WifiConfigController: set ca_path and ca_cert to null if unused
The WPA supplicant ca_cert and ca_path directives should not
both be non-null, since our EAP settings logic only allows one
or the other to be used.
Modify logic in getConfig() to explicitly set ca_path or ca_cert
to null if it is not used. This explicit null value is necessary
to override a previously non-null value saved in an existing
configuration.
Also, always set the domain_suffix_match directive, which
will lead to this directive to be reset when the Domain
field is hidden.
BUG: 27194668
TEST: 1) Install custom ca certificate onto device as "testcert"
TEST: 2) Configure an EAP-TLS network with CA certificate
"testcert", Domain "testdomain",
User certificate "Do not provide", identity empty, and save.
TEST: 3) Read network variables in data/misc/wifi/wpa_supplicant.conf
and ensure that ca_cert is "testcert", ca_path is not
present, and domain_suffix_match is "testdomain".
TEST: 4) Modify that same EAP-TLS network configured in step 2 with
CA certificate "Use system certificates", Domain "testdomain",
User certificate "Do not provide", identity empty, and save.
TEST: 5) Read network variables in data/misc/wifi/wpa_supplicant.eonf
and ensure that ca_cert is "keystore://CACERT_testcert",
ca_path is not present, and domain_suffix_match is
"testdomain".
TEST: 6) Modify that same EAP-TLS network configured in step 2 to be
an EAP-PWD network. Leave Identity and Password blank, and
save.
TEST: 7) Read network variables in data/misc/wifi/wpa_supplicant.eonf
and ensure that ca_cert, ca_path, and domain_suffix_match are
not present.
Change-Id: I547f3e359bc8e9b77e51e10e60356b857230636f
This commit is contained in:
Samuel Tan
@@ -517,16 +517,15 @@ public class WifiConfigController
|
||||
config.enterpriseConfig.setPhase2Method(phase2Method);
|
||||
break;
|
||||
}
|
||||
|
||||
String caCert = (String) mEapCaCertSpinner.getSelectedItem();
|
||||
config.enterpriseConfig.setCaCertificateAliases(null);
|
||||
config.enterpriseConfig.setCaPath(null);
|
||||
config.enterpriseConfig.setDomainSuffixMatch(mEapDomainView.getText().toString());
|
||||
if (caCert.equals(mUnspecifiedCertString)
|
||||
|| caCert.equals(mDoNotValidateEapServerString)) {
|
||||
// Note: |caCert| should not be able to take the value |unspecifiedCert|,
|
||||
// since we prevent such configurations from being saved.
|
||||
config.enterpriseConfig.setCaCertificateAliases(null);
|
||||
} else {
|
||||
config.enterpriseConfig.setDomainSuffixMatch(
|
||||
mEapDomainView.getText().toString());
|
||||
if (caCert.equals(mUseSystemCertsString)) {
|
||||
// ca_cert already set to null, so do nothing.
|
||||
} else if (caCert.equals(mUseSystemCertsString)) {
|
||||
config.enterpriseConfig.setCaPath(SYSTEM_CA_STORE_PATH);
|
||||
} else if (caCert.equals(mMultipleCertSetString)) {
|
||||
if (mAccessPoint != null) {
|
||||
@@ -535,12 +534,26 @@ public class WifiConfigController
|
||||
+ "when editing saved network");
|
||||
}
|
||||
config.enterpriseConfig.setCaCertificateAliases(
|
||||
mAccessPoint.getConfig().enterpriseConfig
|
||||
mAccessPoint
|
||||
.getConfig()
|
||||
.enterpriseConfig
|
||||
.getCaCertificateAliases());
|
||||
}
|
||||
} else {
|
||||
config.enterpriseConfig.setCaCertificateAliases(new String[] {caCert});
|
||||
}
|
||||
|
||||
// ca_cert or ca_path should not both be non-null, since we only intend to let
|
||||
// the use either their own certificate, or the system certificates, not both.
|
||||
// The variable that is not used must explicitly be set to null, so that a
|
||||
// previously-set value on a saved configuration will be erased on an update.
|
||||
if (config.enterpriseConfig.getCaCertificateAliases() != null
|
||||
&& config.enterpriseConfig.getCaPath() != null) {
|
||||
Log.e(TAG, "ca_cert ("
|
||||
+ config.enterpriseConfig.getCaCertificateAliases()
|
||||
+ ") and ca_path ("
|
||||
+ config.enterpriseConfig.getCaPath()
|
||||
+ ") should not both be non-null");
|
||||
}
|
||||
|
||||
String clientCert = (String) mEapUserCertSpinner.getSelectedItem();
|
||||
|
||||
Reference in New Issue
Block a user