[Wi-Fi] Ignore incorrect user certificates

These incorrect user certificates displayed when users
editing a Wi-Fi network of WPA3-Enterprise in 192bit.

Bug: 149763958
Test: make RunSettingsRoboTests ROBOTEST_FILTER=WifiConfigControllerTest
Change-Id: Idcbc80aa3e945f83ba6b77ebf9ef443398ef8e3c
Merged-In: Iab35ac975933abc54fda83b99a2109d53d6722d4

src/com/android/settings/wifi/WifiConfigController.java

@@ -74,6 +74,7 @@ import java.net.InetAddress;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Iterator;
+import java.util.stream.Collectors;
 
 /**
  * The class for allowing UIs like {@link WifiDialog} and {@link WifiConfigUiBase} to
@@ -125,6 +126,14 @@ public class WifiConfigController implements TextWatcher,
     public static final int WIFI_TTLS_PHASE2_MSCHAPV2  = 2;
     public static final int WIFI_TTLS_PHASE2_GTC       = 3;
 
+    private static final String UNDESIRED_CERTIFICATE_MACRANDSECRET = "MacRandSecret";
+    private static final String UNDESIRED_CERTIFICATE_MACRANDSAPSECRET = "MacRandSapSecret";
+    @VisibleForTesting
+    static final String[] UNDESIRED_CERTIFICATES = {
+        UNDESIRED_CERTIFICATE_MACRANDSECRET,
+        UNDESIRED_CERTIFICATE_MACRANDSAPSECRET
+    };
+
     /* Phase2 methods supported by PEAP are limited */
     private ArrayAdapter<CharSequence> mPhase2PeapAdapter;
     /* Phase2 methods supported by TTLS are limited */
@@ -1383,7 +1392,8 @@ public class WifiConfigController implements TextWatcher,
         return KeyStore.getInstance();
     }
 
-    private void loadCertificates(
+    @VisibleForTesting
+    void loadCertificates(
             Spinner spinner,
             String prefix,
             String noCertificateString,
@@ -1399,12 +1409,24 @@ public class WifiConfigController implements TextWatcher,
         if (showUsePreinstalledCertOption) {
             certs.add(mUseSystemCertsString);
         }
+
+        String[] certificateNames = null;
         try {
-            certs.addAll(
-                Arrays.asList(getKeyStore().list(prefix, android.os.Process.WIFI_UID)));
+            certificateNames = getKeyStore().list(prefix, android.os.Process.WIFI_UID);
         } catch (Exception e) {
             Log.e(TAG, "can't get the certificate list from KeyStore");
         }
+        if (certificateNames != null && certificateNames.length != 0) {
+            certs.addAll(Arrays.stream(certificateNames)
+                    .filter(certificateName -> {
+                        for (String undesired : UNDESIRED_CERTIFICATES) {
+                            if (certificateName.startsWith(undesired)) {
+                                return false;
+                            }
+                        }
+                        return true;
+                    }).collect(Collectors.toList()));
+        }
 
         if (mAccessPointSecurity != AccessPoint.SECURITY_EAP_SUITE_B) {
             certs.add(noCertificateString);

tests/robotests/src/com/android/settings/wifi/WifiConfigControllerTest.java

@@ -266,6 +266,20 @@ public class WifiConfigControllerTest {
         // No Crash
     }
 
+    @Test
+    public void loadCertificates_undesiredCertificates_shouldNotLoadUndesiredCertificates() {
+        final Spinner spinner = new Spinner(mContext);
+        when(mKeyStore.list(anyString())).thenReturn(WifiConfigController.UNDESIRED_CERTIFICATES);
+
+        mController.loadCertificates(spinner,
+                "prefix",
+                "doNotProvideEapUserCertString",
+                false /* showMultipleCerts */,
+                false /* showUsePreinstalledCertOption */);
+
+        assertThat(spinner.getAdapter().getCount()).isEqualTo(1);   // doNotProvideEapUserCertString
+    }
+
     @Test
     public void ssidGetFocus_addNewNetwork_shouldReturnTrue() {
         mController = new TestWifiConfigController(mConfigUiBase, mView, null /* accessPoint */,