Loading wifi/java/android/net/wifi/WifiEnterpriseConfig.java +39 −0 Original line number Diff line number Diff line Loading @@ -139,6 +139,8 @@ public class WifiEnterpriseConfig implements Parcelable { private X509Certificate[] mClientCertificateChain; private int mEapMethod = Eap.NONE; private int mPhase2Method = Phase2.NONE; private boolean mIsAppInstalledDeviceKeyAndCert = false; private boolean mIsAppInstalledCaCert = false; private static final String TAG = "WifiEnterpriseConfig"; Loading Loading @@ -181,6 +183,8 @@ public class WifiEnterpriseConfig implements Parcelable { } mEapMethod = source.mEapMethod; mPhase2Method = source.mPhase2Method; mIsAppInstalledDeviceKeyAndCert = source.mIsAppInstalledDeviceKeyAndCert; mIsAppInstalledCaCert = source.mIsAppInstalledCaCert; } /** Loading Loading @@ -224,6 +228,8 @@ public class WifiEnterpriseConfig implements Parcelable { ParcelUtil.writeCertificates(dest, mCaCerts); ParcelUtil.writePrivateKey(dest, mClientPrivateKey); ParcelUtil.writeCertificates(dest, mClientCertificateChain); dest.writeBoolean(mIsAppInstalledDeviceKeyAndCert); dest.writeBoolean(mIsAppInstalledCaCert); } public static final @android.annotation.NonNull Creator<WifiEnterpriseConfig> CREATOR = Loading @@ -243,6 +249,8 @@ public class WifiEnterpriseConfig implements Parcelable { enterpriseConfig.mCaCerts = ParcelUtil.readCertificates(in); enterpriseConfig.mClientPrivateKey = ParcelUtil.readPrivateKey(in); enterpriseConfig.mClientCertificateChain = ParcelUtil.readCertificates(in); enterpriseConfig.mIsAppInstalledDeviceKeyAndCert = in.readBoolean(); enterpriseConfig.mIsAppInstalledCaCert = in.readBoolean(); return enterpriseConfig; } Loading Loading @@ -652,8 +660,10 @@ public class WifiEnterpriseConfig implements Parcelable { public void setCaCertificate(@Nullable X509Certificate cert) { if (cert != null) { if (cert.getBasicConstraints() >= 0) { mIsAppInstalledCaCert = true; mCaCerts = new X509Certificate[] {cert}; } else { mCaCerts = null; throw new IllegalArgumentException("Not a CA certificate"); } } else { Loading Loading @@ -694,10 +704,12 @@ public class WifiEnterpriseConfig implements Parcelable { if (certs[i].getBasicConstraints() >= 0) { newCerts[i] = certs[i]; } else { mCaCerts = null; throw new IllegalArgumentException("Not a CA certificate"); } } mCaCerts = newCerts; mIsAppInstalledCaCert = true; } else { mCaCerts = null; } Loading Loading @@ -853,6 +865,7 @@ public class WifiEnterpriseConfig implements Parcelable { mClientPrivateKey = privateKey; mClientCertificateChain = newCerts; mIsAppInstalledDeviceKeyAndCert = true; } /** Loading Loading @@ -1147,4 +1160,30 @@ public class WifiEnterpriseConfig implements Parcelable { } return true; } /** * Check if certificate was installed by an app, or manually (not by an app). If true, * certificate and keys will be removed from key storage when this network is removed. If not, * then certificates and keys remain persistent until the user manually removes them. * * @return true if certificate was installed by an app, false if certificate was installed * manually by the user. * @hide */ public boolean isAppInstalledDeviceKeyAndCert() { return mIsAppInstalledDeviceKeyAndCert; } /** * Check if CA certificate was installed by an app, or manually (not by an app). If true, * CA certificate will be removed from key storage when this network is removed. If not, * then certificates and keys remain persistent until the user manually removes them. * * @return true if CA certificate was installed by an app, false if CA certificate was installed * manually by the user. * @hide */ public boolean isAppInstalledCaCert() { return mIsAppInstalledCaCert; } } wifi/tests/src/android/net/wifi/WifiEnterpriseConfigTest.java +64 −0 Original line number Diff line number Diff line Loading @@ -423,4 +423,68 @@ public class WifiEnterpriseConfigTest { mEnterpriseConfig.setPassword(password); assertFalse(mEnterpriseConfig.toString().contains(password)); } /** Verifies that certificate ownership flag is set correctly */ @Test public void testIsAppInstalledDeviceKeyAndCert() { // First make sure that app didn't install anything assertFalse(mEnterpriseConfig.isAppInstalledDeviceKeyAndCert()); assertFalse(mEnterpriseConfig.isAppInstalledCaCert()); // Then app loads keys via the enterprise config API PrivateKey clientKey = FakeKeys.RSA_KEY1; X509Certificate cert0 = FakeKeys.CLIENT_CERT; X509Certificate cert1 = FakeKeys.CA_CERT1; X509Certificate[] clientChain = new X509Certificate[] {cert0, cert1}; mEnterpriseConfig.setClientKeyEntryWithCertificateChain(clientKey, clientChain); X509Certificate[] result = mEnterpriseConfig.getClientCertificateChain(); assertEquals(result.length, 2); assertTrue(result[0] == cert0 && result[1] == cert1); assertTrue(mEnterpriseConfig.getClientCertificate() == cert0); // Make sure it is the owner now assertTrue(mEnterpriseConfig.isAppInstalledDeviceKeyAndCert()); assertFalse(mEnterpriseConfig.isAppInstalledCaCert()); } /** Verifies that certificate ownership flag is set correctly */ @Test public void testIsAppInstalledCaCert() { // First make sure that app didn't install anything assertFalse(mEnterpriseConfig.isAppInstalledDeviceKeyAndCert()); assertFalse(mEnterpriseConfig.isAppInstalledCaCert()); // Then app loads CA cert via the enterprise config API X509Certificate cert = FakeKeys.CA_CERT1; mEnterpriseConfig.setCaCertificate(cert); X509Certificate result = mEnterpriseConfig.getCaCertificate(); assertTrue(result == cert); // Make sure it is the owner now assertFalse(mEnterpriseConfig.isAppInstalledDeviceKeyAndCert()); assertTrue(mEnterpriseConfig.isAppInstalledCaCert()); } /** Verifies that certificate ownership flag is set correctly */ @Test public void testIsAppInstalledCaCerts() { // First make sure that app didn't install anything assertFalse(mEnterpriseConfig.isAppInstalledDeviceKeyAndCert()); assertFalse(mEnterpriseConfig.isAppInstalledCaCert()); // Then app loads CA cert via the enterprise config API X509Certificate cert0 = FakeKeys.CA_CERT0; X509Certificate cert1 = FakeKeys.CA_CERT1; X509Certificate[] cert = new X509Certificate[] {cert0, cert1}; mEnterpriseConfig.setCaCertificates(cert); X509Certificate[] result = mEnterpriseConfig.getCaCertificates(); assertEquals(result.length, 2); assertTrue(result[0] == cert0 && result[1] == cert1); // assertTrue(mEnterpriseConfig.getClientCertificate() == cert0); // Make sure it is the owner now assertFalse(mEnterpriseConfig.isAppInstalledDeviceKeyAndCert()); assertTrue(mEnterpriseConfig.isAppInstalledCaCert()); } } Loading
wifi/java/android/net/wifi/WifiEnterpriseConfig.java +39 −0 Original line number Diff line number Diff line Loading @@ -139,6 +139,8 @@ public class WifiEnterpriseConfig implements Parcelable { private X509Certificate[] mClientCertificateChain; private int mEapMethod = Eap.NONE; private int mPhase2Method = Phase2.NONE; private boolean mIsAppInstalledDeviceKeyAndCert = false; private boolean mIsAppInstalledCaCert = false; private static final String TAG = "WifiEnterpriseConfig"; Loading Loading @@ -181,6 +183,8 @@ public class WifiEnterpriseConfig implements Parcelable { } mEapMethod = source.mEapMethod; mPhase2Method = source.mPhase2Method; mIsAppInstalledDeviceKeyAndCert = source.mIsAppInstalledDeviceKeyAndCert; mIsAppInstalledCaCert = source.mIsAppInstalledCaCert; } /** Loading Loading @@ -224,6 +228,8 @@ public class WifiEnterpriseConfig implements Parcelable { ParcelUtil.writeCertificates(dest, mCaCerts); ParcelUtil.writePrivateKey(dest, mClientPrivateKey); ParcelUtil.writeCertificates(dest, mClientCertificateChain); dest.writeBoolean(mIsAppInstalledDeviceKeyAndCert); dest.writeBoolean(mIsAppInstalledCaCert); } public static final @android.annotation.NonNull Creator<WifiEnterpriseConfig> CREATOR = Loading @@ -243,6 +249,8 @@ public class WifiEnterpriseConfig implements Parcelable { enterpriseConfig.mCaCerts = ParcelUtil.readCertificates(in); enterpriseConfig.mClientPrivateKey = ParcelUtil.readPrivateKey(in); enterpriseConfig.mClientCertificateChain = ParcelUtil.readCertificates(in); enterpriseConfig.mIsAppInstalledDeviceKeyAndCert = in.readBoolean(); enterpriseConfig.mIsAppInstalledCaCert = in.readBoolean(); return enterpriseConfig; } Loading Loading @@ -652,8 +660,10 @@ public class WifiEnterpriseConfig implements Parcelable { public void setCaCertificate(@Nullable X509Certificate cert) { if (cert != null) { if (cert.getBasicConstraints() >= 0) { mIsAppInstalledCaCert = true; mCaCerts = new X509Certificate[] {cert}; } else { mCaCerts = null; throw new IllegalArgumentException("Not a CA certificate"); } } else { Loading Loading @@ -694,10 +704,12 @@ public class WifiEnterpriseConfig implements Parcelable { if (certs[i].getBasicConstraints() >= 0) { newCerts[i] = certs[i]; } else { mCaCerts = null; throw new IllegalArgumentException("Not a CA certificate"); } } mCaCerts = newCerts; mIsAppInstalledCaCert = true; } else { mCaCerts = null; } Loading Loading @@ -853,6 +865,7 @@ public class WifiEnterpriseConfig implements Parcelable { mClientPrivateKey = privateKey; mClientCertificateChain = newCerts; mIsAppInstalledDeviceKeyAndCert = true; } /** Loading Loading @@ -1147,4 +1160,30 @@ public class WifiEnterpriseConfig implements Parcelable { } return true; } /** * Check if certificate was installed by an app, or manually (not by an app). If true, * certificate and keys will be removed from key storage when this network is removed. If not, * then certificates and keys remain persistent until the user manually removes them. * * @return true if certificate was installed by an app, false if certificate was installed * manually by the user. * @hide */ public boolean isAppInstalledDeviceKeyAndCert() { return mIsAppInstalledDeviceKeyAndCert; } /** * Check if CA certificate was installed by an app, or manually (not by an app). If true, * CA certificate will be removed from key storage when this network is removed. If not, * then certificates and keys remain persistent until the user manually removes them. * * @return true if CA certificate was installed by an app, false if CA certificate was installed * manually by the user. * @hide */ public boolean isAppInstalledCaCert() { return mIsAppInstalledCaCert; } }
wifi/tests/src/android/net/wifi/WifiEnterpriseConfigTest.java +64 −0 Original line number Diff line number Diff line Loading @@ -423,4 +423,68 @@ public class WifiEnterpriseConfigTest { mEnterpriseConfig.setPassword(password); assertFalse(mEnterpriseConfig.toString().contains(password)); } /** Verifies that certificate ownership flag is set correctly */ @Test public void testIsAppInstalledDeviceKeyAndCert() { // First make sure that app didn't install anything assertFalse(mEnterpriseConfig.isAppInstalledDeviceKeyAndCert()); assertFalse(mEnterpriseConfig.isAppInstalledCaCert()); // Then app loads keys via the enterprise config API PrivateKey clientKey = FakeKeys.RSA_KEY1; X509Certificate cert0 = FakeKeys.CLIENT_CERT; X509Certificate cert1 = FakeKeys.CA_CERT1; X509Certificate[] clientChain = new X509Certificate[] {cert0, cert1}; mEnterpriseConfig.setClientKeyEntryWithCertificateChain(clientKey, clientChain); X509Certificate[] result = mEnterpriseConfig.getClientCertificateChain(); assertEquals(result.length, 2); assertTrue(result[0] == cert0 && result[1] == cert1); assertTrue(mEnterpriseConfig.getClientCertificate() == cert0); // Make sure it is the owner now assertTrue(mEnterpriseConfig.isAppInstalledDeviceKeyAndCert()); assertFalse(mEnterpriseConfig.isAppInstalledCaCert()); } /** Verifies that certificate ownership flag is set correctly */ @Test public void testIsAppInstalledCaCert() { // First make sure that app didn't install anything assertFalse(mEnterpriseConfig.isAppInstalledDeviceKeyAndCert()); assertFalse(mEnterpriseConfig.isAppInstalledCaCert()); // Then app loads CA cert via the enterprise config API X509Certificate cert = FakeKeys.CA_CERT1; mEnterpriseConfig.setCaCertificate(cert); X509Certificate result = mEnterpriseConfig.getCaCertificate(); assertTrue(result == cert); // Make sure it is the owner now assertFalse(mEnterpriseConfig.isAppInstalledDeviceKeyAndCert()); assertTrue(mEnterpriseConfig.isAppInstalledCaCert()); } /** Verifies that certificate ownership flag is set correctly */ @Test public void testIsAppInstalledCaCerts() { // First make sure that app didn't install anything assertFalse(mEnterpriseConfig.isAppInstalledDeviceKeyAndCert()); assertFalse(mEnterpriseConfig.isAppInstalledCaCert()); // Then app loads CA cert via the enterprise config API X509Certificate cert0 = FakeKeys.CA_CERT0; X509Certificate cert1 = FakeKeys.CA_CERT1; X509Certificate[] cert = new X509Certificate[] {cert0, cert1}; mEnterpriseConfig.setCaCertificates(cert); X509Certificate[] result = mEnterpriseConfig.getCaCertificates(); assertEquals(result.length, 2); assertTrue(result[0] == cert0 && result[1] == cert1); // assertTrue(mEnterpriseConfig.getClientCertificate() == cert0); // Make sure it is the owner now assertFalse(mEnterpriseConfig.isAppInstalledDeviceKeyAndCert()); assertTrue(mEnterpriseConfig.isAppInstalledCaCert()); } }
