Merge changes I6dfd32a4,I6a1f18c4 into rvc-dev

* changes:
  RELAND: WifiKeyStore: Always use a different alias for CA
  WifiServiceImpl: Read verbose logging flag after checkAndStartWifi

4 files changed, 53 insertions, 6 deletions

diff --git a/service/java/com/android/server/wifi/WifiKeyStore.java b/service/java/com/android/server/wifi/WifiKeyStore.java
index e3bbfd5f5..7422891c1 100644
--- a/service/java/com/android/server/wifi/WifiKeyStore.java
+++ b/service/java/com/android/server/wifi/WifiKeyStore.java
@@ -106,10 +106,7 @@ public class WifiKeyStore {
         if (caCertificates != null) {
             caCertificateAliases = new ArrayList<>();
             for (int i = 0; i < caCertificates.length; i++) {
-                // Use a different alias only if there is more than 1 certificate in the chain.
-                String caAlias = caCertificates.length == 1
-                        ? alias
-                        : String.format("%s_%d", alias, i);
+                String caAlias = String.format("%s_%d", alias, i);
 
                 oldCaCertificatesToRemove.remove(caAlias);
                 if (!putCaCertInKeyStore(caAlias, caCertificates[i])) {
@@ -120,7 +117,7 @@ public class WifiKeyStore {
                     }
                     return false;
                 }
-                caCertificateAliases.add(alias);
+                caCertificateAliases.add(caAlias);
             }
         }
         if (existingAlias != null) {
diff --git a/service/java/com/android/server/wifi/WifiServiceImpl.java b/service/java/com/android/server/wifi/WifiServiceImpl.java
index acb060dfc..a71763511 100644
--- a/service/java/com/android/server/wifi/WifiServiceImpl.java
+++ b/service/java/com/android/server/wifi/WifiServiceImpl.java
@@ -315,7 +315,6 @@ public class WifiServiceImpl extends BaseWifiService {
         mWifiPermissionsUtil = mWifiInjector.getWifiPermissionsUtil();
         mLog = mWifiInjector.makeLog(TAG);
         mFrameworkFacade = wifiInjector.getFrameworkFacade();
-        enableVerboseLoggingInternal(getVerboseLoggingLevel());
         mTetheredSoftApTracker = new TetheredSoftApTracker();
         mActiveModeWarden.registerSoftApCallback(mTetheredSoftApTracker);
         mLohsSoftApTracker = new LohsSoftApTracker();
@@ -343,6 +342,8 @@ public class WifiServiceImpl extends BaseWifiService {
             if (!mWifiConfigManager.loadFromStore()) {
                 Log.e(TAG, "Failed to load from config store");
             }
+            // config store is read, check if verbose logging is enabled.
+            enableVerboseLoggingInternal(getVerboseLoggingLevel());
             // Check if wi-fi needs to be enabled
             boolean wifiEnabled = mSettingsStore.isWifiToggleEnabled();
             Log.i(TAG,
diff --git a/tests/wifitests/src/com/android/server/wifi/WifiKeyStoreTest.java b/tests/wifitests/src/com/android/server/wifi/WifiKeyStoreTest.java
index 42eb52613..4fc156518 100644
--- a/tests/wifitests/src/com/android/server/wifi/WifiKeyStoreTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/WifiKeyStoreTest.java
@@ -16,11 +16,16 @@
 
 package com.android.server.wifi;
 
+import static org.junit.Assert.assertTrue;
+import static org.mockito.AdditionalMatchers.aryEq;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.validateMockitoUsage;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoMoreInteractions;
 import static org.mockito.Mockito.when;
 
+import android.net.wifi.WifiConfiguration;
 import android.net.wifi.WifiEnterpriseConfig;
 
 import androidx.test.filters.SmallTest;
@@ -32,6 +37,7 @@ import org.mockito.Mock;
 import org.mockito.MockitoAnnotations;
 
 import java.security.KeyStore;
+import java.security.cert.X509Certificate;
 
 /**
  * Unit tests for {@link com.android.server.wifi.WifiConfigManager}.
@@ -42,6 +48,7 @@ public class WifiKeyStoreTest extends WifiBaseTest {
     @Mock private KeyStore mKeyStore;
 
     private WifiKeyStore mWifiKeyStore;
+    private static final String TEST_KEY_ID = "blah";
     private static final String USER_CERT_ALIAS = "aabbccddee";
     private static final String [] USER_CA_CERT_ALIAS = {"aacccddd", "bbbqqqqmmm"};
 
@@ -56,6 +63,14 @@ public class WifiKeyStoreTest extends WifiBaseTest {
         when(mWifiEnterpriseConfig.getClientCertificateAlias()).thenReturn(USER_CERT_ALIAS);
         when(mWifiEnterpriseConfig.getCaCertificateAliases())
                 .thenReturn(USER_CA_CERT_ALIAS);
+        when(mWifiEnterpriseConfig.getClientPrivateKey()).thenReturn(FakeKeys.RSA_KEY1);
+        when(mWifiEnterpriseConfig.getClientCertificate()).thenReturn(FakeKeys.CLIENT_CERT);
+        when(mWifiEnterpriseConfig.getCaCertificate()).thenReturn(FakeKeys.CA_CERT0);
+        when(mWifiEnterpriseConfig.getClientCertificateChain())
+                .thenReturn(new X509Certificate[] {FakeKeys.CLIENT_CERT});
+        when(mWifiEnterpriseConfig.getCaCertificates())
+                .thenReturn(new X509Certificate[] {FakeKeys.CA_CERT0});
+        when(mWifiEnterpriseConfig.getKeyId(any())).thenReturn(TEST_KEY_ID);
     }
 
     /**
@@ -122,4 +137,26 @@ public class WifiKeyStoreTest extends WifiBaseTest {
         mWifiKeyStore.removeKeys(mWifiEnterpriseConfig);
         verifyNoMoreInteractions(mKeyStore);
     }
+
+    /**
+     * Verifies that keys and certs are added when they were installed by an app and verifies the
+     * alias used.
+     */
+    @Test
+    public void testAddKeysForAppInstalledCerts() throws Exception {
+        WifiConfiguration config = WifiConfigurationTestUtil.createEapNetwork();
+        config.enterpriseConfig = mWifiEnterpriseConfig;
+        assertTrue(mWifiKeyStore.updateNetworkKeys(config, null));
+
+        String expectedAlias = config.getKeyIdForCredentials(null);
+        String expectedCaAlias = expectedAlias + "_0";
+        // Method calls the KeyStore#delete method 4 times, user key, user cert, and 2 CA cert
+        verify(mKeyStore).setKeyEntry(
+                eq(expectedAlias), eq(FakeKeys.RSA_KEY1), eq(null),
+                aryEq(new X509Certificate[] {FakeKeys.CLIENT_CERT}));
+        verify(mKeyStore).setCertificateEntry(eq(expectedCaAlias), eq(FakeKeys.CA_CERT0));
+        verify(mWifiEnterpriseConfig).setClientCertificateAlias(eq(expectedAlias));
+        verify(mWifiEnterpriseConfig).setCaCertificateAliases(
+                aryEq(new String[] {expectedCaAlias}));
+    }
 }
diff --git a/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java b/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java
index f1e515b9c..b91e20006 100644
--- a/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/WifiServiceImplTest.java
@@ -1208,6 +1208,18 @@ public class WifiServiceImplTest extends WifiBaseTest {
         verify(mActiveModeWarden, never()).wifiToggled();
     }
 
+    @Test
+    public void testWifiVerboseLoggingInitialization() {
+        when(mSettingsStore.isWifiToggleEnabled()).thenReturn(false);
+        when(mWifiSettingsConfigStore.getBoolean(eq(WIFI_VERBOSE_LOGGING_ENABLED), anyBoolean()))
+                .thenReturn(true);
+        mWifiServiceImpl.checkAndStartWifi();
+        mLooper.dispatchAll();
+        verify(mWifiConfigManager).loadFromStore();
+        verify(mClientModeImpl).enableVerboseLogging(1);
+        verify(mActiveModeWarden).start();
+    }
+
     /**
      * Make sure we do start WifiController (wifi enabled) if the device is already decrypted.
      */