1 /* 2 * Copyright (C) 2019 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.net.ipsec.ike; 18 19 import android.annotation.NonNull; 20 import android.net.ipsec.ike.exceptions.AuthenticationFailedException; 21 import android.os.PersistableBundle; 22 23 import com.android.server.vcn.util.PersistableBundleUtils; 24 25 import java.security.cert.X509Certificate; 26 import java.util.Arrays; 27 import java.util.Objects; 28 29 /** 30 * IkeKeyIdIdentification represents an IKE entity identification based on a Key ID. 31 * 32 * <p>Key ID is an octet stream that may be used to pass vendor-specific information necessary to do 33 * certain proprietary types of identification. 34 */ 35 public final class IkeKeyIdIdentification extends IkeIdentification { 36 private static final String KEY_ID_KEY = "keyId"; 37 /** The KEY ID in octet stream. */ 38 @NonNull public final byte[] keyId; 39 40 /** 41 * Construct an instance of {@link IkeKeyIdIdentification} with a Key ID. 42 * 43 * @param keyId the Key ID in bytes. 44 */ IkeKeyIdIdentification(@onNull byte[] keyId)45 public IkeKeyIdIdentification(@NonNull byte[] keyId) { 46 super(ID_TYPE_KEY_ID); 47 this.keyId = keyId; 48 } 49 50 /** 51 * Constructs this object by deserializing a PersistableBundle 52 * 53 * @hide 54 */ 55 @NonNull fromPersistableBundle(@onNull PersistableBundle in)56 public static IkeKeyIdIdentification fromPersistableBundle(@NonNull PersistableBundle in) { 57 Objects.requireNonNull(in, "PersistableBundle is null"); 58 59 PersistableBundle keyIdBundle = in.getPersistableBundle(KEY_ID_KEY); 60 Objects.requireNonNull(in, "Key ID bundle is null"); 61 62 return new IkeKeyIdIdentification(PersistableBundleUtils.toByteArray(keyIdBundle)); 63 } 64 /** 65 * Serializes this object to a PersistableBundle 66 * 67 * @hide 68 */ 69 @Override 70 @NonNull toPersistableBundle()71 public PersistableBundle toPersistableBundle() { 72 final PersistableBundle result = super.toPersistableBundle(); 73 result.putPersistableBundle(KEY_ID_KEY, PersistableBundleUtils.fromByteArray(keyId)); 74 return result; 75 } 76 77 /** @hide */ 78 @Override hashCode()79 public int hashCode() { 80 // idType is also hashed to prevent collisions with other IkeAuthentication subtypes 81 return Objects.hash(idType, Arrays.hashCode(keyId)); 82 } 83 84 /** @hide */ 85 @Override equals(Object o)86 public boolean equals(Object o) { 87 if (!(o instanceof IkeKeyIdIdentification)) return false; 88 89 // idType already verified based on class type; no need to check again. 90 return Arrays.equals(keyId, ((IkeKeyIdIdentification) o).keyId); 91 } 92 93 /** @hide */ 94 @Override getIdTypeString()95 public String getIdTypeString() { 96 return "Key ID"; 97 } 98 99 /** @hide */ 100 @Override validateEndCertIdOrThrow(X509Certificate endCert)101 public void validateEndCertIdOrThrow(X509Certificate endCert) 102 throws AuthenticationFailedException { 103 throw new AuthenticationFailedException( 104 "Key ID cannot be used together with digital-signature-based authentication"); 105 } 106 107 /** 108 * Retrieve the byte-representation of the ID data. 109 * 110 * @return the byte-representation of the ID data. 111 * @hide 112 */ 113 @Override getEncodedIdData()114 public byte[] getEncodedIdData() { 115 return keyId; 116 } 117 } 118