WifiConfigController: set ca_path and ca_cert to null if unused

The WPA supplicant ca_cert and ca_path directives should not
both be non-null, since our EAP settings logic only allows one
or the other to be used.

Modify logic in getConfig() to explicitly set ca_path or ca_cert
to null if it is not used. This explicit null value is necessary
to override a previously non-null value saved in an existing
configuration.

Also, always set the domain_suffix_match directive, which
will lead to this directive to be reset when the Domain
field is hidden.

BUG: 27194668
TEST: 1) Install custom ca certificate onto device as "testcert"
TEST: 2) Configure an EAP-TLS network with CA certificate
         "testcert", Domain "testdomain",
         User certificate "Do not provide", identity empty, and save.
TEST: 3) Read network variables in data/misc/wifi/wpa_supplicant.conf
         and ensure that ca_cert is "testcert", ca_path is not
         present, and domain_suffix_match is "testdomain".
TEST: 4) Modify that same EAP-TLS network configured in step 2 with
         CA certificate "Use system certificates", Domain "testdomain",
         User certificate "Do not provide", identity empty, and save.
TEST: 5) Read network variables in data/misc/wifi/wpa_supplicant.eonf
         and ensure that ca_cert is "keystore://CACERT_testcert",
         ca_path is not present, and domain_suffix_match is
         "testdomain".
TEST: 6) Modify that same EAP-TLS network configured in step 2 to be
         an EAP-PWD network. Leave Identity and Password blank, and
         save.
TEST: 7) Read network variables in data/misc/wifi/wpa_supplicant.eonf
         and ensure that ca_cert, ca_path, and domain_suffix_match are
         not present.

Change-Id: I547f3e359bc8e9b77e51e10e60356b857230636f

src/com/android/settings/wifi/WifiConfigController.java

@@ -517,30 +517,43 @@ public class WifiConfigController
                         config.enterpriseConfig.setPhase2Method(phase2Method);
                         break;
                 }
+
                 String caCert = (String) mEapCaCertSpinner.getSelectedItem();
+                config.enterpriseConfig.setCaCertificateAliases(null);
+                config.enterpriseConfig.setCaPath(null);
+                config.enterpriseConfig.setDomainSuffixMatch(mEapDomainView.getText().toString());
                 if (caCert.equals(mUnspecifiedCertString)
                         || caCert.equals(mDoNotValidateEapServerString)) {
-                    // Note: |caCert| should not be able to take the value |unspecifiedCert|,
-                    // since we prevent such configurations from being saved.
-                    config.enterpriseConfig.setCaCertificateAliases(null);
-                } else {
-                    config.enterpriseConfig.setDomainSuffixMatch(
-                            mEapDomainView.getText().toString());
-                    if (caCert.equals(mUseSystemCertsString)) {
-                        config.enterpriseConfig.setCaPath(SYSTEM_CA_STORE_PATH);
-                    } else if (caCert.equals(mMultipleCertSetString)) {
-                        if (mAccessPoint != null) {
-                            if (!mAccessPoint.isSaved()) {
-                                Log.e(TAG, "Multiple certs can only be set "
-                                        + "when editing saved network");
-                            }
-                            config.enterpriseConfig.setCaCertificateAliases(
-                                    mAccessPoint.getConfig().enterpriseConfig
-                                            .getCaCertificateAliases());
+                    // ca_cert already set to null, so do nothing.
+                } else if (caCert.equals(mUseSystemCertsString)) {
+                    config.enterpriseConfig.setCaPath(SYSTEM_CA_STORE_PATH);
+                } else if (caCert.equals(mMultipleCertSetString)) {
+                    if (mAccessPoint != null) {
+                        if (!mAccessPoint.isSaved()) {
+                            Log.e(TAG, "Multiple certs can only be set "
+                                    + "when editing saved network");
                         }
-                    } else {
-                        config.enterpriseConfig.setCaCertificateAliases(new String[] {caCert});
+                        config.enterpriseConfig.setCaCertificateAliases(
+                                mAccessPoint
+                                        .getConfig()
+                                        .enterpriseConfig
+                                        .getCaCertificateAliases());
                     }
+                } else {
+                    config.enterpriseConfig.setCaCertificateAliases(new String[] {caCert});
+                }
+
+                // ca_cert or ca_path should not both be non-null, since we only intend to let
+                // the use either their own certificate, or the system certificates, not both.
+                // The variable that is not used must explicitly be set to null, so that a
+                // previously-set value on a saved configuration will be erased on an update.
+                if (config.enterpriseConfig.getCaCertificateAliases() != null
+                        && config.enterpriseConfig.getCaPath() != null) {
+                    Log.e(TAG, "ca_cert ("
+                            + config.enterpriseConfig.getCaCertificateAliases()
+                            + ") and ca_path ("
+                            + config.enterpriseConfig.getCaPath()
+                            + ") should not both be non-null");
                 }
 
                 String clientCert = (String) mEapUserCertSpinner.getSelectedItem();