Add an option to the "CA certificate" field of the EAP network
configuration menu, "Use system certificates". Choosing this option
will cause the trusted, pre-installed, system CA certificates
to be used to validate EAP servers during the authentication process.
This only applies to EAP-TLS, EAP-TTLS, and EAP-PEAP network
configurations, where the CA certificate option is available.
If the user selects "Use system certificates" and leaves the
"Domain" field empty, display a warning and prevent the
EAP network configuration from being saved. Such a configuration
would be insecure--the user should constrain the domain that
the system certificates can be used to validate.
BUG: 26879191
TEST: 1) Set up AP connected to test RADIUS server.
TEST: 2) Generate a self-signed cert (Cert 1)
TEST: 3) Use Cert 1 to sign another cert (Cert 2) with common name
"sub1.sub2.domain.com"
TEST: 4) Setup RADIUS server, and configure it to present Cert 2 to EAP peer.
TEST: 5) Build angler image with Cert 1 installed in
/system/etc/security/cacerts/
TEST: 6) Set up an AP connected to the RADIUS server to broadcast
a WPA-Enterprise network.
TEST: 7) On Angler, connect to this WPA-Enterprise network with settings:
Network name: (AP SSID)
Security: 802.1x EAP
EAP method: TLS
CA certificate: Use system certificates
Domain: domain.com
User certificate: (test certificate from RADIUS setup)
Identity: (identity used for RADIUS setup)
TEST: 8) Verify that we connect successfully to the AP.
TEST: 9) Verify that connection still succeeds if Domain is set to
"sub2.domain.com" and "sub1.sub2.domain.com".
TEST: 10) Verify that connection fails if Domain is set to
"sub0.sub1.domain.com" and "otherdomain.com".
TEST: 11) Verify that network configuration cannot be saved, and an
warning message "Must specify a domain" is displayed if Domain
is left blank in the configuration in step 7
TEST: 12) Verify that the "Do not validate" option still appears in the
CA certificate dropdown menu.
Change-Id: I346d4d301305719033b84ec4599bf3d57d9d4ee5
Update the layouts to be more final, and support tablets better.
Move about to always be last.
Always see everything.
Change-Id: I4b804c9bfcd4d3b7f978a2617d5c2c2b1cdfa6e4
summary), Talkback no longer disabled when preference is tapped, fixes
SettingsPreferenceFragment to not check parent class to determine whether to
show options menu.
Change-Id: I3345e1a878f51b4387ca1bfe89855339617a94d6
Change summary to: Normal (nothing blocked), Partially blocked
(at least one topic blocked), or Totally blocked (entire app
blocked).
Allow filtering on apps that are partially or totally blocked.
Bug: 26882239
Change-Id: I29924147a97a3d1693b0286d48905485e11edf1d
The initial implementation used a TextView.
But this is cleaner, it is a real button and acts like one.
Bug: 26756569
Change-Id: Ibe3550b0cb81b020dfd4ec6ab29d39a56ba6e1bd
Add a "domain" field that allows the user to specify a domain
suffix match for an EAP network configuration. This field
will only be available when the user specifies a CA certificate for
an EAP-PEAP, EAP-TLS, or EAP-TTLS network. Under the hood, the
value entered into this field will be passed to WPA supplicant
as the |domain_suffix_match| configuration variable.
BUG: 25180141
Change-Id: Ib69b9519f475e90e40441ddff61c80be43cf624b
TEST: On angler, domain field appears for the EAP-PEAP, EAP-TLS
TEST: and EAP-TTLS networks.
