Add minimum TLS version for Wi-Fi EAP network
- Remove "TLS v1.3" if device does not support it Bug: 258372351 Test: manual test make RunSettingsRoboTests ROBOTEST_FILTER=WifiConfigController2Test Change-Id: If7e41e8c404b4fbf92268afddd92bc6553e60576
This commit is contained in:
Weng Su
@@ -187,6 +187,24 @@
|
||||
android:prompt="@string/wifi_eap_ca_cert"/>
|
||||
</LinearLayout>
|
||||
|
||||
<LinearLayout android:id="@+id/l_min_tls_ver"
|
||||
android:layout_width="match_parent"
|
||||
android:layout_height="wrap_content"
|
||||
android:visibility="gone"
|
||||
style="@style/wifi_item">
|
||||
<TextView
|
||||
android:layout_width="wrap_content"
|
||||
android:layout_height="wrap_content"
|
||||
style="@style/wifi_item_label"
|
||||
android:text="@string/wifi_eap_min_tls_ver"/>
|
||||
|
||||
<Spinner android:id="@+id/min_tls_ver"
|
||||
android:layout_width="match_parent"
|
||||
android:layout_height="wrap_content"
|
||||
style="@style/wifi_item_spinner"
|
||||
android:prompt="@string/wifi_eap_min_tls_ver"/>
|
||||
</LinearLayout>
|
||||
|
||||
<LinearLayout android:id="@+id/l_ocsp"
|
||||
android:layout_width="match_parent"
|
||||
android:layout_height="wrap_content"
|
||||
|
||||
@@ -211,6 +211,15 @@
|
||||
<item>Require certificate status</item>
|
||||
</string-array>
|
||||
|
||||
<!-- Match this with the integer value of WifiEnterpriseConfig.TlsVersion -->
|
||||
<!-- Type of TlsVersion -->
|
||||
<string-array name="wifi_eap_tls_ver" translatable="false">
|
||||
<item>TLS v1.0</item>
|
||||
<item>TLS v1.1</item>
|
||||
<item>TLS v1.2</item>
|
||||
<item>TLS v1.3</item>
|
||||
</string-array>
|
||||
|
||||
<!-- Wi-Fi AP band settings. Either 2.4GHz or 5GHz prefer. -->
|
||||
<!-- Note that adding/removing/moving the items will need wifi settings code change. -->
|
||||
<string-array translatable="false" name="wifi_ap_band">
|
||||
|
||||
@@ -1534,6 +1534,8 @@
|
||||
<string name="please_select_phase2">Phase 2 authentication</string>
|
||||
<!-- Label for the EAP CA certificate of the network -->
|
||||
<string name="wifi_eap_ca_cert">CA certificate</string>
|
||||
<!-- Label for the EAP minimum TLS version of the network -->
|
||||
<string name="wifi_eap_min_tls_ver">Minimum TLS version</string>
|
||||
<!-- Label for the OCSP type of the network. [CHAR LIMIT=32] -->
|
||||
<string name="wifi_eap_ocsp">Online Certificate Status</string>
|
||||
<!-- Label for the domain name that the EAP CA certificate(s) can be used to validate. -->
|
||||
|
||||
@@ -179,6 +179,7 @@ public class WifiConfigController2 implements TextWatcher,
|
||||
private int mLastShownEapMethod;
|
||||
@VisibleForTesting Spinner mEapSimSpinner; // For EAP-SIM, EAP-AKA and EAP-AKA-PRIME.
|
||||
@VisibleForTesting Spinner mEapCaCertSpinner;
|
||||
private Spinner mEapMinTlsVerSpinner;
|
||||
private Spinner mEapOcspSpinner;
|
||||
private TextView mEapDomainView;
|
||||
private Spinner mPhase2Spinner;
|
||||
@@ -744,11 +745,14 @@ public class WifiConfigController2 implements TextWatcher,
|
||||
+ ") should not both be non-null");
|
||||
}
|
||||
|
||||
// Only set OCSP option if there is a valid CA certificate.
|
||||
// Only set certificate option if there is a valid CA certificate.
|
||||
if (caCert.equals(mUnspecifiedCertString)) {
|
||||
config.enterpriseConfig.setOcsp(WifiEnterpriseConfig.OCSP_NONE);
|
||||
config.enterpriseConfig.setMinimumTlsVersion(WifiEnterpriseConfig.TLS_V1_0);
|
||||
} else {
|
||||
config.enterpriseConfig.setOcsp(mEapOcspSpinner.getSelectedItemPosition());
|
||||
config.enterpriseConfig.setMinimumTlsVersion(
|
||||
mEapMinTlsVerSpinner.getSelectedItemPosition());
|
||||
}
|
||||
|
||||
String clientCert = (String) mEapUserCertSpinner.getSelectedItem();
|
||||
@@ -1005,6 +1009,8 @@ public class WifiConfigController2 implements TextWatcher,
|
||||
mPhase2Spinner.setOnItemSelectedListener(this);
|
||||
mEapCaCertSpinner = (Spinner) mView.findViewById(R.id.ca_cert);
|
||||
mEapCaCertSpinner.setOnItemSelectedListener(this);
|
||||
mEapMinTlsVerSpinner = getEapMinTlsVerSpinner(mWifiManager.isTlsV13Supported());
|
||||
|
||||
mEapOcspSpinner = (Spinner) mView.findViewById(R.id.ocsp);
|
||||
mEapDomainView = (TextView) mView.findViewById(R.id.domain);
|
||||
mEapDomainView.addTextChangedListener(this);
|
||||
@@ -1148,6 +1154,7 @@ public class WifiConfigController2 implements TextWatcher,
|
||||
setSelection(mEapCaCertSpinner, mMultipleCertSetString);
|
||||
}
|
||||
}
|
||||
mEapMinTlsVerSpinner.setSelection(enterpriseConfig.getMinimumTlsVersion());
|
||||
mEapOcspSpinner.setSelection(enterpriseConfig.getOcsp());
|
||||
mEapDomainView.setText(enterpriseConfig.getDomainSuffixMatch());
|
||||
String userCert = enterpriseConfig.getClientCertificateAlias();
|
||||
@@ -1179,6 +1186,7 @@ public class WifiConfigController2 implements TextWatcher,
|
||||
mEapMethodSpinner.setAccessibilityDelegate(selectedEventBlocker);
|
||||
mPhase2Spinner.setAccessibilityDelegate(selectedEventBlocker);
|
||||
mEapCaCertSpinner.setAccessibilityDelegate(selectedEventBlocker);
|
||||
mEapMinTlsVerSpinner.setAccessibilityDelegate(selectedEventBlocker);
|
||||
mEapOcspSpinner.setAccessibilityDelegate(selectedEventBlocker);
|
||||
mEapUserCertSpinner.setAccessibilityDelegate(selectedEventBlocker);
|
||||
}
|
||||
@@ -1214,6 +1222,9 @@ public class WifiConfigController2 implements TextWatcher,
|
||||
// Defaults for most of the EAP methods and over-riden by
|
||||
// by certain EAP methods
|
||||
mView.findViewById(R.id.l_ca_cert).setVisibility(View.VISIBLE);
|
||||
if (mWifiManager.isTlsMinimumVersionSupported()) {
|
||||
mView.findViewById(R.id.l_min_tls_ver).setVisibility(View.VISIBLE);
|
||||
}
|
||||
mView.findViewById(R.id.l_ocsp).setVisibility(View.VISIBLE);
|
||||
mView.findViewById(R.id.password_layout).setVisibility(View.VISIBLE);
|
||||
mView.findViewById(R.id.show_password_layout).setVisibility(View.VISIBLE);
|
||||
@@ -1224,6 +1235,7 @@ public class WifiConfigController2 implements TextWatcher,
|
||||
case WIFI_EAP_METHOD_PWD:
|
||||
setPhase2Invisible();
|
||||
setCaCertInvisible();
|
||||
setMinTlsVerInvisible();
|
||||
setOcspInvisible();
|
||||
setDomainInvisible();
|
||||
setAnonymousIdentInvisible();
|
||||
@@ -1265,6 +1277,7 @@ public class WifiConfigController2 implements TextWatcher,
|
||||
setPhase2Invisible();
|
||||
setAnonymousIdentInvisible();
|
||||
setCaCertInvisible();
|
||||
setMinTlsVerInvisible();
|
||||
setOcspInvisible();
|
||||
setDomainInvisible();
|
||||
setUserCertInvisible();
|
||||
@@ -1278,6 +1291,7 @@ public class WifiConfigController2 implements TextWatcher,
|
||||
if (eapCertSelection.equals(mUnspecifiedCertString)
|
||||
|| (mIsTrustOnFirstUseSupported
|
||||
&& eapCertSelection.equals(mTrustOnFirstUse))) {
|
||||
setMinTlsVerInvisible();
|
||||
// Domain suffix matching is not relevant if the user hasn't chosen a CA
|
||||
// certificate yet, or chooses not to validate the EAP server.
|
||||
setDomainInvisible();
|
||||
@@ -1319,6 +1333,11 @@ public class WifiConfigController2 implements TextWatcher,
|
||||
setSelection(mEapCaCertSpinner, mUnspecifiedCertString);
|
||||
}
|
||||
|
||||
private void setMinTlsVerInvisible() {
|
||||
mView.findViewById(R.id.l_min_tls_ver).setVisibility(View.GONE);
|
||||
mEapMinTlsVerSpinner.setSelection(WifiEnterpriseConfig.TLS_V1_0);
|
||||
}
|
||||
|
||||
private void setOcspInvisible() {
|
||||
mView.findViewById(R.id.l_ocsp).setVisibility(View.GONE);
|
||||
mEapOcspSpinner.setSelection(WifiEnterpriseConfig.OCSP_NONE);
|
||||
@@ -1920,4 +1939,18 @@ public class WifiConfigController2 implements TextWatcher,
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
@VisibleForTesting
|
||||
Spinner getEapMinTlsVerSpinner(boolean isTlsV13Supported) {
|
||||
Spinner spinner = mView.findViewById(R.id.min_tls_ver);
|
||||
String[] stringArray = mContext.getResources().getStringArray(R.array.wifi_eap_tls_ver);
|
||||
if (!isTlsV13Supported) {
|
||||
Log.w(TAG, "Wi-Fi Enterprise TLS v1.3 is not supported on this device");
|
||||
List<String> list = new ArrayList<>(Arrays.asList(stringArray));
|
||||
list.remove(WifiEnterpriseConfig.TLS_V1_3);
|
||||
stringArray = list.toArray(new String[0]);
|
||||
}
|
||||
spinner.setAdapter(getSpinnerAdapter(stringArray));
|
||||
return spinner;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -73,11 +73,16 @@ import org.robolectric.shadows.ShadowInputMethodManager;
|
||||
import org.robolectric.shadows.ShadowSubscriptionManager;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
import java.util.stream.Collectors;
|
||||
import java.util.stream.IntStream;
|
||||
|
||||
@RunWith(RobolectricTestRunner.class)
|
||||
@Config(shadows = ShadowConnectivityManager.class)
|
||||
public class WifiConfigController2Test {
|
||||
|
||||
static final String WIFI_EAP_TLS_V1_3 = "TLS v1.3";
|
||||
|
||||
@Mock
|
||||
private WifiConfigUiBase2 mConfigUiBase;
|
||||
@Mock
|
||||
@@ -938,6 +943,26 @@ public class WifiConfigController2Test {
|
||||
assertThat(mEapUserCertSpinner.getSelectedItem()).isEqualTo(SAVED_USER_CERT);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void getEapMinTlsVerSpinner_isTlsV13Supported_containsTlsV13() {
|
||||
Spinner spinner = mController.getEapMinTlsVerSpinner(true /* isTlsV13Supported */);
|
||||
|
||||
List<Object> list = IntStream.range(0, spinner.getAdapter().getCount())
|
||||
.mapToObj(spinner.getAdapter()::getItem)
|
||||
.collect(Collectors.toList());
|
||||
assertThat(list).contains(WIFI_EAP_TLS_V1_3);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void getEapMinTlsVerSpinner_isNotTlsV13Supported_doesNotContainTlsV13() {
|
||||
Spinner spinner = mController.getEapMinTlsVerSpinner(false /* isTlsV13Supported */);
|
||||
|
||||
List<Object> list = IntStream.range(0, spinner.getAdapter().getCount())
|
||||
.mapToObj(spinner.getAdapter()::getItem)
|
||||
.collect(Collectors.toList());
|
||||
assertThat(list).doesNotContain(WIFI_EAP_TLS_V1_3);
|
||||
}
|
||||
|
||||
private void setUpModifyingSavedCertificateConfigController(String savedCaCertificate,
|
||||
String savedUserCertificate) {
|
||||
final WifiConfiguration mockWifiConfig = mock(WifiConfiguration.class);
|
||||
|
||||
Reference in New Issue
Block a user