2 * Hotspot 2.0 OSU client
3 * Copyright (c) 2012-2014, Qualcomm Atheros, Inc.
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
13 #include "private/android_filesystem_config.h"
17 #include "utils/browser.h"
18 #include "utils/base64.h"
19 #include "utils/xml-utils.h"
20 #include "utils/http-utils.h"
21 #include "common/wpa_ctrl.h"
22 #include "common/wpa_helpers.h"
23 #include "eap_common/eap_defs.h"
24 #include "crypto/crypto.h"
25 #include "crypto/sha256.h"
26 #include "osu_client.h"
28 const char *spp_xsd_fname
= "spp.xsd";
31 void write_result(struct hs20_osu_client
*ctx
, const char *fmt
, ...)
38 vsnprintf(buf
, sizeof(buf
), fmt
, ap
);
40 write_summary(ctx
, "%s", buf
);
42 if (!ctx
->result_file
)
45 f
= fopen(ctx
->result_file
, "w");
57 void write_summary(struct hs20_osu_client
*ctx
, const char *fmt
, ...)
62 if (!ctx
->summary_file
)
65 f
= fopen(ctx
->summary_file
, "a");
77 void debug_dump_node(struct hs20_osu_client
*ctx
, const char *title
,
80 char *str
= xml_node_to_str(ctx
->xml
, node
);
81 wpa_printf(MSG_DEBUG
, "[hs20] %s: '%s'", title
, str
);
86 static int valid_fqdn(const char *fqdn
)
90 /* TODO: could make this more complete.. */
91 if (strchr(fqdn
, '.') == 0 || strlen(fqdn
) > 255)
93 for (pos
= fqdn
; *pos
; pos
++) {
94 if (*pos
>= 'a' && *pos
<= 'z')
96 if (*pos
>= 'A' && *pos
<= 'Z')
98 if (*pos
>= '0' && *pos
<= '9')
100 if (*pos
== '-' || *pos
== '.' || *pos
== '_')
108 int osu_get_certificate(struct hs20_osu_client
*ctx
, xml_node_t
*getcert
)
111 char *url
, *user
= NULL
, *pw
= NULL
;
115 proto
= xml_node_get_attr_value(ctx
->xml
, getcert
,
116 "enrollmentProtocol");
119 wpa_printf(MSG_INFO
, "getCertificate - enrollmentProtocol=%s", proto
);
120 write_summary(ctx
, "getCertificate - enrollmentProtocol=%s", proto
);
121 if (os_strcasecmp(proto
, "EST") != 0) {
122 wpa_printf(MSG_INFO
, "Unsupported enrollmentProtocol");
123 xml_node_get_attr_value_free(ctx
->xml
, proto
);
126 xml_node_get_attr_value_free(ctx
->xml
, proto
);
128 node
= get_node(ctx
->xml
, getcert
, "enrollmentServerURI");
130 wpa_printf(MSG_INFO
, "Could not find enrollmentServerURI node");
131 xml_node_get_attr_value_free(ctx
->xml
, proto
);
134 url
= xml_node_get_text(ctx
->xml
, node
);
136 wpa_printf(MSG_INFO
, "Could not get URL text");
139 wpa_printf(MSG_INFO
, "enrollmentServerURI: %s", url
);
140 write_summary(ctx
, "enrollmentServerURI: %s", url
);
142 node
= get_node(ctx
->xml
, getcert
, "estUserID");
143 if (node
== NULL
&& !ctx
->client_cert_present
) {
144 wpa_printf(MSG_INFO
, "Could not find estUserID node");
148 user
= xml_node_get_text(ctx
->xml
, node
);
150 wpa_printf(MSG_INFO
, "Could not get estUserID text");
153 wpa_printf(MSG_INFO
, "estUserID: %s", user
);
154 write_summary(ctx
, "estUserID: %s", user
);
157 node
= get_node(ctx
->xml
, getcert
, "estPassword");
158 if (node
== NULL
&& !ctx
->client_cert_present
) {
159 wpa_printf(MSG_INFO
, "Could not find estPassword node");
163 pw
= xml_node_get_base64_text(ctx
->xml
, node
, NULL
);
165 wpa_printf(MSG_INFO
, "Could not get estPassword text");
168 wpa_printf(MSG_INFO
, "estPassword: %s", pw
);
171 mkdir("Cert", S_IRWXU
);
172 if (est_load_cacerts(ctx
, url
) < 0 ||
173 est_build_csr(ctx
, url
) < 0 ||
174 est_simple_enroll(ctx
, url
, user
, pw
) < 0)
179 xml_node_get_text_free(ctx
->xml
, url
);
180 xml_node_get_text_free(ctx
->xml
, user
);
181 xml_node_get_text_free(ctx
->xml
, pw
);
187 static int process_est_cert(struct hs20_osu_client
*ctx
, xml_node_t
*cert
,
190 u8 digest1
[SHA256_MAC_LEN
], digest2
[SHA256_MAC_LEN
];
192 size_t der_len
, pem_len
;
196 wpa_printf(MSG_INFO
, "PPS for certificate credential - fqdn=%s", fqdn
);
198 fingerprint
= xml_node_get_text(ctx
->xml
, cert
);
199 if (fingerprint
== NULL
)
201 if (hexstr2bin(fingerprint
, digest1
, SHA256_MAC_LEN
) < 0) {
202 wpa_printf(MSG_INFO
, "Invalid SHA256 hash value");
203 write_result(ctx
, "Invalid client certificate SHA256 hash value in PPS");
204 xml_node_get_text_free(ctx
->xml
, fingerprint
);
207 xml_node_get_text_free(ctx
->xml
, fingerprint
);
209 der
= os_readfile("Cert/est_cert.der", &der_len
);
211 wpa_printf(MSG_INFO
, "Could not find client certificate from EST");
212 write_result(ctx
, "Could not find client certificate from EST");
216 if (sha256_vector(1, (const u8
**) &der
, &der_len
, digest2
) < 0) {
222 if (os_memcmp(digest1
, digest2
, sizeof(digest1
)) != 0) {
223 wpa_printf(MSG_INFO
, "Client certificate from EST does not match fingerprint from PPS MO");
224 write_result(ctx
, "Client certificate from EST does not match fingerprint from PPS MO");
228 wpa_printf(MSG_INFO
, "Client certificate from EST matches PPS MO");
229 unlink("Cert/est_cert.der");
231 os_snprintf(buf
, sizeof(buf
), "SP/%s/client-ca.pem", fqdn
);
232 if (rename("Cert/est-cacerts.pem", buf
) < 0) {
233 wpa_printf(MSG_INFO
, "Could not move est-cacerts.pem to client-ca.pem: %s",
237 pem
= os_readfile(buf
, &pem_len
);
239 os_snprintf(buf
, sizeof(buf
), "SP/%s/client-cert.pem", fqdn
);
240 if (rename("Cert/est_cert.pem", buf
) < 0) {
241 wpa_printf(MSG_INFO
, "Could not move est_cert.pem to client-cert.pem: %s",
248 FILE *f
= fopen(buf
, "a");
250 fwrite(pem
, pem_len
, 1, f
);
256 os_snprintf(buf
, sizeof(buf
), "SP/%s/client-key.pem", fqdn
);
257 if (rename("Cert/privkey-plain.pem", buf
) < 0) {
258 wpa_printf(MSG_INFO
, "Could not move privkey-plain.pem to client-key.pem: %s",
263 unlink("Cert/est-req.b64");
264 unlink("Cert/est-req.pem");
265 unlink("Cert/est-resp.raw");
272 #define TMP_CERT_DL_FILE "tmp-cert-download"
274 static int download_cert(struct hs20_osu_client
*ctx
, xml_node_t
*params
,
277 xml_node_t
*url_node
, *hash_node
;
281 u8 digest1
[SHA256_MAC_LEN
], digest2
[SHA256_MAC_LEN
];
286 url_node
= get_node(ctx
->xml
, params
, "CertURL");
287 hash_node
= get_node(ctx
->xml
, params
, "CertSHA256Fingerprint");
288 if (url_node
== NULL
|| hash_node
== NULL
)
290 url
= xml_node_get_text(ctx
->xml
, url_node
);
291 hash
= xml_node_get_text(ctx
->xml
, hash_node
);
292 if (url
== NULL
|| hash
== NULL
) {
293 xml_node_get_text_free(ctx
->xml
, url
);
294 xml_node_get_text_free(ctx
->xml
, hash
);
298 wpa_printf(MSG_INFO
, "CertURL: %s", url
);
299 wpa_printf(MSG_INFO
, "SHA256 hash: %s", hash
);
301 if (hexstr2bin(hash
, digest1
, SHA256_MAC_LEN
) < 0) {
302 wpa_printf(MSG_INFO
, "Invalid SHA256 hash value");
303 write_result(ctx
, "Invalid SHA256 hash value for downloaded certificate");
304 xml_node_get_text_free(ctx
->xml
, hash
);
307 xml_node_get_text_free(ctx
->xml
, hash
);
309 write_summary(ctx
, "Download certificate from %s", url
);
310 ctx
->no_osu_cert_validation
= 1;
311 http_ocsp_set(ctx
->http
, 1);
312 res
= http_download_file(ctx
->http
, url
, TMP_CERT_DL_FILE
, NULL
);
313 http_ocsp_set(ctx
->http
,
314 (ctx
->workarounds
& WORKAROUND_OCSP_OPTIONAL
) ? 1 : 2);
315 ctx
->no_osu_cert_validation
= 0;
316 xml_node_get_text_free(ctx
->xml
, url
);
320 cert
= os_readfile(TMP_CERT_DL_FILE
, &len
);
321 remove(TMP_CERT_DL_FILE
);
325 if (sha256_vector(1, (const u8
**) &cert
, &len
, digest2
) < 0) {
330 if (os_memcmp(digest1
, digest2
, sizeof(digest1
)) != 0) {
331 wpa_printf(MSG_INFO
, "Downloaded certificate fingerprint did not match");
332 write_result(ctx
, "Downloaded certificate fingerprint did not match");
337 b64
= base64_encode((unsigned char *) cert
, len
, NULL
);
342 f
= fopen(fname
, "wb");
348 fprintf(f
, "-----BEGIN CERTIFICATE-----\n"
350 "-----END CERTIFICATE-----\n",
356 wpa_printf(MSG_INFO
, "Downloaded certificate into %s and validated fingerprint",
358 write_summary(ctx
, "Downloaded certificate into %s and validated fingerprint",
365 static int cmd_dl_osu_ca(struct hs20_osu_client
*ctx
, const char *pps_fname
,
366 const char *ca_fname
)
368 xml_node_t
*pps
, *node
;
371 pps
= node_from_file(ctx
->xml
, pps_fname
);
373 wpa_printf(MSG_INFO
, "Could not read or parse '%s'", pps_fname
);
377 node
= get_child_node(ctx
->xml
, pps
,
378 "SubscriptionUpdate/TrustRoot");
380 wpa_printf(MSG_INFO
, "No SubscriptionUpdate/TrustRoot/CertURL found from PPS");
381 xml_node_free(ctx
->xml
, pps
);
385 ret
= download_cert(ctx
, node
, ca_fname
);
386 xml_node_free(ctx
->xml
, pps
);
392 static int cmd_dl_polupd_ca(struct hs20_osu_client
*ctx
, const char *pps_fname
,
393 const char *ca_fname
)
395 xml_node_t
*pps
, *node
;
398 pps
= node_from_file(ctx
->xml
, pps_fname
);
400 wpa_printf(MSG_INFO
, "Could not read or parse '%s'", pps_fname
);
404 node
= get_child_node(ctx
->xml
, pps
,
405 "Policy/PolicyUpdate/TrustRoot");
407 wpa_printf(MSG_INFO
, "No Policy/PolicyUpdate/TrustRoot/CertURL found from PPS");
408 xml_node_free(ctx
->xml
, pps
);
412 ret
= download_cert(ctx
, node
, ca_fname
);
413 xml_node_free(ctx
->xml
, pps
);
419 static int cmd_dl_aaa_ca(struct hs20_osu_client
*ctx
, const char *pps_fname
,
420 const char *ca_fname
)
422 xml_node_t
*pps
, *node
, *aaa
;
425 pps
= node_from_file(ctx
->xml
, pps_fname
);
427 wpa_printf(MSG_INFO
, "Could not read or parse '%s'", pps_fname
);
431 node
= get_child_node(ctx
->xml
, pps
,
432 "AAAServerTrustRoot");
434 wpa_printf(MSG_INFO
, "No AAAServerTrustRoot/CertURL found from PPS");
435 xml_node_free(ctx
->xml
, pps
);
439 aaa
= xml_node_first_child(ctx
->xml
, node
);
441 wpa_printf(MSG_INFO
, "No AAAServerTrustRoot/CertURL found from PPS");
442 xml_node_free(ctx
->xml
, pps
);
446 ret
= download_cert(ctx
, aaa
, ca_fname
);
447 xml_node_free(ctx
->xml
, pps
);
453 static int download_trust_roots(struct hs20_osu_client
*ctx
,
454 const char *pps_fname
)
460 dir
= os_strdup(pps_fname
);
463 pos
= os_strrchr(dir
, '/');
470 snprintf(fname
, sizeof(fname
), "%s/ca.pem", dir
);
471 ret
= cmd_dl_osu_ca(ctx
, pps_fname
, fname
);
472 snprintf(fname
, sizeof(fname
), "%s/polupd-ca.pem", dir
);
473 cmd_dl_polupd_ca(ctx
, pps_fname
, fname
);
474 snprintf(fname
, sizeof(fname
), "%s/aaa-ca.pem", dir
);
475 cmd_dl_aaa_ca(ctx
, pps_fname
, fname
);
483 static int server_dnsname_suffix_match(struct hs20_osu_client
*ctx
,
486 size_t match_len
, len
, i
;
489 match_len
= os_strlen(fqdn
);
491 for (i
= 0; i
< ctx
->server_dnsname_count
; i
++) {
493 "Checking suffix match against server dNSName %s",
494 ctx
->server_dnsname
[i
]);
495 val
= ctx
->server_dnsname
[i
];
496 len
= os_strlen(val
);
501 if (os_strncasecmp(val
+ len
- match_len
, fqdn
, match_len
) != 0)
502 continue; /* no match */
504 if (match_len
== len
)
505 return 1; /* exact match */
507 if (val
[len
- match_len
- 1] == '.')
508 return 1; /* full label match completes suffix match */
510 /* Reject due to incomplete label match */
513 /* None of the dNSName(s) matched */
518 int hs20_add_pps_mo(struct hs20_osu_client
*ctx
, const char *uri
,
519 xml_node_t
*add_mo
, char *fname
, size_t fname_len
)
523 xml_node_t
*tnds
, *mo
, *cert
;
527 if (strncmp(uri
, "./Wi-Fi/", 8) != 0) {
528 wpa_printf(MSG_INFO
, "Unsupported location for addMO to add PPS MO: '%s'",
530 write_result(ctx
, "Unsupported location for addMO to add PPS MO: '%s'",
535 fqdn
= strdup(uri
+ 8);
538 pos
= strchr(fqdn
, '/');
540 if (os_strcasecmp(pos
, "/PerProviderSubscription") != 0) {
541 wpa_printf(MSG_INFO
, "Unsupported location for addMO to add PPS MO (extra directory): '%s'",
543 write_result(ctx
, "Unsupported location for addMO to "
544 "add PPS MO (extra directory): '%s'", uri
);
548 *pos
= '\0'; /* remove trailing slash and PPS node name */
550 wpa_printf(MSG_INFO
, "SP FQDN: %s", fqdn
);
552 if (!server_dnsname_suffix_match(ctx
, fqdn
)) {
554 "FQDN '%s' for new PPS MO did not have suffix match with server's dNSName values, count: %d",
555 fqdn
, (int) ctx
->server_dnsname_count
);
556 write_result(ctx
, "FQDN '%s' for new PPS MO did not have suffix match with server's dNSName values",
562 if (!valid_fqdn(fqdn
)) {
563 wpa_printf(MSG_INFO
, "Invalid FQDN '%s'", fqdn
);
564 write_result(ctx
, "Invalid FQDN '%s'", fqdn
);
569 mkdir("SP", S_IRWXU
);
570 snprintf(fname
, fname_len
, "SP/%s", fqdn
);
571 if (mkdir(fname
, S_IRWXU
) < 0) {
572 if (errno
!= EEXIST
) {
574 wpa_printf(MSG_INFO
, "mkdir(%s) failed: %s",
575 fname
, strerror(err
));
582 /* Allow processes running with Group ID as AID_WIFI,
583 * to read files from SP/<fqdn> directory */
584 if (chown(fname
, -1, AID_WIFI
)) {
585 wpa_printf(MSG_INFO
, "CTRL: Could not chown directory: %s",
587 /* Try to continue anyway */
589 if (chmod(fname
, S_IRWXU
| S_IRGRP
| S_IXGRP
) < 0) {
590 wpa_printf(MSG_INFO
, "CTRL: Could not chmod directory: %s",
592 /* Try to continue anyway */
596 snprintf(fname
, fname_len
, "SP/%s/pps.xml", fqdn
);
598 if (os_file_exists(fname
)) {
599 wpa_printf(MSG_INFO
, "PPS file '%s' exists - reject addMO",
601 write_result(ctx
, "PPS file '%s' exists - reject addMO",
606 wpa_printf(MSG_INFO
, "Using PPS file: %s", fname
);
608 str
= xml_node_get_text(ctx
->xml
, add_mo
);
610 wpa_printf(MSG_INFO
, "Could not extract MO text");
614 wpa_printf(MSG_DEBUG
, "[hs20] addMO text: '%s'", str
);
616 tnds
= xml_node_from_buf(ctx
->xml
, str
);
617 xml_node_get_text_free(ctx
->xml
, str
);
619 wpa_printf(MSG_INFO
, "[hs20] Could not parse addMO text");
624 mo
= tnds_to_mo(ctx
->xml
, tnds
);
626 wpa_printf(MSG_INFO
, "[hs20] Could not parse addMO TNDS text");
631 debug_dump_node(ctx
, "Parsed TNDS", mo
);
633 name
= xml_node_get_localname(ctx
->xml
, mo
);
634 if (os_strcasecmp(name
, "PerProviderSubscription") != 0) {
635 wpa_printf(MSG_INFO
, "[hs20] Unexpected PPS MO root node name '%s'",
641 cert
= get_child_node(ctx
->xml
, mo
,
642 "Credential/DigitalCertificate/"
643 "CertSHA256Fingerprint");
644 if (cert
&& process_est_cert(ctx
, cert
, fqdn
) < 0) {
645 xml_node_free(ctx
->xml
, mo
);
651 if (node_to_file(ctx
->xml
, fname
, mo
) < 0) {
652 wpa_printf(MSG_INFO
, "Could not write MO to file");
653 xml_node_free(ctx
->xml
, mo
);
656 xml_node_free(ctx
->xml
, mo
);
658 wpa_printf(MSG_INFO
, "A new PPS MO added as '%s'", fname
);
659 write_summary(ctx
, "A new PPS MO added as '%s'", fname
);
661 ret
= download_trust_roots(ctx
, fname
);
663 wpa_printf(MSG_INFO
, "Remove invalid PPS MO file");
664 write_summary(ctx
, "Remove invalid PPS MO file");
672 int update_pps_file(struct hs20_osu_client
*ctx
, const char *pps_fname
,
679 if (ctx
->client_cert_present
) {
681 cert
= get_child_node(ctx
->xml
, pps
,
682 "Credential/DigitalCertificate/"
683 "CertSHA256Fingerprint");
684 if (cert
&& os_file_exists("Cert/est_cert.der") &&
685 process_est_cert(ctx
, cert
, ctx
->fqdn
) < 0) {
686 wpa_printf(MSG_INFO
, "EST certificate update processing failed on PPS MO update");
691 wpa_printf(MSG_INFO
, "Updating PPS MO %s", pps_fname
);
693 str
= xml_node_to_str(ctx
->xml
, pps
);
695 wpa_printf(MSG_ERROR
, "No node found");
698 wpa_printf(MSG_MSGDUMP
, "[hs20] Updated PPS: '%s'", str
);
700 snprintf(backup
, sizeof(backup
), "%s.bak", pps_fname
);
701 rename(pps_fname
, backup
);
702 f
= fopen(pps_fname
, "w");
704 wpa_printf(MSG_INFO
, "Could not write PPS");
705 rename(backup
, pps_fname
);
709 fprintf(f
, "%s\n", str
);
718 void get_user_pw(struct hs20_osu_client
*ctx
, xml_node_t
*pps
,
719 const char *alt_loc
, char **user
, char **pw
)
723 node
= get_child_node(ctx
->xml
, pps
,
724 "Credential/UsernamePassword/Username");
726 *user
= xml_node_get_text(ctx
->xml
, node
);
728 node
= get_child_node(ctx
->xml
, pps
,
729 "Credential/UsernamePassword/Password");
731 *pw
= xml_node_get_base64_text(ctx
->xml
, node
, NULL
);
733 node
= get_child_node(ctx
->xml
, pps
, alt_loc
);
736 a
= get_node(ctx
->xml
, node
, "Username");
738 xml_node_get_text_free(ctx
->xml
, *user
);
739 *user
= xml_node_get_text(ctx
->xml
, a
);
740 wpa_printf(MSG_INFO
, "Use OSU username '%s'", *user
);
743 a
= get_node(ctx
->xml
, node
, "Password");
746 *pw
= xml_node_get_base64_text(ctx
->xml
, a
, NULL
);
747 wpa_printf(MSG_INFO
, "Use OSU password");
753 /* Remove old credentials based on HomeSP/FQDN */
754 static void remove_sp_creds(struct hs20_osu_client
*ctx
, const char *fqdn
)
757 os_snprintf(cmd
, sizeof(cmd
), "REMOVE_CRED provisioning_sp=%s", fqdn
);
758 if (wpa_command(ctx
->ifname
, cmd
) < 0)
759 wpa_printf(MSG_INFO
, "Failed to remove old credential(s)");
763 static void set_pps_cred_policy_spe(struct hs20_osu_client
*ctx
, int id
,
769 ssid
= get_node(ctx
->xml
, spe
, "SSID");
772 txt
= xml_node_get_text(ctx
->xml
, ssid
);
775 wpa_printf(MSG_DEBUG
, "- Policy/SPExclusionList/<X+>/SSID = %s", txt
);
776 if (set_cred_quoted(ctx
->ifname
, id
, "excluded_ssid", txt
) < 0)
777 wpa_printf(MSG_INFO
, "Failed to set cred excluded_ssid");
778 xml_node_get_text_free(ctx
->xml
, txt
);
782 static void set_pps_cred_policy_spel(struct hs20_osu_client
*ctx
, int id
,
787 xml_node_for_each_child(ctx
->xml
, child
, spel
) {
788 xml_node_for_each_check(ctx
->xml
, child
);
789 set_pps_cred_policy_spe(ctx
, id
, child
);
794 static void set_pps_cred_policy_prp(struct hs20_osu_client
*ctx
, int id
,
798 char *txt
= NULL
, *pos
;
799 char *prio
, *country_buf
= NULL
;
804 node
= get_node(ctx
->xml
, prp
, "Priority");
807 prio
= xml_node_get_text(ctx
->xml
, node
);
810 wpa_printf(MSG_INFO
, "- Policy/PreferredRoamingPartnerList/<X+>/Priority = %s",
812 priority
= atoi(prio
);
813 xml_node_get_text_free(ctx
->xml
, prio
);
815 node
= get_node(ctx
->xml
, prp
, "Country");
817 country_buf
= xml_node_get_text(ctx
->xml
, node
);
818 if (country_buf
== NULL
)
820 country
= country_buf
;
821 wpa_printf(MSG_INFO
, "- Policy/PreferredRoamingPartnerList/<X+>/Country = %s",
827 node
= get_node(ctx
->xml
, prp
, "FQDN_Match");
830 txt
= xml_node_get_text(ctx
->xml
, node
);
833 wpa_printf(MSG_INFO
, "- Policy/PreferredRoamingPartnerList/<X+>/FQDN_Match = %s",
835 pos
= strrchr(txt
, ',');
840 snprintf(val
, sizeof(val
), "%s,%d,%d,%s", txt
,
841 strcmp(pos
, "includeSubdomains") != 0, priority
, country
);
842 if (set_cred_quoted(ctx
->ifname
, id
, "roaming_partner", val
) < 0)
843 wpa_printf(MSG_INFO
, "Failed to set cred roaming_partner");
845 xml_node_get_text_free(ctx
->xml
, country_buf
);
846 xml_node_get_text_free(ctx
->xml
, txt
);
850 static void set_pps_cred_policy_prpl(struct hs20_osu_client
*ctx
, int id
,
855 xml_node_for_each_child(ctx
->xml
, child
, prpl
) {
856 xml_node_for_each_check(ctx
->xml
, child
);
857 set_pps_cred_policy_prp(ctx
, id
, child
);
862 static void set_pps_cred_policy_min_backhaul(struct hs20_osu_client
*ctx
, int id
,
863 xml_node_t
*min_backhaul
)
866 char *type
, *dl
= NULL
, *ul
= NULL
;
869 node
= get_node(ctx
->xml
, min_backhaul
, "NetworkType");
871 wpa_printf(MSG_INFO
, "Ignore MinBackhaulThreshold without mandatory NetworkType node");
875 type
= xml_node_get_text(ctx
->xml
, node
);
878 wpa_printf(MSG_INFO
, "- Policy/MinBackhaulThreshold/<X+>/NetworkType = %s",
880 if (os_strcasecmp(type
, "home") == 0)
882 else if (os_strcasecmp(type
, "roaming") == 0)
885 wpa_printf(MSG_INFO
, "Ignore MinBackhaulThreshold with invalid NetworkType");
886 xml_node_get_text_free(ctx
->xml
, type
);
889 xml_node_get_text_free(ctx
->xml
, type
);
891 node
= get_node(ctx
->xml
, min_backhaul
, "DLBandwidth");
893 dl
= xml_node_get_text(ctx
->xml
, node
);
895 node
= get_node(ctx
->xml
, min_backhaul
, "ULBandwidth");
897 ul
= xml_node_get_text(ctx
->xml
, node
);
899 if (dl
== NULL
&& ul
== NULL
) {
900 wpa_printf(MSG_INFO
, "Ignore MinBackhaulThreshold without either DLBandwidth or ULBandwidth nodes");
905 wpa_printf(MSG_INFO
, "- Policy/MinBackhaulThreshold/<X+>/DLBandwidth = %s",
908 wpa_printf(MSG_INFO
, "- Policy/MinBackhaulThreshold/<X+>/ULBandwidth = %s",
913 set_cred(ctx
->ifname
, id
, "min_dl_bandwidth_home", dl
) < 0)
914 wpa_printf(MSG_INFO
, "Failed to set cred bandwidth limit");
916 set_cred(ctx
->ifname
, id
, "min_ul_bandwidth_home", ul
) < 0)
917 wpa_printf(MSG_INFO
, "Failed to set cred bandwidth limit");
920 set_cred(ctx
->ifname
, id
, "min_dl_bandwidth_roaming", dl
) <
922 wpa_printf(MSG_INFO
, "Failed to set cred bandwidth limit");
924 set_cred(ctx
->ifname
, id
, "min_ul_bandwidth_roaming", ul
) <
926 wpa_printf(MSG_INFO
, "Failed to set cred bandwidth limit");
929 xml_node_get_text_free(ctx
->xml
, dl
);
930 xml_node_get_text_free(ctx
->xml
, ul
);
934 static void set_pps_cred_policy_min_backhaul_list(struct hs20_osu_client
*ctx
,
935 int id
, xml_node_t
*node
)
939 wpa_printf(MSG_INFO
, "- Policy/MinBackhaulThreshold");
941 xml_node_for_each_child(ctx
->xml
, child
, node
) {
942 xml_node_for_each_check(ctx
->xml
, child
);
943 set_pps_cred_policy_min_backhaul(ctx
, id
, child
);
948 static void set_pps_cred_policy_update(struct hs20_osu_client
*ctx
, int id
,
951 wpa_printf(MSG_INFO
, "- Policy/PolicyUpdate");
952 /* Not used in wpa_supplicant */
956 static void set_pps_cred_policy_required_proto_port(struct hs20_osu_client
*ctx
,
957 int id
, xml_node_t
*tuple
)
964 node
= get_node(ctx
->xml
, tuple
, "IPProtocol");
966 wpa_printf(MSG_INFO
, "Ignore RequiredProtoPortTuple without mandatory IPProtocol node");
970 proto
= xml_node_get_text(ctx
->xml
, node
);
974 wpa_printf(MSG_INFO
, "- Policy/RequiredProtoPortTuple/<X+>/IPProtocol = %s",
977 node
= get_node(ctx
->xml
, tuple
, "PortNumber");
978 port
= node
? xml_node_get_text(ctx
->xml
, node
) : NULL
;
980 wpa_printf(MSG_INFO
, "- Policy/RequiredProtoPortTuple/<X+>/PortNumber = %s",
982 buflen
= os_strlen(proto
) + os_strlen(port
) + 10;
983 buf
= os_malloc(buflen
);
985 os_snprintf(buf
, buflen
, "%s:%s", proto
, port
);
986 xml_node_get_text_free(ctx
->xml
, port
);
988 buflen
= os_strlen(proto
) + 10;
989 buf
= os_malloc(buflen
);
991 os_snprintf(buf
, buflen
, "%s", proto
);
994 xml_node_get_text_free(ctx
->xml
, proto
);
999 if (set_cred(ctx
->ifname
, id
, "req_conn_capab", buf
) < 0)
1000 wpa_printf(MSG_INFO
, "Could not set req_conn_capab");
1006 static void set_pps_cred_policy_required_proto_ports(struct hs20_osu_client
*ctx
,
1007 int id
, xml_node_t
*node
)
1011 wpa_printf(MSG_INFO
, "- Policy/RequiredProtoPortTuple");
1013 xml_node_for_each_child(ctx
->xml
, child
, node
) {
1014 xml_node_for_each_check(ctx
->xml
, child
);
1015 set_pps_cred_policy_required_proto_port(ctx
, id
, child
);
1020 static void set_pps_cred_policy_max_bss_load(struct hs20_osu_client
*ctx
, int id
,
1023 char *str
= xml_node_get_text(ctx
->xml
, node
);
1026 wpa_printf(MSG_INFO
, "- Policy/MaximumBSSLoadValue - %s", str
);
1027 if (set_cred(ctx
->ifname
, id
, "max_bss_load", str
) < 0)
1028 wpa_printf(MSG_INFO
, "Failed to set cred max_bss_load limit");
1029 xml_node_get_text_free(ctx
->xml
, str
);
1033 static void set_pps_cred_policy(struct hs20_osu_client
*ctx
, int id
,
1039 wpa_printf(MSG_INFO
, "- Policy");
1041 xml_node_for_each_child(ctx
->xml
, child
, node
) {
1042 xml_node_for_each_check(ctx
->xml
, child
);
1043 name
= xml_node_get_localname(ctx
->xml
, child
);
1044 if (os_strcasecmp(name
, "PreferredRoamingPartnerList") == 0)
1045 set_pps_cred_policy_prpl(ctx
, id
, child
);
1046 else if (os_strcasecmp(name
, "MinBackhaulThreshold") == 0)
1047 set_pps_cred_policy_min_backhaul_list(ctx
, id
, child
);
1048 else if (os_strcasecmp(name
, "PolicyUpdate") == 0)
1049 set_pps_cred_policy_update(ctx
, id
, child
);
1050 else if (os_strcasecmp(name
, "SPExclusionList") == 0)
1051 set_pps_cred_policy_spel(ctx
, id
, child
);
1052 else if (os_strcasecmp(name
, "RequiredProtoPortTuple") == 0)
1053 set_pps_cred_policy_required_proto_ports(ctx
, id
, child
);
1054 else if (os_strcasecmp(name
, "MaximumBSSLoadValue") == 0)
1055 set_pps_cred_policy_max_bss_load(ctx
, id
, child
);
1057 wpa_printf(MSG_INFO
, "Unknown Policy node '%s'", name
);
1062 static void set_pps_cred_priority(struct hs20_osu_client
*ctx
, int id
,
1065 char *str
= xml_node_get_text(ctx
->xml
, node
);
1068 wpa_printf(MSG_INFO
, "- CredentialPriority = %s", str
);
1069 if (set_cred(ctx
->ifname
, id
, "sp_priority", str
) < 0)
1070 wpa_printf(MSG_INFO
, "Failed to set cred sp_priority");
1071 xml_node_get_text_free(ctx
->xml
, str
);
1075 static void set_pps_cred_aaa_server_trust_root(struct hs20_osu_client
*ctx
,
1076 int id
, xml_node_t
*node
)
1078 wpa_printf(MSG_INFO
, "- AAAServerTrustRoot - TODO");
1082 static void set_pps_cred_sub_update(struct hs20_osu_client
*ctx
, int id
,
1085 wpa_printf(MSG_INFO
, "- SubscriptionUpdate");
1086 /* not used within wpa_supplicant */
1090 static void set_pps_cred_home_sp_network_id(struct hs20_osu_client
*ctx
,
1091 int id
, xml_node_t
*node
)
1093 xml_node_t
*ssid_node
, *hessid_node
;
1094 char *ssid
, *hessid
;
1096 ssid_node
= get_node(ctx
->xml
, node
, "SSID");
1097 if (ssid_node
== NULL
) {
1098 wpa_printf(MSG_INFO
, "Ignore HomeSP/NetworkID without mandatory SSID node");
1102 hessid_node
= get_node(ctx
->xml
, node
, "HESSID");
1104 ssid
= xml_node_get_text(ctx
->xml
, ssid_node
);
1107 hessid
= hessid_node
? xml_node_get_text(ctx
->xml
, hessid_node
) : NULL
;
1109 wpa_printf(MSG_INFO
, "- HomeSP/NetworkID/<X+>/SSID = %s", ssid
);
1111 wpa_printf(MSG_INFO
, "- HomeSP/NetworkID/<X+>/HESSID = %s",
1114 /* TODO: Configure to wpa_supplicant */
1116 xml_node_get_text_free(ctx
->xml
, ssid
);
1117 xml_node_get_text_free(ctx
->xml
, hessid
);
1121 static void set_pps_cred_home_sp_network_ids(struct hs20_osu_client
*ctx
,
1122 int id
, xml_node_t
*node
)
1126 wpa_printf(MSG_INFO
, "- HomeSP/NetworkID");
1128 xml_node_for_each_child(ctx
->xml
, child
, node
) {
1129 xml_node_for_each_check(ctx
->xml
, child
);
1130 set_pps_cred_home_sp_network_id(ctx
, id
, child
);
1135 static void set_pps_cred_home_sp_friendly_name(struct hs20_osu_client
*ctx
,
1136 int id
, xml_node_t
*node
)
1138 char *str
= xml_node_get_text(ctx
->xml
, node
);
1141 wpa_printf(MSG_INFO
, "- HomeSP/FriendlyName = %s", str
);
1142 /* not used within wpa_supplicant(?) */
1143 xml_node_get_text_free(ctx
->xml
, str
);
1147 static void set_pps_cred_home_sp_icon_url(struct hs20_osu_client
*ctx
,
1148 int id
, xml_node_t
*node
)
1150 char *str
= xml_node_get_text(ctx
->xml
, node
);
1153 wpa_printf(MSG_INFO
, "- HomeSP/IconURL = %s", str
);
1154 /* not used within wpa_supplicant */
1155 xml_node_get_text_free(ctx
->xml
, str
);
1159 static void set_pps_cred_home_sp_fqdn(struct hs20_osu_client
*ctx
, int id
,
1162 char *str
= xml_node_get_text(ctx
->xml
, node
);
1165 wpa_printf(MSG_INFO
, "- HomeSP/FQDN = %s", str
);
1166 if (set_cred_quoted(ctx
->ifname
, id
, "domain", str
) < 0)
1167 wpa_printf(MSG_INFO
, "Failed to set cred domain");
1168 if (set_cred_quoted(ctx
->ifname
, id
, "domain_suffix_match", str
) < 0)
1169 wpa_printf(MSG_INFO
, "Failed to set cred domain_suffix_match");
1170 xml_node_get_text_free(ctx
->xml
, str
);
1174 static void set_pps_cred_home_sp_oi(struct hs20_osu_client
*ctx
, int id
,
1179 char *homeoi
= NULL
;
1183 xml_node_for_each_child(ctx
->xml
, child
, node
) {
1184 xml_node_for_each_check(ctx
->xml
, child
);
1185 name
= xml_node_get_localname(ctx
->xml
, child
);
1186 if (strcasecmp(name
, "HomeOI") == 0 && !homeoi
) {
1187 homeoi
= xml_node_get_text(ctx
->xml
, child
);
1188 wpa_printf(MSG_INFO
, "- HomeSP/HomeOIList/<X+>/HomeOI = %s",
1190 } else if (strcasecmp(name
, "HomeOIRequired") == 0) {
1191 str
= xml_node_get_text(ctx
->xml
, child
);
1192 wpa_printf(MSG_INFO
, "- HomeSP/HomeOIList/<X+>/HomeOIRequired = '%s'",
1196 required
= strcasecmp(str
, "true") == 0;
1197 xml_node_get_text_free(ctx
->xml
, str
);
1199 wpa_printf(MSG_INFO
, "Unknown HomeOIList node '%s'",
1203 if (homeoi
== NULL
) {
1204 wpa_printf(MSG_INFO
, "- HomeSP/HomeOIList/<X+> without HomeOI ignored");
1208 wpa_printf(MSG_INFO
, "- HomeSP/HomeOIList/<X+> '%s' required=%d",
1212 if (set_cred(ctx
->ifname
, id
, "required_roaming_consortium",
1214 wpa_printf(MSG_INFO
, "Failed to set cred required_roaming_consortium");
1216 if (set_cred_quoted(ctx
->ifname
, id
, "roaming_consortium",
1218 wpa_printf(MSG_INFO
, "Failed to set cred roaming_consortium");
1221 xml_node_get_text_free(ctx
->xml
, homeoi
);
1225 static void set_pps_cred_home_sp_oi_list(struct hs20_osu_client
*ctx
, int id
,
1230 wpa_printf(MSG_INFO
, "- HomeSP/HomeOIList");
1232 xml_node_for_each_child(ctx
->xml
, child
, node
) {
1233 xml_node_for_each_check(ctx
->xml
, child
);
1234 set_pps_cred_home_sp_oi(ctx
, id
, child
);
1239 static void set_pps_cred_home_sp_other_partner(struct hs20_osu_client
*ctx
,
1240 int id
, xml_node_t
*node
)
1246 xml_node_for_each_child(ctx
->xml
, child
, node
) {
1247 xml_node_for_each_check(ctx
->xml
, child
);
1248 name
= xml_node_get_localname(ctx
->xml
, child
);
1249 if (os_strcasecmp(name
, "FQDN") == 0 && !fqdn
) {
1250 fqdn
= xml_node_get_text(ctx
->xml
, child
);
1251 wpa_printf(MSG_INFO
, "- HomeSP/OtherHomePartners/<X+>/FQDN = %s",
1254 wpa_printf(MSG_INFO
, "Unknown OtherHomePartners node '%s'",
1259 wpa_printf(MSG_INFO
, "- HomeSP/OtherHomePartners/<X+> without FQDN ignored");
1263 if (set_cred_quoted(ctx
->ifname
, id
, "domain", fqdn
) < 0)
1264 wpa_printf(MSG_INFO
, "Failed to set cred domain for OtherHomePartners node");
1266 xml_node_get_text_free(ctx
->xml
, fqdn
);
1270 static void set_pps_cred_home_sp_other_partners(struct hs20_osu_client
*ctx
,
1276 wpa_printf(MSG_INFO
, "- HomeSP/OtherHomePartners");
1278 xml_node_for_each_child(ctx
->xml
, child
, node
) {
1279 xml_node_for_each_check(ctx
->xml
, child
);
1280 set_pps_cred_home_sp_other_partner(ctx
, id
, child
);
1285 static void set_pps_cred_home_sp_roaming_consortium_oi(
1286 struct hs20_osu_client
*ctx
, int id
, xml_node_t
*node
)
1288 char *str
= xml_node_get_text(ctx
->xml
, node
);
1291 wpa_printf(MSG_INFO
, "- HomeSP/RoamingConsortiumOI = %s", str
);
1292 /* TODO: Set to wpa_supplicant */
1293 xml_node_get_text_free(ctx
->xml
, str
);
1297 static void set_pps_cred_home_sp(struct hs20_osu_client
*ctx
, int id
,
1303 wpa_printf(MSG_INFO
, "- HomeSP");
1305 xml_node_for_each_child(ctx
->xml
, child
, node
) {
1306 xml_node_for_each_check(ctx
->xml
, child
);
1307 name
= xml_node_get_localname(ctx
->xml
, child
);
1308 if (os_strcasecmp(name
, "NetworkID") == 0)
1309 set_pps_cred_home_sp_network_ids(ctx
, id
, child
);
1310 else if (os_strcasecmp(name
, "FriendlyName") == 0)
1311 set_pps_cred_home_sp_friendly_name(ctx
, id
, child
);
1312 else if (os_strcasecmp(name
, "IconURL") == 0)
1313 set_pps_cred_home_sp_icon_url(ctx
, id
, child
);
1314 else if (os_strcasecmp(name
, "FQDN") == 0)
1315 set_pps_cred_home_sp_fqdn(ctx
, id
, child
);
1316 else if (os_strcasecmp(name
, "HomeOIList") == 0)
1317 set_pps_cred_home_sp_oi_list(ctx
, id
, child
);
1318 else if (os_strcasecmp(name
, "OtherHomePartners") == 0)
1319 set_pps_cred_home_sp_other_partners(ctx
, id
, child
);
1320 else if (os_strcasecmp(name
, "RoamingConsortiumOI") == 0)
1321 set_pps_cred_home_sp_roaming_consortium_oi(ctx
, id
,
1324 wpa_printf(MSG_INFO
, "Unknown HomeSP node '%s'", name
);
1329 static void set_pps_cred_sub_params(struct hs20_osu_client
*ctx
, int id
,
1332 wpa_printf(MSG_INFO
, "- SubscriptionParameters");
1333 /* not used within wpa_supplicant */
1337 static void set_pps_cred_creation_date(struct hs20_osu_client
*ctx
, int id
,
1340 char *str
= xml_node_get_text(ctx
->xml
, node
);
1343 wpa_printf(MSG_INFO
, "- Credential/CreationDate = %s", str
);
1344 /* not used within wpa_supplicant */
1345 xml_node_get_text_free(ctx
->xml
, str
);
1349 static void set_pps_cred_expiration_date(struct hs20_osu_client
*ctx
, int id
,
1352 char *str
= xml_node_get_text(ctx
->xml
, node
);
1355 wpa_printf(MSG_INFO
, "- Credential/ExpirationDate = %s", str
);
1356 /* not used within wpa_supplicant */
1357 xml_node_get_text_free(ctx
->xml
, str
);
1361 static void set_pps_cred_username(struct hs20_osu_client
*ctx
, int id
,
1364 char *str
= xml_node_get_text(ctx
->xml
, node
);
1367 wpa_printf(MSG_INFO
, "- Credential/UsernamePassword/Username = %s",
1369 if (set_cred_quoted(ctx
->ifname
, id
, "username", str
) < 0)
1370 wpa_printf(MSG_INFO
, "Failed to set cred username");
1371 xml_node_get_text_free(ctx
->xml
, str
);
1375 static void set_pps_cred_password(struct hs20_osu_client
*ctx
, int id
,
1379 char *pw
, *hex
, *pos
, *end
;
1381 pw
= xml_node_get_base64_text(ctx
->xml
, node
, &len
);
1385 wpa_printf(MSG_INFO
, "- Credential/UsernamePassword/Password = %s", pw
);
1387 hex
= malloc(len
* 2 + 1);
1392 end
= hex
+ len
* 2 + 1;
1394 for (i
= 0; i
< len
; i
++) {
1395 snprintf(pos
, end
- pos
, "%02x", pw
[i
]);
1400 if (set_cred(ctx
->ifname
, id
, "password", hex
) < 0)
1401 wpa_printf(MSG_INFO
, "Failed to set cred password");
1406 static void set_pps_cred_machine_managed(struct hs20_osu_client
*ctx
, int id
,
1409 char *str
= xml_node_get_text(ctx
->xml
, node
);
1412 wpa_printf(MSG_INFO
, "- Credential/UsernamePassword/MachineManaged = %s",
1414 /* not used within wpa_supplicant */
1415 xml_node_get_text_free(ctx
->xml
, str
);
1419 static void set_pps_cred_soft_token_app(struct hs20_osu_client
*ctx
, int id
,
1422 char *str
= xml_node_get_text(ctx
->xml
, node
);
1425 wpa_printf(MSG_INFO
, "- Credential/UsernamePassword/SoftTokenApp = %s",
1427 /* not used within wpa_supplicant */
1428 xml_node_get_text_free(ctx
->xml
, str
);
1432 static void set_pps_cred_able_to_share(struct hs20_osu_client
*ctx
, int id
,
1435 char *str
= xml_node_get_text(ctx
->xml
, node
);
1438 wpa_printf(MSG_INFO
, "- Credential/UsernamePassword/AbleToShare = %s",
1440 /* not used within wpa_supplicant */
1441 xml_node_get_text_free(ctx
->xml
, str
);
1445 static void set_pps_cred_eap_method(struct hs20_osu_client
*ctx
, int id
,
1448 wpa_printf(MSG_INFO
, "- Credential/UsernamePassword/EAPMethod - TODO");
1452 static void set_pps_cred_username_password(struct hs20_osu_client
*ctx
, int id
,
1458 wpa_printf(MSG_INFO
, "- Credential/UsernamePassword");
1460 xml_node_for_each_child(ctx
->xml
, child
, node
) {
1461 xml_node_for_each_check(ctx
->xml
, child
);
1462 name
= xml_node_get_localname(ctx
->xml
, child
);
1463 if (os_strcasecmp(name
, "Username") == 0)
1464 set_pps_cred_username(ctx
, id
, child
);
1465 else if (os_strcasecmp(name
, "Password") == 0)
1466 set_pps_cred_password(ctx
, id
, child
);
1467 else if (os_strcasecmp(name
, "MachineManaged") == 0)
1468 set_pps_cred_machine_managed(ctx
, id
, child
);
1469 else if (os_strcasecmp(name
, "SoftTokenApp") == 0)
1470 set_pps_cred_soft_token_app(ctx
, id
, child
);
1471 else if (os_strcasecmp(name
, "AbleToShare") == 0)
1472 set_pps_cred_able_to_share(ctx
, id
, child
);
1473 else if (os_strcasecmp(name
, "EAPMethod") == 0)
1474 set_pps_cred_eap_method(ctx
, id
, child
);
1476 wpa_printf(MSG_INFO
, "Unknown Credential/UsernamePassword node '%s'",
1482 static void set_pps_cred_digital_cert(struct hs20_osu_client
*ctx
, int id
,
1483 xml_node_t
*node
, const char *fqdn
)
1485 char buf
[200], dir
[200];
1487 wpa_printf(MSG_INFO
, "- Credential/DigitalCertificate");
1489 if (getcwd(dir
, sizeof(dir
)) == NULL
)
1492 /* TODO: could build username from Subject of Subject AltName */
1493 if (set_cred_quoted(ctx
->ifname
, id
, "username", "cert") < 0) {
1494 wpa_printf(MSG_INFO
, "Failed to set username");
1497 snprintf(buf
, sizeof(buf
), "%s/SP/%s/client-cert.pem", dir
, fqdn
);
1498 if (os_file_exists(buf
)) {
1499 if (set_cred_quoted(ctx
->ifname
, id
, "client_cert", buf
) < 0) {
1500 wpa_printf(MSG_INFO
, "Failed to set client_cert");
1504 snprintf(buf
, sizeof(buf
), "%s/SP/%s/client-key.pem", dir
, fqdn
);
1505 if (os_file_exists(buf
)) {
1506 if (set_cred_quoted(ctx
->ifname
, id
, "private_key", buf
) < 0) {
1507 wpa_printf(MSG_INFO
, "Failed to set private_key");
1513 static void set_pps_cred_realm(struct hs20_osu_client
*ctx
, int id
,
1514 xml_node_t
*node
, const char *fqdn
, int sim
)
1516 char *str
= xml_node_get_text(ctx
->xml
, node
);
1517 char buf
[200], dir
[200];
1522 wpa_printf(MSG_INFO
, "- Credential/Realm = %s", str
);
1523 if (set_cred_quoted(ctx
->ifname
, id
, "realm", str
) < 0)
1524 wpa_printf(MSG_INFO
, "Failed to set cred realm");
1525 xml_node_get_text_free(ctx
->xml
, str
);
1530 if (getcwd(dir
, sizeof(dir
)) == NULL
)
1532 snprintf(buf
, sizeof(buf
), "%s/SP/%s/aaa-ca.pem", dir
, fqdn
);
1533 if (os_file_exists(buf
)) {
1534 if (set_cred_quoted(ctx
->ifname
, id
, "ca_cert", buf
) < 0) {
1535 wpa_printf(MSG_INFO
, "Failed to set CA cert");
1541 static void set_pps_cred_check_aaa_cert_status(struct hs20_osu_client
*ctx
,
1542 int id
, xml_node_t
*node
)
1544 char *str
= xml_node_get_text(ctx
->xml
, node
);
1549 wpa_printf(MSG_INFO
, "- Credential/CheckAAAServerCertStatus = %s", str
);
1550 if (os_strcasecmp(str
, "true") == 0 &&
1551 set_cred(ctx
->ifname
, id
, "ocsp", "2") < 0)
1552 wpa_printf(MSG_INFO
, "Failed to set cred ocsp");
1553 xml_node_get_text_free(ctx
->xml
, str
);
1557 static void set_pps_cred_sim(struct hs20_osu_client
*ctx
, int id
,
1558 xml_node_t
*sim
, xml_node_t
*realm
)
1561 char *imsi
, *eaptype
, *str
, buf
[20];
1566 node
= get_node(ctx
->xml
, sim
, "EAPType");
1568 wpa_printf(MSG_INFO
, "No SIM/EAPType node in credential");
1571 eaptype
= xml_node_get_text(ctx
->xml
, node
);
1572 if (eaptype
== NULL
) {
1573 wpa_printf(MSG_INFO
, "Could not extract SIM/EAPType");
1576 wpa_printf(MSG_INFO
, " - Credential/SIM/EAPType = %s", eaptype
);
1577 type
= atoi(eaptype
);
1578 xml_node_get_text_free(ctx
->xml
, eaptype
);
1582 if (set_cred(ctx
->ifname
, id
, "eap", "SIM") < 0)
1583 wpa_printf(MSG_INFO
, "Could not set eap=SIM");
1586 if (set_cred(ctx
->ifname
, id
, "eap", "AKA") < 0)
1587 wpa_printf(MSG_INFO
, "Could not set eap=SIM");
1589 case EAP_TYPE_AKA_PRIME
:
1590 if (set_cred(ctx
->ifname
, id
, "eap", "AKA'") < 0)
1591 wpa_printf(MSG_INFO
, "Could not set eap=SIM");
1594 wpa_printf(MSG_INFO
, "Unsupported SIM/EAPType %d", type
);
1598 node
= get_node(ctx
->xml
, sim
, "IMSI");
1600 wpa_printf(MSG_INFO
, "No SIM/IMSI node in credential");
1603 imsi
= xml_node_get_text(ctx
->xml
, node
);
1605 wpa_printf(MSG_INFO
, "Could not extract SIM/IMSI");
1608 wpa_printf(MSG_INFO
, " - Credential/SIM/IMSI = %s", imsi
);
1609 imsi_len
= os_strlen(imsi
);
1610 if (imsi_len
< 7 || imsi_len
+ 2 > sizeof(buf
)) {
1611 wpa_printf(MSG_INFO
, "Invalid IMSI length");
1612 xml_node_get_text_free(ctx
->xml
, imsi
);
1616 str
= xml_node_get_text(ctx
->xml
, node
);
1619 pos
= os_strstr(str
, "mnc");
1620 if (pos
&& os_strlen(pos
) >= 6) {
1621 if (os_strncmp(imsi
+ 3, pos
+ 3, 3) == 0)
1623 else if (os_strncmp(imsi
+ 3, pos
+ 4, 2) == 0)
1626 xml_node_get_text_free(ctx
->xml
, str
);
1629 os_memcpy(buf
, imsi
, 3 + mnc_len
);
1630 buf
[3 + mnc_len
] = '-';
1631 os_strlcpy(buf
+ 3 + mnc_len
+ 1, imsi
+ 3 + mnc_len
,
1632 sizeof(buf
) - 3 - mnc_len
- 1);
1634 xml_node_get_text_free(ctx
->xml
, imsi
);
1636 if (set_cred_quoted(ctx
->ifname
, id
, "imsi", buf
) < 0)
1637 wpa_printf(MSG_INFO
, "Could not set IMSI");
1639 if (set_cred_quoted(ctx
->ifname
, id
, "milenage",
1640 "90dca4eda45b53cf0f12d7c9c3bc6a89:"
1641 "cb9cccc4b9258e6dca4760379fb82581:000000000123") <
1643 wpa_printf(MSG_INFO
, "Could not set Milenage parameters");
1647 static void set_pps_cred_credential(struct hs20_osu_client
*ctx
, int id
,
1648 xml_node_t
*node
, const char *fqdn
)
1650 xml_node_t
*child
, *sim
, *realm
;
1653 wpa_printf(MSG_INFO
, "- Credential");
1655 sim
= get_node(ctx
->xml
, node
, "SIM");
1656 realm
= get_node(ctx
->xml
, node
, "Realm");
1658 xml_node_for_each_child(ctx
->xml
, child
, node
) {
1659 xml_node_for_each_check(ctx
->xml
, child
);
1660 name
= xml_node_get_localname(ctx
->xml
, child
);
1661 if (os_strcasecmp(name
, "CreationDate") == 0)
1662 set_pps_cred_creation_date(ctx
, id
, child
);
1663 else if (os_strcasecmp(name
, "ExpirationDate") == 0)
1664 set_pps_cred_expiration_date(ctx
, id
, child
);
1665 else if (os_strcasecmp(name
, "UsernamePassword") == 0)
1666 set_pps_cred_username_password(ctx
, id
, child
);
1667 else if (os_strcasecmp(name
, "DigitalCertificate") == 0)
1668 set_pps_cred_digital_cert(ctx
, id
, child
, fqdn
);
1669 else if (os_strcasecmp(name
, "Realm") == 0)
1670 set_pps_cred_realm(ctx
, id
, child
, fqdn
, sim
!= NULL
);
1671 else if (os_strcasecmp(name
, "CheckAAAServerCertStatus") == 0)
1672 set_pps_cred_check_aaa_cert_status(ctx
, id
, child
);
1673 else if (os_strcasecmp(name
, "SIM") == 0)
1674 set_pps_cred_sim(ctx
, id
, child
, realm
);
1676 wpa_printf(MSG_INFO
, "Unknown Credential node '%s'",
1682 static void set_pps_credential(struct hs20_osu_client
*ctx
, int id
,
1683 xml_node_t
*cred
, const char *fqdn
)
1688 xml_node_for_each_child(ctx
->xml
, child
, cred
) {
1689 xml_node_for_each_check(ctx
->xml
, child
);
1690 name
= xml_node_get_localname(ctx
->xml
, child
);
1691 if (os_strcasecmp(name
, "Policy") == 0)
1692 set_pps_cred_policy(ctx
, id
, child
);
1693 else if (os_strcasecmp(name
, "CredentialPriority") == 0)
1694 set_pps_cred_priority(ctx
, id
, child
);
1695 else if (os_strcasecmp(name
, "AAAServerTrustRoot") == 0)
1696 set_pps_cred_aaa_server_trust_root(ctx
, id
, child
);
1697 else if (os_strcasecmp(name
, "SubscriptionUpdate") == 0)
1698 set_pps_cred_sub_update(ctx
, id
, child
);
1699 else if (os_strcasecmp(name
, "HomeSP") == 0)
1700 set_pps_cred_home_sp(ctx
, id
, child
);
1701 else if (os_strcasecmp(name
, "SubscriptionParameters") == 0)
1702 set_pps_cred_sub_params(ctx
, id
, child
);
1703 else if (os_strcasecmp(name
, "Credential") == 0)
1704 set_pps_cred_credential(ctx
, id
, child
, fqdn
);
1706 wpa_printf(MSG_INFO
, "Unknown credential node '%s'",
1712 static void set_pps(struct hs20_osu_client
*ctx
, xml_node_t
*pps
,
1718 char *update_identifier
= NULL
;
1721 * TODO: Could consider more complex mechanism that would remove
1722 * credentials only if there are changes in the information sent to
1725 remove_sp_creds(ctx
, fqdn
);
1727 xml_node_for_each_child(ctx
->xml
, child
, pps
) {
1728 xml_node_for_each_check(ctx
->xml
, child
);
1729 name
= xml_node_get_localname(ctx
->xml
, child
);
1730 if (os_strcasecmp(name
, "UpdateIdentifier") == 0) {
1731 update_identifier
= xml_node_get_text(ctx
->xml
, child
);
1732 if (update_identifier
) {
1733 wpa_printf(MSG_INFO
, "- UpdateIdentifier = %s",
1740 xml_node_for_each_child(ctx
->xml
, child
, pps
) {
1741 xml_node_for_each_check(ctx
->xml
, child
);
1742 name
= xml_node_get_localname(ctx
->xml
, child
);
1743 if (os_strcasecmp(name
, "UpdateIdentifier") == 0)
1745 id
= add_cred(ctx
->ifname
);
1747 wpa_printf(MSG_INFO
, "Failed to add credential to wpa_supplicant");
1748 write_summary(ctx
, "Failed to add credential to wpa_supplicant");
1751 write_summary(ctx
, "Add a credential to wpa_supplicant");
1752 if (update_identifier
&&
1753 set_cred(ctx
->ifname
, id
, "update_identifier",
1754 update_identifier
) < 0)
1755 wpa_printf(MSG_INFO
, "Failed to set update_identifier");
1756 if (set_cred_quoted(ctx
->ifname
, id
, "provisioning_sp", fqdn
) <
1758 wpa_printf(MSG_INFO
, "Failed to set provisioning_sp");
1759 wpa_printf(MSG_INFO
, "credential localname: '%s'", name
);
1760 set_pps_credential(ctx
, id
, child
, fqdn
);
1761 ctx
->pps_cred_set
= 1;
1764 xml_node_get_text_free(ctx
->xml
, update_identifier
);
1768 void cmd_set_pps(struct hs20_osu_client
*ctx
, const char *pps_fname
)
1772 char *fqdn_buf
= NULL
, *pos
;
1774 pps
= node_from_file(ctx
->xml
, pps_fname
);
1776 wpa_printf(MSG_INFO
, "Could not read or parse '%s'", pps_fname
);
1780 fqdn
= os_strstr(pps_fname
, "SP/");
1782 fqdn_buf
= os_strdup(fqdn
+ 3);
1783 if (fqdn_buf
== NULL
)
1785 pos
= os_strchr(fqdn_buf
, '/');
1792 wpa_printf(MSG_INFO
, "Set PPS MO info to wpa_supplicant - SP FQDN %s",
1794 set_pps(ctx
, pps
, fqdn
);
1797 xml_node_free(ctx
->xml
, pps
);
1801 static int cmd_get_fqdn(struct hs20_osu_client
*ctx
, const char *pps_fname
)
1803 xml_node_t
*pps
, *node
;
1806 pps
= node_from_file(ctx
->xml
, pps_fname
);
1808 wpa_printf(MSG_INFO
, "Could not read or parse '%s'", pps_fname
);
1812 node
= get_child_node(ctx
->xml
, pps
, "HomeSP/FQDN");
1814 fqdn
= xml_node_get_text(ctx
->xml
, node
);
1816 xml_node_free(ctx
->xml
, pps
);
1819 FILE *f
= fopen("pps-fqdn", "w");
1821 fprintf(f
, "%s", fqdn
);
1824 xml_node_get_text_free(ctx
->xml
, fqdn
);
1828 xml_node_get_text_free(ctx
->xml
, fqdn
);
1833 static void cmd_to_tnds(struct hs20_osu_client
*ctx
, const char *in_fname
,
1834 const char *out_fname
, const char *urn
, int use_path
)
1836 xml_node_t
*mo
, *node
;
1838 mo
= node_from_file(ctx
->xml
, in_fname
);
1840 wpa_printf(MSG_INFO
, "Could not read or parse '%s'", in_fname
);
1844 node
= mo_to_tnds(ctx
->xml
, mo
, use_path
, urn
, NULL
);
1846 node_to_file(ctx
->xml
, out_fname
, node
);
1847 xml_node_free(ctx
->xml
, node
);
1850 xml_node_free(ctx
->xml
, mo
);
1854 static void cmd_from_tnds(struct hs20_osu_client
*ctx
, const char *in_fname
,
1855 const char *out_fname
)
1857 xml_node_t
*tnds
, *mo
;
1859 tnds
= node_from_file(ctx
->xml
, in_fname
);
1861 wpa_printf(MSG_INFO
, "Could not read or parse '%s'", in_fname
);
1865 mo
= tnds_to_mo(ctx
->xml
, tnds
);
1867 node_to_file(ctx
->xml
, out_fname
, mo
);
1868 xml_node_free(ctx
->xml
, mo
);
1871 xml_node_free(ctx
->xml
, tnds
);
1878 char mime_type
[256];
1885 unsigned int methods
;
1888 struct osu_lang_text friendly_name
[MAX_OSU_VALS
];
1889 size_t friendly_name_count
;
1890 struct osu_lang_text serv_desc
[MAX_OSU_VALS
];
1891 size_t serv_desc_count
;
1892 struct osu_icon icon
[MAX_OSU_VALS
];
1897 static struct osu_data
* parse_osu_providers(const char *fname
, size_t *count
)
1901 struct osu_data
*osu
= NULL
, *last
= NULL
;
1902 size_t osu_count
= 0;
1905 f
= fopen(fname
, "r");
1907 wpa_printf(MSG_ERROR
, "Could not open %s", fname
);
1911 while (fgets(buf
, sizeof(buf
), f
)) {
1912 pos
= strchr(buf
, '\n');
1916 if (strncmp(buf
, "OSU-PROVIDER ", 13) == 0) {
1917 last
= realloc(osu
, (osu_count
+ 1) * sizeof(*osu
));
1921 last
= &osu
[osu_count
++];
1922 memset(last
, 0, sizeof(*last
));
1923 snprintf(last
->bssid
, sizeof(last
->bssid
), "%s",
1930 if (strncmp(buf
, "uri=", 4) == 0) {
1931 snprintf(last
->url
, sizeof(last
->url
), "%s", buf
+ 4);
1935 if (strncmp(buf
, "methods=", 8) == 0) {
1936 last
->methods
= strtol(buf
+ 8, NULL
, 16);
1940 if (strncmp(buf
, "osu_ssid=", 9) == 0) {
1941 snprintf(last
->osu_ssid
, sizeof(last
->osu_ssid
),
1946 if (os_strncmp(buf
, "osu_nai=", 8) == 0) {
1947 os_snprintf(last
->osu_nai
, sizeof(last
->osu_nai
),
1952 if (strncmp(buf
, "friendly_name=", 14) == 0) {
1953 struct osu_lang_text
*txt
;
1954 if (last
->friendly_name_count
== MAX_OSU_VALS
)
1956 pos
= strchr(buf
+ 14, ':');
1960 txt
= &last
->friendly_name
[last
->friendly_name_count
++];
1961 snprintf(txt
->lang
, sizeof(txt
->lang
), "%s", buf
+ 14);
1962 snprintf(txt
->text
, sizeof(txt
->text
), "%s", pos
);
1965 if (strncmp(buf
, "desc=", 5) == 0) {
1966 struct osu_lang_text
*txt
;
1967 if (last
->serv_desc_count
== MAX_OSU_VALS
)
1969 pos
= strchr(buf
+ 5, ':');
1973 txt
= &last
->serv_desc
[last
->serv_desc_count
++];
1974 snprintf(txt
->lang
, sizeof(txt
->lang
), "%s", buf
+ 5);
1975 snprintf(txt
->text
, sizeof(txt
->text
), "%s", pos
);
1978 if (strncmp(buf
, "icon=", 5) == 0) {
1979 struct osu_icon
*icon
;
1980 if (last
->icon_count
== MAX_OSU_VALS
)
1982 icon
= &last
->icon
[last
->icon_count
++];
1983 icon
->id
= atoi(buf
+ 5);
1984 pos
= strchr(buf
, ':');
1987 pos
= strchr(pos
+ 1, ':');
1990 pos
= strchr(pos
+ 1, ':');
1994 end
= strchr(pos
, ':');
1998 snprintf(icon
->lang
, sizeof(icon
->lang
), "%s", pos
);
2001 end
= strchr(pos
, ':');
2004 snprintf(icon
->mime_type
, sizeof(icon
->mime_type
),
2010 end
= strchr(pos
, ':');
2013 snprintf(icon
->filename
, sizeof(icon
->filename
),
2026 static int osu_connect(struct hs20_osu_client
*ctx
, const char *bssid
,
2027 const char *ssid
, const char *url
,
2028 unsigned int methods
, int no_prod_assoc
,
2029 const char *osu_nai
)
2032 const char *ifname
= ctx
->ifname
;
2034 struct wpa_ctrl
*mon
;
2037 id
= add_network(ifname
);
2040 if (set_network_quoted(ifname
, id
, "ssid", ssid
) < 0)
2042 if (osu_nai
&& os_strlen(osu_nai
) > 0) {
2043 char dir
[255], fname
[300];
2044 if (getcwd(dir
, sizeof(dir
)) == NULL
)
2046 os_snprintf(fname
, sizeof(fname
), "%s/osu-ca.pem", dir
);
2048 if (set_network(ifname
, id
, "proto", "OSEN") < 0 ||
2049 set_network(ifname
, id
, "key_mgmt", "OSEN") < 0 ||
2050 set_network(ifname
, id
, "pairwise", "CCMP") < 0 ||
2051 set_network(ifname
, id
, "group", "GTK_NOT_USED") < 0 ||
2052 set_network(ifname
, id
, "eap", "WFA-UNAUTH-TLS") < 0 ||
2053 set_network(ifname
, id
, "ocsp", "2") < 0 ||
2054 set_network_quoted(ifname
, id
, "identity", osu_nai
) < 0 ||
2055 set_network_quoted(ifname
, id
, "ca_cert", fname
) < 0)
2058 if (set_network(ifname
, id
, "key_mgmt", "NONE") < 0)
2062 mon
= open_wpa_mon(ifname
);
2066 wpa_printf(MSG_INFO
, "Associate with OSU SSID");
2067 write_summary(ctx
, "Associate with OSU SSID");
2068 snprintf(buf
, sizeof(buf
), "SELECT_NETWORK %d", id
);
2069 if (wpa_command(ifname
, buf
) < 0)
2072 res
= get_wpa_cli_event(mon
, "CTRL-EVENT-CONNECTED",
2075 wpa_ctrl_detach(mon
);
2076 wpa_ctrl_close(mon
);
2079 wpa_printf(MSG_INFO
, "Could not connect");
2080 write_summary(ctx
, "Could not connect to OSU network");
2081 wpa_printf(MSG_INFO
, "Remove OSU network connection");
2082 snprintf(buf
, sizeof(buf
), "REMOVE_NETWORK %d", id
);
2083 wpa_command(ifname
, buf
);
2087 write_summary(ctx
, "Waiting for IP address for subscription registration");
2088 if (wait_ip_addr(ifname
, 15) < 0) {
2089 wpa_printf(MSG_INFO
, "Could not get IP address for WLAN - try connection anyway");
2092 if (no_prod_assoc
) {
2095 wpa_printf(MSG_INFO
, "No production connection used for testing purposes");
2096 write_summary(ctx
, "No production connection used for testing purposes");
2100 ctx
->no_reconnect
= 1;
2101 if (methods
& 0x02) {
2102 wpa_printf(MSG_DEBUG
, "Calling cmd_prov from osu_connect");
2103 res
= cmd_prov(ctx
, url
);
2104 } else if (methods
& 0x01) {
2105 wpa_printf(MSG_DEBUG
,
2106 "Calling cmd_oma_dm_prov from osu_connect");
2107 res
= cmd_oma_dm_prov(ctx
, url
);
2110 wpa_printf(MSG_INFO
, "Remove OSU network connection");
2111 write_summary(ctx
, "Remove OSU network connection");
2112 snprintf(buf
, sizeof(buf
), "REMOVE_NETWORK %d", id
);
2113 wpa_command(ifname
, buf
);
2118 wpa_printf(MSG_INFO
, "Requesting reconnection with updated configuration");
2119 write_summary(ctx
, "Requesting reconnection with updated configuration");
2120 if (wpa_command(ctx
->ifname
, "INTERWORKING_SELECT auto") < 0) {
2121 wpa_printf(MSG_INFO
, "Failed to request wpa_supplicant to reconnect");
2122 write_summary(ctx
, "Failed to request wpa_supplicant to reconnect");
2130 static int cmd_osu_select(struct hs20_osu_client
*ctx
, const char *dir
,
2131 int connect
, int no_prod_assoc
,
2132 const char *friendly_name
)
2136 struct osu_data
*osu
= NULL
, *last
= NULL
;
2137 size_t osu_count
, i
, j
;
2140 write_summary(ctx
, "OSU provider selection");
2143 wpa_printf(MSG_INFO
, "Missing dir parameter to osu_select");
2147 snprintf(fname
, sizeof(fname
), "%s/osu-providers.txt", dir
);
2148 osu
= parse_osu_providers(fname
, &osu_count
);
2150 wpa_printf(MSG_INFO
, "Could not find any OSU providers from %s",
2152 write_result(ctx
, "No OSU providers available");
2156 if (friendly_name
) {
2157 for (i
= 0; i
< osu_count
; i
++) {
2159 for (j
= 0; j
< last
->friendly_name_count
; j
++) {
2160 if (os_strcmp(last
->friendly_name
[j
].text
,
2161 friendly_name
) == 0)
2164 if (j
< last
->friendly_name_count
)
2167 if (i
== osu_count
) {
2168 wpa_printf(MSG_INFO
, "Requested operator friendly name '%s' not found in the list of available providers",
2170 write_summary(ctx
, "Requested operator friendly name '%s' not found in the list of available providers",
2176 wpa_printf(MSG_INFO
, "OSU Provider selected based on requested operator friendly name '%s'",
2178 write_summary(ctx
, "OSU Provider selected based on requested operator friendly name '%s'",
2184 snprintf(fname
, sizeof(fname
), "%s/osu-providers.html", dir
);
2185 f
= fopen(fname
, "w");
2187 wpa_printf(MSG_INFO
, "Could not open %s", fname
);
2192 fprintf(f
, "<html><head>"
2193 "<meta http-equiv=\"Content-type\" content=\"text/html; "
2194 "charset=utf-8\"<title>Select service operator</title>"
2195 "</head><body><h1>Select service operator</h1>\n");
2198 fprintf(f
, "No online signup available\n");
2200 for (i
= 0; i
< osu_count
; i
++) {
2204 "<a href=\"http://localhost:12345/osu/%d\">"
2205 "<table><tr><td>", (int) i
+ 1);
2208 "<a href=\"osu://%d\">"
2209 "<table><tr><td>", (int) i
+ 1);
2210 #endif /* ANDROID */
2211 for (j
= 0; j
< last
->icon_count
; j
++) {
2212 fprintf(f
, "<img src=\"osu-icon-%d.%s\">\n",
2214 strcasecmp(last
->icon
[j
].mime_type
,
2215 "image/png") == 0 ? "png" : "icon");
2218 for (j
= 0; j
< last
->friendly_name_count
; j
++) {
2219 fprintf(f
, "<small>[%s]</small> %s<br>\n",
2220 last
->friendly_name
[j
].lang
,
2221 last
->friendly_name
[j
].text
);
2223 fprintf(f
, "<tr><td colspan=2>");
2224 for (j
= 0; j
< last
->serv_desc_count
; j
++) {
2225 fprintf(f
, "<small>[%s]</small> %s<br>\n",
2226 last
->serv_desc
[j
].lang
,
2227 last
->serv_desc
[j
].text
);
2229 fprintf(f
, "</table></a><br><small>BSSID: %s<br>\n"
2231 last
->bssid
, last
->osu_ssid
);
2232 if (last
->osu_nai
[0])
2233 fprintf(f
, "NAI: %s<br>\n", last
->osu_nai
);
2234 fprintf(f
, "URL: %s<br>\n"
2235 "methods:%s%s<br>\n"
2238 last
->methods
& 0x01 ? " OMA-DM" : "",
2239 last
->methods
& 0x02 ? " SOAP-XML-SPP" : "");
2242 fprintf(f
, "</body></html>\n");
2246 snprintf(fname
, sizeof(fname
), "file://%s/osu-providers.html", dir
);
2247 write_summary(ctx
, "Start web browser with OSU provider selection page");
2248 ret
= hs20_web_browser(fname
);
2251 if (ret
> 0 && (size_t) ret
<= osu_count
) {
2255 wpa_printf(MSG_INFO
, "Selected OSU id=%d", ret
);
2256 last
= &osu
[ret
- 1];
2258 wpa_printf(MSG_INFO
, "BSSID: %s", last
->bssid
);
2259 wpa_printf(MSG_INFO
, "SSID: %s", last
->osu_ssid
);
2260 wpa_printf(MSG_INFO
, "URL: %s", last
->url
);
2261 write_summary(ctx
, "Selected OSU provider id=%d BSSID=%s SSID=%s URL=%s",
2262 ret
, last
->bssid
, last
->osu_ssid
, last
->url
);
2264 ctx
->friendly_name_count
= last
->friendly_name_count
;
2265 for (j
= 0; j
< last
->friendly_name_count
; j
++) {
2266 wpa_printf(MSG_INFO
, "FRIENDLY_NAME: [%s]%s",
2267 last
->friendly_name
[j
].lang
,
2268 last
->friendly_name
[j
].text
);
2269 os_strlcpy(ctx
->friendly_name
[j
].lang
,
2270 last
->friendly_name
[j
].lang
,
2271 sizeof(ctx
->friendly_name
[j
].lang
));
2272 os_strlcpy(ctx
->friendly_name
[j
].text
,
2273 last
->friendly_name
[j
].text
,
2274 sizeof(ctx
->friendly_name
[j
].text
));
2277 ctx
->icon_count
= last
->icon_count
;
2278 for (j
= 0; j
< last
->icon_count
; j
++) {
2281 os_snprintf(fname
, sizeof(fname
), "%s/osu-icon-%d.%s",
2282 dir
, last
->icon
[j
].id
,
2283 strcasecmp(last
->icon
[j
].mime_type
,
2286 wpa_printf(MSG_INFO
, "ICON: %s (%s)",
2287 fname
, last
->icon
[j
].filename
);
2288 os_strlcpy(ctx
->icon_filename
[j
],
2289 last
->icon
[j
].filename
,
2290 sizeof(ctx
->icon_filename
[j
]));
2292 data
= os_readfile(fname
, &data_len
);
2294 sha256_vector(1, (const u8
**) &data
, &data_len
,
2301 if (last
->methods
& 0x02) {
2302 wpa_printf(MSG_DEBUG
,
2303 "Calling cmd_prov from cmd_osu_select");
2304 ret
= cmd_prov(ctx
, last
->url
);
2305 } else if (last
->methods
& 0x01) {
2306 wpa_printf(MSG_DEBUG
,
2307 "Calling cmd_oma_dm_prov from cmd_osu_select");
2308 ret
= cmd_oma_dm_prov(ctx
, last
->url
);
2310 wpa_printf(MSG_DEBUG
,
2311 "No supported OSU provisioning method");
2315 ret
= osu_connect(ctx
, last
->bssid
, last
->osu_ssid
,
2316 last
->url
, last
->methods
,
2317 no_prod_assoc
, last
->osu_nai
);
2327 static int cmd_signup(struct hs20_osu_client
*ctx
, int no_prod_assoc
,
2328 const char *friendly_name
)
2331 char fname
[300], buf
[400];
2332 struct wpa_ctrl
*mon
;
2336 ifname
= ctx
->ifname
;
2338 if (getcwd(dir
, sizeof(dir
)) == NULL
)
2341 snprintf(fname
, sizeof(fname
), "%s/osu-info", dir
);
2342 if (mkdir(fname
, S_IRWXU
| S_IRWXG
| S_IROTH
| S_IXOTH
) < 0 &&
2344 wpa_printf(MSG_INFO
, "mkdir(%s) failed: %s",
2345 fname
, strerror(errno
));
2350 /* Allow processes running with Group ID as AID_WIFI
2351 * to read/write files from osu-info directory
2353 if (chown(fname
, -1, AID_WIFI
)) {
2354 wpa_printf(MSG_INFO
, "Could not chown osu-info directory: %s",
2357 #endif /* ANDROID */
2359 snprintf(buf
, sizeof(buf
), "SET osu_dir %s", fname
);
2360 if (wpa_command(ifname
, buf
) < 0) {
2361 wpa_printf(MSG_INFO
, "Failed to configure osu_dir to wpa_supplicant");
2365 mon
= open_wpa_mon(ifname
);
2369 wpa_printf(MSG_INFO
, "Starting OSU fetch");
2370 write_summary(ctx
, "Starting OSU provider information fetch");
2371 if (wpa_command(ifname
, "FETCH_OSU") < 0) {
2372 wpa_printf(MSG_INFO
, "Could not start OSU fetch");
2373 wpa_ctrl_detach(mon
);
2374 wpa_ctrl_close(mon
);
2377 res
= get_wpa_cli_event(mon
, "OSU provider fetch completed",
2380 wpa_ctrl_detach(mon
);
2381 wpa_ctrl_close(mon
);
2384 wpa_printf(MSG_INFO
, "OSU fetch did not complete");
2385 write_summary(ctx
, "OSU fetch did not complete");
2388 wpa_printf(MSG_INFO
, "OSU provider fetch completed");
2390 return cmd_osu_select(ctx
, fname
, 1, no_prod_assoc
, friendly_name
);
2394 static int cmd_sub_rem(struct hs20_osu_client
*ctx
, const char *address
,
2395 const char *pps_fname
, const char *ca_fname
)
2397 xml_node_t
*pps
, *node
;
2398 char pps_fname_buf
[300];
2399 char ca_fname_buf
[200];
2400 char *cred_username
= NULL
;
2401 char *cred_password
= NULL
;
2402 char *sub_rem_uri
= NULL
;
2403 char client_cert_buf
[200];
2404 char *client_cert
= NULL
;
2405 char client_key_buf
[200];
2406 char *client_key
= NULL
;
2409 wpa_printf(MSG_INFO
, "Subscription remediation requested with Server URL: %s",
2414 wpa_printf(MSG_INFO
, "Determining PPS file based on Home SP information");
2415 if (os_strncmp(address
, "fqdn=", 5) == 0) {
2416 wpa_printf(MSG_INFO
, "Use requested FQDN from command line");
2417 os_snprintf(buf
, sizeof(buf
), "%s", address
+ 5);
2419 } else if (get_wpa_status(ctx
->ifname
, "provisioning_sp", buf
,
2421 wpa_printf(MSG_INFO
, "Could not get provisioning Home SP FQDN from wpa_supplicant");
2425 ctx
->fqdn
= os_strdup(buf
);
2426 if (ctx
->fqdn
== NULL
)
2428 wpa_printf(MSG_INFO
, "Home SP FQDN for current credential: %s",
2430 os_snprintf(pps_fname_buf
, sizeof(pps_fname_buf
),
2431 "SP/%s/pps.xml", ctx
->fqdn
);
2432 pps_fname
= pps_fname_buf
;
2434 os_snprintf(ca_fname_buf
, sizeof(ca_fname_buf
), "SP/%s/ca.pem",
2436 ca_fname
= ca_fname_buf
;
2439 if (!os_file_exists(pps_fname
)) {
2440 wpa_printf(MSG_INFO
, "PPS file '%s' does not exist or is not accessible",
2444 wpa_printf(MSG_INFO
, "Using PPS file: %s", pps_fname
);
2446 if (ca_fname
&& !os_file_exists(ca_fname
)) {
2447 wpa_printf(MSG_INFO
, "CA file '%s' does not exist or is not accessible",
2451 wpa_printf(MSG_INFO
, "Using server trust root: %s", ca_fname
);
2452 ctx
->ca_fname
= ca_fname
;
2454 pps
= node_from_file(ctx
->xml
, pps_fname
);
2456 wpa_printf(MSG_INFO
, "Could not read PPS MO");
2462 node
= get_child_node(ctx
->xml
, pps
, "HomeSP/FQDN");
2464 wpa_printf(MSG_INFO
, "No HomeSP/FQDN found from PPS");
2467 tmp
= xml_node_get_text(ctx
->xml
, node
);
2469 wpa_printf(MSG_INFO
, "No HomeSP/FQDN text found from PPS");
2472 ctx
->fqdn
= os_strdup(tmp
);
2473 xml_node_get_text_free(ctx
->xml
, tmp
);
2475 wpa_printf(MSG_INFO
, "No FQDN known");
2480 node
= get_child_node(ctx
->xml
, pps
,
2481 "SubscriptionUpdate/UpdateMethod");
2484 tmp
= xml_node_get_text(ctx
->xml
, node
);
2485 if (tmp
&& os_strcasecmp(tmp
, "OMA-DM-ClientInitiated") == 0)
2490 wpa_printf(MSG_INFO
, "No UpdateMethod specified - assume SPP");
2494 get_user_pw(ctx
, pps
, "SubscriptionUpdate/UsernamePassword",
2495 &cred_username
, &cred_password
);
2497 wpa_printf(MSG_INFO
, "Using username: %s", cred_username
);
2499 wpa_printf(MSG_DEBUG
, "Using password: %s", cred_password
);
2501 if (cred_username
== NULL
&& cred_password
== NULL
&&
2502 get_child_node(ctx
->xml
, pps
, "Credential/DigitalCertificate")) {
2503 wpa_printf(MSG_INFO
, "Using client certificate");
2504 os_snprintf(client_cert_buf
, sizeof(client_cert_buf
),
2505 "SP/%s/client-cert.pem", ctx
->fqdn
);
2506 client_cert
= client_cert_buf
;
2507 os_snprintf(client_key_buf
, sizeof(client_key_buf
),
2508 "SP/%s/client-key.pem", ctx
->fqdn
);
2509 client_key
= client_key_buf
;
2510 ctx
->client_cert_present
= 1;
2513 node
= get_child_node(ctx
->xml
, pps
, "SubscriptionUpdate/URI");
2515 sub_rem_uri
= xml_node_get_text(ctx
->xml
, node
);
2517 (!address
|| os_strcmp(address
, sub_rem_uri
) != 0)) {
2518 wpa_printf(MSG_INFO
, "Override sub rem URI based on PPS: %s",
2520 address
= sub_rem_uri
;
2524 wpa_printf(MSG_INFO
, "Server URL not known");
2528 write_summary(ctx
, "Wait for IP address for subscriptiom remediation");
2529 wpa_printf(MSG_INFO
, "Wait for IP address before starting subscription remediation");
2531 if (wait_ip_addr(ctx
->ifname
, 15) < 0) {
2532 wpa_printf(MSG_INFO
, "Could not get IP address for WLAN - try connection anyway");
2536 spp_sub_rem(ctx
, address
, pps_fname
,
2537 client_cert
, client_key
,
2538 cred_username
, cred_password
, pps
);
2540 oma_dm_sub_rem(ctx
, address
, pps_fname
,
2541 client_cert
, client_key
,
2542 cred_username
, cred_password
, pps
);
2544 xml_node_get_text_free(ctx
->xml
, sub_rem_uri
);
2545 xml_node_get_text_free(ctx
->xml
, cred_username
);
2546 str_clear_free(cred_password
);
2547 xml_node_free(ctx
->xml
, pps
);
2552 static int cmd_pol_upd(struct hs20_osu_client
*ctx
, const char *address
,
2553 const char *pps_fname
, const char *ca_fname
)
2557 char pps_fname_buf
[300];
2558 char ca_fname_buf
[200];
2560 char *cred_username
= NULL
;
2561 char *cred_password
= NULL
;
2562 char client_cert_buf
[200];
2563 char *client_cert
= NULL
;
2564 char client_key_buf
[200];
2565 char *client_key
= NULL
;
2568 wpa_printf(MSG_INFO
, "Policy update requested");
2572 wpa_printf(MSG_INFO
, "Determining PPS file based on Home SP information");
2573 if (os_strncmp(address
, "fqdn=", 5) == 0) {
2574 wpa_printf(MSG_INFO
, "Use requested FQDN from command line");
2575 os_snprintf(buf
, sizeof(buf
), "%s", address
+ 5);
2577 } else if (get_wpa_status(ctx
->ifname
, "provisioning_sp", buf
,
2579 wpa_printf(MSG_INFO
, "Could not get provisioning Home SP FQDN from wpa_supplicant");
2583 ctx
->fqdn
= os_strdup(buf
);
2584 if (ctx
->fqdn
== NULL
)
2586 wpa_printf(MSG_INFO
, "Home SP FQDN for current credential: %s",
2588 os_snprintf(pps_fname_buf
, sizeof(pps_fname_buf
),
2589 "SP/%s/pps.xml", ctx
->fqdn
);
2590 pps_fname
= pps_fname_buf
;
2592 os_snprintf(ca_fname_buf
, sizeof(ca_fname_buf
), "SP/%s/ca.pem",
2594 ca_fname
= ca_fname_buf
;
2597 if (!os_file_exists(pps_fname
)) {
2598 wpa_printf(MSG_INFO
, "PPS file '%s' does not exist or is not accessible",
2602 wpa_printf(MSG_INFO
, "Using PPS file: %s", pps_fname
);
2604 if (ca_fname
&& !os_file_exists(ca_fname
)) {
2605 wpa_printf(MSG_INFO
, "CA file '%s' does not exist or is not accessible",
2609 wpa_printf(MSG_INFO
, "Using server trust root: %s", ca_fname
);
2610 ctx
->ca_fname
= ca_fname
;
2612 pps
= node_from_file(ctx
->xml
, pps_fname
);
2614 wpa_printf(MSG_INFO
, "Could not read PPS MO");
2620 node
= get_child_node(ctx
->xml
, pps
, "HomeSP/FQDN");
2622 wpa_printf(MSG_INFO
, "No HomeSP/FQDN found from PPS");
2625 tmp
= xml_node_get_text(ctx
->xml
, node
);
2627 wpa_printf(MSG_INFO
, "No HomeSP/FQDN text found from PPS");
2630 ctx
->fqdn
= os_strdup(tmp
);
2631 xml_node_get_text_free(ctx
->xml
, tmp
);
2633 wpa_printf(MSG_INFO
, "No FQDN known");
2638 node
= get_child_node(ctx
->xml
, pps
,
2639 "Policy/PolicyUpdate/UpdateMethod");
2642 tmp
= xml_node_get_text(ctx
->xml
, node
);
2643 if (tmp
&& os_strcasecmp(tmp
, "OMA-DM-ClientInitiated") == 0)
2648 wpa_printf(MSG_INFO
, "No UpdateMethod specified - assume SPP");
2652 get_user_pw(ctx
, pps
, "Policy/PolicyUpdate/UsernamePassword",
2653 &cred_username
, &cred_password
);
2655 wpa_printf(MSG_INFO
, "Using username: %s", cred_username
);
2657 wpa_printf(MSG_DEBUG
, "Using password: %s", cred_password
);
2659 if (cred_username
== NULL
&& cred_password
== NULL
&&
2660 get_child_node(ctx
->xml
, pps
, "Credential/DigitalCertificate")) {
2661 wpa_printf(MSG_INFO
, "Using client certificate");
2662 os_snprintf(client_cert_buf
, sizeof(client_cert_buf
),
2663 "SP/%s/client-cert.pem", ctx
->fqdn
);
2664 client_cert
= client_cert_buf
;
2665 os_snprintf(client_key_buf
, sizeof(client_key_buf
),
2666 "SP/%s/client-key.pem", ctx
->fqdn
);
2667 client_key
= client_key_buf
;
2671 node
= get_child_node(ctx
->xml
, pps
, "Policy/PolicyUpdate/URI");
2673 uri
= xml_node_get_text(ctx
->xml
, node
);
2674 wpa_printf(MSG_INFO
, "URI based on PPS: %s", uri
);
2679 wpa_printf(MSG_INFO
, "Server URL not known");
2684 spp_pol_upd(ctx
, address
, pps_fname
,
2685 client_cert
, client_key
,
2686 cred_username
, cred_password
, pps
);
2688 oma_dm_pol_upd(ctx
, address
, pps_fname
,
2689 client_cert
, client_key
,
2690 cred_username
, cred_password
, pps
);
2692 xml_node_get_text_free(ctx
->xml
, uri
);
2693 xml_node_get_text_free(ctx
->xml
, cred_username
);
2694 str_clear_free(cred_password
);
2695 xml_node_free(ctx
->xml
, pps
);
2701 static char * get_hostname(const char *url
)
2703 const char *pos
, *end
, *end2
;
2709 pos
= os_strchr(url
, '/');
2717 end
= os_strchr(pos
, '/');
2718 end2
= os_strchr(pos
, ':');
2719 if ((end
&& end2
&& end2
< end
) || (!end
&& end2
))
2731 ret
= os_malloc(end
- pos
+ 2);
2735 os_memcpy(ret
, pos
, end
- pos
+ 1);
2736 ret
[end
- pos
+ 1] = '\0';
2742 static int osu_cert_cb(void *_ctx
, struct http_cert
*cert
)
2744 struct hs20_osu_client
*ctx
= _ctx
;
2749 wpa_printf(MSG_INFO
, "osu_cert_cb(osu_cert_validation=%d, url=%s)",
2750 !ctx
->no_osu_cert_validation
, ctx
->server_url
);
2752 host
= get_hostname(ctx
->server_url
);
2754 for (i
= 0; i
< ctx
->server_dnsname_count
; i
++)
2755 os_free(ctx
->server_dnsname
[i
]);
2756 os_free(ctx
->server_dnsname
);
2757 ctx
->server_dnsname
= os_calloc(cert
->num_dnsname
, sizeof(char *));
2758 ctx
->server_dnsname_count
= 0;
2761 for (i
= 0; i
< cert
->num_dnsname
; i
++) {
2762 if (ctx
->server_dnsname
) {
2763 ctx
->server_dnsname
[ctx
->server_dnsname_count
] =
2764 os_strdup(cert
->dnsname
[i
]);
2765 if (ctx
->server_dnsname
[ctx
->server_dnsname_count
])
2766 ctx
->server_dnsname_count
++;
2768 if (host
&& os_strcasecmp(host
, cert
->dnsname
[i
]) == 0)
2770 wpa_printf(MSG_INFO
, "dNSName '%s'", cert
->dnsname
[i
]);
2773 if (host
&& !found
) {
2774 wpa_printf(MSG_INFO
, "Server name from URL (%s) did not match any dNSName - abort connection",
2776 write_result(ctx
, "Server name from URL (%s) did not match any dNSName - abort connection",
2784 for (i
= 0; i
< cert
->num_othername
; i
++) {
2785 if (os_strcmp(cert
->othername
[i
].oid
,
2786 "1.3.6.1.4.1.40808.1.1.1") == 0) {
2787 wpa_hexdump_ascii(MSG_INFO
,
2788 "id-wfa-hotspot-friendlyName",
2789 cert
->othername
[i
].data
,
2790 cert
->othername
[i
].len
);
2794 for (j
= 0; !ctx
->no_osu_cert_validation
&&
2795 j
< ctx
->friendly_name_count
; j
++) {
2797 for (i
= 0; i
< cert
->num_othername
; i
++) {
2798 if (os_strcmp(cert
->othername
[i
].oid
,
2799 "1.3.6.1.4.1.40808.1.1.1") != 0)
2801 if (cert
->othername
[i
].len
< 3)
2803 if (os_strncasecmp((char *) cert
->othername
[i
].data
,
2804 ctx
->friendly_name
[j
].lang
, 3) != 0)
2806 if (os_strncmp((char *) cert
->othername
[i
].data
+ 3,
2807 ctx
->friendly_name
[j
].text
,
2808 cert
->othername
[i
].len
- 3) == 0) {
2815 wpa_printf(MSG_INFO
, "No friendly name match found for '[%s]%s'",
2816 ctx
->friendly_name
[j
].lang
,
2817 ctx
->friendly_name
[j
].text
);
2818 write_result(ctx
, "No friendly name match found for '[%s]%s'",
2819 ctx
->friendly_name
[j
].lang
,
2820 ctx
->friendly_name
[j
].text
);
2825 for (i
= 0; i
< cert
->num_logo
; i
++) {
2826 struct http_logo
*logo
= &cert
->logo
[i
];
2828 wpa_printf(MSG_INFO
, "logo hash alg %s uri '%s'",
2829 logo
->alg_oid
, logo
->uri
);
2830 wpa_hexdump_ascii(MSG_INFO
, "hashValue",
2831 logo
->hash
, logo
->hash_len
);
2834 for (j
= 0; !ctx
->no_osu_cert_validation
&& j
< ctx
->icon_count
; j
++) {
2836 char *name
= ctx
->icon_filename
[j
];
2837 size_t name_len
= os_strlen(name
);
2839 wpa_printf(MSG_INFO
,
2840 "[%i] Looking for icon file name '%s' match",
2842 for (i
= 0; i
< cert
->num_logo
; i
++) {
2843 struct http_logo
*logo
= &cert
->logo
[i
];
2844 size_t uri_len
= os_strlen(logo
->uri
);
2847 wpa_printf(MSG_INFO
,
2848 "[%i] Comparing to '%s' uri_len=%d name_len=%d",
2849 i
, logo
->uri
, (int) uri_len
, (int) name_len
);
2850 if (uri_len
< 1 + name_len
) {
2851 wpa_printf(MSG_INFO
, "URI Length is too short");
2854 pos
= &logo
->uri
[uri_len
- name_len
- 1];
2858 if (os_strcmp(pos
, name
) == 0) {
2865 wpa_printf(MSG_INFO
, "No icon filename match found for '%s'",
2868 "No icon filename match found for '%s'",
2874 for (j
= 0; !ctx
->no_osu_cert_validation
&& j
< ctx
->icon_count
; j
++) {
2877 for (i
= 0; i
< cert
->num_logo
; i
++) {
2878 struct http_logo
*logo
= &cert
->logo
[i
];
2880 if (logo
->hash_len
!= 32) {
2881 wpa_printf(MSG_INFO
,
2882 "[%i][%i] Icon hash length invalid (should be 32): %d",
2883 j
, i
, (int) logo
->hash_len
);
2886 if (os_memcmp(logo
->hash
, ctx
->icon_hash
[j
], 32) == 0) {
2891 wpa_printf(MSG_DEBUG
,
2892 "[%u][%u] Icon hash did not match", j
, i
);
2893 wpa_hexdump_ascii(MSG_DEBUG
, "logo->hash",
2895 wpa_hexdump_ascii(MSG_DEBUG
, "ctx->icon_hash[j]",
2896 ctx
->icon_hash
[j
], 32);
2900 wpa_printf(MSG_INFO
,
2901 "No icon hash match (by hash) found");
2903 "No icon hash match (by hash) found");
2912 static int init_ctx(struct hs20_osu_client
*ctx
)
2914 xml_node_t
*devinfo
, *devid
;
2916 os_memset(ctx
, 0, sizeof(*ctx
));
2917 ctx
->ifname
= "wlan0";
2918 ctx
->xml
= xml_node_init_ctx(ctx
, NULL
);
2919 if (ctx
->xml
== NULL
)
2922 devinfo
= node_from_file(ctx
->xml
, "devinfo.xml");
2924 wpa_printf(MSG_ERROR
, "devinfo.xml not found");
2928 devid
= get_node(ctx
->xml
, devinfo
, "DevId");
2930 char *tmp
= xml_node_get_text(ctx
->xml
, devid
);
2932 ctx
->devid
= os_strdup(tmp
);
2933 xml_node_get_text_free(ctx
->xml
, tmp
);
2936 xml_node_free(ctx
->xml
, devinfo
);
2938 if (ctx
->devid
== NULL
) {
2939 wpa_printf(MSG_ERROR
, "Could not fetch DevId from devinfo.xml");
2943 ctx
->http
= http_init_ctx(ctx
, ctx
->xml
);
2944 if (ctx
->http
== NULL
) {
2945 xml_node_deinit_ctx(ctx
->xml
);
2948 http_ocsp_set(ctx
->http
, 2);
2949 http_set_cert_cb(ctx
->http
, osu_cert_cb
, ctx
);
2955 static void deinit_ctx(struct hs20_osu_client
*ctx
)
2959 http_deinit_ctx(ctx
->http
);
2960 xml_node_deinit_ctx(ctx
->xml
);
2962 os_free(ctx
->server_url
);
2963 os_free(ctx
->devid
);
2965 for (i
= 0; i
< ctx
->server_dnsname_count
; i
++)
2966 os_free(ctx
->server_dnsname
[i
]);
2967 os_free(ctx
->server_dnsname
);
2971 static void check_workarounds(struct hs20_osu_client
*ctx
)
2975 unsigned long int val
= 0;
2977 f
= fopen("hs20-osu-client.workarounds", "r");
2981 if (fgets(buf
, sizeof(buf
), f
))
2982 val
= strtoul(buf
, NULL
, 16);
2987 wpa_printf(MSG_INFO
, "Workarounds enabled: 0x%lx", val
);
2988 ctx
->workarounds
= val
;
2989 if (ctx
->workarounds
& WORKAROUND_OCSP_OPTIONAL
)
2990 http_ocsp_set(ctx
->http
, 1);
2995 static void usage(void)
2997 printf("usage: hs20-osu-client [-dddqqKt] [-S<station ifname>] \\\n"
2998 " [-w<wpa_supplicant ctrl_iface dir>] "
2999 "[-r<result file>] [-f<debug file>] \\\n"
3000 " [-s<summary file>] \\\n"
3001 " [-x<spp.xsd file name>] \\\n"
3002 " <command> [arguments..]\n"
3004 "- to_tnds <XML MO> <XML MO in TNDS format> [URN]\n"
3005 "- to_tnds2 <XML MO> <XML MO in TNDS format (Path) "
3007 "- from_tnds <XML MO in TNDS format> <XML MO>\n"
3008 "- set_pps <PerProviderSubscription XML file name>\n"
3009 "- get_fqdn <PerProviderSubscription XML file name>\n"
3010 "- pol_upd [Server URL] [PPS] [CA cert]\n"
3011 "- sub_rem <Server URL> [PPS] [CA cert]\n"
3012 "- prov <Server URL> [CA cert]\n"
3013 "- oma_dm_prov <Server URL> [CA cert]\n"
3014 "- sim_prov <Server URL> [CA cert]\n"
3015 "- oma_dm_sim_prov <Server URL> [CA cert]\n"
3016 "- signup [CA cert]\n"
3017 "- dl_osu_ca <PPS> <CA file>\n"
3018 "- dl_polupd_ca <PPS> <CA file>\n"
3019 "- dl_aaa_ca <PPS> <CA file>\n"
3021 "- parse_cert <X.509 certificate (DER)>\n"
3022 "- osu_select <OSU info directory> [CA cert]\n");
3026 int main(int argc
, char *argv
[])
3028 struct hs20_osu_client ctx
;
3031 int no_prod_assoc
= 0;
3032 const char *friendly_name
= NULL
;
3033 const char *wpa_debug_file_path
= NULL
;
3034 extern char *wpas_ctrl_path
;
3035 extern int wpa_debug_level
;
3036 extern int wpa_debug_show_keys
;
3037 extern int wpa_debug_timestamp
;
3039 if (init_ctx(&ctx
) < 0)
3043 c
= getopt(argc
, argv
, "df:hKNO:qr:s:S:tw:x:");
3048 if (wpa_debug_level
> 0)
3052 wpa_debug_file_path
= optarg
;
3055 wpa_debug_show_keys
++;
3061 friendly_name
= optarg
;
3067 ctx
.result_file
= optarg
;
3070 ctx
.summary_file
= optarg
;
3073 ctx
.ifname
= optarg
;
3076 wpa_debug_timestamp
++;
3079 wpas_ctrl_path
= optarg
;
3082 spp_xsd_fname
= optarg
;
3092 if (argc
- optind
< 1) {
3097 wpa_debug_open_file(wpa_debug_file_path
);
3101 #endif /* __linux__ */
3103 if (ctx
.result_file
)
3104 unlink(ctx
.result_file
);
3105 wpa_printf(MSG_DEBUG
, "===[hs20-osu-client START - command: %s ]======"
3106 "================", argv
[optind
]);
3107 check_workarounds(&ctx
);
3109 if (strcmp(argv
[optind
], "to_tnds") == 0) {
3110 if (argc
- optind
< 2) {
3114 cmd_to_tnds(&ctx
, argv
[optind
+ 1], argv
[optind
+ 2],
3115 argc
> optind
+ 3 ? argv
[optind
+ 3] : NULL
,
3117 } else if (strcmp(argv
[optind
], "to_tnds2") == 0) {
3118 if (argc
- optind
< 2) {
3122 cmd_to_tnds(&ctx
, argv
[optind
+ 1], argv
[optind
+ 2],
3123 argc
> optind
+ 3 ? argv
[optind
+ 3] : NULL
,
3125 } else if (strcmp(argv
[optind
], "from_tnds") == 0) {
3126 if (argc
- optind
< 2) {
3130 cmd_from_tnds(&ctx
, argv
[optind
+ 1], argv
[optind
+ 2]);
3131 } else if (strcmp(argv
[optind
], "sub_rem") == 0) {
3132 if (argc
- optind
< 2) {
3136 ret
= cmd_sub_rem(&ctx
, argv
[optind
+ 1],
3137 argc
> optind
+ 2 ? argv
[optind
+ 2] : NULL
,
3138 argc
> optind
+ 3 ? argv
[optind
+ 3] : NULL
);
3139 } else if (strcmp(argv
[optind
], "pol_upd") == 0) {
3140 if (argc
- optind
< 2) {
3144 ret
= cmd_pol_upd(&ctx
, argc
> 2 ? argv
[optind
+ 1] : NULL
,
3145 argc
> optind
+ 2 ? argv
[optind
+ 2] : NULL
,
3146 argc
> optind
+ 3 ? argv
[optind
+ 3] : NULL
);
3147 } else if (strcmp(argv
[optind
], "prov") == 0) {
3148 if (argc
- optind
< 2) {
3152 ctx
.ca_fname
= argv
[optind
+ 2];
3153 wpa_printf(MSG_DEBUG
, "Calling cmd_prov from main");
3154 cmd_prov(&ctx
, argv
[optind
+ 1]);
3155 } else if (strcmp(argv
[optind
], "sim_prov") == 0) {
3156 if (argc
- optind
< 2) {
3160 ctx
.ca_fname
= argv
[optind
+ 2];
3161 cmd_sim_prov(&ctx
, argv
[optind
+ 1]);
3162 } else if (strcmp(argv
[optind
], "dl_osu_ca") == 0) {
3163 if (argc
- optind
< 2) {
3167 cmd_dl_osu_ca(&ctx
, argv
[optind
+ 1], argv
[optind
+ 2]);
3168 } else if (strcmp(argv
[optind
], "dl_polupd_ca") == 0) {
3169 if (argc
- optind
< 2) {
3173 cmd_dl_polupd_ca(&ctx
, argv
[optind
+ 1], argv
[optind
+ 2]);
3174 } else if (strcmp(argv
[optind
], "dl_aaa_ca") == 0) {
3175 if (argc
- optind
< 2) {
3179 cmd_dl_aaa_ca(&ctx
, argv
[optind
+ 1], argv
[optind
+ 2]);
3180 } else if (strcmp(argv
[optind
], "osu_select") == 0) {
3181 if (argc
- optind
< 2) {
3185 ctx
.ca_fname
= argc
> optind
+ 2 ? argv
[optind
+ 2] : NULL
;
3186 cmd_osu_select(&ctx
, argv
[optind
+ 1], 2, 1, NULL
);
3187 } else if (strcmp(argv
[optind
], "signup") == 0) {
3188 ctx
.ca_fname
= argc
> optind
+ 1 ? argv
[optind
+ 1] : NULL
;
3189 ret
= cmd_signup(&ctx
, no_prod_assoc
, friendly_name
);
3190 } else if (strcmp(argv
[optind
], "set_pps") == 0) {
3191 if (argc
- optind
< 2) {
3195 cmd_set_pps(&ctx
, argv
[optind
+ 1]);
3196 } else if (strcmp(argv
[optind
], "get_fqdn") == 0) {
3197 if (argc
- optind
< 1) {
3201 ret
= cmd_get_fqdn(&ctx
, argv
[optind
+ 1]);
3202 } else if (strcmp(argv
[optind
], "oma_dm_prov") == 0) {
3203 if (argc
- optind
< 2) {
3207 ctx
.ca_fname
= argv
[optind
+ 2];
3208 cmd_oma_dm_prov(&ctx
, argv
[optind
+ 1]);
3209 } else if (strcmp(argv
[optind
], "oma_dm_sim_prov") == 0) {
3210 if (argc
- optind
< 2) {
3214 ctx
.ca_fname
= argv
[optind
+ 2];
3215 if (cmd_oma_dm_sim_prov(&ctx
, argv
[optind
+ 1]) < 0) {
3216 write_summary(&ctx
, "Failed to complete OMA DM SIM provisioning");
3219 } else if (strcmp(argv
[optind
], "oma_dm_add") == 0) {
3220 if (argc
- optind
< 2) {
3224 cmd_oma_dm_add(&ctx
, argv
[optind
+ 1], argv
[optind
+ 2]);
3225 } else if (strcmp(argv
[optind
], "oma_dm_replace") == 0) {
3226 if (argc
- optind
< 2) {
3230 cmd_oma_dm_replace(&ctx
, argv
[optind
+ 1], argv
[optind
+ 2]);
3231 } else if (strcmp(argv
[optind
], "est_csr") == 0) {
3232 if (argc
- optind
< 2) {
3236 mkdir("Cert", S_IRWXU
);
3237 est_build_csr(&ctx
, argv
[optind
+ 1]);
3238 } else if (strcmp(argv
[optind
], "browser") == 0) {
3241 if (argc
- optind
< 2) {
3246 wpa_printf(MSG_INFO
, "Launch web browser to URL %s",
3248 ret
= hs20_web_browser(argv
[optind
+ 1]);
3249 wpa_printf(MSG_INFO
, "Web browser result: %d", ret
);
3250 } else if (strcmp(argv
[optind
], "parse_cert") == 0) {
3251 if (argc
- optind
< 2) {
3256 wpa_debug_level
= MSG_MSGDUMP
;
3257 http_parse_x509_certificate(ctx
.http
, argv
[optind
+ 1]);
3258 wpa_debug_level
= MSG_INFO
;
3260 wpa_printf(MSG_INFO
, "Unknown command '%s'", argv
[optind
]);
3264 wpa_printf(MSG_DEBUG
,
3265 "===[hs20-osu-client END ]======================");
3267 wpa_debug_close_file();