Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d147f009 authored by Samuel Tan's avatar Samuel Tan
Browse files

WifiConfigController: set ca_path and ca_cert to null if unused 

The WPA supplicant ca_cert and ca_path directives should not
both be non-null, since our EAP settings logic only allows one
or the other to be used.

Modify logic in getConfig() to explicitly set ca_path or ca_cert
to null if it is not used. This explicit null value is necessary
to override a previously non-null value saved in an existing
configuration.

Also, always set the domain_suffix_match directive, which
will lead to this directive to be reset when the Domain
field is hidden.

BUG: 27194668
TEST: 1) Install custom ca certificate onto device as "testcert"
TEST: 2) Configure an EAP-TLS network with CA certificate
         "testcert", Domain "testdomain",
         User certificate "Do not provide", identity empty, and save.
TEST: 3) Read network variables in data/misc/wifi/wpa_supplicant.conf
         and ensure that ca_cert is "testcert", ca_path is not
         present, and domain_suffix_match is "testdomain".
TEST: 4) Modify that same EAP-TLS network configured in step 2 with
         CA certificate "Use system certificates", Domain "testdomain",
         User certificate "Do not provide", identity empty, and save.
TEST: 5) Read network variables in data/misc/wifi/wpa_supplicant.eonf
         and ensure that ca_cert is "keystore://CACERT_testcert",
         ca_path is not present, and domain_suffix_match is
         "testdomain".
TEST: 6) Modify that same EAP-TLS network configured in step 2 to be
         an EAP-PWD network. Leave Identity and Password blank, and
         save.
TEST: 7) Read network variables in data/misc/wifi/wpa_supplicant.eonf
         and ensure that ca_cert, ca_path, and domain_suffix_match are
         not present.

Change-Id: I547f3e359bc8e9b77e51e10e60356b857230636f
parent c408ab3d

src/com/android/settings/wifi/WifiConfigController.java

+32 −19
Original line number Diff line number Diff line
@@ -517,16 +517,15 @@ public class WifiConfigController 
                        config.enterpriseConfig.setPhase2Method(phase2Method);

                        break;

                }



                String caCert = (String) mEapCaCertSpinner.getSelectedItem();

                config.enterpriseConfig.setCaCertificateAliases(null);

                config.enterpriseConfig.setCaPath(null);

                config.enterpriseConfig.setDomainSuffixMatch(mEapDomainView.getText().toString());

                if (caCert.equals(mUnspecifiedCertString)

                        || caCert.equals(mDoNotValidateEapServerString)) {

                    // Note: |caCert| should not be able to take the value |unspecifiedCert|,

                    // since we prevent such configurations from being saved.

                    config.enterpriseConfig.setCaCertificateAliases(null);

                } else {

                    config.enterpriseConfig.setDomainSuffixMatch(

                            mEapDomainView.getText().toString());

                    if (caCert.equals(mUseSystemCertsString)) {

                    // ca_cert already set to null, so do nothing.

                } else if (caCert.equals(mUseSystemCertsString)) {

                    config.enterpriseConfig.setCaPath(SYSTEM_CA_STORE_PATH);

                } else if (caCert.equals(mMultipleCertSetString)) {

                    if (mAccessPoint != null) {
@@ -535,12 +534,26 @@ public class WifiConfigController 
                                    + "when editing saved network");

                        }

                        config.enterpriseConfig.setCaCertificateAliases(

                                    mAccessPoint.getConfig().enterpriseConfig

                                mAccessPoint

                                        .getConfig()

                                        .enterpriseConfig

                                        .getCaCertificateAliases());

                    }

                } else {

                    config.enterpriseConfig.setCaCertificateAliases(new String[] {caCert});

                }



                // ca_cert or ca_path should not both be non-null, since we only intend to let

                // the use either their own certificate, or the system certificates, not both.

                // The variable that is not used must explicitly be set to null, so that a

                // previously-set value on a saved configuration will be erased on an update.

                if (config.enterpriseConfig.getCaCertificateAliases() != null

                        && config.enterpriseConfig.getCaPath() != null) {

                    Log.e(TAG, "ca_cert ("

                            + config.enterpriseConfig.getCaCertificateAliases()

                            + ") and ca_path ("

                            + config.enterpriseConfig.getCaPath()

                            + ") should not both be non-null");

                }



                String clientCert = (String) mEapUserCertSpinner.getSelectedItem();