From 9730b5aa86283ece8be3d78b718eea29952704a5 Mon Sep 17 00:00:00 2001 From: Arc Wang Date: Fri, 21 Feb 2020 14:40:42 +0800 Subject: [PATCH] [Wi-Fi] Ignore incorrect user certificates These incorrect user certificates displayed when users editing a Wi-Fi network of WPA3-Enterprise in 192bit. Bug: 149763958 Test: make RunSettingsRoboTests ROBOTEST_FILTER=WifiConfigControllerTest make RunSettingsRoboTests ROBOTEST_FILTER=WifiConfigControllerTest2 Change-Id: Iab35ac975933abc54fda83b99a2109d53d6722d4 --- .../settings/wifi/WifiConfigController.java | 29 +++++++++++++++++-- .../settings/wifi/WifiConfigController2.java | 28 ++++++++++++++++-- .../wifi/WifiConfigController2Test.java | 14 +++++++++ .../wifi/WifiConfigControllerTest.java | 14 +++++++++ 4 files changed, 80 insertions(+), 5 deletions(-) diff --git a/src/com/android/settings/wifi/WifiConfigController.java b/src/com/android/settings/wifi/WifiConfigController.java index d9b9e3c3409..5264e103c81 100644 --- a/src/com/android/settings/wifi/WifiConfigController.java +++ b/src/com/android/settings/wifi/WifiConfigController.java @@ -82,6 +82,7 @@ import java.net.InetAddress; import java.util.ArrayList; import java.util.Arrays; import java.util.Iterator; +import java.util.stream.Collectors; /** * The class for allowing UIs like {@link WifiDialog} and {@link WifiConfigUiBase} to @@ -133,6 +134,14 @@ public class WifiConfigController implements TextWatcher, public static final int WIFI_TTLS_PHASE2_MSCHAPV2 = 2; public static final int WIFI_TTLS_PHASE2_GTC = 3; + private static final String UNDESIRED_CERTIFICATE_MACRANDSECRET = "MacRandSecret"; + private static final String UNDESIRED_CERTIFICATE_MACRANDSAPSECRET = "MacRandSapSecret"; + @VisibleForTesting + static final String[] UNDESIRED_CERTIFICATES = { + UNDESIRED_CERTIFICATE_MACRANDSECRET, + UNDESIRED_CERTIFICATE_MACRANDSAPSECRET + }; + /* Phase2 methods supported by PEAP are limited */ private ArrayAdapter mPhase2PeapAdapter; /* Phase2 methods supported by TTLS are limited */ @@ -1425,7 +1434,8 @@ public class WifiConfigController implements TextWatcher, return KeyStore.getInstance(); } - private void loadCertificates( + @VisibleForTesting + void loadCertificates( Spinner spinner, String prefix, String noCertificateString, @@ -1441,12 +1451,25 @@ public class WifiConfigController implements TextWatcher, if (showUsePreinstalledCertOption) { certs.add(mUseSystemCertsString); } + + String[] certificateNames = null; try { - certs.addAll( - Arrays.asList(getKeyStore().list(prefix, android.os.Process.WIFI_UID))); + certificateNames = getKeyStore().list(prefix, android.os.Process.WIFI_UID); } catch (Exception e) { Log.e(TAG, "can't get the certificate list from KeyStore"); } + if (certificateNames != null && certificateNames.length != 0) { + certs.addAll(Arrays.stream(certificateNames) + .filter(certificateName -> { + for (String undesired : UNDESIRED_CERTIFICATES) { + if (certificateName.startsWith(undesired)) { + return false; + } + } + return true; + }).collect(Collectors.toList())); + } + if (mAccessPointSecurity != AccessPoint.SECURITY_EAP_SUITE_B) { certs.add(noCertificateString); } diff --git a/src/com/android/settings/wifi/WifiConfigController2.java b/src/com/android/settings/wifi/WifiConfigController2.java index 8352a767f11..830f061bd16 100644 --- a/src/com/android/settings/wifi/WifiConfigController2.java +++ b/src/com/android/settings/wifi/WifiConfigController2.java @@ -82,6 +82,7 @@ import java.net.InetAddress; import java.util.ArrayList; import java.util.Arrays; import java.util.Iterator; +import java.util.stream.Collectors; /** * The class for allowing UIs like {@link WifiDialog2} and {@link WifiConfigUiBase2} to @@ -133,6 +134,14 @@ public class WifiConfigController2 implements TextWatcher, public static final int WIFI_TTLS_PHASE2_MSCHAPV2 = 2; public static final int WIFI_TTLS_PHASE2_GTC = 3; + private static final String UNDESIRED_CERTIFICATE_MACRANDSECRET = "MacRandSecret"; + private static final String UNDESIRED_CERTIFICATE_MACRANDSAPSECRET = "MacRandSapSecret"; + @VisibleForTesting + static final String[] UNDESIRED_CERTIFICATES = { + UNDESIRED_CERTIFICATE_MACRANDSECRET, + UNDESIRED_CERTIFICATE_MACRANDSAPSECRET + }; + /* Phase2 methods supported by PEAP are limited */ private ArrayAdapter mPhase2PeapAdapter; /* Phase2 methods supported by TTLS are limited */ @@ -1421,7 +1430,8 @@ public class WifiConfigController2 implements TextWatcher, return KeyStore.getInstance(); } - private void loadCertificates( + @VisibleForTesting + void loadCertificates( Spinner spinner, String prefix, String noCertificateString, @@ -1437,11 +1447,25 @@ public class WifiConfigController2 implements TextWatcher, if (showUsePreinstalledCertOption) { certs.add(mUseSystemCertsString); } + + String[] certificateNames = null; try { - certs.addAll(Arrays.asList(getKeyStore().list(prefix, android.os.Process.WIFI_UID))); + certificateNames = getKeyStore().list(prefix, android.os.Process.WIFI_UID); } catch (Exception e) { Log.e(TAG, "can't get the certificate list from KeyStore"); } + if (certificateNames != null && certificateNames.length != 0) { + certs.addAll(Arrays.stream(certificateNames) + .filter(certificateName -> { + for (String undesired : UNDESIRED_CERTIFICATES) { + if (certificateName.startsWith(undesired)) { + return false; + } + } + return true; + }).collect(Collectors.toList())); + } + if (mWifiEntrySecurity != WifiEntry.SECURITY_EAP_SUITE_B) { certs.add(noCertificateString); } diff --git a/tests/robotests/src/com/android/settings/wifi/WifiConfigController2Test.java b/tests/robotests/src/com/android/settings/wifi/WifiConfigController2Test.java index e0dc97fd699..c9bc3465467 100644 --- a/tests/robotests/src/com/android/settings/wifi/WifiConfigController2Test.java +++ b/tests/robotests/src/com/android/settings/wifi/WifiConfigController2Test.java @@ -240,6 +240,20 @@ public class WifiConfigController2Test { // No Crash } + @Test + public void loadCertificates_undesiredCertificates_shouldNotLoadUndesiredCertificates() { + final Spinner spinner = new Spinner(mContext); + when(mKeyStore.list(anyString())).thenReturn(WifiConfigController.UNDESIRED_CERTIFICATES); + + mController.loadCertificates(spinner, + "prefix", + "doNotProvideEapUserCertString", + false /* showMultipleCerts */, + false /* showUsePreinstalledCertOption */); + + assertThat(spinner.getAdapter().getCount()).isEqualTo(1); // doNotProvideEapUserCertString + } + @Test public void ssidGetFocus_addNewNetwork_shouldReturnTrue() { mController = new TestWifiConfigController2(mConfigUiBase, mView, null /* wifiEntry */, diff --git a/tests/robotests/src/com/android/settings/wifi/WifiConfigControllerTest.java b/tests/robotests/src/com/android/settings/wifi/WifiConfigControllerTest.java index 3a17b6c76fb..9146998a6f6 100644 --- a/tests/robotests/src/com/android/settings/wifi/WifiConfigControllerTest.java +++ b/tests/robotests/src/com/android/settings/wifi/WifiConfigControllerTest.java @@ -240,6 +240,20 @@ public class WifiConfigControllerTest { // No Crash } + @Test + public void loadCertificates_undesiredCertificates_shouldNotLoadUndesiredCertificates() { + final Spinner spinner = new Spinner(mContext); + when(mKeyStore.list(anyString())).thenReturn(WifiConfigController.UNDESIRED_CERTIFICATES); + + mController.loadCertificates(spinner, + "prefix", + "doNotProvideEapUserCertString", + false /* showMultipleCerts */, + false /* showUsePreinstalledCertOption */); + + assertThat(spinner.getAdapter().getCount()).isEqualTo(1); // doNotProvideEapUserCertString + } + @Test public void ssidGetFocus_addNewNetwork_shouldReturnTrue() { mController = new TestWifiConfigController(mConfigUiBase, mView, null /* accessPoint */,