1 /*
2  * Copyright (C) 2019 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package android.net.ipsec.ike;
18 
19 import android.annotation.NonNull;
20 import android.net.InetAddresses;
21 import android.net.ipsec.ike.exceptions.AuthenticationFailedException;
22 import android.os.PersistableBundle;
23 
24 import java.net.Inet6Address;
25 import java.net.UnknownHostException;
26 import java.security.cert.X509Certificate;
27 import java.util.Objects;
28 
29 /** IkeIpv6AddrIdentification represents an IKE entity identification based on IPv6 address. */
30 public class IkeIpv6AddrIdentification extends IkeIdentification {
31     private static final String IP_ADDRESS_KEY = "ipv6Address";
32 
33     /** The IPv6 address. */
34     @NonNull public final Inet6Address ipv6Address;
35 
36     /**
37      * Construct an instance of IkeIpv6AddrIdentification from a decoded inbound packet.
38      *
39      * @param ipv6AddrBytes IPv6 address in byte array.
40      * @throws AuthenticationFailedException for decoding bytes error.
41      * @hide
42      */
IkeIpv6AddrIdentification(byte[] ipv6AddrBytes)43     public IkeIpv6AddrIdentification(byte[] ipv6AddrBytes) throws AuthenticationFailedException {
44         super(ID_TYPE_IPV6_ADDR);
45         try {
46             ipv6Address = (Inet6Address) (Inet6Address.getByAddress(ipv6AddrBytes));
47         } catch (ClassCastException | UnknownHostException e) {
48             throw new AuthenticationFailedException(e);
49         }
50     }
51 
52     /**
53      * Construct an instance of {@link IkeIpv6AddrIdentification} with an IPv6 address.
54      *
55      * @param address the IPv6 address.
56      */
IkeIpv6AddrIdentification(@onNull Inet6Address address)57     public IkeIpv6AddrIdentification(@NonNull Inet6Address address) {
58         super(ID_TYPE_IPV6_ADDR);
59         ipv6Address = address;
60     }
61 
62     /**
63      * Constructs this object by deserializing a PersistableBundle
64      *
65      * @hide
66      */
67     @NonNull
fromPersistableBundle(@onNull PersistableBundle in)68     public static IkeIpv6AddrIdentification fromPersistableBundle(@NonNull PersistableBundle in) {
69         Objects.requireNonNull(in, "PersistableBundle is null");
70 
71         return new IkeIpv6AddrIdentification(
72                 (Inet6Address) InetAddresses.parseNumericAddress(in.getString(IP_ADDRESS_KEY)));
73     }
74     /**
75      * Serializes this object to a PersistableBundle
76      *
77      * @hide
78      */
79     @Override
80     @NonNull
toPersistableBundle()81     public PersistableBundle toPersistableBundle() {
82         final PersistableBundle result = super.toPersistableBundle();
83         result.putString(IP_ADDRESS_KEY, ipv6Address.getHostAddress());
84         return result;
85     }
86 
87     /** @hide */
88     @Override
hashCode()89     public int hashCode() {
90         // idType is also hashed to prevent collisions with other IkeAuthentication subtypes
91         return Objects.hash(idType, ipv6Address);
92     }
93 
94     /** @hide */
95     @Override
equals(Object o)96     public boolean equals(Object o) {
97         if (!(o instanceof IkeIpv6AddrIdentification)) return false;
98 
99         // idType already verified based on class type; no need to check again.
100         return ipv6Address.equals(((IkeIpv6AddrIdentification) o).ipv6Address);
101     }
102 
103     /** @hide */
104     @Override
getIdTypeString()105     public String getIdTypeString() {
106         return "IPv6 Address";
107     }
108 
109     /** @hide */
110     @Override
validateEndCertIdOrThrow(X509Certificate endCert)111     public void validateEndCertIdOrThrow(X509Certificate endCert)
112             throws AuthenticationFailedException {
113         // The corresponding SAN type is IP Address as per RFC 7296
114         validateEndCertSanOrThrow(endCert, SAN_TYPE_IP_ADDRESS, ipv6Address.getHostAddress());
115     }
116 
117     /**
118      * Retrieve the byte-representation of the IPv6 address.
119      *
120      * @return the byte-representation of the IPv6 address.
121      * @hide
122      */
123     @Override
getEncodedIdData()124     public byte[] getEncodedIdData() {
125         return ipv6Address.getAddress();
126     }
127 }
128