[Wi-Fi] Ignore incorrect user certificates
These incorrect user certificates displayed when users
editing a Wi-Fi network of WPA3-Enterprise in 192bit.
Bug: 149763958
Test: make RunSettingsRoboTests ROBOTEST_FILTER=WifiConfigControllerTest
make RunSettingsRoboTests ROBOTEST_FILTER=WifiConfigControllerTest2
Change-Id: Iab35ac975933abc54fda83b99a2109d53d6722d4
This commit is contained in:
Arc Wang
@@ -82,6 +82,7 @@ import java.net.InetAddress;
|
|||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
import java.util.Iterator;
|
import java.util.Iterator;
|
||||||
|
import java.util.stream.Collectors;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The class for allowing UIs like {@link WifiDialog} and {@link WifiConfigUiBase} to
|
* The class for allowing UIs like {@link WifiDialog} and {@link WifiConfigUiBase} to
|
||||||
@@ -133,6 +134,14 @@ public class WifiConfigController implements TextWatcher,
|
|||||||
public static final int WIFI_TTLS_PHASE2_MSCHAPV2 = 2;
|
public static final int WIFI_TTLS_PHASE2_MSCHAPV2 = 2;
|
||||||
public static final int WIFI_TTLS_PHASE2_GTC = 3;
|
public static final int WIFI_TTLS_PHASE2_GTC = 3;
|
||||||
|
|
||||||
|
private static final String UNDESIRED_CERTIFICATE_MACRANDSECRET = "MacRandSecret";
|
||||||
|
private static final String UNDESIRED_CERTIFICATE_MACRANDSAPSECRET = "MacRandSapSecret";
|
||||||
|
@VisibleForTesting
|
||||||
|
static final String[] UNDESIRED_CERTIFICATES = {
|
||||||
|
UNDESIRED_CERTIFICATE_MACRANDSECRET,
|
||||||
|
UNDESIRED_CERTIFICATE_MACRANDSAPSECRET
|
||||||
|
};
|
||||||
|
|
||||||
/* Phase2 methods supported by PEAP are limited */
|
/* Phase2 methods supported by PEAP are limited */
|
||||||
private ArrayAdapter<CharSequence> mPhase2PeapAdapter;
|
private ArrayAdapter<CharSequence> mPhase2PeapAdapter;
|
||||||
/* Phase2 methods supported by TTLS are limited */
|
/* Phase2 methods supported by TTLS are limited */
|
||||||
@@ -1425,7 +1434,8 @@ public class WifiConfigController implements TextWatcher,
|
|||||||
return KeyStore.getInstance();
|
return KeyStore.getInstance();
|
||||||
}
|
}
|
||||||
|
|
||||||
private void loadCertificates(
|
@VisibleForTesting
|
||||||
|
void loadCertificates(
|
||||||
Spinner spinner,
|
Spinner spinner,
|
||||||
String prefix,
|
String prefix,
|
||||||
String noCertificateString,
|
String noCertificateString,
|
||||||
@@ -1441,12 +1451,25 @@ public class WifiConfigController implements TextWatcher,
|
|||||||
if (showUsePreinstalledCertOption) {
|
if (showUsePreinstalledCertOption) {
|
||||||
certs.add(mUseSystemCertsString);
|
certs.add(mUseSystemCertsString);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
String[] certificateNames = null;
|
||||||
try {
|
try {
|
||||||
certs.addAll(
|
certificateNames = getKeyStore().list(prefix, android.os.Process.WIFI_UID);
|
||||||
Arrays.asList(getKeyStore().list(prefix, android.os.Process.WIFI_UID)));
|
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
Log.e(TAG, "can't get the certificate list from KeyStore");
|
Log.e(TAG, "can't get the certificate list from KeyStore");
|
||||||
}
|
}
|
||||||
|
if (certificateNames != null && certificateNames.length != 0) {
|
||||||
|
certs.addAll(Arrays.stream(certificateNames)
|
||||||
|
.filter(certificateName -> {
|
||||||
|
for (String undesired : UNDESIRED_CERTIFICATES) {
|
||||||
|
if (certificateName.startsWith(undesired)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
}).collect(Collectors.toList()));
|
||||||
|
}
|
||||||
|
|
||||||
if (mAccessPointSecurity != AccessPoint.SECURITY_EAP_SUITE_B) {
|
if (mAccessPointSecurity != AccessPoint.SECURITY_EAP_SUITE_B) {
|
||||||
certs.add(noCertificateString);
|
certs.add(noCertificateString);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -82,6 +82,7 @@ import java.net.InetAddress;
|
|||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
import java.util.Iterator;
|
import java.util.Iterator;
|
||||||
|
import java.util.stream.Collectors;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The class for allowing UIs like {@link WifiDialog2} and {@link WifiConfigUiBase2} to
|
* The class for allowing UIs like {@link WifiDialog2} and {@link WifiConfigUiBase2} to
|
||||||
@@ -133,6 +134,14 @@ public class WifiConfigController2 implements TextWatcher,
|
|||||||
public static final int WIFI_TTLS_PHASE2_MSCHAPV2 = 2;
|
public static final int WIFI_TTLS_PHASE2_MSCHAPV2 = 2;
|
||||||
public static final int WIFI_TTLS_PHASE2_GTC = 3;
|
public static final int WIFI_TTLS_PHASE2_GTC = 3;
|
||||||
|
|
||||||
|
private static final String UNDESIRED_CERTIFICATE_MACRANDSECRET = "MacRandSecret";
|
||||||
|
private static final String UNDESIRED_CERTIFICATE_MACRANDSAPSECRET = "MacRandSapSecret";
|
||||||
|
@VisibleForTesting
|
||||||
|
static final String[] UNDESIRED_CERTIFICATES = {
|
||||||
|
UNDESIRED_CERTIFICATE_MACRANDSECRET,
|
||||||
|
UNDESIRED_CERTIFICATE_MACRANDSAPSECRET
|
||||||
|
};
|
||||||
|
|
||||||
/* Phase2 methods supported by PEAP are limited */
|
/* Phase2 methods supported by PEAP are limited */
|
||||||
private ArrayAdapter<CharSequence> mPhase2PeapAdapter;
|
private ArrayAdapter<CharSequence> mPhase2PeapAdapter;
|
||||||
/* Phase2 methods supported by TTLS are limited */
|
/* Phase2 methods supported by TTLS are limited */
|
||||||
@@ -1421,7 +1430,8 @@ public class WifiConfigController2 implements TextWatcher,
|
|||||||
return KeyStore.getInstance();
|
return KeyStore.getInstance();
|
||||||
}
|
}
|
||||||
|
|
||||||
private void loadCertificates(
|
@VisibleForTesting
|
||||||
|
void loadCertificates(
|
||||||
Spinner spinner,
|
Spinner spinner,
|
||||||
String prefix,
|
String prefix,
|
||||||
String noCertificateString,
|
String noCertificateString,
|
||||||
@@ -1437,11 +1447,25 @@ public class WifiConfigController2 implements TextWatcher,
|
|||||||
if (showUsePreinstalledCertOption) {
|
if (showUsePreinstalledCertOption) {
|
||||||
certs.add(mUseSystemCertsString);
|
certs.add(mUseSystemCertsString);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
String[] certificateNames = null;
|
||||||
try {
|
try {
|
||||||
certs.addAll(Arrays.asList(getKeyStore().list(prefix, android.os.Process.WIFI_UID)));
|
certificateNames = getKeyStore().list(prefix, android.os.Process.WIFI_UID);
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
Log.e(TAG, "can't get the certificate list from KeyStore");
|
Log.e(TAG, "can't get the certificate list from KeyStore");
|
||||||
}
|
}
|
||||||
|
if (certificateNames != null && certificateNames.length != 0) {
|
||||||
|
certs.addAll(Arrays.stream(certificateNames)
|
||||||
|
.filter(certificateName -> {
|
||||||
|
for (String undesired : UNDESIRED_CERTIFICATES) {
|
||||||
|
if (certificateName.startsWith(undesired)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
}).collect(Collectors.toList()));
|
||||||
|
}
|
||||||
|
|
||||||
if (mWifiEntrySecurity != WifiEntry.SECURITY_EAP_SUITE_B) {
|
if (mWifiEntrySecurity != WifiEntry.SECURITY_EAP_SUITE_B) {
|
||||||
certs.add(noCertificateString);
|
certs.add(noCertificateString);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -240,6 +240,20 @@ public class WifiConfigController2Test {
|
|||||||
// No Crash
|
// No Crash
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void loadCertificates_undesiredCertificates_shouldNotLoadUndesiredCertificates() {
|
||||||
|
final Spinner spinner = new Spinner(mContext);
|
||||||
|
when(mKeyStore.list(anyString())).thenReturn(WifiConfigController.UNDESIRED_CERTIFICATES);
|
||||||
|
|
||||||
|
mController.loadCertificates(spinner,
|
||||||
|
"prefix",
|
||||||
|
"doNotProvideEapUserCertString",
|
||||||
|
false /* showMultipleCerts */,
|
||||||
|
false /* showUsePreinstalledCertOption */);
|
||||||
|
|
||||||
|
assertThat(spinner.getAdapter().getCount()).isEqualTo(1); // doNotProvideEapUserCertString
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void ssidGetFocus_addNewNetwork_shouldReturnTrue() {
|
public void ssidGetFocus_addNewNetwork_shouldReturnTrue() {
|
||||||
mController = new TestWifiConfigController2(mConfigUiBase, mView, null /* wifiEntry */,
|
mController = new TestWifiConfigController2(mConfigUiBase, mView, null /* wifiEntry */,
|
||||||
|
|||||||
@@ -240,6 +240,20 @@ public class WifiConfigControllerTest {
|
|||||||
// No Crash
|
// No Crash
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void loadCertificates_undesiredCertificates_shouldNotLoadUndesiredCertificates() {
|
||||||
|
final Spinner spinner = new Spinner(mContext);
|
||||||
|
when(mKeyStore.list(anyString())).thenReturn(WifiConfigController.UNDESIRED_CERTIFICATES);
|
||||||
|
|
||||||
|
mController.loadCertificates(spinner,
|
||||||
|
"prefix",
|
||||||
|
"doNotProvideEapUserCertString",
|
||||||
|
false /* showMultipleCerts */,
|
||||||
|
false /* showUsePreinstalledCertOption */);
|
||||||
|
|
||||||
|
assertThat(spinner.getAdapter().getCount()).isEqualTo(1); // doNotProvideEapUserCertString
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void ssidGetFocus_addNewNetwork_shouldReturnTrue() {
|
public void ssidGetFocus_addNewNetwork_shouldReturnTrue() {
|
||||||
mController = new TestWifiConfigController(mConfigUiBase, mView, null /* accessPoint */,
|
mController = new TestWifiConfigController(mConfigUiBase, mView, null /* accessPoint */,
|
||||||
|
|||||||
Reference in New Issue
Block a user