Merge "[Wi-Fi] Ignore incorrect user certificates" into rvc-dev
diff --git a/src/com/android/settings/wifi/WifiConfigController.java b/src/com/android/settings/wifi/WifiConfigController.java
index d9b9e3c..5264e10 100644
--- a/src/com/android/settings/wifi/WifiConfigController.java
+++ b/src/com/android/settings/wifi/WifiConfigController.java
@@ -82,6 +82,7 @@
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
+import java.util.stream.Collectors;
/**
* The class for allowing UIs like {@link WifiDialog} and {@link WifiConfigUiBase} to
@@ -133,6 +134,14 @@
public static final int WIFI_TTLS_PHASE2_MSCHAPV2 = 2;
public static final int WIFI_TTLS_PHASE2_GTC = 3;
+ private static final String UNDESIRED_CERTIFICATE_MACRANDSECRET = "MacRandSecret";
+ private static final String UNDESIRED_CERTIFICATE_MACRANDSAPSECRET = "MacRandSapSecret";
+ @VisibleForTesting
+ static final String[] UNDESIRED_CERTIFICATES = {
+ UNDESIRED_CERTIFICATE_MACRANDSECRET,
+ UNDESIRED_CERTIFICATE_MACRANDSAPSECRET
+ };
+
/* Phase2 methods supported by PEAP are limited */
private ArrayAdapter<CharSequence> mPhase2PeapAdapter;
/* Phase2 methods supported by TTLS are limited */
@@ -1425,7 +1434,8 @@
return KeyStore.getInstance();
}
- private void loadCertificates(
+ @VisibleForTesting
+ void loadCertificates(
Spinner spinner,
String prefix,
String noCertificateString,
@@ -1441,12 +1451,25 @@
if (showUsePreinstalledCertOption) {
certs.add(mUseSystemCertsString);
}
+
+ String[] certificateNames = null;
try {
- certs.addAll(
- Arrays.asList(getKeyStore().list(prefix, android.os.Process.WIFI_UID)));
+ certificateNames = getKeyStore().list(prefix, android.os.Process.WIFI_UID);
} catch (Exception e) {
Log.e(TAG, "can't get the certificate list from KeyStore");
}
+ if (certificateNames != null && certificateNames.length != 0) {
+ certs.addAll(Arrays.stream(certificateNames)
+ .filter(certificateName -> {
+ for (String undesired : UNDESIRED_CERTIFICATES) {
+ if (certificateName.startsWith(undesired)) {
+ return false;
+ }
+ }
+ return true;
+ }).collect(Collectors.toList()));
+ }
+
if (mAccessPointSecurity != AccessPoint.SECURITY_EAP_SUITE_B) {
certs.add(noCertificateString);
}
diff --git a/src/com/android/settings/wifi/WifiConfigController2.java b/src/com/android/settings/wifi/WifiConfigController2.java
index 8352a76..830f061 100644
--- a/src/com/android/settings/wifi/WifiConfigController2.java
+++ b/src/com/android/settings/wifi/WifiConfigController2.java
@@ -82,6 +82,7 @@
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
+import java.util.stream.Collectors;
/**
* The class for allowing UIs like {@link WifiDialog2} and {@link WifiConfigUiBase2} to
@@ -133,6 +134,14 @@
public static final int WIFI_TTLS_PHASE2_MSCHAPV2 = 2;
public static final int WIFI_TTLS_PHASE2_GTC = 3;
+ private static final String UNDESIRED_CERTIFICATE_MACRANDSECRET = "MacRandSecret";
+ private static final String UNDESIRED_CERTIFICATE_MACRANDSAPSECRET = "MacRandSapSecret";
+ @VisibleForTesting
+ static final String[] UNDESIRED_CERTIFICATES = {
+ UNDESIRED_CERTIFICATE_MACRANDSECRET,
+ UNDESIRED_CERTIFICATE_MACRANDSAPSECRET
+ };
+
/* Phase2 methods supported by PEAP are limited */
private ArrayAdapter<CharSequence> mPhase2PeapAdapter;
/* Phase2 methods supported by TTLS are limited */
@@ -1421,7 +1430,8 @@
return KeyStore.getInstance();
}
- private void loadCertificates(
+ @VisibleForTesting
+ void loadCertificates(
Spinner spinner,
String prefix,
String noCertificateString,
@@ -1437,11 +1447,25 @@
if (showUsePreinstalledCertOption) {
certs.add(mUseSystemCertsString);
}
+
+ String[] certificateNames = null;
try {
- certs.addAll(Arrays.asList(getKeyStore().list(prefix, android.os.Process.WIFI_UID)));
+ certificateNames = getKeyStore().list(prefix, android.os.Process.WIFI_UID);
} catch (Exception e) {
Log.e(TAG, "can't get the certificate list from KeyStore");
}
+ if (certificateNames != null && certificateNames.length != 0) {
+ certs.addAll(Arrays.stream(certificateNames)
+ .filter(certificateName -> {
+ for (String undesired : UNDESIRED_CERTIFICATES) {
+ if (certificateName.startsWith(undesired)) {
+ return false;
+ }
+ }
+ return true;
+ }).collect(Collectors.toList()));
+ }
+
if (mWifiEntrySecurity != WifiEntry.SECURITY_EAP_SUITE_B) {
certs.add(noCertificateString);
}
diff --git a/tests/robotests/src/com/android/settings/wifi/WifiConfigController2Test.java b/tests/robotests/src/com/android/settings/wifi/WifiConfigController2Test.java
index e0dc97f..c9bc346 100644
--- a/tests/robotests/src/com/android/settings/wifi/WifiConfigController2Test.java
+++ b/tests/robotests/src/com/android/settings/wifi/WifiConfigController2Test.java
@@ -241,6 +241,20 @@
}
@Test
+ public void loadCertificates_undesiredCertificates_shouldNotLoadUndesiredCertificates() {
+ final Spinner spinner = new Spinner(mContext);
+ when(mKeyStore.list(anyString())).thenReturn(WifiConfigController.UNDESIRED_CERTIFICATES);
+
+ mController.loadCertificates(spinner,
+ "prefix",
+ "doNotProvideEapUserCertString",
+ false /* showMultipleCerts */,
+ false /* showUsePreinstalledCertOption */);
+
+ assertThat(spinner.getAdapter().getCount()).isEqualTo(1); // doNotProvideEapUserCertString
+ }
+
+ @Test
public void ssidGetFocus_addNewNetwork_shouldReturnTrue() {
mController = new TestWifiConfigController2(mConfigUiBase, mView, null /* wifiEntry */,
WifiConfigUiBase2.MODE_CONNECT);
diff --git a/tests/robotests/src/com/android/settings/wifi/WifiConfigControllerTest.java b/tests/robotests/src/com/android/settings/wifi/WifiConfigControllerTest.java
index 3a17b6c..9146998 100644
--- a/tests/robotests/src/com/android/settings/wifi/WifiConfigControllerTest.java
+++ b/tests/robotests/src/com/android/settings/wifi/WifiConfigControllerTest.java
@@ -241,6 +241,20 @@
}
@Test
+ public void loadCertificates_undesiredCertificates_shouldNotLoadUndesiredCertificates() {
+ final Spinner spinner = new Spinner(mContext);
+ when(mKeyStore.list(anyString())).thenReturn(WifiConfigController.UNDESIRED_CERTIFICATES);
+
+ mController.loadCertificates(spinner,
+ "prefix",
+ "doNotProvideEapUserCertString",
+ false /* showMultipleCerts */,
+ false /* showUsePreinstalledCertOption */);
+
+ assertThat(spinner.getAdapter().getCount()).isEqualTo(1); // doNotProvideEapUserCertString
+ }
+
+ @Test
public void ssidGetFocus_addNewNetwork_shouldReturnTrue() {
mController = new TestWifiConfigController(mConfigUiBase, mView, null /* accessPoint */,
WifiConfigUiBase.MODE_CONNECT);