]> git.ipfire.org Git - thirdparty/hostap.git/blob - hs20/client/osu_client.c
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
HS 2.0: Remove hs20-osu-client debug file Cert/est-resp.raw
[thirdparty/hostap.git] / hs20 / client / osu_client.c
1 /*
2 * Hotspot 2.0 OSU client
3 * Copyright (c) 2012-2014, Qualcomm Atheros, Inc.
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "includes.h"
10 #include <time.h>
11 #include <sys/stat.h>
12 #ifdef ANDROID
13 #include "private/android_filesystem_config.h"
14 #endif /* ANDROID */
15
16 #include "common.h"
17 #include "utils/browser.h"
18 #include "utils/base64.h"
19 #include "utils/xml-utils.h"
20 #include "utils/http-utils.h"
21 #include "common/wpa_ctrl.h"
22 #include "common/wpa_helpers.h"
23 #include "eap_common/eap_defs.h"
24 #include "crypto/crypto.h"
25 #include "crypto/sha256.h"
26 #include "osu_client.h"
27
28 const char *spp_xsd_fname = "spp.xsd";
29
30
31 void write_result(struct hs20_osu_client *ctx, const char *fmt, ...)
32 {
33 va_list ap;
34 FILE *f;
35 char buf[500];
36
37 va_start(ap, fmt);
38 vsnprintf(buf, sizeof(buf), fmt, ap);
39 va_end(ap);
40 write_summary(ctx, "%s", buf);
41
42 if (!ctx->result_file)
43 return;
44
45 f = fopen(ctx->result_file, "w");
46 if (f == NULL)
47 return;
48
49 va_start(ap, fmt);
50 vfprintf(f, fmt, ap);
51 va_end(ap);
52 fprintf(f, "\n");
53 fclose(f);
54 }
55
56
57 void write_summary(struct hs20_osu_client *ctx, const char *fmt, ...)
58 {
59 va_list ap;
60 FILE *f;
61
62 if (!ctx->summary_file)
63 return;
64
65 f = fopen(ctx->summary_file, "a");
66 if (f == NULL)
67 return;
68
69 va_start(ap, fmt);
70 vfprintf(f, fmt, ap);
71 va_end(ap);
72 fprintf(f, "\n");
73 fclose(f);
74 }
75
76
77 void debug_dump_node(struct hs20_osu_client *ctx, const char *title,
78 xml_node_t *node)
79 {
80 char *str = xml_node_to_str(ctx->xml, node);
81 wpa_printf(MSG_DEBUG, "[hs20] %s: '%s'", title, str);
82 free(str);
83 }
84
85
86 static int valid_fqdn(const char *fqdn)
87 {
88 const char *pos;
89
90 /* TODO: could make this more complete.. */
91 if (strchr(fqdn, '.') == 0 || strlen(fqdn) > 255)
92 return 0;
93 for (pos = fqdn; *pos; pos++) {
94 if (*pos >= 'a' && *pos <= 'z')
95 continue;
96 if (*pos >= 'A' && *pos <= 'Z')
97 continue;
98 if (*pos >= '0' && *pos <= '9')
99 continue;
100 if (*pos == '-' || *pos == '.' || *pos == '_')
101 continue;
102 return 0;
103 }
104 return 1;
105 }
106
107
108 static int android_update_permission(const char *path, mode_t mode)
109 {
110 #ifdef ANDROID
111 /* we need to change file/folder permission for Android */
112
113 if (!path) {
114 wpa_printf(MSG_ERROR, "file path null");
115 return -1;
116 }
117
118 /* Allow processes running with Group ID as AID_WIFI,
119 * to read files from SP, SP/<fqdn>, Cert and osu-info directories */
120 if (chown(path, -1, AID_WIFI)) {
121 wpa_printf(MSG_INFO, "CTRL: Could not chown directory: %s",
122 strerror(errno));
123 return -1;
124 }
125
126 if (chmod(path, mode) < 0) {
127 wpa_printf(MSG_INFO, "CTRL: Could not chmod directory: %s",
128 strerror(errno));
129 return -1;
130 }
131 #endif /* ANDROID */
132
133 return 0;
134 }
135
136
137 int osu_get_certificate(struct hs20_osu_client *ctx, xml_node_t *getcert)
138 {
139 xml_node_t *node;
140 char *url, *user = NULL, *pw = NULL;
141 char *proto;
142 int ret = -1;
143
144 proto = xml_node_get_attr_value(ctx->xml, getcert,
145 "enrollmentProtocol");
146 if (!proto)
147 return -1;
148 wpa_printf(MSG_INFO, "getCertificate - enrollmentProtocol=%s", proto);
149 write_summary(ctx, "getCertificate - enrollmentProtocol=%s", proto);
150 if (os_strcasecmp(proto, "EST") != 0) {
151 wpa_printf(MSG_INFO, "Unsupported enrollmentProtocol");
152 xml_node_get_attr_value_free(ctx->xml, proto);
153 return -1;
154 }
155 xml_node_get_attr_value_free(ctx->xml, proto);
156
157 node = get_node(ctx->xml, getcert, "enrollmentServerURI");
158 if (node == NULL) {
159 wpa_printf(MSG_INFO, "Could not find enrollmentServerURI node");
160 xml_node_get_attr_value_free(ctx->xml, proto);
161 return -1;
162 }
163 url = xml_node_get_text(ctx->xml, node);
164 if (url == NULL) {
165 wpa_printf(MSG_INFO, "Could not get URL text");
166 return -1;
167 }
168 wpa_printf(MSG_INFO, "enrollmentServerURI: %s", url);
169 write_summary(ctx, "enrollmentServerURI: %s", url);
170
171 node = get_node(ctx->xml, getcert, "estUserID");
172 if (node == NULL && !ctx->client_cert_present) {
173 wpa_printf(MSG_INFO, "Could not find estUserID node");
174 goto fail;
175 }
176 if (node) {
177 user = xml_node_get_text(ctx->xml, node);
178 if (user == NULL) {
179 wpa_printf(MSG_INFO, "Could not get estUserID text");
180 goto fail;
181 }
182 wpa_printf(MSG_INFO, "estUserID: %s", user);
183 write_summary(ctx, "estUserID: %s", user);
184 }
185
186 node = get_node(ctx->xml, getcert, "estPassword");
187 if (node == NULL && !ctx->client_cert_present) {
188 wpa_printf(MSG_INFO, "Could not find estPassword node");
189 goto fail;
190 }
191 if (node) {
192 pw = xml_node_get_base64_text(ctx->xml, node, NULL);
193 if (pw == NULL) {
194 wpa_printf(MSG_INFO, "Could not get estPassword text");
195 goto fail;
196 }
197 wpa_printf(MSG_INFO, "estPassword: %s", pw);
198 }
199
200 mkdir("Cert", S_IRWXU);
201 android_update_permission("Cert", S_IRWXU | S_IRWXG);
202
203 if (est_load_cacerts(ctx, url) < 0 ||
204 est_build_csr(ctx, url) < 0 ||
205 est_simple_enroll(ctx, url, user, pw) < 0)
206 goto fail;
207
208 ret = 0;
209 fail:
210 xml_node_get_text_free(ctx->xml, url);
211 xml_node_get_text_free(ctx->xml, user);
212 xml_node_get_text_free(ctx->xml, pw);
213
214 return ret;
215 }
216
217
218 static int process_est_cert(struct hs20_osu_client *ctx, xml_node_t *cert,
219 const char *fqdn)
220 {
221 u8 digest1[SHA256_MAC_LEN], digest2[SHA256_MAC_LEN];
222 char *der, *pem;
223 size_t der_len, pem_len;
224 char *fingerprint;
225 char buf[200];
226
227 wpa_printf(MSG_INFO, "PPS for certificate credential - fqdn=%s", fqdn);
228
229 fingerprint = xml_node_get_text(ctx->xml, cert);
230 if (fingerprint == NULL)
231 return -1;
232 if (hexstr2bin(fingerprint, digest1, SHA256_MAC_LEN) < 0) {
233 wpa_printf(MSG_INFO, "Invalid SHA256 hash value");
234 write_result(ctx, "Invalid client certificate SHA256 hash value in PPS");
235 xml_node_get_text_free(ctx->xml, fingerprint);
236 return -1;
237 }
238 xml_node_get_text_free(ctx->xml, fingerprint);
239
240 der = os_readfile("Cert/est_cert.der", &der_len);
241 if (der == NULL) {
242 wpa_printf(MSG_INFO, "Could not find client certificate from EST");
243 write_result(ctx, "Could not find client certificate from EST");
244 return -1;
245 }
246
247 if (sha256_vector(1, (const u8 **) &der, &der_len, digest2) < 0) {
248 os_free(der);
249 return -1;
250 }
251 os_free(der);
252
253 if (os_memcmp(digest1, digest2, sizeof(digest1)) != 0) {
254 wpa_printf(MSG_INFO, "Client certificate from EST does not match fingerprint from PPS MO");
255 write_result(ctx, "Client certificate from EST does not match fingerprint from PPS MO");
256 return -1;
257 }
258
259 wpa_printf(MSG_INFO, "Client certificate from EST matches PPS MO");
260 unlink("Cert/est_cert.der");
261
262 os_snprintf(buf, sizeof(buf), "SP/%s/client-ca.pem", fqdn);
263 if (rename("Cert/est-cacerts.pem", buf) < 0) {
264 wpa_printf(MSG_INFO, "Could not move est-cacerts.pem to client-ca.pem: %s",
265 strerror(errno));
266 return -1;
267 }
268 pem = os_readfile(buf, &pem_len);
269
270 os_snprintf(buf, sizeof(buf), "SP/%s/client-cert.pem", fqdn);
271 if (rename("Cert/est_cert.pem", buf) < 0) {
272 wpa_printf(MSG_INFO, "Could not move est_cert.pem to client-cert.pem: %s",
273 strerror(errno));
274 os_free(pem);
275 return -1;
276 }
277
278 if (pem) {
279 FILE *f = fopen(buf, "a");
280 if (f) {
281 fwrite(pem, pem_len, 1, f);
282 fclose(f);
283 }
284 os_free(pem);
285 }
286
287 os_snprintf(buf, sizeof(buf), "SP/%s/client-key.pem", fqdn);
288 if (rename("Cert/privkey-plain.pem", buf) < 0) {
289 wpa_printf(MSG_INFO, "Could not move privkey-plain.pem to client-key.pem: %s",
290 strerror(errno));
291 return -1;
292 }
293
294 unlink("Cert/est-req.b64");
295 unlink("Cert/est-req.pem");
296 rmdir("Cert");
297
298 return 0;
299 }
300
301
302 #define TMP_CERT_DL_FILE "tmp-cert-download"
303
304 static int download_cert(struct hs20_osu_client *ctx, xml_node_t *params,
305 const char *fname)
306 {
307 xml_node_t *url_node, *hash_node;
308 char *url, *hash;
309 char *cert;
310 size_t len;
311 u8 digest1[SHA256_MAC_LEN], digest2[SHA256_MAC_LEN];
312 int res;
313 unsigned char *b64;
314 FILE *f;
315
316 url_node = get_node(ctx->xml, params, "CertURL");
317 hash_node = get_node(ctx->xml, params, "CertSHA256Fingerprint");
318 if (url_node == NULL || hash_node == NULL)
319 return -1;
320 url = xml_node_get_text(ctx->xml, url_node);
321 hash = xml_node_get_text(ctx->xml, hash_node);
322 if (url == NULL || hash == NULL) {
323 xml_node_get_text_free(ctx->xml, url);
324 xml_node_get_text_free(ctx->xml, hash);
325 return -1;
326 }
327
328 wpa_printf(MSG_INFO, "CertURL: %s", url);
329 wpa_printf(MSG_INFO, "SHA256 hash: %s", hash);
330
331 if (hexstr2bin(hash, digest1, SHA256_MAC_LEN) < 0) {
332 wpa_printf(MSG_INFO, "Invalid SHA256 hash value");
333 write_result(ctx, "Invalid SHA256 hash value for downloaded certificate");
334 xml_node_get_text_free(ctx->xml, hash);
335 return -1;
336 }
337 xml_node_get_text_free(ctx->xml, hash);
338
339 write_summary(ctx, "Download certificate from %s", url);
340 ctx->no_osu_cert_validation = 1;
341 http_ocsp_set(ctx->http, 1);
342 res = http_download_file(ctx->http, url, TMP_CERT_DL_FILE, NULL);
343 http_ocsp_set(ctx->http,
344 (ctx->workarounds & WORKAROUND_OCSP_OPTIONAL) ? 1 : 2);
345 ctx->no_osu_cert_validation = 0;
346 xml_node_get_text_free(ctx->xml, url);
347 if (res < 0)
348 return -1;
349
350 cert = os_readfile(TMP_CERT_DL_FILE, &len);
351 remove(TMP_CERT_DL_FILE);
352 if (cert == NULL)
353 return -1;
354
355 if (sha256_vector(1, (const u8 **) &cert, &len, digest2) < 0) {
356 os_free(cert);
357 return -1;
358 }
359
360 if (os_memcmp(digest1, digest2, sizeof(digest1)) != 0) {
361 wpa_printf(MSG_INFO, "Downloaded certificate fingerprint did not match");
362 write_result(ctx, "Downloaded certificate fingerprint did not match");
363 os_free(cert);
364 return -1;
365 }
366
367 b64 = base64_encode((unsigned char *) cert, len, NULL);
368 os_free(cert);
369 if (b64 == NULL)
370 return -1;
371
372 f = fopen(fname, "wb");
373 if (f == NULL) {
374 os_free(b64);
375 return -1;
376 }
377
378 fprintf(f, "-----BEGIN CERTIFICATE-----\n"
379 "%s"
380 "-----END CERTIFICATE-----\n",
381 b64);
382
383 os_free(b64);
384 fclose(f);
385
386 wpa_printf(MSG_INFO, "Downloaded certificate into %s and validated fingerprint",
387 fname);
388 write_summary(ctx, "Downloaded certificate into %s and validated fingerprint",
389 fname);
390
391 return 0;
392 }
393
394
395 static int cmd_dl_osu_ca(struct hs20_osu_client *ctx, const char *pps_fname,
396 const char *ca_fname)
397 {
398 xml_node_t *pps, *node;
399 int ret;
400
401 pps = node_from_file(ctx->xml, pps_fname);
402 if (pps == NULL) {
403 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
404 return -1;
405 }
406
407 node = get_child_node(ctx->xml, pps,
408 "SubscriptionUpdate/TrustRoot");
409 if (node == NULL) {
410 wpa_printf(MSG_INFO, "No SubscriptionUpdate/TrustRoot/CertURL found from PPS");
411 xml_node_free(ctx->xml, pps);
412 return -1;
413 }
414
415 ret = download_cert(ctx, node, ca_fname);
416 xml_node_free(ctx->xml, pps);
417
418 return ret;
419 }
420
421
422 static int cmd_dl_polupd_ca(struct hs20_osu_client *ctx, const char *pps_fname,
423 const char *ca_fname)
424 {
425 xml_node_t *pps, *node;
426 int ret;
427
428 pps = node_from_file(ctx->xml, pps_fname);
429 if (pps == NULL) {
430 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
431 return -1;
432 }
433
434 node = get_child_node(ctx->xml, pps,
435 "Policy/PolicyUpdate/TrustRoot");
436 if (node == NULL) {
437 wpa_printf(MSG_INFO, "No Policy/PolicyUpdate/TrustRoot/CertURL found from PPS");
438 xml_node_free(ctx->xml, pps);
439 return -1;
440 }
441
442 ret = download_cert(ctx, node, ca_fname);
443 xml_node_free(ctx->xml, pps);
444
445 return ret;
446 }
447
448
449 static int cmd_dl_aaa_ca(struct hs20_osu_client *ctx, const char *pps_fname,
450 const char *ca_fname)
451 {
452 xml_node_t *pps, *node, *aaa;
453 int ret;
454
455 pps = node_from_file(ctx->xml, pps_fname);
456 if (pps == NULL) {
457 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
458 return -1;
459 }
460
461 node = get_child_node(ctx->xml, pps,
462 "AAAServerTrustRoot");
463 if (node == NULL) {
464 wpa_printf(MSG_INFO, "No AAAServerTrustRoot/CertURL found from PPS");
465 xml_node_free(ctx->xml, pps);
466 return -1;
467 }
468
469 aaa = xml_node_first_child(ctx->xml, node);
470 if (aaa == NULL) {
471 wpa_printf(MSG_INFO, "No AAAServerTrustRoot/CertURL found from PPS");
472 xml_node_free(ctx->xml, pps);
473 return -1;
474 }
475
476 ret = download_cert(ctx, aaa, ca_fname);
477 xml_node_free(ctx->xml, pps);
478
479 return ret;
480 }
481
482
483 static int download_trust_roots(struct hs20_osu_client *ctx,
484 const char *pps_fname)
485 {
486 char *dir, *pos;
487 char fname[300];
488 int ret;
489
490 dir = os_strdup(pps_fname);
491 if (dir == NULL)
492 return -1;
493 pos = os_strrchr(dir, '/');
494 if (pos == NULL) {
495 os_free(dir);
496 return -1;
497 }
498 *pos = '\0';
499
500 snprintf(fname, sizeof(fname), "%s/ca.pem", dir);
501 ret = cmd_dl_osu_ca(ctx, pps_fname, fname);
502 snprintf(fname, sizeof(fname), "%s/polupd-ca.pem", dir);
503 cmd_dl_polupd_ca(ctx, pps_fname, fname);
504 snprintf(fname, sizeof(fname), "%s/aaa-ca.pem", dir);
505 cmd_dl_aaa_ca(ctx, pps_fname, fname);
506
507 os_free(dir);
508
509 return ret;
510 }
511
512
513 static int server_dnsname_suffix_match(struct hs20_osu_client *ctx,
514 const char *fqdn)
515 {
516 size_t match_len, len, i;
517 const char *val;
518
519 match_len = os_strlen(fqdn);
520
521 for (i = 0; i < ctx->server_dnsname_count; i++) {
522 wpa_printf(MSG_INFO,
523 "Checking suffix match against server dNSName %s",
524 ctx->server_dnsname[i]);
525 val = ctx->server_dnsname[i];
526 len = os_strlen(val);
527
528 if (match_len > len)
529 continue;
530
531 if (os_strncasecmp(val + len - match_len, fqdn, match_len) != 0)
532 continue; /* no match */
533
534 if (match_len == len)
535 return 1; /* exact match */
536
537 if (val[len - match_len - 1] == '.')
538 return 1; /* full label match completes suffix match */
539
540 /* Reject due to incomplete label match */
541 }
542
543 /* None of the dNSName(s) matched */
544 return 0;
545 }
546
547
548 int hs20_add_pps_mo(struct hs20_osu_client *ctx, const char *uri,
549 xml_node_t *add_mo, char *fname, size_t fname_len)
550 {
551 char *str;
552 char *fqdn, *pos;
553 xml_node_t *tnds, *mo, *cert;
554 const char *name;
555 int ret;
556
557 if (strncmp(uri, "./Wi-Fi/", 8) != 0) {
558 wpa_printf(MSG_INFO, "Unsupported location for addMO to add PPS MO: '%s'",
559 uri);
560 write_result(ctx, "Unsupported location for addMO to add PPS MO: '%s'",
561 uri);
562 return -1;
563 }
564
565 fqdn = strdup(uri + 8);
566 if (fqdn == NULL)
567 return -1;
568 pos = strchr(fqdn, '/');
569 if (pos) {
570 if (os_strcasecmp(pos, "/PerProviderSubscription") != 0) {
571 wpa_printf(MSG_INFO, "Unsupported location for addMO to add PPS MO (extra directory): '%s'",
572 uri);
573 write_result(ctx, "Unsupported location for addMO to "
574 "add PPS MO (extra directory): '%s'", uri);
575 free(fqdn);
576 return -1;
577 }
578 *pos = '\0'; /* remove trailing slash and PPS node name */
579 }
580 wpa_printf(MSG_INFO, "SP FQDN: %s", fqdn);
581
582 if (!server_dnsname_suffix_match(ctx, fqdn)) {
583 wpa_printf(MSG_INFO,
584 "FQDN '%s' for new PPS MO did not have suffix match with server's dNSName values, count: %d",
585 fqdn, (int) ctx->server_dnsname_count);
586 write_result(ctx, "FQDN '%s' for new PPS MO did not have suffix match with server's dNSName values",
587 fqdn);
588 free(fqdn);
589 return -1;
590 }
591
592 if (!valid_fqdn(fqdn)) {
593 wpa_printf(MSG_INFO, "Invalid FQDN '%s'", fqdn);
594 write_result(ctx, "Invalid FQDN '%s'", fqdn);
595 free(fqdn);
596 return -1;
597 }
598
599 mkdir("SP", S_IRWXU);
600 snprintf(fname, fname_len, "SP/%s", fqdn);
601 if (mkdir(fname, S_IRWXU) < 0) {
602 if (errno != EEXIST) {
603 int err = errno;
604 wpa_printf(MSG_INFO, "mkdir(%s) failed: %s",
605 fname, strerror(err));
606 free(fqdn);
607 return -1;
608 }
609 }
610
611 android_update_permission("SP", S_IRWXU | S_IRGRP | S_IXGRP);
612 android_update_permission(fname, S_IRWXU | S_IRGRP | S_IXGRP);
613
614 snprintf(fname, fname_len, "SP/%s/pps.xml", fqdn);
615
616 if (os_file_exists(fname)) {
617 wpa_printf(MSG_INFO, "PPS file '%s' exists - reject addMO",
618 fname);
619 write_result(ctx, "PPS file '%s' exists - reject addMO",
620 fname);
621 free(fqdn);
622 return -2;
623 }
624 wpa_printf(MSG_INFO, "Using PPS file: %s", fname);
625
626 str = xml_node_get_text(ctx->xml, add_mo);
627 if (str == NULL) {
628 wpa_printf(MSG_INFO, "Could not extract MO text");
629 free(fqdn);
630 return -1;
631 }
632 wpa_printf(MSG_DEBUG, "[hs20] addMO text: '%s'", str);
633
634 tnds = xml_node_from_buf(ctx->xml, str);
635 xml_node_get_text_free(ctx->xml, str);
636 if (tnds == NULL) {
637 wpa_printf(MSG_INFO, "[hs20] Could not parse addMO text");
638 free(fqdn);
639 return -1;
640 }
641
642 mo = tnds_to_mo(ctx->xml, tnds);
643 if (mo == NULL) {
644 wpa_printf(MSG_INFO, "[hs20] Could not parse addMO TNDS text");
645 free(fqdn);
646 return -1;
647 }
648
649 debug_dump_node(ctx, "Parsed TNDS", mo);
650
651 name = xml_node_get_localname(ctx->xml, mo);
652 if (os_strcasecmp(name, "PerProviderSubscription") != 0) {
653 wpa_printf(MSG_INFO, "[hs20] Unexpected PPS MO root node name '%s'",
654 name);
655 free(fqdn);
656 return -1;
657 }
658
659 cert = get_child_node(ctx->xml, mo,
660 "Credential/DigitalCertificate/"
661 "CertSHA256Fingerprint");
662 if (cert && process_est_cert(ctx, cert, fqdn) < 0) {
663 xml_node_free(ctx->xml, mo);
664 free(fqdn);
665 return -1;
666 }
667 free(fqdn);
668
669 if (node_to_file(ctx->xml, fname, mo) < 0) {
670 wpa_printf(MSG_INFO, "Could not write MO to file");
671 xml_node_free(ctx->xml, mo);
672 return -1;
673 }
674 xml_node_free(ctx->xml, mo);
675
676 wpa_printf(MSG_INFO, "A new PPS MO added as '%s'", fname);
677 write_summary(ctx, "A new PPS MO added as '%s'", fname);
678
679 ret = download_trust_roots(ctx, fname);
680 if (ret < 0) {
681 wpa_printf(MSG_INFO, "Remove invalid PPS MO file");
682 write_summary(ctx, "Remove invalid PPS MO file");
683 unlink(fname);
684 }
685
686 return ret;
687 }
688
689
690 int update_pps_file(struct hs20_osu_client *ctx, const char *pps_fname,
691 xml_node_t *pps)
692 {
693 char *str;
694 FILE *f;
695 char backup[300];
696
697 if (ctx->client_cert_present) {
698 xml_node_t *cert;
699 cert = get_child_node(ctx->xml, pps,
700 "Credential/DigitalCertificate/"
701 "CertSHA256Fingerprint");
702 if (cert && os_file_exists("Cert/est_cert.der") &&
703 process_est_cert(ctx, cert, ctx->fqdn) < 0) {
704 wpa_printf(MSG_INFO, "EST certificate update processing failed on PPS MO update");
705 return -1;
706 }
707 }
708
709 wpa_printf(MSG_INFO, "Updating PPS MO %s", pps_fname);
710
711 str = xml_node_to_str(ctx->xml, pps);
712 if (str == NULL) {
713 wpa_printf(MSG_ERROR, "No node found");
714 return -1;
715 }
716 wpa_printf(MSG_MSGDUMP, "[hs20] Updated PPS: '%s'", str);
717
718 snprintf(backup, sizeof(backup), "%s.bak", pps_fname);
719 rename(pps_fname, backup);
720 f = fopen(pps_fname, "w");
721 if (f == NULL) {
722 wpa_printf(MSG_INFO, "Could not write PPS");
723 rename(backup, pps_fname);
724 free(str);
725 return -1;
726 }
727 fprintf(f, "%s\n", str);
728 fclose(f);
729
730 free(str);
731
732 return 0;
733 }
734
735
736 void get_user_pw(struct hs20_osu_client *ctx, xml_node_t *pps,
737 const char *alt_loc, char **user, char **pw)
738 {
739 xml_node_t *node;
740
741 node = get_child_node(ctx->xml, pps,
742 "Credential/UsernamePassword/Username");
743 if (node)
744 *user = xml_node_get_text(ctx->xml, node);
745
746 node = get_child_node(ctx->xml, pps,
747 "Credential/UsernamePassword/Password");
748 if (node)
749 *pw = xml_node_get_base64_text(ctx->xml, node, NULL);
750
751 node = get_child_node(ctx->xml, pps, alt_loc);
752 if (node) {
753 xml_node_t *a;
754 a = get_node(ctx->xml, node, "Username");
755 if (a) {
756 xml_node_get_text_free(ctx->xml, *user);
757 *user = xml_node_get_text(ctx->xml, a);
758 wpa_printf(MSG_INFO, "Use OSU username '%s'", *user);
759 }
760
761 a = get_node(ctx->xml, node, "Password");
762 if (a) {
763 free(*pw);
764 *pw = xml_node_get_base64_text(ctx->xml, a, NULL);
765 wpa_printf(MSG_INFO, "Use OSU password");
766 }
767 }
768 }
769
770
771 /* Remove old credentials based on HomeSP/FQDN */
772 static void remove_sp_creds(struct hs20_osu_client *ctx, const char *fqdn)
773 {
774 char cmd[300];
775 os_snprintf(cmd, sizeof(cmd), "REMOVE_CRED provisioning_sp=%s", fqdn);
776 if (wpa_command(ctx->ifname, cmd) < 0)
777 wpa_printf(MSG_INFO, "Failed to remove old credential(s)");
778 }
779
780
781 static void set_pps_cred_policy_spe(struct hs20_osu_client *ctx, int id,
782 xml_node_t *spe)
783 {
784 xml_node_t *ssid;
785 char *txt;
786
787 ssid = get_node(ctx->xml, spe, "SSID");
788 if (ssid == NULL)
789 return;
790 txt = xml_node_get_text(ctx->xml, ssid);
791 if (txt == NULL)
792 return;
793 wpa_printf(MSG_DEBUG, "- Policy/SPExclusionList/<X+>/SSID = %s", txt);
794 if (set_cred_quoted(ctx->ifname, id, "excluded_ssid", txt) < 0)
795 wpa_printf(MSG_INFO, "Failed to set cred excluded_ssid");
796 xml_node_get_text_free(ctx->xml, txt);
797 }
798
799
800 static void set_pps_cred_policy_spel(struct hs20_osu_client *ctx, int id,
801 xml_node_t *spel)
802 {
803 xml_node_t *child;
804
805 xml_node_for_each_child(ctx->xml, child, spel) {
806 xml_node_for_each_check(ctx->xml, child);
807 set_pps_cred_policy_spe(ctx, id, child);
808 }
809 }
810
811
812 static void set_pps_cred_policy_prp(struct hs20_osu_client *ctx, int id,
813 xml_node_t *prp)
814 {
815 xml_node_t *node;
816 char *txt = NULL, *pos;
817 char *prio, *country_buf = NULL;
818 const char *country;
819 char val[200];
820 int priority;
821
822 node = get_node(ctx->xml, prp, "Priority");
823 if (node == NULL)
824 return;
825 prio = xml_node_get_text(ctx->xml, node);
826 if (prio == NULL)
827 return;
828 wpa_printf(MSG_INFO, "- Policy/PreferredRoamingPartnerList/<X+>/Priority = %s",
829 prio);
830 priority = atoi(prio);
831 xml_node_get_text_free(ctx->xml, prio);
832
833 node = get_node(ctx->xml, prp, "Country");
834 if (node) {
835 country_buf = xml_node_get_text(ctx->xml, node);
836 if (country_buf == NULL)
837 return;
838 country = country_buf;
839 wpa_printf(MSG_INFO, "- Policy/PreferredRoamingPartnerList/<X+>/Country = %s",
840 country);
841 } else {
842 country = "*";
843 }
844
845 node = get_node(ctx->xml, prp, "FQDN_Match");
846 if (node == NULL)
847 goto out;
848 txt = xml_node_get_text(ctx->xml, node);
849 if (txt == NULL)
850 goto out;
851 wpa_printf(MSG_INFO, "- Policy/PreferredRoamingPartnerList/<X+>/FQDN_Match = %s",
852 txt);
853 pos = strrchr(txt, ',');
854 if (pos == NULL)
855 goto out;
856 *pos++ = '\0';
857
858 snprintf(val, sizeof(val), "%s,%d,%d,%s", txt,
859 strcmp(pos, "includeSubdomains") != 0, priority, country);
860 if (set_cred_quoted(ctx->ifname, id, "roaming_partner", val) < 0)
861 wpa_printf(MSG_INFO, "Failed to set cred roaming_partner");
862 out:
863 xml_node_get_text_free(ctx->xml, country_buf);
864 xml_node_get_text_free(ctx->xml, txt);
865 }
866
867
868 static void set_pps_cred_policy_prpl(struct hs20_osu_client *ctx, int id,
869 xml_node_t *prpl)
870 {
871 xml_node_t *child;
872
873 xml_node_for_each_child(ctx->xml, child, prpl) {
874 xml_node_for_each_check(ctx->xml, child);
875 set_pps_cred_policy_prp(ctx, id, child);
876 }
877 }
878
879
880 static void set_pps_cred_policy_min_backhaul(struct hs20_osu_client *ctx, int id,
881 xml_node_t *min_backhaul)
882 {
883 xml_node_t *node;
884 char *type, *dl = NULL, *ul = NULL;
885 int home;
886
887 node = get_node(ctx->xml, min_backhaul, "NetworkType");
888 if (node == NULL) {
889 wpa_printf(MSG_INFO, "Ignore MinBackhaulThreshold without mandatory NetworkType node");
890 return;
891 }
892
893 type = xml_node_get_text(ctx->xml, node);
894 if (type == NULL)
895 return;
896 wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold/<X+>/NetworkType = %s",
897 type);
898 if (os_strcasecmp(type, "home") == 0)
899 home = 1;
900 else if (os_strcasecmp(type, "roaming") == 0)
901 home = 0;
902 else {
903 wpa_printf(MSG_INFO, "Ignore MinBackhaulThreshold with invalid NetworkType");
904 xml_node_get_text_free(ctx->xml, type);
905 return;
906 }
907 xml_node_get_text_free(ctx->xml, type);
908
909 node = get_node(ctx->xml, min_backhaul, "DLBandwidth");
910 if (node)
911 dl = xml_node_get_text(ctx->xml, node);
912
913 node = get_node(ctx->xml, min_backhaul, "ULBandwidth");
914 if (node)
915 ul = xml_node_get_text(ctx->xml, node);
916
917 if (dl == NULL && ul == NULL) {
918 wpa_printf(MSG_INFO, "Ignore MinBackhaulThreshold without either DLBandwidth or ULBandwidth nodes");
919 return;
920 }
921
922 if (dl)
923 wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold/<X+>/DLBandwidth = %s",
924 dl);
925 if (ul)
926 wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold/<X+>/ULBandwidth = %s",
927 ul);
928
929 if (home) {
930 if (dl &&
931 set_cred(ctx->ifname, id, "min_dl_bandwidth_home", dl) < 0)
932 wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
933 if (ul &&
934 set_cred(ctx->ifname, id, "min_ul_bandwidth_home", ul) < 0)
935 wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
936 } else {
937 if (dl &&
938 set_cred(ctx->ifname, id, "min_dl_bandwidth_roaming", dl) <
939 0)
940 wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
941 if (ul &&
942 set_cred(ctx->ifname, id, "min_ul_bandwidth_roaming", ul) <
943 0)
944 wpa_printf(MSG_INFO, "Failed to set cred bandwidth limit");
945 }
946
947 xml_node_get_text_free(ctx->xml, dl);
948 xml_node_get_text_free(ctx->xml, ul);
949 }
950
951
952 static void set_pps_cred_policy_min_backhaul_list(struct hs20_osu_client *ctx,
953 int id, xml_node_t *node)
954 {
955 xml_node_t *child;
956
957 wpa_printf(MSG_INFO, "- Policy/MinBackhaulThreshold");
958
959 xml_node_for_each_child(ctx->xml, child, node) {
960 xml_node_for_each_check(ctx->xml, child);
961 set_pps_cred_policy_min_backhaul(ctx, id, child);
962 }
963 }
964
965
966 static void set_pps_cred_policy_update(struct hs20_osu_client *ctx, int id,
967 xml_node_t *node)
968 {
969 wpa_printf(MSG_INFO, "- Policy/PolicyUpdate");
970 /* Not used in wpa_supplicant */
971 }
972
973
974 static void set_pps_cred_policy_required_proto_port(struct hs20_osu_client *ctx,
975 int id, xml_node_t *tuple)
976 {
977 xml_node_t *node;
978 char *proto, *port;
979 char *buf;
980 size_t buflen;
981
982 node = get_node(ctx->xml, tuple, "IPProtocol");
983 if (node == NULL) {
984 wpa_printf(MSG_INFO, "Ignore RequiredProtoPortTuple without mandatory IPProtocol node");
985 return;
986 }
987
988 proto = xml_node_get_text(ctx->xml, node);
989 if (proto == NULL)
990 return;
991
992 wpa_printf(MSG_INFO, "- Policy/RequiredProtoPortTuple/<X+>/IPProtocol = %s",
993 proto);
994
995 node = get_node(ctx->xml, tuple, "PortNumber");
996 port = node ? xml_node_get_text(ctx->xml, node) : NULL;
997 if (port) {
998 wpa_printf(MSG_INFO, "- Policy/RequiredProtoPortTuple/<X+>/PortNumber = %s",
999 port);
1000 buflen = os_strlen(proto) + os_strlen(port) + 10;
1001 buf = os_malloc(buflen);
1002 if (buf)
1003 os_snprintf(buf, buflen, "%s:%s", proto, port);
1004 xml_node_get_text_free(ctx->xml, port);
1005 } else {
1006 buflen = os_strlen(proto) + 10;
1007 buf = os_malloc(buflen);
1008 if (buf)
1009 os_snprintf(buf, buflen, "%s", proto);
1010 }
1011
1012 xml_node_get_text_free(ctx->xml, proto);
1013
1014 if (buf == NULL)
1015 return;
1016
1017 if (set_cred(ctx->ifname, id, "req_conn_capab", buf) < 0)
1018 wpa_printf(MSG_INFO, "Could not set req_conn_capab");
1019
1020 os_free(buf);
1021 }
1022
1023
1024 static void set_pps_cred_policy_required_proto_ports(struct hs20_osu_client *ctx,
1025 int id, xml_node_t *node)
1026 {
1027 xml_node_t *child;
1028
1029 wpa_printf(MSG_INFO, "- Policy/RequiredProtoPortTuple");
1030
1031 xml_node_for_each_child(ctx->xml, child, node) {
1032 xml_node_for_each_check(ctx->xml, child);
1033 set_pps_cred_policy_required_proto_port(ctx, id, child);
1034 }
1035 }
1036
1037
1038 static void set_pps_cred_policy_max_bss_load(struct hs20_osu_client *ctx, int id,
1039 xml_node_t *node)
1040 {
1041 char *str = xml_node_get_text(ctx->xml, node);
1042 if (str == NULL)
1043 return;
1044 wpa_printf(MSG_INFO, "- Policy/MaximumBSSLoadValue - %s", str);
1045 if (set_cred(ctx->ifname, id, "max_bss_load", str) < 0)
1046 wpa_printf(MSG_INFO, "Failed to set cred max_bss_load limit");
1047 xml_node_get_text_free(ctx->xml, str);
1048 }
1049
1050
1051 static void set_pps_cred_policy(struct hs20_osu_client *ctx, int id,
1052 xml_node_t *node)
1053 {
1054 xml_node_t *child;
1055 const char *name;
1056
1057 wpa_printf(MSG_INFO, "- Policy");
1058
1059 xml_node_for_each_child(ctx->xml, child, node) {
1060 xml_node_for_each_check(ctx->xml, child);
1061 name = xml_node_get_localname(ctx->xml, child);
1062 if (os_strcasecmp(name, "PreferredRoamingPartnerList") == 0)
1063 set_pps_cred_policy_prpl(ctx, id, child);
1064 else if (os_strcasecmp(name, "MinBackhaulThreshold") == 0)
1065 set_pps_cred_policy_min_backhaul_list(ctx, id, child);
1066 else if (os_strcasecmp(name, "PolicyUpdate") == 0)
1067 set_pps_cred_policy_update(ctx, id, child);
1068 else if (os_strcasecmp(name, "SPExclusionList") == 0)
1069 set_pps_cred_policy_spel(ctx, id, child);
1070 else if (os_strcasecmp(name, "RequiredProtoPortTuple") == 0)
1071 set_pps_cred_policy_required_proto_ports(ctx, id, child);
1072 else if (os_strcasecmp(name, "MaximumBSSLoadValue") == 0)
1073 set_pps_cred_policy_max_bss_load(ctx, id, child);
1074 else
1075 wpa_printf(MSG_INFO, "Unknown Policy node '%s'", name);
1076 }
1077 }
1078
1079
1080 static void set_pps_cred_priority(struct hs20_osu_client *ctx, int id,
1081 xml_node_t *node)
1082 {
1083 char *str = xml_node_get_text(ctx->xml, node);
1084 if (str == NULL)
1085 return;
1086 wpa_printf(MSG_INFO, "- CredentialPriority = %s", str);
1087 if (set_cred(ctx->ifname, id, "sp_priority", str) < 0)
1088 wpa_printf(MSG_INFO, "Failed to set cred sp_priority");
1089 xml_node_get_text_free(ctx->xml, str);
1090 }
1091
1092
1093 static void set_pps_cred_aaa_server_trust_root(struct hs20_osu_client *ctx,
1094 int id, xml_node_t *node)
1095 {
1096 wpa_printf(MSG_INFO, "- AAAServerTrustRoot - TODO");
1097 }
1098
1099
1100 static void set_pps_cred_sub_update(struct hs20_osu_client *ctx, int id,
1101 xml_node_t *node)
1102 {
1103 wpa_printf(MSG_INFO, "- SubscriptionUpdate");
1104 /* not used within wpa_supplicant */
1105 }
1106
1107
1108 static void set_pps_cred_home_sp_network_id(struct hs20_osu_client *ctx,
1109 int id, xml_node_t *node)
1110 {
1111 xml_node_t *ssid_node, *hessid_node;
1112 char *ssid, *hessid;
1113
1114 ssid_node = get_node(ctx->xml, node, "SSID");
1115 if (ssid_node == NULL) {
1116 wpa_printf(MSG_INFO, "Ignore HomeSP/NetworkID without mandatory SSID node");
1117 return;
1118 }
1119
1120 hessid_node = get_node(ctx->xml, node, "HESSID");
1121
1122 ssid = xml_node_get_text(ctx->xml, ssid_node);
1123 if (ssid == NULL)
1124 return;
1125 hessid = hessid_node ? xml_node_get_text(ctx->xml, hessid_node) : NULL;
1126
1127 wpa_printf(MSG_INFO, "- HomeSP/NetworkID/<X+>/SSID = %s", ssid);
1128 if (hessid)
1129 wpa_printf(MSG_INFO, "- HomeSP/NetworkID/<X+>/HESSID = %s",
1130 hessid);
1131
1132 /* TODO: Configure to wpa_supplicant */
1133
1134 xml_node_get_text_free(ctx->xml, ssid);
1135 xml_node_get_text_free(ctx->xml, hessid);
1136 }
1137
1138
1139 static void set_pps_cred_home_sp_network_ids(struct hs20_osu_client *ctx,
1140 int id, xml_node_t *node)
1141 {
1142 xml_node_t *child;
1143
1144 wpa_printf(MSG_INFO, "- HomeSP/NetworkID");
1145
1146 xml_node_for_each_child(ctx->xml, child, node) {
1147 xml_node_for_each_check(ctx->xml, child);
1148 set_pps_cred_home_sp_network_id(ctx, id, child);
1149 }
1150 }
1151
1152
1153 static void set_pps_cred_home_sp_friendly_name(struct hs20_osu_client *ctx,
1154 int id, xml_node_t *node)
1155 {
1156 char *str = xml_node_get_text(ctx->xml, node);
1157 if (str == NULL)
1158 return;
1159 wpa_printf(MSG_INFO, "- HomeSP/FriendlyName = %s", str);
1160 /* not used within wpa_supplicant(?) */
1161 xml_node_get_text_free(ctx->xml, str);
1162 }
1163
1164
1165 static void set_pps_cred_home_sp_icon_url(struct hs20_osu_client *ctx,
1166 int id, xml_node_t *node)
1167 {
1168 char *str = xml_node_get_text(ctx->xml, node);
1169 if (str == NULL)
1170 return;
1171 wpa_printf(MSG_INFO, "- HomeSP/IconURL = %s", str);
1172 /* not used within wpa_supplicant */
1173 xml_node_get_text_free(ctx->xml, str);
1174 }
1175
1176
1177 static void set_pps_cred_home_sp_fqdn(struct hs20_osu_client *ctx, int id,
1178 xml_node_t *node)
1179 {
1180 char *str = xml_node_get_text(ctx->xml, node);
1181 if (str == NULL)
1182 return;
1183 wpa_printf(MSG_INFO, "- HomeSP/FQDN = %s", str);
1184 if (set_cred_quoted(ctx->ifname, id, "domain", str) < 0)
1185 wpa_printf(MSG_INFO, "Failed to set cred domain");
1186 if (set_cred_quoted(ctx->ifname, id, "domain_suffix_match", str) < 0)
1187 wpa_printf(MSG_INFO, "Failed to set cred domain_suffix_match");
1188 xml_node_get_text_free(ctx->xml, str);
1189 }
1190
1191
1192 static void set_pps_cred_home_sp_oi(struct hs20_osu_client *ctx, int id,
1193 xml_node_t *node)
1194 {
1195 xml_node_t *child;
1196 const char *name;
1197 char *homeoi = NULL;
1198 int required = 0;
1199 char *str;
1200
1201 xml_node_for_each_child(ctx->xml, child, node) {
1202 xml_node_for_each_check(ctx->xml, child);
1203 name = xml_node_get_localname(ctx->xml, child);
1204 if (strcasecmp(name, "HomeOI") == 0 && !homeoi) {
1205 homeoi = xml_node_get_text(ctx->xml, child);
1206 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+>/HomeOI = %s",
1207 homeoi);
1208 } else if (strcasecmp(name, "HomeOIRequired") == 0) {
1209 str = xml_node_get_text(ctx->xml, child);
1210 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+>/HomeOIRequired = '%s'",
1211 str);
1212 if (str == NULL)
1213 continue;
1214 required = strcasecmp(str, "true") == 0;
1215 xml_node_get_text_free(ctx->xml, str);
1216 } else
1217 wpa_printf(MSG_INFO, "Unknown HomeOIList node '%s'",
1218 name);
1219 }
1220
1221 if (homeoi == NULL) {
1222 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+> without HomeOI ignored");
1223 return;
1224 }
1225
1226 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList/<X+> '%s' required=%d",
1227 homeoi, required);
1228
1229 if (required) {
1230 if (set_cred(ctx->ifname, id, "required_roaming_consortium",
1231 homeoi) < 0)
1232 wpa_printf(MSG_INFO, "Failed to set cred required_roaming_consortium");
1233 } else {
1234 if (set_cred(ctx->ifname, id, "roaming_consortium", homeoi) < 0)
1235 wpa_printf(MSG_INFO, "Failed to set cred roaming_consortium");
1236 }
1237
1238 xml_node_get_text_free(ctx->xml, homeoi);
1239 }
1240
1241
1242 static void set_pps_cred_home_sp_oi_list(struct hs20_osu_client *ctx, int id,
1243 xml_node_t *node)
1244 {
1245 xml_node_t *child;
1246
1247 wpa_printf(MSG_INFO, "- HomeSP/HomeOIList");
1248
1249 xml_node_for_each_child(ctx->xml, child, node) {
1250 xml_node_for_each_check(ctx->xml, child);
1251 set_pps_cred_home_sp_oi(ctx, id, child);
1252 }
1253 }
1254
1255
1256 static void set_pps_cred_home_sp_other_partner(struct hs20_osu_client *ctx,
1257 int id, xml_node_t *node)
1258 {
1259 xml_node_t *child;
1260 const char *name;
1261 char *fqdn = NULL;
1262
1263 xml_node_for_each_child(ctx->xml, child, node) {
1264 xml_node_for_each_check(ctx->xml, child);
1265 name = xml_node_get_localname(ctx->xml, child);
1266 if (os_strcasecmp(name, "FQDN") == 0 && !fqdn) {
1267 fqdn = xml_node_get_text(ctx->xml, child);
1268 wpa_printf(MSG_INFO, "- HomeSP/OtherHomePartners/<X+>/FQDN = %s",
1269 fqdn);
1270 } else
1271 wpa_printf(MSG_INFO, "Unknown OtherHomePartners node '%s'",
1272 name);
1273 }
1274
1275 if (fqdn == NULL) {
1276 wpa_printf(MSG_INFO, "- HomeSP/OtherHomePartners/<X+> without FQDN ignored");
1277 return;
1278 }
1279
1280 if (set_cred_quoted(ctx->ifname, id, "domain", fqdn) < 0)
1281 wpa_printf(MSG_INFO, "Failed to set cred domain for OtherHomePartners node");
1282
1283 xml_node_get_text_free(ctx->xml, fqdn);
1284 }
1285
1286
1287 static void set_pps_cred_home_sp_other_partners(struct hs20_osu_client *ctx,
1288 int id,
1289 xml_node_t *node)
1290 {
1291 xml_node_t *child;
1292
1293 wpa_printf(MSG_INFO, "- HomeSP/OtherHomePartners");
1294
1295 xml_node_for_each_child(ctx->xml, child, node) {
1296 xml_node_for_each_check(ctx->xml, child);
1297 set_pps_cred_home_sp_other_partner(ctx, id, child);
1298 }
1299 }
1300
1301
1302 static void set_pps_cred_home_sp_roaming_consortium_oi(
1303 struct hs20_osu_client *ctx, int id, xml_node_t *node)
1304 {
1305 char *str = xml_node_get_text(ctx->xml, node);
1306 if (str == NULL)
1307 return;
1308 wpa_printf(MSG_INFO, "- HomeSP/RoamingConsortiumOI = %s", str);
1309 if (set_cred_quoted(ctx->ifname, id, "roaming_consortiums",
1310 str) < 0)
1311 wpa_printf(MSG_INFO, "Failed to set cred roaming_consortiums");
1312 xml_node_get_text_free(ctx->xml, str);
1313 }
1314
1315
1316 static void set_pps_cred_home_sp(struct hs20_osu_client *ctx, int id,
1317 xml_node_t *node)
1318 {
1319 xml_node_t *child;
1320 const char *name;
1321
1322 wpa_printf(MSG_INFO, "- HomeSP");
1323
1324 xml_node_for_each_child(ctx->xml, child, node) {
1325 xml_node_for_each_check(ctx->xml, child);
1326 name = xml_node_get_localname(ctx->xml, child);
1327 if (os_strcasecmp(name, "NetworkID") == 0)
1328 set_pps_cred_home_sp_network_ids(ctx, id, child);
1329 else if (os_strcasecmp(name, "FriendlyName") == 0)
1330 set_pps_cred_home_sp_friendly_name(ctx, id, child);
1331 else if (os_strcasecmp(name, "IconURL") == 0)
1332 set_pps_cred_home_sp_icon_url(ctx, id, child);
1333 else if (os_strcasecmp(name, "FQDN") == 0)
1334 set_pps_cred_home_sp_fqdn(ctx, id, child);
1335 else if (os_strcasecmp(name, "HomeOIList") == 0)
1336 set_pps_cred_home_sp_oi_list(ctx, id, child);
1337 else if (os_strcasecmp(name, "OtherHomePartners") == 0)
1338 set_pps_cred_home_sp_other_partners(ctx, id, child);
1339 else if (os_strcasecmp(name, "RoamingConsortiumOI") == 0)
1340 set_pps_cred_home_sp_roaming_consortium_oi(ctx, id,
1341 child);
1342 else
1343 wpa_printf(MSG_INFO, "Unknown HomeSP node '%s'", name);
1344 }
1345 }
1346
1347
1348 static void set_pps_cred_sub_params(struct hs20_osu_client *ctx, int id,
1349 xml_node_t *node)
1350 {
1351 wpa_printf(MSG_INFO, "- SubscriptionParameters");
1352 /* not used within wpa_supplicant */
1353 }
1354
1355
1356 static void set_pps_cred_creation_date(struct hs20_osu_client *ctx, int id,
1357 xml_node_t *node)
1358 {
1359 char *str = xml_node_get_text(ctx->xml, node);
1360 if (str == NULL)
1361 return;
1362 wpa_printf(MSG_INFO, "- Credential/CreationDate = %s", str);
1363 /* not used within wpa_supplicant */
1364 xml_node_get_text_free(ctx->xml, str);
1365 }
1366
1367
1368 static void set_pps_cred_expiration_date(struct hs20_osu_client *ctx, int id,
1369 xml_node_t *node)
1370 {
1371 char *str = xml_node_get_text(ctx->xml, node);
1372 if (str == NULL)
1373 return;
1374 wpa_printf(MSG_INFO, "- Credential/ExpirationDate = %s", str);
1375 /* not used within wpa_supplicant */
1376 xml_node_get_text_free(ctx->xml, str);
1377 }
1378
1379
1380 static void set_pps_cred_username(struct hs20_osu_client *ctx, int id,
1381 xml_node_t *node)
1382 {
1383 char *str = xml_node_get_text(ctx->xml, node);
1384 if (str == NULL)
1385 return;
1386 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/Username = %s",
1387 str);
1388 if (set_cred_quoted(ctx->ifname, id, "username", str) < 0)
1389 wpa_printf(MSG_INFO, "Failed to set cred username");
1390 xml_node_get_text_free(ctx->xml, str);
1391 }
1392
1393
1394 static void set_pps_cred_password(struct hs20_osu_client *ctx, int id,
1395 xml_node_t *node)
1396 {
1397 int len, i;
1398 char *pw, *hex, *pos, *end;
1399
1400 pw = xml_node_get_base64_text(ctx->xml, node, &len);
1401 if (pw == NULL)
1402 return;
1403
1404 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/Password = %s", pw);
1405
1406 hex = malloc(len * 2 + 1);
1407 if (hex == NULL) {
1408 free(pw);
1409 return;
1410 }
1411 end = hex + len * 2 + 1;
1412 pos = hex;
1413 for (i = 0; i < len; i++) {
1414 snprintf(pos, end - pos, "%02x", pw[i]);
1415 pos += 2;
1416 }
1417 free(pw);
1418
1419 if (set_cred(ctx->ifname, id, "password", hex) < 0)
1420 wpa_printf(MSG_INFO, "Failed to set cred password");
1421 free(hex);
1422 }
1423
1424
1425 static void set_pps_cred_machine_managed(struct hs20_osu_client *ctx, int id,
1426 xml_node_t *node)
1427 {
1428 char *str = xml_node_get_text(ctx->xml, node);
1429 if (str == NULL)
1430 return;
1431 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/MachineManaged = %s",
1432 str);
1433 /* not used within wpa_supplicant */
1434 xml_node_get_text_free(ctx->xml, str);
1435 }
1436
1437
1438 static void set_pps_cred_soft_token_app(struct hs20_osu_client *ctx, int id,
1439 xml_node_t *node)
1440 {
1441 char *str = xml_node_get_text(ctx->xml, node);
1442 if (str == NULL)
1443 return;
1444 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/SoftTokenApp = %s",
1445 str);
1446 /* not used within wpa_supplicant */
1447 xml_node_get_text_free(ctx->xml, str);
1448 }
1449
1450
1451 static void set_pps_cred_able_to_share(struct hs20_osu_client *ctx, int id,
1452 xml_node_t *node)
1453 {
1454 char *str = xml_node_get_text(ctx->xml, node);
1455 if (str == NULL)
1456 return;
1457 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/AbleToShare = %s",
1458 str);
1459 /* not used within wpa_supplicant */
1460 xml_node_get_text_free(ctx->xml, str);
1461 }
1462
1463
1464 static void set_pps_cred_eap_method_eap_type(struct hs20_osu_client *ctx,
1465 int id, xml_node_t *node)
1466 {
1467 char *str = xml_node_get_text(ctx->xml, node);
1468 int type;
1469 const char *eap_method = NULL;
1470
1471 if (!str)
1472 return;
1473 wpa_printf(MSG_INFO,
1474 "- Credential/UsernamePassword/EAPMethod/EAPType = %s", str);
1475 type = atoi(str);
1476 switch (type) {
1477 case EAP_TYPE_TLS:
1478 eap_method = "TLS";
1479 break;
1480 case EAP_TYPE_TTLS:
1481 eap_method = "TTLS";
1482 break;
1483 case EAP_TYPE_PEAP:
1484 eap_method = "PEAP";
1485 break;
1486 case EAP_TYPE_PWD:
1487 eap_method = "PWD";
1488 break;
1489 }
1490 xml_node_get_text_free(ctx->xml, str);
1491 if (!eap_method) {
1492 wpa_printf(MSG_INFO, "Unknown EAPType value");
1493 return;
1494 }
1495
1496 if (set_cred(ctx->ifname, id, "eap", eap_method) < 0)
1497 wpa_printf(MSG_INFO, "Failed to set cred eap");
1498 }
1499
1500
1501 static void set_pps_cred_eap_method_inner_method(struct hs20_osu_client *ctx,
1502 int id, xml_node_t *node)
1503 {
1504 char *str = xml_node_get_text(ctx->xml, node);
1505 const char *phase2 = NULL;
1506
1507 if (!str)
1508 return;
1509 wpa_printf(MSG_INFO,
1510 "- Credential/UsernamePassword/EAPMethod/InnerMethod = %s",
1511 str);
1512 if (os_strcmp(str, "PAP") == 0)
1513 phase2 = "auth=PAP";
1514 else if (os_strcmp(str, "CHAP") == 0)
1515 phase2 = "auth=CHAP";
1516 else if (os_strcmp(str, "MS-CHAP") == 0)
1517 phase2 = "auth=MSCHAP";
1518 else if (os_strcmp(str, "MS-CHAP-V2") == 0)
1519 phase2 = "auth=MSCHAPV2";
1520 xml_node_get_text_free(ctx->xml, str);
1521 if (!phase2) {
1522 wpa_printf(MSG_INFO, "Unknown InnerMethod value");
1523 return;
1524 }
1525
1526 if (set_cred_quoted(ctx->ifname, id, "phase2", phase2) < 0)
1527 wpa_printf(MSG_INFO, "Failed to set cred phase2");
1528 }
1529
1530
1531 static void set_pps_cred_eap_method(struct hs20_osu_client *ctx, int id,
1532 xml_node_t *node)
1533 {
1534 xml_node_t *child;
1535 const char *name;
1536
1537 wpa_printf(MSG_INFO, "- Credential/UsernamePassword/EAPMethod");
1538
1539 xml_node_for_each_child(ctx->xml, child, node) {
1540 xml_node_for_each_check(ctx->xml, child);
1541 name = xml_node_get_localname(ctx->xml, child);
1542 if (os_strcasecmp(name, "EAPType") == 0)
1543 set_pps_cred_eap_method_eap_type(ctx, id, child);
1544 else if (os_strcasecmp(name, "InnerMethod") == 0)
1545 set_pps_cred_eap_method_inner_method(ctx, id, child);
1546 else
1547 wpa_printf(MSG_INFO, "Unknown Credential/UsernamePassword/EAPMethod node '%s'",
1548 name);
1549 }
1550 }
1551
1552
1553 static void set_pps_cred_username_password(struct hs20_osu_client *ctx, int id,
1554 xml_node_t *node)
1555 {
1556 xml_node_t *child;
1557 const char *name;
1558
1559 wpa_printf(MSG_INFO, "- Credential/UsernamePassword");
1560
1561 xml_node_for_each_child(ctx->xml, child, node) {
1562 xml_node_for_each_check(ctx->xml, child);
1563 name = xml_node_get_localname(ctx->xml, child);
1564 if (os_strcasecmp(name, "Username") == 0)
1565 set_pps_cred_username(ctx, id, child);
1566 else if (os_strcasecmp(name, "Password") == 0)
1567 set_pps_cred_password(ctx, id, child);
1568 else if (os_strcasecmp(name, "MachineManaged") == 0)
1569 set_pps_cred_machine_managed(ctx, id, child);
1570 else if (os_strcasecmp(name, "SoftTokenApp") == 0)
1571 set_pps_cred_soft_token_app(ctx, id, child);
1572 else if (os_strcasecmp(name, "AbleToShare") == 0)
1573 set_pps_cred_able_to_share(ctx, id, child);
1574 else if (os_strcasecmp(name, "EAPMethod") == 0)
1575 set_pps_cred_eap_method(ctx, id, child);
1576 else
1577 wpa_printf(MSG_INFO, "Unknown Credential/UsernamePassword node '%s'",
1578 name);
1579 }
1580 }
1581
1582
1583 static void set_pps_cred_digital_cert(struct hs20_osu_client *ctx, int id,
1584 xml_node_t *node, const char *fqdn)
1585 {
1586 char buf[200], dir[200];
1587
1588 wpa_printf(MSG_INFO, "- Credential/DigitalCertificate");
1589
1590 if (getcwd(dir, sizeof(dir)) == NULL)
1591 return;
1592
1593 /* TODO: could build username from Subject of Subject AltName */
1594 if (set_cred_quoted(ctx->ifname, id, "username", "cert") < 0) {
1595 wpa_printf(MSG_INFO, "Failed to set username");
1596 }
1597
1598 snprintf(buf, sizeof(buf), "%s/SP/%s/client-cert.pem", dir, fqdn);
1599 if (os_file_exists(buf)) {
1600 if (set_cred_quoted(ctx->ifname, id, "client_cert", buf) < 0) {
1601 wpa_printf(MSG_INFO, "Failed to set client_cert");
1602 }
1603 }
1604
1605 snprintf(buf, sizeof(buf), "%s/SP/%s/client-key.pem", dir, fqdn);
1606 if (os_file_exists(buf)) {
1607 if (set_cred_quoted(ctx->ifname, id, "private_key", buf) < 0) {
1608 wpa_printf(MSG_INFO, "Failed to set private_key");
1609 }
1610 }
1611 }
1612
1613
1614 static void set_pps_cred_realm(struct hs20_osu_client *ctx, int id,
1615 xml_node_t *node, const char *fqdn, int sim)
1616 {
1617 char *str = xml_node_get_text(ctx->xml, node);
1618 char buf[200], dir[200];
1619
1620 if (str == NULL)
1621 return;
1622
1623 wpa_printf(MSG_INFO, "- Credential/Realm = %s", str);
1624 if (set_cred_quoted(ctx->ifname, id, "realm", str) < 0)
1625 wpa_printf(MSG_INFO, "Failed to set cred realm");
1626 xml_node_get_text_free(ctx->xml, str);
1627
1628 if (sim)
1629 return;
1630
1631 if (getcwd(dir, sizeof(dir)) == NULL)
1632 return;
1633 snprintf(buf, sizeof(buf), "%s/SP/%s/aaa-ca.pem", dir, fqdn);
1634 if (os_file_exists(buf)) {
1635 if (set_cred_quoted(ctx->ifname, id, "ca_cert", buf) < 0) {
1636 wpa_printf(MSG_INFO, "Failed to set CA cert");
1637 }
1638 }
1639 }
1640
1641
1642 static void set_pps_cred_check_aaa_cert_status(struct hs20_osu_client *ctx,
1643 int id, xml_node_t *node)
1644 {
1645 char *str = xml_node_get_text(ctx->xml, node);
1646
1647 if (str == NULL)
1648 return;
1649
1650 wpa_printf(MSG_INFO, "- Credential/CheckAAAServerCertStatus = %s", str);
1651 if (os_strcasecmp(str, "true") == 0 &&
1652 set_cred(ctx->ifname, id, "ocsp", "2") < 0)
1653 wpa_printf(MSG_INFO, "Failed to set cred ocsp");
1654 xml_node_get_text_free(ctx->xml, str);
1655 }
1656
1657
1658 static void set_pps_cred_sim(struct hs20_osu_client *ctx, int id,
1659 xml_node_t *sim, xml_node_t *realm)
1660 {
1661 xml_node_t *node;
1662 char *imsi, *eaptype, *str, buf[20];
1663 int type;
1664 int mnc_len = 3;
1665 size_t imsi_len;
1666
1667 node = get_node(ctx->xml, sim, "EAPType");
1668 if (node == NULL) {
1669 wpa_printf(MSG_INFO, "No SIM/EAPType node in credential");
1670 return;
1671 }
1672 eaptype = xml_node_get_text(ctx->xml, node);
1673 if (eaptype == NULL) {
1674 wpa_printf(MSG_INFO, "Could not extract SIM/EAPType");
1675 return;
1676 }
1677 wpa_printf(MSG_INFO, " - Credential/SIM/EAPType = %s", eaptype);
1678 type = atoi(eaptype);
1679 xml_node_get_text_free(ctx->xml, eaptype);
1680
1681 switch (type) {
1682 case EAP_TYPE_SIM:
1683 if (set_cred(ctx->ifname, id, "eap", "SIM") < 0)
1684 wpa_printf(MSG_INFO, "Could not set eap=SIM");
1685 break;
1686 case EAP_TYPE_AKA:
1687 if (set_cred(ctx->ifname, id, "eap", "AKA") < 0)
1688 wpa_printf(MSG_INFO, "Could not set eap=SIM");
1689 break;
1690 case EAP_TYPE_AKA_PRIME:
1691 if (set_cred(ctx->ifname, id, "eap", "AKA'") < 0)
1692 wpa_printf(MSG_INFO, "Could not set eap=SIM");
1693 break;
1694 default:
1695 wpa_printf(MSG_INFO, "Unsupported SIM/EAPType %d", type);
1696 return;
1697 }
1698
1699 node = get_node(ctx->xml, sim, "IMSI");
1700 if (node == NULL) {
1701 wpa_printf(MSG_INFO, "No SIM/IMSI node in credential");
1702 return;
1703 }
1704 imsi = xml_node_get_text(ctx->xml, node);
1705 if (imsi == NULL) {
1706 wpa_printf(MSG_INFO, "Could not extract SIM/IMSI");
1707 return;
1708 }
1709 wpa_printf(MSG_INFO, " - Credential/SIM/IMSI = %s", imsi);
1710 imsi_len = os_strlen(imsi);
1711 if (imsi_len < 7 || imsi_len + 2 > sizeof(buf)) {
1712 wpa_printf(MSG_INFO, "Invalid IMSI length");
1713 xml_node_get_text_free(ctx->xml, imsi);
1714 return;
1715 }
1716
1717 str = xml_node_get_text(ctx->xml, node);
1718 if (str) {
1719 char *pos;
1720 pos = os_strstr(str, "mnc");
1721 if (pos && os_strlen(pos) >= 6) {
1722 if (os_strncmp(imsi + 3, pos + 3, 3) == 0)
1723 mnc_len = 3;
1724 else if (os_strncmp(imsi + 3, pos + 4, 2) == 0)
1725 mnc_len = 2;
1726 }
1727 xml_node_get_text_free(ctx->xml, str);
1728 }
1729
1730 os_memcpy(buf, imsi, 3 + mnc_len);
1731 buf[3 + mnc_len] = '-';
1732 os_strlcpy(buf + 3 + mnc_len + 1, imsi + 3 + mnc_len,
1733 sizeof(buf) - 3 - mnc_len - 1);
1734
1735 xml_node_get_text_free(ctx->xml, imsi);
1736
1737 if (set_cred_quoted(ctx->ifname, id, "imsi", buf) < 0)
1738 wpa_printf(MSG_INFO, "Could not set IMSI");
1739
1740 if (set_cred_quoted(ctx->ifname, id, "milenage",
1741 "90dca4eda45b53cf0f12d7c9c3bc6a89:"
1742 "cb9cccc4b9258e6dca4760379fb82581:000000000123") <
1743 0)
1744 wpa_printf(MSG_INFO, "Could not set Milenage parameters");
1745 }
1746
1747
1748 static void set_pps_cred_credential(struct hs20_osu_client *ctx, int id,
1749 xml_node_t *node, const char *fqdn)
1750 {
1751 xml_node_t *child, *sim, *realm;
1752 const char *name;
1753
1754 wpa_printf(MSG_INFO, "- Credential");
1755
1756 sim = get_node(ctx->xml, node, "SIM");
1757 realm = get_node(ctx->xml, node, "Realm");
1758
1759 xml_node_for_each_child(ctx->xml, child, node) {
1760 xml_node_for_each_check(ctx->xml, child);
1761 name = xml_node_get_localname(ctx->xml, child);
1762 if (os_strcasecmp(name, "CreationDate") == 0)
1763 set_pps_cred_creation_date(ctx, id, child);
1764 else if (os_strcasecmp(name, "ExpirationDate") == 0)
1765 set_pps_cred_expiration_date(ctx, id, child);
1766 else if (os_strcasecmp(name, "UsernamePassword") == 0)
1767 set_pps_cred_username_password(ctx, id, child);
1768 else if (os_strcasecmp(name, "DigitalCertificate") == 0)
1769 set_pps_cred_digital_cert(ctx, id, child, fqdn);
1770 else if (os_strcasecmp(name, "Realm") == 0)
1771 set_pps_cred_realm(ctx, id, child, fqdn, sim != NULL);
1772 else if (os_strcasecmp(name, "CheckAAAServerCertStatus") == 0)
1773 set_pps_cred_check_aaa_cert_status(ctx, id, child);
1774 else if (os_strcasecmp(name, "SIM") == 0)
1775 set_pps_cred_sim(ctx, id, child, realm);
1776 else
1777 wpa_printf(MSG_INFO, "Unknown Credential node '%s'",
1778 name);
1779 }
1780 }
1781
1782
1783 static void set_pps_credential(struct hs20_osu_client *ctx, int id,
1784 xml_node_t *cred, const char *fqdn)
1785 {
1786 xml_node_t *child;
1787 const char *name;
1788
1789 xml_node_for_each_child(ctx->xml, child, cred) {
1790 xml_node_for_each_check(ctx->xml, child);
1791 name = xml_node_get_localname(ctx->xml, child);
1792 if (os_strcasecmp(name, "Policy") == 0)
1793 set_pps_cred_policy(ctx, id, child);
1794 else if (os_strcasecmp(name, "CredentialPriority") == 0)
1795 set_pps_cred_priority(ctx, id, child);
1796 else if (os_strcasecmp(name, "AAAServerTrustRoot") == 0)
1797 set_pps_cred_aaa_server_trust_root(ctx, id, child);
1798 else if (os_strcasecmp(name, "SubscriptionUpdate") == 0)
1799 set_pps_cred_sub_update(ctx, id, child);
1800 else if (os_strcasecmp(name, "HomeSP") == 0)
1801 set_pps_cred_home_sp(ctx, id, child);
1802 else if (os_strcasecmp(name, "SubscriptionParameters") == 0)
1803 set_pps_cred_sub_params(ctx, id, child);
1804 else if (os_strcasecmp(name, "Credential") == 0)
1805 set_pps_cred_credential(ctx, id, child, fqdn);
1806 else
1807 wpa_printf(MSG_INFO, "Unknown credential node '%s'",
1808 name);
1809 }
1810 }
1811
1812
1813 static void set_pps(struct hs20_osu_client *ctx, xml_node_t *pps,
1814 const char *fqdn)
1815 {
1816 xml_node_t *child;
1817 const char *name;
1818 int id;
1819 char *update_identifier = NULL;
1820
1821 /*
1822 * TODO: Could consider more complex mechanism that would remove
1823 * credentials only if there are changes in the information sent to
1824 * wpa_supplicant.
1825 */
1826 remove_sp_creds(ctx, fqdn);
1827
1828 xml_node_for_each_child(ctx->xml, child, pps) {
1829 xml_node_for_each_check(ctx->xml, child);
1830 name = xml_node_get_localname(ctx->xml, child);
1831 if (os_strcasecmp(name, "UpdateIdentifier") == 0) {
1832 update_identifier = xml_node_get_text(ctx->xml, child);
1833 if (update_identifier) {
1834 wpa_printf(MSG_INFO, "- UpdateIdentifier = %s",
1835 update_identifier);
1836 break;
1837 }
1838 }
1839 }
1840
1841 xml_node_for_each_child(ctx->xml, child, pps) {
1842 xml_node_for_each_check(ctx->xml, child);
1843 name = xml_node_get_localname(ctx->xml, child);
1844 if (os_strcasecmp(name, "UpdateIdentifier") == 0)
1845 continue;
1846 id = add_cred(ctx->ifname);
1847 if (id < 0) {
1848 wpa_printf(MSG_INFO, "Failed to add credential to wpa_supplicant");
1849 write_summary(ctx, "Failed to add credential to wpa_supplicant");
1850 break;
1851 }
1852 write_summary(ctx, "Add a credential to wpa_supplicant");
1853 if (update_identifier &&
1854 set_cred(ctx->ifname, id, "update_identifier",
1855 update_identifier) < 0)
1856 wpa_printf(MSG_INFO, "Failed to set update_identifier");
1857 if (set_cred_quoted(ctx->ifname, id, "provisioning_sp", fqdn) <
1858 0)
1859 wpa_printf(MSG_INFO, "Failed to set provisioning_sp");
1860 wpa_printf(MSG_INFO, "credential localname: '%s'", name);
1861 set_pps_credential(ctx, id, child, fqdn);
1862 ctx->pps_cred_set = 1;
1863 }
1864
1865 xml_node_get_text_free(ctx->xml, update_identifier);
1866 }
1867
1868
1869 void cmd_set_pps(struct hs20_osu_client *ctx, const char *pps_fname)
1870 {
1871 xml_node_t *pps;
1872 const char *fqdn;
1873 char *fqdn_buf = NULL, *pos;
1874
1875 pps = node_from_file(ctx->xml, pps_fname);
1876 if (pps == NULL) {
1877 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
1878 return;
1879 }
1880
1881 fqdn = os_strstr(pps_fname, "SP/");
1882 if (fqdn) {
1883 fqdn_buf = os_strdup(fqdn + 3);
1884 if (fqdn_buf == NULL)
1885 return;
1886 pos = os_strchr(fqdn_buf, '/');
1887 if (pos)
1888 *pos = '\0';
1889 fqdn = fqdn_buf;
1890 } else
1891 fqdn = "wi-fi.org";
1892
1893 wpa_printf(MSG_INFO, "Set PPS MO info to wpa_supplicant - SP FQDN %s",
1894 fqdn);
1895 set_pps(ctx, pps, fqdn);
1896
1897 os_free(fqdn_buf);
1898 xml_node_free(ctx->xml, pps);
1899 }
1900
1901
1902 static int cmd_get_fqdn(struct hs20_osu_client *ctx, const char *pps_fname)
1903 {
1904 xml_node_t *pps, *node;
1905 char *fqdn = NULL;
1906
1907 pps = node_from_file(ctx->xml, pps_fname);
1908 if (pps == NULL) {
1909 wpa_printf(MSG_INFO, "Could not read or parse '%s'", pps_fname);
1910 return -1;
1911 }
1912
1913 node = get_child_node(ctx->xml, pps, "HomeSP/FQDN");
1914 if (node)
1915 fqdn = xml_node_get_text(ctx->xml, node);
1916
1917 xml_node_free(ctx->xml, pps);
1918
1919 if (fqdn) {
1920 FILE *f = fopen("pps-fqdn", "w");
1921 if (f) {
1922 fprintf(f, "%s", fqdn);
1923 fclose(f);
1924 }
1925 xml_node_get_text_free(ctx->xml, fqdn);
1926 return 0;
1927 }
1928
1929 xml_node_get_text_free(ctx->xml, fqdn);
1930 return -1;
1931 }
1932
1933
1934 static void cmd_to_tnds(struct hs20_osu_client *ctx, const char *in_fname,
1935 const char *out_fname, const char *urn, int use_path)
1936 {
1937 xml_node_t *mo, *node;
1938
1939 mo = node_from_file(ctx->xml, in_fname);
1940 if (mo == NULL) {
1941 wpa_printf(MSG_INFO, "Could not read or parse '%s'", in_fname);
1942 return;
1943 }
1944
1945 node = mo_to_tnds(ctx->xml, mo, use_path, urn, NULL);
1946 if (node) {
1947 node_to_file(ctx->xml, out_fname, node);
1948 xml_node_free(ctx->xml, node);
1949 }
1950
1951 xml_node_free(ctx->xml, mo);
1952 }
1953
1954
1955 static void cmd_from_tnds(struct hs20_osu_client *ctx, const char *in_fname,
1956 const char *out_fname)
1957 {
1958 xml_node_t *tnds, *mo;
1959
1960 tnds = node_from_file(ctx->xml, in_fname);
1961 if (tnds == NULL) {
1962 wpa_printf(MSG_INFO, "Could not read or parse '%s'", in_fname);
1963 return;
1964 }
1965
1966 mo = tnds_to_mo(ctx->xml, tnds);
1967 if (mo) {
1968 node_to_file(ctx->xml, out_fname, mo);
1969 xml_node_free(ctx->xml, mo);
1970 }
1971
1972 xml_node_free(ctx->xml, tnds);
1973 }
1974
1975
1976 struct osu_icon {
1977 int id;
1978 char lang[4];
1979 char mime_type[256];
1980 char filename[256];
1981 };
1982
1983 struct osu_data {
1984 char bssid[20];
1985 char url[256];
1986 unsigned int methods;
1987 char osu_ssid[33];
1988 char osu_ssid2[33];
1989 char osu_nai[256];
1990 struct osu_lang_text friendly_name[MAX_OSU_VALS];
1991 size_t friendly_name_count;
1992 struct osu_lang_text serv_desc[MAX_OSU_VALS];
1993 size_t serv_desc_count;
1994 struct osu_icon icon[MAX_OSU_VALS];
1995 size_t icon_count;
1996 };
1997
1998
1999 static struct osu_data * parse_osu_providers(const char *fname, size_t *count)
2000 {
2001 FILE *f;
2002 char buf[1000];
2003 struct osu_data *osu = NULL, *last = NULL;
2004 size_t osu_count = 0;
2005 char *pos, *end;
2006
2007 f = fopen(fname, "r");
2008 if (f == NULL) {
2009 wpa_printf(MSG_ERROR, "Could not open %s", fname);
2010 return NULL;
2011 }
2012
2013 while (fgets(buf, sizeof(buf), f)) {
2014 pos = strchr(buf, '\n');
2015 if (pos)
2016 *pos = '\0';
2017
2018 if (strncmp(buf, "OSU-PROVIDER ", 13) == 0) {
2019 last = realloc(osu, (osu_count + 1) * sizeof(*osu));
2020 if (last == NULL)
2021 break;
2022 osu = last;
2023 last = &osu[osu_count++];
2024 memset(last, 0, sizeof(*last));
2025 snprintf(last->bssid, sizeof(last->bssid), "%s",
2026 buf + 13);
2027 continue;
2028 }
2029 if (!last)
2030 continue;
2031
2032 if (strncmp(buf, "uri=", 4) == 0) {
2033 snprintf(last->url, sizeof(last->url), "%s", buf + 4);
2034 continue;
2035 }
2036
2037 if (strncmp(buf, "methods=", 8) == 0) {
2038 last->methods = strtol(buf + 8, NULL, 16);
2039 continue;
2040 }
2041
2042 if (strncmp(buf, "osu_ssid=", 9) == 0) {
2043 snprintf(last->osu_ssid, sizeof(last->osu_ssid),
2044 "%s", buf + 9);
2045 continue;
2046 }
2047
2048 if (strncmp(buf, "osu_ssid2=", 10) == 0) {
2049 snprintf(last->osu_ssid2, sizeof(last->osu_ssid2),
2050 "%s", buf + 10);
2051 continue;
2052 }
2053
2054 if (os_strncmp(buf, "osu_nai=", 8) == 0) {
2055 os_snprintf(last->osu_nai, sizeof(last->osu_nai),
2056 "%s", buf + 8);
2057 continue;
2058 }
2059
2060 if (strncmp(buf, "friendly_name=", 14) == 0) {
2061 struct osu_lang_text *txt;
2062 if (last->friendly_name_count == MAX_OSU_VALS)
2063 continue;
2064 pos = strchr(buf + 14, ':');
2065 if (pos == NULL)
2066 continue;
2067 *pos++ = '\0';
2068 txt = &last->friendly_name[last->friendly_name_count++];
2069 snprintf(txt->lang, sizeof(txt->lang), "%s", buf + 14);
2070 snprintf(txt->text, sizeof(txt->text), "%s", pos);
2071 }
2072
2073 if (strncmp(buf, "desc=", 5) == 0) {
2074 struct osu_lang_text *txt;
2075 if (last->serv_desc_count == MAX_OSU_VALS)
2076 continue;
2077 pos = strchr(buf + 5, ':');
2078 if (pos == NULL)
2079 continue;
2080 *pos++ = '\0';
2081 txt = &last->serv_desc[last->serv_desc_count++];
2082 snprintf(txt->lang, sizeof(txt->lang), "%s", buf + 5);
2083 snprintf(txt->text, sizeof(txt->text), "%s", pos);
2084 }
2085
2086 if (strncmp(buf, "icon=", 5) == 0) {
2087 struct osu_icon *icon;
2088 if (last->icon_count == MAX_OSU_VALS)
2089 continue;
2090 icon = &last->icon[last->icon_count++];
2091 icon->id = atoi(buf + 5);
2092 pos = strchr(buf, ':');
2093 if (pos == NULL)
2094 continue;
2095 pos = strchr(pos + 1, ':');
2096 if (pos == NULL)
2097 continue;
2098 pos = strchr(pos + 1, ':');
2099 if (pos == NULL)
2100 continue;
2101 pos++;
2102 end = strchr(pos, ':');
2103 if (!end)
2104 continue;
2105 *end = '\0';
2106 snprintf(icon->lang, sizeof(icon->lang), "%s", pos);
2107 pos = end + 1;
2108
2109 end = strchr(pos, ':');
2110 if (end)
2111 *end = '\0';
2112 snprintf(icon->mime_type, sizeof(icon->mime_type),
2113 "%s", pos);
2114 if (!pos)
2115 continue;
2116 pos = end + 1;
2117
2118 end = strchr(pos, ':');
2119 if (end)
2120 *end = '\0';
2121 snprintf(icon->filename, sizeof(icon->filename),
2122 "%s", pos);
2123 continue;
2124 }
2125 }
2126
2127 fclose(f);
2128
2129 *count = osu_count;
2130 return osu;
2131 }
2132
2133
2134 static int osu_connect(struct hs20_osu_client *ctx, const char *bssid,
2135 const char *ssid, const char *ssid2, const char *url,
2136 unsigned int methods, int no_prod_assoc,
2137 const char *osu_nai)
2138 {
2139 int id;
2140 const char *ifname = ctx->ifname;
2141 char buf[200];
2142 struct wpa_ctrl *mon;
2143 int res;
2144
2145 if (ssid2 && ssid2[0] == '\0')
2146 ssid2 = NULL;
2147
2148 if (ctx->osu_ssid) {
2149 if (os_strcmp(ssid, ctx->osu_ssid) == 0) {
2150 wpa_printf(MSG_DEBUG,
2151 "Enforced OSU SSID matches ANQP info");
2152 ssid2 = NULL;
2153 } else if (ssid2 && os_strcmp(ssid2, ctx->osu_ssid) == 0) {
2154 wpa_printf(MSG_DEBUG,
2155 "Enforced OSU SSID matches RSN[OSEN] info");
2156 ssid = ssid2;
2157 } else {
2158 wpa_printf(MSG_INFO, "Enforced OSU SSID did not match");
2159 write_summary(ctx, "Enforced OSU SSID did not match");
2160 return -1;
2161 }
2162 }
2163
2164 id = add_network(ifname);
2165 if (id < 0)
2166 return -1;
2167 if (set_network_quoted(ifname, id, "ssid", ssid) < 0)
2168 return -1;
2169 if (osu_nai && os_strlen(osu_nai) > 0) {
2170 char dir[255], fname[300];
2171 if (getcwd(dir, sizeof(dir)) == NULL)
2172 return -1;
2173 os_snprintf(fname, sizeof(fname), "%s/osu-ca.pem", dir);
2174
2175 if (ssid2 && set_network_quoted(ifname, id, "ssid", ssid2) < 0)
2176 return -1;
2177
2178 if (set_network(ifname, id, "proto", "OSEN") < 0 ||
2179 set_network(ifname, id, "key_mgmt", "OSEN") < 0 ||
2180 set_network(ifname, id, "pairwise", "CCMP") < 0 ||
2181 set_network(ifname, id, "group", "GTK_NOT_USED CCMP") < 0 ||
2182 set_network(ifname, id, "eap", "WFA-UNAUTH-TLS") < 0 ||
2183 set_network(ifname, id, "ocsp", "2") < 0 ||
2184 set_network_quoted(ifname, id, "identity", osu_nai) < 0 ||
2185 set_network_quoted(ifname, id, "ca_cert", fname) < 0)
2186 return -1;
2187 } else {
2188 if (set_network(ifname, id, "key_mgmt", "NONE") < 0)
2189 return -1;
2190 }
2191
2192 mon = open_wpa_mon(ifname);
2193 if (mon == NULL)
2194 return -1;
2195
2196 wpa_printf(MSG_INFO, "Associate with OSU SSID");
2197 write_summary(ctx, "Associate with OSU SSID");
2198 snprintf(buf, sizeof(buf), "SELECT_NETWORK %d", id);
2199 if (wpa_command(ifname, buf) < 0)
2200 return -1;
2201
2202 res = get_wpa_cli_event(mon, "CTRL-EVENT-CONNECTED",
2203 buf, sizeof(buf));
2204
2205 wpa_ctrl_detach(mon);
2206 wpa_ctrl_close(mon);
2207
2208 if (res < 0) {
2209 wpa_printf(MSG_INFO, "Could not connect");
2210 write_summary(ctx, "Could not connect to OSU network");
2211 wpa_printf(MSG_INFO, "Remove OSU network connection");
2212 snprintf(buf, sizeof(buf), "REMOVE_NETWORK %d", id);
2213 wpa_command(ifname, buf);
2214 return -1;
2215 }
2216
2217 write_summary(ctx, "Waiting for IP address for subscription registration");
2218 if (wait_ip_addr(ifname, 15) < 0) {
2219 wpa_printf(MSG_INFO, "Could not get IP address for WLAN - try connection anyway");
2220 }
2221
2222 if (no_prod_assoc) {
2223 if (res < 0)
2224 return -1;
2225 wpa_printf(MSG_INFO, "No production connection used for testing purposes");
2226 write_summary(ctx, "No production connection used for testing purposes");
2227 return 0;
2228 }
2229
2230 ctx->no_reconnect = 1;
2231 if (methods & 0x02) {
2232 wpa_printf(MSG_DEBUG, "Calling cmd_prov from osu_connect");
2233 res = cmd_prov(ctx, url);
2234 } else if (methods & 0x01) {
2235 wpa_printf(MSG_DEBUG,
2236 "Calling cmd_oma_dm_prov from osu_connect");
2237 res = cmd_oma_dm_prov(ctx, url);
2238 }
2239
2240 wpa_printf(MSG_INFO, "Remove OSU network connection");
2241 write_summary(ctx, "Remove OSU network connection");
2242 snprintf(buf, sizeof(buf), "REMOVE_NETWORK %d", id);
2243 wpa_command(ifname, buf);
2244
2245 if (res < 0)
2246 return -1;
2247
2248 wpa_printf(MSG_INFO, "Requesting reconnection with updated configuration");
2249 write_summary(ctx, "Requesting reconnection with updated configuration");
2250 if (wpa_command(ctx->ifname, "INTERWORKING_SELECT auto") < 0) {
2251 wpa_printf(MSG_INFO, "Failed to request wpa_supplicant to reconnect");
2252 write_summary(ctx, "Failed to request wpa_supplicant to reconnect");
2253 return -1;
2254 }
2255
2256 return 0;
2257 }
2258
2259
2260 static int cmd_osu_select(struct hs20_osu_client *ctx, const char *dir,
2261 int connect, int no_prod_assoc,
2262 const char *friendly_name)
2263 {
2264 char fname[255];
2265 FILE *f;
2266 struct osu_data *osu = NULL, *last = NULL;
2267 size_t osu_count = 0, i, j;
2268 int ret;
2269
2270 write_summary(ctx, "OSU provider selection");
2271
2272 if (dir == NULL) {
2273 wpa_printf(MSG_INFO, "Missing dir parameter to osu_select");
2274 return -1;
2275 }
2276
2277 snprintf(fname, sizeof(fname), "%s/osu-providers.txt", dir);
2278 osu = parse_osu_providers(fname, &osu_count);
2279 if (osu == NULL) {
2280 wpa_printf(MSG_INFO, "Could not find any OSU providers from %s",
2281 fname);
2282 write_result(ctx, "No OSU providers available");
2283 return -1;
2284 }
2285
2286 if (friendly_name) {
2287 for (i = 0; i < osu_count; i++) {
2288 last = &osu[i];
2289 for (j = 0; j < last->friendly_name_count; j++) {
2290 if (os_strcmp(last->friendly_name[j].text,
2291 friendly_name) == 0)
2292 break;
2293 }
2294 if (j < last->friendly_name_count)
2295 break;
2296 }
2297 if (i == osu_count) {
2298 wpa_printf(MSG_INFO, "Requested operator friendly name '%s' not found in the list of available providers",
2299 friendly_name);
2300 write_summary(ctx, "Requested operator friendly name '%s' not found in the list of available providers",
2301 friendly_name);
2302 free(osu);
2303 return -1;
2304 }
2305
2306 wpa_printf(MSG_INFO, "OSU Provider selected based on requested operator friendly name '%s'",
2307 friendly_name);
2308 write_summary(ctx, "OSU Provider selected based on requested operator friendly name '%s'",
2309 friendly_name);
2310 ret = i + 1;
2311 goto selected;
2312 }
2313
2314 snprintf(fname, sizeof(fname), "%s/osu-providers.html", dir);
2315 f = fopen(fname, "w");
2316 if (f == NULL) {
2317 wpa_printf(MSG_INFO, "Could not open %s", fname);
2318 free(osu);
2319 return -1;
2320 }
2321
2322 fprintf(f, "<html><head>"
2323 "<meta http-equiv=\"Content-type\" content=\"text/html; "
2324 "charset=utf-8\"<title>Select service operator</title>"
2325 "</head><body><h1>Select service operator</h1>\n");
2326
2327 if (osu_count == 0)
2328 fprintf(f, "No online signup available\n");
2329
2330 for (i = 0; i < osu_count; i++) {
2331 last = &osu[i];
2332 #ifdef ANDROID
2333 fprintf(f, "<p>\n"
2334 "<a href=\"http://localhost:12345/osu/%d\">"
2335 "<table><tr><td>", (int) i + 1);
2336 #else /* ANDROID */
2337 fprintf(f, "<p>\n"
2338 "<a href=\"osu://%d\">"
2339 "<table><tr><td>", (int) i + 1);
2340 #endif /* ANDROID */
2341 for (j = 0; j < last->icon_count; j++) {
2342 fprintf(f, "<img src=\"osu-icon-%d.%s\">\n",
2343 last->icon[j].id,
2344 strcasecmp(last->icon[j].mime_type,
2345 "image/png") == 0 ? "png" : "icon");
2346 }
2347 fprintf(f, "<td>");
2348 for (j = 0; j < last->friendly_name_count; j++) {
2349 fprintf(f, "<small>[%s]</small> %s<br>\n",
2350 last->friendly_name[j].lang,
2351 last->friendly_name[j].text);
2352 }
2353 fprintf(f, "<tr><td colspan=2>");
2354 for (j = 0; j < last->serv_desc_count; j++) {
2355 fprintf(f, "<small>[%s]</small> %s<br>\n",
2356 last->serv_desc[j].lang,
2357 last->serv_desc[j].text);
2358 }
2359 fprintf(f, "</table></a><br><small>BSSID: %s<br>\n"
2360 "SSID: %s<br>\n",
2361 last->bssid, last->osu_ssid);
2362 if (last->osu_ssid2[0])
2363 fprintf(f, "SSID2: %s<br>\n", last->osu_ssid2);
2364 if (last->osu_nai[0])
2365 fprintf(f, "NAI: %s<br>\n", last->osu_nai);
2366 fprintf(f, "URL: %s<br>\n"
2367 "methods:%s%s<br>\n"
2368 "</small></p>\n",
2369 last->url,
2370 last->methods & 0x01 ? " OMA-DM" : "",
2371 last->methods & 0x02 ? " SOAP-XML-SPP" : "");
2372 }
2373
2374 fprintf(f, "</body></html>\n");
2375
2376 fclose(f);
2377
2378 snprintf(fname, sizeof(fname), "file://%s/osu-providers.html", dir);
2379 write_summary(ctx, "Start web browser with OSU provider selection page");
2380 ret = hs20_web_browser(fname);
2381
2382 selected:
2383 if (ret > 0 && (size_t) ret <= osu_count) {
2384 char *data;
2385 size_t data_len;
2386
2387 wpa_printf(MSG_INFO, "Selected OSU id=%d", ret);
2388 last = &osu[ret - 1];
2389 ret = 0;
2390 wpa_printf(MSG_INFO, "BSSID: %s", last->bssid);
2391 wpa_printf(MSG_INFO, "SSID: %s", last->osu_ssid);
2392 if (last->osu_ssid2[0])
2393 wpa_printf(MSG_INFO, "SSID2: %s", last->osu_ssid2);
2394 wpa_printf(MSG_INFO, "URL: %s", last->url);
2395 write_summary(ctx, "Selected OSU provider id=%d BSSID=%s SSID=%s URL=%s",
2396 ret, last->bssid, last->osu_ssid, last->url);
2397
2398 ctx->friendly_name_count = last->friendly_name_count;
2399 for (j = 0; j < last->friendly_name_count; j++) {
2400 wpa_printf(MSG_INFO, "FRIENDLY_NAME: [%s]%s",
2401 last->friendly_name[j].lang,
2402 last->friendly_name[j].text);
2403 os_strlcpy(ctx->friendly_name[j].lang,
2404 last->friendly_name[j].lang,
2405 sizeof(ctx->friendly_name[j].lang));
2406 os_strlcpy(ctx->friendly_name[j].text,
2407 last->friendly_name[j].text,
2408 sizeof(ctx->friendly_name[j].text));
2409 }
2410
2411 ctx->icon_count = last->icon_count;
2412 for (j = 0; j < last->icon_count; j++) {
2413 char fname[256];
2414
2415 os_snprintf(fname, sizeof(fname), "%s/osu-icon-%d.%s",
2416 dir, last->icon[j].id,
2417 strcasecmp(last->icon[j].mime_type,
2418 "image/png") == 0 ?
2419 "png" : "icon");
2420 wpa_printf(MSG_INFO, "ICON: %s (%s)",
2421 fname, last->icon[j].filename);
2422 os_strlcpy(ctx->icon_filename[j],
2423 last->icon[j].filename,
2424 sizeof(ctx->icon_filename[j]));
2425
2426 data = os_readfile(fname, &data_len);
2427 if (data) {
2428 sha256_vector(1, (const u8 **) &data, &data_len,
2429 ctx->icon_hash[j]);
2430 os_free(data);
2431 }
2432 }
2433
2434 if (connect == 2) {
2435 if (last->methods & 0x02) {
2436 wpa_printf(MSG_DEBUG,
2437 "Calling cmd_prov from cmd_osu_select");
2438 ret = cmd_prov(ctx, last->url);
2439 } else if (last->methods & 0x01) {
2440 wpa_printf(MSG_DEBUG,
2441 "Calling cmd_oma_dm_prov from cmd_osu_select");
2442 ret = cmd_oma_dm_prov(ctx, last->url);
2443 } else {
2444 wpa_printf(MSG_DEBUG,
2445 "No supported OSU provisioning method");
2446 ret = -1;
2447 }
2448 } else if (connect) {
2449 ret = osu_connect(ctx, last->bssid, last->osu_ssid,
2450 last->osu_ssid2,
2451 last->url, last->methods,
2452 no_prod_assoc, last->osu_nai);
2453 }
2454 } else
2455 ret = -1;
2456
2457 free(osu);
2458
2459 return ret;
2460 }
2461
2462
2463 static int cmd_signup(struct hs20_osu_client *ctx, int no_prod_assoc,
2464 const char *friendly_name)
2465 {
2466 char dir[255];
2467 char fname[300], buf[400];
2468 struct wpa_ctrl *mon;
2469 const char *ifname;
2470 int res;
2471
2472 ifname = ctx->ifname;
2473
2474 if (getcwd(dir, sizeof(dir)) == NULL)
2475 return -1;
2476
2477 snprintf(fname, sizeof(fname), "%s/osu-info", dir);
2478 if (mkdir(fname, S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH) < 0 &&
2479 errno != EEXIST) {
2480 wpa_printf(MSG_INFO, "mkdir(%s) failed: %s",
2481 fname, strerror(errno));
2482 return -1;
2483 }
2484
2485 android_update_permission(fname, S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH);
2486
2487 snprintf(buf, sizeof(buf), "SET osu_dir %s", fname);
2488 if (wpa_command(ifname, buf) < 0) {
2489 wpa_printf(MSG_INFO, "Failed to configure osu_dir to wpa_supplicant");
2490 return -1;
2491 }
2492
2493 mon = open_wpa_mon(ifname);
2494 if (mon == NULL)
2495 return -1;
2496
2497 wpa_printf(MSG_INFO, "Starting OSU fetch");
2498 write_summary(ctx, "Starting OSU provider information fetch");
2499 if (wpa_command(ifname, "FETCH_OSU") < 0) {
2500 wpa_printf(MSG_INFO, "Could not start OSU fetch");
2501 wpa_ctrl_detach(mon);
2502 wpa_ctrl_close(mon);
2503 return -1;
2504 }
2505 res = get_wpa_cli_event(mon, "OSU provider fetch completed",
2506 buf, sizeof(buf));
2507
2508 wpa_ctrl_detach(mon);
2509 wpa_ctrl_close(mon);
2510
2511 if (res < 0) {
2512 wpa_printf(MSG_INFO, "OSU fetch did not complete");
2513 write_summary(ctx, "OSU fetch did not complete");
2514 return -1;
2515 }
2516 wpa_printf(MSG_INFO, "OSU provider fetch completed");
2517
2518 return cmd_osu_select(ctx, fname, 1, no_prod_assoc, friendly_name);
2519 }
2520
2521
2522 static int cmd_sub_rem(struct hs20_osu_client *ctx, const char *address,
2523 const char *pps_fname, const char *ca_fname)
2524 {
2525 xml_node_t *pps, *node;
2526 char pps_fname_buf[300];
2527 char ca_fname_buf[200];
2528 char *cred_username = NULL;
2529 char *cred_password = NULL;
2530 char *sub_rem_uri = NULL;
2531 char client_cert_buf[200];
2532 char *client_cert = NULL;
2533 char client_key_buf[200];
2534 char *client_key = NULL;
2535 int spp;
2536
2537 wpa_printf(MSG_INFO, "Subscription remediation requested with Server URL: %s",
2538 address);
2539
2540 if (!pps_fname) {
2541 char buf[256];
2542 wpa_printf(MSG_INFO, "Determining PPS file based on Home SP information");
2543 if (os_strncmp(address, "fqdn=", 5) == 0) {
2544 wpa_printf(MSG_INFO, "Use requested FQDN from command line");
2545 os_snprintf(buf, sizeof(buf), "%s", address + 5);
2546 address = NULL;
2547 } else if (get_wpa_status(ctx->ifname, "provisioning_sp", buf,
2548 sizeof(buf)) < 0) {
2549 wpa_printf(MSG_INFO, "Could not get provisioning Home SP FQDN from wpa_supplicant");
2550 return -1;
2551 }
2552 os_free(ctx->fqdn);
2553 ctx->fqdn = os_strdup(buf);
2554 if (ctx->fqdn == NULL)
2555 return -1;
2556 wpa_printf(MSG_INFO, "Home SP FQDN for current credential: %s",
2557 buf);
2558 os_snprintf(pps_fname_buf, sizeof(pps_fname_buf),
2559 "SP/%s/pps.xml", ctx->fqdn);
2560 pps_fname = pps_fname_buf;
2561
2562 os_snprintf(ca_fname_buf, sizeof(ca_fname_buf), "SP/%s/ca.pem",
2563 ctx->fqdn);
2564 ca_fname = ca_fname_buf;
2565 }
2566
2567 if (!os_file_exists(pps_fname)) {
2568 wpa_printf(MSG_INFO, "PPS file '%s' does not exist or is not accessible",
2569 pps_fname);
2570 return -1;
2571 }
2572 wpa_printf(MSG_INFO, "Using PPS file: %s", pps_fname);
2573
2574 if (ca_fname && !os_file_exists(ca_fname)) {
2575 wpa_printf(MSG_INFO, "CA file '%s' does not exist or is not accessible",
2576 ca_fname);
2577 return -1;
2578 }
2579 wpa_printf(MSG_INFO, "Using server trust root: %s", ca_fname);
2580 ctx->ca_fname = ca_fname;
2581
2582 pps = node_from_file(ctx->xml, pps_fname);
2583 if (pps == NULL) {
2584 wpa_printf(MSG_INFO, "Could not read PPS MO");
2585 return -1;
2586 }
2587
2588 if (!ctx->fqdn) {
2589 char *tmp;
2590 node = get_child_node(ctx->xml, pps, "HomeSP/FQDN");
2591 if (node == NULL) {
2592 wpa_printf(MSG_INFO, "No HomeSP/FQDN found from PPS");
2593 return -1;
2594 }
2595 tmp = xml_node_get_text(ctx->xml, node);
2596 if (tmp == NULL) {
2597 wpa_printf(MSG_INFO, "No HomeSP/FQDN text found from PPS");
2598 return -1;
2599 }
2600 ctx->fqdn = os_strdup(tmp);
2601 xml_node_get_text_free(ctx->xml, tmp);
2602 if (!ctx->fqdn) {
2603 wpa_printf(MSG_INFO, "No FQDN known");
2604 return -1;
2605 }
2606 }
2607
2608 node = get_child_node(ctx->xml, pps,
2609 "SubscriptionUpdate/UpdateMethod");
2610 if (node) {
2611 char *tmp;
2612 tmp = xml_node_get_text(ctx->xml, node);
2613 if (tmp && os_strcasecmp(tmp, "OMA-DM-ClientInitiated") == 0)
2614 spp = 0;
2615 else
2616 spp = 1;
2617 } else {
2618 wpa_printf(MSG_INFO, "No UpdateMethod specified - assume SPP");
2619 spp = 1;
2620 }
2621
2622 get_user_pw(ctx, pps, "SubscriptionUpdate/UsernamePassword",
2623 &cred_username, &cred_password);
2624 if (cred_username)
2625 wpa_printf(MSG_INFO, "Using username: %s", cred_username);
2626 if (cred_password)
2627 wpa_printf(MSG_DEBUG, "Using password: %s", cred_password);
2628
2629 if (cred_username == NULL && cred_password == NULL &&
2630 get_child_node(ctx->xml, pps, "Credential/DigitalCertificate")) {
2631 wpa_printf(MSG_INFO, "Using client certificate");
2632 os_snprintf(client_cert_buf, sizeof(client_cert_buf),
2633 "SP/%s/client-cert.pem", ctx->fqdn);
2634 client_cert = client_cert_buf;
2635 os_snprintf(client_key_buf, sizeof(client_key_buf),
2636 "SP/%s/client-key.pem", ctx->fqdn);
2637 client_key = client_key_buf;
2638 ctx->client_cert_present = 1;
2639 }
2640
2641 node = get_child_node(ctx->xml, pps, "SubscriptionUpdate/URI");
2642 if (node) {
2643 sub_rem_uri = xml_node_get_text(ctx->xml, node);
2644 if (sub_rem_uri &&
2645 (!address || os_strcmp(address, sub_rem_uri) != 0)) {
2646 wpa_printf(MSG_INFO, "Override sub rem URI based on PPS: %s",
2647 sub_rem_uri);
2648 address = sub_rem_uri;
2649 }
2650 }
2651 if (!address) {
2652 wpa_printf(MSG_INFO, "Server URL not known");
2653 return -1;
2654 }
2655
2656 write_summary(ctx, "Wait for IP address for subscriptiom remediation");
2657 wpa_printf(MSG_INFO, "Wait for IP address before starting subscription remediation");
2658
2659 if (wait_ip_addr(ctx->ifname, 15) < 0) {
2660 wpa_printf(MSG_INFO, "Could not get IP address for WLAN - try connection anyway");
2661 }
2662
2663 if (spp)
2664 spp_sub_rem(ctx, address, pps_fname,
2665 client_cert, client_key,
2666 cred_username, cred_password, pps);
2667 else
2668 oma_dm_sub_rem(ctx, address, pps_fname,
2669 client_cert, client_key,
2670 cred_username, cred_password, pps);
2671
2672 xml_node_get_text_free(ctx->xml, sub_rem_uri);
2673 xml_node_get_text_free(ctx->xml, cred_username);
2674 str_clear_free(cred_password);
2675 xml_node_free(ctx->xml, pps);
2676 return 0;
2677 }
2678
2679
2680 static int cmd_pol_upd(struct hs20_osu_client *ctx, const char *address,
2681 const char *pps_fname, const char *ca_fname)
2682 {
2683 xml_node_t *pps;
2684 xml_node_t *node;
2685 char pps_fname_buf[300];
2686 char ca_fname_buf[200];
2687 char *uri = NULL;
2688 char *cred_username = NULL;
2689 char *cred_password = NULL;
2690 char client_cert_buf[200];
2691 char *client_cert = NULL;
2692 char client_key_buf[200];
2693 char *client_key = NULL;
2694 int spp;
2695
2696 wpa_printf(MSG_INFO, "Policy update requested");
2697
2698 if (!pps_fname) {
2699 char buf[256];
2700 wpa_printf(MSG_INFO, "Determining PPS file based on Home SP information");
2701 if (address && os_strncmp(address, "fqdn=", 5) == 0) {
2702 wpa_printf(MSG_INFO, "Use requested FQDN from command line");
2703 os_snprintf(buf, sizeof(buf), "%s", address + 5);
2704 address = NULL;
2705 } else if (get_wpa_status(ctx->ifname, "provisioning_sp", buf,
2706 sizeof(buf)) < 0) {
2707 wpa_printf(MSG_INFO, "Could not get provisioning Home SP FQDN from wpa_supplicant");
2708 return -1;
2709 }
2710 os_free(ctx->fqdn);
2711 ctx->fqdn = os_strdup(buf);
2712 if (ctx->fqdn == NULL)
2713 return -1;
2714 wpa_printf(MSG_INFO, "Home SP FQDN for current credential: %s",
2715 buf);
2716 os_snprintf(pps_fname_buf, sizeof(pps_fname_buf),
2717 "SP/%s/pps.xml", ctx->fqdn);
2718 pps_fname = pps_fname_buf;
2719
2720 os_snprintf(ca_fname_buf, sizeof(ca_fname_buf), "SP/%s/ca.pem",
2721 buf);
2722 ca_fname = ca_fname_buf;
2723 }
2724
2725 if (!os_file_exists(pps_fname)) {
2726 wpa_printf(MSG_INFO, "PPS file '%s' does not exist or is not accessible",
2727 pps_fname);
2728 return -1;
2729 }
2730 wpa_printf(MSG_INFO, "Using PPS file: %s", pps_fname);
2731
2732 if (ca_fname && !os_file_exists(ca_fname)) {
2733 wpa_printf(MSG_INFO, "CA file '%s' does not exist or is not accessible",
2734 ca_fname);
2735 return -1;
2736 }
2737 wpa_printf(MSG_INFO, "Using server trust root: %s", ca_fname);
2738 ctx->ca_fname = ca_fname;
2739
2740 pps = node_from_file(ctx->xml, pps_fname);
2741 if (pps == NULL) {
2742 wpa_printf(MSG_INFO, "Could not read PPS MO");
2743 return -1;
2744 }
2745
2746 if (!ctx->fqdn) {
2747 char *tmp;
2748 node = get_child_node(ctx->xml, pps, "HomeSP/FQDN");
2749 if (node == NULL) {
2750 wpa_printf(MSG_INFO, "No HomeSP/FQDN found from PPS");
2751 return -1;
2752 }
2753 tmp = xml_node_get_text(ctx->xml, node);
2754 if (tmp == NULL) {
2755 wpa_printf(MSG_INFO, "No HomeSP/FQDN text found from PPS");
2756 return -1;
2757 }
2758 ctx->fqdn = os_strdup(tmp);
2759 xml_node_get_text_free(ctx->xml, tmp);
2760 if (!ctx->fqdn) {
2761 wpa_printf(MSG_INFO, "No FQDN known");
2762 return -1;
2763 }
2764 }
2765
2766 node = get_child_node(ctx->xml, pps,
2767 "Policy/PolicyUpdate/UpdateMethod");
2768 if (node) {
2769 char *tmp;
2770 tmp = xml_node_get_text(ctx->xml, node);
2771 if (tmp && os_strcasecmp(tmp, "OMA-DM-ClientInitiated") == 0)
2772 spp = 0;
2773 else
2774 spp = 1;
2775 } else {
2776 wpa_printf(MSG_INFO, "No UpdateMethod specified - assume SPP");
2777 spp = 1;
2778 }
2779
2780 get_user_pw(ctx, pps, "Policy/PolicyUpdate/UsernamePassword",
2781 &cred_username, &cred_password);
2782 if (cred_username)
2783 wpa_printf(MSG_INFO, "Using username: %s", cred_username);
2784 if (cred_password)
2785 wpa_printf(MSG_DEBUG, "Using password: %s", cred_password);
2786
2787 if (cred_username == NULL && cred_password == NULL &&
2788 get_child_node(ctx->xml, pps, "Credential/DigitalCertificate")) {
2789 wpa_printf(MSG_INFO, "Using client certificate");
2790 os_snprintf(client_cert_buf, sizeof(client_cert_buf),
2791 "SP/%s/client-cert.pem", ctx->fqdn);
2792 client_cert = client_cert_buf;
2793 os_snprintf(client_key_buf, sizeof(client_key_buf),
2794 "SP/%s/client-key.pem", ctx->fqdn);
2795 client_key = client_key_buf;
2796 }
2797
2798 if (!address) {
2799 node = get_child_node(ctx->xml, pps, "Policy/PolicyUpdate/URI");
2800 if (node) {
2801 uri = xml_node_get_text(ctx->xml, node);
2802 wpa_printf(MSG_INFO, "URI based on PPS: %s", uri);
2803 address = uri;
2804 }
2805 }
2806 if (!address) {
2807 wpa_printf(MSG_INFO, "Server URL not known");
2808 return -1;
2809 }
2810
2811 if (spp)
2812 spp_pol_upd(ctx, address, pps_fname,
2813 client_cert, client_key,
2814 cred_username, cred_password, pps);
2815 else
2816 oma_dm_pol_upd(ctx, address, pps_fname,
2817 client_cert, client_key,
2818 cred_username, cred_password, pps);
2819
2820 xml_node_get_text_free(ctx->xml, uri);
2821 xml_node_get_text_free(ctx->xml, cred_username);
2822 str_clear_free(cred_password);
2823 xml_node_free(ctx->xml, pps);
2824
2825 return 0;
2826 }
2827
2828
2829 static char * get_hostname(const char *url)
2830 {
2831 const char *pos, *end, *end2;
2832 char *ret;
2833
2834 if (url == NULL)
2835 return NULL;
2836
2837 pos = os_strchr(url, '/');
2838 if (pos == NULL)
2839 return NULL;
2840 pos++;
2841 if (*pos != '/')
2842 return NULL;
2843 pos++;
2844
2845 end = os_strchr(pos, '/');
2846 end2 = os_strchr(pos, ':');
2847 if ((end && end2 && end2 < end) || (!end && end2))
2848 end = end2;
2849 if (end)
2850 end--;
2851 else {
2852 end = pos;
2853 while (*end)
2854 end++;
2855 if (end > pos)
2856 end--;
2857 }
2858
2859 ret = os_malloc(end - pos + 2);
2860 if (ret == NULL)
2861 return NULL;
2862
2863 os_memcpy(ret, pos, end - pos + 1);
2864 ret[end - pos + 1] = '\0';
2865
2866 return ret;
2867 }
2868
2869
2870 static int osu_cert_cb(void *_ctx, struct http_cert *cert)
2871 {
2872 struct hs20_osu_client *ctx = _ctx;
2873 unsigned int i, j;
2874 int found;
2875 char *host = NULL;
2876
2877 wpa_printf(MSG_INFO, "osu_cert_cb(osu_cert_validation=%d, url=%s)",
2878 !ctx->no_osu_cert_validation, ctx->server_url);
2879
2880 host = get_hostname(ctx->server_url);
2881
2882 for (i = 0; i < ctx->server_dnsname_count; i++)
2883 os_free(ctx->server_dnsname[i]);
2884 os_free(ctx->server_dnsname);
2885 ctx->server_dnsname = os_calloc(cert->num_dnsname, sizeof(char *));
2886 ctx->server_dnsname_count = 0;
2887
2888 found = 0;
2889 for (i = 0; i < cert->num_dnsname; i++) {
2890 if (ctx->server_dnsname) {
2891 ctx->server_dnsname[ctx->server_dnsname_count] =
2892 os_strdup(cert->dnsname[i]);
2893 if (ctx->server_dnsname[ctx->server_dnsname_count])
2894 ctx->server_dnsname_count++;
2895 }
2896 if (host && os_strcasecmp(host, cert->dnsname[i]) == 0)
2897 found = 1;
2898 wpa_printf(MSG_INFO, "dNSName '%s'", cert->dnsname[i]);
2899 }
2900
2901 if (host && !found) {
2902 wpa_printf(MSG_INFO, "Server name from URL (%s) did not match any dNSName - abort connection",
2903 host);
2904 write_result(ctx, "Server name from URL (%s) did not match any dNSName - abort connection",
2905 host);
2906 os_free(host);
2907 return -1;
2908 }
2909
2910 os_free(host);
2911
2912 for (i = 0; i < cert->num_othername; i++) {
2913 if (os_strcmp(cert->othername[i].oid,
2914 "1.3.6.1.4.1.40808.1.1.1") == 0) {
2915 wpa_hexdump_ascii(MSG_INFO,
2916 "id-wfa-hotspot-friendlyName",
2917 cert->othername[i].data,
2918 cert->othername[i].len);
2919 }
2920 }
2921
2922 for (j = 0; !ctx->no_osu_cert_validation &&
2923 j < ctx->friendly_name_count; j++) {
2924 int found = 0;
2925 for (i = 0; i < cert->num_othername; i++) {
2926 if (os_strcmp(cert->othername[i].oid,
2927 "1.3.6.1.4.1.40808.1.1.1") != 0)
2928 continue;
2929 if (cert->othername[i].len < 3)
2930 continue;
2931 if (os_strncasecmp((char *) cert->othername[i].data,
2932 ctx->friendly_name[j].lang, 3) != 0)
2933 continue;
2934 if (os_strncmp((char *) cert->othername[i].data + 3,
2935 ctx->friendly_name[j].text,
2936 cert->othername[i].len - 3) == 0) {
2937 found = 1;
2938 break;
2939 }
2940 }
2941
2942 if (!found) {
2943 wpa_printf(MSG_INFO, "No friendly name match found for '[%s]%s'",
2944 ctx->friendly_name[j].lang,
2945 ctx->friendly_name[j].text);
2946 write_result(ctx, "No friendly name match found for '[%s]%s'",
2947 ctx->friendly_name[j].lang,
2948 ctx->friendly_name[j].text);
2949 return -1;
2950 }
2951 }
2952
2953 for (i = 0; i < cert->num_logo; i++) {
2954 struct http_logo *logo = &cert->logo[i];
2955
2956 wpa_printf(MSG_INFO, "logo hash alg %s uri '%s'",
2957 logo->alg_oid, logo->uri);
2958 wpa_hexdump_ascii(MSG_INFO, "hashValue",
2959 logo->hash, logo->hash_len);
2960 }
2961
2962 for (j = 0; !ctx->no_osu_cert_validation && j < ctx->icon_count; j++) {
2963 int found = 0;
2964 char *name = ctx->icon_filename[j];
2965 size_t name_len = os_strlen(name);
2966
2967 wpa_printf(MSG_INFO,
2968 "[%i] Looking for icon file name '%s' match",
2969 j, name);
2970 for (i = 0; i < cert->num_logo; i++) {
2971 struct http_logo *logo = &cert->logo[i];
2972 size_t uri_len = os_strlen(logo->uri);
2973 char *pos;
2974
2975 wpa_printf(MSG_INFO,
2976 "[%i] Comparing to '%s' uri_len=%d name_len=%d",
2977 i, logo->uri, (int) uri_len, (int) name_len);
2978 if (uri_len < 1 + name_len) {
2979 wpa_printf(MSG_INFO, "URI Length is too short");
2980 continue;
2981 }
2982 pos = &logo->uri[uri_len - name_len - 1];
2983 if (*pos != '/')
2984 continue;
2985 pos++;
2986 if (os_strcmp(pos, name) == 0) {
2987 found = 1;
2988 break;
2989 }
2990 }
2991
2992 if (!found) {
2993 wpa_printf(MSG_INFO, "No icon filename match found for '%s'",
2994 name);
2995 write_result(ctx,
2996 "No icon filename match found for '%s'",
2997 name);
2998 return -1;
2999 }
3000 }
3001
3002 for (j = 0; !ctx->no_osu_cert_validation && j < ctx->icon_count; j++) {
3003 int found = 0;
3004
3005 for (i = 0; i < cert->num_logo; i++) {
3006 struct http_logo *logo = &cert->logo[i];
3007
3008 if (logo->hash_len != 32) {
3009 wpa_printf(MSG_INFO,
3010 "[%i][%i] Icon hash length invalid (should be 32): %d",
3011 j, i, (int) logo->hash_len);
3012 continue;
3013 }
3014 if (os_memcmp(logo->hash, ctx->icon_hash[j], 32) == 0) {
3015 found = 1;
3016 break;
3017 }
3018
3019 wpa_printf(MSG_DEBUG,
3020 "[%u][%u] Icon hash did not match", j, i);
3021 wpa_hexdump_ascii(MSG_DEBUG, "logo->hash",
3022 logo->hash, 32);
3023 wpa_hexdump_ascii(MSG_DEBUG, "ctx->icon_hash[j]",
3024 ctx->icon_hash[j], 32);
3025 }
3026
3027 if (!found) {
3028 wpa_printf(MSG_INFO,
3029 "No icon hash match (by hash) found");
3030 write_result(ctx,
3031 "No icon hash match (by hash) found");
3032 return -1;
3033 }
3034 }
3035
3036 return 0;
3037 }
3038
3039
3040 static int init_ctx(struct hs20_osu_client *ctx)
3041 {
3042 xml_node_t *devinfo, *devid;
3043
3044 os_memset(ctx, 0, sizeof(*ctx));
3045 ctx->ifname = "wlan0";
3046 ctx->xml = xml_node_init_ctx(ctx, NULL);
3047 if (ctx->xml == NULL)
3048 return -1;
3049
3050 devinfo = node_from_file(ctx->xml, "devinfo.xml");
3051 if (!devinfo) {
3052 wpa_printf(MSG_ERROR, "devinfo.xml not found");
3053 return -1;
3054 }
3055
3056 devid = get_node(ctx->xml, devinfo, "DevId");
3057 if (devid) {
3058 char *tmp = xml_node_get_text(ctx->xml, devid);
3059 if (tmp) {
3060 ctx->devid = os_strdup(tmp);
3061 xml_node_get_text_free(ctx->xml, tmp);
3062 }
3063 }
3064 xml_node_free(ctx->xml, devinfo);
3065
3066 if (ctx->devid == NULL) {
3067 wpa_printf(MSG_ERROR, "Could not fetch DevId from devinfo.xml");
3068 return -1;
3069 }
3070
3071 ctx->http = http_init_ctx(ctx, ctx->xml);
3072 if (ctx->http == NULL) {
3073 xml_node_deinit_ctx(ctx->xml);
3074 return -1;
3075 }
3076 http_ocsp_set(ctx->http, 2);
3077 http_set_cert_cb(ctx->http, osu_cert_cb, ctx);
3078
3079 return 0;
3080 }
3081
3082
3083 static void deinit_ctx(struct hs20_osu_client *ctx)
3084 {
3085 size_t i;
3086
3087 http_deinit_ctx(ctx->http);
3088 xml_node_deinit_ctx(ctx->xml);
3089 os_free(ctx->fqdn);
3090 os_free(ctx->server_url);
3091 os_free(ctx->devid);
3092
3093 for (i = 0; i < ctx->server_dnsname_count; i++)
3094 os_free(ctx->server_dnsname[i]);
3095 os_free(ctx->server_dnsname);
3096 }
3097
3098
3099 static void check_workarounds(struct hs20_osu_client *ctx)
3100 {
3101 FILE *f;
3102 char buf[100];
3103 unsigned long int val = 0;
3104
3105 f = fopen("hs20-osu-client.workarounds", "r");
3106 if (f == NULL)
3107 return;
3108
3109 if (fgets(buf, sizeof(buf), f))
3110 val = strtoul(buf, NULL, 16);
3111
3112 fclose(f);
3113
3114 if (val) {
3115 wpa_printf(MSG_INFO, "Workarounds enabled: 0x%lx", val);
3116 ctx->workarounds = val;
3117 if (ctx->workarounds & WORKAROUND_OCSP_OPTIONAL)
3118 http_ocsp_set(ctx->http, 1);
3119 }
3120 }
3121
3122
3123 static void usage(void)
3124 {
3125 printf("usage: hs20-osu-client [-dddqqKt] [-S<station ifname>] \\\n"
3126 " [-w<wpa_supplicant ctrl_iface dir>] "
3127 "[-r<result file>] [-f<debug file>] \\\n"
3128 " [-s<summary file>] \\\n"
3129 " [-x<spp.xsd file name>] \\\n"
3130 " <command> [arguments..]\n"
3131 "commands:\n"
3132 "- to_tnds <XML MO> <XML MO in TNDS format> [URN]\n"
3133 "- to_tnds2 <XML MO> <XML MO in TNDS format (Path) "
3134 "[URN]>\n"
3135 "- from_tnds <XML MO in TNDS format> <XML MO>\n"
3136 "- set_pps <PerProviderSubscription XML file name>\n"
3137 "- get_fqdn <PerProviderSubscription XML file name>\n"
3138 "- pol_upd [Server URL] [PPS] [CA cert]\n"
3139 "- sub_rem <Server URL> [PPS] [CA cert]\n"
3140 "- prov <Server URL> [CA cert]\n"
3141 "- oma_dm_prov <Server URL> [CA cert]\n"
3142 "- sim_prov <Server URL> [CA cert]\n"
3143 "- oma_dm_sim_prov <Server URL> [CA cert]\n"
3144 "- signup [CA cert]\n"
3145 "- dl_osu_ca <PPS> <CA file>\n"
3146 "- dl_polupd_ca <PPS> <CA file>\n"
3147 "- dl_aaa_ca <PPS> <CA file>\n"
3148 "- browser <URL>\n"
3149 "- parse_cert <X.509 certificate (DER)>\n"
3150 "- osu_select <OSU info directory> [CA cert]\n");
3151 }
3152
3153
3154 int main(int argc, char *argv[])
3155 {
3156 struct hs20_osu_client ctx;
3157 int c;
3158 int ret = 0;
3159 int no_prod_assoc = 0;
3160 const char *friendly_name = NULL;
3161 const char *wpa_debug_file_path = NULL;
3162 extern char *wpas_ctrl_path;
3163 extern int wpa_debug_level;
3164 extern int wpa_debug_show_keys;
3165 extern int wpa_debug_timestamp;
3166
3167 if (init_ctx(&ctx) < 0)
3168 return -1;
3169
3170 for (;;) {
3171 c = getopt(argc, argv, "df:hKNo:O:qr:s:S:tw:x:");
3172 if (c < 0)
3173 break;
3174 switch (c) {
3175 case 'd':
3176 if (wpa_debug_level > 0)
3177 wpa_debug_level--;
3178 break;
3179 case 'f':
3180 wpa_debug_file_path = optarg;
3181 break;
3182 case 'K':
3183 wpa_debug_show_keys++;
3184 break;
3185 case 'N':
3186 no_prod_assoc = 1;
3187 break;
3188 case 'o':
3189 ctx.osu_ssid = optarg;
3190 break;
3191 case 'O':
3192 friendly_name = optarg;
3193 break;
3194 case 'q':
3195 wpa_debug_level++;
3196 break;
3197 case 'r':
3198 ctx.result_file = optarg;
3199 break;
3200 case 's':
3201 ctx.summary_file = optarg;
3202 break;
3203 case 'S':
3204 ctx.ifname = optarg;
3205 break;
3206 case 't':
3207 wpa_debug_timestamp++;
3208 break;
3209 case 'w':
3210 wpas_ctrl_path = optarg;
3211 break;
3212 case 'x':
3213 spp_xsd_fname = optarg;
3214 break;
3215 case 'h':
3216 default:
3217 usage();
3218 exit(0);
3219 break;
3220 }
3221 }
3222
3223 if (argc - optind < 1) {
3224 usage();
3225 exit(0);
3226 }
3227
3228 wpa_debug_open_file(wpa_debug_file_path);
3229
3230 #ifdef __linux__
3231 setlinebuf(stdout);
3232 #endif /* __linux__ */
3233
3234 if (ctx.result_file)
3235 unlink(ctx.result_file);
3236 wpa_printf(MSG_DEBUG, "===[hs20-osu-client START - command: %s ]======"
3237 "================", argv[optind]);
3238 check_workarounds(&ctx);
3239
3240 if (strcmp(argv[optind], "to_tnds") == 0) {
3241 if (argc - optind < 2) {
3242 usage();
3243 exit(0);
3244 }
3245 cmd_to_tnds(&ctx, argv[optind + 1], argv[optind + 2],
3246 argc > optind + 3 ? argv[optind + 3] : NULL,
3247 0);
3248 } else if (strcmp(argv[optind], "to_tnds2") == 0) {
3249 if (argc - optind < 2) {
3250 usage();
3251 exit(0);
3252 }
3253 cmd_to_tnds(&ctx, argv[optind + 1], argv[optind + 2],
3254 argc > optind + 3 ? argv[optind + 3] : NULL,
3255 1);
3256 } else if (strcmp(argv[optind], "from_tnds") == 0) {
3257 if (argc - optind < 2) {
3258 usage();
3259 exit(0);
3260 }
3261 cmd_from_tnds(&ctx, argv[optind + 1], argv[optind + 2]);
3262 } else if (strcmp(argv[optind], "sub_rem") == 0) {
3263 if (argc - optind < 2) {
3264 usage();
3265 exit(0);
3266 }
3267 ret = cmd_sub_rem(&ctx, argv[optind + 1],
3268 argc > optind + 2 ? argv[optind + 2] : NULL,
3269 argc > optind + 3 ? argv[optind + 3] : NULL);
3270 } else if (strcmp(argv[optind], "pol_upd") == 0) {
3271 ret = cmd_pol_upd(&ctx,
3272 argc > optind + 1 ? argv[optind + 1] : NULL,
3273 argc > optind + 2 ? argv[optind + 2] : NULL,
3274 argc > optind + 3 ? argv[optind + 3] : NULL);
3275 } else if (strcmp(argv[optind], "prov") == 0) {
3276 if (argc - optind < 2) {
3277 usage();
3278 exit(0);
3279 }
3280 ctx.ca_fname = argv[optind + 2];
3281 wpa_printf(MSG_DEBUG, "Calling cmd_prov from main");
3282 cmd_prov(&ctx, argv[optind + 1]);
3283 } else if (strcmp(argv[optind], "sim_prov") == 0) {
3284 if (argc - optind < 2) {
3285 usage();
3286 exit(0);
3287 }
3288 ctx.ca_fname = argv[optind + 2];
3289 cmd_sim_prov(&ctx, argv[optind + 1]);
3290 } else if (strcmp(argv[optind], "dl_osu_ca") == 0) {
3291 if (argc - optind < 2) {
3292 usage();
3293 exit(0);
3294 }
3295 cmd_dl_osu_ca(&ctx, argv[optind + 1], argv[optind + 2]);
3296 } else if (strcmp(argv[optind], "dl_polupd_ca") == 0) {
3297 if (argc - optind < 2) {
3298 usage();
3299 exit(0);
3300 }
3301 cmd_dl_polupd_ca(&ctx, argv[optind + 1], argv[optind + 2]);
3302 } else if (strcmp(argv[optind], "dl_aaa_ca") == 0) {
3303 if (argc - optind < 2) {
3304 usage();
3305 exit(0);
3306 }
3307 cmd_dl_aaa_ca(&ctx, argv[optind + 1], argv[optind + 2]);
3308 } else if (strcmp(argv[optind], "osu_select") == 0) {
3309 if (argc - optind < 2) {
3310 usage();
3311 exit(0);
3312 }
3313 ctx.ca_fname = argc > optind + 2 ? argv[optind + 2] : NULL;
3314 cmd_osu_select(&ctx, argv[optind + 1], 2, 1, NULL);
3315 } else if (strcmp(argv[optind], "signup") == 0) {
3316 ctx.ca_fname = argc > optind + 1 ? argv[optind + 1] : NULL;
3317 ret = cmd_signup(&ctx, no_prod_assoc, friendly_name);
3318 } else if (strcmp(argv[optind], "set_pps") == 0) {
3319 if (argc - optind < 2) {
3320 usage();
3321 exit(0);
3322 }
3323 cmd_set_pps(&ctx, argv[optind + 1]);
3324 } else if (strcmp(argv[optind], "get_fqdn") == 0) {
3325 if (argc - optind < 1) {
3326 usage();
3327 exit(0);
3328 }
3329 ret = cmd_get_fqdn(&ctx, argv[optind + 1]);
3330 } else if (strcmp(argv[optind], "oma_dm_prov") == 0) {
3331 if (argc - optind < 2) {
3332 usage();
3333 exit(0);
3334 }
3335 ctx.ca_fname = argv[optind + 2];
3336 cmd_oma_dm_prov(&ctx, argv[optind + 1]);
3337 } else if (strcmp(argv[optind], "oma_dm_sim_prov") == 0) {
3338 if (argc - optind < 2) {
3339 usage();
3340 exit(0);
3341 }
3342 ctx.ca_fname = argv[optind + 2];
3343 if (cmd_oma_dm_sim_prov(&ctx, argv[optind + 1]) < 0) {
3344 write_summary(&ctx, "Failed to complete OMA DM SIM provisioning");
3345 return -1;
3346 }
3347 } else if (strcmp(argv[optind], "oma_dm_add") == 0) {
3348 if (argc - optind < 2) {
3349 usage();
3350 exit(0);
3351 }
3352 cmd_oma_dm_add(&ctx, argv[optind + 1], argv[optind + 2]);
3353 } else if (strcmp(argv[optind], "oma_dm_replace") == 0) {
3354 if (argc - optind < 2) {
3355 usage();
3356 exit(0);
3357 }
3358 cmd_oma_dm_replace(&ctx, argv[optind + 1], argv[optind + 2]);
3359 } else if (strcmp(argv[optind], "est_csr") == 0) {
3360 if (argc - optind < 2) {
3361 usage();
3362 exit(0);
3363 }
3364 mkdir("Cert", S_IRWXU);
3365 est_build_csr(&ctx, argv[optind + 1]);
3366 } else if (strcmp(argv[optind], "browser") == 0) {
3367 int ret;
3368
3369 if (argc - optind < 2) {
3370 usage();
3371 exit(0);
3372 }
3373
3374 wpa_printf(MSG_INFO, "Launch web browser to URL %s",
3375 argv[optind + 1]);
3376 ret = hs20_web_browser(argv[optind + 1]);
3377 wpa_printf(MSG_INFO, "Web browser result: %d", ret);
3378 } else if (strcmp(argv[optind], "parse_cert") == 0) {
3379 if (argc - optind < 2) {
3380 usage();
3381 exit(0);
3382 }
3383
3384 wpa_debug_level = MSG_MSGDUMP;
3385 http_parse_x509_certificate(ctx.http, argv[optind + 1]);
3386 wpa_debug_level = MSG_INFO;
3387 } else {
3388 wpa_printf(MSG_INFO, "Unknown command '%s'", argv[optind]);
3389 }
3390
3391 deinit_ctx(&ctx);
3392 wpa_printf(MSG_DEBUG,
3393 "===[hs20-osu-client END ]======================");
3394
3395 wpa_debug_close_file();
3396
3397 return ret;
3398 }
Unnamed repository; edit this file 'description' to name the repository.