Merge "[Passpoint] OSU system exception when the URL is HTTP" into qt-qpr1-dev

author: TreeHugger Robot <treehugger-gerrit@google.com> 2019-08-03 18:11:16 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2019-08-03 18:11:16 +0000
commit: ece7e1bb352a57ed82124173449b7d5b6d479e8e (patch)
tree: ac60e6c6ed4b58eac5256cf6baf1a2a6e16c1240 /service
parent: 43dbd2ea7c484a687b0019522e9b57715e3013a9 (diff)
parent: 1b0234a5ada2bdb2c0788eb274f84039302e3c98 (diff)
download: android_frameworks_opt_net_wifi-ece7e1bb352a57ed82124173449b7d5b6d479e8e.tar.gz
android_frameworks_opt_net_wifi-ece7e1bb352a57ed82124173449b7d5b6d479e8e.tar.bz2
android_frameworks_opt_net_wifi-ece7e1bb352a57ed82124173449b7d5b6d479e8e.zip
1 files changed, 50 insertions, 11 deletions
diff --git a/service/java/com/android/server/wifi/hotspot2/OsuServerConnection.java b/service/java/com/android/server/wifi/hotspot2/OsuServerConnection.java
index c748ca1ac..94f584f72 100644
--- a/service/java/com/android/server/wifi/hotspot2/OsuServerConnection.java
+++ b/service/java/com/android/server/wifi/hotspot2/OsuServerConnection.java
@@ -43,6 +43,7 @@ import java.io.IOException;
 import java.io.InputStream;
 import java.net.HttpURLConnection;
 import java.net.URL;
+import java.net.URLConnection;
 import java.security.KeyManagementException;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
@@ -163,7 +164,7 @@ public class OsuServerConnection {
      */
     public boolean connect(@NonNull URL url, @NonNull Network network) {
         if (url == null) {
-            Log.e(TAG, "url is null");
+            Log.e(TAG, "URL is null");
             return false;
         }
         if (network == null) {
@@ -171,6 +172,14 @@ public class OsuServerConnection {
             return false;
         }
 
+        String protocol = url.getProtocol();
+        // According to section 7.5.1 OSU operational requirements, in HS2.0 R3 specification,
+        // the URL must be HTTPS. Enforce it here.
+        if (!TextUtils.equals(protocol, "https")) {
+            Log.e(TAG, "OSU server URL must be HTTPS");
+            return false;
+        }
+
         mHandler.post(() -> performTlsConnection(url, network));
         return true;
     }
@@ -271,13 +280,37 @@ public class OsuServerConnection {
         mNetwork = network;
         mUrl = url;
 
-        HttpsURLConnection urlConnection;
+        URLConnection urlConnection;
+        HttpsURLConnection httpsURLConnection;
+
+        try {
+            urlConnection = mNetwork.openConnection(mUrl);
+        } catch (IOException e) {
+            Log.e(TAG, "Unable to establish a URL connection: " + e);
+            if (mOsuServerCallbacks != null) {
+                mOsuServerCallbacks.onServerConnectionStatus(
+                        mOsuServerCallbacks.getSessionId(),
+                        false);
+            }
+            return;
+        }
+
+        if (urlConnection instanceof HttpsURLConnection) {
+            httpsURLConnection = (HttpsURLConnection) urlConnection;
+        } else {
+            Log.e(TAG, "Invalid URL connection");
+            if (mOsuServerCallbacks != null) {
+                mOsuServerCallbacks.onServerConnectionStatus(mOsuServerCallbacks.getSessionId(),
+                        false);
+            }
+            return;
+        }
+
         try {
-            urlConnection = (HttpsURLConnection) mNetwork.openConnection(mUrl);
-            urlConnection.setSSLSocketFactory(mSocketFactory);
-            urlConnection.setConnectTimeout(HttpsServiceConnection.DEFAULT_TIMEOUT_MS);
-            urlConnection.setReadTimeout(HttpsServiceConnection.DEFAULT_TIMEOUT_MS);
-            urlConnection.connect();
+            httpsURLConnection.setSSLSocketFactory(mSocketFactory);
+            httpsURLConnection.setConnectTimeout(HttpsServiceConnection.DEFAULT_TIMEOUT_MS);
+            httpsURLConnection.setReadTimeout(HttpsServiceConnection.DEFAULT_TIMEOUT_MS);
+            httpsURLConnection.connect();
         } catch (IOException e) {
             Log.e(TAG, "Unable to establish a URL connection: " + e);
             if (mOsuServerCallbacks != null) {
@@ -286,7 +319,7 @@ public class OsuServerConnection {
             }
             return;
         }
-        mUrlConnection = urlConnection;
+        mUrlConnection = httpsURLConnection;
         if (mOsuServerCallbacks != null) {
             mOsuServerCallbacks.onServerConnectionStatus(mOsuServerCallbacks.getSessionId(), true);
         }
@@ -572,9 +605,15 @@ public class OsuServerConnection {
                         (SSLSocket) null);
                 certsValid = true;
             } catch (CertificateException e) {
-                Log.e(TAG, "Unable to validate certs " + e);
-                if (mVerboseLoggingEnabled) {
-                    e.printStackTrace();
+                Log.e(TAG, "Certificate validation failure: " + e);
+                int i = 0;
+                for (X509Certificate cert : chain) {
+                    // Provide some more details about the invalid certificate
+                    Log.e(TAG, "Cert " + i + " details: " + cert.getSubjectDN());
+                    Log.e(TAG, "Not before: " + cert.getNotBefore() + ", not after: "
+                            + cert.getNotAfter());
+                    Log.e(TAG, "Cert " + i + " issuer: " + cert.getIssuerDN());
+                    i++;
                 }
             }
             if (mOsuServerCallbacks != null) {
author	TreeHugger Robot <treehugger-gerrit@google.com>	2019-08-03 18:11:16 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2019-08-03 18:11:16 +0000
commit	ece7e1bb352a57ed82124173449b7d5b6d479e8e (patch)
tree	ac60e6c6ed4b58eac5256cf6baf1a2a6e16c1240 /service
parent	43dbd2ea7c484a687b0019522e9b57715e3013a9 (diff)
parent	1b0234a5ada2bdb2c0788eb274f84039302e3c98 (diff)
download	android_frameworks_opt_net_wifi-ece7e1bb352a57ed82124173449b7d5b6d479e8e.tar.gz android_frameworks_opt_net_wifi-ece7e1bb352a57ed82124173449b7d5b6d479e8e.tar.bz2 android_frameworks_opt_net_wifi-ece7e1bb352a57ed82124173449b7d5b6d479e8e.zip