Android/packages_apps_Settings
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Revert "[Wi-Fi] Remove 'Do not validate' option in CA certificate spinner"

Browse Source 
This is not a definitive fix, so revert it. WPA2-Enterprise (802.1X) or
WPA2-PSK.

[xawlw]:
- Sometimes we can't connect to some Enterprise WiFi networks because we
  don't know its domain so let's revert this 'Security' feature
- Read more about it here:
  https://www.xda-developers.com/android-11-break-enterprise-wifi-connection/

This reverts commit 33cde5dbee.
This reverts commit 94b8579607.

Signed-off-by: TogoFire <italomellopereira@gmail.com>
Signed-off-by: xawlw <abdulazizawlw@gmail.com>
Change-Id: I3cec92b74a419b5463c5e5db496863e66d034703
This commit is contained in:
TogoFire
2021-08-06 08:54:07 -03:00
committed by Joey
parent 1392f86fc9
commit 62c569e201
4 changed files with 63 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
res/layout/wifi_network_config.xml
View File

@@ -240,6 +240,18 @@
android:entries="@array/eap_ocsp_type"/>
</LinearLayout>
<LinearLayout android:id="@+id/no_ca_cert_warning"
android:layout_width="match_parent"
android:layout_height="wrap_content"
android:visibility="gone"
style="@style/wifi_item" >
<TextView
android:layout_width="wrap_content"
android:layout_height="wrap_content"
style="@style/wifi_item_warning"
android:text="@string/wifi_do_not_validate_eap_server_warning" />
</LinearLayout>
<LinearLayout android:id="@+id/l_domain"
android:layout_width="match_parent"
android:layout_height="wrap_content"

5
res/values/evolution_strings.xml
View File

@@ -129,4 +129,9 @@
<!-- App details: open play store link if app is user installed -->
<string name="app_play_store">Google Play</string>
<!-- Menu option for not validating the EAP server -->
<string name="wifi_do_not_validate_eap_server">Do not validate</string>
<!-- Warning message displayed if user choses not to validate the EAP server -->
<string name="wifi_do_not_validate_eap_server_warning">No certificate specified. Your connection will not be private.</string>
</resources>

33
src/com/android/settings/wifi/WifiConfigController.java
View File

@@ -179,6 +179,7 @@ public class WifiConfigController implements TextWatcher,
private String mMultipleCertSetString;
private String mUseSystemCertsString;
private String mDoNotProvideEapUserCertString;
private String mDoNotValidateEapServerString;
private Spinner mSecuritySpinner;
@VisibleForTesting Spinner mEapMethodSpinner;
@@ -289,6 +290,8 @@ public class WifiConfigController implements TextWatcher,
mUseSystemCertsString = mContext.getString(R.string.wifi_use_system_certs);
mDoNotProvideEapUserCertString =
mContext.getString(R.string.wifi_do_not_provide_eap_user_cert);
mDoNotValidateEapServerString =
mContext.getString(R.string.wifi_do_not_validate_eap_server);
if (Flags.androidVWifiApi() && mAccessPointSecurity == WifiEntry.SECURITY_WEP) {
LinearLayout wepWarningLayout =
@@ -543,7 +546,8 @@ public class WifiConfigController implements TextWatcher,
// Disallow submit if the user has not selected a CA certificate for an EAP network
// configuration.
enabled = false;
} else if (mEapDomainView != null
} else if (!caCertSelection.equals(mDoNotValidateEapServerString)
&& mEapDomainView != null
&& mView.findViewById(R.id.l_domain).getVisibility() != View.GONE
&& TextUtils.isEmpty(mEapDomainView.getText().toString())) {
// Disallow submit if the user chooses to use a certificate for EAP server
@@ -565,6 +569,7 @@ public class WifiConfigController implements TextWatcher,
}
void showWarningMessagesIfAppropriate() {
mView.findViewById(R.id.no_ca_cert_warning).setVisibility(View.GONE);
mView.findViewById(R.id.no_user_cert_warning).setVisibility(View.GONE);
mView.findViewById(R.id.no_domain_warning).setVisibility(View.GONE);
mView.findViewById(R.id.ssid_too_long_warning).setVisibility(View.GONE);
@@ -574,7 +579,13 @@ public class WifiConfigController implements TextWatcher,
}
if (mEapCaCertSpinner != null
&& mView.findViewById(R.id.l_ca_cert).getVisibility() != View.GONE) {
if (mEapDomainView != null
String caCertSelection = (String) mEapCaCertSpinner.getSelectedItem();
if (caCertSelection.equals(mDoNotValidateEapServerString)) {
// Display warning if user chooses not to validate the EAP server with a
// user-supplied CA certificate in an EAP network configuration.
mView.findViewById(R.id.no_ca_cert_warning).setVisibility(View.VISIBLE);
} else if (!caCertSelection.equals(mUnspecifiedCertString)
&& mEapDomainView != null
&& mView.findViewById(R.id.l_domain).getVisibility() != View.GONE
&& TextUtils.isEmpty(mEapDomainView.getText().toString())) {
// Display warning if user chooses to use a certificate without restricting the
@@ -717,7 +728,8 @@ public class WifiConfigController implements TextWatcher,
config.enterpriseConfig.setCaCertificateAliases(null);
config.enterpriseConfig.setCaPath(null);
config.enterpriseConfig.setDomainSuffixMatch(mEapDomainView.getText().toString());
if (caCert.equals(mUnspecifiedCertString)) {
if (caCert.equals(mUnspecifiedCertString)
|| caCert.equals(mDoNotValidateEapServerString)) {
// ca_cert already set to null, so do nothing.
} else if (caCert.equals(mUseSystemCertsString)) {
config.enterpriseConfig.setCaPath(SYSTEM_CA_STORE_PATH);
@@ -751,7 +763,8 @@ public class WifiConfigController implements TextWatcher,
}
// Only set OCSP option if there is a valid CA certificate.
if (caCert.equals(mUnspecifiedCertString)) {
if (caCert.equals(mUnspecifiedCertString)
|| caCert.equals(mDoNotValidateEapServerString)) {
config.enterpriseConfig.setOcsp(WifiEnterpriseConfig.OCSP_NONE);
} else {
config.enterpriseConfig.setOcsp(mEapOcspSpinner.getSelectedItemPosition());
@@ -1060,7 +1073,7 @@ public class WifiConfigController implements TextWatcher,
loadCertificates(
mEapCaCertSpinner,
androidKeystoreAliasLoader.getCaCertAliases(),
null /* noCertificateString */,
mDoNotValidateEapServerString /* noCertificateString */,
false /* showMultipleCerts */,
true /* showUsePreinstalledCertOption */);
loadCertificates(
@@ -1144,7 +1157,7 @@ public class WifiConfigController implements TextWatcher,
} else {
String[] caCerts = enterpriseConfig.getCaCertificateAliases();
if (caCerts == null) {
setSelection(mEapCaCertSpinner, mUnspecifiedCertString);
setSelection(mEapCaCertSpinner, mDoNotValidateEapServerString);
} else if (caCerts.length == 1) {
setSelection(mEapCaCertSpinner, caCerts[0]);
} else {
@@ -1155,7 +1168,7 @@ public class WifiConfigController implements TextWatcher,
loadCertificates(
mEapCaCertSpinner,
androidKeystoreAliasLoader.getCaCertAliases(),
null /* noCertificateString */,
mDoNotValidateEapServerString /* noCertificateString */,
true /* showMultipleCerts */,
true /* showUsePreinstalledCertOption */);
setSelection(mEapCaCertSpinner, mMultipleCertSetString);
@@ -1288,7 +1301,8 @@ public class WifiConfigController implements TextWatcher,
if (mView.findViewById(R.id.l_ca_cert).getVisibility() != View.GONE) {
String eapCertSelection = (String) mEapCaCertSpinner.getSelectedItem();
if (eapCertSelection.equals(mUnspecifiedCertString)) {
if (eapCertSelection.equals(mDoNotValidateEapServerString)
|| eapCertSelection.equals(mUnspecifiedCertString)) {
// Domain suffix matching is not relevant if the user hasn't chosen a CA
// certificate yet, or chooses not to validate the EAP server.
setDomainInvisible();
@@ -1549,8 +1563,7 @@ public class WifiConfigController implements TextWatcher,
}).collect(Collectors.toList()));
}
if (!TextUtils.isEmpty(noCertificateString)
&& mAccessPointSecurity != AccessPoint.SECURITY_EAP_SUITE_B) {
if (mAccessPointSecurity != AccessPoint.SECURITY_EAP_SUITE_B) {
certs.add(noCertificateString);
}

33
src/com/android/settings/wifi/WifiConfigController2.java
View File

@@ -181,6 +181,7 @@ public class WifiConfigController2 implements TextWatcher,
private String mUseSystemCertsString;
private String mTrustOnFirstUse;
private String mDoNotProvideEapUserCertString;
private String mDoNotValidateEapServerString;
@VisibleForTesting String mInstallCertsString;
private Spinner mSecuritySpinner;
@@ -296,6 +297,8 @@ public class WifiConfigController2 implements TextWatcher,
mTrustOnFirstUse = mContext.getString(R.string.wifi_trust_on_first_use);
mDoNotProvideEapUserCertString =
mContext.getString(R.string.wifi_do_not_provide_eap_user_cert);
mDoNotValidateEapServerString =
mContext.getString(R.string.wifi_do_not_validate_eap_server);
mInstallCertsString = mContext.getString(R.string.wifi_install_credentials);
if (Flags.androidVWifiApi() && mWifiEntrySecurity == WifiEntry.SECURITY_WEP) {
@@ -540,7 +543,8 @@ public class WifiConfigController2 implements TextWatcher,
// Disallow submit if the user has not selected a CA certificate for an EAP network
// configuration.
enabled = false;
} else if (mEapDomainView != null
} else if (!caCertSelection.equals(mDoNotValidateEapServerString)
&& mEapDomainView != null
&& mView.findViewById(R.id.l_domain).getVisibility() != View.GONE
&& TextUtils.isEmpty(mEapDomainView.getText().toString())) {
// Disallow submit if the user chooses to use a certificate for EAP server
@@ -562,6 +566,7 @@ public class WifiConfigController2 implements TextWatcher,
}
void showWarningMessagesIfAppropriate() {
mView.findViewById(R.id.no_ca_cert_warning).setVisibility(View.GONE);
mView.findViewById(R.id.no_user_cert_warning).setVisibility(View.GONE);
mView.findViewById(R.id.no_domain_warning).setVisibility(View.GONE);
mView.findViewById(R.id.ssid_too_long_warning).setVisibility(View.GONE);
@@ -571,7 +576,13 @@ public class WifiConfigController2 implements TextWatcher,
}
if (mEapCaCertSpinner != null
&& mView.findViewById(R.id.l_ca_cert).getVisibility() != View.GONE) {
if (mEapDomainView != null
String caCertSelection = (String) mEapCaCertSpinner.getSelectedItem();
if (caCertSelection.equals(mDoNotValidateEapServerString)) {
// Display warning if user chooses not to validate the EAP server with a
// user-supplied CA certificate in an EAP network configuration.
mView.findViewById(R.id.no_ca_cert_warning).setVisibility(View.VISIBLE);
} else if (!caCertSelection.equals(mUnspecifiedCertString)
&& mEapDomainView != null
&& mView.findViewById(R.id.l_domain).getVisibility() != View.GONE
&& TextUtils.isEmpty(mEapDomainView.getText().toString())) {
// Display warning if user chooses to use a certificate without restricting the
@@ -728,7 +739,8 @@ public class WifiConfigController2 implements TextWatcher,
config.enterpriseConfig.setCaCertificateAliases(null);
config.enterpriseConfig.setCaPath(null);
config.enterpriseConfig.setDomainSuffixMatch(mEapDomainView.getText().toString());
if (caCert.equals(mUnspecifiedCertString)) {
if (caCert.equals(mUnspecifiedCertString)
|| caCert.equals(mDoNotValidateEapServerString)) {
// ca_cert already set to null, so do nothing.
} else if (mIsTrustOnFirstUseSupported && caCert.equals(mTrustOnFirstUse)) {
config.enterpriseConfig.enableTrustOnFirstUse(true);
@@ -763,7 +775,8 @@ public class WifiConfigController2 implements TextWatcher,
}
// Only set certificate option if there is a valid CA certificate.
if (caCert.equals(mUnspecifiedCertString)) {
if (caCert.equals(mUnspecifiedCertString)
|| caCert.equals(mDoNotValidateEapServerString)) {
config.enterpriseConfig.setOcsp(WifiEnterpriseConfig.OCSP_NONE);
config.enterpriseConfig.setMinimumTlsVersion(WifiEnterpriseConfig.TLS_V1_0);
} else {
@@ -1079,7 +1092,7 @@ public class WifiConfigController2 implements TextWatcher,
loadCertificates(
mEapCaCertSpinner,
mAndroidKeystoreAliasLoader.getCaCertAliases(),
null /* noCertificateString */,
mDoNotValidateEapServerString /* noCertificateString */,
false /* showMultipleCerts */,
true /* showUsePreinstalledCertOption */);
loadCertificates(
@@ -1163,7 +1176,7 @@ public class WifiConfigController2 implements TextWatcher,
&& enterpriseConfig.isTrustOnFirstUseEnabled()) {
setSelection(mEapCaCertSpinner, mTrustOnFirstUse);
} else {
setSelection(mEapCaCertSpinner, mUnspecifiedCertString);
setSelection(mEapCaCertSpinner, mDoNotValidateEapServerString);
}
} else if (caCerts.length == 1) {
setSelection(mEapCaCertSpinner, caCerts[0]);
@@ -1172,7 +1185,7 @@ public class WifiConfigController2 implements TextWatcher,
loadCertificates(
mEapCaCertSpinner,
mAndroidKeystoreAliasLoader.getCaCertAliases(),
null /* noCertificateString */,
mDoNotValidateEapServerString /* noCertificateString */,
true /* showMultipleCerts */,
true /* showUsePreinstalledCertOption */);
setSelection(mEapCaCertSpinner, mMultipleCertSetString);
@@ -1314,7 +1327,8 @@ public class WifiConfigController2 implements TextWatcher,
String eapCertSelection = (String) mEapCaCertSpinner.getSelectedItem();
if (eapCertSelection.equals(mUnspecifiedCertString)
|| (mIsTrustOnFirstUseSupported
&& eapCertSelection.equals(mTrustOnFirstUse))) {
&& eapCertSelection.equals(mTrustOnFirstUse))
|| eapCertSelection.equals(mUnspecifiedCertString)) {
setMinTlsVerInvisible();
// Domain suffix matching is not relevant if the user hasn't chosen a CA
// certificate yet, or chooses not to validate the EAP server.
@@ -1588,8 +1602,7 @@ public class WifiConfigController2 implements TextWatcher,
}).collect(Collectors.toList()));
}
if (!TextUtils.isEmpty(noCertificateString)
&& mWifiEntrySecurity != WifiEntry.SECURITY_EAP_SUITE_B) {
if (mWifiEntrySecurity != WifiEntry.SECURITY_EAP_SUITE_B) {
certs.add(noCertificateString);
}