Expose EapAkaHelper

Some utility methods used in EAP-AKA authentication as an implementation
details could be helpful to other apps. Expose them in new class to
avoid directly exposing implementation details.

Bug: 178431041
Test: atest
Change-Id: I3227276cd3f02a167ee278d042febf7438186b95

3 files changed, 87 insertions, 2 deletions

diff --git a/java/com/android/libraries/entitlement/EapAkaHelper.java b/java/com/android/libraries/entitlement/EapAkaHelper.java
new file mode 100644
index 0000000..86e3149
--- /dev/null
+++ b/java/com/android/libraries/entitlement/EapAkaHelper.java
@@ -0,0 +1,85 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.libraries.entitlement;
+
+import android.content.Context;
+import android.telephony.TelephonyManager;
+
+import androidx.annotation.Nullable;
+
+import com.android.libraries.entitlement.eapaka.EapAkaApi;
+import com.android.libraries.entitlement.eapaka.EapAkaResponse;
+
+/**
+ * Some utility methods used in EAP-AKA authentication in service entitlement, and could be
+ * helpful to other apps.
+ */
+public class EapAkaHelper {
+    private final Context mContext;
+    private final int mSimSubscriptionId;
+
+    EapAkaHelper(Context context, int simSubscriptionId) {
+        mContext = context;
+        mSimSubscriptionId = simSubscriptionId;
+    }
+
+    /**
+     * Factory method.
+     *
+     * @param context           context of application
+     * @param simSubscriptionId the subscroption ID of the carrier's SIM on device. This indicates
+     *                          which SIM to retrieve IMEI/IMSI from and perform EAP-AKA
+     *                          authentication with. See
+     *                          {@link android.telephony.SubscriptionManager}
+     *                          for how to get the subscroption ID.
+     */
+    public static EapAkaHelper getInstance(Context context, int simSubscriptionId) {
+        return new EapAkaHelper(context, simSubscriptionId);
+    }
+
+    /**
+     * Returns the root NAI for EAP-AKA authentication as per 3GPP TS 23.003 19.3.2, or
+     * {@code null} if failed. The result will be in the form:
+     *
+     * <p>{@code 0<IMSI>@nai.epc.mnc<MNC>.mcc<MCC>.3gppnetwork.org}
+     */
+    @Nullable
+    public String getEapAkaRootNai() {
+        TelephonyManager telephonyManager =
+                mContext.getSystemService(TelephonyManager.class)
+                        .createForSubscriptionId(mSimSubscriptionId);
+        return EapAkaApi.getImsiEap(
+                telephonyManager.getSimOperator(), telephonyManager.getSubscriberId());
+    }
+
+    /**
+     * Returns the EAP-AKA challenge response to the given EAP-AKA {@code challenge}, or
+     * {@code null} if failed.
+     *
+     * <p>Both the challange and response are base-64 encoded EAP-AKA message: refer to
+     * RFC 4187 Section 8.1 Message Format/RFC 3748 Session 4 EAP Packet Format.
+     */
+    @Nullable
+    public String getEapAkaChallengeResponse(String challenge) {
+        try {
+            return new EapAkaResponse(challenge)
+                    .getEapAkaChallengeResponse(mContext, mSimSubscriptionId);
+        } catch (ServiceEntitlementException e) {
+            return null;
+        }
+    }
+}
diff --git a/java/com/android/libraries/entitlement/eapaka/EapAkaApi.java b/java/com/android/libraries/entitlement/eapaka/EapAkaApi.java
index 4ad0332..42cdfd3 100644
--- a/java/com/android/libraries/entitlement/eapaka/EapAkaApi.java
+++ b/java/com/android/libraries/entitlement/eapaka/EapAkaApi.java
@@ -253,7 +253,7 @@ public class EapAkaApi {
      * <p>{@code 0<IMSI>@nai.epc.mnc<MNC>.mcc<MCC>.3gppnetwork.org}
      */
     @Nullable
-    static String getImsiEap(@Nullable String mccmnc, @Nullable String imsi) {
+    public static String getImsiEap(@Nullable String mccmnc, @Nullable String imsi) {
         if (mccmnc == null || mccmnc.length() < 5 || imsi == null) {
             return null;
         }
diff --git a/java/com/android/libraries/entitlement/eapaka/EapAkaResponse.java b/java/com/android/libraries/entitlement/eapaka/EapAkaResponse.java
index 617c181..81b8046 100644
--- a/java/com/android/libraries/entitlement/eapaka/EapAkaResponse.java
+++ b/java/com/android/libraries/entitlement/eapaka/EapAkaResponse.java
@@ -40,7 +40,7 @@ import javax.crypto.spec.SecretKeySpec;
  * Generate the response of EAP-AKA token challenge. Refer to RFC 4187 Section 8.1 Message
  * Format/RFC 3748 Session 4 EAP Packet Format.
  */
-class EapAkaResponse {
+public class EapAkaResponse {
     private static final String TAG = "ServiceEntitlement";
 
     private static final int EAP_AKA_HEADER_LENGTH = 8;