PawletOS/app_Settings
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow domain suffix match to be set in UI for EAP configurations

Browse Source 
Add a "domain" field that allows the user to specify a domain
suffix match for an EAP network configuration. This field
will only be available when the user specifies a CA certificate for
an EAP-PEAP, EAP-TLS, or EAP-TTLS network. Under the hood, the
value entered into this field will be passed to WPA supplicant
as the |domain_suffix_match| configuration variable.

BUG: 25180141
Change-Id: Ib69b9519f475e90e40441ddff61c80be43cf624b
TEST: On angler, domain field appears for the EAP-PEAP, EAP-TLS
TEST: and EAP-TTLS networks.
This commit is contained in:
Samuel Tan
2016-01-29 13:26:17 -08:00
parent 03a117bcfa
commit d54bbd5193
3 changed files with 59 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
res/layout/wifi_dialog.xml
View File

@@ -157,6 +157,24 @@
android:text="@string/wifi_do_not_validate_eap_server_warning" />
</LinearLayout>
<LinearLayout android:id="@+id/l_domain"
android:layout_width="match_parent"
android:layout_height="wrap_content"
style="@style/wifi_item" >
<TextView
android:layout_width="wrap_content"
android:layout_height="wrap_content"
style="@style/wifi_item_label"
android:text="@string/wifi_eap_domain" />
<EditText android:id="@+id/domain"
android:layout_width="match_parent"
android:layout_height="wrap_content"
style="@style/wifi_item_edit_content"
android:singleLine="true"
android:inputType="textNoSuggestions" />
</LinearLayout>
<LinearLayout android:id="@+id/l_user_cert"
android:layout_width="match_parent"
android:layout_height="wrap_content"

2
res/values/strings.xml
View File

@@ -1560,6 +1560,8 @@
<string name="please_select_phase2">Phase 2 authentication</string>
<!-- Label for the EAP CA certificate of the network -->
<string name="wifi_eap_ca_cert">CA certificate</string>
<!-- Label for the domain name that the EAP CA certificate(s) can be used to validate. -->
<string name="wifi_eap_domain">Domain</string>
<!-- Label for the EAP user certificate of the network -->
<string name="wifi_eap_user_cert">User certificate</string>
<!-- Label for the EAP identity of the network -->

51
src/com/android/settings/wifi/WifiConfigController.java
View File

@@ -123,6 +123,7 @@ public class WifiConfigController
private Spinner mSecuritySpinner;
private Spinner mEapMethodSpinner;
private Spinner mEapCaCertSpinner;
private TextView mEapDomainView;
private Spinner mPhase2Spinner;
// Associated with mPhase2Spinner, one of mPhase2FullAdapter or mPhase2PeapAdapter
private ArrayAdapter<String> mPhase2Adapter;
@@ -398,7 +399,7 @@ public class WifiConfigController
if (mEapCaCertSpinner != null
&& mView.findViewById(R.id.l_ca_cert).getVisibility() != View.GONE
&& ((String) mEapCaCertSpinner.getSelectedItem())
.equals(mDoNotValidateEapServerString)) {
.equals(mDoNotValidateEapServerString)) {
// Display warning if user chooses not to validate the EAP server with a user-supplied
// CA certificate in an EAP network configuration.
mView.findViewById(R.id.no_ca_cert_warning).setVisibility(View.VISIBLE);
@@ -496,17 +497,22 @@ public class WifiConfigController
// Note: |caCert| should not be able to take the value |unspecifiedCert|,
// since we prevent such configurations from being saved.
config.enterpriseConfig.setCaCertificateAliases(null);
} else if (caCert.equals(mMultipleCertSetString)) {
if (mAccessPoint != null) {
if (!mAccessPoint.isSaved()) {
Log.e(TAG, "Multiple certs can only be set when editing saved network");
}
config.enterpriseConfig.setCaCertificateAliases(
mAccessPoint.getConfig().enterpriseConfig
.getCaCertificateAliases());
}
} else {
config.enterpriseConfig.setCaCertificateAliases(new String[] {caCert});
config.enterpriseConfig.setDomainSuffixMatch(
mEapDomainView.getText().toString());
if (caCert.equals(mMultipleCertSetString)) {
if (mAccessPoint != null) {
if (!mAccessPoint.isSaved()) {
Log.e(TAG, "Multiple certs can only be set "
+ "when editing saved network");
}
config.enterpriseConfig.setCaCertificateAliases(
mAccessPoint.getConfig().enterpriseConfig
.getCaCertificateAliases());
}
} else {
config.enterpriseConfig.setCaCertificateAliases(new String[] {caCert});
}
}
String clientCert = (String) mEapUserCertSpinner.getSelectedItem();
@@ -718,6 +724,7 @@ public class WifiConfigController
mPhase2Spinner = (Spinner) mView.findViewById(R.id.phase2);
mEapCaCertSpinner = (Spinner) mView.findViewById(R.id.ca_cert);
mEapCaCertSpinner.setOnItemSelectedListener(this);
mEapDomainView = (TextView) mView.findViewById(R.id.domain);
mEapUserCertSpinner = (Spinner) mView.findViewById(R.id.user_cert);
mEapUserCertSpinner.setOnItemSelectedListener(this);
mEapIdentityView = (TextView) mView.findViewById(R.id.identity);
@@ -767,6 +774,7 @@ public class WifiConfigController
Credentials.CA_CERTIFICATE, true, mDoNotValidateEapServerString);
mEapCaCertSpinner.setSelection(MULTIPLE_CERT_SET_INDEX);
}
mEapDomainView.setText(enterpriseConfig.getDomainSuffixMatch());
setSelection(mEapUserCertSpinner, enterpriseConfig.getClientCertificateAlias());
mEapIdentityView.setText(enterpriseConfig.getIdentity());
mEapAnonymousView.setText(enterpriseConfig.getAnonymousIdentity());
@@ -791,6 +799,7 @@ public class WifiConfigController
* EAP-TLS valid fields include
* user_cert
* ca_cert
* domain
* identity
* EAP-TTLS valid fields include
* phase2: PAP, MSCHAP, MSCHAPV2, GTC
@@ -803,6 +812,7 @@ public class WifiConfigController
// Common defaults
mView.findViewById(R.id.l_method).setVisibility(View.VISIBLE);
mView.findViewById(R.id.l_identity).setVisibility(View.VISIBLE);
mView.findViewById(R.id.l_domain).setVisibility(View.VISIBLE);
// Defaults for most of the EAP methods and over-riden by
// by certain EAP methods
@@ -815,6 +825,7 @@ public class WifiConfigController
case WIFI_EAP_METHOD_PWD:
setPhase2Invisible();
setCaCertInvisible();
setDomainInvisible();
setAnonymousIdentInvisible();
setUserCertInvisible();
break;
@@ -850,11 +861,22 @@ public class WifiConfigController
setPhase2Invisible();
setAnonymousIdentInvisible();
setCaCertInvisible();
setDomainInvisible();
setUserCertInvisible();
setPasswordInvisible();
setIdentityInvisible();
break;
}
if (mView.findViewById(R.id.l_ca_cert).getVisibility() != View.GONE) {
String eapCertSelection = (String) mEapCaCertSpinner.getSelectedItem();
if (eapCertSelection.equals(mDoNotValidateEapServerString)
|| eapCertSelection.equals(mUnspecifiedCertString)) {
// Domain suffix matching is not relevant if the user hasn't chosen a CA
// certificate yet, or chooses not to validate the EAP server.
setDomainInvisible();
}
}
}
private void setIdentityInvisible() {
@@ -872,6 +894,11 @@ public class WifiConfigController
mEapCaCertSpinner.setSelection(UNSPECIFIED_CERT_INDEX);
}
private void setDomainInvisible() {
mView.findViewById(R.id.l_domain).setVisibility(View.GONE);
mEapDomainView.setText("");
}
private void setUserCertInvisible() {
mView.findViewById(R.id.l_user_cert).setVisibility(View.GONE);
mEapUserCertSpinner.setSelection(UNSPECIFIED_CERT_INDEX);
@@ -1082,7 +1109,7 @@ public class WifiConfigController
if (parent == mSecuritySpinner) {
mAccessPointSecurity = position;
showSecurityFields();
} else if (parent == mEapMethodSpinner) {
} else if (parent == mEapMethodSpinner || parent == mEapCaCertSpinner) {
showSecurityFields();
} else if (parent == mProxySettingsSpinner) {
showProxyFields();