[Wi-Fi] Ignore incorrect user certificates am: 9e46a0bc93

Change-Id: If45cb2b3e0c37b16047ff0c393da1cbfb379b091
2020-03-04 02:32:45 +00:00
parent db71edac5c 9e46a0bc93
commit 3af57b3c28
2 changed files with 39 additions and 3 deletions
--- a/src/com/android/settings/wifi/WifiConfigController.java
+++ b/src/com/android/settings/wifi/WifiConfigController.java
@@ -74,6 +74,7 @@ import java.net.InetAddress;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Iterator;
+import java.util.stream.Collectors;

 /**
 * The class for allowing UIs like {@link WifiDialog} and {@link WifiConfigUiBase} to
@@ -125,6 +126,14 @@ public class WifiConfigController implements TextWatcher,
    public static final int WIFI_TTLS_PHASE2_MSCHAPV2  = 2;
    public static final int WIFI_TTLS_PHASE2_GTC       = 3;

+    private static final String UNDESIRED_CERTIFICATE_MACRANDSECRET = "MacRandSecret";
+    private static final String UNDESIRED_CERTIFICATE_MACRANDSAPSECRET = "MacRandSapSecret";
+    @VisibleForTesting
+    static final String[] UNDESIRED_CERTIFICATES = {
+        UNDESIRED_CERTIFICATE_MACRANDSECRET,
+        UNDESIRED_CERTIFICATE_MACRANDSAPSECRET
+    };
+
    /* Phase2 methods supported by PEAP are limited */
    private ArrayAdapter<CharSequence> mPhase2PeapAdapter;
    /* Phase2 methods supported by TTLS are limited */
@@ -1383,7 +1392,8 @@ public class WifiConfigController implements TextWatcher,
        return KeyStore.getInstance();
    }

-    private void loadCertificates(
+    @VisibleForTesting
+    void loadCertificates(
            Spinner spinner,
            String prefix,
            String noCertificateString,
@@ -1399,12 +1409,24 @@ public class WifiConfigController implements TextWatcher,
        if (showUsePreinstalledCertOption) {
            certs.add(mUseSystemCertsString);
        }
+
+        String[] certificateNames = null;
        try {
-            certs.addAll(
-                Arrays.asList(getKeyStore().list(prefix, android.os.Process.WIFI_UID)));
+            certificateNames = getKeyStore().list(prefix, android.os.Process.WIFI_UID);
        } catch (Exception e) {
            Log.e(TAG, "can't get the certificate list from KeyStore");
        }
+        if (certificateNames != null && certificateNames.length != 0) {
+            certs.addAll(Arrays.stream(certificateNames)
+                    .filter(certificateName -> {
+                        for (String undesired : UNDESIRED_CERTIFICATES) {
+                            if (certificateName.startsWith(undesired)) {
+                                return false;
+                            }
+                        }
+                        return true;
+                    }).collect(Collectors.toList()));
+        }

        if (mAccessPointSecurity != AccessPoint.SECURITY_EAP_SUITE_B) {
            certs.add(noCertificateString);