1 /* 2 * Copyright (C) 2019 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.net.ipsec.ike; 18 19 import android.annotation.NonNull; 20 import android.net.ipsec.ike.exceptions.AuthenticationFailedException; 21 import android.net.vcn.util.PersistableBundleUtils; 22 import android.os.PersistableBundle; 23 24 import java.security.cert.X509Certificate; 25 import java.util.Arrays; 26 import java.util.Objects; 27 28 /** 29 * IkeKeyIdIdentification represents an IKE entity identification based on a Key ID. 30 * 31 * <p>Key ID is an octet stream that may be used to pass vendor-specific information necessary to do 32 * certain proprietary types of identification. 33 */ 34 public final class IkeKeyIdIdentification extends IkeIdentification { 35 private static final String KEY_ID_KEY = "keyId"; 36 /** The KEY ID in octet stream. */ 37 @NonNull public final byte[] keyId; 38 39 /** 40 * Construct an instance of {@link IkeKeyIdIdentification} with a Key ID. 41 * 42 * @param keyId the Key ID in bytes. 43 */ IkeKeyIdIdentification(@onNull byte[] keyId)44 public IkeKeyIdIdentification(@NonNull byte[] keyId) { 45 super(ID_TYPE_KEY_ID); 46 this.keyId = keyId; 47 } 48 49 /** 50 * Constructs this object by deserializing a PersistableBundle 51 * 52 * @hide 53 */ 54 @NonNull fromPersistableBundle(@onNull PersistableBundle in)55 public static IkeKeyIdIdentification fromPersistableBundle(@NonNull PersistableBundle in) { 56 Objects.requireNonNull(in, "PersistableBundle is null"); 57 58 PersistableBundle keyIdBundle = in.getPersistableBundle(KEY_ID_KEY); 59 Objects.requireNonNull(in, "Key ID bundle is null"); 60 61 return new IkeKeyIdIdentification(PersistableBundleUtils.toByteArray(keyIdBundle)); 62 } 63 /** 64 * Serializes this object to a PersistableBundle 65 * 66 * @hide 67 */ 68 @Override 69 @NonNull toPersistableBundle()70 public PersistableBundle toPersistableBundle() { 71 final PersistableBundle result = super.toPersistableBundle(); 72 result.putPersistableBundle(KEY_ID_KEY, PersistableBundleUtils.fromByteArray(keyId)); 73 return result; 74 } 75 76 /** @hide */ 77 @Override hashCode()78 public int hashCode() { 79 // idType is also hashed to prevent collisions with other IkeAuthentication subtypes 80 return Objects.hash(idType, Arrays.hashCode(keyId)); 81 } 82 83 /** @hide */ 84 @Override equals(Object o)85 public boolean equals(Object o) { 86 if (!(o instanceof IkeKeyIdIdentification)) return false; 87 88 // idType already verified based on class type; no need to check again. 89 return Arrays.equals(keyId, ((IkeKeyIdIdentification) o).keyId); 90 } 91 92 /** @hide */ 93 @Override getIdTypeString()94 public String getIdTypeString() { 95 return "Key ID"; 96 } 97 98 /** @hide */ 99 @Override validateEndCertIdOrThrow(X509Certificate endCert)100 public void validateEndCertIdOrThrow(X509Certificate endCert) 101 throws AuthenticationFailedException { 102 throw new AuthenticationFailedException( 103 "Key ID cannot be used together with digital-signature-based authentication"); 104 } 105 106 /** 107 * Retrieve the byte-representation of the ID data. 108 * 109 * @return the byte-representation of the ID data. 110 * @hide 111 */ 112 @Override getEncodedIdData()113 public byte[] getEncodedIdData() { 114 return keyId; 115 } 116 } 117