Add an option to the "CA certificate" field of the EAP network
configuration menu, "Use system certificates". Choosing this option
will cause the trusted, pre-installed, system CA certificates
to be used to validate EAP servers during the authentication process.
This only applies to EAP-TLS, EAP-TTLS, and EAP-PEAP network
configurations, where the CA certificate option is available.
If the user selects "Use system certificates" and leaves the
"Domain" field empty, display a warning and prevent the
EAP network configuration from being saved. Such a configuration
would be insecure--the user should constrain the domain that
the system certificates can be used to validate.
BUG: 26879191
TEST: 1) Set up AP connected to test RADIUS server.
TEST: 2) Generate a self-signed cert (Cert 1)
TEST: 3) Use Cert 1 to sign another cert (Cert 2) with common name
"sub1.sub2.domain.com"
TEST: 4) Setup RADIUS server, and configure it to present Cert 2 to EAP peer.
TEST: 5) Build angler image with Cert 1 installed in
/system/etc/security/cacerts/
TEST: 6) Set up an AP connected to the RADIUS server to broadcast
a WPA-Enterprise network.
TEST: 7) On Angler, connect to this WPA-Enterprise network with settings:
Network name: (AP SSID)
Security: 802.1x EAP
EAP method: TLS
CA certificate: Use system certificates
Domain: domain.com
User certificate: (test certificate from RADIUS setup)
Identity: (identity used for RADIUS setup)
TEST: 8) Verify that we connect successfully to the AP.
TEST: 9) Verify that connection still succeeds if Domain is set to
"sub2.domain.com" and "sub1.sub2.domain.com".
TEST: 10) Verify that connection fails if Domain is set to
"sub0.sub1.domain.com" and "otherdomain.com".
TEST: 11) Verify that network configuration cannot be saved, and an
warning message "Must specify a domain" is displayed if Domain
is left blank in the configuration in step 7
TEST: 12) Verify that the "Do not validate" option still appears in the
CA certificate dropdown menu.
Change-Id: I346d4d301305719033b84ec4599bf3d57d9d4ee5
Add a "domain" field that allows the user to specify a domain
suffix match for an EAP network configuration. This field
will only be available when the user specifies a CA certificate for
an EAP-PEAP, EAP-TLS, or EAP-TTLS network. Under the hood, the
value entered into this field will be passed to WPA supplicant
as the |domain_suffix_match| configuration variable.
BUG: 25180141
Change-Id: Ib69b9519f475e90e40441ddff61c80be43cf624b
TEST: On angler, domain field appears for the EAP-PEAP, EAP-TLS
TEST: and EAP-TTLS networks.
Display an explicit warning in the WiFi configuration menu if
the user selects the option to not validate the EAP server (i.e.
does not provide a CA certificate) in an EAP configuration.
BUG: 26686071
Change-Id: I73620b60defdcf40865f8c67d5de24b5dad636f8
TEST: Warning appears when the abovementioned option is selected.
Add the "Do not validate" and "Do not provide" menu
options for not providing a CA certificate and User certificate
respectively for EAP configurations.
Choosing these options are essentially equivalent to leaving
these fields alone as "(unspecified)" (when that option existed),
but now we require the user to make a conscious choice not to
provide these certificates.
BUG: 26686071
Change-Id: I4b9c07528d6d2ba3eb0787e7cfff69d05dd25679
TEST: Both the added options appear in the relevant menus.
TEST: Choosing both these added options in an EAP-TLS configuration
TEST: allows the configuration to be saved.
Disallow configuring EAP-TLS without a user certificate,
since this is probably an invalid configuration.
Also:
- change the wording of the default option for
EAP CA and user certificates from "(unspecified)" to
"Please select", to make it obvious that a choice
needs to be made to proceed.
- Fix style issues found in WifiConfigController.java by checkstyle.py.
BUG: 26686071
Change-Id: I7ccfdf40db97328e3297a03cc43033ff2428980f
TEST: Save option is grayed out when configuring EAP-TLS network
TEST: while leaving "User Certificate" left at "Please select".
SSID with multiple CA certs can only be added programmtically. However it
can still be edited in the UI by long-pressing the item when currently
connected to the network. This change makes sure the UI shows up with
meaningful indications that the SSID is configured with multiple CA certs.
Bug: 22547958
Change-Id: I5d42313efb141db521dd09ff3fbc520915b6fb79
This allows the fingerprint summary to be shown when there
are no fingerprints.
Fixes bug 24172006
Change-Id: I9dd266013ac74da74f1dd397cbe0e50acf5d1262
* commit '179fa5078b6e105e6e01e82c0af7c43745c452b0':
Handle fp enrollment errors more gracefully - When finger can't be analyzed for enrollment (FINGERPRINT_ERROR_UNABLE_TO_PROCESS), tell the user to try again or use a different finger. - When timeout is reached (FINGERPRINT_ERROR_TIMEOUT), stop enrollment and ask the user to try again.
- When finger can't be analyzed for enrollment
(FINGERPRINT_ERROR_UNABLE_TO_PROCESS), tell the user
to try again or use a different finger.
- When timeout is reached (FINGERPRINT_ERROR_TIMEOUT),
stop enrollment and ask the user to try again.
Fixes bug 23546104
Fixes bug 22708384
Change-Id: I879874b53dd0d928093fab1c92d0d4d68d73be28
During setup wizard, add a skip dialog to confirm whether the user
wants to skip fingerprint setup or not.
Bug: 23228889
Change-Id: I2c1c26522b085e722e7bd7b34a26d2a38412bee4
Update string for enrolling to tell the user to move their fingers,
so that different parts of their fingerprints can be captured.
Also include other minor update to strings mentioned in the bug.
Bug: 22719051
Change-Id: Idd3c69d4476d240c9ef81e8c82b7ae9fcb390a41
Update string for enrolling to tell the user to move their fingers,
so that different parts of their fingerprints can be captured.
Also include other minor update to strings mentioned in the bug.
Bug: 22719051
Change-Id: Idd3c69d4476d240c9ef81e8c82b7ae9fcb390a41
Also includes a bit of visual updates, options now have summaries
as well.
Code has been refactored a bit, and is more flexible to easily
support any kind of power/data flow combination once its time
to support that.
Currently devices don't have USB-C ports, they can be simulated
with the following commands:
$ adb shell dumpsys usb add-port "matrix" dual
# ?s control whether these can be changed
$ adb shell dumpsys usb connect-port "matrix" ufp? sink? device?
# Do testing here
$ adb shell dumpsys usb disconnect-port "matrix"
$ adb shell dumpsys usb remove-port "matrix"
$ adb shell dumpsys usb reset
# Use the help for more info
$ adb shell dumpsys usb -h
Bug: 21615151
Change-Id: I53ad4de51ff10a197c87bf2741756c1821ee9e74
Show a help text saying "Choose your backup screen lock method" when
asking the user for backup screen lock during fingerprint enrollment.
A backup translation is specified, using the source string "Set up your
backup screen lock method".
Bug: 22879473
Change-Id: I9b9348141227103e695d1fc78601745cac0309a7
Adds a string to advertise to the user that wake & unlock is
available on all fingerprint devices.
Bug: 22644642
Change-Id: I9e44174c6ab088a06f95ae5c377c8ccec13a4257
