diff options
Diffstat (limited to 'src/java/android')
5 files changed, 170 insertions, 58 deletions
diff --git a/src/java/android/net/eap/EapSessionConfig.java b/src/java/android/net/eap/EapSessionConfig.java index 48e9c532..c4bf97e4 100644 --- a/src/java/android/net/eap/EapSessionConfig.java +++ b/src/java/android/net/eap/EapSessionConfig.java @@ -22,6 +22,7 @@ import static com.android.internal.net.eap.message.EapData.EAP_TYPE_MSCHAP_V2; import static com.android.internal.net.eap.message.EapData.EAP_TYPE_SIM; import android.annotation.NonNull; +import android.annotation.Nullable; import android.annotation.SystemApi; import android.telephony.Annotation.UiccAppType; @@ -58,6 +59,52 @@ public final class EapSessionConfig { this.eapIdentity = eapIdentity; } + /** Retrieves client's EAP Identity */ + @NonNull + public byte[] getEapIdentity() { + return eapIdentity; + } + + /** + * Retrieves configuration for EAP SIM + * + * @return the configuration for EAP SIM, or null if it was not set + */ + @Nullable + public EapSimConfig getEapSimConfig() { + return (EapSimConfig) eapConfigs.get(EAP_TYPE_SIM); + } + + /** + * Retrieves configuration for EAP AKA + * + * @return the configuration for EAP AKA, or null if it was not set + */ + @Nullable + public EapAkaConfig getEapAkaConfig() { + return (EapAkaConfig) eapConfigs.get(EAP_TYPE_AKA); + } + + /** + * Retrieves configuration for EAP AKA' + * + * @return the configuration for EAP AKA', or null if it was not set + */ + @Nullable + public EapAkaPrimeConfig getEapAkaPrimeConfig() { + return (EapAkaPrimeConfig) eapConfigs.get(EAP_TYPE_AKA_PRIME); + } + + /** + * Retrieves configuration for EAP MSCHAPV2 + * + * @return the configuration for EAP MSCHAPV2, or null if it was not set + */ + @Nullable + public EapMsChapV2Config getEapMsChapV2onfig() { + return (EapMsChapV2Config) eapConfigs.get(EAP_TYPE_MSCHAP_V2); + } + /** This class can be used to incrementally construct an {@link EapSessionConfig}. */ public static final class Builder { private final Map<Integer, EapMethodConfig> mEapConfigs; diff --git a/src/java/android/net/ipsec/ike/ChildSessionParams.java b/src/java/android/net/ipsec/ike/ChildSessionParams.java index 5b515fd6..002c66c9 100644 --- a/src/java/android/net/ipsec/ike/ChildSessionParams.java +++ b/src/java/android/net/ipsec/ike/ChildSessionParams.java @@ -68,8 +68,8 @@ public abstract class ChildSessionParams { IkeTrafficSelector.TRAFFIC_SELECTOR_TYPE_IPV6_ADDR_RANGE); } - @NonNull private final IkeTrafficSelector[] mLocalTrafficSelectors; - @NonNull private final IkeTrafficSelector[] mRemoteTrafficSelectors; + @NonNull private final IkeTrafficSelector[] mInboundTrafficSelectors; + @NonNull private final IkeTrafficSelector[] mOutboundTrafficSelectors; @NonNull private final ChildSaProposal[] mSaProposals; private final int mHardLifetimeSec; @@ -79,30 +79,44 @@ public abstract class ChildSessionParams { /** @hide */ protected ChildSessionParams( - IkeTrafficSelector[] localTs, - IkeTrafficSelector[] remoteTs, + IkeTrafficSelector[] inboundTs, + IkeTrafficSelector[] outboundTs, ChildSaProposal[] proposals, int hardLifetimeSec, int softLifetimeSec, boolean isTransport) { - mLocalTrafficSelectors = localTs; - mRemoteTrafficSelectors = remoteTs; + mInboundTrafficSelectors = inboundTs; + mOutboundTrafficSelectors = outboundTs; mSaProposals = proposals; mHardLifetimeSec = hardLifetimeSec; mSoftLifetimeSec = softLifetimeSec; mIsTransport = isTransport; } - /** Retrieves configured local (client) traffic selectors */ + /** + * Retrieves configured inbound traffic selectors + * + * <p>@see {@link + * TunnelModeChildSessionParams.Builder#addInboundTrafficSelectors(IkeTrafficSelector)} or + * {@link + * TransportModeChildSessionParams.Builder#addInboundTrafficSelectors(IkeTrafficSelector)} + */ @NonNull - public List<IkeTrafficSelector> getLocalTrafficSelectors() { - return Arrays.asList(mLocalTrafficSelectors); + public List<IkeTrafficSelector> getInboundTrafficSelectors() { + return Arrays.asList(mInboundTrafficSelectors); } - /** Retrieves configured remote (server) traffic selectors */ + /** + * Retrieves configured outbound traffic selectors + * + * <p>@see {@link + * TunnelModeChildSessionParams.Builder#addOutboundTrafficSelectors(IkeTrafficSelector)} or + * {@link + * TransportModeChildSessionParams.Builder#addOutboundTrafficSelectors(IkeTrafficSelector)} + */ @NonNull - public List<IkeTrafficSelector> getRemoteTrafficSelectors() { - return Arrays.asList(mRemoteTrafficSelectors); + public List<IkeTrafficSelector> getOutboundTrafficSelectors() { + return Arrays.asList(mOutboundTrafficSelectors); } /** Retrieves all ChildSaProposals configured */ @@ -128,13 +142,13 @@ public abstract class ChildSessionParams { } /** @hide */ - public IkeTrafficSelector[] getLocalTrafficSelectorsInternal() { - return mLocalTrafficSelectors; + public IkeTrafficSelector[] getInboundTrafficSelectorsInternal() { + return mInboundTrafficSelectors; } /** @hide */ - public IkeTrafficSelector[] getRemoteTrafficSelectorsInternal() { - return mRemoteTrafficSelectors; + public IkeTrafficSelector[] getOutboundTrafficSelectorsInternal() { + return mOutboundTrafficSelectors; } /** @hide */ @@ -163,26 +177,23 @@ public abstract class ChildSessionParams { * @hide */ protected abstract static class Builder { - @NonNull protected final List<IkeTrafficSelector> mLocalTsList = new LinkedList<>(); - @NonNull protected final List<IkeTrafficSelector> mRemoteTsList = new LinkedList<>(); + @NonNull protected final List<IkeTrafficSelector> mInboundTsList = new LinkedList<>(); + @NonNull protected final List<IkeTrafficSelector> mOutboundTsList = new LinkedList<>(); @NonNull protected final List<SaProposal> mSaProposalList = new LinkedList<>(); protected int mHardLifetimeSec = CHILD_HARD_LIFETIME_SEC_DEFAULT; protected int mSoftLifetimeSec = CHILD_SOFT_LIFETIME_SEC_DEFAULT; - protected Builder() { - // Currently IKE library only accepts setting up Child SA that all ports and all - // addresses are allowed on both sides. The protected traffic range is determined by the - // socket or interface that the {@link IpSecTransform} is applied to. - // TODO: b/130756765 Validate the current TS negotiation strategy. - mLocalTsList.add(DEFAULT_TRAFFIC_SELECTOR_IPV4); - mRemoteTsList.add(DEFAULT_TRAFFIC_SELECTOR_IPV4); - mLocalTsList.add(DEFAULT_TRAFFIC_SELECTOR_IPV6); - mRemoteTsList.add(DEFAULT_TRAFFIC_SELECTOR_IPV6); + protected void addProposal(@NonNull ChildSaProposal proposal) { + mSaProposalList.add(proposal); + } + + protected void addInboundTs(@NonNull IkeTrafficSelector trafficSelector) { + mInboundTsList.add(trafficSelector); } - protected void validateAndAddSaProposal(@NonNull ChildSaProposal proposal) { - mSaProposalList.add(proposal); + protected void addOutboundTs(@NonNull IkeTrafficSelector trafficSelector) { + mOutboundTsList.add(trafficSelector); } protected void validateAndSetLifetime(int hardLifetimeSec, int softLifetimeSec) { @@ -199,6 +210,16 @@ public abstract class ChildSessionParams { throw new IllegalArgumentException( "ChildSessionParams requires at least one Child SA proposal."); } + + if (mInboundTsList.isEmpty()) { + mInboundTsList.add(DEFAULT_TRAFFIC_SELECTOR_IPV4); + mInboundTsList.add(DEFAULT_TRAFFIC_SELECTOR_IPV6); + } + + if (mOutboundTsList.isEmpty()) { + mOutboundTsList.add(DEFAULT_TRAFFIC_SELECTOR_IPV4); + mOutboundTsList.add(DEFAULT_TRAFFIC_SELECTOR_IPV6); + } } } diff --git a/src/java/android/net/ipsec/ike/IkeSessionConfiguration.java b/src/java/android/net/ipsec/ike/IkeSessionConfiguration.java index 13d86a04..069b24b8 100644 --- a/src/java/android/net/ipsec/ike/IkeSessionConfiguration.java +++ b/src/java/android/net/ipsec/ike/IkeSessionConfiguration.java @@ -16,6 +16,7 @@ package android.net.ipsec.ike; +import static com.android.internal.net.ipsec.ike.message.IkeConfigPayload.CONFIG_ATTR_APPLICATION_VERSION; import static com.android.internal.net.ipsec.ike.message.IkeConfigPayload.CONFIG_ATTR_IP4_PCSCF; import static com.android.internal.net.ipsec.ike.message.IkeConfigPayload.CONFIG_ATTR_IP6_PCSCF; @@ -25,6 +26,7 @@ import android.annotation.SystemApi; import com.android.internal.net.ipsec.ike.message.IkeConfigPayload; import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttribute; +import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttributeAppVersion; import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttributeIpv4Pcscf; import com.android.internal.net.ipsec.ike.message.IkeConfigPayload.ConfigAttributeIpv6Pcscf; @@ -33,7 +35,10 @@ import java.lang.annotation.RetentionPolicy; import java.net.InetAddress; import java.util.ArrayList; import java.util.Collections; +import java.util.HashSet; import java.util.List; +import java.util.Objects; +import java.util.Set; /** * IkeSessionConfiguration represents the negotiated configuration for a {@link IkeSession}. @@ -54,8 +59,11 @@ public final class IkeSessionConfiguration { /** IKEv2 Mobility and Multihoming Protocol */ public static final int EXTENSION_TYPE_MOBIKE = 2; + private final String mRemoteApplicationVersion; private final IkeSessionConnectionInfo mIkeConnInfo; private final List<InetAddress> mPcscfServers = new ArrayList<>(); + private final List<byte[]> mRemoteVendorIds = new ArrayList<>(); + private final Set<Integer> mEnabledExtensions = new HashSet<>(); /** * Construct an instance of {@link IkeSessionConfiguration}. @@ -65,10 +73,20 @@ public final class IkeSessionConfiguration { * @hide */ public IkeSessionConfiguration( - IkeSessionConnectionInfo ikeConnInfo, IkeConfigPayload configPayload) { - // TODO(b/150466460): Throw exception if ikeConnInfo is null + IkeSessionConnectionInfo ikeConnInfo, + IkeConfigPayload configPayload, + List<byte[]> remoteVendorIds, + List<Integer> enabledExtensions) { + String errMsg = " not provided"; + Objects.requireNonNull(ikeConnInfo, "ikeConnInfo" + errMsg); + Objects.requireNonNull(remoteVendorIds, "remoteVendorIds" + errMsg); + Objects.requireNonNull(enabledExtensions, "enabledExtensions" + errMsg); + mIkeConnInfo = ikeConnInfo; + mRemoteVendorIds.addAll(remoteVendorIds); + mEnabledExtensions.addAll(enabledExtensions); + String appVersion = ""; if (configPayload != null) { if (configPayload.configType != IkeConfigPayload.CONFIG_TYPE_REPLY) { throw new IllegalArgumentException( @@ -79,6 +97,10 @@ public final class IkeSessionConfiguration { for (ConfigAttribute attr : configPayload.recognizedAttributeList) { if (attr.isEmptyValue()) continue; switch (attr.attributeType) { + case CONFIG_ATTR_APPLICATION_VERSION: + ConfigAttributeAppVersion appVersionAttr = (ConfigAttributeAppVersion) attr; + appVersion = appVersionAttr.applicationVersion; + break; case CONFIG_ATTR_IP4_PCSCF: ConfigAttributeIpv4Pcscf ip4Pcscf = (ConfigAttributeIpv4Pcscf) attr; mPcscfServers.add(ip4Pcscf.getAddress()); @@ -92,6 +114,7 @@ public final class IkeSessionConfiguration { } } } + mRemoteApplicationVersion = appVersion; } /** @@ -102,8 +125,7 @@ public final class IkeSessionConfiguration { */ @NonNull public String getRemoteApplicationVersion() { - // TODO: Implement it. - throw new UnsupportedOperationException("Not yet supported"); + return mRemoteApplicationVersion; } /** @@ -114,8 +136,7 @@ public final class IkeSessionConfiguration { */ @NonNull public List<byte[]> getRemoteVendorIds() { - // TODO: Implement it. - throw new UnsupportedOperationException("Not yet supported"); + return Collections.unmodifiableList(mRemoteVendorIds); } /** @@ -128,8 +149,7 @@ public final class IkeSessionConfiguration { * @return {@code true} if this extension is enabled. */ public boolean isIkeExtensionEnabled(@ExtensionType int extensionType) { - // TODO: Implement it. - throw new UnsupportedOperationException("Not yet supported"); + return mEnabledExtensions.contains(extensionType); } /** diff --git a/src/java/android/net/ipsec/ike/TransportModeChildSessionParams.java b/src/java/android/net/ipsec/ike/TransportModeChildSessionParams.java index 151cdf26..9ff982f6 100644 --- a/src/java/android/net/ipsec/ike/TransportModeChildSessionParams.java +++ b/src/java/android/net/ipsec/ike/TransportModeChildSessionParams.java @@ -20,6 +20,8 @@ import android.annotation.IntRange; import android.annotation.NonNull; import android.annotation.SystemApi; +import java.util.Objects; + /** * TransportModeChildSessionParams represents proposed configurations for negotiating a transport * mode Child Session. @@ -29,12 +31,18 @@ import android.annotation.SystemApi; @SystemApi public final class TransportModeChildSessionParams extends ChildSessionParams { private TransportModeChildSessionParams( - IkeTrafficSelector[] localTs, - IkeTrafficSelector[] remoteTs, + IkeTrafficSelector[] inboundTs, + IkeTrafficSelector[] outboundTs, ChildSaProposal[] proposals, int hardLifetimeSec, int softLifetimeSec) { - super(localTs, remoteTs, proposals, hardLifetimeSec, softLifetimeSec, true /*isTransport*/); + super( + inboundTs, + outboundTs, + proposals, + hardLifetimeSec, + softLifetimeSec, + true /*isTransport*/); } /** @@ -54,7 +62,7 @@ public final class TransportModeChildSessionParams extends ChildSessionParams { */ @NonNull public Builder addSaProposal(@NonNull ChildSaProposal proposal) { - validateAndAddSaProposal(proposal); + addProposal(proposal); return this; } @@ -62,6 +70,10 @@ public final class TransportModeChildSessionParams extends ChildSessionParams { * Adds an inbound {@link IkeTrafficSelector} to the {@link TransportModeChildSessionParams} * being built. * + * <p>This method allows callers to limit the inbound traffic transmitted over the Child + * Session to the given range. the IKE server may further narrow the range. Callers should + * refer to {@link ChildSessionConfiguration} for the negotiated traffic selectors. + * * <p>If no inbound {@link IkeTrafficSelector} is provided, a default value will be used * that covers all IP addresses and ports. * @@ -70,14 +82,19 @@ public final class TransportModeChildSessionParams extends ChildSessionParams { */ @NonNull public Builder addInboundTrafficSelectors(@NonNull IkeTrafficSelector trafficSelector) { - // TODO: Implement it. - throw new UnsupportedOperationException("Not yet supported"); + Objects.requireNonNull(trafficSelector, "Required argument not provided"); + addInboundTs(trafficSelector); + return this; } /** * Adds an outbound {@link IkeTrafficSelector} to the {@link * TransportModeChildSessionParams} being built. * + * <p>This method allows callers to limit the outbound traffic transmitted over the Child + * Session to the given range. the IKE server may further narrow the range. Callers should + * refer to {@link ChildSessionConfiguration} for the negotiated traffic selectors. + * * <p>If no outbound {@link IkeTrafficSelector} is provided, a default value will be used * that covers all IP addresses and ports. * @@ -86,8 +103,9 @@ public final class TransportModeChildSessionParams extends ChildSessionParams { */ @NonNull public Builder addOutboundTrafficSelectors(@NonNull IkeTrafficSelector trafficSelector) { - // TODO: Implement it. - throw new UnsupportedOperationException("Not yet supported"); + Objects.requireNonNull(trafficSelector, "Required argument not provided"); + addOutboundTs(trafficSelector); + return this; } /** @@ -129,8 +147,8 @@ public final class TransportModeChildSessionParams extends ChildSessionParams { validateOrThrow(); return new TransportModeChildSessionParams( - mLocalTsList.toArray(new IkeTrafficSelector[0]), - mRemoteTsList.toArray(new IkeTrafficSelector[0]), + mInboundTsList.toArray(new IkeTrafficSelector[0]), + mOutboundTsList.toArray(new IkeTrafficSelector[0]), mSaProposalList.toArray(new ChildSaProposal[0]), mHardLifetimeSec, mSoftLifetimeSec); diff --git a/src/java/android/net/ipsec/ike/TunnelModeChildSessionParams.java b/src/java/android/net/ipsec/ike/TunnelModeChildSessionParams.java index 5477cd39..e3076902 100644 --- a/src/java/android/net/ipsec/ike/TunnelModeChildSessionParams.java +++ b/src/java/android/net/ipsec/ike/TunnelModeChildSessionParams.java @@ -40,6 +40,7 @@ import java.util.Arrays; import java.util.Collections; import java.util.LinkedList; import java.util.List; +import java.util.Objects; /** * TunnelModeChildSessionParams represents proposed configurations for negotiating a tunnel mode @@ -52,15 +53,15 @@ public final class TunnelModeChildSessionParams extends ChildSessionParams { @NonNull private final TunnelModeChildConfigAttribute[] mConfigRequests; private TunnelModeChildSessionParams( - @NonNull IkeTrafficSelector[] localTs, - @NonNull IkeTrafficSelector[] remoteTs, + @NonNull IkeTrafficSelector[] inboundTs, + @NonNull IkeTrafficSelector[] outboundTs, @NonNull ChildSaProposal[] proposals, @NonNull TunnelModeChildConfigAttribute[] configRequests, int hardLifetimeSec, int softLifetimeSec) { super( - localTs, - remoteTs, + inboundTs, + outboundTs, proposals, hardLifetimeSec, softLifetimeSec, @@ -100,6 +101,7 @@ public final class TunnelModeChildSessionParams extends ChildSessionParams { * * @return The requested DHCP server address, or null if no specific DHCP server was * requested + * @hide */ @Nullable Inet4Address getAddress(); @@ -111,6 +113,7 @@ public final class TunnelModeChildSessionParams extends ChildSessionParams { * Retrieves the requested IPv4 DNS server address * * @return The requested DNS server address, or null if no specific DNS server was requested + * @hide */ @Nullable Inet4Address getAddress(); @@ -143,6 +146,7 @@ public final class TunnelModeChildSessionParams extends ChildSessionParams { * Retrieves the requested IPv6 DNS server address * * @return The requested DNS server address, or null if no specific DNS server was requested + * @hide */ @Nullable Inet6Address getAddress(); @@ -174,7 +178,7 @@ public final class TunnelModeChildSessionParams extends ChildSessionParams { throw new NullPointerException("Required argument not provided"); } - validateAndAddSaProposal(proposal); + addProposal(proposal); return this; } @@ -194,8 +198,9 @@ public final class TunnelModeChildSessionParams extends ChildSessionParams { */ @NonNull public Builder addInboundTrafficSelectors(@NonNull IkeTrafficSelector trafficSelector) { - // TODO: Implement it. - throw new UnsupportedOperationException("Not yet supported"); + Objects.requireNonNull(trafficSelector, "Required argument not provided"); + addInboundTs(trafficSelector); + return this; } /** @@ -214,8 +219,9 @@ public final class TunnelModeChildSessionParams extends ChildSessionParams { */ @NonNull public Builder addOutboundTrafficSelectors(@NonNull IkeTrafficSelector trafficSelector) { - // TODO: Implement it. - throw new UnsupportedOperationException("Not yet supported"); + Objects.requireNonNull(trafficSelector, "Required argument not provided"); + addOutboundTs(trafficSelector); + return this; } /** @@ -409,8 +415,8 @@ public final class TunnelModeChildSessionParams extends ChildSessionParams { } return new TunnelModeChildSessionParams( - mLocalTsList.toArray(new IkeTrafficSelector[0]), - mRemoteTsList.toArray(new IkeTrafficSelector[0]), + mInboundTsList.toArray(new IkeTrafficSelector[0]), + mOutboundTsList.toArray(new IkeTrafficSelector[0]), mSaProposalList.toArray(new ChildSaProposal[0]), mConfigRequestList.toArray(new TunnelModeChildConfigAttribute[0]), mHardLifetimeSec, |