From 30f7b5a7cfddc7bc3b0faa8aec3740f58dd514c3 Mon Sep 17 00:00:00 2001
From: Samuel Tan <samueltan@google.com>
Date: Thu, 21 Jan 2016 18:12:53 -0800
Subject: [PATCH] Add menu options for not specifying a EAP CA cert and User
 cert

Add the "Do not validate" and "Do not provide" menu
options for not providing a CA certificate and User certificate
respectively for EAP configurations.

Choosing these options are essentially equivalent to leaving
these fields alone as "(unspecified)" (when that option existed),
but now we require the user to make a conscious choice not to
provide these certificates.

BUG: 26686071
Change-Id: I4b9c07528d6d2ba3eb0787e7cfff69d05dd25679
TEST: Both the added options appear in the relevant menus.
TEST: Choosing both these added options in an EAP-TLS configuration
TEST: allows the configuration to be saved.
---
 res/layout/wifi_dialog.xml                    |  4 +-
 res/values/strings.xml                        |  4 ++
 .../settings/wifi/WifiConfigController.java   | 44 ++++++++++++++-----
 3 files changed, 39 insertions(+), 13 deletions(-)

diff --git a/res/layout/wifi_dialog.xml b/res/layout/wifi_dialog.xml
index 84d98da47bc..2becae64090 100644
--- a/res/layout/wifi_dialog.xml
+++ b/res/layout/wifi_dialog.xml
@@ -107,7 +107,7 @@
                             android:prompt="@string/wifi_eap_method"
                             android:entries="@array/wifi_eap_method" />
                 </LinearLayout>
-                
+
                 <LinearLayout android:id="@+id/l_phase2"
                         android:layout_width="match_parent"
                         android:layout_height="wrap_content"
@@ -301,7 +301,7 @@
                     android:layout_height="wrap_content"
                     style="@style/wifi_section"
                     android:visibility="gone">
-                <LinearLayout 
+                <LinearLayout
                         android:layout_width="match_parent"
                         android:layout_height="wrap_content"
                         style="@style/wifi_item">
diff --git a/res/values/strings.xml b/res/values/strings.xml
index c9cb70de449..bd01912ec8c 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -1584,6 +1584,10 @@
     <string name="wifi_unspecified">Please select</string>
     <!-- Hint for multiple certificates being added to the configuration -->
     <string name="wifi_multiple_cert_added">(Multiple certificates added)</string>
+    <!-- Menu option for not providing an EAP user certificate -->
+    <string name="wifi_do_not_provide_eap_user_cert">Do not provide</string>
+    <!-- Menu option for not validating the EAP server -->
+    <string name="wifi_do_not_validate_eap_server">Do not validate</string>
     <!-- Substring of status line when Wi-Fi Protected Setup (WPS) is available and
          string is listed first [CHAR LIMIT=20]-->
     <string name="wifi_wps_available_first_item">WPS available</string>
diff --git a/src/com/android/settings/wifi/WifiConfigController.java b/src/com/android/settings/wifi/WifiConfigController.java
index 1c3eb500f56..7d5acc0d24e 100644
--- a/src/com/android/settings/wifi/WifiConfigController.java
+++ b/src/com/android/settings/wifi/WifiConfigController.java
@@ -112,9 +112,13 @@ public class WifiConfigController
     private TextView mPasswordView;
 
     private String mUnspecifiedCertString;
-    private static final int UNSPECIFIED_CERT_INDEX = 0;
     private String mMultipleCertSetString;
-    private static final int MULTIPLE_CERT_SET_INDEX = 1;
+    private static final int UNSPECIFIED_CERT_INDEX = 0;
+    private static final int NO_CERT_INDEX = 1;
+    private static final int MULTIPLE_CERT_SET_INDEX = 2;
+
+    private String mDoNotProvideEapUserCertString;
+    private String mDoNotValidateEapServerString;
 
     private Spinner mSecuritySpinner;
     private Spinner mEapMethodSpinner;
@@ -180,6 +184,11 @@ public class WifiConfigController
 
         mUnspecifiedCertString = mContext.getString(R.string.wifi_unspecified);
         mMultipleCertSetString = mContext.getString(R.string.wifi_multiple_cert_added);
+        mDoNotProvideEapUserCertString =
+            mContext.getString(R.string.wifi_do_not_provide_eap_user_cert);
+        mDoNotValidateEapServerString =
+            mContext.getString(R.string.wifi_do_not_validate_eap_server);
+
         mIpSettingsSpinner = (Spinner) mView.findViewById(R.id.ip_settings);
         mIpSettingsSpinner.setOnItemSelectedListener(this);
         mProxySettingsSpinner = (Spinner) mView.findViewById(R.id.proxy_settings);
@@ -470,7 +479,10 @@ public class WifiConfigController
                         break;
                 }
                 String caCert = (String) mEapCaCertSpinner.getSelectedItem();
-                if (caCert.equals(mUnspecifiedCertString)) {
+                if (caCert.equals(mUnspecifiedCertString)
+                        || caCert.equals(mDoNotValidateEapServerString)) {
+                    // Note: |caCert| should not be able to take the value |unspecifiedCert|,
+                    // since we prevent such configurations from being saved.
                     config.enterpriseConfig.setCaCertificateAliases(null);
                 } else if (caCert.equals(mMultipleCertSetString)) {
                     if (mAccessPoint != null) {
@@ -478,14 +490,20 @@ public class WifiConfigController
                             Log.e(TAG, "Multiple certs can only be set when editing saved network");
                         }
                         config.enterpriseConfig.setCaCertificateAliases(
-                                mAccessPoint.getConfig().enterpriseConfig.getCaCertificateAliases());
+                                mAccessPoint.getConfig().enterpriseConfig
+                                        .getCaCertificateAliases());
                     }
                 } else {
                     config.enterpriseConfig.setCaCertificateAliases(new String[] {caCert});
                 }
 
                 String clientCert = (String) mEapUserCertSpinner.getSelectedItem();
-                if (clientCert.equals(mUnspecifiedCertString)) clientCert = "";
+                if (clientCert.equals(mUnspecifiedCertString)
+                        || clientCert.equals(mDoNotProvideEapUserCertString)) {
+                    // Note: |clientCert| should not be able to take the value |unspecifiedCert|,
+                    // since we prevent such configurations from being saved.
+                    clientCert = "";
+                }
                 config.enterpriseConfig.setClientCertificateAlias(clientCert);
                 if (eapMethod == Eap.SIM || eapMethod == Eap.AKA || eapMethod == Eap.AKA_PRIME) {
                     config.enterpriseConfig.setIdentity("");
@@ -693,8 +711,10 @@ public class WifiConfigController
             mEapIdentityView = (TextView) mView.findViewById(R.id.identity);
             mEapAnonymousView = (TextView) mView.findViewById(R.id.anonymous);
 
-            loadCertificates(mEapCaCertSpinner, Credentials.CA_CERTIFICATE, false);
-            loadCertificates(mEapUserCertSpinner, Credentials.USER_PRIVATE_KEY, false);
+            loadCertificates(mEapCaCertSpinner, Credentials.CA_CERTIFICATE, false,
+                    mDoNotValidateEapServerString);
+            loadCertificates(mEapUserCertSpinner, Credentials.USER_PRIVATE_KEY, false,
+                    mDoNotProvideEapUserCertString);
 
             // Modifying an existing network
             if (mAccessPoint != null && mAccessPoint.isSaved()) {
@@ -732,7 +752,7 @@ public class WifiConfigController
                 } else {
                     // Reload the cert spinner with an extra "multiple certificates added" item
                     loadCertificates(mEapCaCertSpinner,
-                            Credentials.CA_CERTIFICATE, true);
+                            Credentials.CA_CERTIFICATE, true, mDoNotValidateEapServerString);
                     mEapCaCertSpinner.setSelection(MULTIPLE_CERT_SET_INDEX);
                 }
                 setSelection(mEapUserCertSpinner, enterpriseConfig.getClientCertificateAlias());
@@ -966,13 +986,15 @@ public class WifiConfigController
         }
     }
 
-    private void loadCertificates(Spinner spinner, String prefix, boolean showMultipleCerts) {
+    private void loadCertificates(
+            Spinner spinner, String prefix, boolean showMultipleCerts, String noCertificateString) {
         final Context context = mConfigUi.getContext();
 
         ArrayList<String> certs = new ArrayList<String>();
-        certs.add(mUnspecifiedCertString);
+        certs.add(UNSPECIFIED_CERT_INDEX, mUnspecifiedCertString);
+        certs.add(NO_CERT_INDEX, noCertificateString);
         if (showMultipleCerts) {
-            certs.add(mMultipleCertSetString);
+            certs.add(MULTIPLE_CERT_SET_INDEX, mMultipleCertSetString);
         }
         certs.addAll(
                 Arrays.asList(KeyStore.getInstance().list(prefix, android.os.Process.WIFI_UID)));