diff options
author | Kiwon Park <kiwonp@google.com> | 2022-09-27 19:18:21 +0000 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2022-09-27 19:18:21 +0000 |
commit | 5280960f45b89efc7f9a3d393fd7d01feeddc334 (patch) | |
tree | c45100d64e8105e561adfd147745fac26d493777 | |
parent | 52f97711944e5b1dc585edf5b83607972547d973 (diff) | |
parent | 7669e8980ebeb135e366bf18cee0685236a97cad (diff) | |
download | service_entitlement-5280960f45b89efc7f9a3d393fd7d01feeddc334.tar.gz |
Merge "Add ability to bypass EAP-AKA authentication."
3 files changed, 77 insertions, 8 deletions
diff --git a/java/com/android/libraries/entitlement/ServiceEntitlement.java b/java/com/android/libraries/entitlement/ServiceEntitlement.java index 5e38640..73a9c47 100644 --- a/java/com/android/libraries/entitlement/ServiceEntitlement.java +++ b/java/com/android/libraries/entitlement/ServiceEntitlement.java @@ -74,7 +74,7 @@ public class ServiceEntitlement { */ public ServiceEntitlement(Context context, CarrierConfig carrierConfig, int simSubscriptionId) { this.carrierConfig = carrierConfig; - this.eapAkaApi = new EapAkaApi(context, simSubscriptionId, false); + this.eapAkaApi = new EapAkaApi(context, simSubscriptionId, false, ""); } /** @@ -88,14 +88,19 @@ public class ServiceEntitlement { * android.telephony.SubscriptionManager} for how to get the subscroption ID. * @param saveHttpHistory set to {@code true} to save the history of request and response which * can later be retrieved by {@code getHistory()}. Intended for debugging. + * @param bypassEapAkaResponse set to non empty string to bypass EAP-AKA authentication. + * The client will accept any challenge from the server and return this string as a + * response. Must not be {@code null}. Intended for testing. */ public ServiceEntitlement( Context context, CarrierConfig carrierConfig, int simSubscriptionId, - boolean saveHttpHistory) { + boolean saveHttpHistory, + String bypassEapAkaResponse) { this.carrierConfig = carrierConfig; - this.eapAkaApi = new EapAkaApi(context, simSubscriptionId, saveHttpHistory); + this.eapAkaApi = + new EapAkaApi(context, simSubscriptionId, saveHttpHistory, bypassEapAkaResponse); } @VisibleForTesting diff --git a/java/com/android/libraries/entitlement/eapaka/EapAkaApi.java b/java/com/android/libraries/entitlement/eapaka/EapAkaApi.java index a0c8c24..c761daa 100644 --- a/java/com/android/libraries/entitlement/eapaka/EapAkaApi.java +++ b/java/com/android/libraries/entitlement/eapaka/EapAkaApi.java @@ -95,16 +95,26 @@ public class EapAkaApi { private final Context mContext; private final int mSimSubscriptionId; private final HttpClient mHttpClient; - - public EapAkaApi(Context context, int simSubscriptionId, boolean saveHistory) { - this(context, simSubscriptionId, new HttpClient(saveHistory)); + private final String mBypassEapAkaResponse; + + public EapAkaApi( + Context context, + int simSubscriptionId, + boolean saveHistory, + String bypassEapAkaResponse) { + this(context, simSubscriptionId, new HttpClient(saveHistory), bypassEapAkaResponse); } @VisibleForTesting - EapAkaApi(Context context, int simSubscriptionId, HttpClient httpClient) { + EapAkaApi( + Context context, + int simSubscriptionId, + HttpClient httpClient, + String bypassEapAkaResponse) { this.mContext = context; this.mSimSubscriptionId = simSubscriptionId; this.mHttpClient = httpClient; + this.mBypassEapAkaResponse = bypassEapAkaResponse; } /** @@ -174,6 +184,13 @@ public class EapAkaApi { throw new ServiceEntitlementException( ERROR_MALFORMED_HTTP_RESPONSE, "Failed to parse json object", jsonException); } + if (!mBypassEapAkaResponse.isEmpty()) { + return challengeResponse( + mBypassEapAkaResponse, + carrierConfig, + response.cookies(), + contentType); + } EapAkaChallenge challenge = EapAkaChallenge.parseEapAkaChallenge(eapAkaChallenge); EapAkaResponse eapAkaResponse = EapAkaResponse.respondToEapAkaChallenge(mContext, mSimSubscriptionId, challenge); diff --git a/tests/src/com/android/libraries/entitlement/eapaka/EapAkaApiTest.java b/tests/src/com/android/libraries/entitlement/eapaka/EapAkaApiTest.java index b837695..8e331f3 100644 --- a/tests/src/com/android/libraries/entitlement/eapaka/EapAkaApiTest.java +++ b/tests/src/com/android/libraries/entitlement/eapaka/EapAkaApiTest.java @@ -24,6 +24,7 @@ import static com.android.libraries.entitlement.eapaka.EapAkaResponseTest.EAP_AK import static com.google.common.truth.Truth.assertThat; import static org.mockito.Mockito.any; +import static org.mockito.Mockito.anyInt; import static org.mockito.Mockito.spy; import static org.mockito.Mockito.times; import static org.mockito.Mockito.verify; @@ -94,6 +95,7 @@ public class EapAkaApiTest { private static final int SUB_ID = 1; private static final String ACCEPT_CONTENT_TYPE_JSON_AND_XML = "application/vnd.gsma.eap-relay.v1.0+json, text/vnd.wap.connectivity-xml"; + private static final String BYPASS_EAP_AKA_RESPONSE = "abc"; @Rule public final MockitoRule rule = MockitoJUnit.rule(); @@ -105,11 +107,14 @@ public class EapAkaApiTest { private Context mContext; private EapAkaApi mEapAkaApi; + private EapAkaApi mEapAkaApiBypassAuthentication; @Before public void setUp() { mContext = spy(ApplicationProvider.getApplicationContext()); - mEapAkaApi = new EapAkaApi(mContext, SUB_ID, mMockHttpClient); + mEapAkaApi = new EapAkaApi(mContext, SUB_ID, mMockHttpClient, ""); + mEapAkaApiBypassAuthentication = + new EapAkaApi(mContext, SUB_ID, mMockHttpClient, BYPASS_EAP_AKA_RESPONSE); when(mContext.getSystemService(TelephonyManager.class)) .thenReturn(mMockTelephonyManager); when(mMockTelephonyManager.createForSubscriptionId(SUB_ID)) @@ -261,6 +266,48 @@ public class EapAkaApiTest { } @Test + public void queryEntitlementStatus_hasNoAuthenticationToken_bypassAuthentication() + throws Exception { + HttpResponse eapChallengeResponse = + HttpResponse + .builder().setContentType(ContentType.JSON).setBody(EAP_AKA_CHALLENGE) + .setCookies(ImmutableList.of(COOKIE_VALUE, COOKIE_VALUE_1)).build(); + HttpResponse xmlResponse = + HttpResponse.builder().setContentType(ContentType.XML).setBody(RESPONSE_XML) + .build(); + when(mMockHttpClient.request(any())) + .thenReturn(eapChallengeResponse).thenReturn(xmlResponse); + CarrierConfig carrierConfig = CarrierConfig.builder().setServerUrl(TEST_URL).build(); + ServiceEntitlementRequest request = ServiceEntitlementRequest.builder().build(); + + String respopnse = + mEapAkaApiBypassAuthentication.queryEntitlementStatus( + ImmutableList.of(ServiceEntitlement.APP_VOWIFI), carrierConfig, request); + + assertThat(respopnse).isEqualTo(RESPONSE_XML); + // Verify that the 2nd request has cookies set by the 1st response + verify(mMockHttpClient, times(2)).request(mHttpRequestCaptor.capture()); + assertThat(mHttpRequestCaptor.getAllValues().get(1).requestProperties()) + .containsAtLeast(HTTP_HEADER_COOKIE, COOKIE_VALUE, + HTTP_HEADER_COOKIE, COOKIE_VALUE_1); + assertThat(mHttpRequestCaptor.getAllValues().get(0).timeoutInSec()) + .isEqualTo(CarrierConfig.DEFAULT_TIMEOUT_IN_SEC); + assertThat(mHttpRequestCaptor.getAllValues().get(0).network()).isNull(); + assertThat(mHttpRequestCaptor.getAllValues().get(1).timeoutInSec()) + .isEqualTo(CarrierConfig.DEFAULT_TIMEOUT_IN_SEC); + assertThat(mHttpRequestCaptor.getAllValues().get(1).network()).isNull(); + verify(mMockTelephonyManagerForSubId, times(0)) + .getIccAuthentication(anyInt(), anyInt(), any()); + assertThat( + mHttpRequestCaptor + .getAllValues() + .get(1) + .postData() + .get(EapAkaApi.EAP_CHALLENGE_RESPONSE)) + .isEqualTo(BYPASS_EAP_AKA_RESPONSE); + } + + @Test public void queryEntitlementStatus_acceptContentTypeSpecified_verfityAcceptContentType() throws Exception { HttpResponse response = HttpResponse.builder().setBody(RESPONSE_XML).build(); |