From f3848729b416a20a3d5d4b1a8e5a8794f727cbdc Mon Sep 17 00:00:00 2001 From: Arc Wang Date: Mon, 3 Feb 2020 11:21:21 +0800 Subject: [PATCH] [Wi-Fi] Force users to select a phase2 authentication for PEAP & TTLS To improve security. Bug: 143601727 Test: make RunSettingsRoboTests ROBOTEST_FILTER=WifiConfigControllerTest Change-Id: Idb93d5ca1eb81bdcc2bc139679f72053161e3e35 Merged-In: I0cb1ceda6d89a52224f80ea5ffd1af709a6acace --- res/layout/wifi_dialog.xml | 3 +- res/values/arrays.xml | 7 +- .../settings/wifi/WifiConfigController.java | 90 +++++++++++++------ .../wifi/WifiConfigControllerTest.java | 21 ++++- 4 files changed, 83 insertions(+), 38 deletions(-) diff --git a/res/layout/wifi_dialog.xml b/res/layout/wifi_dialog.xml index 0a25934a6da..50c22a2c723 100644 --- a/res/layout/wifi_dialog.xml +++ b/res/layout/wifi_dialog.xml @@ -156,8 +156,7 @@ android:layout_width="match_parent" android:layout_height="wrap_content" style="@style/wifi_item_spinner" - android:prompt="@string/please_select_phase2" - android:entries="@array/wifi_phase2_entries" /> + android:prompt="@string/please_select_phase2" /> - None MSCHAPV2 GTC - None MSCHAPV2 GTC SIM @@ -383,9 +381,8 @@ AKA\' - - - None + + PAP MSCHAP MSCHAPV2 diff --git a/src/com/android/settings/wifi/WifiConfigController.java b/src/com/android/settings/wifi/WifiConfigController.java index 48c9e54155a..27ac69d0cb3 100644 --- a/src/com/android/settings/wifi/WifiConfigController.java +++ b/src/com/android/settings/wifi/WifiConfigController.java @@ -113,18 +113,22 @@ public class WifiConfigController implements TextWatcher, public static final int WIFI_EAP_METHOD_AKA_PRIME = 6; /* These values come from "wifi_peap_phase2_entries" resource array */ - public static final int WIFI_PEAP_PHASE2_NONE = 0; - public static final int WIFI_PEAP_PHASE2_MSCHAPV2 = 1; - public static final int WIFI_PEAP_PHASE2_GTC = 2; - public static final int WIFI_PEAP_PHASE2_SIM = 3; - public static final int WIFI_PEAP_PHASE2_AKA = 4; - public static final int WIFI_PEAP_PHASE2_AKA_PRIME = 5; + public static final int WIFI_PEAP_PHASE2_MSCHAPV2 = 0; + public static final int WIFI_PEAP_PHASE2_GTC = 1; + public static final int WIFI_PEAP_PHASE2_SIM = 2; + public static final int WIFI_PEAP_PHASE2_AKA = 3; + public static final int WIFI_PEAP_PHASE2_AKA_PRIME = 4; + /* These values come from "wifi_ttls_phase2_entries" resource array */ + public static final int WIFI_TTLS_PHASE2_PAP = 0; + public static final int WIFI_TTLS_PHASE2_MSCHAP = 1; + public static final int WIFI_TTLS_PHASE2_MSCHAPV2 = 2; + public static final int WIFI_TTLS_PHASE2_GTC = 3; /* Phase2 methods supported by PEAP are limited */ - private ArrayAdapter mPhase2PeapAdapter; - /* Full list of phase2 methods */ - private ArrayAdapter mPhase2FullAdapter; + private ArrayAdapter mPhase2PeapAdapter; + /* Phase2 methods supported by TTLS are limited */ + private ArrayAdapter mPhase2TtlsAdapter; // e.g. AccessPoint.SECURITY_NONE @VisibleForTesting @@ -145,8 +149,8 @@ public class WifiConfigController implements TextWatcher, private Spinner mEapCaCertSpinner; private TextView mEapDomainView; private Spinner mPhase2Spinner; - // Associated with mPhase2Spinner, one of mPhase2FullAdapter or mPhase2PeapAdapter - private ArrayAdapter mPhase2Adapter; + // Associated with mPhase2Spinner, one of mPhase2TtlsAdapter or mPhase2PeapAdapter + private ArrayAdapter mPhase2Adapter; private Spinner mEapUserCertSpinner; private TextView mEapIdentityView; private TextView mEapAnonymousView; @@ -221,20 +225,20 @@ public class WifiConfigController implements TextWatcher, mLevels = res.getStringArray(R.array.wifi_signal); if (Utils.isWifiOnly(mContext) || !mContext.getResources().getBoolean( com.android.internal.R.bool.config_eap_sim_based_auth_supported)) { - mPhase2PeapAdapter = new ArrayAdapter( + mPhase2PeapAdapter = new ArrayAdapter( mContext, android.R.layout.simple_spinner_item, res.getStringArray(R.array.wifi_peap_phase2_entries)); } else { - mPhase2PeapAdapter = new ArrayAdapter( + mPhase2PeapAdapter = new ArrayAdapter( mContext, android.R.layout.simple_spinner_item, res.getStringArray(R.array.wifi_peap_phase2_entries_with_sim_auth)); } mPhase2PeapAdapter.setDropDownViewResource(android.R.layout.simple_spinner_dropdown_item); - mPhase2FullAdapter = new ArrayAdapter( + mPhase2TtlsAdapter = new ArrayAdapter( mContext, android.R.layout.simple_spinner_item, - res.getStringArray(R.array.wifi_phase2_entries)); - mPhase2FullAdapter.setDropDownViewResource(android.R.layout.simple_spinner_dropdown_item); + res.getStringArray(R.array.wifi_ttls_phase2_entries)); + mPhase2TtlsAdapter.setDropDownViewResource(android.R.layout.simple_spinner_dropdown_item); mUnspecifiedCertString = mContext.getString(R.string.wifi_unspecified); mMultipleCertSetString = mContext.getString(R.string.wifi_multiple_cert_added); @@ -662,9 +666,6 @@ public class WifiConfigController implements TextWatcher, // Map the index from the mPhase2PeapAdapter to the one used // by the API which has the full list of PEAP methods. switch(phase2Method) { - case WIFI_PEAP_PHASE2_NONE: - config.enterpriseConfig.setPhase2Method(Phase2.NONE); - break; case WIFI_PEAP_PHASE2_MSCHAPV2: config.enterpriseConfig.setPhase2Method(Phase2.MSCHAPV2); break; @@ -685,9 +686,27 @@ public class WifiConfigController implements TextWatcher, break; } break; + case Eap.TTLS: + // The default index from mPhase2TtlsAdapter maps to the API + switch(phase2Method) { + case WIFI_TTLS_PHASE2_PAP: + config.enterpriseConfig.setPhase2Method(Phase2.PAP); + break; + case WIFI_TTLS_PHASE2_MSCHAP: + config.enterpriseConfig.setPhase2Method(Phase2.MSCHAP); + break; + case WIFI_TTLS_PHASE2_MSCHAPV2: + config.enterpriseConfig.setPhase2Method(Phase2.MSCHAPV2); + break; + case WIFI_TTLS_PHASE2_GTC: + config.enterpriseConfig.setPhase2Method(Phase2.GTC); + break; + default: + Log.e(TAG, "Unknown phase2 method" + phase2Method); + break; + } + break; default: - // The default index from mPhase2FullAdapter maps to the API - config.enterpriseConfig.setPhase2Method(phase2Method); break; } @@ -1024,9 +1043,6 @@ public class WifiConfigController implements TextWatcher, switch (eapMethod) { case Eap.PEAP: switch (phase2Method) { - case Phase2.NONE: - mPhase2Spinner.setSelection(WIFI_PEAP_PHASE2_NONE); - break; case Phase2.MSCHAPV2: mPhase2Spinner.setSelection(WIFI_PEAP_PHASE2_MSCHAPV2); break; @@ -1047,8 +1063,26 @@ public class WifiConfigController implements TextWatcher, break; } break; + case Eap.TTLS: + switch (phase2Method) { + case Phase2.PAP: + mPhase2Spinner.setSelection(WIFI_TTLS_PHASE2_PAP); + break; + case Phase2.MSCHAP: + mPhase2Spinner.setSelection(WIFI_TTLS_PHASE2_MSCHAP); + break; + case Phase2.MSCHAPV2: + mPhase2Spinner.setSelection(WIFI_TTLS_PHASE2_MSCHAPV2); + break; + case Phase2.GTC: + mPhase2Spinner.setSelection(WIFI_TTLS_PHASE2_GTC); + break; + default: + Log.e(TAG, "Invalid phase 2 method " + phase2Method); + break; + } + break; default: - mPhase2Spinner.setSelection(phase2Method); break; } if (!TextUtils.isEmpty(enterpriseConfig.getCaPath())) { @@ -1146,8 +1180,8 @@ public class WifiConfigController implements TextWatcher, break; case WIFI_EAP_METHOD_TTLS: // Reset adapter if needed - if (mPhase2Adapter != mPhase2FullAdapter) { - mPhase2Adapter = mPhase2FullAdapter; + if (mPhase2Adapter != mPhase2TtlsAdapter) { + mPhase2Adapter = mPhase2TtlsAdapter; mPhase2Spinner.setAdapter(mPhase2Adapter); } mView.findViewById(R.id.l_phase2).setVisibility(View.VISIBLE); @@ -1198,12 +1232,10 @@ public class WifiConfigController implements TextWatcher, private void setIdentityInvisible() { mView.findViewById(R.id.l_identity).setVisibility(View.GONE); - mPhase2Spinner.setSelection(Phase2.NONE); } private void setPhase2Invisible() { mView.findViewById(R.id.l_phase2).setVisibility(View.GONE); - mPhase2Spinner.setSelection(Phase2.NONE); } private void setCaCertInvisible() { diff --git a/tests/robotests/src/com/android/settings/wifi/WifiConfigControllerTest.java b/tests/robotests/src/com/android/settings/wifi/WifiConfigControllerTest.java index 669a2e68436..ac5fa08506e 100644 --- a/tests/robotests/src/com/android/settings/wifi/WifiConfigControllerTest.java +++ b/tests/robotests/src/com/android/settings/wifi/WifiConfigControllerTest.java @@ -30,6 +30,7 @@ import android.content.Context; import android.net.wifi.WifiConfiguration; import android.net.wifi.WifiEnterpriseConfig; import android.net.wifi.WifiEnterpriseConfig.Eap; +import android.net.wifi.WifiEnterpriseConfig.Phase2; import android.net.wifi.WifiManager; import android.os.ServiceSpecificException; import android.security.KeyStore; @@ -484,9 +485,25 @@ public class WifiConfigControllerTest { mController = new TestWifiConfigController(mConfigUiBase, mView, mAccessPoint, WifiConfigUiBase.MODE_MODIFY); final Spinner eapMethodSpinner = mView.findViewById(R.id.method); + final Spinner phase2Spinner = mView.findViewById(R.id.phase2); + WifiConfiguration wifiConfiguration; - eapMethodSpinner.setSelection(Eap.TLS); + // Test EAP method PEAP + eapMethodSpinner.setSelection(Eap.PEAP); + phase2Spinner.setSelection(WifiConfigController.WIFI_PEAP_PHASE2_MSCHAPV2); + wifiConfiguration = mController.getConfig(); - assertThat(eapMethodSpinner.getSelectedItemPosition()).isEqualTo(Eap.TLS); + assertThat(wifiConfiguration.enterpriseConfig.getEapMethod()).isEqualTo(Eap.PEAP); + assertThat(wifiConfiguration.enterpriseConfig.getPhase2Method()).isEqualTo( + Phase2.MSCHAPV2); + + // Test EAP method TTLS + eapMethodSpinner.setSelection(Eap.TTLS); + phase2Spinner.setSelection(WifiConfigController.WIFI_TTLS_PHASE2_MSCHAPV2); + wifiConfiguration = mController.getConfig(); + + assertThat(wifiConfiguration.enterpriseConfig.getEapMethod()).isEqualTo(Eap.TTLS); + assertThat(wifiConfiguration.enterpriseConfig.getPhase2Method()).isEqualTo( + Phase2.MSCHAPV2); } }