[Wi-Fi] Remove unsupported EAP methods for WPA3-Enterprise 192-bit - I
1. Only support EAP-TLS for WPA3-Enterprise 192-bit
2. Remove "Do not validate" from the CA certificate menu
3. Remove "Do not provide" from user certificate menu
To reduce review effort, I left refine code change in another CL.
Bug: 135127581
Test: WifiConfigControllerTest
Change-Id: Ibf904da9407ec803afb8bb995e9df1a2e25f0dcb
diff --git a/src/com/android/settings/wifi/WifiConfigController.java b/src/com/android/settings/wifi/WifiConfigController.java
index bb60f47..9e36912 100644
--- a/src/com/android/settings/wifi/WifiConfigController.java
+++ b/src/com/android/settings/wifi/WifiConfigController.java
@@ -179,7 +179,9 @@
private TextView mSsidView;
private Context mContext;
- private Integer mSecurityInPosition[];
+
+ @VisibleForTesting
+ Integer mSecurityInPosition[];
private final WifiManager mWifiManager;
@@ -322,7 +324,7 @@
if ((!mAccessPoint.isSaved() && !mAccessPoint.isActive()
&& !mAccessPoint.isPasspointConfig())
|| mMode != WifiConfigUiBase.MODE_VIEW) {
- showSecurityFields();
+ showSecurityFields(/* refreshEapMethods */ true, /* refreshCertificates */ true);
showIpConfigFields();
showProxyFields();
final CheckBox advancedTogglebox =
@@ -956,7 +958,7 @@
return 0;
}
- private void showSecurityFields() {
+ private void showSecurityFields(boolean refreshEapMethods, boolean refreshCertificates) {
if (mAccessPointSecurity == AccessPoint.SECURITY_NONE ||
mAccessPointSecurity == AccessPoint.SECURITY_OWE ||
mAccessPointSecurity == AccessPoint.SECURITY_OWE_TRANSITION) {
@@ -988,22 +990,6 @@
if (mEapMethodSpinner == null) {
mEapMethodSpinner = (Spinner) mView.findViewById(R.id.method);
mEapMethodSpinner.setOnItemSelectedListener(this);
- if (Utils.isWifiOnly(mContext) || !mContext.getResources().getBoolean(
- com.android.internal.R.bool.config_eap_sim_based_auth_supported)) {
- String[] eapMethods = mContext.getResources().getStringArray(
- R.array.eap_method_without_sim_auth);
- ArrayAdapter<String> spinnerAdapter = new ArrayAdapter<String>(mContext,
- android.R.layout.simple_spinner_item, eapMethods);
- spinnerAdapter.setDropDownViewResource(
- android.R.layout.simple_spinner_dropdown_item);
- mEapMethodSpinner.setAdapter(spinnerAdapter);
- } else {
- final ArrayAdapter<CharSequence> wifispinnerAdapter =
- getSpinnerArrayWithEapMethodsTts(R.array.wifi_eap_method);
- wifispinnerAdapter.setDropDownViewResource(
- android.R.layout.simple_spinner_dropdown_item);
- mEapMethodSpinner.setAdapter(wifispinnerAdapter);
- }
mPhase2Spinner = (Spinner) mView.findViewById(R.id.phase2);
mPhase2Spinner.setOnItemSelectedListener(this);
mEapCaCertSpinner = (Spinner) mView.findViewById(R.id.ca_cert);
@@ -1014,11 +1000,38 @@
mEapUserCertSpinner.setOnItemSelectedListener(this);
mEapIdentityView = (TextView) mView.findViewById(R.id.identity);
mEapAnonymousView = (TextView) mView.findViewById(R.id.anonymous);
+ }
- if (mAccessPoint != null && mAccessPoint.isCarrierAp()) {
- mEapMethodSpinner.setSelection(mAccessPoint.getCarrierApEapType());
+ if (refreshEapMethods) {
+ ArrayAdapter<CharSequence> eapMethodSpinnerAdapter;
+ if (mAccessPointSecurity == AccessPoint.SECURITY_EAP_SUITE_B) {
+ eapMethodSpinnerAdapter = getSpinnerAdapterWithEapMethods(R.array.wifi_eap_method);
+ mEapMethodSpinner.setAdapter(eapMethodSpinnerAdapter);
+ // WAP3-Enterprise 192-bit only allows EAP method TLS
+ mEapMethodSpinner.setSelection(Eap.TLS);
+ mEapMethodSpinner.setEnabled(false);
+ } else if (Utils.isWifiOnly(mContext) || !mContext.getResources().getBoolean(
+ com.android.internal.R.bool.config_eap_sim_based_auth_supported)) {
+ eapMethodSpinnerAdapter = getSpinnerAdapterWithEapMethods(
+ R.array.eap_method_without_sim_auth);
+ mEapMethodSpinner.setAdapter(eapMethodSpinnerAdapter);
+ mEapMethodSpinner.setEnabled(true);
+ } else {
+ eapMethodSpinnerAdapter = getSpinnerArrayWithEapMethodsTts(R.array.wifi_eap_method);
+ eapMethodSpinnerAdapter.setDropDownViewResource(
+ android.R.layout.simple_spinner_dropdown_item);
+ mEapMethodSpinner.setAdapter(eapMethodSpinnerAdapter);
+ mEapMethodSpinner.setEnabled(true);
}
+ }
+ if (mAccessPointSecurity != AccessPoint.SECURITY_EAP_SUITE_B
+ && mAccessPoint != null
+ && mAccessPoint.isCarrierAp()) {
+ mEapMethodSpinner.setSelection(mAccessPoint.getCarrierApEapType());
+ }
+
+ if (refreshCertificates) {
loadCertificates(
mEapCaCertSpinner,
Credentials.CA_CERTIFICATE,
@@ -1031,6 +1044,7 @@
mDoNotProvideEapUserCertString,
false,
false);
+ }
// Modifying an existing network
if (mAccessPoint != null && mAccessPoint.isSaved()) {
@@ -1098,12 +1112,8 @@
mEapIdentityView.setText(enterpriseConfig.getIdentity());
mEapAnonymousView.setText(enterpriseConfig.getAnonymousIdentity());
} else {
- mPhase2Spinner = (Spinner) mView.findViewById(R.id.phase2);
showEapFieldsByMethod(mEapMethodSpinner.getSelectedItemPosition());
}
- } else {
- showEapFieldsByMethod(mEapMethodSpinner.getSelectedItemPosition());
- }
}
/**
@@ -1395,7 +1405,17 @@
} catch (Exception e) {
Log.e(TAG, "can't get the certificate list from KeyStore");
}
- certs.add(noCertificateString);
+ if (mAccessPointSecurity != AccessPoint.SECURITY_EAP_SUITE_B) {
+ certs.add(noCertificateString);
+ }
+
+ // If there is only mUnspecifiedCertString and one item to select, only shows the item
+ if (certs.size() == 2) {
+ certs.remove(mUnspecifiedCertString);
+ spinner.setEnabled(false);
+ } else {
+ spinner.setEnabled(true);
+ }
final ArrayAdapter<String> adapter = new ArrayAdapter<String>(
context, android.R.layout.simple_spinner_item,
@@ -1492,15 +1512,17 @@
if (parent == mSecuritySpinner) {
// Convert menu position to actual Wi-Fi security type
mAccessPointSecurity = mSecurityInPosition[position];
- showSecurityFields();
+ showSecurityFields(/* refreshEapMethods */ true, /* refreshCertificates */ true);
if (WifiDppUtils.isSupportEnrolleeQrCodeScanner(mContext, mAccessPointSecurity)) {
mSsidScanButton.setVisibility(View.VISIBLE);
} else {
mSsidScanButton.setVisibility(View.GONE);
}
- } else if (parent == mEapMethodSpinner || parent == mEapCaCertSpinner) {
- showSecurityFields();
+ } else if (parent == mEapMethodSpinner) {
+ showSecurityFields(/* refreshEapMethods */ false, /* refreshCertificates */ true);
+ } else if (parent == mEapCaCertSpinner) {
+ showSecurityFields(/* refreshEapMethods */ false, /* refreshCertificates */ false);
} else if (parent == mPhase2Spinner
&& mEapMethodSpinner.getSelectedItemPosition() == WIFI_EAP_METHOD_PEAP) {
showPeapFields();
@@ -1620,6 +1642,17 @@
return returnEntries;
}
+ private ArrayAdapter<CharSequence> getSpinnerAdapterWithEapMethods(
+ int contentStringArrayResId) {
+ String[] eapMethods = mContext.getResources().getStringArray(
+ contentStringArrayResId);
+ ArrayAdapter<CharSequence> spinnerAdapter = new ArrayAdapter<>(mContext,
+ android.R.layout.simple_spinner_item, eapMethods);
+ spinnerAdapter.setDropDownViewResource(
+ android.R.layout.simple_spinner_dropdown_item);
+ return spinnerAdapter;
+ }
+
/**
* This function is to span the TTS strings to each EAP method items in the
* spinner to have detail TTS content for the TTS engine usage.
diff --git a/tests/robotests/src/com/android/settings/wifi/WifiConfigControllerTest.java b/tests/robotests/src/com/android/settings/wifi/WifiConfigControllerTest.java
index 7acf1f0..9da63ba 100644
--- a/tests/robotests/src/com/android/settings/wifi/WifiConfigControllerTest.java
+++ b/tests/robotests/src/com/android/settings/wifi/WifiConfigControllerTest.java
@@ -485,4 +485,28 @@
assertThat(targetStringArray.length).isEqualTo(ttsStringArray.length);
}
+
+ @Test
+ public void selectSecurity_wpa3Eap192bit_eapMethodTls() {
+ final WifiManager wifiManager = mock(WifiManager.class);
+ when(wifiManager.isWpa3SuiteBSupported()).thenReturn(true);
+ mController = new TestWifiConfigController(mConfigUiBase, mView, null /* accessPoint */,
+ WifiConfigUiBase.MODE_MODIFY, wifiManager);
+ final Spinner securitySpinner = mView.findViewById(R.id.security);
+ final Spinner eapMethodSpinner = mView.findViewById(R.id.method);
+ int wpa3Eap192bitPosition = -1;
+ final int securityCount = mController.mSecurityInPosition.length;
+ for (int i = 0; i < securityCount; i++) {
+ if (mController.mSecurityInPosition[i] != null &&
+ mController.mSecurityInPosition[i] == AccessPoint.SECURITY_EAP_SUITE_B) {
+ wpa3Eap192bitPosition = i;
+ }
+ }
+
+ mController.onItemSelected(securitySpinner, /* view */ null, wpa3Eap192bitPosition,
+ /* id */ 0);
+
+ final int selectedItemPosition = eapMethodSpinner.getSelectedItemPosition();
+ assertThat(eapMethodSpinner.getSelectedItem().toString()).isEqualTo("TLS");
+ }
}