310 lines
17 KiB
Diff
310 lines
17 KiB
Diff
From f68ae539a97bd8f1ec566a34cf68f5ee4a14af00 Mon Sep 17 00:00:00 2001
|
|
From: TogoFire <italomellopereira@gmail.com>
|
|
Date: Fri, 6 Aug 2021 08:54:07 -0300
|
|
Subject: [PATCH 1/2] Revert "[Wi-Fi] Remove 'Do not validate' option in CA
|
|
certificate spinner"
|
|
|
|
This is not a definitive fix, so revert it. WPA2-Enterprise (802.1X) or
|
|
WPA2-PSK.
|
|
|
|
[xawlw]:
|
|
- Sometimes we can't connect to some Enterprise WiFi networks because we
|
|
don't know its domain so let's revert this 'Security' feature
|
|
- Read more about it here:
|
|
https://www.xda-developers.com/android-11-break-enterprise-wifi-connection/
|
|
|
|
This reverts commit 33cde5dbeee934269f16d72e26e651d56a13733e.
|
|
This reverts commit 94b8579607c6f1201cea9d6601e88cec897b2ff6.
|
|
|
|
Signed-off-by: TogoFire <italomellopereira@gmail.com>
|
|
Signed-off-by: xawlw <abdulazizawlw@gmail.com>
|
|
Change-Id: I3cec92b74a419b5463c5e5db496863e66d034703
|
|
---
|
|
res/layout/wifi_network_config.xml | 12 +++++++
|
|
res/values/custom_strings.xml | 5 +++
|
|
.../settings/wifi/WifiConfigController.java | 33 +++++++++++++------
|
|
.../settings/wifi/WifiConfigController2.java | 33 +++++++++++++------
|
|
4 files changed, 63 insertions(+), 20 deletions(-)
|
|
create mode 100644 res/values/custom_strings.xml
|
|
|
|
diff --git a/res/layout/wifi_network_config.xml b/res/layout/wifi_network_config.xml
|
|
index f91f7385c1..e7b8df3c2a 100644
|
|
--- a/res/layout/wifi_network_config.xml
|
|
+++ b/res/layout/wifi_network_config.xml
|
|
@@ -206,6 +206,18 @@
|
|
android:entries="@array/eap_ocsp_type"/>
|
|
</LinearLayout>
|
|
|
|
+ <LinearLayout android:id="@+id/no_ca_cert_warning"
|
|
+ android:layout_width="match_parent"
|
|
+ android:layout_height="wrap_content"
|
|
+ android:visibility="gone"
|
|
+ style="@style/wifi_item" >
|
|
+ <TextView
|
|
+ android:layout_width="wrap_content"
|
|
+ android:layout_height="wrap_content"
|
|
+ style="@style/wifi_item_warning"
|
|
+ android:text="@string/wifi_do_not_validate_eap_server_warning" />
|
|
+ </LinearLayout>
|
|
+
|
|
<LinearLayout android:id="@+id/l_domain"
|
|
android:layout_width="match_parent"
|
|
android:layout_height="wrap_content"
|
|
diff --git a/res/values/custom_strings.xml b/res/values/custom_strings.xml
|
|
new file mode 100644
|
|
index 0000000000..14462c36a4
|
|
--- /dev/null
|
|
+++ b/res/values/custom_strings.xml
|
|
@@ -0,0 +1,5 @@
|
|
+<?xml version="1.0" encoding="utf-8"?>
|
|
+<resources xmlns:xliff="urn:oasis:names:tc:xliff:document:1.2">
|
|
+ <!-- Warning message displayed if user choses not to validate the EAP server -->
|
|
+ <string name="wifi_do_not_validate_eap_server_warning">No certificate specified. Your connection will not be private.</string>
|
|
+</resources>
|
|
\ No newline at end of file
|
|
diff --git a/src/com/android/settings/wifi/WifiConfigController.java b/src/com/android/settings/wifi/WifiConfigController.java
|
|
index 0c063db8a7..306576d102 100644
|
|
--- a/src/com/android/settings/wifi/WifiConfigController.java
|
|
+++ b/src/com/android/settings/wifi/WifiConfigController.java
|
|
@@ -166,6 +166,7 @@ public class WifiConfigController implements TextWatcher,
|
|
private String mMultipleCertSetString;
|
|
private String mUseSystemCertsString;
|
|
private String mDoNotProvideEapUserCertString;
|
|
+ private String mDoNotValidateEapServerString;
|
|
|
|
private Spinner mSecuritySpinner;
|
|
@VisibleForTesting Spinner mEapMethodSpinner;
|
|
@@ -272,6 +273,8 @@ public class WifiConfigController implements TextWatcher,
|
|
mUseSystemCertsString = mContext.getString(R.string.wifi_use_system_certs);
|
|
mDoNotProvideEapUserCertString =
|
|
mContext.getString(R.string.wifi_do_not_provide_eap_user_cert);
|
|
+ mDoNotValidateEapServerString =
|
|
+ mContext.getString(R.string.wifi_do_not_validate_eap_server);
|
|
|
|
mSsidScanButton = (ImageButton) mView.findViewById(R.id.ssid_scanner_button);
|
|
mIpSettingsSpinner = (Spinner) mView.findViewById(R.id.ip_settings);
|
|
@@ -544,7 +547,8 @@ public class WifiConfigController implements TextWatcher,
|
|
// Disallow submit if the user has not selected a CA certificate for an EAP network
|
|
// configuration.
|
|
enabled = false;
|
|
- } else if (mEapDomainView != null
|
|
+ } else if (!caCertSelection.equals(mDoNotValidateEapServerString)
|
|
+ && mEapDomainView != null
|
|
&& mView.findViewById(R.id.l_domain).getVisibility() != View.GONE
|
|
&& TextUtils.isEmpty(mEapDomainView.getText().toString())) {
|
|
// Disallow submit if the user chooses to use a certificate for EAP server
|
|
@@ -566,6 +570,7 @@ public class WifiConfigController implements TextWatcher,
|
|
}
|
|
|
|
void showWarningMessagesIfAppropriate() {
|
|
+ mView.findViewById(R.id.no_ca_cert_warning).setVisibility(View.GONE);
|
|
mView.findViewById(R.id.no_user_cert_warning).setVisibility(View.GONE);
|
|
mView.findViewById(R.id.no_domain_warning).setVisibility(View.GONE);
|
|
mView.findViewById(R.id.ssid_too_long_warning).setVisibility(View.GONE);
|
|
@@ -578,7 +583,13 @@ public class WifiConfigController implements TextWatcher,
|
|
}
|
|
if (mEapCaCertSpinner != null
|
|
&& mView.findViewById(R.id.l_ca_cert).getVisibility() != View.GONE) {
|
|
- if (mEapDomainView != null
|
|
+ String caCertSelection = (String) mEapCaCertSpinner.getSelectedItem();
|
|
+ if (caCertSelection.equals(mDoNotValidateEapServerString)) {
|
|
+ // Display warning if user chooses not to validate the EAP server with a
|
|
+ // user-supplied CA certificate in an EAP network configuration.
|
|
+ mView.findViewById(R.id.no_ca_cert_warning).setVisibility(View.VISIBLE);
|
|
+ } else if (!caCertSelection.equals(mUnspecifiedCertString)
|
|
+ && mEapDomainView != null
|
|
&& mView.findViewById(R.id.l_domain).getVisibility() != View.GONE
|
|
&& TextUtils.isEmpty(mEapDomainView.getText().toString())) {
|
|
// Display warning if user chooses to use a certificate without restricting the
|
|
@@ -719,7 +730,8 @@ public class WifiConfigController implements TextWatcher,
|
|
config.enterpriseConfig.setCaCertificateAliases(null);
|
|
config.enterpriseConfig.setCaPath(null);
|
|
config.enterpriseConfig.setDomainSuffixMatch(mEapDomainView.getText().toString());
|
|
- if (caCert.equals(mUnspecifiedCertString)) {
|
|
+ if (caCert.equals(mUnspecifiedCertString)
|
|
+ || caCert.equals(mDoNotValidateEapServerString)) {
|
|
// ca_cert already set to null, so do nothing.
|
|
} else if (caCert.equals(mUseSystemCertsString)) {
|
|
config.enterpriseConfig.setCaPath(SYSTEM_CA_STORE_PATH);
|
|
@@ -753,7 +765,8 @@ public class WifiConfigController implements TextWatcher,
|
|
}
|
|
|
|
// Only set OCSP option if there is a valid CA certificate.
|
|
- if (caCert.equals(mUnspecifiedCertString)) {
|
|
+ if (caCert.equals(mUnspecifiedCertString)
|
|
+ || caCert.equals(mDoNotValidateEapServerString)) {
|
|
config.enterpriseConfig.setOcsp(WifiEnterpriseConfig.OCSP_NONE);
|
|
} else {
|
|
config.enterpriseConfig.setOcsp(mEapOcspSpinner.getSelectedItemPosition());
|
|
@@ -1057,7 +1070,7 @@ public class WifiConfigController implements TextWatcher,
|
|
loadCertificates(
|
|
mEapCaCertSpinner,
|
|
androidKeystoreAliasLoader.getCaCertAliases(),
|
|
- null /* noCertificateString */,
|
|
+ mDoNotValidateEapServerString /* noCertificateString */,
|
|
false /* showMultipleCerts */,
|
|
true /* showUsePreinstalledCertOption */);
|
|
loadCertificates(
|
|
@@ -1141,7 +1154,7 @@ public class WifiConfigController implements TextWatcher,
|
|
} else {
|
|
String[] caCerts = enterpriseConfig.getCaCertificateAliases();
|
|
if (caCerts == null) {
|
|
- setSelection(mEapCaCertSpinner, mUnspecifiedCertString);
|
|
+ setSelection(mEapCaCertSpinner, mDoNotValidateEapServerString);
|
|
} else if (caCerts.length == 1) {
|
|
setSelection(mEapCaCertSpinner, caCerts[0]);
|
|
} else {
|
|
@@ -1152,7 +1165,7 @@ public class WifiConfigController implements TextWatcher,
|
|
loadCertificates(
|
|
mEapCaCertSpinner,
|
|
androidKeystoreAliasLoader.getCaCertAliases(),
|
|
- null /* noCertificateString */,
|
|
+ mDoNotValidateEapServerString /* noCertificateString */,
|
|
true /* showMultipleCerts */,
|
|
true /* showUsePreinstalledCertOption */);
|
|
setSelection(mEapCaCertSpinner, mMultipleCertSetString);
|
|
@@ -1285,7 +1298,8 @@ public class WifiConfigController implements TextWatcher,
|
|
|
|
if (mView.findViewById(R.id.l_ca_cert).getVisibility() != View.GONE) {
|
|
String eapCertSelection = (String) mEapCaCertSpinner.getSelectedItem();
|
|
- if (eapCertSelection.equals(mUnspecifiedCertString)) {
|
|
+ if (eapCertSelection.equals(mDoNotValidateEapServerString)
|
|
+ || eapCertSelection.equals(mUnspecifiedCertString)) {
|
|
// Domain suffix matching is not relevant if the user hasn't chosen a CA
|
|
// certificate yet, or chooses not to validate the EAP server.
|
|
setDomainInvisible();
|
|
@@ -1546,8 +1560,7 @@ public class WifiConfigController implements TextWatcher,
|
|
}).collect(Collectors.toList()));
|
|
}
|
|
|
|
- if (!TextUtils.isEmpty(noCertificateString)
|
|
- && mAccessPointSecurity != AccessPoint.SECURITY_EAP_SUITE_B) {
|
|
+ if (mAccessPointSecurity != AccessPoint.SECURITY_EAP_SUITE_B) {
|
|
certs.add(noCertificateString);
|
|
}
|
|
|
|
diff --git a/src/com/android/settings/wifi/WifiConfigController2.java b/src/com/android/settings/wifi/WifiConfigController2.java
|
|
index ab13405232..01353b38fc 100644
|
|
--- a/src/com/android/settings/wifi/WifiConfigController2.java
|
|
+++ b/src/com/android/settings/wifi/WifiConfigController2.java
|
|
@@ -172,6 +172,7 @@ public class WifiConfigController2 implements TextWatcher,
|
|
private String mUseSystemCertsString;
|
|
private String mTrustOnFirstUse;
|
|
private String mDoNotProvideEapUserCertString;
|
|
+ private String mDoNotValidateEapServerString;
|
|
@VisibleForTesting String mInstallCertsString;
|
|
|
|
private Spinner mSecuritySpinner;
|
|
@@ -275,6 +276,8 @@ public class WifiConfigController2 implements TextWatcher,
|
|
mTrustOnFirstUse = mContext.getString(R.string.wifi_trust_on_first_use);
|
|
mDoNotProvideEapUserCertString =
|
|
mContext.getString(R.string.wifi_do_not_provide_eap_user_cert);
|
|
+ mDoNotValidateEapServerString =
|
|
+ mContext.getString(R.string.wifi_do_not_validate_eap_server);
|
|
mInstallCertsString = mContext.getString(R.string.wifi_install_credentials);
|
|
|
|
mSsidScanButton = (ImageButton) mView.findViewById(R.id.ssid_scanner_button);
|
|
@@ -528,7 +531,8 @@ public class WifiConfigController2 implements TextWatcher,
|
|
// Disallow submit if the user has not selected a CA certificate for an EAP network
|
|
// configuration.
|
|
enabled = false;
|
|
- } else if (mEapDomainView != null
|
|
+ } else if (!caCertSelection.equals(mDoNotValidateEapServerString)
|
|
+ && mEapDomainView != null
|
|
&& mView.findViewById(R.id.l_domain).getVisibility() != View.GONE
|
|
&& TextUtils.isEmpty(mEapDomainView.getText().toString())) {
|
|
// Disallow submit if the user chooses to use a certificate for EAP server
|
|
@@ -550,6 +554,7 @@ public class WifiConfigController2 implements TextWatcher,
|
|
}
|
|
|
|
void showWarningMessagesIfAppropriate() {
|
|
+ mView.findViewById(R.id.no_ca_cert_warning).setVisibility(View.GONE);
|
|
mView.findViewById(R.id.no_user_cert_warning).setVisibility(View.GONE);
|
|
mView.findViewById(R.id.no_domain_warning).setVisibility(View.GONE);
|
|
mView.findViewById(R.id.ssid_too_long_warning).setVisibility(View.GONE);
|
|
@@ -562,7 +567,13 @@ public class WifiConfigController2 implements TextWatcher,
|
|
}
|
|
if (mEapCaCertSpinner != null
|
|
&& mView.findViewById(R.id.l_ca_cert).getVisibility() != View.GONE) {
|
|
- if (mEapDomainView != null
|
|
+ String caCertSelection = (String) mEapCaCertSpinner.getSelectedItem();
|
|
+ if (caCertSelection.equals(mDoNotValidateEapServerString)) {
|
|
+ // Display warning if user chooses not to validate the EAP server with a
|
|
+ // user-supplied CA certificate in an EAP network configuration.
|
|
+ mView.findViewById(R.id.no_ca_cert_warning).setVisibility(View.VISIBLE);
|
|
+ } else if (!caCertSelection.equals(mUnspecifiedCertString)
|
|
+ && mEapDomainView != null
|
|
&& mView.findViewById(R.id.l_domain).getVisibility() != View.GONE
|
|
&& TextUtils.isEmpty(mEapDomainView.getText().toString())) {
|
|
// Display warning if user chooses to use a certificate without restricting the
|
|
@@ -710,7 +721,8 @@ public class WifiConfigController2 implements TextWatcher,
|
|
config.enterpriseConfig.setCaCertificateAliases(null);
|
|
config.enterpriseConfig.setCaPath(null);
|
|
config.enterpriseConfig.setDomainSuffixMatch(mEapDomainView.getText().toString());
|
|
- if (caCert.equals(mUnspecifiedCertString)) {
|
|
+ if (caCert.equals(mUnspecifiedCertString)
|
|
+ || caCert.equals(mDoNotValidateEapServerString)) {
|
|
// ca_cert already set to null, so do nothing.
|
|
} else if (mIsTrustOnFirstUseSupported && caCert.equals(mTrustOnFirstUse)) {
|
|
config.enterpriseConfig.enableTrustOnFirstUse(true);
|
|
@@ -745,7 +757,8 @@ public class WifiConfigController2 implements TextWatcher,
|
|
}
|
|
|
|
// Only set OCSP option if there is a valid CA certificate.
|
|
- if (caCert.equals(mUnspecifiedCertString)) {
|
|
+ if (caCert.equals(mUnspecifiedCertString)
|
|
+ || caCert.equals(mDoNotValidateEapServerString)) {
|
|
config.enterpriseConfig.setOcsp(WifiEnterpriseConfig.OCSP_NONE);
|
|
} else {
|
|
config.enterpriseConfig.setOcsp(mEapOcspSpinner.getSelectedItemPosition());
|
|
@@ -1045,7 +1058,7 @@ public class WifiConfigController2 implements TextWatcher,
|
|
loadCertificates(
|
|
mEapCaCertSpinner,
|
|
androidKeystoreAliasLoader.getCaCertAliases(),
|
|
- null /* noCertificateString */,
|
|
+ mDoNotValidateEapServerString /* noCertificateString */,
|
|
false /* showMultipleCerts */,
|
|
true /* showUsePreinstalledCertOption */);
|
|
loadCertificates(
|
|
@@ -1131,7 +1144,7 @@ public class WifiConfigController2 implements TextWatcher,
|
|
&& enterpriseConfig.isTrustOnFirstUseEnabled()) {
|
|
setSelection(mEapCaCertSpinner, mTrustOnFirstUse);
|
|
} else {
|
|
- setSelection(mEapCaCertSpinner, mUnspecifiedCertString);
|
|
+ setSelection(mEapCaCertSpinner, mDoNotValidateEapServerString);
|
|
}
|
|
} else if (caCerts.length == 1) {
|
|
setSelection(mEapCaCertSpinner, caCerts[0]);
|
|
@@ -1142,7 +1155,7 @@ public class WifiConfigController2 implements TextWatcher,
|
|
loadCertificates(
|
|
mEapCaCertSpinner,
|
|
androidKeystoreAliasLoader.getCaCertAliases(),
|
|
- null /* noCertificateString */,
|
|
+ mDoNotValidateEapServerString /* noCertificateString */,
|
|
true /* showMultipleCerts */,
|
|
true /* showUsePreinstalledCertOption */);
|
|
setSelection(mEapCaCertSpinner, mMultipleCertSetString);
|
|
@@ -1277,7 +1290,8 @@ public class WifiConfigController2 implements TextWatcher,
|
|
String eapCertSelection = (String) mEapCaCertSpinner.getSelectedItem();
|
|
if (eapCertSelection.equals(mUnspecifiedCertString)
|
|
|| (mIsTrustOnFirstUseSupported
|
|
- && eapCertSelection.equals(mTrustOnFirstUse))) {
|
|
+ && eapCertSelection.equals(mTrustOnFirstUse))
|
|
+ || eapCertSelection.equals(mUnspecifiedCertString)) {
|
|
// Domain suffix matching is not relevant if the user hasn't chosen a CA
|
|
// certificate yet, or chooses not to validate the EAP server.
|
|
setDomainInvisible();
|
|
@@ -1550,8 +1564,7 @@ public class WifiConfigController2 implements TextWatcher,
|
|
}).collect(Collectors.toList()));
|
|
}
|
|
|
|
- if (!TextUtils.isEmpty(noCertificateString)
|
|
- && mWifiEntrySecurity != WifiEntry.SECURITY_EAP_SUITE_B) {
|
|
+ if (mWifiEntrySecurity != WifiEntry.SECURITY_EAP_SUITE_B) {
|
|
certs.add(noCertificateString);
|
|
}
|
|
|
|
--
|
|
2.34.1
|
|
|