From f68ae539a97bd8f1ec566a34cf68f5ee4a14af00 Mon Sep 17 00:00:00 2001 From: TogoFire Date: Fri, 6 Aug 2021 08:54:07 -0300 Subject: [PATCH 1/2] Revert "[Wi-Fi] Remove 'Do not validate' option in CA certificate spinner" This is not a definitive fix, so revert it. WPA2-Enterprise (802.1X) or WPA2-PSK. [xawlw]: - Sometimes we can't connect to some Enterprise WiFi networks because we don't know its domain so let's revert this 'Security' feature - Read more about it here: https://www.xda-developers.com/android-11-break-enterprise-wifi-connection/ This reverts commit 33cde5dbeee934269f16d72e26e651d56a13733e. This reverts commit 94b8579607c6f1201cea9d6601e88cec897b2ff6. Signed-off-by: TogoFire Signed-off-by: xawlw Change-Id: I3cec92b74a419b5463c5e5db496863e66d034703 --- res/layout/wifi_network_config.xml | 12 +++++++ res/values/custom_strings.xml | 5 +++ .../settings/wifi/WifiConfigController.java | 33 +++++++++++++------ .../settings/wifi/WifiConfigController2.java | 33 +++++++++++++------ 4 files changed, 63 insertions(+), 20 deletions(-) create mode 100644 res/values/custom_strings.xml diff --git a/res/layout/wifi_network_config.xml b/res/layout/wifi_network_config.xml index f91f7385c1..e7b8df3c2a 100644 --- a/res/layout/wifi_network_config.xml +++ b/res/layout/wifi_network_config.xml @@ -206,6 +206,18 @@ android:entries="@array/eap_ocsp_type"/> + + + + + + + No certificate specified. Your connection will not be private. + \ No newline at end of file diff --git a/src/com/android/settings/wifi/WifiConfigController.java b/src/com/android/settings/wifi/WifiConfigController.java index 0c063db8a7..306576d102 100644 --- a/src/com/android/settings/wifi/WifiConfigController.java +++ b/src/com/android/settings/wifi/WifiConfigController.java @@ -166,6 +166,7 @@ public class WifiConfigController implements TextWatcher, private String mMultipleCertSetString; private String mUseSystemCertsString; private String mDoNotProvideEapUserCertString; + private String mDoNotValidateEapServerString; private Spinner mSecuritySpinner; @VisibleForTesting Spinner mEapMethodSpinner; @@ -272,6 +273,8 @@ public class WifiConfigController implements TextWatcher, mUseSystemCertsString = mContext.getString(R.string.wifi_use_system_certs); mDoNotProvideEapUserCertString = mContext.getString(R.string.wifi_do_not_provide_eap_user_cert); + mDoNotValidateEapServerString = + mContext.getString(R.string.wifi_do_not_validate_eap_server); mSsidScanButton = (ImageButton) mView.findViewById(R.id.ssid_scanner_button); mIpSettingsSpinner = (Spinner) mView.findViewById(R.id.ip_settings); @@ -544,7 +547,8 @@ public class WifiConfigController implements TextWatcher, // Disallow submit if the user has not selected a CA certificate for an EAP network // configuration. enabled = false; - } else if (mEapDomainView != null + } else if (!caCertSelection.equals(mDoNotValidateEapServerString) + && mEapDomainView != null && mView.findViewById(R.id.l_domain).getVisibility() != View.GONE && TextUtils.isEmpty(mEapDomainView.getText().toString())) { // Disallow submit if the user chooses to use a certificate for EAP server @@ -566,6 +570,7 @@ public class WifiConfigController implements TextWatcher, } void showWarningMessagesIfAppropriate() { + mView.findViewById(R.id.no_ca_cert_warning).setVisibility(View.GONE); mView.findViewById(R.id.no_user_cert_warning).setVisibility(View.GONE); mView.findViewById(R.id.no_domain_warning).setVisibility(View.GONE); mView.findViewById(R.id.ssid_too_long_warning).setVisibility(View.GONE); @@ -578,7 +583,13 @@ public class WifiConfigController implements TextWatcher, } if (mEapCaCertSpinner != null && mView.findViewById(R.id.l_ca_cert).getVisibility() != View.GONE) { - if (mEapDomainView != null + String caCertSelection = (String) mEapCaCertSpinner.getSelectedItem(); + if (caCertSelection.equals(mDoNotValidateEapServerString)) { + // Display warning if user chooses not to validate the EAP server with a + // user-supplied CA certificate in an EAP network configuration. + mView.findViewById(R.id.no_ca_cert_warning).setVisibility(View.VISIBLE); + } else if (!caCertSelection.equals(mUnspecifiedCertString) + && mEapDomainView != null && mView.findViewById(R.id.l_domain).getVisibility() != View.GONE && TextUtils.isEmpty(mEapDomainView.getText().toString())) { // Display warning if user chooses to use a certificate without restricting the @@ -719,7 +730,8 @@ public class WifiConfigController implements TextWatcher, config.enterpriseConfig.setCaCertificateAliases(null); config.enterpriseConfig.setCaPath(null); config.enterpriseConfig.setDomainSuffixMatch(mEapDomainView.getText().toString()); - if (caCert.equals(mUnspecifiedCertString)) { + if (caCert.equals(mUnspecifiedCertString) + || caCert.equals(mDoNotValidateEapServerString)) { // ca_cert already set to null, so do nothing. } else if (caCert.equals(mUseSystemCertsString)) { config.enterpriseConfig.setCaPath(SYSTEM_CA_STORE_PATH); @@ -753,7 +765,8 @@ public class WifiConfigController implements TextWatcher, } // Only set OCSP option if there is a valid CA certificate. - if (caCert.equals(mUnspecifiedCertString)) { + if (caCert.equals(mUnspecifiedCertString) + || caCert.equals(mDoNotValidateEapServerString)) { config.enterpriseConfig.setOcsp(WifiEnterpriseConfig.OCSP_NONE); } else { config.enterpriseConfig.setOcsp(mEapOcspSpinner.getSelectedItemPosition()); @@ -1057,7 +1070,7 @@ public class WifiConfigController implements TextWatcher, loadCertificates( mEapCaCertSpinner, androidKeystoreAliasLoader.getCaCertAliases(), - null /* noCertificateString */, + mDoNotValidateEapServerString /* noCertificateString */, false /* showMultipleCerts */, true /* showUsePreinstalledCertOption */); loadCertificates( @@ -1141,7 +1154,7 @@ public class WifiConfigController implements TextWatcher, } else { String[] caCerts = enterpriseConfig.getCaCertificateAliases(); if (caCerts == null) { - setSelection(mEapCaCertSpinner, mUnspecifiedCertString); + setSelection(mEapCaCertSpinner, mDoNotValidateEapServerString); } else if (caCerts.length == 1) { setSelection(mEapCaCertSpinner, caCerts[0]); } else { @@ -1152,7 +1165,7 @@ public class WifiConfigController implements TextWatcher, loadCertificates( mEapCaCertSpinner, androidKeystoreAliasLoader.getCaCertAliases(), - null /* noCertificateString */, + mDoNotValidateEapServerString /* noCertificateString */, true /* showMultipleCerts */, true /* showUsePreinstalledCertOption */); setSelection(mEapCaCertSpinner, mMultipleCertSetString); @@ -1285,7 +1298,8 @@ public class WifiConfigController implements TextWatcher, if (mView.findViewById(R.id.l_ca_cert).getVisibility() != View.GONE) { String eapCertSelection = (String) mEapCaCertSpinner.getSelectedItem(); - if (eapCertSelection.equals(mUnspecifiedCertString)) { + if (eapCertSelection.equals(mDoNotValidateEapServerString) + || eapCertSelection.equals(mUnspecifiedCertString)) { // Domain suffix matching is not relevant if the user hasn't chosen a CA // certificate yet, or chooses not to validate the EAP server. setDomainInvisible(); @@ -1546,8 +1560,7 @@ public class WifiConfigController implements TextWatcher, }).collect(Collectors.toList())); } - if (!TextUtils.isEmpty(noCertificateString) - && mAccessPointSecurity != AccessPoint.SECURITY_EAP_SUITE_B) { + if (mAccessPointSecurity != AccessPoint.SECURITY_EAP_SUITE_B) { certs.add(noCertificateString); } diff --git a/src/com/android/settings/wifi/WifiConfigController2.java b/src/com/android/settings/wifi/WifiConfigController2.java index ab13405232..01353b38fc 100644 --- a/src/com/android/settings/wifi/WifiConfigController2.java +++ b/src/com/android/settings/wifi/WifiConfigController2.java @@ -172,6 +172,7 @@ public class WifiConfigController2 implements TextWatcher, private String mUseSystemCertsString; private String mTrustOnFirstUse; private String mDoNotProvideEapUserCertString; + private String mDoNotValidateEapServerString; @VisibleForTesting String mInstallCertsString; private Spinner mSecuritySpinner; @@ -275,6 +276,8 @@ public class WifiConfigController2 implements TextWatcher, mTrustOnFirstUse = mContext.getString(R.string.wifi_trust_on_first_use); mDoNotProvideEapUserCertString = mContext.getString(R.string.wifi_do_not_provide_eap_user_cert); + mDoNotValidateEapServerString = + mContext.getString(R.string.wifi_do_not_validate_eap_server); mInstallCertsString = mContext.getString(R.string.wifi_install_credentials); mSsidScanButton = (ImageButton) mView.findViewById(R.id.ssid_scanner_button); @@ -528,7 +531,8 @@ public class WifiConfigController2 implements TextWatcher, // Disallow submit if the user has not selected a CA certificate for an EAP network // configuration. enabled = false; - } else if (mEapDomainView != null + } else if (!caCertSelection.equals(mDoNotValidateEapServerString) + && mEapDomainView != null && mView.findViewById(R.id.l_domain).getVisibility() != View.GONE && TextUtils.isEmpty(mEapDomainView.getText().toString())) { // Disallow submit if the user chooses to use a certificate for EAP server @@ -550,6 +554,7 @@ public class WifiConfigController2 implements TextWatcher, } void showWarningMessagesIfAppropriate() { + mView.findViewById(R.id.no_ca_cert_warning).setVisibility(View.GONE); mView.findViewById(R.id.no_user_cert_warning).setVisibility(View.GONE); mView.findViewById(R.id.no_domain_warning).setVisibility(View.GONE); mView.findViewById(R.id.ssid_too_long_warning).setVisibility(View.GONE); @@ -562,7 +567,13 @@ public class WifiConfigController2 implements TextWatcher, } if (mEapCaCertSpinner != null && mView.findViewById(R.id.l_ca_cert).getVisibility() != View.GONE) { - if (mEapDomainView != null + String caCertSelection = (String) mEapCaCertSpinner.getSelectedItem(); + if (caCertSelection.equals(mDoNotValidateEapServerString)) { + // Display warning if user chooses not to validate the EAP server with a + // user-supplied CA certificate in an EAP network configuration. + mView.findViewById(R.id.no_ca_cert_warning).setVisibility(View.VISIBLE); + } else if (!caCertSelection.equals(mUnspecifiedCertString) + && mEapDomainView != null && mView.findViewById(R.id.l_domain).getVisibility() != View.GONE && TextUtils.isEmpty(mEapDomainView.getText().toString())) { // Display warning if user chooses to use a certificate without restricting the @@ -710,7 +721,8 @@ public class WifiConfigController2 implements TextWatcher, config.enterpriseConfig.setCaCertificateAliases(null); config.enterpriseConfig.setCaPath(null); config.enterpriseConfig.setDomainSuffixMatch(mEapDomainView.getText().toString()); - if (caCert.equals(mUnspecifiedCertString)) { + if (caCert.equals(mUnspecifiedCertString) + || caCert.equals(mDoNotValidateEapServerString)) { // ca_cert already set to null, so do nothing. } else if (mIsTrustOnFirstUseSupported && caCert.equals(mTrustOnFirstUse)) { config.enterpriseConfig.enableTrustOnFirstUse(true); @@ -745,7 +757,8 @@ public class WifiConfigController2 implements TextWatcher, } // Only set OCSP option if there is a valid CA certificate. - if (caCert.equals(mUnspecifiedCertString)) { + if (caCert.equals(mUnspecifiedCertString) + || caCert.equals(mDoNotValidateEapServerString)) { config.enterpriseConfig.setOcsp(WifiEnterpriseConfig.OCSP_NONE); } else { config.enterpriseConfig.setOcsp(mEapOcspSpinner.getSelectedItemPosition()); @@ -1045,7 +1058,7 @@ public class WifiConfigController2 implements TextWatcher, loadCertificates( mEapCaCertSpinner, androidKeystoreAliasLoader.getCaCertAliases(), - null /* noCertificateString */, + mDoNotValidateEapServerString /* noCertificateString */, false /* showMultipleCerts */, true /* showUsePreinstalledCertOption */); loadCertificates( @@ -1131,7 +1144,7 @@ public class WifiConfigController2 implements TextWatcher, && enterpriseConfig.isTrustOnFirstUseEnabled()) { setSelection(mEapCaCertSpinner, mTrustOnFirstUse); } else { - setSelection(mEapCaCertSpinner, mUnspecifiedCertString); + setSelection(mEapCaCertSpinner, mDoNotValidateEapServerString); } } else if (caCerts.length == 1) { setSelection(mEapCaCertSpinner, caCerts[0]); @@ -1142,7 +1155,7 @@ public class WifiConfigController2 implements TextWatcher, loadCertificates( mEapCaCertSpinner, androidKeystoreAliasLoader.getCaCertAliases(), - null /* noCertificateString */, + mDoNotValidateEapServerString /* noCertificateString */, true /* showMultipleCerts */, true /* showUsePreinstalledCertOption */); setSelection(mEapCaCertSpinner, mMultipleCertSetString); @@ -1277,7 +1290,8 @@ public class WifiConfigController2 implements TextWatcher, String eapCertSelection = (String) mEapCaCertSpinner.getSelectedItem(); if (eapCertSelection.equals(mUnspecifiedCertString) || (mIsTrustOnFirstUseSupported - && eapCertSelection.equals(mTrustOnFirstUse))) { + && eapCertSelection.equals(mTrustOnFirstUse)) + || eapCertSelection.equals(mUnspecifiedCertString)) { // Domain suffix matching is not relevant if the user hasn't chosen a CA // certificate yet, or chooses not to validate the EAP server. setDomainInvisible(); @@ -1550,8 +1564,7 @@ public class WifiConfigController2 implements TextWatcher, }).collect(Collectors.toList())); } - if (!TextUtils.isEmpty(noCertificateString) - && mWifiEntrySecurity != WifiEntry.SECURITY_EAP_SUITE_B) { + if (mWifiEntrySecurity != WifiEntry.SECURITY_EAP_SUITE_B) { certs.add(noCertificateString); } -- 2.34.1