Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit bde88c4b authored by Jimmy Chen's avatar Jimmy Chen
Browse files

wifi: add Trust-On-First-Use option for CA 

Bug: 196180536
Test: * connect to a EAP-TLS network with TOFU option
      * make RunSettingsRoboTests ROBOTEST_FILTER=WifiConfigController2Test
Change-Id: I30b55d835bd073d604bddd235f2425bdc8b647af
parent 1eac7941

res/values/strings.xml

+2 −0
Original line number Diff line number Diff line
@@ -2445,6 +2445,8 @@ 
    <string name="wifi_do_not_provide_eap_user_cert">Do not provide</string>

    <!-- Menu option for not validating the EAP server -->

    <string name="wifi_do_not_validate_eap_server">Do not validate</string>

    <!-- Menu option for Trust On First Use[CHAR_LIMIT=64] -->

    <string name="wifi_trust_on_first_use">Trust on First Use</string>

    <!-- Warning message displayed if network name (ssid) is too long -->

    <string name="wifi_ssid_too_long">Network name is too long.</string>

    <!-- Warning message displayed if user does not specify a domain for the CA certificate.

src/com/android/settings/wifi/WifiConfigController2.java

+18 −2
Original line number Diff line number Diff line
@@ -169,6 +169,7 @@ public class WifiConfigController2 implements TextWatcher, 
    private String mUnspecifiedCertString;

    private String mMultipleCertSetString;

    private String mUseSystemCertsString;

    private String mTrustOnFirstUse;

    private String mDoNotProvideEapUserCertString;

    @VisibleForTesting String mInstallCertsString;
@@ -219,6 +220,7 @@ public class WifiConfigController2 implements TextWatcher, 
    Integer[] mSecurityInPosition;



    private final WifiManager mWifiManager;

    private boolean mIsTrustOnFirstUseSupported;



    private final List<SubscriptionInfo> mActiveSubscriptionInfos = new ArrayList<>();
@@ -251,6 +253,7 @@ public class WifiConfigController2 implements TextWatcher, 
        mWifiEntrySecurity = (wifiEntry == null) ? WifiEntry.SECURITY_NONE :

                wifiEntry.getSecurity();

        mMode = mode;

        mIsTrustOnFirstUseSupported = mWifiManager.isTrustOnFirstUseSupported();



        final Resources res = mContext.getResources();
@@ -268,6 +271,7 @@ public class WifiConfigController2 implements TextWatcher, 
        mUnspecifiedCertString = mContext.getString(R.string.wifi_unspecified);

        mMultipleCertSetString = mContext.getString(R.string.wifi_multiple_cert_added);

        mUseSystemCertsString = mContext.getString(R.string.wifi_use_system_certs);

        mTrustOnFirstUse = mContext.getString(R.string.wifi_trust_on_first_use);

        mDoNotProvideEapUserCertString =

            mContext.getString(R.string.wifi_do_not_provide_eap_user_cert);

        mInstallCertsString = mContext.getString(R.string.wifi_install_credentials);
@@ -707,6 +711,8 @@ public class WifiConfigController2 implements TextWatcher, 
                config.enterpriseConfig.setDomainSuffixMatch(mEapDomainView.getText().toString());

                if (caCert.equals(mUnspecifiedCertString)) {

                    // ca_cert already set to null, so do nothing.

                } else if (mIsTrustOnFirstUseSupported && caCert.equals(mTrustOnFirstUse)) {

                    config.enterpriseConfig.enableTrustOnFirstUse(true);

                } else if (caCert.equals(mUseSystemCertsString)) {

                    config.enterpriseConfig.setCaPath(SYSTEM_CA_STORE_PATH);

                } else if (caCert.equals(mMultipleCertSetString)) {
@@ -1120,7 +1126,12 @@ public class WifiConfigController2 implements TextWatcher, 
            } else {

                String[] caCerts = enterpriseConfig.getCaCertificateAliases();

                if (caCerts == null) {

                    if (mIsTrustOnFirstUseSupported

                            && enterpriseConfig.isTrustOnFirstUseEnabled()) {

                        setSelection(mEapCaCertSpinner, mTrustOnFirstUse);

                    } else {

                        setSelection(mEapCaCertSpinner, mUnspecifiedCertString);

                    }

                } else if (caCerts.length == 1) {

                    setSelection(mEapCaCertSpinner, caCerts[0]);

                } else {
@@ -1263,7 +1274,9 @@ public class WifiConfigController2 implements TextWatcher, 


        if (mView.findViewById(R.id.l_ca_cert).getVisibility() != View.GONE) {

            String eapCertSelection = (String) mEapCaCertSpinner.getSelectedItem();

            if (eapCertSelection.equals(mUnspecifiedCertString)) {

            if (eapCertSelection.equals(mUnspecifiedCertString)

                    || (mIsTrustOnFirstUseSupported

                            && eapCertSelection.equals(mTrustOnFirstUse))) {

                // Domain suffix matching is not relevant if the user hasn't chosen a CA

                // certificate yet, or chooses not to validate the EAP server.

                setDomainInvisible();
@@ -1511,6 +1524,9 @@ public class WifiConfigController2 implements TextWatcher, 
        }

        if (showUsePreinstalledCertOption) {

            certs.add(mUseSystemCertsString);

            if (mIsTrustOnFirstUseSupported) {

                certs.add(mTrustOnFirstUse);

            }

            certs.add(mInstallCertsString);

        }