diff --git a/res/layout/wifi_dialog.xml b/res/layout/wifi_dialog.xml
index b9a910bd2fd..aa2303d581f 100644
--- a/res/layout/wifi_dialog.xml
+++ b/res/layout/wifi_dialog.xml
@@ -178,6 +178,25 @@
android:prompt="@string/wifi_eap_ca_cert" />
+
+
+
+
+
+
PWD
+
+
+ - Do not validate
+ - Request certificate status
+ - Require certificate status
+ - Require all non-trusted certificate statuses
+
+
diff --git a/res/values/strings.xml b/res/values/strings.xml
index c88eec9f559..15584502afe 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -2133,6 +2133,8 @@
Phase 2 authentication
CA certificate
+
+ Online Certificate Status
Domain
diff --git a/src/com/android/settings/wifi/WifiConfigController.java b/src/com/android/settings/wifi/WifiConfigController.java
index 68ddb3ca640..78c2f0a7fd1 100644
--- a/src/com/android/settings/wifi/WifiConfigController.java
+++ b/src/com/android/settings/wifi/WifiConfigController.java
@@ -145,6 +145,7 @@ public class WifiConfigController implements TextWatcher,
private Spinner mSecuritySpinner;
private Spinner mEapMethodSpinner;
private Spinner mEapCaCertSpinner;
+ private Spinner mEapOcspSpinner;
private TextView mEapDomainView;
private Spinner mPhase2Spinner;
// Associated with mPhase2Spinner, one of mPhase2FullAdapter or mPhase2PeapAdapter
@@ -759,6 +760,14 @@ public class WifiConfigController implements TextWatcher,
+ ") should not both be non-null");
}
+ // Only set OCSP option if there is a valid CA certificate.
+ if (caCert.equals(mUnspecifiedCertString)
+ || caCert.equals(mDoNotValidateEapServerString)) {
+ config.enterpriseConfig.setOcsp(WifiEnterpriseConfig.OCSP_NONE);
+ } else {
+ config.enterpriseConfig.setOcsp(mEapOcspSpinner.getSelectedItemPosition());
+ }
+
String clientCert = (String) mEapUserCertSpinner.getSelectedItem();
if (clientCert.equals(mUnspecifiedCertString)
|| clientCert.equals(mDoNotProvideEapUserCertString)) {
@@ -993,6 +1002,7 @@ public class WifiConfigController implements TextWatcher,
mPhase2Spinner.setOnItemSelectedListener(this);
mEapCaCertSpinner = (Spinner) mView.findViewById(R.id.ca_cert);
mEapCaCertSpinner.setOnItemSelectedListener(this);
+ mEapOcspSpinner = (Spinner) mView.findViewById(R.id.ocsp);
mEapDomainView = (TextView) mView.findViewById(R.id.domain);
mEapDomainView.addTextChangedListener(this);
mEapUserCertSpinner = (Spinner) mView.findViewById(R.id.user_cert);
@@ -1034,6 +1044,11 @@ public class WifiConfigController implements TextWatcher,
mDoNotValidateEapServerString,
false,
true);
+ // To avoid the user connects to a non-secure network unexpectedly,
+ // request using system trusted certificates by default
+ // unless the user explicitly chooses "Do not validate" or other
+ // CA certificates.
+ setSelection(mEapCaCertSpinner, mUseSystemCertsString);
loadCertificates(
mEapUserCertSpinner,
Credentials.USER_PRIVATE_KEY,
@@ -1098,6 +1113,7 @@ public class WifiConfigController implements TextWatcher,
setSelection(mEapCaCertSpinner, mMultipleCertSetString);
}
}
+ mEapOcspSpinner.setSelection(enterpriseConfig.getOcsp());
mEapDomainView.setText(enterpriseConfig.getDomainSuffixMatch());
String userCert = enterpriseConfig.getClientCertificateAlias();
if (TextUtils.isEmpty(userCert)) {
@@ -1143,6 +1159,7 @@ public class WifiConfigController implements TextWatcher,
// Defaults for most of the EAP methods and over-riden by
// by certain EAP methods
mView.findViewById(R.id.l_ca_cert).setVisibility(View.VISIBLE);
+ mView.findViewById(R.id.l_ocsp).setVisibility(View.VISIBLE);
mView.findViewById(R.id.password_layout).setVisibility(View.VISIBLE);
mView.findViewById(R.id.show_password_layout).setVisibility(View.VISIBLE);
@@ -1151,6 +1168,7 @@ public class WifiConfigController implements TextWatcher,
case WIFI_EAP_METHOD_PWD:
setPhase2Invisible();
setCaCertInvisible();
+ setOcspInvisible();
setDomainInvisible();
setAnonymousIdentInvisible();
setUserCertInvisible();
@@ -1188,6 +1206,7 @@ public class WifiConfigController implements TextWatcher,
setPhase2Invisible();
setAnonymousIdentInvisible();
setCaCertInvisible();
+ setOcspInvisible();
setDomainInvisible();
setUserCertInvisible();
setPasswordInvisible();
@@ -1205,6 +1224,10 @@ public class WifiConfigController implements TextWatcher,
// Domain suffix matching is not relevant if the user hasn't chosen a CA
// certificate yet, or chooses not to validate the EAP server.
setDomainInvisible();
+ // Ocsp is an additional validation step for a server certifidate.
+ // This field is not relevant if the user hasn't chosen a valid
+ // CA certificate yet.
+ setOcspInvisible();
}
}
}
@@ -1239,6 +1262,11 @@ public class WifiConfigController implements TextWatcher,
setSelection(mEapCaCertSpinner, mUnspecifiedCertString);
}
+ private void setOcspInvisible() {
+ mView.findViewById(R.id.l_ocsp).setVisibility(View.GONE);
+ mEapOcspSpinner.setSelection(WifiEnterpriseConfig.OCSP_NONE);
+ }
+
private void setDomainInvisible() {
mView.findViewById(R.id.l_domain).setVisibility(View.GONE);
mEapDomainView.setText("");