Enterprise suggestion's catificate share same lifecycle as suggestion

Enterprise network suggestion's catificate will add to keystore immediately after add the suggestion, and will only remove after suggestion is removed.

Bug: 150500247
Test: atest com.android.server.wifi

Merged-In: I85fb81a98f16b6a343fb35ce31e1426e333773b0
Change-Id: Icbe49911d7ca93b03dfdf728ad88057c31aa5974

6 files changed, 133 insertions, 14 deletions

diff --git a/service/java/com/android/server/wifi/WifiConfigManager.java b/service/java/com/android/server/wifi/WifiConfigManager.java
index c617b9e1f..a2f10914a 100644
--- a/service/java/com/android/server/wifi/WifiConfigManager.java
+++ b/service/java/com/android/server/wifi/WifiConfigManager.java
@@ -1230,12 +1230,11 @@ public class WifiConfigManager {
             return new NetworkUpdateResult(WifiConfiguration.INVALID_NETWORK_ID);
         }
 
-        // Update the keys for non-Passpoint enterprise networks.  For Passpoint, the certificates
-        // and keys are installed at the time the provider is installed.
-        if (config.enterpriseConfig != null
-                && config.enterpriseConfig.getEapMethod() != WifiEnterpriseConfig.Eap.NONE
-                && !config.isPasspoint()) {
-            if (!(mWifiKeyStore.updateNetworkKeys(newInternalConfig, existingInternalConfig))) {
+        // Update the keys for saved enterprise networks. For Passpoint, the certificates
+        // and keys are installed at the time the provider is installed. For suggestion enterprise
+        // network the certificates and keys are installed at the time the suggestion is added
+        if (!config.isPasspoint() && !config.fromWifiNetworkSuggestion && config.isEnterprise()) {
+            if (!mWifiKeyStore.updateNetworkKeys(newInternalConfig, existingInternalConfig)) {
                 return new NetworkUpdateResult(WifiConfiguration.INVALID_NETWORK_ID);
             }
         }
@@ -1372,9 +1371,10 @@ public class WifiConfigManager {
         if (mVerboseLoggingEnabled) {
             Log.v(TAG, "Removing network " + config.getPrintableSsid());
         }
-        // Remove any associated enterprise keys for non-Passpoint networks.
-        if (!config.isPasspoint() && config.enterpriseConfig != null
-                && config.enterpriseConfig.getEapMethod() != WifiEnterpriseConfig.Eap.NONE) {
+        // Remove any associated enterprise keys for saved enterprise networks. Passpoint network
+        // will remove the enterprise keys when provider is uninstalled. Suggestion enterprise
+        // networks will remove the enterprise keys when suggestion is removed.
+        if (!config.isPasspoint() && !config.fromWifiNetworkSuggestion && config.isEnterprise()) {
             mWifiKeyStore.removeKeys(config.enterpriseConfig);
         }
 
diff --git a/service/java/com/android/server/wifi/WifiInjector.java b/service/java/com/android/server/wifi/WifiInjector.java
index 339e169f6..a234d4d81 100644
--- a/service/java/com/android/server/wifi/WifiInjector.java
+++ b/service/java/com/android/server/wifi/WifiInjector.java
@@ -277,8 +277,8 @@ public class WifiInjector {
                 mWifiConfigManager, mClock, mConnectivityLocalLog, mWifiConnectivityHelper,
                 subscriptionManager);
         mWifiNetworkSuggestionsManager = new WifiNetworkSuggestionsManager(mContext,
-                new Handler(mWifiCoreHandlerThread.getLooper()), this,
-                mWifiPermissionsUtil, mWifiConfigManager, mWifiConfigStore, mWifiMetrics);
+                new Handler(mWifiCoreHandlerThread.getLooper()), this, mWifiPermissionsUtil,
+                mWifiConfigManager, mWifiConfigStore, mWifiMetrics, mWifiKeyStore);
         mNetworkSuggestionEvaluator = new NetworkSuggestionEvaluator(mWifiNetworkSuggestionsManager,
                 mWifiConfigManager, mConnectivityLocalLog);
         mScoredNetworkEvaluator = new ScoredNetworkEvaluator(context, clientModeImplLooper,
diff --git a/service/java/com/android/server/wifi/WifiNetworkSuggestionsManager.java b/service/java/com/android/server/wifi/WifiNetworkSuggestionsManager.java
index 644eb6523..19603d8c6 100644
--- a/service/java/com/android/server/wifi/WifiNetworkSuggestionsManager.java
+++ b/service/java/com/android/server/wifi/WifiNetworkSuggestionsManager.java
@@ -108,6 +108,7 @@ public class WifiNetworkSuggestionsManager {
     private final WifiMetrics mWifiMetrics;
     private final WifiInjector mWifiInjector;
     private final FrameworkFacade mFrameworkFacade;
+    private final WifiKeyStore mWifiKeyStore;
 
     /**
      * Per app meta data to store network suggestions, status, etc for each app providing network
@@ -166,6 +167,10 @@ public class WifiNetworkSuggestionsManager {
                                              @NonNull PerAppInfo perAppInfo) {
             this.wns = wns;
             this.perAppInfo = perAppInfo;
+            this.wns.wifiConfiguration.fromWifiNetworkSuggestion = true;
+            this.wns.wifiConfiguration.ephemeral = true;
+            this.wns.wifiConfiguration.creatorName = perAppInfo.packageName;
+            this.wns.wifiConfiguration.creatorUid = wns.suggestorUid;
         }
 
         @Override
@@ -384,7 +389,8 @@ public class WifiNetworkSuggestionsManager {
                                          WifiPermissionsUtil wifiPermissionsUtil,
                                          WifiConfigManager wifiConfigManager,
                                          WifiConfigStore wifiConfigStore,
-                                         WifiMetrics wifiMetrics) {
+                                         WifiMetrics wifiMetrics,
+                                         WifiKeyStore keyStore) {
         mContext = context;
         mResources = context.getResources();
         mHandler = handler;
@@ -397,6 +403,7 @@ public class WifiNetworkSuggestionsManager {
         mWifiPermissionsUtil = wifiPermissionsUtil;
         mWifiConfigManager = wifiConfigManager;
         mWifiMetrics = wifiMetrics;
+        mWifiKeyStore = keyStore;
 
         // register the data store for serializing/deserializing data.
         wifiConfigStore.registerStoreData(
@@ -595,6 +602,19 @@ public class WifiNetworkSuggestionsManager {
             // Start tracking app-op changes from the app if they have active suggestions.
             startTrackingAppOpsChange(packageName, uid);
         }
+        Iterator<ExtendedWifiNetworkSuggestion> iterator = extNetworkSuggestions.iterator();
+        // Install enterprise network suggestion catificate.
+        while (iterator.hasNext()) {
+            WifiConfiguration config = iterator.next().wns.wifiConfiguration;
+            if (!config.isEnterprise()) {
+                continue;
+            }
+            if (!mWifiKeyStore.updateNetworkKeys(config, null)) {
+                Log.e(TAG, "Enterprise network install failure for SSID: "
+                        + config.SSID);
+                iterator.remove();
+            }
+        }
         perAppInfo.extNetworkSuggestions.addAll(extNetworkSuggestions);
         // Update the max size for this app.
         perAppInfo.maxSize = Math.max(perAppInfo.extNetworkSuggestions.size(), perAppInfo.maxSize);
@@ -634,6 +654,14 @@ public class WifiNetworkSuggestionsManager {
             // Stop tracking app-op changes from the app if they don't have active suggestions.
             stopTrackingAppOpsChange(packageName);
         }
+        // Clean the enterprise certifiacte.
+        for (ExtendedWifiNetworkSuggestion ewns : extNetworkSuggestions) {
+            WifiConfiguration config = ewns.wns.wifiConfiguration;
+            if (!config.isEnterprise()) {
+                continue;
+            }
+            mWifiKeyStore.removeKeys(config.enterpriseConfig);
+        }
         // Clear the scan cache.
         removeFromScanResultMatchInfoMap(extNetworkSuggestions);
     }
diff --git a/tests/wifitests/src/com/android/server/wifi/WifiConfigManagerTest.java b/tests/wifitests/src/com/android/server/wifi/WifiConfigManagerTest.java
index 6fa1868cb..6a7785e5e 100644
--- a/tests/wifitests/src/com/android/server/wifi/WifiConfigManagerTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/WifiConfigManagerTest.java
@@ -683,13 +683,14 @@ public class WifiConfigManagerTest {
      */
     @Test
     public void testAddSingleSuggestionNetwork() throws Exception {
-        WifiConfiguration suggestionNetwork = WifiConfigurationTestUtil.createOpenNetwork();
+        WifiConfiguration suggestionNetwork = WifiConfigurationTestUtil.createEapNetwork();
         suggestionNetwork.ephemeral = true;
         suggestionNetwork.fromWifiNetworkSuggestion = true;
         List<WifiConfiguration> networks = new ArrayList<>();
         networks.add(suggestionNetwork);
 
         verifyAddSuggestionOrRequestNetworkToWifiConfigManager(suggestionNetwork);
+        verify(mWifiKeyStore, never()).updateNetworkKeys(any(), any());
 
         List<WifiConfiguration> retrievedNetworks =
                 mWifiConfigManager.getConfiguredNetworksWithPasswords();
@@ -699,6 +700,9 @@ public class WifiConfigManagerTest {
         // Ensure that this is not returned in the saved network list.
         assertTrue(mWifiConfigManager.getSavedNetworks(Process.WIFI_UID).isEmpty());
         verify(mWcmListener, never()).onSavedNetworkAdded(suggestionNetwork.networkId);
+        assertTrue(mWifiConfigManager
+                .removeNetwork(suggestionNetwork.networkId, TEST_CREATOR_UID));
+        verify(mWifiKeyStore, never()).removeKeys(any());
     }
 
     /**
diff --git a/tests/wifitests/src/com/android/server/wifi/WifiKeyStoreTest.java b/tests/wifitests/src/com/android/server/wifi/WifiKeyStoreTest.java
index 7079a2d53..7649d1ba4 100644
--- a/tests/wifitests/src/com/android/server/wifi/WifiKeyStoreTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/WifiKeyStoreTest.java
@@ -16,11 +16,19 @@
 
 package com.android.server.wifi;
 
+import static org.junit.Assert.assertNotEquals;
+import static org.junit.Assert.assertTrue;
+import static org.mockito.AdditionalMatchers.aryEq;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyInt;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.validateMockitoUsage;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoMoreInteractions;
 import static org.mockito.Mockito.when;
 
+import android.net.wifi.WifiConfiguration;
 import android.net.wifi.WifiEnterpriseConfig;
 import android.os.Process;
 import android.security.Credentials;
@@ -34,6 +42,8 @@ import org.junit.Test;
 import org.mockito.Mock;
 import org.mockito.MockitoAnnotations;
 
+import java.security.cert.X509Certificate;
+
 /**
  * Unit tests for {@link com.android.server.wifi.WifiConfigManager}.
  */
@@ -43,8 +53,10 @@ public class WifiKeyStoreTest {
     @Mock private KeyStore mKeyStore;
 
     private WifiKeyStore mWifiKeyStore;
+    private static final String TEST_KEY_ID = "blah";
     private static final String USER_CERT_ALIAS = "aabbccddee";
     private static final String [] USER_CA_CERT_ALIAS = {"aacccddd", "bbbqqqqmmm"};
+    private static final String TEST_PACKAGE_NAME = "TestApp";
 
     /**
      * Setup the mocks and an instance of WifiConfigManager before each test.
@@ -57,6 +69,16 @@ public class WifiKeyStoreTest {
         when(mWifiEnterpriseConfig.getClientCertificateAlias()).thenReturn(USER_CERT_ALIAS);
         when(mWifiEnterpriseConfig.getCaCertificateAliases())
                 .thenReturn(USER_CA_CERT_ALIAS);
+        when(mKeyStore.put(anyString(), any(), anyInt(), anyInt())).thenReturn(true);
+        when(mKeyStore.importKey(anyString(), any(), anyInt(), anyInt())).thenReturn(true);
+        when(mWifiEnterpriseConfig.getClientPrivateKey()).thenReturn(FakeKeys.RSA_KEY1);
+        when(mWifiEnterpriseConfig.getClientCertificate()).thenReturn(FakeKeys.CLIENT_CERT);
+        when(mWifiEnterpriseConfig.getCaCertificate()).thenReturn(FakeKeys.CA_CERT0);
+        when(mWifiEnterpriseConfig.getClientCertificateChain())
+                .thenReturn(new X509Certificate[] {FakeKeys.CLIENT_CERT});
+        when(mWifiEnterpriseConfig.getCaCertificates())
+                .thenReturn(new X509Certificate[] {FakeKeys.CA_CERT0});
+        when(mWifiEnterpriseConfig.getKeyId(any())).thenReturn(TEST_KEY_ID);
     }
 
     /**
@@ -129,4 +151,38 @@ public class WifiKeyStoreTest {
         mWifiKeyStore.removeKeys(mWifiEnterpriseConfig);
         verifyNoMoreInteractions(mKeyStore);
     }
+
+    /**
+     * Add two same network credential one is from user saved, the other is from suggestion.
+     * Both oh them should be installed successfully and has different alias, and will not override
+     * each other.
+     */
+    @Test
+    public void testAddFromBothSavedAndSuggestionNetwork() throws Exception {
+        WifiConfiguration savedNetwork = WifiConfigurationTestUtil.createEapNetwork();
+        WifiConfiguration suggestionNetwork = new WifiConfiguration(savedNetwork);
+        savedNetwork.enterpriseConfig = mWifiEnterpriseConfig;
+        suggestionNetwork.enterpriseConfig = mWifiEnterpriseConfig;
+        suggestionNetwork.fromWifiNetworkSuggestion = true;
+        suggestionNetwork.creatorName = TEST_PACKAGE_NAME;
+
+        assertTrue(mWifiKeyStore.updateNetworkKeys(savedNetwork, null));
+        assertTrue(mWifiKeyStore.updateNetworkKeys(suggestionNetwork, null));
+
+        String savedNetworkAlias = savedNetwork.getKeyIdForCredentials(null);
+        String savedNetworkCaAlias = savedNetworkAlias;
+
+        String suggestionNetworkAlias = suggestionNetwork.getKeyIdForCredentials(null);
+        String suggestionNetworkCaAlias = suggestionNetworkAlias;
+
+        assertNotEquals(savedNetworkAlias, suggestionNetworkAlias);
+
+        verify(mWifiEnterpriseConfig).setClientCertificateAlias(eq(savedNetworkAlias));
+        verify(mWifiEnterpriseConfig).setCaCertificateAliases(
+                aryEq(new String[] {savedNetworkCaAlias}));
+
+        verify(mWifiEnterpriseConfig).setClientCertificateAlias(eq(suggestionNetworkAlias));
+        verify(mWifiEnterpriseConfig).setCaCertificateAliases(
+                aryEq(new String[] {suggestionNetworkCaAlias}));
+    }
 }
diff --git a/tests/wifitests/src/com/android/server/wifi/WifiNetworkSuggestionsManagerTest.java b/tests/wifitests/src/com/android/server/wifi/WifiNetworkSuggestionsManagerTest.java
index 612fdf575..9e183e729 100644
--- a/tests/wifitests/src/com/android/server/wifi/WifiNetworkSuggestionsManagerTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/WifiNetworkSuggestionsManagerTest.java
@@ -102,6 +102,7 @@ public class WifiNetworkSuggestionsManagerTest {
     private @Mock NetworkSuggestionStoreData mNetworkSuggestionStoreData;
     private @Mock ClientModeImpl mClientModeImpl;
     private @Mock WifiMetrics mWifiMetrics;
+    private @Mock WifiKeyStore mWifiKeyStore;
     private TestLooper mLooper;
     private ArgumentCaptor<AppOpsManager.OnOpChangedListener> mAppOpChangedListenerCaptor =
             ArgumentCaptor.forClass(AppOpsManager.OnOpChangedListener.class);
@@ -161,7 +162,7 @@ public class WifiNetworkSuggestionsManagerTest {
         mWifiNetworkSuggestionsManager =
                 new WifiNetworkSuggestionsManager(mContext, new Handler(mLooper.getLooper()),
                         mWifiInjector, mWifiPermissionsUtil, mWifiConfigManager, mWifiConfigStore,
-                        mWifiMetrics);
+                        mWifiMetrics, mWifiKeyStore);
         verify(mContext).getResources();
         verify(mContext).getSystemService(Context.APP_OPS_SERVICE);
         verify(mContext).getSystemService(Context.NOTIFICATION_SERVICE);
@@ -308,6 +309,36 @@ public class WifiNetworkSuggestionsManagerTest {
         assertTrue(mWifiNetworkSuggestionsManager.getAllNetworkSuggestions().isEmpty());
     }
 
+    @Test
+    public void testAddRemoveEnterpriseNetworkSuggestion() {
+        WifiNetworkSuggestion networkSuggestion1 = new WifiNetworkSuggestion(
+                WifiConfigurationTestUtil.createEapNetwork(), false, false, TEST_UID_1,
+                TEST_PACKAGE_1);
+        WifiNetworkSuggestion networkSuggestion2 = new WifiNetworkSuggestion(
+                WifiConfigurationTestUtil.createEapNetwork(), false, false, TEST_UID_2,
+                TEST_PACKAGE_2);
+
+        List<WifiNetworkSuggestion> networkSuggestionList =
+                new ArrayList<WifiNetworkSuggestion>() {{
+                    add(networkSuggestion1);
+                    add(networkSuggestion2);
+                }};
+        when(mWifiKeyStore.updateNetworkKeys(eq(networkSuggestion1.wifiConfiguration), any()))
+                .thenReturn(true);
+        when(mWifiKeyStore.updateNetworkKeys(eq(networkSuggestion2.wifiConfiguration), any()))
+                .thenReturn(false);
+        assertEquals(WifiManager.STATUS_NETWORK_SUGGESTIONS_SUCCESS,
+                mWifiNetworkSuggestionsManager.add(networkSuggestionList, TEST_UID_1,
+                        TEST_PACKAGE_1));
+
+        Set<WifiNetworkSuggestion> allNetworkSuggestions =
+                mWifiNetworkSuggestionsManager.getAllNetworkSuggestions();
+        assertEquals(1, allNetworkSuggestions.size());
+        assertEquals(WifiManager.STATUS_NETWORK_SUGGESTIONS_SUCCESS,
+                mWifiNetworkSuggestionsManager.remove(new ArrayList<>(),
+                        TEST_UID_1, TEST_PACKAGE_1));
+        verify(mWifiKeyStore).removeKeys(any());
+    }
     /**
      * Verify successful replace (add,remove, add) of network suggestions.
      */