Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9730b5aa authored by Arc Wang's avatar Arc Wang
Browse files

[Wi-Fi] Ignore incorrect user certificates 

These incorrect user certificates displayed when users
editing a Wi-Fi network of WPA3-Enterprise in 192bit.

Bug: 149763958
Test: make RunSettingsRoboTests ROBOTEST_FILTER=WifiConfigControllerTest
      make RunSettingsRoboTests ROBOTEST_FILTER=WifiConfigControllerTest2

Change-Id: Iab35ac975933abc54fda83b99a2109d53d6722d4
parent 34fdec26

src/com/android/settings/wifi/WifiConfigController.java

+26 −3
Original line number Diff line number Diff line
@@ -82,6 +82,7 @@ import java.net.InetAddress; 
import java.util.ArrayList;

import java.util.Arrays;

import java.util.Iterator;

import java.util.stream.Collectors;



/**

 * The class for allowing UIs like {@link WifiDialog} and {@link WifiConfigUiBase} to
@@ -133,6 +134,14 @@ public class WifiConfigController implements TextWatcher, 
    public static final int WIFI_TTLS_PHASE2_MSCHAPV2  = 2;

    public static final int WIFI_TTLS_PHASE2_GTC       = 3;



    private static final String UNDESIRED_CERTIFICATE_MACRANDSECRET = "MacRandSecret";

    private static final String UNDESIRED_CERTIFICATE_MACRANDSAPSECRET = "MacRandSapSecret";

    @VisibleForTesting

    static final String[] UNDESIRED_CERTIFICATES = {

        UNDESIRED_CERTIFICATE_MACRANDSECRET,

        UNDESIRED_CERTIFICATE_MACRANDSAPSECRET

    };



    /* Phase2 methods supported by PEAP are limited */

    private ArrayAdapter<CharSequence> mPhase2PeapAdapter;

    /* Phase2 methods supported by TTLS are limited */
@@ -1425,7 +1434,8 @@ public class WifiConfigController implements TextWatcher, 
        return KeyStore.getInstance();

    }



    private void loadCertificates(

    @VisibleForTesting

    void loadCertificates(

            Spinner spinner,

            String prefix,

            String noCertificateString,
@@ -1441,12 +1451,25 @@ public class WifiConfigController implements TextWatcher, 
        if (showUsePreinstalledCertOption) {

            certs.add(mUseSystemCertsString);

        }



        String[] certificateNames = null;

        try {

            certs.addAll(

                Arrays.asList(getKeyStore().list(prefix, android.os.Process.WIFI_UID)));

            certificateNames = getKeyStore().list(prefix, android.os.Process.WIFI_UID);

        } catch (Exception e) {

            Log.e(TAG, "can't get the certificate list from KeyStore");

        }

        if (certificateNames != null && certificateNames.length != 0) {

            certs.addAll(Arrays.stream(certificateNames)

                    .filter(certificateName -> {

                        for (String undesired : UNDESIRED_CERTIFICATES) {

                            if (certificateName.startsWith(undesired)) {

                                return false;

                            }

                        }

                        return true;

                    }).collect(Collectors.toList()));

        }



        if (mAccessPointSecurity != AccessPoint.SECURITY_EAP_SUITE_B) {

            certs.add(noCertificateString);

        }

src/com/android/settings/wifi/WifiConfigController2.java

+26 −2
Original line number Diff line number Diff line
@@ -82,6 +82,7 @@ import java.net.InetAddress; 
import java.util.ArrayList;

import java.util.Arrays;

import java.util.Iterator;

import java.util.stream.Collectors;



/**

 * The class for allowing UIs like {@link WifiDialog2} and {@link WifiConfigUiBase2} to
@@ -133,6 +134,14 @@ public class WifiConfigController2 implements TextWatcher, 
    public static final int WIFI_TTLS_PHASE2_MSCHAPV2  = 2;

    public static final int WIFI_TTLS_PHASE2_GTC       = 3;



    private static final String UNDESIRED_CERTIFICATE_MACRANDSECRET = "MacRandSecret";

    private static final String UNDESIRED_CERTIFICATE_MACRANDSAPSECRET = "MacRandSapSecret";

    @VisibleForTesting

    static final String[] UNDESIRED_CERTIFICATES = {

        UNDESIRED_CERTIFICATE_MACRANDSECRET,

        UNDESIRED_CERTIFICATE_MACRANDSAPSECRET

    };



    /* Phase2 methods supported by PEAP are limited */

    private ArrayAdapter<CharSequence> mPhase2PeapAdapter;

    /* Phase2 methods supported by TTLS are limited */
@@ -1421,7 +1430,8 @@ public class WifiConfigController2 implements TextWatcher, 
        return KeyStore.getInstance();

    }



    private void loadCertificates(

    @VisibleForTesting

    void loadCertificates(

            Spinner spinner,

            String prefix,

            String noCertificateString,
@@ -1437,11 +1447,25 @@ public class WifiConfigController2 implements TextWatcher, 
        if (showUsePreinstalledCertOption) {

            certs.add(mUseSystemCertsString);

        }



        String[] certificateNames = null;

        try {

            certs.addAll(Arrays.asList(getKeyStore().list(prefix, android.os.Process.WIFI_UID)));

            certificateNames = getKeyStore().list(prefix, android.os.Process.WIFI_UID);

        } catch (Exception e) {

            Log.e(TAG, "can't get the certificate list from KeyStore");

        }

        if (certificateNames != null && certificateNames.length != 0) {

            certs.addAll(Arrays.stream(certificateNames)

                    .filter(certificateName -> {

                        for (String undesired : UNDESIRED_CERTIFICATES) {

                            if (certificateName.startsWith(undesired)) {

                                return false;

                            }

                        }

                        return true;

                    }).collect(Collectors.toList()));

        }



        if (mWifiEntrySecurity != WifiEntry.SECURITY_EAP_SUITE_B) {

            certs.add(noCertificateString);

        }

tests/robotests/src/com/android/settings/wifi/WifiConfigController2Test.java

+14 −0
Original line number Diff line number Diff line
@@ -240,6 +240,20 @@ public class WifiConfigController2Test { 
        // No Crash

    }



    @Test

    public void loadCertificates_undesiredCertificates_shouldNotLoadUndesiredCertificates() {

        final Spinner spinner = new Spinner(mContext);

        when(mKeyStore.list(anyString())).thenReturn(WifiConfigController.UNDESIRED_CERTIFICATES);



        mController.loadCertificates(spinner,

                "prefix",

                "doNotProvideEapUserCertString",

                false /* showMultipleCerts */,

                false /* showUsePreinstalledCertOption */);



        assertThat(spinner.getAdapter().getCount()).isEqualTo(1);   // doNotProvideEapUserCertString

    }



    @Test

    public void ssidGetFocus_addNewNetwork_shouldReturnTrue() {

        mController = new TestWifiConfigController2(mConfigUiBase, mView, null /* wifiEntry */,

tests/robotests/src/com/android/settings/wifi/WifiConfigControllerTest.java

+14 −0
Original line number Diff line number Diff line
@@ -240,6 +240,20 @@ public class WifiConfigControllerTest { 
        // No Crash

    }



    @Test

    public void loadCertificates_undesiredCertificates_shouldNotLoadUndesiredCertificates() {

        final Spinner spinner = new Spinner(mContext);

        when(mKeyStore.list(anyString())).thenReturn(WifiConfigController.UNDESIRED_CERTIFICATES);



        mController.loadCertificates(spinner,

                "prefix",

                "doNotProvideEapUserCertString",

                false /* showMultipleCerts */,

                false /* showUsePreinstalledCertOption */);



        assertThat(spinner.getAdapter().getCount()).isEqualTo(1);   // doNotProvideEapUserCertString

    }



    @Test

    public void ssidGetFocus_addNewNetwork_shouldReturnTrue() {

        mController = new TestWifiConfigController(mConfigUiBase, mView, null /* accessPoint */,