Expose MOBIKE APIs for IKEv2.
This CL exposes all APIs necessary to enable and use MOBIKE in an IKEv2
Session.
Bug: 158033037
Bug: 172929274
Test: atest FrameworksIkeTests
Change-Id: I5745b2599c730fbf1129c4556525ec41d5269d16
diff --git a/api/current.txt b/api/current.txt
index 6a1d8a1..b150294 100644
--- a/api/current.txt
+++ b/api/current.txt
@@ -63,6 +63,7 @@
method public void onClosedExceptionally(@NonNull android.net.ipsec.ike.exceptions.IkeException);
method public void onIpSecTransformCreated(@NonNull android.net.IpSecTransform, int);
method public void onIpSecTransformDeleted(@NonNull android.net.IpSecTransform, int);
+ method public default void onIpSecTransformsMigrated(@NonNull android.net.IpSecTransform, @NonNull android.net.IpSecTransform);
method public void onOpened(@NonNull android.net.ipsec.ike.ChildSessionConfiguration);
}
@@ -136,11 +137,14 @@
method public void finalize();
method public void kill();
method public void openChildSession(@NonNull android.net.ipsec.ike.ChildSessionParams, @NonNull android.net.ipsec.ike.ChildSessionCallback);
+ method public void setNetwork(@NonNull android.net.Network);
}
public interface IkeSessionCallback {
method public void onClosed();
method public void onClosedExceptionally(@NonNull android.net.ipsec.ike.exceptions.IkeException);
+ method public default void onError(@NonNull android.net.ipsec.ike.exceptions.IkeException);
+ method public default void onIkeSessionConnectionInfoChanged(@NonNull android.net.ipsec.ike.IkeSessionConnectionInfo);
method public void onOpened(@NonNull android.net.ipsec.ike.IkeSessionConfiguration);
}
@@ -176,6 +180,7 @@
method public boolean hasIkeOption(int);
field public static final int IKE_OPTION_ACCEPT_ANY_REMOTE_ID = 0; // 0x0
field public static final int IKE_OPTION_EAP_ONLY_AUTH = 1; // 0x1
+ field public static final int IKE_OPTION_MOBIKE = 2; // 0x2
}
public static final class IkeSessionParams.Builder {
@@ -348,11 +353,19 @@
public abstract class IkeException extends java.lang.Exception {
}
- public final class IkeInternalException extends android.net.ipsec.ike.exceptions.IkeException {
+ public final class IkeInternalException extends android.net.ipsec.ike.exceptions.IkeNonProtocolException {
ctor public IkeInternalException(@NonNull Throwable);
ctor public IkeInternalException(@NonNull String, @NonNull Throwable);
}
+ public final class IkeNetworkLostException extends android.net.ipsec.ike.exceptions.IkeNonProtocolException {
+ ctor public IkeNetworkLostException(@NonNull android.net.Network);
+ method @NonNull public android.net.Network getNetwork();
+ }
+
+ public abstract class IkeNonProtocolException extends android.net.ipsec.ike.exceptions.IkeException {
+ }
+
public abstract class IkeProtocolException extends android.net.ipsec.ike.exceptions.IkeException {
method public int getErrorType();
field public static final int ERROR_TYPE_AUTHENTICATION_FAILED = 24; // 0x18
diff --git a/api/system-current.txt b/api/system-current.txt
index 684c496..fd1f09e 100644
--- a/api/system-current.txt
+++ b/api/system-current.txt
@@ -15,7 +15,7 @@
package android.net.ipsec.ike {
public interface IkeSessionCallback {
- method public void onError(@NonNull android.net.ipsec.ike.exceptions.IkeProtocolException);
+ method @Deprecated public default void onError(@NonNull android.net.ipsec.ike.exceptions.IkeProtocolException);
}
public final class IkeSessionParams {
diff --git a/src/java/android/net/ipsec/ike/ChildSessionCallback.java b/src/java/android/net/ipsec/ike/ChildSessionCallback.java
index 9b67a00..1dd4530 100644
--- a/src/java/android/net/ipsec/ike/ChildSessionCallback.java
+++ b/src/java/android/net/ipsec/ike/ChildSessionCallback.java
@@ -108,7 +108,6 @@
* {@link IpSecManager#DIRECTION_IN}
* @param outIpSecTransform IpSecTransform to be used for traffic with {@link PolicyDirection}
* {@link IpSecManager#DIRECTION_OUT}
- * @hide
*/
default void onIpSecTransformsMigrated(
@NonNull IpSecTransform inIpSecTransform, @NonNull IpSecTransform outIpSecTransform) {}
diff --git a/src/java/android/net/ipsec/ike/IkeSession.java b/src/java/android/net/ipsec/ike/IkeSession.java
index cab99cc..5dab372 100644
--- a/src/java/android/net/ipsec/ike/IkeSession.java
+++ b/src/java/android/net/ipsec/ike/IkeSession.java
@@ -296,7 +296,6 @@
* @param network the Network to use for this IkeSession
* @throws IllegalStateException if MOBIKE is not configured in IkeSessionParams, MOBIKE is not
* active for this IkeSession, or if the Network was not specified in IkeSessionParams.
- * @hide
*/
public void setNetwork(@NonNull Network network) {
mIkeSessionStateMachine.setNetwork(network);
diff --git a/src/java/android/net/ipsec/ike/IkeSessionCallback.java b/src/java/android/net/ipsec/ike/IkeSessionCallback.java
index 21fac18..9468011 100644
--- a/src/java/android/net/ipsec/ike/IkeSessionCallback.java
+++ b/src/java/android/net/ipsec/ike/IkeSessionCallback.java
@@ -67,12 +67,13 @@
* INVALID_MESSAGE_ID.
*
* @param exception the detailed error information.
+ * @deprecated Implementers should override {@link #onError(IkeException)} to handle {@link
+ * IkeProtocolException}s instead of using this method.
* @hide
*/
- // TODO: b/158033037 Deprecate this method and add a public API that takes an IkeException when
- // exposing MOBIKE APIs
@SystemApi
- void onError(@NonNull IkeProtocolException exception);
+ @Deprecated
+ default void onError(@NonNull IkeProtocolException exception) {}
/**
* Called if a recoverable error is encountered in an established {@link IkeSession}.
@@ -81,7 +82,6 @@
* non-protocol errors such as the underlying {@link android.net.Network} dying.
*
* @param exception the detailed error information.
- * @hide
*/
default void onError(@NonNull IkeException exception) {
if (exception instanceof IkeProtocolException) {
@@ -108,7 +108,6 @@
* </ul>
*
* @param connectionInfo the updated IkeSessionConnectionInfo for the Session.
- * @hide
*/
default void onIkeSessionConnectionInfoChanged(
@NonNull IkeSessionConnectionInfo connectionInfo) {}
diff --git a/src/java/android/net/ipsec/ike/IkeSessionParams.java b/src/java/android/net/ipsec/ike/IkeSessionParams.java
index 698d379..834e416 100644
--- a/src/java/android/net/ipsec/ike/IkeSessionParams.java
+++ b/src/java/android/net/ipsec/ike/IkeSessionParams.java
@@ -117,27 +117,39 @@
/**
* If set, the IKE library will attempt to enable MOBIKE for the resulting IKE Session.
*
+ * <p>To support MOBIKE, callers must implement:
+ *
+ * <ul>
+ * <li>{@link IkeSessionCallback#onIkeSessionConnectionInfoChanged(IkeSessionConnectionInfo)}:
+ * this MUST migrate all IpSecTunnelInterface instances associated with this IkeSession.
+ * <li>{@link ChildSessionCallback#onIpSecTransformsMigrated(android.net.IpSecTransform,
+ * android.net.IpSecTransform)}: this MUST re-apply the migrated transforms to the
+ * IpSecTunnelInterface associated with this ChildSessionCallback, via {@link
+ * android.net.IpSecManager#applyTunnelModeTransform(
+ * android.net.IpSecManager.IpSecTunnelInterface, int, android.net.IpSecTransform)}.
+ * </ul>
+ *
* <p>MOBIKE support is compatible with two Network modes:
*
* <ul>
* <li><b>Caller managed:</b> The caller controls the underlying Network for the IKE Session
* at all times. The IKE Session will only change underlying Networks if the caller
* initiates it through {@link IkeSession#setNetwork(Network)}. If the caller-specified
- * Network dies, they will be notified via {@link
+ * Network is lost, they will be notified via {@link
* IkeSessionCallback#onError(android.net.ipsec.ike.exceptions.IkeException)} with an
- * {@link android.net.ipsec.ike.exceptions.IkeNetworkDiedException} specifying the Network
- * that died.
- * <li><b>Platform Default:</b> The IKE Session will always track the Platform default
- * Network. The IKE Session will start on the Platform default Network, and any subsequent
- * changes to the default Network (after the IKE_AUTH exchange completes) will cause the
- * IKE Session's underlying Network to change. If the default Network dies with no
- * replacements, the caller will be notified via {@link
+ * {@link android.net.ipsec.ike.exceptions.IkeNetworkLostException} specifying the Network
+ * that was lost.
+ * <li><b>Platform Default:</b> The IKE Session will always track the application default
+ * Network. The IKE Session will start on the application default Network, and any
+ * subsequent changes to the default Network (after the IKE_AUTH exchange completes) will
+ * cause the IKE Session's underlying Network to change. If the default Network is lost
+ * with no replacements, the caller will be notified via {@link
* IkeSessionCallback#onError(android.net.ipsec.ike.exceptions.IkeException)} with an
- * {@link android.net.ipsec.ike.exceptions.IkeNetworkDiedException}. The caller can either
+ * {@link android.net.ipsec.ike.exceptions.IkeNetworkLostException}. The caller can either
* wait until for a new default Network to become available or they may close the Session
* manually via {@link IkeSession#close()}. Note that the IKE Session's maximum
* retransmissions may expire while waiting for a new default Network, in which case the
- * Session will automatically close
+ * Session will automatically close.
* </ul>
*
* <p>Use of MOBIKE in the IKE Session requires the peer to also support MOBIKE.
@@ -147,9 +159,8 @@
*
* <p>Checking for MOBIKE use in an IKE Session is done via {@link
* IkeSessionConfiguration#isIkeExtensionEnabled(int)}.
- *
- * @hide
*/
+ // TODO(b/175416035): update docs to @link to API for migrating IpSecTunnelInterfaces
public static final int IKE_OPTION_MOBIKE = 2;
private static final int MIN_IKE_OPTION = IKE_OPTION_ACCEPT_ANY_REMOTE_ID;
diff --git a/src/java/android/net/ipsec/ike/exceptions/IkeInternalException.java b/src/java/android/net/ipsec/ike/exceptions/IkeInternalException.java
index aaa69e4..37f7293 100644
--- a/src/java/android/net/ipsec/ike/exceptions/IkeInternalException.java
+++ b/src/java/android/net/ipsec/ike/exceptions/IkeInternalException.java
@@ -23,7 +23,7 @@
* <p>Causes may include exceptions such as {@link IpSecManager.SpiUnavailableException} when the
* requested SPI resources failed to be allocated.
*/
-public final class IkeInternalException extends IkeException {
+public final class IkeInternalException extends IkeNonProtocolException {
/**
* Constructs a new exception with the specified cause.
*
diff --git a/src/java/android/net/ipsec/ike/exceptions/IkeNetworkDiedException.java b/src/java/android/net/ipsec/ike/exceptions/IkeNetworkLostException.java
similarity index 75%
rename from src/java/android/net/ipsec/ike/exceptions/IkeNetworkDiedException.java
rename to src/java/android/net/ipsec/ike/exceptions/IkeNetworkLostException.java
index 5fdae70..d638502 100644
--- a/src/java/android/net/ipsec/ike/exceptions/IkeNetworkDiedException.java
+++ b/src/java/android/net/ipsec/ike/exceptions/IkeNetworkLostException.java
@@ -16,15 +16,20 @@
package android.net.ipsec.ike.exceptions;
+import android.annotation.NonNull;
import android.net.Network;
import android.net.ipsec.ike.IkeSessionCallback;
import java.util.Objects;
/**
- * IkeNetworkDiedException is returned to the caller via {@link
+ * IkeNetworkLostException is returned to the caller via {@link
* IkeSessionCallback#onError(IkeException)} if the underlying Network for the {@link IkeSession}
- * dies with no alternatives.
+ * was lost with no alternatives.
+ *
+ * <p>This Exception corresponds to {@link
+ * android.net.ConnectivityManager.NetworkCallback#onLost(android.net.Network)} being invoked for
+ * the specified underlying Network.
*
* <p>When the caller receives this Exception, they must either:
*
@@ -40,21 +45,20 @@
* </ul>
* <li>close the corresponding IkeSession.
* </ul>
- *
- * @hide
*/
-public final class IkeNetworkDiedException extends IkeNonProtocolException {
+public final class IkeNetworkLostException extends IkeNonProtocolException {
private final Network mNetwork;
- /** Constructs an IkeNetworkDiedException to indicate the specified Network died. */
- public IkeNetworkDiedException(Network network) {
+ /** Constructs an IkeNetworkLostException to indicate the specified Network was lost. */
+ public IkeNetworkLostException(@NonNull Network network) {
super();
Objects.requireNonNull(network, "network is null");
mNetwork = network;
}
- /** Returns the IkeSession's underlying Network that died. */
+ /** Returns the IkeSession's underlying Network that was lost. */
+ @NonNull
public Network getNetwork() {
return mNetwork;
}
diff --git a/src/java/android/net/ipsec/ike/exceptions/IkeNonProtocolException.java b/src/java/android/net/ipsec/ike/exceptions/IkeNonProtocolException.java
index d8a3162..f005504 100644
--- a/src/java/android/net/ipsec/ike/exceptions/IkeNonProtocolException.java
+++ b/src/java/android/net/ipsec/ike/exceptions/IkeNonProtocolException.java
@@ -18,8 +18,6 @@
/**
* IkeNonProtocolException encapsulates all implementation-specific non-protocol IKE errors.
- *
- * @hide
*/
public abstract class IkeNonProtocolException extends IkeException {
/** @hide */
diff --git a/src/java/com/android/internal/net/ipsec/ike/IkeSessionStateMachine.java b/src/java/com/android/internal/net/ipsec/ike/IkeSessionStateMachine.java
index 60f1c6c..de248a6 100644
--- a/src/java/com/android/internal/net/ipsec/ike/IkeSessionStateMachine.java
+++ b/src/java/com/android/internal/net/ipsec/ike/IkeSessionStateMachine.java
@@ -86,7 +86,7 @@
import android.net.ipsec.ike.exceptions.AuthenticationFailedException;
import android.net.ipsec.ike.exceptions.IkeException;
import android.net.ipsec.ike.exceptions.IkeInternalException;
-import android.net.ipsec.ike.exceptions.IkeNetworkDiedException;
+import android.net.ipsec.ike.exceptions.IkeNetworkLostException;
import android.net.ipsec.ike.exceptions.IkeProtocolException;
import android.net.ipsec.ike.exceptions.InvalidKeException;
import android.net.ipsec.ike.exceptions.InvalidSyntaxException;
@@ -5468,6 +5468,6 @@
@Override
public void onUnderlyingNetworkDied() {
executeUserCallback(
- () -> mIkeSessionCallback.onError(new IkeNetworkDiedException(mNetwork)));
+ () -> mIkeSessionCallback.onError(new IkeNetworkLostException(mNetwork)));
}
}
diff --git a/src/java/com/android/internal/net/ipsec/ike/net/IkeDefaultNetworkCallback.java b/src/java/com/android/internal/net/ipsec/ike/net/IkeDefaultNetworkCallback.java
index f3c7fa0..fa4c6bf 100644
--- a/src/java/com/android/internal/net/ipsec/ike/net/IkeDefaultNetworkCallback.java
+++ b/src/java/com/android/internal/net/ipsec/ike/net/IkeDefaultNetworkCallback.java
@@ -21,7 +21,7 @@
import java.net.InetAddress;
/**
- * IkeDefaultNetworkCallback is a network callback used to track the platform's default network.
+ * IkeDefaultNetworkCallback is a network callback used to track the application default Network.
*
* <p>This NetworkCallback will notify IkeSessionStateMachine if:
*
@@ -47,7 +47,7 @@
return;
}
- logd("Platform default Network changed to " + network);
+ logd("Application default Network changed to " + network);
mIkeNetworkUpdater.onUnderlyingNetworkUpdated(network);
}
}
diff --git a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/IkeSessionStateMachineTest.java b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/IkeSessionStateMachineTest.java
index 4a7d8ea..cb5ae8d 100644
--- a/tests/iketests/src/java/com/android/internal/net/ipsec/ike/IkeSessionStateMachineTest.java
+++ b/tests/iketests/src/java/com/android/internal/net/ipsec/ike/IkeSessionStateMachineTest.java
@@ -116,7 +116,7 @@
import android.net.ipsec.ike.exceptions.AuthenticationFailedException;
import android.net.ipsec.ike.exceptions.IkeException;
import android.net.ipsec.ike.exceptions.IkeInternalException;
-import android.net.ipsec.ike.exceptions.IkeNetworkDiedException;
+import android.net.ipsec.ike.exceptions.IkeNetworkLostException;
import android.net.ipsec.ike.exceptions.IkeProtocolException;
import android.net.ipsec.ike.exceptions.InvalidSyntaxException;
import android.net.ipsec.ike.exceptions.NoValidProposalChosenException;
@@ -5574,7 +5574,7 @@
ArgumentCaptor<IkeException> exceptionCaptor = ArgumentCaptor.forClass(IkeException.class);
verify(mMockIkeSessionCallback).onError(exceptionCaptor.capture());
- IkeNetworkDiedException cause = (IkeNetworkDiedException) exceptionCaptor.getValue();
+ IkeNetworkLostException cause = (IkeNetworkLostException) exceptionCaptor.getValue();
assertEquals(mMockDefaultNetwork, cause.getNetwork());
}