Use installed keystore alias to check if enterprise config is insure (9b39089e) · Commits · e / os / android_frameworks_base

wifi/java/android/net/wifi/WifiEnterpriseConfig.java

+12 −3

Original line number	Diff line number	Diff line
		@@ -1397,10 +1397,19 @@ public class WifiEnterpriseConfig implements Parcelable {
		if (mEapMethod != Eap.PEAP && mEapMethod != Eap.TLS && mEapMethod != Eap.TTLS) {
		return false;
		}
		if (!mIsAppInstalledCaCert && TextUtils.isEmpty(getCaPath())) {
		if (TextUtils.isEmpty(getAltSubjectMatch())
		&& TextUtils.isEmpty(getDomainSuffixMatch())) {
		// Both subject and domain match are not set, it's insecure.
		return true;
		}
		return TextUtils.isEmpty(getAltSubjectMatch()) && TextUtils.isEmpty(
		getDomainSuffixMatch());
		if (mIsAppInstalledCaCert) {
		// CA certificate is installed by App, it's secure.
		return false;
		}
		if (getCaCertificateAliases() != null) {
		// CA certificate alias from keyStore is set, it's secure.
		return false;
		}
		return TextUtils.isEmpty(getCaPath());
		}
		}

+7 −0

Original line number	Diff line number	Diff line
		@@ -565,6 +565,13 @@ public class WifiEnterpriseConfigTest {
		secureConfig.setCaCertificate(FakeKeys.CA_CERT0);
		secureConfig.setDomainSuffixMatch(TEST_DOMAIN_SUFFIX_MATCH);
		assertFalse(secureConfig.isInsecure());

		WifiEnterpriseConfig secureConfigWithCaAlias = new WifiEnterpriseConfig();
		secureConfigWithCaAlias.setEapMethod(Eap.PEAP);
		secureConfigWithCaAlias.setPhase2Method(Phase2.MSCHAPV2);
		secureConfigWithCaAlias.setCaCertificateAliases(new String[]{"alias1", "alisa2"});
		secureConfigWithCaAlias.setDomainSuffixMatch(TEST_DOMAIN_SUFFIX_MATCH);
		assertFalse(secureConfigWithCaAlias.isInsecure());
		}

		}