PawletOS/app_Settings
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "wifi: add Trust-On-First-Use option for CA"

Browse Source
This commit is contained in:
Jimmy Chen
2022-01-13 15:42:46 +00:00
committed by Android (Google) Code Review
parent e26c0ec801 bde88c4b8d
commit d0e27f8dbd
2 changed files with 20 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
res/values/strings.xml
View File

@@ -2445,6 +2445,8 @@
<string name="wifi_do_not_provide_eap_user_cert">Do not provide</string> <string name="wifi_do_not_provide_eap_user_cert">Do not provide</string>
<!-- Menu option for not validating the EAP server --> <!-- Menu option for not validating the EAP server -->
<string name="wifi_do_not_validate_eap_server">Do not validate</string> <string name="wifi_do_not_validate_eap_server">Do not validate</string>
<!-- Menu option for Trust On First Use[CHAR_LIMIT=64] -->
<string name="wifi_trust_on_first_use">Trust on First Use</string>
<!-- Warning message displayed if network name (ssid) is too long --> <!-- Warning message displayed if network name (ssid) is too long -->
<string name="wifi_ssid_too_long">Network name is too long.</string> <string name="wifi_ssid_too_long">Network name is too long.</string>
<!-- Warning message displayed if user does not specify a domain for the CA certificate. <!-- Warning message displayed if user does not specify a domain for the CA certificate.

20
src/com/android/settings/wifi/WifiConfigController2.java
View File

@@ -169,6 +169,7 @@ public class WifiConfigController2 implements TextWatcher,
private String mUnspecifiedCertString; private String mUnspecifiedCertString;
private String mMultipleCertSetString; private String mMultipleCertSetString;
private String mUseSystemCertsString; private String mUseSystemCertsString;
private String mTrustOnFirstUse;
private String mDoNotProvideEapUserCertString; private String mDoNotProvideEapUserCertString;
@VisibleForTesting String mInstallCertsString; @VisibleForTesting String mInstallCertsString;
@@ -219,6 +220,7 @@ public class WifiConfigController2 implements TextWatcher,
Integer[] mSecurityInPosition; Integer[] mSecurityInPosition;
private final WifiManager mWifiManager; private final WifiManager mWifiManager;
private boolean mIsTrustOnFirstUseSupported;
private final List<SubscriptionInfo> mActiveSubscriptionInfos = new ArrayList<>(); private final List<SubscriptionInfo> mActiveSubscriptionInfos = new ArrayList<>();
@@ -251,6 +253,7 @@ public class WifiConfigController2 implements TextWatcher,
mWifiEntrySecurity = (wifiEntry == null) ? WifiEntry.SECURITY_NONE : mWifiEntrySecurity = (wifiEntry == null) ? WifiEntry.SECURITY_NONE :
wifiEntry.getSecurity(); wifiEntry.getSecurity();
mMode = mode; mMode = mode;
mIsTrustOnFirstUseSupported = mWifiManager.isTrustOnFirstUseSupported();
final Resources res = mContext.getResources(); final Resources res = mContext.getResources();
@@ -268,6 +271,7 @@ public class WifiConfigController2 implements TextWatcher,
mUnspecifiedCertString = mContext.getString(R.string.wifi_unspecified); mUnspecifiedCertString = mContext.getString(R.string.wifi_unspecified);
mMultipleCertSetString = mContext.getString(R.string.wifi_multiple_cert_added); mMultipleCertSetString = mContext.getString(R.string.wifi_multiple_cert_added);
mUseSystemCertsString = mContext.getString(R.string.wifi_use_system_certs); mUseSystemCertsString = mContext.getString(R.string.wifi_use_system_certs);
mTrustOnFirstUse = mContext.getString(R.string.wifi_trust_on_first_use);
mDoNotProvideEapUserCertString = mDoNotProvideEapUserCertString =
mContext.getString(R.string.wifi_do_not_provide_eap_user_cert); mContext.getString(R.string.wifi_do_not_provide_eap_user_cert);
mInstallCertsString = mContext.getString(R.string.wifi_install_credentials); mInstallCertsString = mContext.getString(R.string.wifi_install_credentials);
@@ -707,6 +711,8 @@ public class WifiConfigController2 implements TextWatcher,
config.enterpriseConfig.setDomainSuffixMatch(mEapDomainView.getText().toString()); config.enterpriseConfig.setDomainSuffixMatch(mEapDomainView.getText().toString());
if (caCert.equals(mUnspecifiedCertString)) { if (caCert.equals(mUnspecifiedCertString)) {
// ca_cert already set to null, so do nothing. // ca_cert already set to null, so do nothing.
} else if (mIsTrustOnFirstUseSupported && caCert.equals(mTrustOnFirstUse)) {
config.enterpriseConfig.enableTrustOnFirstUse(true);
} else if (caCert.equals(mUseSystemCertsString)) { } else if (caCert.equals(mUseSystemCertsString)) {
config.enterpriseConfig.setCaPath(SYSTEM_CA_STORE_PATH); config.enterpriseConfig.setCaPath(SYSTEM_CA_STORE_PATH);
} else if (caCert.equals(mMultipleCertSetString)) { } else if (caCert.equals(mMultipleCertSetString)) {
@@ -1120,7 +1126,12 @@ public class WifiConfigController2 implements TextWatcher,
} else { } else {
String[] caCerts = enterpriseConfig.getCaCertificateAliases(); String[] caCerts = enterpriseConfig.getCaCertificateAliases();
if (caCerts == null) { if (caCerts == null) {
setSelection(mEapCaCertSpinner, mUnspecifiedCertString); if (mIsTrustOnFirstUseSupported
&& enterpriseConfig.isTrustOnFirstUseEnabled()) {
setSelection(mEapCaCertSpinner, mTrustOnFirstUse);
} else {
setSelection(mEapCaCertSpinner, mUnspecifiedCertString);
}
} else if (caCerts.length == 1) { } else if (caCerts.length == 1) {
setSelection(mEapCaCertSpinner, caCerts[0]); setSelection(mEapCaCertSpinner, caCerts[0]);
} else { } else {
@@ -1263,7 +1274,9 @@ public class WifiConfigController2 implements TextWatcher,
if (mView.findViewById(R.id.l_ca_cert).getVisibility() != View.GONE) { if (mView.findViewById(R.id.l_ca_cert).getVisibility() != View.GONE) {
String eapCertSelection = (String) mEapCaCertSpinner.getSelectedItem(); String eapCertSelection = (String) mEapCaCertSpinner.getSelectedItem();
if (eapCertSelection.equals(mUnspecifiedCertString)) { if (eapCertSelection.equals(mUnspecifiedCertString)
|| (mIsTrustOnFirstUseSupported
&& eapCertSelection.equals(mTrustOnFirstUse))) {
// Domain suffix matching is not relevant if the user hasn't chosen a CA // Domain suffix matching is not relevant if the user hasn't chosen a CA
// certificate yet, or chooses not to validate the EAP server. // certificate yet, or chooses not to validate the EAP server.
setDomainInvisible(); setDomainInvisible();
@@ -1511,6 +1524,9 @@ public class WifiConfigController2 implements TextWatcher,
} }
if (showUsePreinstalledCertOption) { if (showUsePreinstalledCertOption) {
certs.add(mUseSystemCertsString); certs.add(mUseSystemCertsString);
if (mIsTrustOnFirstUseSupported) {
certs.add(mTrustOnFirstUse);
}
certs.add(mInstallCertsString); certs.add(mInstallCertsString);
} }