Support inner auth method other than MSCHAPv2

[jornane]

Currently, only MSCHAPv2 is configured. The eap-config specifies which inner method should be configured, and although MSCHAPv2 is very common, there are other options that might need supporting.

The supported inner methods are documented here https://github.com/GEANT/CAT/blob/master/devices/eap_config/eap-metadata.xsd#L24-L42

I noticed that we also have a method/number mapping in the following files, I think we should make that in sync with the XSD file. I noticed the mapping in the following files

• src/plugins/wifi-eap-configurator/android/src/main/java/com/emergya/wifieapconfigurator/WifiEapConfigurator.java
• src/plugins/wifi-eap-configurator/ios/Plugin/Plugin.swift
• src/src/providers/global/global.ts b/src/src/providers/global/global.ts

If the outer method is TTLS, either <NonEAPAuthMethod> or <EAPMethod> must be set in the file (files that have TTLS but neither <NonEAPAuthMethod> or <EAPMethod> are invalid). I have not checked Android, but on iOS all <NonEAPAuthMethod>s are supported, but only MSCHAPv2 is supported for EAPMethod, in which case you set NEHotspotEAPSettings.TTLSInnerAuthenticationType.eapttlsInnerAuthenticationEAP

[jornane]

So we must support the following methods:

• TLS <AuthenticationMethod><EAPMethod><Type>13 (inner is not set, if it is set it MUST be accepted and ignored)
• TTLS-PAP <AuthenticationMethod><EAPMethod><Type>21 + <InnerAuthenticationMethod><NonEAPAuthMethod><Type>1
• TTLS-MSCHAP <AuthenticationMethod><EAPMethod><Type>21 + <InnerAuthenticationMethod><NonEAPAuthMethod><Type>2
• TTLS-MSCHAPv2 <AuthenticationMethod><EAPMethod><Type>21 + <InnerAuthenticationMethod><NonEAPAuthMethod><Type>3
• ~TTLS-EAP-MSCHAPv2 <AuthenticationMethod><EAPMethod><Type>21 + <EAPMethod><Type>26~
• PEAP-MSCHAPv2 <AuthenticationMethod><EAPMethod><Type>25 + ~<InnerAuthenticationMethod><EAPMethod><Type>26~

NOTE ~TTLS-EAP-MSCHAPv2~ can be interpreted as TTLS-MSCHAPv2 as long as it's documented in the code.

NOTE For PEAP-MSCHAPv2, the INNER method may be hardcoded and assumed, as long as it's documented in the code.

NOTE For TLS, the INNER must be ignored, but it's okay to still set it as auth, even if it's an invalid value (we've seen the value 999 in the wild)

The app must thus parse the eap-config file, and get the correct values from it. It MUST NOT make assumptions for missing values, so no defaults.

[jornane]

In more implementation specific terms terms, consider the function private configConnection() { which returns a dictionary with configuration settings.

In this dictionary:

• eap must be set to the value of <AuthenticationMethod><EAPMethod><Type>, valid values are 13, 21 and 25
• auth must be set to the value of <InnerAuthenticationMethod><NonEAPAuthMethod><Type> OR <InnerAuthenticationMethod><EAPMethod><Type>, valid values are 1, 2, 3 and 26

[jornane]

For the purpose of this change, setting the dictionary to the correct value is enough. In other words: No changes to the Swift or Java code are needed. We will update those to reflect the changes.

[amachadogarcia]

Fixed in commit f92a648d796b8670c5a9c2524dd3d6c6a1f206aa

[amachadogarcia]

Last fix in commit 579a841a313865f36ae7d4d49136965d174d660d