[Enterprise] Fix hasEnterpriseConfigChanged method

Updated the hasEnterpriseConfigChanged method to look at additional fields related to the credential: CA and Client certificate aliases, Subject alternate match and OCSP setting. Bug: 162985598 Test: atest WifiConfigurationUtilTest Change-Id: I6fe2ccf27b71072b06de92128e5c1bf429efe251 Merged-In: I6fe2ccf27b71072b06de92128e5c1bf429efe251 (cherry picked from commit 2828d29df8f91a98cd24cfb2e6f226ac402f330c)
author: Hai Shalom <haishalom@google.com> 2020-08-26 15:04:21 -0700
committer: Hai Shalom <haishalom@google.com> 2020-08-27 15:18:21 +0000
commit: 2ac7bbd85d016d5baf582cd6f04dda6f434a3c9f (patch)
tree: f2c80474023fb9523e1f29a8023b3f99187473d0
parent: 7035dae5d18d1b2d3666e66d9ed81f907f269cd1 (diff)
2 files changed, 102 insertions, 2 deletions
diff --git a/service/java/com/android/server/wifi/WifiConfigurationUtil.java b/service/java/com/android/server/wifi/WifiConfigurationUtil.java
index f37472ead..336d97810 100644
--- a/service/java/com/android/server/wifi/WifiConfigurationUtil.java
+++ b/service/java/com/android/server/wifi/WifiConfigurationUtil.java
@@ -224,6 +224,11 @@ public class WifiConfigurationUtil {
             if (existingEnterpriseConfig.getEapMethod() != newEnterpriseConfig.getEapMethod()) {
                 return true;
             }
+            if (existingEnterpriseConfig.isAuthenticationSimBased()) {
+                // No other credential changes for SIM based methods.
+                // The SIM card is the credential.
+                return false;
+            }
             if (existingEnterpriseConfig.getPhase2Method()
                     != newEnterpriseConfig.getPhase2Method()) {
                 return true;
@@ -232,8 +237,7 @@ public class WifiConfigurationUtil {
                                   newEnterpriseConfig.getIdentity())) {
                 return true;
             }
-            if (!existingEnterpriseConfig.isAuthenticationSimBased()
-                    && !TextUtils.equals(existingEnterpriseConfig.getAnonymousIdentity(),
+            if (!TextUtils.equals(existingEnterpriseConfig.getAnonymousIdentity(),
                     newEnterpriseConfig.getAnonymousIdentity())) {
                 return true;
             }
@@ -246,6 +250,21 @@ public class WifiConfigurationUtil {
             if (!Arrays.equals(existingCaCerts, newCaCerts)) {
                 return true;
             }
+            if (!Arrays.equals(newEnterpriseConfig.getCaCertificateAliases(),
+                    existingEnterpriseConfig.getCaCertificateAliases())) {
+                return true;
+            }
+            if (!TextUtils.equals(newEnterpriseConfig.getClientCertificateAlias(),
+                    existingEnterpriseConfig.getClientCertificateAlias())) {
+                return true;
+            }
+            if (!TextUtils.equals(newEnterpriseConfig.getAltSubjectMatch(),
+                    existingEnterpriseConfig.getAltSubjectMatch())) {
+                return true;
+            }
+            if (newEnterpriseConfig.getOcsp() != existingEnterpriseConfig.getOcsp()) {
+                return true;
+            }
         } else {
             // One of the configs may have an enterpriseConfig
             if (existingEnterpriseConfig != null || newEnterpriseConfig != null) {
diff --git a/tests/wifitests/src/com/android/server/wifi/WifiConfigurationUtilTest.java b/tests/wifitests/src/com/android/server/wifi/WifiConfigurationUtilTest.java
index 8d7f5c6e6..0dd5b1214 100644
--- a/tests/wifitests/src/com/android/server/wifi/WifiConfigurationUtilTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/WifiConfigurationUtilTest.java
@@ -16,6 +16,9 @@
 
 package com.android.server.wifi;
 
+import static android.net.wifi.WifiEnterpriseConfig.OCSP_NONE;
+import static android.net.wifi.WifiEnterpriseConfig.OCSP_REQUIRE_CERT_STATUS;
+
 import static org.junit.Assert.*;
 
 import android.content.pm.UserInfo;
@@ -980,4 +983,82 @@ public class WifiConfigurationUtilTest extends WifiBaseTest {
             return this;
         }
     }
+
+    /**
+     * Verify WifiEnterpriseConfig CA Certificate alias changes are detected.
+     */
+    @Test
+    public void testCaCertificateAliasChangesDetected() {
+        EnterpriseConfig eapConfig1 = new EnterpriseConfig(WifiEnterpriseConfig.Eap.TTLS)
+                .setPhase2(WifiEnterpriseConfig.Phase2.MSCHAPV2)
+                .setIdentity("username", "password");
+        eapConfig1.enterpriseConfig.setCaCertificateAlias("ALIAS_1");
+
+        EnterpriseConfig eapConfig2 = new EnterpriseConfig(WifiEnterpriseConfig.Eap.TTLS)
+                .setPhase2(WifiEnterpriseConfig.Phase2.MSCHAPV2)
+                .setIdentity("username", "password");
+        eapConfig2.enterpriseConfig.setCaCertificateAlias("ALIAS_2");
+
+        assertTrue(WifiConfigurationUtil.hasEnterpriseConfigChanged(eapConfig1.enterpriseConfig,
+                eapConfig2.enterpriseConfig));
+    }
+
+    /**
+     * Verify WifiEnterpriseConfig Client Certificate alias changes are detected.
+     */
+    @Test
+    public void testClientCertificateAliasChangesDetected() {
+        EnterpriseConfig eapConfig1 = new EnterpriseConfig(WifiEnterpriseConfig.Eap.TLS);
+        eapConfig1.enterpriseConfig.setCaCertificateAlias("ALIAS_1");
+        eapConfig1.enterpriseConfig.setClientCertificateAlias("CLIENT_ALIAS_1");
+
+        EnterpriseConfig eapConfig2 = new EnterpriseConfig(WifiEnterpriseConfig.Eap.TTLS);
+        eapConfig2.enterpriseConfig.setCaCertificateAlias("ALIAS_1");
+        eapConfig2.enterpriseConfig.setClientCertificateAlias("CLIENT_ALIAS_2");
+
+        assertTrue(WifiConfigurationUtil.hasEnterpriseConfigChanged(eapConfig1.enterpriseConfig,
+                eapConfig2.enterpriseConfig));
+    }
+
+    /**
+     * Verify WifiEnterpriseConfig OCSP changes are detected.
+     */
+    @Test
+    public void testOcspChangesDetected() {
+        EnterpriseConfig eapConfig1 = new EnterpriseConfig(WifiEnterpriseConfig.Eap.TTLS)
+                .setPhase2(WifiEnterpriseConfig.Phase2.MSCHAPV2)
+                .setIdentity("username", "password")
+                .setCaCerts(new X509Certificate[]{FakeKeys.CA_CERT0});
+        eapConfig1.enterpriseConfig.setOcsp(OCSP_NONE);
+
+        EnterpriseConfig eapConfig2 = new EnterpriseConfig(WifiEnterpriseConfig.Eap.TTLS)
+                .setPhase2(WifiEnterpriseConfig.Phase2.MSCHAPV2)
+                .setIdentity("username", "password")
+                .setCaCerts(new X509Certificate[]{FakeKeys.CA_CERT0});
+        eapConfig2.enterpriseConfig.setOcsp(OCSP_REQUIRE_CERT_STATUS);
+
+        assertTrue(WifiConfigurationUtil.hasEnterpriseConfigChanged(eapConfig1.enterpriseConfig,
+                eapConfig2.enterpriseConfig));
+    }
+
+    /**
+     * Verify WifiEnterpriseConfig subject match changes are detected.
+     */
+    @Test
+    public void testSubjectMatchChangesDetected() {
+        EnterpriseConfig eapConfig1 = new EnterpriseConfig(WifiEnterpriseConfig.Eap.TTLS)
+                .setPhase2(WifiEnterpriseConfig.Phase2.MSCHAPV2)
+                .setIdentity("username", "password")
+                .setCaCerts(new X509Certificate[]{FakeKeys.CA_CERT0});
+        eapConfig1.enterpriseConfig.setAltSubjectMatch("domain1.com");
+
+        EnterpriseConfig eapConfig2 = new EnterpriseConfig(WifiEnterpriseConfig.Eap.TTLS)
+                .setPhase2(WifiEnterpriseConfig.Phase2.MSCHAPV2)
+                .setIdentity("username", "password")
+                .setCaCerts(new X509Certificate[]{FakeKeys.CA_CERT0});
+        eapConfig1.enterpriseConfig.setAltSubjectMatch("domain2.com");
+
+        assertTrue(WifiConfigurationUtil.hasEnterpriseConfigChanged(eapConfig1.enterpriseConfig,
+                eapConfig2.enterpriseConfig));
+    }
 }
author	Hai Shalom <haishalom@google.com>	2020-08-26 15:04:21 -0700
committer	Hai Shalom <haishalom@google.com>	2020-08-27 15:18:21 +0000
commit	2ac7bbd85d016d5baf582cd6f04dda6f434a3c9f (patch)
tree	f2c80474023fb9523e1f29a8023b3f99187473d0
parent	7035dae5d18d1b2d3666e66d9ed81f907f269cd1 (diff)