Merge "Use installed keystore alias to check if enterprise config is insure" into rvc-dev am: 0a327227ce
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/11936921 Change-Id: Ib92683957e4c4071f16a24d7e9bc2757bc257d7b
This commit is contained in:
Nate Jiang
@@ -1425,10 +1425,19 @@ public class WifiEnterpriseConfig implements Parcelable {
|
||||
if (mEapMethod != Eap.PEAP && mEapMethod != Eap.TLS && mEapMethod != Eap.TTLS) {
|
||||
return false;
|
||||
}
|
||||
if (!mIsAppInstalledCaCert && TextUtils.isEmpty(getCaPath())) {
|
||||
if (TextUtils.isEmpty(getAltSubjectMatch())
|
||||
&& TextUtils.isEmpty(getDomainSuffixMatch())) {
|
||||
// Both subject and domain match are not set, it's insecure.
|
||||
return true;
|
||||
}
|
||||
return TextUtils.isEmpty(getAltSubjectMatch()) && TextUtils.isEmpty(
|
||||
getDomainSuffixMatch());
|
||||
if (mIsAppInstalledCaCert) {
|
||||
// CA certificate is installed by App, it's secure.
|
||||
return false;
|
||||
}
|
||||
if (getCaCertificateAliases() != null) {
|
||||
// CA certificate alias from keyStore is set, it's secure.
|
||||
return false;
|
||||
}
|
||||
return TextUtils.isEmpty(getCaPath());
|
||||
}
|
||||
}
|
||||
|
||||
@@ -565,6 +565,13 @@ public class WifiEnterpriseConfigTest {
|
||||
secureConfig.setCaCertificate(FakeKeys.CA_CERT0);
|
||||
secureConfig.setDomainSuffixMatch(TEST_DOMAIN_SUFFIX_MATCH);
|
||||
assertFalse(secureConfig.isInsecure());
|
||||
|
||||
WifiEnterpriseConfig secureConfigWithCaAlias = new WifiEnterpriseConfig();
|
||||
secureConfigWithCaAlias.setEapMethod(Eap.PEAP);
|
||||
secureConfigWithCaAlias.setPhase2Method(Phase2.MSCHAPV2);
|
||||
secureConfigWithCaAlias.setCaCertificateAliases(new String[]{"alias1", "alisa2"});
|
||||
secureConfigWithCaAlias.setDomainSuffixMatch(TEST_DOMAIN_SUFFIX_MATCH);
|
||||
assertFalse(secureConfigWithCaAlias.isInsecure());
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user