Merge "wifi: add Trust-On-First-Use option for CA"
diff --git a/res/values/strings.xml b/res/values/strings.xml
index 3271949..4b8fda5 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -2445,6 +2445,8 @@
<string name="wifi_do_not_provide_eap_user_cert">Do not provide</string>
<!-- Menu option for not validating the EAP server -->
<string name="wifi_do_not_validate_eap_server">Do not validate</string>
+ <!-- Menu option for Trust On First Use[CHAR_LIMIT=64] -->
+ <string name="wifi_trust_on_first_use">Trust on First Use</string>
<!-- Warning message displayed if network name (ssid) is too long -->
<string name="wifi_ssid_too_long">Network name is too long.</string>
<!-- Warning message displayed if user does not specify a domain for the CA certificate.
diff --git a/src/com/android/settings/wifi/WifiConfigController2.java b/src/com/android/settings/wifi/WifiConfigController2.java
index 127c882..9e96be9 100644
--- a/src/com/android/settings/wifi/WifiConfigController2.java
+++ b/src/com/android/settings/wifi/WifiConfigController2.java
@@ -169,6 +169,7 @@
private String mUnspecifiedCertString;
private String mMultipleCertSetString;
private String mUseSystemCertsString;
+ private String mTrustOnFirstUse;
private String mDoNotProvideEapUserCertString;
@VisibleForTesting String mInstallCertsString;
@@ -219,6 +220,7 @@
Integer[] mSecurityInPosition;
private final WifiManager mWifiManager;
+ private boolean mIsTrustOnFirstUseSupported;
private final List<SubscriptionInfo> mActiveSubscriptionInfos = new ArrayList<>();
@@ -251,6 +253,7 @@
mWifiEntrySecurity = (wifiEntry == null) ? WifiEntry.SECURITY_NONE :
wifiEntry.getSecurity();
mMode = mode;
+ mIsTrustOnFirstUseSupported = mWifiManager.isTrustOnFirstUseSupported();
final Resources res = mContext.getResources();
@@ -268,6 +271,7 @@
mUnspecifiedCertString = mContext.getString(R.string.wifi_unspecified);
mMultipleCertSetString = mContext.getString(R.string.wifi_multiple_cert_added);
mUseSystemCertsString = mContext.getString(R.string.wifi_use_system_certs);
+ mTrustOnFirstUse = mContext.getString(R.string.wifi_trust_on_first_use);
mDoNotProvideEapUserCertString =
mContext.getString(R.string.wifi_do_not_provide_eap_user_cert);
mInstallCertsString = mContext.getString(R.string.wifi_install_credentials);
@@ -707,6 +711,8 @@
config.enterpriseConfig.setDomainSuffixMatch(mEapDomainView.getText().toString());
if (caCert.equals(mUnspecifiedCertString)) {
// ca_cert already set to null, so do nothing.
+ } else if (mIsTrustOnFirstUseSupported && caCert.equals(mTrustOnFirstUse)) {
+ config.enterpriseConfig.enableTrustOnFirstUse(true);
} else if (caCert.equals(mUseSystemCertsString)) {
config.enterpriseConfig.setCaPath(SYSTEM_CA_STORE_PATH);
} else if (caCert.equals(mMultipleCertSetString)) {
@@ -1120,7 +1126,12 @@
} else {
String[] caCerts = enterpriseConfig.getCaCertificateAliases();
if (caCerts == null) {
- setSelection(mEapCaCertSpinner, mUnspecifiedCertString);
+ if (mIsTrustOnFirstUseSupported
+ && enterpriseConfig.isTrustOnFirstUseEnabled()) {
+ setSelection(mEapCaCertSpinner, mTrustOnFirstUse);
+ } else {
+ setSelection(mEapCaCertSpinner, mUnspecifiedCertString);
+ }
} else if (caCerts.length == 1) {
setSelection(mEapCaCertSpinner, caCerts[0]);
} else {
@@ -1263,7 +1274,9 @@
if (mView.findViewById(R.id.l_ca_cert).getVisibility() != View.GONE) {
String eapCertSelection = (String) mEapCaCertSpinner.getSelectedItem();
- if (eapCertSelection.equals(mUnspecifiedCertString)) {
+ if (eapCertSelection.equals(mUnspecifiedCertString)
+ || (mIsTrustOnFirstUseSupported
+ && eapCertSelection.equals(mTrustOnFirstUse))) {
// Domain suffix matching is not relevant if the user hasn't chosen a CA
// certificate yet, or chooses not to validate the EAP server.
setDomainInvisible();
@@ -1511,6 +1524,9 @@
}
if (showUsePreinstalledCertOption) {
certs.add(mUseSystemCertsString);
+ if (mIsTrustOnFirstUseSupported) {
+ certs.add(mTrustOnFirstUse);
+ }
certs.add(mInstallCertsString);
}