Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Use installed keystore alias to check if enterprise config is insure" into rvc-dev

Browse Source
This commit is contained in:
Nate Jiang
2020-06-20 00:01:11 +00:00
committed by Android (Google) Code Review
parent c74779746e 9b39089eba
commit 0a327227ce
2 changed files with 19 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
wifi/java/android/net/wifi/WifiEnterpriseConfig.java
View File

@@ -1425,10 +1425,19 @@ public class WifiEnterpriseConfig implements Parcelable {
if (mEapMethod != Eap.PEAP && mEapMethod != Eap.TLS && mEapMethod != Eap.TTLS) { if (mEapMethod != Eap.PEAP && mEapMethod != Eap.TLS && mEapMethod != Eap.TTLS) {
return false; return false;
} }
if (!mIsAppInstalledCaCert && TextUtils.isEmpty(getCaPath())) { if (TextUtils.isEmpty(getAltSubjectMatch())
&& TextUtils.isEmpty(getDomainSuffixMatch())) {
// Both subject and domain match are not set, it's insecure.
return true; return true;
} }
return TextUtils.isEmpty(getAltSubjectMatch()) && TextUtils.isEmpty( if (mIsAppInstalledCaCert) {
getDomainSuffixMatch()); // CA certificate is installed by App, it's secure.
return false;
}
if (getCaCertificateAliases() != null) {
// CA certificate alias from keyStore is set, it's secure.
return false;
}
return TextUtils.isEmpty(getCaPath());
} }
} }

7
wifi/tests/src/android/net/wifi/WifiEnterpriseConfigTest.java
View File

@@ -565,6 +565,13 @@ public class WifiEnterpriseConfigTest {
secureConfig.setCaCertificate(FakeKeys.CA_CERT0); secureConfig.setCaCertificate(FakeKeys.CA_CERT0);
secureConfig.setDomainSuffixMatch(TEST_DOMAIN_SUFFIX_MATCH); secureConfig.setDomainSuffixMatch(TEST_DOMAIN_SUFFIX_MATCH);
assertFalse(secureConfig.isInsecure()); assertFalse(secureConfig.isInsecure());
WifiEnterpriseConfig secureConfigWithCaAlias = new WifiEnterpriseConfig();
secureConfigWithCaAlias.setEapMethod(Eap.PEAP);
secureConfigWithCaAlias.setPhase2Method(Phase2.MSCHAPV2);
secureConfigWithCaAlias.setCaCertificateAliases(new String[]{"alias1", "alisa2"});
secureConfigWithCaAlias.setDomainSuffixMatch(TEST_DOMAIN_SUFFIX_MATCH);
assertFalse(secureConfigWithCaAlias.isInsecure());
} }
} }