PawletOS/app_Settings
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[Wi-Fi] Force users to select a phase2 authentication for PEAP & TTLS

Browse Source 
To improve security.

Bug: 143601727
Test: make RunSettingsRoboTests ROBOTEST_FILTER=WifiConfigControllerTest
Change-Id: I0cb1ceda6d89a52224f80ea5ffd1af709a6acace
This commit is contained in:
Arc Wang
2019-11-19 17:49:34 +08:00
parent dee1548f61
commit 41661fe69c
4 changed files with 77 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
res/layout/wifi_dialog.xml
View File

@@ -156,8 +156,7 @@
android:layout_width="match_parent" android:layout_width="match_parent"
android:layout_height="wrap_content" android:layout_height="wrap_content"
style="@style/wifi_item_spinner" style="@style/wifi_item_spinner"
android:prompt="@string/please_select_phase2" android:prompt="@string/please_select_phase2" />
android:entries="@array/wifi_phase2_entries" />
</LinearLayout> </LinearLayout>
<LinearLayout android:id="@+id/l_ca_cert" <LinearLayout android:id="@+id/l_ca_cert"

7
res/values/arrays.xml
View File

@@ -380,14 +380,12 @@
<!-- Phase 2 options for PEAP --> <!-- Phase 2 options for PEAP -->
<string-array name="wifi_peap_phase2_entries"> <string-array name="wifi_peap_phase2_entries">
<item>None</item>
<item>MSCHAPV2</item> <item>MSCHAPV2</item>
<item>GTC</item> <item>GTC</item>
</string-array> </string-array>
<!-- Type of EAP method when EAP SIM, AKA, AKA' are supported --> <!-- Type of EAP method when EAP SIM, AKA, AKA' are supported -->
<string-array name="wifi_peap_phase2_entries_with_sim_auth"> <string-array name="wifi_peap_phase2_entries_with_sim_auth">
<item>None</item>
<item translatable="false">MSCHAPV2</item> <item translatable="false">MSCHAPV2</item>
<item translatable="false">GTC</item> <item translatable="false">GTC</item>
<item translatable="false">SIM</item> <item translatable="false">SIM</item>
@@ -395,9 +393,8 @@
<item translatable="false">AKA\'</item> <item translatable="false">AKA\'</item>
</string-array> </string-array>
<!-- Phase 2 options for rest of EAP methods --> <!-- Phase 2 options for TTLS -->
<string-array name="wifi_phase2_entries"> <string-array name="wifi_ttls_phase2_entries">
<item>None</item>
<item>PAP</item> <item>PAP</item>
<item>MSCHAP</item> <item>MSCHAP</item>
<item>MSCHAPV2</item> <item>MSCHAPV2</item>

78
src/com/android/settings/wifi/WifiConfigController.java
View File

@@ -121,18 +121,22 @@ public class WifiConfigController implements TextWatcher,
public static final int WIFI_EAP_METHOD_AKA_PRIME = 6; public static final int WIFI_EAP_METHOD_AKA_PRIME = 6;
/* These values come from "wifi_peap_phase2_entries" resource array */ /* These values come from "wifi_peap_phase2_entries" resource array */
public static final int WIFI_PEAP_PHASE2_NONE = 0; public static final int WIFI_PEAP_PHASE2_MSCHAPV2 = 0;
public static final int WIFI_PEAP_PHASE2_MSCHAPV2 = 1; public static final int WIFI_PEAP_PHASE2_GTC = 1;
public static final int WIFI_PEAP_PHASE2_GTC = 2; public static final int WIFI_PEAP_PHASE2_SIM = 2;
public static final int WIFI_PEAP_PHASE2_SIM = 3; public static final int WIFI_PEAP_PHASE2_AKA = 3;
public static final int WIFI_PEAP_PHASE2_AKA = 4; public static final int WIFI_PEAP_PHASE2_AKA_PRIME = 4;
public static final int WIFI_PEAP_PHASE2_AKA_PRIME = 5;
/* These values come from "wifi_ttls_phase2_entries" resource array */
public static final int WIFI_TTLS_PHASE2_PAP = 0;
public static final int WIFI_TTLS_PHASE2_MSCHAP = 1;
public static final int WIFI_TTLS_PHASE2_MSCHAPV2 = 2;
public static final int WIFI_TTLS_PHASE2_GTC = 3;
/* Phase2 methods supported by PEAP are limited */ /* Phase2 methods supported by PEAP are limited */
private ArrayAdapter<CharSequence> mPhase2PeapAdapter; private ArrayAdapter<CharSequence> mPhase2PeapAdapter;
/* Full list of phase2 methods */ /* Phase2 methods supported by TTLS are limited */
private ArrayAdapter<CharSequence> mPhase2FullAdapter; private ArrayAdapter<CharSequence> mPhase2TtlsAdapter;
// e.g. AccessPoint.SECURITY_NONE // e.g. AccessPoint.SECURITY_NONE
@VisibleForTesting @VisibleForTesting
@@ -154,7 +158,7 @@ public class WifiConfigController implements TextWatcher,
private Spinner mEapOcspSpinner; private Spinner mEapOcspSpinner;
private TextView mEapDomainView; private TextView mEapDomainView;
private Spinner mPhase2Spinner; private Spinner mPhase2Spinner;
// Associated with mPhase2Spinner, one of mPhase2FullAdapter or mPhase2PeapAdapter // Associated with mPhase2Spinner, one of mPhase2TtlsAdapter or mPhase2PeapAdapter
private ArrayAdapter<CharSequence> mPhase2Adapter; private ArrayAdapter<CharSequence> mPhase2Adapter;
private Spinner mEapUserCertSpinner; private Spinner mEapUserCertSpinner;
private TextView mEapIdentityView; private TextView mEapIdentityView;
@@ -243,7 +247,7 @@ public class WifiConfigController implements TextWatcher,
R.array.wifi_peap_phase2_entries_with_sim_auth); R.array.wifi_peap_phase2_entries_with_sim_auth);
} }
mPhase2FullAdapter = getSpinnerAdapter(R.array.wifi_phase2_entries); mPhase2TtlsAdapter = getSpinnerAdapter(R.array.wifi_ttls_phase2_entries);
mUnspecifiedCertString = mContext.getString(R.string.wifi_unspecified); mUnspecifiedCertString = mContext.getString(R.string.wifi_unspecified);
mMultipleCertSetString = mContext.getString(R.string.wifi_multiple_cert_added); mMultipleCertSetString = mContext.getString(R.string.wifi_multiple_cert_added);
@@ -713,9 +717,6 @@ public class WifiConfigController implements TextWatcher,
// Map the index from the mPhase2PeapAdapter to the one used // Map the index from the mPhase2PeapAdapter to the one used
// by the API which has the full list of PEAP methods. // by the API which has the full list of PEAP methods.
switch(phase2Method) { switch(phase2Method) {
case WIFI_PEAP_PHASE2_NONE:
config.enterpriseConfig.setPhase2Method(Phase2.NONE);
break;
case WIFI_PEAP_PHASE2_MSCHAPV2: case WIFI_PEAP_PHASE2_MSCHAPV2:
config.enterpriseConfig.setPhase2Method(Phase2.MSCHAPV2); config.enterpriseConfig.setPhase2Method(Phase2.MSCHAPV2);
break; break;
@@ -736,9 +737,27 @@ public class WifiConfigController implements TextWatcher,
break; break;
} }
break; break;
case Eap.TTLS:
// The default index from mPhase2TtlsAdapter maps to the API
switch(phase2Method) {
case WIFI_TTLS_PHASE2_PAP:
config.enterpriseConfig.setPhase2Method(Phase2.PAP);
break;
case WIFI_TTLS_PHASE2_MSCHAP:
config.enterpriseConfig.setPhase2Method(Phase2.MSCHAP);
break;
case WIFI_TTLS_PHASE2_MSCHAPV2:
config.enterpriseConfig.setPhase2Method(Phase2.MSCHAPV2);
break;
case WIFI_TTLS_PHASE2_GTC:
config.enterpriseConfig.setPhase2Method(Phase2.GTC);
break;
default:
Log.e(TAG, "Unknown phase2 method" + phase2Method);
break;
}
break;
default: default:
// The default index from mPhase2FullAdapter maps to the API
config.enterpriseConfig.setPhase2Method(phase2Method);
break; break;
} }
@@ -1117,9 +1136,6 @@ public class WifiConfigController implements TextWatcher,
switch (eapMethod) { switch (eapMethod) {
case Eap.PEAP: case Eap.PEAP:
switch (phase2Method) { switch (phase2Method) {
case Phase2.NONE:
mPhase2Spinner.setSelection(WIFI_PEAP_PHASE2_NONE);
break;
case Phase2.MSCHAPV2: case Phase2.MSCHAPV2:
mPhase2Spinner.setSelection(WIFI_PEAP_PHASE2_MSCHAPV2); mPhase2Spinner.setSelection(WIFI_PEAP_PHASE2_MSCHAPV2);
break; break;
@@ -1140,8 +1156,26 @@ public class WifiConfigController implements TextWatcher,
break; break;
} }
break; break;
case Eap.TTLS:
switch (phase2Method) {
case Phase2.PAP:
mPhase2Spinner.setSelection(WIFI_TTLS_PHASE2_PAP);
break;
case Phase2.MSCHAP:
mPhase2Spinner.setSelection(WIFI_TTLS_PHASE2_MSCHAP);
break;
case Phase2.MSCHAPV2:
mPhase2Spinner.setSelection(WIFI_TTLS_PHASE2_MSCHAPV2);
break;
case Phase2.GTC:
mPhase2Spinner.setSelection(WIFI_TTLS_PHASE2_GTC);
break;
default:
Log.e(TAG, "Invalid phase 2 method " + phase2Method);
break;
}
break;
default: default:
mPhase2Spinner.setSelection(phase2Method);
break; break;
} }
if (!TextUtils.isEmpty(enterpriseConfig.getCaPath())) { if (!TextUtils.isEmpty(enterpriseConfig.getCaPath())) {
@@ -1242,8 +1276,8 @@ public class WifiConfigController implements TextWatcher,
break; break;
case WIFI_EAP_METHOD_TTLS: case WIFI_EAP_METHOD_TTLS:
// Reset adapter if needed // Reset adapter if needed
if (mPhase2Adapter != mPhase2FullAdapter) { if (mPhase2Adapter != mPhase2TtlsAdapter) {
mPhase2Adapter = mPhase2FullAdapter; mPhase2Adapter = mPhase2TtlsAdapter;
mPhase2Spinner.setAdapter(mPhase2Adapter); mPhase2Spinner.setAdapter(mPhase2Adapter);
} }
mView.findViewById(R.id.l_phase2).setVisibility(View.VISIBLE); mView.findViewById(R.id.l_phase2).setVisibility(View.VISIBLE);
@@ -1299,12 +1333,10 @@ public class WifiConfigController implements TextWatcher,
private void setIdentityInvisible() { private void setIdentityInvisible() {
mView.findViewById(R.id.l_identity).setVisibility(View.GONE); mView.findViewById(R.id.l_identity).setVisibility(View.GONE);
mPhase2Spinner.setSelection(Phase2.NONE);
} }
private void setPhase2Invisible() { private void setPhase2Invisible() {
mView.findViewById(R.id.l_phase2).setVisibility(View.GONE); mView.findViewById(R.id.l_phase2).setVisibility(View.GONE);
mPhase2Spinner.setSelection(Phase2.NONE);
} }
private void setCaCertInvisible() { private void setCaCertInvisible() {

21
tests/robotests/src/com/android/settings/wifi/WifiConfigControllerTest.java
View File

@@ -31,6 +31,7 @@ import android.content.res.Resources;
import android.net.wifi.WifiConfiguration; import android.net.wifi.WifiConfiguration;
import android.net.wifi.WifiEnterpriseConfig; import android.net.wifi.WifiEnterpriseConfig;
import android.net.wifi.WifiEnterpriseConfig.Eap; import android.net.wifi.WifiEnterpriseConfig.Eap;
import android.net.wifi.WifiEnterpriseConfig.Phase2;
import android.net.wifi.WifiManager; import android.net.wifi.WifiManager;
import android.os.ServiceSpecificException; import android.os.ServiceSpecificException;
import android.security.KeyStore; import android.security.KeyStore;
@@ -542,10 +543,26 @@ public class WifiConfigControllerTest {
mController = new TestWifiConfigController(mConfigUiBase, mView, mAccessPoint, mController = new TestWifiConfigController(mConfigUiBase, mView, mAccessPoint,
WifiConfigUiBase.MODE_MODIFY); WifiConfigUiBase.MODE_MODIFY);
final Spinner eapMethodSpinner = mView.findViewById(R.id.method); final Spinner eapMethodSpinner = mView.findViewById(R.id.method);
final Spinner phase2Spinner = mView.findViewById(R.id.phase2);
WifiConfiguration wifiConfiguration;
eapMethodSpinner.setSelection(Eap.TLS); // Test EAP method PEAP
eapMethodSpinner.setSelection(Eap.PEAP);
phase2Spinner.setSelection(WifiConfigController.WIFI_PEAP_PHASE2_MSCHAPV2);
wifiConfiguration = mController.getConfig();
assertThat(eapMethodSpinner.getSelectedItemPosition()).isEqualTo(Eap.TLS); assertThat(wifiConfiguration.enterpriseConfig.getEapMethod()).isEqualTo(Eap.PEAP);
assertThat(wifiConfiguration.enterpriseConfig.getPhase2Method()).isEqualTo(
Phase2.MSCHAPV2);
// Test EAP method TTLS
eapMethodSpinner.setSelection(Eap.TTLS);
phase2Spinner.setSelection(WifiConfigController.WIFI_TTLS_PHASE2_MSCHAPV2);
wifiConfiguration = mController.getConfig();
assertThat(wifiConfiguration.enterpriseConfig.getEapMethod()).isEqualTo(Eap.TTLS);
assertThat(wifiConfiguration.enterpriseConfig.getPhase2Method()).isEqualTo(
Phase2.MSCHAPV2);
} }
@Test @Test