Merge "Add ability to bypass EAP-AKA authentication."

author: Kiwon Park <kiwonp@google.com> 2022-09-27 19:18:21 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2022-09-27 19:18:21 +0000
commit: 5280960f45b89efc7f9a3d393fd7d01feeddc334 (patch)
tree: c45100d64e8105e561adfd147745fac26d493777
parent: 52f97711944e5b1dc585edf5b83607972547d973 (diff)
parent: 7669e8980ebeb135e366bf18cee0685236a97cad (diff)
download: service_entitlement-5280960f45b89efc7f9a3d393fd7d01feeddc334.tar.gz
3 files changed, 77 insertions, 8 deletions
diff --git a/java/com/android/libraries/entitlement/ServiceEntitlement.java b/java/com/android/libraries/entitlement/ServiceEntitlement.java
index 5e38640..73a9c47 100644
--- a/java/com/android/libraries/entitlement/ServiceEntitlement.java
+++ b/java/com/android/libraries/entitlement/ServiceEntitlement.java
@@ -74,7 +74,7 @@ public class ServiceEntitlement {
      */
     public ServiceEntitlement(Context context, CarrierConfig carrierConfig, int simSubscriptionId) {
         this.carrierConfig = carrierConfig;
-        this.eapAkaApi = new EapAkaApi(context, simSubscriptionId, false);
+        this.eapAkaApi = new EapAkaApi(context, simSubscriptionId, false, "");
     }
 
     /**
@@ -88,14 +88,19 @@ public class ServiceEntitlement {
      *     android.telephony.SubscriptionManager} for how to get the subscroption ID.
      * @param saveHttpHistory set to {@code true} to save the history of request and response which
      *     can later be retrieved by {@code getHistory()}. Intended for debugging.
+     * @param bypassEapAkaResponse set to non empty string to bypass EAP-AKA authentication.
+     *     The client will accept any challenge from the server and return this string as a
+     *     response. Must not be {@code null}. Intended for testing.
      */
     public ServiceEntitlement(
             Context context,
             CarrierConfig carrierConfig,
             int simSubscriptionId,
-            boolean saveHttpHistory) {
+            boolean saveHttpHistory,
+            String bypassEapAkaResponse) {
         this.carrierConfig = carrierConfig;
-        this.eapAkaApi = new EapAkaApi(context, simSubscriptionId, saveHttpHistory);
+        this.eapAkaApi =
+                new EapAkaApi(context, simSubscriptionId, saveHttpHistory, bypassEapAkaResponse);
     }
 
     @VisibleForTesting
diff --git a/java/com/android/libraries/entitlement/eapaka/EapAkaApi.java b/java/com/android/libraries/entitlement/eapaka/EapAkaApi.java
index a0c8c24..c761daa 100644
--- a/java/com/android/libraries/entitlement/eapaka/EapAkaApi.java
+++ b/java/com/android/libraries/entitlement/eapaka/EapAkaApi.java
@@ -95,16 +95,26 @@ public class EapAkaApi {
     private final Context mContext;
     private final int mSimSubscriptionId;
     private final HttpClient mHttpClient;
-
-    public EapAkaApi(Context context, int simSubscriptionId, boolean saveHistory) {
-        this(context, simSubscriptionId, new HttpClient(saveHistory));
+    private final String mBypassEapAkaResponse;
+
+    public EapAkaApi(
+            Context context,
+            int simSubscriptionId,
+            boolean saveHistory,
+            String bypassEapAkaResponse) {
+        this(context, simSubscriptionId, new HttpClient(saveHistory), bypassEapAkaResponse);
     }
 
     @VisibleForTesting
-    EapAkaApi(Context context, int simSubscriptionId, HttpClient httpClient) {
+    EapAkaApi(
+            Context context,
+            int simSubscriptionId,
+            HttpClient httpClient,
+            String bypassEapAkaResponse) {
         this.mContext = context;
         this.mSimSubscriptionId = simSubscriptionId;
         this.mHttpClient = httpClient;
+        this.mBypassEapAkaResponse = bypassEapAkaResponse;
     }
 
     /**
@@ -174,6 +184,13 @@ public class EapAkaApi {
             throw new ServiceEntitlementException(
                     ERROR_MALFORMED_HTTP_RESPONSE, "Failed to parse json object", jsonException);
         }
+        if (!mBypassEapAkaResponse.isEmpty()) {
+            return challengeResponse(
+                            mBypassEapAkaResponse,
+                            carrierConfig,
+                            response.cookies(),
+                            contentType);
+        }
         EapAkaChallenge challenge = EapAkaChallenge.parseEapAkaChallenge(eapAkaChallenge);
         EapAkaResponse eapAkaResponse =
                 EapAkaResponse.respondToEapAkaChallenge(mContext, mSimSubscriptionId, challenge);
diff --git a/tests/src/com/android/libraries/entitlement/eapaka/EapAkaApiTest.java b/tests/src/com/android/libraries/entitlement/eapaka/EapAkaApiTest.java
index b837695..8e331f3 100644
--- a/tests/src/com/android/libraries/entitlement/eapaka/EapAkaApiTest.java
+++ b/tests/src/com/android/libraries/entitlement/eapaka/EapAkaApiTest.java
@@ -24,6 +24,7 @@ import static com.android.libraries.entitlement.eapaka.EapAkaResponseTest.EAP_AK
 import static com.google.common.truth.Truth.assertThat;
 
 import static org.mockito.Mockito.any;
+import static org.mockito.Mockito.anyInt;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
@@ -94,6 +95,7 @@ public class EapAkaApiTest {
     private static final int SUB_ID = 1;
     private static final String ACCEPT_CONTENT_TYPE_JSON_AND_XML =
             "application/vnd.gsma.eap-relay.v1.0+json, text/vnd.wap.connectivity-xml";
+    private static final String BYPASS_EAP_AKA_RESPONSE = "abc";
 
     @Rule public final MockitoRule rule = MockitoJUnit.rule();
 
@@ -105,11 +107,14 @@ public class EapAkaApiTest {
 
     private Context mContext;
     private EapAkaApi mEapAkaApi;
+    private EapAkaApi mEapAkaApiBypassAuthentication;
 
     @Before
     public void setUp() {
         mContext = spy(ApplicationProvider.getApplicationContext());
-        mEapAkaApi = new EapAkaApi(mContext, SUB_ID, mMockHttpClient);
+        mEapAkaApi = new EapAkaApi(mContext, SUB_ID, mMockHttpClient, "");
+        mEapAkaApiBypassAuthentication =
+                new EapAkaApi(mContext, SUB_ID, mMockHttpClient, BYPASS_EAP_AKA_RESPONSE);
         when(mContext.getSystemService(TelephonyManager.class))
                 .thenReturn(mMockTelephonyManager);
         when(mMockTelephonyManager.createForSubscriptionId(SUB_ID))
@@ -261,6 +266,48 @@ public class EapAkaApiTest {
     }
 
     @Test
+    public void queryEntitlementStatus_hasNoAuthenticationToken_bypassAuthentication()
+            throws Exception {
+        HttpResponse eapChallengeResponse =
+                HttpResponse
+                        .builder().setContentType(ContentType.JSON).setBody(EAP_AKA_CHALLENGE)
+                        .setCookies(ImmutableList.of(COOKIE_VALUE, COOKIE_VALUE_1)).build();
+        HttpResponse xmlResponse =
+                HttpResponse.builder().setContentType(ContentType.XML).setBody(RESPONSE_XML)
+                        .build();
+        when(mMockHttpClient.request(any()))
+                .thenReturn(eapChallengeResponse).thenReturn(xmlResponse);
+        CarrierConfig carrierConfig = CarrierConfig.builder().setServerUrl(TEST_URL).build();
+        ServiceEntitlementRequest request = ServiceEntitlementRequest.builder().build();
+
+        String respopnse =
+                mEapAkaApiBypassAuthentication.queryEntitlementStatus(
+                        ImmutableList.of(ServiceEntitlement.APP_VOWIFI), carrierConfig, request);
+
+        assertThat(respopnse).isEqualTo(RESPONSE_XML);
+        // Verify that the 2nd request has cookies set by the 1st response
+        verify(mMockHttpClient, times(2)).request(mHttpRequestCaptor.capture());
+        assertThat(mHttpRequestCaptor.getAllValues().get(1).requestProperties())
+                .containsAtLeast(HTTP_HEADER_COOKIE, COOKIE_VALUE,
+                                 HTTP_HEADER_COOKIE, COOKIE_VALUE_1);
+        assertThat(mHttpRequestCaptor.getAllValues().get(0).timeoutInSec())
+                .isEqualTo(CarrierConfig.DEFAULT_TIMEOUT_IN_SEC);
+        assertThat(mHttpRequestCaptor.getAllValues().get(0).network()).isNull();
+        assertThat(mHttpRequestCaptor.getAllValues().get(1).timeoutInSec())
+                .isEqualTo(CarrierConfig.DEFAULT_TIMEOUT_IN_SEC);
+        assertThat(mHttpRequestCaptor.getAllValues().get(1).network()).isNull();
+        verify(mMockTelephonyManagerForSubId, times(0))
+                .getIccAuthentication(anyInt(), anyInt(), any());
+        assertThat(
+                        mHttpRequestCaptor
+                                .getAllValues()
+                                .get(1)
+                                .postData()
+                                .get(EapAkaApi.EAP_CHALLENGE_RESPONSE))
+                .isEqualTo(BYPASS_EAP_AKA_RESPONSE);
+    }
+
+    @Test
     public void queryEntitlementStatus_acceptContentTypeSpecified_verfityAcceptContentType()
             throws Exception {
         HttpResponse response = HttpResponse.builder().setBody(RESPONSE_XML).build();
author	Kiwon Park <kiwonp@google.com>	2022-09-27 19:18:21 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2022-09-27 19:18:21 +0000
commit	5280960f45b89efc7f9a3d393fd7d01feeddc334 (patch)
tree	c45100d64e8105e561adfd147745fac26d493777
parent	52f97711944e5b1dc585edf5b83607972547d973 (diff)
parent	7669e8980ebeb135e366bf18cee0685236a97cad (diff)
download	service_entitlement-5280960f45b89efc7f9a3d393fd7d01feeddc334.tar.gz