From 9e46a0bc935f420b1590f25854f3add4d4cfb779 Mon Sep 17 00:00:00 2001 From: Arc Wang Date: Mon, 2 Mar 2020 22:27:57 +0800 Subject: [PATCH] [Wi-Fi] Ignore incorrect user certificates These incorrect user certificates displayed when users editing a Wi-Fi network of WPA3-Enterprise in 192bit. Bug: 149763958 Test: make RunSettingsRoboTests ROBOTEST_FILTER=WifiConfigControllerTest Change-Id: Idcbc80aa3e945f83ba6b77ebf9ef443398ef8e3c Merged-In: Iab35ac975933abc54fda83b99a2109d53d6722d4 --- .../settings/wifi/WifiConfigController.java | 28 +++++++++++++++++-- .../wifi/WifiConfigControllerTest.java | 14 ++++++++++ 2 files changed, 39 insertions(+), 3 deletions(-) diff --git a/src/com/android/settings/wifi/WifiConfigController.java b/src/com/android/settings/wifi/WifiConfigController.java index 27ac69d0cb3..8521a75daa1 100644 --- a/src/com/android/settings/wifi/WifiConfigController.java +++ b/src/com/android/settings/wifi/WifiConfigController.java @@ -74,6 +74,7 @@ import java.net.InetAddress; import java.util.ArrayList; import java.util.Arrays; import java.util.Iterator; +import java.util.stream.Collectors; /** * The class for allowing UIs like {@link WifiDialog} and {@link WifiConfigUiBase} to @@ -125,6 +126,14 @@ public class WifiConfigController implements TextWatcher, public static final int WIFI_TTLS_PHASE2_MSCHAPV2 = 2; public static final int WIFI_TTLS_PHASE2_GTC = 3; + private static final String UNDESIRED_CERTIFICATE_MACRANDSECRET = "MacRandSecret"; + private static final String UNDESIRED_CERTIFICATE_MACRANDSAPSECRET = "MacRandSapSecret"; + @VisibleForTesting + static final String[] UNDESIRED_CERTIFICATES = { + UNDESIRED_CERTIFICATE_MACRANDSECRET, + UNDESIRED_CERTIFICATE_MACRANDSAPSECRET + }; + /* Phase2 methods supported by PEAP are limited */ private ArrayAdapter mPhase2PeapAdapter; /* Phase2 methods supported by TTLS are limited */ @@ -1383,7 +1392,8 @@ public class WifiConfigController implements TextWatcher, return KeyStore.getInstance(); } - private void loadCertificates( + @VisibleForTesting + void loadCertificates( Spinner spinner, String prefix, String noCertificateString, @@ -1399,12 +1409,24 @@ public class WifiConfigController implements TextWatcher, if (showUsePreinstalledCertOption) { certs.add(mUseSystemCertsString); } + + String[] certificateNames = null; try { - certs.addAll( - Arrays.asList(getKeyStore().list(prefix, android.os.Process.WIFI_UID))); + certificateNames = getKeyStore().list(prefix, android.os.Process.WIFI_UID); } catch (Exception e) { Log.e(TAG, "can't get the certificate list from KeyStore"); } + if (certificateNames != null && certificateNames.length != 0) { + certs.addAll(Arrays.stream(certificateNames) + .filter(certificateName -> { + for (String undesired : UNDESIRED_CERTIFICATES) { + if (certificateName.startsWith(undesired)) { + return false; + } + } + return true; + }).collect(Collectors.toList())); + } if (mAccessPointSecurity != AccessPoint.SECURITY_EAP_SUITE_B) { certs.add(noCertificateString); diff --git a/tests/robotests/src/com/android/settings/wifi/WifiConfigControllerTest.java b/tests/robotests/src/com/android/settings/wifi/WifiConfigControllerTest.java index ac5fa08506e..817bf448dca 100644 --- a/tests/robotests/src/com/android/settings/wifi/WifiConfigControllerTest.java +++ b/tests/robotests/src/com/android/settings/wifi/WifiConfigControllerTest.java @@ -266,6 +266,20 @@ public class WifiConfigControllerTest { // No Crash } + @Test + public void loadCertificates_undesiredCertificates_shouldNotLoadUndesiredCertificates() { + final Spinner spinner = new Spinner(mContext); + when(mKeyStore.list(anyString())).thenReturn(WifiConfigController.UNDESIRED_CERTIFICATES); + + mController.loadCertificates(spinner, + "prefix", + "doNotProvideEapUserCertString", + false /* showMultipleCerts */, + false /* showUsePreinstalledCertOption */); + + assertThat(spinner.getAdapter().getCount()).isEqualTo(1); // doNotProvideEapUserCertString + } + @Test public void ssidGetFocus_addNewNetwork_shouldReturnTrue() { mController = new TestWifiConfigController(mConfigUiBase, mView, null /* accessPoint */,