[Wi-Fi] Ignore incorrect user certificates

These incorrect user certificates displayed when users editing a Wi-Fi network of WPA3-Enterprise in 192bit. Bug: 149763958 Test: make RunSettingsRoboTests ROBOTEST_FILTER=WifiConfigControllerTest make RunSettingsRoboTests ROBOTEST_FILTER=WifiConfigControllerTest2 Change-Id: Iab35ac975933abc54fda83b99a2109d53d6722d4
2020-02-21 14:40:42 +08:00
parent 34fdec2668
commit 9730b5aa86
4 changed files with 80 additions and 5 deletions
--- a/src/com/android/settings/wifi/WifiConfigController2.java
+++ b/src/com/android/settings/wifi/WifiConfigController2.java
@@ -82,6 +82,7 @@ import java.net.InetAddress;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Iterator;
+import java.util.stream.Collectors;

 /**
 * The class for allowing UIs like {@link WifiDialog2} and {@link WifiConfigUiBase2} to
@@ -133,6 +134,14 @@ public class WifiConfigController2 implements TextWatcher,
    public static final int WIFI_TTLS_PHASE2_MSCHAPV2  = 2;
    public static final int WIFI_TTLS_PHASE2_GTC       = 3;

+    private static final String UNDESIRED_CERTIFICATE_MACRANDSECRET = "MacRandSecret";
+    private static final String UNDESIRED_CERTIFICATE_MACRANDSAPSECRET = "MacRandSapSecret";
+    @VisibleForTesting
+    static final String[] UNDESIRED_CERTIFICATES = {
+        UNDESIRED_CERTIFICATE_MACRANDSECRET,
+        UNDESIRED_CERTIFICATE_MACRANDSAPSECRET
+    };
+
    /* Phase2 methods supported by PEAP are limited */
    private ArrayAdapter<CharSequence> mPhase2PeapAdapter;
    /* Phase2 methods supported by TTLS are limited */
@@ -1421,7 +1430,8 @@ public class WifiConfigController2 implements TextWatcher,
        return KeyStore.getInstance();
    }

-    private void loadCertificates(
+    @VisibleForTesting
+    void loadCertificates(
            Spinner spinner,
            String prefix,
            String noCertificateString,
@@ -1437,11 +1447,25 @@ public class WifiConfigController2 implements TextWatcher,
        if (showUsePreinstalledCertOption) {
            certs.add(mUseSystemCertsString);
        }
+
+        String[] certificateNames = null;
        try {
-            certs.addAll(Arrays.asList(getKeyStore().list(prefix, android.os.Process.WIFI_UID)));
+            certificateNames = getKeyStore().list(prefix, android.os.Process.WIFI_UID);
        } catch (Exception e) {
            Log.e(TAG, "can't get the certificate list from KeyStore");
        }
+        if (certificateNames != null && certificateNames.length != 0) {
+            certs.addAll(Arrays.stream(certificateNames)
+                    .filter(certificateName -> {
+                        for (String undesired : UNDESIRED_CERTIFICATES) {
+                            if (certificateName.startsWith(undesired)) {
+                                return false;
+                            }
+                        }
+                        return true;
+                    }).collect(Collectors.toList()));
+        }
+
        if (mWifiEntrySecurity != WifiEntry.SECURITY_EAP_SUITE_B) {
            certs.add(noCertificateString);
        }