hs20_osu_client
*ctx
,
1140 int id
, xml_node_t
*node
)
1144 wpa_printf(MSG_INFO
, "- HomeSP/NetworkID");
1146 xml_node_for_each_child(ctx
->xml
, child
, node
) {
1147 xml_node_for_each_check(ctx
->xml
, child
);
1148 set_pps_cred_home_sp_network_id(ctx
, id
, child
);
1153 static void set_pps_cred_home_sp_friendly_name(struct hs20_osu_client
*ctx
,
1154 int id
, xml_node_t
*node
)
1156 char *str
= xml_node_get_text(ctx
->xml
, node
);
1159 wpa_printf(MSG_INFO
, "- HomeSP/FriendlyName = %s", str
);
1160 /* not used within wpa_supplicant(?) */
1161 xml_node_get_text_free(ctx
->xml
, str
);
1165 static void set_pps_cred_home_sp_icon_url(struct hs20_osu_client
*ctx
,
1166 int id
, xml_node_t
*node
)
1168 char *str
= xml_node_get_text(ctx
->xml
, node
);
1171 wpa_printf(MSG_INFO
, "- HomeSP/IconURL = %s", str
);
1172 /* not used within wpa_supplicant */
1173 xml_node_get_text_free(ctx
->xml
, str
);
1177 static void set_pps_cred_home_sp_fqdn(struct hs20_osu_client
*ctx
, int id
,
1180 char *str
= xml_node_get_text(ctx
->xml
, node
);
1183 wpa_printf(MSG_INFO
, "- HomeSP/FQDN = %s", str
);
1184 if (set_cred_quoted(ctx
->ifname
, id
, "domain", str
) < 0)
1185 wpa_printf(MSG_INFO
, "Failed to set cred domain");
1186 if (set_cred_quoted(ctx
->ifname
, id
, "domain_suffix_match", str
) < 0)
1187 wpa_printf(MSG_INFO
, "Failed to set cred domain_suffix_match");
1188 xml_node_get_text_free(ctx
->xml
, str
);
1192 static void set_pps_cred_home_sp_oi(struct hs20_osu_client
*ctx
, int id
,
1197 char *homeoi
= NULL
;
1201 xml_node_for_each_child(ctx
->xml
, child
, node
) {
1202 xml_node_for_each_check(ctx
->xml
, child
);
1203 name
= xml_node_get_localname(ctx
->xml
, child
);
1204 if (strcasecmp(name
, "HomeOI") == 0 && !homeoi
) {
1205 homeoi
= xml_node_get_text(ctx
->xml
, child
);
1206 wpa_printf(MSG_INFO
, "- HomeSP/HomeOIList/<X+>/HomeOI = %s",
1208 } else if (strcasecmp(name
, "HomeOIRequired") == 0) {
1209 str
= xml_node_get_text(ctx
->xml
, child
);
1210 wpa_printf(MSG_INFO
, "- HomeSP/HomeOIList/<X+>/HomeOIRequired = '%s'",
1214 required
= strcasecmp(str
, "true") == 0;
1215 xml_node_get_text_free(ctx
->xml
, str
);
1217 wpa_printf(MSG_INFO
, "Unknown HomeOIList node '%s'",
1221 if (homeoi
== NULL
) {
1222 wpa_printf(MSG_INFO
, "- HomeSP/HomeOIList/<X+> without HomeOI ignored");
1226 wpa_printf(MSG_INFO
, "- HomeSP/HomeOIList/<X+> '%s' required=%d",
1230 if (set_cred(ctx
->ifname
, id
, "required_roaming_consortium",
1232 wpa_printf(MSG_INFO
, "Failed to set cred required_roaming_consortium");
1234 if (set_cred(ctx
->ifname
, id
, "roaming_consortium", homeoi
) < 0)
1235 wpa_printf(MSG_INFO
, "Failed to set cred roaming_consortium");
1238 xml_node_get_text_free(ctx
->xml
, homeoi
);
1242 static void set_pps_cred_home_sp_oi_list(struct hs20_osu_client
*ctx
, int id
,
1247 wpa_printf(MSG_INFO
, "- HomeSP/HomeOIList");
1249 xml_node_for_each_child(ctx
->xml
, child
, node
) {
1250 xml_node_for_each_check(ctx
->xml
, child
);
1251 set_pps_cred_home_sp_oi(ctx
, id
, child
);
1256 static void set_pps_cred_home_sp_other_partner(struct hs20_osu_client
*ctx
,
1257 int id
, xml_node_t
*node
)
1263 xml_node_for_each_child(ctx
->xml
, child
, node
) {
1264 xml_node_for_each_check(ctx
->xml
, child
);
1265 name
= xml_node_get_localname(ctx
->xml
, child
);
1266 if (os_strcasecmp(name
, "FQDN") == 0 && !fqdn
) {
1267 fqdn
= xml_node_get_text(ctx
->xml
, child
);
1268 wpa_printf(MSG_INFO
, "- HomeSP/OtherHomePartners/<X+>/FQDN = %s",
1271 wpa_printf(MSG_INFO
, "Unknown OtherHomePartners node '%s'",
1276 wpa_printf(MSG_INFO
, "- HomeSP/OtherHomePartners/<X+> without FQDN ignored");
1280 if (set_cred_quoted(ctx
->ifname
, id
, "domain", fqdn
) < 0)
1281 wpa_printf(MSG_INFO
, "Failed to set cred domain for OtherHomePartners node");
1283 xml_node_get_text_free(ctx
->xml
, fqdn
);
1287 static void set_pps_cred_home_sp_other_partners(struct hs20_osu_client
*ctx
,
1293 wpa_printf(MSG_INFO
, "- HomeSP/OtherHomePartners");
1295 xml_node_for_each_child(ctx
->xml
, child
, node
) {
1296 xml_node_for_each_check(ctx
->xml
, child
);
1297 set_pps_cred_home_sp_other_partner(ctx
, id
, child
);
1302 static void set_pps_cred_home_sp_roaming_consortium_oi(
1303 struct hs20_osu_client
*ctx
, int id
, xml_node_t
*node
)
1305 char *str
= xml_node_get_text(ctx
->xml
, node
);
1308 wpa_printf(MSG_INFO
, "- HomeSP/RoamingConsortiumOI = %s", str
);
1309 if (set_cred_quoted(ctx
->ifname
, id
, "roaming_consortiums",
1311 wpa_printf(MSG_INFO
, "Failed to set cred roaming_consortiums");
1312 xml_node_get_text_free(ctx
->xml
, str
);
1316 static void set_pps_cred_home_sp(struct hs20_osu_client
*ctx
, int id
,
1322 wpa_printf(MSG_INFO
, "- HomeSP");
1324 xml_node_for_each_child(ctx
->xml
, child
, node
) {
1325 xml_node_for_each_check(ctx
->xml
, child
);
1326 name
= xml_node_get_localname(ctx
->xml
, child
);
1327 if (os_strcasecmp(name
, "NetworkID") == 0)
1328 set_pps_cred_home_sp_network_ids(ctx
, id
, child
);
1329 else if (os_strcasecmp(name
, "FriendlyName") == 0)
1330 set_pps_cred_home_sp_friendly_name(ctx
, id
, child
);
1331 else if (os_strcasecmp(name
, "IconURL") == 0)
1332 set_pps_cred_home_sp_icon_url(ctx
, id
, child
);
1333 else if (os_strcasecmp(name
, "FQDN") == 0)
1334 set_pps_cred_home_sp_fqdn(ctx
, id
, child
);
1335 else if (os_strcasecmp(name
, "HomeOIList") == 0)
1336 set_pps_cred_home_sp_oi_list(ctx
, id
, child
);
1337 else if (os_strcasecmp(name
, "OtherHomePartners") == 0)
1338 set_pps_cred_home_sp_other_partners(ctx
, id
, child
);
1339 else if (os_strcasecmp(name
, "RoamingConsortiumOI") == 0)
1340 set_pps_cred_home_sp_roaming_consortium_oi(ctx
, id
,
1343 wpa_printf(MSG_INFO
, "Unknown HomeSP node '%s'", name
);
1348 static void set_pps_cred_sub_params(struct hs20_osu_client
*ctx
, int id
,
1351 wpa_printf(MSG_INFO
, "- SubscriptionParameters");
1352 /* not used within wpa_supplicant */
1356 static void set_pps_cred_creation_date(struct hs20_osu_client
*ctx
, int id
,
1359 char *str
= xml_node_get_text(ctx
->xml
, node
);
1362 wpa_printf(MSG_INFO
, "- Credential/CreationDate = %s", str
);
1363 /* not used within wpa_supplicant */
1364 xml_node_get_text_free(ctx
->xml
, str
);
1368 static void set_pps_cred_expiration_date(struct hs20_osu_client
*ctx
, int id
,
1371 char *str
= xml_node_get_text(ctx
->xml
, node
);
1374 wpa_printf(MSG_INFO
, "- Credential/ExpirationDate = %s", str
);
1375 /* not used within wpa_supplicant */
1376 xml_node_get_text_free(ctx
->xml
, str
);
1380 static void set_pps_cred_username(struct hs20_osu_client
*ctx
, int id
,
1383 char *str
= xml_node_get_text(ctx
->xml
, node
);
1386 wpa_printf(MSG_INFO
, "- Credential/UsernamePassword/Username = %s",
1388 if (set_cred_quoted(ctx
->ifname
, id
, "username", str
) < 0)
1389 wpa_printf(MSG_INFO
, "Failed to set cred username");
1390 xml_node_get_text_free(ctx
->xml
, str
);
1394 static void set_pps_cred_password(struct hs20_osu_client
*ctx
, int id
,
1398 char *pw
, *hex
, *pos
, *end
;
1400 pw
= xml_node_get_base64_text(ctx
->xml
, node
, &len
);
1404 wpa_printf(MSG_INFO
, "- Credential/UsernamePassword/Password = %s", pw
);
1406 hex
= malloc(len
* 2 + 1);
1411 end
= hex
+ len
* 2 + 1;
1413 for (i
= 0; i
< len
; i
++) {
1414 snprintf(pos
, end
- pos
, "%02x", pw
[i
]);
1419 if (set_cred(ctx
->ifname
, id
, "password", hex
) < 0)
1420 wpa_printf(MSG_INFO
, "Failed to set cred password");
1425 static void set_pps_cred_machine_managed(struct hs20_osu_client
*ctx
, int id
,
1428 char *str
= xml_node_get_text(ctx
->xml
, node
);
1431 wpa_printf(MSG_INFO
, "- Credential/UsernamePassword/MachineManaged = %s",
1433 /* not used within wpa_supplicant */
1434 xml_node_get_text_free(ctx
->xml
, str
);
1438 static void set_pps_cred_soft_token_app(struct hs20_osu_client
*ctx
, int id
,
1441 char *str
= xml_node_get_text(ctx
->xml
, node
);
1444 wpa_printf(MSG_INFO
, "- Credential/UsernamePassword/SoftTokenApp = %s",
1446 /* not used within wpa_supplicant */
1447 xml_node_get_text_free(ctx
->xml
, str
);
1451 static void set_pps_cred_able_to_share(struct hs20_osu_client
*ctx
, int id
,
1454 char *str
= xml_node_get_text(ctx
->xml
, node
);
1457 wpa_printf(MSG_INFO
, "- Credential/UsernamePassword/AbleToShare = %s",
1459 /* not used within wpa_supplicant */
1460 xml_node_get_text_free(ctx
->xml
, str
);
1464 static void set_pps_cred_eap_method_eap_type(struct hs20_osu_client
*ctx
,
1465 int id
, xml_node_t
*node
)
1467 char *str
= xml_node_get_text(ctx
->xml
, node
);
1469 const char *eap_method
= NULL
;
1473 wpa_printf(MSG_INFO
,
1474 "- Credential/UsernamePassword/EAPMethod/EAPType = %s", str
);
1481 eap_method
= "TTLS";
1484 eap_method
= "PEAP";
1490 xml_node_get_text_free(ctx
->xml
, str
);
1492 wpa_printf(MSG_INFO
, "Unknown EAPType value");
1496 if (set_cred(ctx
->ifname
, id
, "eap", eap_method
) < 0)
1497 wpa_printf(MSG_INFO
, "Failed to set cred eap");
1501 static void set_pps_cred_eap_method_inner_method(struct hs20_osu_client
*ctx
,
1502 int id
, xml_node_t
*node
)
1504 char *str
= xml_node_get_text(ctx
->xml
, node
);
1505 const char *phase2
= NULL
;
1509 wpa_printf(MSG_INFO
,
1510 "- Credential/UsernamePassword/EAPMethod/InnerMethod = %s",
1512 if (os_strcmp(str
, "PAP") == 0)
1513 phase2
= "auth=PAP";
1514 else if (os_strcmp(str
, "CHAP") == 0)
1515 phase2
= "auth=CHAP";
1516 else if (os_strcmp(str
, "MS-CHAP") == 0)
1517 phase2
= "auth=MSCHAP";
1518 else if (os_strcmp(str
, "MS-CHAP-V2") == 0)
1519 phase2
= "auth=MSCHAPV2";
1520 xml_node_get_text_free(ctx
->xml
, str
);
1522 wpa_printf(MSG_INFO
, "Unknown InnerMethod value");
1526 if (set_cred_quoted(ctx
->ifname
, id
, "phase2", phase2
) < 0)
1527 wpa_printf(MSG_INFO
, "Failed to set cred phase2");
1531 static void set_pps_cred_eap_method(struct hs20_osu_client
*ctx
, int id
,
1537 wpa_printf(MSG_INFO
, "- Credential/UsernamePassword/EAPMethod");
1539 xml_node_for_each_child(ctx
->xml
, child
, node
) {
1540 xml_node_for_each_check(ctx
->xml
, child
);
1541 name
= xml_node_get_localname(ctx
->xml
, child
);
1542 if (os_strcasecmp(name
, "EAPType") == 0)
1543 set_pps_cred_eap_method_eap_type(ctx
, id
, child
);
1544 else if (os_strcasecmp(name
, "InnerMethod") == 0)
1545 set_pps_cred_eap_method_inner_method(ctx
, id
, child
);
1547 wpa_printf(MSG_INFO
, "Unknown Credential/UsernamePassword/EAPMethod node '%s'",
1553 static void set_pps_cred_username_password(struct hs20_osu_client
*ctx
, int id
,
1559 wpa_printf(MSG_INFO
, "- Credential/UsernamePassword");
1561 xml_node_for_each_child(ctx
->xml
, child
, node
) {
1562 xml_node_for_each_check(ctx
->xml
, child
);
1563 name
= xml_node_get_localname(ctx
->xml
, child
);
1564 if (os_strcasecmp(name
, "Username") == 0)
1565 set_pps_cred_username(ctx
, id
, child
);
1566 else if (os_strcasecmp(name
, "Password") == 0)
1567 set_pps_cred_password(ctx
, id
, child
);
1568 else if (os_strcasecmp(name
, "MachineManaged") == 0)
1569 set_pps_cred_machine_managed(ctx
, id
, child
);
1570 else if (os_strcasecmp(name
, "SoftTokenApp") == 0)
1571 set_pps_cred_soft_token_app(ctx
, id
, child
);
1572 else if (os_strcasecmp(name
, "AbleToShare") == 0)
1573 set_pps_cred_able_to_share(ctx
, id
, child
);
1574 else if (os_strcasecmp(name
, "EAPMethod") == 0)
1575 set_pps_cred_eap_method(ctx
, id
, child
);
1577 wpa_printf(MSG_INFO
, "Unknown Credential/UsernamePassword node '%s'",
1583 static void set_pps_cred_digital_cert(struct hs20_osu_client
*ctx
, int id
,
1584 xml_node_t
*node
, const char *fqdn
)
1586 char buf
[200], dir
[200];
1588 wpa_printf(MSG_INFO
, "- Credential/DigitalCertificate");
1590 if (getcwd(dir
, sizeof(dir
)) == NULL
)
1593 /* TODO: could build username from Subject of Subject AltName */
1594 if (set_cred_quoted(ctx
->ifname
, id
, "username", "cert") < 0) {
1595 wpa_printf(MSG_INFO
, "Failed to set username");
1598 snprintf(buf
, sizeof(buf
), "%s/SP/%s/client-cert.pem", dir
, fqdn
);
1599 if (os_file_exists(buf
)) {
1600 if (set_cred_quoted(ctx
->ifname
, id
, "client_cert", buf
) < 0) {
1601 wpa_printf(MSG_INFO
, "Failed to set client_cert");
1605 snprintf(buf
, sizeof(buf
), "%s/SP/%s/client-key.pem", dir
, fqdn
);
1606 if (os_file_exists(buf
)) {
1607 if (set_cred_quoted(ctx
->ifname
, id
, "private_key", buf
) < 0) {
1608 wpa_printf(MSG_INFO
, "Failed to set private_key");
1614 static void set_pps_cred_realm(struct hs20_osu_client
*ctx
, int id
,
1615 xml_node_t
*node
, const char *fqdn
, int sim
)
1617 char *str
= xml_node_get_text(ctx
->xml
, node
);
1618 char buf
[200], dir
[200];
1623 wpa_printf(MSG_INFO
, "- Credential/Realm = %s", str
);
1624 if (set_cred_quoted(ctx
->ifname
, id
, "realm", str
) < 0)
1625 wpa_printf(MSG_INFO
, "Failed to set cred realm");
1626 xml_node_get_text_free(ctx
->xml
, str
);
1631 if (getcwd(dir
, sizeof(dir
)) == NULL
)
1633 snprintf(buf
, sizeof(buf
), "%s/SP/%s/aaa-ca.pem", dir
, fqdn
);
1634 if (os_file_exists(buf
)) {
1635 if (set_cred_quoted(ctx
->ifname
, id
, "ca_cert", buf
) < 0) {
1636 wpa_printf(MSG_INFO
, "Failed to set CA cert");
1642 static void set_pps_cred_check_aaa_cert_status(struct hs20_osu_client
*ctx
,
1643 int id
, xml_node_t
*node
)
1645 char *str
= xml_node_get_text(ctx
->xml
, node
);
1650 wpa_printf(MSG_INFO
, "- Credential/CheckAAAServerCertStatus = %s", str
);
1651 if (os_strcasecmp(str
, "true") == 0 &&
1652 set_cred(ctx
->ifname
, id
, "ocsp", "2") < 0)
1653 wpa_printf(MSG_INFO
, "Failed to set cred ocsp");
1654 xml_node_get_text_free(ctx
->xml
, str
);
1658 static void set_pps_cred_sim(struct hs20_osu_client
*ctx
, int id
,
1659 xml_node_t
*sim
, xml_node_t
*realm
)
1662 char *imsi
, *eaptype
, *str
, buf
[20];
1667 node
= get_node(ctx
->xml
, sim
, "EAPType");
1669 wpa_printf(MSG_INFO
, "No SIM/EAPType node in credential");
1672 eaptype
= xml_node_get_text(ctx
->xml
, node
);
1673 if (eaptype
== NULL
) {
1674 wpa_printf(MSG_INFO
, "Could not extract SIM/EAPType");
1677 wpa_printf(MSG_INFO
, " - Credential/SIM/EAPType = %s", eaptype
);
1678 type
= atoi(eaptype
);
1679 xml_node_get_text_free(ctx
->xml
, eaptype
);
1683 if (set_cred(ctx
->ifname
, id
, "eap", "SIM") < 0)
1684 wpa_printf(MSG_INFO
, "Could not set eap=SIM");
1687 if (set_cred(ctx
->ifname
, id
, "eap", "AKA") < 0)
1688 wpa_printf(MSG_INFO
, "Could not set eap=SIM");
1690 case EAP_TYPE_AKA_PRIME
:
1691 if (set_cred(ctx
->ifname
, id
, "eap", "AKA'") < 0)
1692 wpa_printf(MSG_INFO
, "Could not set eap=SIM");
1695 wpa_printf(MSG_INFO
, "Unsupported SIM/EAPType %d", type
);
1699 node
= get_node(ctx
->xml
, sim
, "IMSI");
1701 wpa_printf(MSG_INFO
, "No SIM/IMSI node in credential");
1704 imsi
= xml_node_get_text(ctx
->xml
, node
);
1706 wpa_printf(MSG_INFO
, "Could not extract SIM/IMSI");
1709 wpa_printf(MSG_INFO
, " - Credential/SIM/IMSI = %s", imsi
);
1710 imsi_len
= os_strlen(imsi
);
1711 if (imsi_len
< 7 || imsi_len
+ 2 > sizeof(buf
)) {
1712 wpa_printf(MSG_INFO
, "Invalid IMSI length");
1713 xml_node_get_text_free(ctx
->xml
, imsi
);
1717 str
= xml_node_get_text(ctx
->xml
, node
);
1720 pos
= os_strstr(str
, "mnc");
1721 if (pos
&& os_strlen(pos
) >= 6) {
1722 if (os_strncmp(imsi
+ 3, pos
+ 3, 3) == 0)
1724 else if (os_strncmp(imsi
+ 3, pos
+ 4, 2) == 0)
1727 xml_node_get_text_free(ctx
->xml
, str
);
1730 os_memcpy(buf
, imsi
, 3 + mnc_len
);
1731 buf
[3 + mnc_len
] = '-';
1732 os_strlcpy(buf
+ 3 + mnc_len
+ 1, imsi
+ 3 + mnc_len
,
1733 sizeof(buf
) - 3 - mnc_len
- 1);
1735 xml_node_get_text_free(ctx
->xml
, imsi
);
1737 if (set_cred_quoted(ctx
->ifname
, id
, "imsi", buf
) < 0)
1738 wpa_printf(MSG_INFO
, "Could not set IMSI");
1740 if (set_cred_quoted(ctx
->ifname
, id
, "milenage",
1741 "90dca4eda45b53cf0f12d7c9c3bc6a89:"
1742 "cb9cccc4b9258e6dca4760379fb82581:000000000123") <
1744 wpa_printf(MSG_INFO
, "Could not set Milenage parameters");
1748 static void set_pps_cred_credential(struct hs20_osu_client
*ctx
, int id
,
1749 xml_node_t
*node
, const char *fqdn
)
1751 xml_node_t
*child
, *sim
, *realm
;
1754 wpa_printf(MSG_INFO
, "- Credential");
1756 sim
= get_node(ctx
->xml
, node
, "SIM");
1757 realm
= get_node(ctx
->xml
, node
, "Realm");
1759 xml_node_for_each_child(ctx
->xml
, child
, node
) {
1760 xml_node_for_each_check(ctx
->xml
, child
);
1761 name
= xml_node_get_localname(ctx
->xml
, child
);
1762 if (os_strcasecmp(name
, "CreationDate") == 0)
1763 set_pps_cred_creation_date(ctx
, id
, child
);
1764 else if (os_strcasecmp(name
, "ExpirationDate") == 0)
1765 set_pps_cred_expiration_date(ctx
, id
, child
);
1766 else if (os_strcasecmp(name
, "UsernamePassword") == 0)
1767 set_pps_cred_username_password(ctx
, id
, child
);
1768 else if (os_strcasecmp(name
, "DigitalCertificate") == 0)
1769 set_pps_cred_digital_cert(ctx
, id
, child
, fqdn
);
1770 else if (os_strcasecmp(name
, "Realm") == 0)
1771 set_pps_cred_realm(ctx
, id
, child
, fqdn
, sim
!= NULL
);
1772 else if (os_strcasecmp(name
, "CheckAAAServerCertStatus") == 0)
1773 set_pps_cred_check_aaa_cert_status(ctx
, id
, child
);
1774 else if (os_strcasecmp(name
, "SIM") == 0)
1775 set_pps_cred_sim(ctx
, id
, child
, realm
);
1777 wpa_printf(MSG_INFO
, "Unknown Credential node '%s'",
1783 static void set_pps_credential(struct hs20_osu_client
*ctx
, int id
,
1784 xml_node_t
*cred
, const char *fqdn
)
1789 xml_node_for_each_child(ctx
->xml
, child
, cred
) {
1790 xml_node_for_each_check(ctx
->xml
, child
);
1791 name
= xml_node_get_localname(ctx
->xml
, child
);
1792 if (os_strcasecmp(name
, "Policy") == 0)
1793 set_pps_cred_policy(ctx
, id
, child
);
1794 else if (os_strcasecmp(name
, "CredentialPriority") == 0)
1795 set_pps_cred_priority(ctx
, id
, child
);
1796 else if (os_strcasecmp(name
, "AAAServerTrustRoot") == 0)
1797 set_pps_cred_aaa_server_trust_root(ctx
, id
, child
);
1798 else if (os_strcasecmp(name
, "SubscriptionUpdate") == 0)
1799 set_pps_cred_sub_update(ctx
, id
, child
);
1800 else if (os_strcasecmp(name
, "HomeSP") == 0)
1801 set_pps_cred_home_sp(ctx
, id
, child
);
1802 else if (os_strcasecmp(name
, "SubscriptionParameters") == 0)
1803 set_pps_cred_sub_params(ctx
, id
, child
);
1804 else if (os_strcasecmp(name
, "Credential") == 0)
1805 set_pps_cred_credential(ctx
, id
, child
, fqdn
);
1807 wpa_printf(MSG_INFO
, "Unknown credential node '%s'",
1813 static void set_pps(struct hs20_osu_client
*ctx
, xml_node_t
*pps
,
1819 char *update_identifier
= NULL
;
1822 * TODO: Could consider more complex mechanism that would remove
1823 * credentials only if there are changes in the information sent to
1826 remove_sp_creds(ctx
, fqdn
);
1828 xml_node_for_each_child(ctx
->xml
, child
, pps
) {
1829 xml_node_for_each_check(ctx
->xml
, child
);
1830 name
= xml_node_get_localname(ctx
->xml
, child
);
1831 if (os_strcasecmp(name
, "UpdateIdentifier") == 0) {
1832 update_identifier
= xml_node_get_text(ctx
->xml
, child
);
1833 if (update_identifier
) {
1834 wpa_printf(MSG_INFO
, "- UpdateIdentifier = %s",
1841 xml_node_for_each_child(ctx
->xml
, child
, pps
) {
1842 xml_node_for_each_check(ctx
->xml
, child
);
1843 name
= xml_node_get_localname(ctx
->xml
, child
);
1844 if (os_strcasecmp(name
, "UpdateIdentifier") == 0)
1846 id
= add_cred(ctx
->ifname
);
1848 wpa_printf(MSG_INFO
, "Failed to add credential to wpa_supplicant");
1849 write_summary(ctx
, "Failed to add credential to wpa_supplicant");
1852 write_summary(ctx
, "Add a credential to wpa_supplicant");
1853 if (update_identifier
&&
1854 set_cred(ctx
->ifname
, id
, "update_identifier",
1855 update_identifier
) < 0)
1856 wpa_printf(MSG_INFO
, "Failed to set update_identifier");
1857 if (set_cred_quoted(ctx
->ifname
, id
, "provisioning_sp", fqdn
) <
1859 wpa_printf(MSG_INFO
, "Failed to set provisioning_sp");
1860 wpa_printf(MSG_INFO
, "credential localname: '%s'", name
);
1861 set_pps_credential(ctx
, id
, child
, fqdn
);
1862 ctx
->pps_cred_set
= 1;
1865 xml_node_get_text_free(ctx
->xml
, update_identifier
);
1869 void cmd_set_pps(struct hs20_osu_client
*ctx
, const char *pps_fname
)
1873 char *fqdn_buf
= NULL
, *pos
;
1875 pps
= node_from_file(ctx
->xml
, pps_fname
);
1877 wpa_printf(MSG_INFO
, "Could not read or parse '%s'", pps_fname
);
1881 fqdn
= os_strstr(pps_fname
, "SP/");
1883 fqdn_buf
= os_strdup(fqdn
+ 3);
1884 if (fqdn_buf
== NULL
)
1886 pos
= os_strchr(fqdn_buf
, '/');
1893 wpa_printf(MSG_INFO
, "Set PPS MO info to wpa_supplicant - SP FQDN %s",
1895 set_pps(ctx
, pps
, fqdn
);
1898 xml_node_free(ctx
->xml
, pps
);
1902 static int cmd_get_fqdn(struct hs20_osu_client
*ctx
, const char *pps_fname
)
1904 xml_node_t
*pps
, *node
;
1907 pps
= node_from_file(ctx
->xml
, pps_fname
);
1909 wpa_printf(MSG_INFO
, "Could not read or parse '%s'", pps_fname
);
1913 node
= get_child_node(ctx
->xml
, pps
, "HomeSP/FQDN");
1915 fqdn
= xml_node_get_text(ctx
->xml
, node
);
1917 xml_node_free(ctx
->xml
, pps
);
1920 FILE *f
= fopen("pps-fqdn", "w");
1922 fprintf(f
, "%s", fqdn
);
1925 xml_node_get_text_free(ctx
->xml
, fqdn
);
1929 xml_node_get_text_free(ctx
->xml
, fqdn
);
1934 static void cmd_to_tnds(struct hs20_osu_client
*ctx
, const char *in_fname
,
1935 const char *out_fname
, const char *urn
, int use_path
)
1937 xml_node_t
*mo
, *node
;
1939 mo
= node_from_file(ctx
->xml
, in_fname
);
1941 wpa_printf(MSG_INFO
, "Could not read or parse '%s'", in_fname
);
1945 node
= mo_to_tnds(ctx
->xml
, mo
, use_path
, urn
, NULL
);
1947 node_to_file(ctx
->xml
, out_fname
, node
);
1948 xml_node_free(ctx
->xml
, node
);
1951 xml_node_free(ctx
->xml
, mo
);
1955 static void cmd_from_tnds(struct hs20_osu_client
*ctx
, const char *in_fname
,
1956 const char *out_fname
)
1958 xml_node_t
*tnds
, *mo
;
1960 tnds
= node_from_file(ctx
->xml
, in_fname
);
1962 wpa_printf(MSG_INFO
, "Could not read or parse '%s'", in_fname
);
1966 mo
= tnds_to_mo(ctx
->xml
, tnds
);
1968 node_to_file(ctx
->xml
, out_fname
, mo
);
1969 xml_node_free(ctx
->xml
, mo
);
1972 xml_node_free(ctx
->xml
, tnds
);
1979 char mime_type
[256];
1986 unsigned int methods
;
1990 struct osu_lang_text friendly_name
[MAX_OSU_VALS
];
1991 size_t friendly_name_count
;
1992 struct osu_lang_text serv_desc
[MAX_OSU_VALS
];
1993 size_t serv_desc_count
;
1994 struct osu_icon icon
[MAX_OSU_VALS
];
1999 static struct osu_data
* parse_osu_providers(const char *fname
, size_t *count
)
2003 struct osu_data
*osu
= NULL
, *last
= NULL
;
2004 size_t osu_count
= 0;
2007 f
= fopen(fname
, "r");
2009 wpa_printf(MSG_ERROR
, "Could not open %s", fname
);
2013 while (fgets(buf
, sizeof(buf
), f
)) {
2014 pos
= strchr(buf
, '\n');
2018 if (strncmp(buf
, "OSU-PROVIDER ", 13) == 0) {
2019 last
= realloc(osu
, (osu_count
+ 1) * sizeof(*osu
));
2023 last
= &osu
[osu_count
++];
2024 memset(last
, 0, sizeof(*last
));
2025 snprintf(last
->bssid
, sizeof(last
->bssid
), "%s",
2032 if (strncmp(buf
, "uri=", 4) == 0) {
2033 snprintf(last
->url
, sizeof(last
->url
), "%s", buf
+ 4);
2037 if (strncmp(buf
, "methods=", 8) == 0) {
2038 last
->methods
= strtol(buf
+ 8, NULL
, 16);
2042 if (strncmp(buf
, "osu_ssid=", 9) == 0) {
2043 snprintf(last
->osu_ssid
, sizeof(last
->osu_ssid
),
2048 if (strncmp(buf
, "osu_ssid2=", 10) == 0) {
2049 snprintf(last
->osu_ssid2
, sizeof(last
->osu_ssid2
),
2054 if (os_strncmp(buf
, "osu_nai=", 8) == 0) {
2055 os_snprintf(last
->osu_nai
, sizeof(last
->osu_nai
),
2060 if (strncmp(buf
, "friendly_name=", 14) == 0) {
2061 struct osu_lang_text
*txt
;
2062 if (last
->friendly_name_count
== MAX_OSU_VALS
)
2064 pos
= strchr(buf
+ 14, ':');
2068 txt
= &last
->friendly_name
[last
->friendly_name_count
++];
2069 snprintf(txt
->lang
, sizeof(txt
->lang
), "%s", buf
+ 14);
2070 snprintf(txt
->text
, sizeof(txt
->text
), "%s", pos
);
2073 if (strncmp(buf
, "desc=", 5) == 0) {
2074 struct osu_lang_text
*txt
;
2075 if (last
->serv_desc_count
== MAX_OSU_VALS
)
2077 pos
= strchr(buf
+ 5, ':');
2081 txt
= &last
->serv_desc
[last
->serv_desc_count
++];
2082 snprintf(txt
->lang
, sizeof(txt
->lang
), "%s", buf
+ 5);
2083 snprintf(txt
->text
, sizeof(txt
->text
), "%s", pos
);
2086 if (strncmp(buf
, "icon=", 5) == 0) {
2087 struct osu_icon
*icon
;
2088 if (last
->icon_count
== MAX_OSU_VALS
)
2090 icon
= &last
->icon
[last
->icon_count
++];
2091 icon
->id
= atoi(buf
+ 5);
2092 pos
= strchr(buf
, ':');
2095 pos
= strchr(pos
+ 1, ':');
2098 pos
= strchr(pos
+ 1, ':');
2102 end
= strchr(pos
, ':');
2106 snprintf(icon
->lang
, sizeof(icon
->lang
), "%s", pos
);
2109 end
= strchr(pos
, ':');
2112 snprintf(icon
->mime_type
, sizeof(icon
->mime_type
),
2118 end
= strchr(pos
, ':');
2121 snprintf(icon
->filename
, sizeof(icon
->filename
),
2134 static int osu_connect(struct hs20_osu_client
*ctx
, const char *bssid
,
2135 const char *ssid
, const char *ssid2
, const char *url
,
2136 unsigned int methods
, int no_prod_assoc
,
2137 const char *osu_nai
)
2140 const char *ifname
= ctx
->ifname
;
2142 struct wpa_ctrl
*mon
;
2145 if (ssid2
&& ssid2
[0] == '\0')
2148 if (ctx
->osu_ssid
) {
2149 if (os_strcmp(ssid
, ctx
->osu_ssid
) == 0) {
2150 wpa_printf(MSG_DEBUG
,
2151 "Enforced OSU SSID matches ANQP info");
2153 } else if (ssid2
&& os_strcmp(ssid2
, ctx
->osu_ssid
) == 0) {
2154 wpa_printf(MSG_DEBUG
,
2155 "Enforced OSU SSID matches RSN[OSEN] info");
2158 wpa_printf(MSG_INFO
, "Enforced OSU SSID did not match");
2159 write_summary(ctx
, "Enforced OSU SSID did not match");
2164 id
= add_network(ifname
);
2167 if (set_network_quoted(ifname
, id
, "ssid", ssid
) < 0)
2169 if (osu_nai
&& os_strlen(osu_nai
) > 0) {
2170 char dir
[255], fname
[300];
2171 if (getcwd(dir
, sizeof(dir
)) == NULL
)
2173 os_snprintf(fname
, sizeof(fname
), "%s/osu-ca.pem", dir
);
2175 if (ssid2
&& set_network_quoted(ifname
, id
, "ssid", ssid2
) < 0)
2178 if (set_network(ifname
, id
, "proto", "OSEN") < 0 ||
2179 set_network(ifname
, id
, "key_mgmt", "OSEN") < 0 ||
2180 set_network(ifname
, id
, "pairwise", "CCMP") < 0 ||
2181 set_network(ifname
, id
, "group", "GTK_NOT_USED CCMP") < 0 ||
2182 set_network(ifname
, id
, "eap", "WFA-UNAUTH-TLS") < 0 ||
2183 set_network(ifname
, id
, "ocsp", "2") < 0 ||
2184 set_network_quoted(ifname
, id
, "identity", osu_nai
) < 0 ||
2185 set_network_quoted(ifname
, id
, "ca_cert", fname
) < 0)
2188 if (set_network(ifname
, id
, "key_mgmt", "NONE") < 0)
2192 mon
= open_wpa_mon(ifname
);
2196 wpa_printf(MSG_INFO
, "Associate with OSU SSID");
2197 write_summary(ctx
, "Associate with OSU SSID");
2198 snprintf(buf
, sizeof(buf
), "SELECT_NETWORK %d", id
);
2199 if (wpa_command(ifname
, buf
) < 0)
2202 res
= get_wpa_cli_event(mon
, "CTRL-EVENT-CONNECTED",
2205 wpa_ctrl_detach(mon
);
2206 wpa_ctrl_close(mon
);
2209 wpa_printf(MSG_INFO
, "Could not connect");
2210 write_summary(ctx
, "Could not connect to OSU network");
2211 wpa_printf(MSG_INFO
, "Remove OSU network connection");
2212 snprintf(buf
, sizeof(buf
), "REMOVE_NETWORK %d", id
);
2213 wpa_command(ifname
, buf
);
2217 write_summary(ctx
, "Waiting for IP address for subscription registration");
2218 if (wait_ip_addr(ifname
, 15) < 0) {
2219 wpa_printf(MSG_INFO
, "Could not get IP address for WLAN - try connection anyway");
2222 if (no_prod_assoc
) {
2225 wpa_printf(MSG_INFO
, "No production connection used for testing purposes");
2226 write_summary(ctx
, "No production connection used for testing purposes");
2230 ctx
->no_reconnect
= 1;
2231 if (methods
& 0x02) {
2232 wpa_printf(MSG_DEBUG
, "Calling cmd_prov from osu_connect");
2233 res
= cmd_prov(ctx
, url
);
2234 } else if (methods
& 0x01) {
2235 wpa_printf(MSG_DEBUG
,
2236 "Calling cmd_oma_dm_prov from osu_connect");
2237 res
= cmd_oma_dm_prov(ctx
, url
);
2240 wpa_printf(MSG_INFO
, "Remove OSU network connection");
2241 write_summary(ctx
, "Remove OSU network connection");
2242 snprintf(buf
, sizeof(buf
), "REMOVE_NETWORK %d", id
);
2243 wpa_command(ifname
, buf
);
2248 wpa_printf(MSG_INFO
, "Requesting reconnection with updated configuration");
2249 write_summary(ctx
, "Requesting reconnection with updated configuration");
2250 if (wpa_command(ctx
->ifname
, "INTERWORKING_SELECT auto") < 0) {
2251 wpa_printf(MSG_INFO
, "Failed to request wpa_supplicant to reconnect");
2252 write_summary(ctx
, "Failed to request wpa_supplicant to reconnect");
2260 static int cmd_osu_select(struct hs20_osu_client
*ctx
, const char *dir
,
2261 int connect
, int no_prod_assoc
,
2262 const char *friendly_name
)
2266 struct osu_data
*osu
= NULL
, *last
= NULL
;
2267 size_t osu_count
= 0, i
, j
;
2270 write_summary(ctx
, "OSU provider selection");
2273 wpa_printf(MSG_INFO
, "Missing dir parameter to osu_select");
2277 snprintf(fname
, sizeof(fname
), "%s/osu-providers.txt", dir
);
2278 osu
= parse_osu_providers(fname
, &osu_count
);
2280 wpa_printf(MSG_INFO
, "Could not find any OSU providers from %s",
2282 write_result(ctx
, "No OSU providers available");
2286 if (friendly_name
) {
2287 for (i
= 0; i
< osu_count
; i
++) {
2289 for (j
= 0; j
< last
->friendly_name_count
; j
++) {
2290 if (os_strcmp(last
->friendly_name
[j
].text
,
2291 friendly_name
) == 0)
2294 if (j
< last
->friendly_name_count
)
2297 if (i
== osu_count
) {
2298 wpa_printf(MSG_INFO
, "Requested operator friendly name '%s' not found in the list of available providers",
2300 write_summary(ctx
, "Requested operator friendly name '%s' not found in the list of available providers",
2306 wpa_printf(MSG_INFO
, "OSU Provider selected based on requested operator friendly name '%s'",
2308 write_summary(ctx
, "OSU Provider selected based on requested operator friendly name '%s'",
2314 snprintf(fname
, sizeof(fname
), "%s/osu-providers.html", dir
);
2315 f
= fopen(fname
, "w");
2317 wpa_printf(MSG_INFO
, "Could not open %s", fname
);
2322 fprintf(f
, "<html><head>"
2323 "<meta http-equiv=\"Content-type\" content=\"text/html; "
2324 "charset=utf-8\"<title>Select service operator</title>"
2325 "</head><body><h1>Select service operator</h1>\n");
2328 fprintf(f
, "No online signup available\n");
2330 for (i
= 0; i
< osu_count
; i
++) {
2334 "<a href=\"http://localhost:12345/osu/%d\">"
2335 "<table><tr><td>", (int) i
+ 1);
2338 "<a href=\"osu://%d\">"
2339 "<table><tr><td>", (int) i
+ 1);
2340 #endif /* ANDROID */
2341 for (j
= 0; j
< last
->icon_count
; j
++) {
2342 fprintf(f
, "<img src=\"osu-icon-%d.%s\">\n",
2344 strcasecmp(last
->icon
[j
].mime_type
,
2345 "image/png") == 0 ? "png" : "icon");
2348 for (j
= 0; j
< last
->friendly_name_count
; j
++) {
2349 fprintf(f
, "<small>[%s]</small> %s<br>\n",
2350 last
->friendly_name
[j
].lang
,
2351 last
->friendly_name
[j
].text
);
2353 fprintf(f
, "<tr><td colspan=2>");
2354 for (j
= 0; j
< last
->serv_desc_count
; j
++) {
2355 fprintf(f
, "<small>[%s]</small> %s<br>\n",
2356 last
->serv_desc
[j
].lang
,
2357 last
->serv_desc
[j
].text
);
2359 fprintf(f
, "</table></a><br><small>BSSID: %s<br>\n"
2361 last
->bssid
, last
->osu_ssid
);
2362 if (last
->osu_ssid2
[0])
2363 fprintf(f
, "SSID2: %s<br>\n", last
->osu_ssid2
);
2364 if (last
->osu_nai
[0])
2365 fprintf(f
, "NAI: %s<br>\n", last
->osu_nai
);
2366 fprintf(f
, "URL: %s<br>\n"
2367 "methods:%s%s<br>\n"
2370 last
->methods
& 0x01 ? " OMA-DM" : "",
2371 last
->methods
& 0x02 ? " SOAP-XML-SPP" : "");
2374 fprintf(f
, "</body></html>\n");
2378 snprintf(fname
, sizeof(fname
), "file://%s/osu-providers.html", dir
);
2379 write_summary(ctx
, "Start web browser with OSU provider selection page");
2380 ret
= hs20_web_browser(fname
);
2383 if (ret
> 0 && (size_t) ret
<= osu_count
) {
2387 wpa_printf(MSG_INFO
, "Selected OSU id=%d", ret
);
2388 last
= &osu
[ret
- 1];
2390 wpa_printf(MSG_INFO
, "BSSID: %s", last
->bssid
);
2391 wpa_printf(MSG_INFO
, "SSID: %s", last
->osu_ssid
);
2392 if (last
->osu_ssid2
[0])
2393 wpa_printf(MSG_INFO
, "SSID2: %s", last
->osu_ssid2
);
2394 wpa_printf(MSG_INFO
, "URL: %s", last
->url
);
2395 write_summary(ctx
, "Selected OSU provider id=%d BSSID=%s SSID=%s URL=%s",
2396 ret
, last
->bssid
, last
->osu_ssid
, last
->url
);
2398 ctx
->friendly_name_count
= last
->friendly_name_count
;
2399 for (j
= 0; j
< last
->friendly_name_count
; j
++) {
2400 wpa_printf(MSG_INFO
, "FRIENDLY_NAME: [%s]%s",
2401 last
->friendly_name
[j
].lang
,
2402 last
->friendly_name
[j
].text
);
2403 os_strlcpy(ctx
->friendly_name
[j
].lang
,
2404 last
->friendly_name
[j
].lang
,
2405 sizeof(ctx
->friendly_name
[j
].lang
));
2406 os_strlcpy(ctx
->friendly_name
[j
].text
,
2407 last
->friendly_name
[j
].text
,
2408 sizeof(ctx
->friendly_name
[j
].text
));
2411 ctx
->icon_count
= last
->icon_count
;
2412 for (j
= 0; j
< last
->icon_count
; j
++) {
2415 os_snprintf(fname
, sizeof(fname
), "%s/osu-icon-%d.%s",
2416 dir
, last
->icon
[j
].id
,
2417 strcasecmp(last
->icon
[j
].mime_type
,
2420 wpa_printf(MSG_INFO
, "ICON: %s (%s)",
2421 fname
, last
->icon
[j
].filename
);
2422 os_strlcpy(ctx
->icon_filename
[j
],
2423 last
->icon
[j
].filename
,
2424 sizeof(ctx
->icon_filename
[j
]));
2426 data
= os_readfile(fname
, &data_len
);
2428 sha256_vector(1, (const u8
**) &data
, &data_len
,
2435 if (last
->methods
& 0x02) {
2436 wpa_printf(MSG_DEBUG
,
2437 "Calling cmd_prov from cmd_osu_select");
2438 ret
= cmd_prov(ctx
, last
->url
);
2439 } else if (last
->methods
& 0x01) {
2440 wpa_printf(MSG_DEBUG
,
2441 "Calling cmd_oma_dm_prov from cmd_osu_select");
2442 ret
= cmd_oma_dm_prov(ctx
, last
->url
);
2444 wpa_printf(MSG_DEBUG
,
2445 "No supported OSU provisioning method");
2448 } else if (connect
) {
2449 ret
= osu_connect(ctx
, last
->bssid
, last
->osu_ssid
,
2451 last
->url
, last
->methods
,
2452 no_prod_assoc
, last
->osu_nai
);
2463 static int cmd_signup(struct hs20_osu_client
*ctx
, int no_prod_assoc
,
2464 const char *friendly_name
)
2467 char fname
[300], buf
[400];
2468 struct wpa_ctrl
*mon
;
2472 ifname
= ctx
->ifname
;
2474 if (getcwd(dir
, sizeof(dir
)) == NULL
)
2477 snprintf(fname
, sizeof(fname
), "%s/osu-info", dir
);
2478 if (mkdir(fname
, S_IRWXU
| S_IRWXG
| S_IROTH
| S_IXOTH
) < 0 &&
2480 wpa_printf(MSG_INFO
, "mkdir(%s) failed: %s",
2481 fname
, strerror(errno
));
2485 android_update_permission(fname
, S_IRWXU
| S_IRWXG
| S_IROTH
| S_IXOTH
);
2487 snprintf(buf
, sizeof(buf
), "SET osu_dir %s", fname
);
2488 if (wpa_command(ifname
, buf
) < 0) {
2489 wpa_printf(MSG_INFO
, "Failed to configure osu_dir to wpa_supplicant");
2493 mon
= open_wpa_mon(ifname
);
2497 wpa_printf(MSG_INFO
, "Starting OSU fetch");
2498 write_summary(ctx
, "Starting OSU provider information fetch");
2499 if (wpa_command(ifname
, "FETCH_OSU") < 0) {
2500 wpa_printf(MSG_INFO
, "Could not start OSU fetch");
2501 wpa_ctrl_detach(mon
);
2502 wpa_ctrl_close(mon
);
2505 res
= get_wpa_cli_event(mon
, "OSU provider fetch completed",
2508 wpa_ctrl_detach(mon
);
2509 wpa_ctrl_close(mon
);
2512 wpa_printf(MSG_INFO
, "OSU fetch did not complete");
2513 write_summary(ctx
, "OSU fetch did not complete");
2516 wpa_printf(MSG_INFO
, "OSU provider fetch completed");
2518 return cmd_osu_select(ctx
, fname
, 1, no_prod_assoc
, friendly_name
);
2522 static int cmd_sub_rem(struct hs20_osu_client
*ctx
, const char *address
,
2523 const char *pps_fname
, const char *ca_fname
)
2525 xml_node_t
*pps
, *node
;
2526 char pps_fname_buf
[300];
2527 char ca_fname_buf
[200];
2528 char *cred_username
= NULL
;
2529 char *cred_password
= NULL
;
2530 char *sub_rem_uri
= NULL
;
2531 char client_cert_buf
[200];
2532 char *client_cert
= NULL
;
2533 char client_key_buf
[200];
2534 char *client_key
= NULL
;
2537 wpa_printf(MSG_INFO
, "Subscription remediation requested with Server URL: %s",
2542 wpa_printf(MSG_INFO
, "Determining PPS file based on Home SP information");
2543 if (os_strncmp(address
, "fqdn=", 5) == 0) {
2544 wpa_printf(MSG_INFO
, "Use requested FQDN from command line");
2545 os_snprintf(buf
, sizeof(buf
), "%s", address
+ 5);
2547 } else if (get_wpa_status(ctx
->ifname
, "provisioning_sp", buf
,
2549 wpa_printf(MSG_INFO
, "Could not get provisioning Home SP FQDN from wpa_supplicant");
2553 ctx
->fqdn
= os_strdup(buf
);
2554 if (ctx
->fqdn
== NULL
)
2556 wpa_printf(MSG_INFO
, "Home SP FQDN for current credential: %s",
2558 os_snprintf(pps_fname_buf
, sizeof(pps_fname_buf
),
2559 "SP/%s/pps.xml", ctx
->fqdn
);
2560 pps_fname
= pps_fname_buf
;
2562 os_snprintf(ca_fname_buf
, sizeof(ca_fname_buf
), "SP/%s/ca.pem",
2564 ca_fname
= ca_fname_buf
;
2567 if (!os_file_exists(pps_fname
)) {
2568 wpa_printf(MSG_INFO
, "PPS file '%s' does not exist or is not accessible",
2572 wpa_printf(MSG_INFO
, "Using PPS file: %s", pps_fname
);
2574 if (ca_fname
&& !os_file_exists(ca_fname
)) {
2575 wpa_printf(MSG_INFO
, "CA file '%s' does not exist or is not accessible",
2579 wpa_printf(MSG_INFO
, "Using server trust root: %s", ca_fname
);
2580 ctx
->ca_fname
= ca_fname
;
2582 pps
= node_from_file(ctx
->xml
, pps_fname
);
2584 wpa_printf(MSG_INFO
, "Could not read PPS MO");
2590 node
= get_child_node(ctx
->xml
, pps
, "HomeSP/FQDN");
2592 wpa_printf(MSG_INFO
, "No HomeSP/FQDN found from PPS");
2595 tmp
= xml_node_get_text(ctx
->xml
, node
);
2597 wpa_printf(MSG_INFO
, "No HomeSP/FQDN text found from PPS");
2600 ctx
->fqdn
= os_strdup(tmp
);
2601 xml_node_get_text_free(ctx
->xml
, tmp
);
2603 wpa_printf(MSG_INFO
, "No FQDN known");
2608 node
= get_child_node(ctx
->xml
, pps
,
2609 "SubscriptionUpdate/UpdateMethod");
2612 tmp
= xml_node_get_text(ctx
->xml
, node
);
2613 if (tmp
&& os_strcasecmp(tmp
, "OMA-DM-ClientInitiated") == 0)
2618 wpa_printf(MSG_INFO
, "No UpdateMethod specified - assume SPP");
2622 get_user_pw(ctx
, pps
, "SubscriptionUpdate/UsernamePassword",
2623 &cred_username
, &cred_password
);
2625 wpa_printf(MSG_INFO
, "Using username: %s", cred_username
);
2627 wpa_printf(MSG_DEBUG
, "Using password: %s", cred_password
);
2629 if (cred_username
== NULL
&& cred_password
== NULL
&&
2630 get_child_node(ctx
->xml
, pps
, "Credential/DigitalCertificate")) {
2631 wpa_printf(MSG_INFO
, "Using client certificate");
2632 os_snprintf(client_cert_buf
, sizeof(client_cert_buf
),
2633 "SP/%s/client-cert.pem", ctx
->fqdn
);
2634 client_cert
= client_cert_buf
;
2635 os_snprintf(client_key_buf
, sizeof(client_key_buf
),
2636 "SP/%s/client-key.pem", ctx
->fqdn
);
2637 client_key
= client_key_buf
;
2638 ctx
->client_cert_present
= 1;
2641 node
= get_child_node(ctx
->xml
, pps
, "SubscriptionUpdate/URI");
2643 sub_rem_uri
= xml_node_get_text(ctx
->xml
, node
);
2645 (!address
|| os_strcmp(address
, sub_rem_uri
) != 0)) {
2646 wpa_printf(MSG_INFO
, "Override sub rem URI based on PPS: %s",
2648 address
= sub_rem_uri
;
2652 wpa_printf(MSG_INFO
, "Server URL not known");
2656 write_summary(ctx
, "Wait for IP address for subscriptiom remediation");
2657 wpa_printf(MSG_INFO
, "Wait for IP address before starting subscription remediation");
2659 if (wait_ip_addr(ctx
->ifname
, 15) < 0) {
2660 wpa_printf(MSG_INFO
, "Could not get IP address for WLAN - try connection anyway");
2664 spp_sub_rem(ctx
, address
, pps_fname
,
2665 client_cert
, client_key
,
2666 cred_username
, cred_password
, pps
);
2668 oma_dm_sub_rem(ctx
, address
, pps_fname
,
2669 client_cert
, client_key
,
2670 cred_username
, cred_password
, pps
);
2672 xml_node_get_text_free(ctx
->xml
, sub_rem_uri
);
2673 xml_node_get_text_free(ctx
->xml
, cred_username
);
2674 str_clear_free(cred_password
);
2675 xml_node_free(ctx
->xml
, pps
);
2680 static int cmd_pol_upd(struct hs20_osu_client
*ctx
, const char *address
,
2681 const char *pps_fname
, const char *ca_fname
)
2685 char pps_fname_buf
[300];
2686 char ca_fname_buf
[200];
2688 char *cred_username
= NULL
;
2689 char *cred_password
= NULL
;
2690 char client_cert_buf
[200];
2691 char *client_cert
= NULL
;
2692 char client_key_buf
[200];
2693 char *client_key
= NULL
;
2696 wpa_printf(MSG_INFO
, "Policy update requested");
2700 wpa_printf(MSG_INFO
, "Determining PPS file based on Home SP information");
2701 if (address
&& os_strncmp(address
, "fqdn=", 5) == 0) {
2702 wpa_printf(MSG_INFO
, "Use requested FQDN from command line");
2703 os_snprintf(buf
, sizeof(buf
), "%s", address
+ 5);
2705 } else if (get_wpa_status(ctx
->ifname
, "provisioning_sp", buf
,
2707 wpa_printf(MSG_INFO
, "Could not get provisioning Home SP FQDN from wpa_supplicant");
2711 ctx
->fqdn
= os_strdup(buf
);
2712 if (ctx
->fqdn
== NULL
)
2714 wpa_printf(MSG_INFO
, "Home SP FQDN for current credential: %s",
2716 os_snprintf(pps_fname_buf
, sizeof(pps_fname_buf
),
2717 "SP/%s/pps.xml", ctx
->fqdn
);
2718 pps_fname
= pps_fname_buf
;
2720 os_snprintf(ca_fname_buf
, sizeof(ca_fname_buf
), "SP/%s/ca.pem",
2722 ca_fname
= ca_fname_buf
;
2725 if (!os_file_exists(pps_fname
)) {
2726 wpa_printf(MSG_INFO
, "PPS file '%s' does not exist or is not accessible",
2730 wpa_printf(MSG_INFO
, "Using PPS file: %s", pps_fname
);
2732 if (ca_fname
&& !os_file_exists(ca_fname
)) {
2733 wpa_printf(MSG_INFO
, "CA file '%s' does not exist or is not accessible",
2737 wpa_printf(MSG_INFO
, "Using server trust root: %s", ca_fname
);
2738 ctx
->ca_fname
= ca_fname
;
2740 pps
= node_from_file(ctx
->xml
, pps_fname
);
2742 wpa_printf(MSG_INFO
, "Could not read PPS MO");
2748 node
= get_child_node(ctx
->xml
, pps
, "HomeSP/FQDN");
2750 wpa_printf(MSG_INFO
, "No HomeSP/FQDN found from PPS");
2753 tmp
= xml_node_get_text(ctx
->xml
, node
);
2755 wpa_printf(MSG_INFO
, "No HomeSP/FQDN text found from PPS");
2758 ctx
->fqdn
= os_strdup(tmp
);
2759 xml_node_get_text_free(ctx
->xml
, tmp
);
2761 wpa_printf(MSG_INFO
, "No FQDN known");
2766 node
= get_child_node(ctx
->xml
, pps
,
2767 "Policy/PolicyUpdate/UpdateMethod");
2770 tmp
= xml_node_get_text(ctx
->xml
, node
);
2771 if (tmp
&& os_strcasecmp(tmp
, "OMA-DM-ClientInitiated") == 0)
2776 wpa_printf(MSG_INFO
, "No UpdateMethod specified - assume SPP");
2780 get_user_pw(ctx
, pps
, "Policy/PolicyUpdate/UsernamePassword",
2781 &cred_username
, &cred_password
);
2783 wpa_printf(MSG_INFO
, "Using username: %s", cred_username
);
2785 wpa_printf(MSG_DEBUG
, "Using password: %s", cred_password
);
2787 if (cred_username
== NULL
&& cred_password
== NULL
&&
2788 get_child_node(ctx
->xml
, pps
, "Credential/DigitalCertificate")) {
2789 wpa_printf(MSG_INFO
, "Using client certificate");
2790 os_snprintf(client_cert_buf
, sizeof(client_cert_buf
),
2791 "SP/%s/client-cert.pem", ctx
->fqdn
);
2792 client_cert
= client_cert_buf
;
2793 os_snprintf(client_key_buf
, sizeof(client_key_buf
),
2794 "SP/%s/client-key.pem", ctx
->fqdn
);
2795 client_key
= client_key_buf
;
2799 node
= get_child_node(ctx
->xml
, pps
, "Policy/PolicyUpdate/URI");
2801 uri
= xml_node_get_text(ctx
->xml
, node
);
2802 wpa_printf(MSG_INFO
, "URI based on PPS: %s", uri
);
2807 wpa_printf(MSG_INFO
, "Server URL not known");
2812 spp_pol_upd(ctx
, address
, pps_fname
,
2813 client_cert
, client_key
,
2814 cred_username
, cred_password
, pps
);
2816 oma_dm_pol_upd(ctx
, address
, pps_fname
,
2817 client_cert
, client_key
,
2818 cred_username
, cred_password
, pps
);
2820 xml_node_get_text_free(ctx
->xml
, uri
);
2821 xml_node_get_text_free(ctx
->xml
, cred_username
);
2822 str_clear_free(cred_password
);
2823 xml_node_free(ctx
->xml
, pps
);
2829 static char * get_hostname(const char *url
)
2831 const char *pos
, *end
, *end2
;
2837 pos
= os_strchr(url
, '/');
2845 end
= os_strchr(pos
, '/');
2846 end2
= os_strchr(pos
, ':');
2847 if ((end
&& end2
&& end2
< end
) || (!end
&& end2
))
2859 ret
= os_malloc(end
- pos
+ 2);
2863 os_memcpy(ret
, pos
, end
- pos
+ 1);
2864 ret
[end
- pos
+ 1] = '\0';
2870 static int osu_cert_cb(void *_ctx
, struct http_cert
*cert
)
2872 struct hs20_osu_client
*ctx
= _ctx
;
2877 wpa_printf(MSG_INFO
, "osu_cert_cb(osu_cert_validation=%d, url=%s)",
2878 !ctx
->no_osu_cert_validation
, ctx
->server_url
);
2880 host
= get_hostname(ctx
->server_url
);
2882 for (i
= 0; i
< ctx
->server_dnsname_count
; i
++)
2883 os_free(ctx
->server_dnsname
[i
]);
2884 os_free(ctx
->server_dnsname
);
2885 ctx
->server_dnsname
= os_calloc(cert
->num_dnsname
, sizeof(char *));
2886 ctx
->server_dnsname_count
= 0;
2889 for (i
= 0; i
< cert
->num_dnsname
; i
++) {
2890 if (ctx
->server_dnsname
) {
2891 ctx
->server_dnsname
[ctx
->server_dnsname_count
] =
2892 os_strdup(cert
->dnsname
[i
]);
2893 if (ctx
->server_dnsname
[ctx
->server_dnsname_count
])
2894 ctx
->server_dnsname_count
++;
2896 if (host
&& os_strcasecmp(host
, cert
->dnsname
[i
]) == 0)
2898 wpa_printf(MSG_INFO
, "dNSName '%s'", cert
->dnsname
[i
]);
2901 if (host
&& !found
) {
2902 wpa_printf(MSG_INFO
, "Server name from URL (%s) did not match any dNSName - abort connection",
2904 write_result(ctx
, "Server name from URL (%s) did not match any dNSName - abort connection",
2912 for (i
= 0; i
< cert
->num_othername
; i
++) {
2913 if (os_strcmp(cert
->othername
[i
].oid
,
2914 "1.3.6.1.4.1.40808.1.1.1") == 0) {
2915 wpa_hexdump_ascii(MSG_INFO
,
2916 "id-wfa-hotspot-friendlyName",
2917 cert
->othername
[i
].data
,
2918 cert
->othername
[i
].len
);
2922 for (j
= 0; !ctx
->no_osu_cert_validation
&&
2923 j
< ctx
->friendly_name_count
; j
++) {
2925 for (i
= 0; i
< cert
->num_othername
; i
++) {
2926 if (os_strcmp(cert
->othername
[i
].oid
,
2927 "1.3.6.1.4.1.40808.1.1.1") != 0)
2929 if (cert
->othername
[i
].len
< 3)
2931 if (os_strncasecmp((char *) cert
->othername
[i
].data
,
2932 ctx
->friendly_name
[j
].lang
, 3) != 0)
2934 if (os_strncmp((char *) cert
->othername
[i
].data
+ 3,
2935 ctx
->friendly_name
[j
].text
,
2936 cert
->othername
[i
].len
- 3) == 0) {
2943 wpa_printf(MSG_INFO
, "No friendly name match found for '[%s]%s'",
2944 ctx
->friendly_name
[j
].lang
,
2945 ctx
->friendly_name
[j
].text
);
2946 write_result(ctx
, "No friendly name match found for '[%s]%s'",
2947 ctx
->friendly_name
[j
].lang
,
2948 ctx
->friendly_name
[j
].text
);
2953 for (i
= 0; i
< cert
->num_logo
; i
++) {
2954 struct http_logo
*logo
= &cert
->logo
[i
];
2956 wpa_printf(MSG_INFO
, "logo hash alg %s uri '%s'",
2957 logo
->alg_oid
, logo
->uri
);
2958 wpa_hexdump_ascii(MSG_INFO
, "hashValue",
2959 logo
->hash
, logo
->hash_len
);
2962 for (j
= 0; !ctx
->no_osu_cert_validation
&& j
< ctx
->icon_count
; j
++) {
2964 char *name
= ctx
->icon_filename
[j
];
2965 size_t name_len
= os_strlen(name
);
2967 wpa_printf(MSG_INFO
,
2968 "[%i] Looking for icon file name '%s' match",
2970 for (i
= 0; i
< cert
->num_logo
; i
++) {
2971 struct http_logo
*logo
= &cert
->logo
[i
];
2972 size_t uri_len
= os_strlen(logo
->uri
);
2975 wpa_printf(MSG_INFO
,
2976 "[%i] Comparing to '%s' uri_len=%d name_len=%d",
2977 i
, logo
->uri
, (int) uri_len
, (int) name_len
);
2978 if (uri_len
< 1 + name_len
) {
2979 wpa_printf(MSG_INFO
, "URI Length is too short");
2982 pos
= &logo
->uri
[uri_len
- name_len
- 1];
2986 if (os_strcmp(pos
, name
) == 0) {
2993 wpa_printf(MSG_INFO
, "No icon filename match found for '%s'",
2996 "No icon filename match found for '%s'",
3002 for (j
= 0; !ctx
->no_osu_cert_validation
&& j
< ctx
->icon_count
; j
++) {
3005 for (i
= 0; i
< cert
->num_logo
; i
++) {
3006 struct http_logo
*logo
= &cert
->logo
[i
];
3008 if (logo
->hash_len
!= 32) {
3009 wpa_printf(MSG_INFO
,
3010 "[%i][%i] Icon hash length invalid (should be 32): %d",
3011 j
, i
, (int) logo
->hash_len
);
3014 if (os_memcmp(logo
->hash
, ctx
->icon_hash
[j
], 32) == 0) {
3019 wpa_printf(MSG_DEBUG
,
3020 "[%u][%u] Icon hash did not match", j
, i
);
3021 wpa_hexdump_ascii(MSG_DEBUG
, "logo->hash",
3023 wpa_hexdump_ascii(MSG_DEBUG
, "ctx->icon_hash[j]",
3024 ctx
->icon_hash
[j
], 32);
3028 wpa_printf(MSG_INFO
,
3029 "No icon hash match (by hash) found");
3031 "No icon hash match (by hash) found");
3040 static int init_ctx(struct hs20_osu_client
*ctx
)
3042 xml_node_t
*devinfo
, *devid
;
3044 os_memset(ctx
, 0, sizeof(*ctx
));
3045 ctx
->ifname
= "wlan0";
3046 ctx
->xml
= xml_node_init_ctx(ctx
, NULL
);
3047 if (ctx
->xml
== NULL
)
3050 devinfo
= node_from_file(ctx
->xml
, "devinfo.xml");
3052 wpa_printf(MSG_ERROR
, "devinfo.xml not found");
3056 devid
= get_node(ctx
->xml
, devinfo
, "DevId");
3058 char *tmp
= xml_node_get_text(ctx
->xml
, devid
);
3060 ctx
->devid
= os_strdup(tmp
);
3061 xml_node_get_text_free(ctx
->xml
, tmp
);
3064 xml_node_free(ctx
->xml
, devinfo
);
3066 if (ctx
->devid
== NULL
) {
3067 wpa_printf(MSG_ERROR
, "Could not fetch DevId from devinfo.xml");
3071 ctx
->http
= http_init_ctx(ctx
, ctx
->xml
);
3072 if (ctx
->http
== NULL
) {
3073 xml_node_deinit_ctx(ctx
->xml
);
3076 http_ocsp_set(ctx
->http
, 2);
3077 http_set_cert_cb(ctx
->http
, osu_cert_cb
, ctx
);
3083 static void deinit_ctx(struct hs20_osu_client
*ctx
)
3087 http_deinit_ctx(ctx
->http
);
3088 xml_node_deinit_ctx(ctx
->xml
);
3090 os_free(ctx
->server_url
);
3091 os_free(ctx
->devid
);
3093 for (i
= 0; i
< ctx
->server_dnsname_count
; i
++)
3094 os_free(ctx
->server_dnsname
[i
]);
3095 os_free(ctx
->server_dnsname
);
3099 static void check_workarounds(struct hs20_osu_client
*ctx
)
3103 unsigned long int val
= 0;
3105 f
= fopen("hs20-osu-client.workarounds", "r");
3109 if (fgets(buf
, sizeof(buf
), f
))
3110 val
= strtoul(buf
, NULL
, 16);
3115 wpa_printf(MSG_INFO
, "Workarounds enabled: 0x%lx", val
);
3116 ctx
->workarounds
= val
;
3117 if (ctx
->workarounds
& WORKAROUND_OCSP_OPTIONAL
)
3118 http_ocsp_set(ctx
->http
, 1);
3123 static void usage(void)
3125 printf("usage: hs20-osu-client [-dddqqKt] [-S<station ifname>] \\\n"
3126 " [-w<wpa_supplicant ctrl_iface dir>] "
3127 "[-r<result file>] [-f<debug file>] \\\n"
3128 " [-s<summary file>] \\\n"
3129 " [-x<spp.xsd file name>] \\\n"
3130 " <command> [arguments..]\n"
3132 "- to_tnds <XML MO> <XML MO in TNDS format> [URN]\n"
3133 "- to_tnds2 <XML MO> <XML MO in TNDS format (Path) "
3135 "- from_tnds <XML MO in TNDS format> <XML MO>\n"
3136 "- set_pps <PerProviderSubscription XML file name>\n"
3137 "- get_fqdn <PerProviderSubscription XML file name>\n"
3138 "- pol_upd [Server URL] [PPS] [CA cert]\n"
3139 "- sub_rem <Server URL> [PPS] [CA cert]\n"
3140 "- prov <Server URL> [CA cert]\n"
3141 "- oma_dm_prov <Server URL> [CA cert]\n"
3142 "- sim_prov <Server URL> [CA cert]\n"
3143 "- oma_dm_sim_prov <Server URL> [CA cert]\n"
3144 "- signup [CA cert]\n"
3145 "- dl_osu_ca <PPS> <CA file>\n"
3146 "- dl_polupd_ca <PPS> <CA file>\n"
3147 "- dl_aaa_ca <PPS> <CA file>\n"
3149 "- parse_cert <X.509 certificate (DER)>\n"
3150 "- osu_select <OSU info directory> [CA cert]\n");
3154 int main(int argc
, char *argv
[])
3156 struct hs20_osu_client ctx
;
3159 int no_prod_assoc
= 0;
3160 const char *friendly_name
= NULL
;
3161 const char *wpa_debug_file_path
= NULL
;
3162 extern char *wpas_ctrl_path
;
3163 extern int wpa_debug_level
;
3164 extern int wpa_debug_show_keys
;
3165 extern int wpa_debug_timestamp
;
3167 if (init_ctx(&ctx
) < 0)
3171 c
= getopt(argc
, argv
, "df:hKNo:O:qr:s:S:tw:x:");
3176 if (wpa_debug_level
> 0)
3180 wpa_debug_file_path
= optarg
;
3183 wpa_debug_show_keys
++;
3189 ctx
.osu_ssid
= optarg
;
3192 friendly_name
= optarg
;
3198 ctx
.result_file
= optarg
;
3201 ctx
.summary_file
= optarg
;
3204 ctx
.ifname
= optarg
;
3207 wpa_debug_timestamp
++;
3210 wpas_ctrl_path
= optarg
;
3213 spp_xsd_fname
= optarg
;
3223 if (argc
- optind
< 1) {
3228 wpa_debug_open_file(wpa_debug_file_path
);
3232 #endif /* __linux__ */
3234 if (ctx
.result_file
)
3235 unlink(ctx
.result_file
);
3236 wpa_printf(MSG_DEBUG
, "===[hs20-osu-client START - command: %s ]======"
3237 "================", argv
[optind
]);
3238 check_workarounds(&ctx
);
3240 if (strcmp(argv
[optind
], "to_tnds") == 0) {
3241 if (argc
- optind
< 2) {
3245 cmd_to_tnds(&ctx
, argv
[optind
+ 1], argv
[optind
+ 2],
3246 argc
> optind
+ 3 ? argv
[optind
+ 3] : NULL
,
3248 } else if (strcmp(argv
[optind
], "to_tnds2") == 0) {
3249 if (argc
- optind
< 2) {
3253 cmd_to_tnds(&ctx
, argv
[optind
+ 1], argv
[optind
+ 2],
3254 argc
> optind
+ 3 ? argv
[optind
+ 3] : NULL
,
3256 } else if (strcmp(argv
[optind
], "from_tnds") == 0) {
3257 if (argc
- optind
< 2) {
3261 cmd_from_tnds(&ctx
, argv
[optind
+ 1], argv
[optind
+ 2]);
3262 } else if (strcmp(argv
[optind
], "sub_rem") == 0) {
3263 if (argc
- optind
< 2) {
3267 ret
= cmd_sub_rem(&ctx
, argv
[optind
+ 1],
3268 argc
> optind
+ 2 ? argv
[optind
+ 2] : NULL
,
3269 argc
> optind
+ 3 ? argv
[optind
+ 3] : NULL
);
3270 } else if (strcmp(argv
[optind
], "pol_upd") == 0) {
3271 ret
= cmd_pol_upd(&ctx
,
3272 argc
> optind
+ 1 ? argv
[optind
+ 1] : NULL
,
3273 argc
> optind
+ 2 ? argv
[optind
+ 2] : NULL
,
3274 argc
> optind
+ 3 ? argv
[optind
+ 3] : NULL
);
3275 } else if (strcmp(argv
[optind
], "prov") == 0) {
3276 if (argc
- optind
< 2) {
3280 ctx
.ca_fname
= argv
[optind
+ 2];
3281 wpa_printf(MSG_DEBUG
, "Calling cmd_prov from main");
3282 cmd_prov(&ctx
, argv
[optind
+ 1]);
3283 } else if (strcmp(argv
[optind
], "sim_prov") == 0) {
3284 if (argc
- optind
< 2) {
3288 ctx
.ca_fname
= argv
[optind
+ 2];
3289 cmd_sim_prov(&ctx
, argv
[optind
+ 1]);
3290 } else if (strcmp(argv
[optind
], "dl_osu_ca") == 0) {
3291 if (argc
- optind
< 2) {
3295 cmd_dl_osu_ca(&ctx
, argv
[optind
+ 1], argv
[optind
+ 2]);
3296 } else if (strcmp(argv
[optind
], "dl_polupd_ca") == 0) {
3297 if (argc
- optind
< 2) {
3301 cmd_dl_polupd_ca(&ctx
, argv
[optind
+ 1], argv
[optind
+ 2]);
3302 } else if (strcmp(argv
[optind
], "dl_aaa_ca") == 0) {
3303 if (argc
- optind
< 2) {
3307 cmd_dl_aaa_ca(&ctx
, argv
[optind
+ 1], argv
[optind
+ 2]);
3308 } else if (strcmp(argv
[optind
], "osu_select") == 0) {
3309 if (argc
- optind
< 2) {
3313 ctx
.ca_fname
= argc
> optind
+ 2 ? argv
[optind
+ 2] : NULL
;
3314 cmd_osu_select(&ctx
, argv
[optind
+ 1], 2, 1, NULL
);
3315 } else if (strcmp(argv
[optind
], "signup") == 0) {
3316 ctx
.ca_fname
= argc
> optind
+ 1 ? argv
[optind
+ 1] : NULL
;
3317 ret
= cmd_signup(&ctx
, no_prod_assoc
, friendly_name
);
3318 } else if (strcmp(argv
[optind
], "set_pps") == 0) {
3319 if (argc
- optind
< 2) {
3323 cmd_set_pps(&ctx
, argv
[optind
+ 1]);
3324 } else if (strcmp(argv
[optind
], "get_fqdn") == 0) {
3325 if (argc
- optind
< 1) {
3329 ret
= cmd_get_fqdn(&ctx
, argv
[optind
+ 1]);
3330 } else if (strcmp(argv
[optind
], "oma_dm_prov") == 0) {
3331 if (argc
- optind
< 2) {
3335 ctx
.ca_fname
= argv
[optind
+ 2];
3336 cmd_oma_dm_prov(&ctx
, argv
[optind
+ 1]);
3337 } else if (strcmp(argv
[optind
], "oma_dm_sim_prov") == 0) {
3338 if (argc
- optind
< 2) {
3342 ctx
.ca_fname
= argv
[optind
+ 2];
3343 if (cmd_oma_dm_sim_prov(&ctx
, argv
[optind
+ 1]) < 0) {
3344 write_summary(&ctx
, "Failed to complete OMA DM SIM provisioning");
3347 } else if (strcmp(argv
[optind
], "oma_dm_add") == 0) {
3348 if (argc
- optind
< 2) {
3352 cmd_oma_dm_add(&ctx
, argv
[optind
+ 1], argv
[optind
+ 2]);
3353 } else if (strcmp(argv
[optind
], "oma_dm_replace") == 0) {
3354 if (argc
- optind
< 2) {
3358 cmd_oma_dm_replace(&ctx
, argv
[optind
+ 1], argv
[optind
+ 2]);
3359 } else if (strcmp(argv
[optind
], "est_csr") == 0) {
3360 if (argc
- optind
< 2) {
3364 mkdir("Cert", S_IRWXU
);
3365 est_build_csr(&ctx
, argv
[optind
+ 1]);
3366 } else if (strcmp(argv
[optind
], "browser") == 0) {
3369 if (argc
- optind
< 2) {
3374 wpa_printf(MSG_INFO
, "Launch web browser to URL %s",
3376 ret
= hs20_web_browser(argv
[optind
+ 1]);
3377 wpa_printf(MSG_INFO
, "Web browser result: %d", ret
);
3378 } else if (strcmp(argv
[optind
], "parse_cert") == 0) {
3379 if (argc
- optind
< 2) {
3384 wpa_debug_level
= MSG_MSGDUMP
;
3385 http_parse_x509_certificate(ctx
.http
, argv
[optind
+ 1]);
3386 wpa_debug_level
= MSG_INFO
;
3388 wpa_printf(MSG_INFO
, "Unknown command '%s'", argv
[optind
]);
3392 wpa_printf(MSG_DEBUG
,
3393 "===[hs20-osu-client END ]======================");
3395 wpa_debug_close_file();