[Enterprise] Fix hasEnterpriseConfigChanged method
Updated the hasEnterpriseConfigChanged method to look at additional
fields related to the credential: CA and Client certificate
aliases, Subject alternate match and OCSP setting.
Bug: 162985598
Test: atest WifiConfigurationUtilTest
Change-Id: I6fe2ccf27b71072b06de92128e5c1bf429efe251
Merged-In: I6fe2ccf27b71072b06de92128e5c1bf429efe251
(cherry picked from commit 2828d29df8f91a98cd24cfb2e6f226ac402f330c)
diff --git a/service/java/com/android/server/wifi/WifiConfigurationUtil.java b/service/java/com/android/server/wifi/WifiConfigurationUtil.java
index f37472e..336d978 100644
--- a/service/java/com/android/server/wifi/WifiConfigurationUtil.java
+++ b/service/java/com/android/server/wifi/WifiConfigurationUtil.java
@@ -224,6 +224,11 @@
if (existingEnterpriseConfig.getEapMethod() != newEnterpriseConfig.getEapMethod()) {
return true;
}
+ if (existingEnterpriseConfig.isAuthenticationSimBased()) {
+ // No other credential changes for SIM based methods.
+ // The SIM card is the credential.
+ return false;
+ }
if (existingEnterpriseConfig.getPhase2Method()
!= newEnterpriseConfig.getPhase2Method()) {
return true;
@@ -232,8 +237,7 @@
newEnterpriseConfig.getIdentity())) {
return true;
}
- if (!existingEnterpriseConfig.isAuthenticationSimBased()
- && !TextUtils.equals(existingEnterpriseConfig.getAnonymousIdentity(),
+ if (!TextUtils.equals(existingEnterpriseConfig.getAnonymousIdentity(),
newEnterpriseConfig.getAnonymousIdentity())) {
return true;
}
@@ -246,6 +250,21 @@
if (!Arrays.equals(existingCaCerts, newCaCerts)) {
return true;
}
+ if (!Arrays.equals(newEnterpriseConfig.getCaCertificateAliases(),
+ existingEnterpriseConfig.getCaCertificateAliases())) {
+ return true;
+ }
+ if (!TextUtils.equals(newEnterpriseConfig.getClientCertificateAlias(),
+ existingEnterpriseConfig.getClientCertificateAlias())) {
+ return true;
+ }
+ if (!TextUtils.equals(newEnterpriseConfig.getAltSubjectMatch(),
+ existingEnterpriseConfig.getAltSubjectMatch())) {
+ return true;
+ }
+ if (newEnterpriseConfig.getOcsp() != existingEnterpriseConfig.getOcsp()) {
+ return true;
+ }
} else {
// One of the configs may have an enterpriseConfig
if (existingEnterpriseConfig != null || newEnterpriseConfig != null) {
diff --git a/tests/wifitests/src/com/android/server/wifi/WifiConfigurationUtilTest.java b/tests/wifitests/src/com/android/server/wifi/WifiConfigurationUtilTest.java
index 8d7f5c6..0dd5b12 100644
--- a/tests/wifitests/src/com/android/server/wifi/WifiConfigurationUtilTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/WifiConfigurationUtilTest.java
@@ -16,6 +16,9 @@
package com.android.server.wifi;
+import static android.net.wifi.WifiEnterpriseConfig.OCSP_NONE;
+import static android.net.wifi.WifiEnterpriseConfig.OCSP_REQUIRE_CERT_STATUS;
+
import static org.junit.Assert.*;
import android.content.pm.UserInfo;
@@ -980,4 +983,82 @@
return this;
}
}
+
+ /**
+ * Verify WifiEnterpriseConfig CA Certificate alias changes are detected.
+ */
+ @Test
+ public void testCaCertificateAliasChangesDetected() {
+ EnterpriseConfig eapConfig1 = new EnterpriseConfig(WifiEnterpriseConfig.Eap.TTLS)
+ .setPhase2(WifiEnterpriseConfig.Phase2.MSCHAPV2)
+ .setIdentity("username", "password");
+ eapConfig1.enterpriseConfig.setCaCertificateAlias("ALIAS_1");
+
+ EnterpriseConfig eapConfig2 = new EnterpriseConfig(WifiEnterpriseConfig.Eap.TTLS)
+ .setPhase2(WifiEnterpriseConfig.Phase2.MSCHAPV2)
+ .setIdentity("username", "password");
+ eapConfig2.enterpriseConfig.setCaCertificateAlias("ALIAS_2");
+
+ assertTrue(WifiConfigurationUtil.hasEnterpriseConfigChanged(eapConfig1.enterpriseConfig,
+ eapConfig2.enterpriseConfig));
+ }
+
+ /**
+ * Verify WifiEnterpriseConfig Client Certificate alias changes are detected.
+ */
+ @Test
+ public void testClientCertificateAliasChangesDetected() {
+ EnterpriseConfig eapConfig1 = new EnterpriseConfig(WifiEnterpriseConfig.Eap.TLS);
+ eapConfig1.enterpriseConfig.setCaCertificateAlias("ALIAS_1");
+ eapConfig1.enterpriseConfig.setClientCertificateAlias("CLIENT_ALIAS_1");
+
+ EnterpriseConfig eapConfig2 = new EnterpriseConfig(WifiEnterpriseConfig.Eap.TTLS);
+ eapConfig2.enterpriseConfig.setCaCertificateAlias("ALIAS_1");
+ eapConfig2.enterpriseConfig.setClientCertificateAlias("CLIENT_ALIAS_2");
+
+ assertTrue(WifiConfigurationUtil.hasEnterpriseConfigChanged(eapConfig1.enterpriseConfig,
+ eapConfig2.enterpriseConfig));
+ }
+
+ /**
+ * Verify WifiEnterpriseConfig OCSP changes are detected.
+ */
+ @Test
+ public void testOcspChangesDetected() {
+ EnterpriseConfig eapConfig1 = new EnterpriseConfig(WifiEnterpriseConfig.Eap.TTLS)
+ .setPhase2(WifiEnterpriseConfig.Phase2.MSCHAPV2)
+ .setIdentity("username", "password")
+ .setCaCerts(new X509Certificate[]{FakeKeys.CA_CERT0});
+ eapConfig1.enterpriseConfig.setOcsp(OCSP_NONE);
+
+ EnterpriseConfig eapConfig2 = new EnterpriseConfig(WifiEnterpriseConfig.Eap.TTLS)
+ .setPhase2(WifiEnterpriseConfig.Phase2.MSCHAPV2)
+ .setIdentity("username", "password")
+ .setCaCerts(new X509Certificate[]{FakeKeys.CA_CERT0});
+ eapConfig2.enterpriseConfig.setOcsp(OCSP_REQUIRE_CERT_STATUS);
+
+ assertTrue(WifiConfigurationUtil.hasEnterpriseConfigChanged(eapConfig1.enterpriseConfig,
+ eapConfig2.enterpriseConfig));
+ }
+
+ /**
+ * Verify WifiEnterpriseConfig subject match changes are detected.
+ */
+ @Test
+ public void testSubjectMatchChangesDetected() {
+ EnterpriseConfig eapConfig1 = new EnterpriseConfig(WifiEnterpriseConfig.Eap.TTLS)
+ .setPhase2(WifiEnterpriseConfig.Phase2.MSCHAPV2)
+ .setIdentity("username", "password")
+ .setCaCerts(new X509Certificate[]{FakeKeys.CA_CERT0});
+ eapConfig1.enterpriseConfig.setAltSubjectMatch("domain1.com");
+
+ EnterpriseConfig eapConfig2 = new EnterpriseConfig(WifiEnterpriseConfig.Eap.TTLS)
+ .setPhase2(WifiEnterpriseConfig.Phase2.MSCHAPV2)
+ .setIdentity("username", "password")
+ .setCaCerts(new X509Certificate[]{FakeKeys.CA_CERT0});
+ eapConfig1.enterpriseConfig.setAltSubjectMatch("domain2.com");
+
+ assertTrue(WifiConfigurationUtil.hasEnterpriseConfigChanged(eapConfig1.enterpriseConfig,
+ eapConfig2.enterpriseConfig));
+ }
}
