Add an option to the "CA certificate" field of the EAP network
configuration menu, "Use system certificates". Choosing this option
will cause the trusted, pre-installed, system CA certificates
to be used to validate EAP servers during the authentication process.
This only applies to EAP-TLS, EAP-TTLS, and EAP-PEAP network
configurations, where the CA certificate option is available.
If the user selects "Use system certificates" and leaves the
"Domain" field empty, display a warning and prevent the
EAP network configuration from being saved. Such a configuration
would be insecure--the user should constrain the domain that
the system certificates can be used to validate.
BUG: 26879191
TEST: 1) Set up AP connected to test RADIUS server.
TEST: 2) Generate a self-signed cert (Cert 1)
TEST: 3) Use Cert 1 to sign another cert (Cert 2) with common name
"sub1.sub2.domain.com"
TEST: 4) Setup RADIUS server, and configure it to present Cert 2 to EAP peer.
TEST: 5) Build angler image with Cert 1 installed in
/system/etc/security/cacerts/
TEST: 6) Set up an AP connected to the RADIUS server to broadcast
a WPA-Enterprise network.
TEST: 7) On Angler, connect to this WPA-Enterprise network with settings:
Network name: (AP SSID)
Security: 802.1x EAP
EAP method: TLS
CA certificate: Use system certificates
Domain: domain.com
User certificate: (test certificate from RADIUS setup)
Identity: (identity used for RADIUS setup)
TEST: 8) Verify that we connect successfully to the AP.
TEST: 9) Verify that connection still succeeds if Domain is set to
"sub2.domain.com" and "sub1.sub2.domain.com".
TEST: 10) Verify that connection fails if Domain is set to
"sub0.sub1.domain.com" and "otherdomain.com".
TEST: 11) Verify that network configuration cannot be saved, and an
warning message "Must specify a domain" is displayed if Domain
is left blank in the configuration in step 7
TEST: 12) Verify that the "Do not validate" option still appears in the
CA certificate dropdown menu.
Change-Id: I346d4d301305719033b84ec4599bf3d57d9d4ee5
Previously, we did not properly load the "Do not validate"
and "Do not provide" options for the CA certificate and
User certificate EAP network configuration fields respectively
when the user previously selected these options and saved the
configuration.
Fix this by properly checking the saved CA certificate and user
certificate aliases in the saved enterprise config.
BUG: 26686071
Change-Id: If180c611f7210718cfb11c0578545b6f027827b5
TEST: Saved EAP network with the abovementioned options.
TEST: Long-pressed saved network on Wifi menu and selected "Modify Network"
TEST: "Do not validate" and "Do not provide" options are re-loaded.
Add a "domain" field that allows the user to specify a domain
suffix match for an EAP network configuration. This field
will only be available when the user specifies a CA certificate for
an EAP-PEAP, EAP-TLS, or EAP-TTLS network. Under the hood, the
value entered into this field will be passed to WPA supplicant
as the |domain_suffix_match| configuration variable.
BUG: 25180141
Change-Id: Ib69b9519f475e90e40441ddff61c80be43cf624b
TEST: On angler, domain field appears for the EAP-PEAP, EAP-TLS
TEST: and EAP-TTLS networks.
Display an explicit warning in the WiFi configuration menu if
the user selects the option to not validate the EAP server (i.e.
does not provide a CA certificate) in an EAP configuration.
BUG: 26686071
Change-Id: I73620b60defdcf40865f8c67d5de24b5dad636f8
TEST: Warning appears when the abovementioned option is selected.
Add the "Do not validate" and "Do not provide" menu
options for not providing a CA certificate and User certificate
respectively for EAP configurations.
Choosing these options are essentially equivalent to leaving
these fields alone as "(unspecified)" (when that option existed),
but now we require the user to make a conscious choice not to
provide these certificates.
BUG: 26686071
Change-Id: I4b9c07528d6d2ba3eb0787e7cfff69d05dd25679
TEST: Both the added options appear in the relevant menus.
TEST: Choosing both these added options in an EAP-TLS configuration
TEST: allows the configuration to be saved.
Disallow configuring EAP-TLS without a user certificate,
since this is probably an invalid configuration.
Also:
- change the wording of the default option for
EAP CA and user certificates from "(unspecified)" to
"Please select", to make it obvious that a choice
needs to be made to proceed.
- Fix style issues found in WifiConfigController.java by checkstyle.py.
BUG: 26686071
Change-Id: I7ccfdf40db97328e3297a03cc43033ff2428980f
TEST: Save option is grayed out when configuring EAP-TLS network
TEST: while leaving "User Certificate" left at "Please select".
When the admin has set disallow_config_wifi, menu items are not added.
we need to check if the menu items can be added after this fragment is
resumed. And for remove account menuitem, check whether any admin has
disabled management of a specific account type.
Change-Id: I58f5a59fe0614c9bc7068b15f43f89527939359d
Display an explicit warning in the WiFi configuration menu if
the user selects the option to not validate the EAP server (i.e.
does not provide a CA certificate) in an EAP configuration.
BUG: 26686071
Change-Id: I73620b60defdcf40865f8c67d5de24b5dad636f8
TEST: Warning appears when the abovementioned option is selected.
Add the "Do not validate" and "Do not provide" menu
options for not providing a CA certificate and User certificate
respectively for EAP configurations.
Choosing these options are essentially equivalent to leaving
these fields alone as "(unspecified)" (when that option existed),
but now we require the user to make a conscious choice not to
provide these certificates.
BUG: 26686071
Change-Id: I4b9c07528d6d2ba3eb0787e7cfff69d05dd25679
TEST: Both the added options appear in the relevant menus.
TEST: Choosing both these added options in an EAP-TLS configuration
TEST: allows the configuration to be saved.
Disallow configuring EAP-TLS without a user certificate,
since this is probably an invalid configuration.
Also:
- change the wording of the default option for
EAP CA and user certificates from "(unspecified)" to
"Please select", to make it obvious that a choice
needs to be made to proceed.
- Fix style issues found in WifiConfigController.java by checkstyle.py.
BUG: 26686071
Change-Id: I7ccfdf40db97328e3297a03cc43033ff2428980f
TEST: Save option is grayed out when configuring EAP-TLS network
TEST: while leaving "User Certificate" left at "Please select".
SSID with multiple CA certs can only be added programmtically. However it
can still be edited in the UI by long-pressing the item when currently
connected to the network. This change makes sure the UI shows up with
meaningful indications that the SSID is configured with multiple CA certs.
Bug: 22547958
Change-Id: I5d42313efb141db521dd09ff3fbc520915b6fb79
* Add a check box to the WiFi configuration dialog that lets the user
choose whether a newly created configuration is shared with other
users (defaults to true)
* Disable the check box when modifying an existing network
BUG=25600871
Change-Id: Ifc6713602ee61b0407e55f45097c1b311fa19cb4
Suppress the activity transition when finishing so that only the
dialog's animation will be played.
Bug: 25796672
Change-Id: I0c472313608aa46f780ce2fdb79224c0ad3a4dad
-Re-format CellInfo to a Table
-Improve performance on several blocking calls
-Add IPv6 ping test
-Re-order layout to improve logical grouping
-Semantic changes/cosmetic improvements to a few strings
-Expand list of selectable network types to include recent RATs
Change-Id: I02d15987e7cb79fe0bbd13e5d1eb734e3531f11f
Add a gear on Settings menu, and move a bunch of stuff from
overflow and advanced screen to there. Also move add network
to be the last item in the list rather than in overflow.
Also fix WifiP2p breakage.
Change-Id: I5c84c25e5ba9224f77dcd988b0b2850ae6e71168
Use setup wizard themes so that dialogs are shown in the correct
accent colors and dark/light themes.
Bug: 25515641
Change-Id: I87a0a01001944b50e48ec812f071a988f37ed8db
If we manually propagate long click events, the framework can't include
coordinate information and we'll only be able to show a modal dialog.
Since the default long-click behavior is to show the context menu, just
let the framework handle it.
Bug: 25214386
Change-Id: I32e14b326ac91cc5a9c2bf7581325daaba34298e
In WifiDialogActivity, handle the case where the given
accessPointState is null, and show the Wi-Fi dialog allowing users
to enter the SSID and other credentials. This will be used by setup
wizard when user selected "Add new network" item.
Bug: 23392285
Change-Id: Ica2650d9e829d73281bc9c504c3005d9c5750d31
Remove setup wizard navigation bar as one of setting's dependencies,
since all the users are using setup wizard library, which includes
the navigation bar as one of its components.
Change-Id: I4ce2b8639155b813a782115725c88d5b1c5c8bfc
Add a Wi-Fi dialog activity that can be started by setup wizard to
connect to a Wi-Fi access point.
Also refactored mEdit and mModify in WifiConfigController into an
int-enum mMode, with modes view, connect and modify. This is how the
new modes maps to the old flags:
MODE_VIEW -- mEdit = false, mModify = *
MODE_CONNECT -- mEdit = true, mModify = false
MODE_MODIFY -- mEdit = true, mModify = true
Bug: 23426311
Change-Id: I8e2221fd3c42577068e07686dab245dd5888e0ae
Add a OnKeyListener for hardware keyboards and an
OnEditorActionListener for on-screen IMEs to submit the Wi-Fi dialog
with the currently entered information.
Before committing the action, check for whether the dialog is
submittable -- that is checking whether all necessary information has
been entered. If not the enter key behaves the same as it is before
the change.
Bug: 22211604
Change-Id: Idede4233a7385d3bcd8fd6614948270280536bf1
