Merge "Use installed keystore alias to check if enterprise config is insure"... (c7ae85f4) · Commits · e / os / android_frameworks_base

wifi/java/android/net/wifi/WifiEnterpriseConfig.java

+12 −3

Original line number	Original line	Diff line number	Diff line
	@@ -1425,10 +1425,19 @@ public class WifiEnterpriseConfig implements Parcelable {
	if (mEapMethod != Eap.PEAP && mEapMethod != Eap.TLS && mEapMethod != Eap.TTLS) {		if (mEapMethod != Eap.PEAP && mEapMethod != Eap.TLS && mEapMethod != Eap.TTLS) {
	return false;		return false;
	}		}
	if (!mIsAppInstalledCaCert && TextUtils.isEmpty(getCaPath())) {		if (TextUtils.isEmpty(getAltSubjectMatch())
			&& TextUtils.isEmpty(getDomainSuffixMatch())) {
			// Both subject and domain match are not set, it's insecure.
	return true;		return true;
	}		}
	return TextUtils.isEmpty(getAltSubjectMatch()) && TextUtils.isEmpty(		if (mIsAppInstalledCaCert) {
	getDomainSuffixMatch());		// CA certificate is installed by App, it's secure.
			return false;
			}
			if (getCaCertificateAliases() != null) {
			// CA certificate alias from keyStore is set, it's secure.
			return false;
			}
			return TextUtils.isEmpty(getCaPath());
	}		}
	}		}

+7 −0

Original line number	Original line	Diff line number	Diff line
	@@ -565,6 +565,13 @@ public class WifiEnterpriseConfigTest {
	secureConfig.setCaCertificate(FakeKeys.CA_CERT0);		secureConfig.setCaCertificate(FakeKeys.CA_CERT0);
	secureConfig.setDomainSuffixMatch(TEST_DOMAIN_SUFFIX_MATCH);		secureConfig.setDomainSuffixMatch(TEST_DOMAIN_SUFFIX_MATCH);
	assertFalse(secureConfig.isInsecure());		assertFalse(secureConfig.isInsecure());

			WifiEnterpriseConfig secureConfigWithCaAlias = new WifiEnterpriseConfig();
			secureConfigWithCaAlias.setEapMethod(Eap.PEAP);
			secureConfigWithCaAlias.setPhase2Method(Phase2.MSCHAPV2);
			secureConfigWithCaAlias.setCaCertificateAliases(new String[]{"alias1", "alisa2"});
			secureConfigWithCaAlias.setDomainSuffixMatch(TEST_DOMAIN_SUFFIX_MATCH);
			assertFalse(secureConfigWithCaAlias.isInsecure());
	}		}

	}		}