[Wi-Fi] Ignore incorrect user certificates
These incorrect user certificates displayed when users
editing a Wi-Fi network of WPA3-Enterprise in 192bit.
Bug: 149763958
Test: make RunSettingsRoboTests ROBOTEST_FILTER=WifiConfigControllerTest
Change-Id: Idcbc80aa3e945f83ba6b77ebf9ef443398ef8e3c
Merged-In: Iab35ac975933abc54fda83b99a2109d53d6722d4
diff --git a/src/com/android/settings/wifi/WifiConfigController.java b/src/com/android/settings/wifi/WifiConfigController.java
index 27ac69d..8521a75 100644
--- a/src/com/android/settings/wifi/WifiConfigController.java
+++ b/src/com/android/settings/wifi/WifiConfigController.java
@@ -74,6 +74,7 @@
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
+import java.util.stream.Collectors;
/**
* The class for allowing UIs like {@link WifiDialog} and {@link WifiConfigUiBase} to
@@ -125,6 +126,14 @@
public static final int WIFI_TTLS_PHASE2_MSCHAPV2 = 2;
public static final int WIFI_TTLS_PHASE2_GTC = 3;
+ private static final String UNDESIRED_CERTIFICATE_MACRANDSECRET = "MacRandSecret";
+ private static final String UNDESIRED_CERTIFICATE_MACRANDSAPSECRET = "MacRandSapSecret";
+ @VisibleForTesting
+ static final String[] UNDESIRED_CERTIFICATES = {
+ UNDESIRED_CERTIFICATE_MACRANDSECRET,
+ UNDESIRED_CERTIFICATE_MACRANDSAPSECRET
+ };
+
/* Phase2 methods supported by PEAP are limited */
private ArrayAdapter<CharSequence> mPhase2PeapAdapter;
/* Phase2 methods supported by TTLS are limited */
@@ -1383,7 +1392,8 @@
return KeyStore.getInstance();
}
- private void loadCertificates(
+ @VisibleForTesting
+ void loadCertificates(
Spinner spinner,
String prefix,
String noCertificateString,
@@ -1399,12 +1409,24 @@
if (showUsePreinstalledCertOption) {
certs.add(mUseSystemCertsString);
}
+
+ String[] certificateNames = null;
try {
- certs.addAll(
- Arrays.asList(getKeyStore().list(prefix, android.os.Process.WIFI_UID)));
+ certificateNames = getKeyStore().list(prefix, android.os.Process.WIFI_UID);
} catch (Exception e) {
Log.e(TAG, "can't get the certificate list from KeyStore");
}
+ if (certificateNames != null && certificateNames.length != 0) {
+ certs.addAll(Arrays.stream(certificateNames)
+ .filter(certificateName -> {
+ for (String undesired : UNDESIRED_CERTIFICATES) {
+ if (certificateName.startsWith(undesired)) {
+ return false;
+ }
+ }
+ return true;
+ }).collect(Collectors.toList()));
+ }
if (mAccessPointSecurity != AccessPoint.SECURITY_EAP_SUITE_B) {
certs.add(noCertificateString);
diff --git a/tests/robotests/src/com/android/settings/wifi/WifiConfigControllerTest.java b/tests/robotests/src/com/android/settings/wifi/WifiConfigControllerTest.java
index ac5fa08..817bf44 100644
--- a/tests/robotests/src/com/android/settings/wifi/WifiConfigControllerTest.java
+++ b/tests/robotests/src/com/android/settings/wifi/WifiConfigControllerTest.java
@@ -267,6 +267,20 @@
}
@Test
+ public void loadCertificates_undesiredCertificates_shouldNotLoadUndesiredCertificates() {
+ final Spinner spinner = new Spinner(mContext);
+ when(mKeyStore.list(anyString())).thenReturn(WifiConfigController.UNDESIRED_CERTIFICATES);
+
+ mController.loadCertificates(spinner,
+ "prefix",
+ "doNotProvideEapUserCertString",
+ false /* showMultipleCerts */,
+ false /* showUsePreinstalledCertOption */);
+
+ assertThat(spinner.getAdapter().getCount()).isEqualTo(1); // doNotProvideEapUserCertString
+ }
+
+ @Test
public void ssidGetFocus_addNewNetwork_shouldReturnTrue() {
mController = new TestWifiConfigController(mConfigUiBase, mView, null /* accessPoint */,
WifiConfigUiBase.MODE_CONNECT);