private static XElement CreateEapConfiguration(
EapType eapType,
InnerAuthType innerAuthType,
string outerIdentity,
List <string> serverNames,
List <string> caThumbprints,
bool strictMode)
{
bool enableServerValidation = strictMode && (serverNames.Any() || caThumbprints.Any());
// creates the root xml strucure, with references to some of its descendants
XElement configElement;
XElement serverValidationElement;
XElement caHashListElement = null; // eapType == eapType.TLS only
XElement eapConfiguration =
new XElement(nsEHC + "EapHostConfig",
new XElement(nsEHC + "EapMethod",
new XElement(nsEC + "Type", (int)eapType),
new XElement(nsEC + "VendorId", 0),
new XElement(nsEC + "VendorType", 0),
new XElement(nsEC + "AuthorId", eapType == EapType.TTLS ? 311 : 0) // no geant link
),
configElement =
new XElement(nsEHC + "Config")
);
// namespace element local names dependant on EAP type
XNamespace nsEapType;
string thumbprintNodeName;
if ((eapType, innerAuthType) == (EapType.TLS, InnerAuthType.None))
{
// sets namespace and name of thumbprint node
nsEapType = nsETCPv1;
thumbprintNodeName = "TrustedRootCA";
// adds TLS specific xml elements
configElement.Add(
new XElement(nsBECP + "Eap",
new XElement(nsBECP + "Type", (int)eapType), // TLS
new XElement(nsETCPv1 + "EapType",
new XElement(nsETCPv1 + "CredentialsSource",
new XElement(nsETCPv1 + "CertificateStore",
new XElement(nsETCPv1 + "SimpleCertSelection", "true")
)
),
serverValidationElement =
new XElement(nsETCPv1 + "ServerValidation",
new XElement(nsETCPv1 + "DisableUserPromptForServerValidation", enableServerValidation ? "true" : "false"),
new XElement(nsETCPv1 + "ServerNames", string.Join(";", serverNames))
),
new XElement(nsETCPv1 + "DifferentUsername", "false"),
new XElement(nsETCPv2 + "PerformServerValidation", "true"),
new XElement(nsETCPv2 + "AcceptServerName", "false"),
new XElement(nsETCPv2 + "TLSExtensions",
new XElement(nsETCPv3 + "FilteringInfo",
caHashListElement =
new XElement(nsETCPv3 + "CAHashList", new XAttribute("Enabled", "true"))
)
)
)
)
);
}
private static XElement EapUserData(
string innerIdentity,
string password,
string outerIdentity,
EapType eapType,
InnerAuthType innerAuthType,
string userCertFingerprint = null)
{
return((eapType, innerAuthType) switch
{
(EapType.MSCHAPv2, InnerAuthType.None) =>
new XElement(nsBEUP + "Eap",
new XElement(nsBEUP + "Type", (int)EapType.MSCHAPv2),
new XElement(nsMCUP + "EapType",
new XElement(nsMCUP + "Username", innerIdentity),
new XElement(nsMCUP + "Password", password),
new XElement(nsMCUP + "LogonDomain") // TODO: what is this?
)
),
(EapType.PEAP, InnerAuthType.EAP_MSCHAPv2) =>
new XElement(nsBEUP + "Eap",
new XElement(nsBEUP + "Type", (int)EapType.PEAP),
new XElement(nsMPUP + "EapType",
new XElement(nsMPUP + "RoutingIdentity", outerIdentity),
EapUserData(
innerIdentity,
password,
outerIdentity,
EapType.MSCHAPv2,
InnerAuthType.None
)
)
),
(EapType.TLS, InnerAuthType.None) =>
new XElement(nsBEUP + "Eap",
new XElement(nsBEUP + "Type", (int)EapType.TLS),
new XElement(nsTLS + "EapType",
new XElement(nsTLS + "Username", outerIdentity), // TODO: test if this gets used
new XElement(nsTLS + "UserCert", // xs:hexBinary
// format fingerprint:
Regex.Replace(Regex.Replace(userCertFingerprint, " ", ""), ".{2}", "$0 ")
.ToUpperInvariant().Trim()
)
)
),
var x when
x == (EapType.TTLS, InnerAuthType.PAP) ||
x == (EapType.TTLS, InnerAuthType.MSCHAP) || // v1 is not tested
x == (EapType.TTLS, InnerAuthType.MSCHAPv2) =>
new XElement(nsTTLS + "EapTtls", // schema says lower camelcase, but only upper camelcase works
new XElement(nsTTLS + "Username", innerIdentity), // outerIdentity is configured in ProfileXml
new XElement(nsTTLS + "Password", password)
),
(EapType.TTLS, InnerAuthType.EAP_MSCHAPv2) => // TODO: matches schema, but produces an error
new XElement(nsTTLS + "EapTtls",
//new XElement(nsTTLS + "Username", uname),
//new XElement(nsTTLS + "Password", pword),
EapUserData(
innerIdentity,
password,
outerIdentity,
EapType.MSCHAPv2,
InnerAuthType.None
)
),
(EapType.TTLS, InnerAuthType.EAP_PEAP_MSCHAPv2) => // TODO: matches schema, but produces an error
new XElement(nsTTLS + "EapTtls",
//new XElement(nsTTLS + "Username", uname),
//new XElement(nsTTLS + "Password", pword),
EapUserData(
innerIdentity,
password,
outerIdentity,
EapType.PEAP,
InnerAuthType.EAP_MSCHAPv2
)
),
// not supported
_ => throw new EduroamAppUserException("unsupported auth method"),
});
