Merge "[Enterprise] Fix hasEnterpriseConfigChanged method" into rvc-qpr-dev

author: TreeHugger Robot <treehugger-gerrit@google.com> 2020-08-27 21:04:20 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2020-08-27 21:04:20 +0000
commit: edc209e114cb84977b592bd4ef2fe8203a68951c (patch)
tree: e8c030a47a296fef1d8ed354b9a30df951a722fd
parent: 90a864d13085e37bb8798fa64984d2876870fbd4 (diff)
parent: 2ac7bbd85d016d5baf582cd6f04dda6f434a3c9f (diff)
2 files changed, 102 insertions, 2 deletions
diff --git a/service/java/com/android/server/wifi/WifiConfigurationUtil.java b/service/java/com/android/server/wifi/WifiConfigurationUtil.java
index f37472ead..336d97810 100644
--- a/service/java/com/android/server/wifi/WifiConfigurationUtil.java
+++ b/service/java/com/android/server/wifi/WifiConfigurationUtil.java
@@ -224,6 +224,11 @@ public class WifiConfigurationUtil {
             if (existingEnterpriseConfig.getEapMethod() != newEnterpriseConfig.getEapMethod()) {
                 return true;
             }
+            if (existingEnterpriseConfig.isAuthenticationSimBased()) {
+                // No other credential changes for SIM based methods.
+                // The SIM card is the credential.
+                return false;
+            }
             if (existingEnterpriseConfig.getPhase2Method()
                     != newEnterpriseConfig.getPhase2Method()) {
                 return true;
@@ -232,8 +237,7 @@ public class WifiConfigurationUtil {
                                   newEnterpriseConfig.getIdentity())) {
                 return true;
             }
-            if (!existingEnterpriseConfig.isAuthenticationSimBased()
-                    && !TextUtils.equals(existingEnterpriseConfig.getAnonymousIdentity(),
+            if (!TextUtils.equals(existingEnterpriseConfig.getAnonymousIdentity(),
                     newEnterpriseConfig.getAnonymousIdentity())) {
                 return true;
             }
@@ -246,6 +250,21 @@ public class WifiConfigurationUtil {
             if (!Arrays.equals(existingCaCerts, newCaCerts)) {
                 return true;
             }
+            if (!Arrays.equals(newEnterpriseConfig.getCaCertificateAliases(),
+                    existingEnterpriseConfig.getCaCertificateAliases())) {
+                return true;
+            }
+            if (!TextUtils.equals(newEnterpriseConfig.getClientCertificateAlias(),
+                    existingEnterpriseConfig.getClientCertificateAlias())) {
+                return true;
+            }
+            if (!TextUtils.equals(newEnterpriseConfig.getAltSubjectMatch(),
+                    existingEnterpriseConfig.getAltSubjectMatch())) {
+                return true;
+            }
+            if (newEnterpriseConfig.getOcsp() != existingEnterpriseConfig.getOcsp()) {
+                return true;
+            }
         } else {
             // One of the configs may have an enterpriseConfig
             if (existingEnterpriseConfig != null || newEnterpriseConfig != null) {
diff --git a/tests/wifitests/src/com/android/server/wifi/WifiConfigurationUtilTest.java b/tests/wifitests/src/com/android/server/wifi/WifiConfigurationUtilTest.java
index 8d7f5c6e6..0dd5b1214 100644
--- a/tests/wifitests/src/com/android/server/wifi/WifiConfigurationUtilTest.java
+++ b/tests/wifitests/src/com/android/server/wifi/WifiConfigurationUtilTest.java
@@ -16,6 +16,9 @@
 
 package com.android.server.wifi;
 
+import static android.net.wifi.WifiEnterpriseConfig.OCSP_NONE;
+import static android.net.wifi.WifiEnterpriseConfig.OCSP_REQUIRE_CERT_STATUS;
+
 import static org.junit.Assert.*;
 
 import android.content.pm.UserInfo;
@@ -980,4 +983,82 @@ public class WifiConfigurationUtilTest extends WifiBaseTest {
             return this;
         }
     }
+
+    /**
+     * Verify WifiEnterpriseConfig CA Certificate alias changes are detected.
+     */
+    @Test
+    public void testCaCertificateAliasChangesDetected() {
+        EnterpriseConfig eapConfig1 = new EnterpriseConfig(WifiEnterpriseConfig.Eap.TTLS)
+                .setPhase2(WifiEnterpriseConfig.Phase2.MSCHAPV2)
+                .setIdentity("username", "password");
+        eapConfig1.enterpriseConfig.setCaCertificateAlias("ALIAS_1");
+
+        EnterpriseConfig eapConfig2 = new EnterpriseConfig(WifiEnterpriseConfig.Eap.TTLS)
+                .setPhase2(WifiEnterpriseConfig.Phase2.MSCHAPV2)
+                .setIdentity("username", "password");
+        eapConfig2.enterpriseConfig.setCaCertificateAlias("ALIAS_2");
+
+        assertTrue(WifiConfigurationUtil.hasEnterpriseConfigChanged(eapConfig1.enterpriseConfig,
+                eapConfig2.enterpriseConfig));
+    }
+
+    /**
+     * Verify WifiEnterpriseConfig Client Certificate alias changes are detected.
+     */
+    @Test
+    public void testClientCertificateAliasChangesDetected() {
+        EnterpriseConfig eapConfig1 = new EnterpriseConfig(WifiEnterpriseConfig.Eap.TLS);
+        eapConfig1.enterpriseConfig.setCaCertificateAlias("ALIAS_1");
+        eapConfig1.enterpriseConfig.setClientCertificateAlias("CLIENT_ALIAS_1");
+
+        EnterpriseConfig eapConfig2 = new EnterpriseConfig(WifiEnterpriseConfig.Eap.TTLS);
+        eapConfig2.enterpriseConfig.setCaCertificateAlias("ALIAS_1");
+        eapConfig2.enterpriseConfig.setClientCertificateAlias("CLIENT_ALIAS_2");
+
+        assertTrue(WifiConfigurationUtil.hasEnterpriseConfigChanged(eapConfig1.enterpriseConfig,
+                eapConfig2.enterpriseConfig));
+    }
+
+    /**
+     * Verify WifiEnterpriseConfig OCSP changes are detected.
+     */
+    @Test
+    public void testOcspChangesDetected() {
+        EnterpriseConfig eapConfig1 = new EnterpriseConfig(WifiEnterpriseConfig.Eap.TTLS)
+                .setPhase2(WifiEnterpriseConfig.Phase2.MSCHAPV2)
+                .setIdentity("username", "password")
+                .setCaCerts(new X509Certificate[]{FakeKeys.CA_CERT0});
+        eapConfig1.enterpriseConfig.setOcsp(OCSP_NONE);
+
+        EnterpriseConfig eapConfig2 = new EnterpriseConfig(WifiEnterpriseConfig.Eap.TTLS)
+                .setPhase2(WifiEnterpriseConfig.Phase2.MSCHAPV2)
+                .setIdentity("username", "password")
+                .setCaCerts(new X509Certificate[]{FakeKeys.CA_CERT0});
+        eapConfig2.enterpriseConfig.setOcsp(OCSP_REQUIRE_CERT_STATUS);
+
+        assertTrue(WifiConfigurationUtil.hasEnterpriseConfigChanged(eapConfig1.enterpriseConfig,
+                eapConfig2.enterpriseConfig));
+    }
+
+    /**
+     * Verify WifiEnterpriseConfig subject match changes are detected.
+     */
+    @Test
+    public void testSubjectMatchChangesDetected() {
+        EnterpriseConfig eapConfig1 = new EnterpriseConfig(WifiEnterpriseConfig.Eap.TTLS)
+                .setPhase2(WifiEnterpriseConfig.Phase2.MSCHAPV2)
+                .setIdentity("username", "password")
+                .setCaCerts(new X509Certificate[]{FakeKeys.CA_CERT0});
+        eapConfig1.enterpriseConfig.setAltSubjectMatch("domain1.com");
+
+        EnterpriseConfig eapConfig2 = new EnterpriseConfig(WifiEnterpriseConfig.Eap.TTLS)
+                .setPhase2(WifiEnterpriseConfig.Phase2.MSCHAPV2)
+                .setIdentity("username", "password")
+                .setCaCerts(new X509Certificate[]{FakeKeys.CA_CERT0});
+        eapConfig1.enterpriseConfig.setAltSubjectMatch("domain2.com");
+
+        assertTrue(WifiConfigurationUtil.hasEnterpriseConfigChanged(eapConfig1.enterpriseConfig,
+                eapConfig2.enterpriseConfig));
+    }
 }
author	TreeHugger Robot <treehugger-gerrit@google.com>	2020-08-27 21:04:20 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2020-08-27 21:04:20 +0000
commit	edc209e114cb84977b592bd4ef2fe8203a68951c (patch)
tree	e8c030a47a296fef1d8ed354b9a30df951a722fd
parent	90a864d13085e37bb8798fa64984d2876870fbd4 (diff)
parent	2ac7bbd85d016d5baf582cd6f04dda6f434a3c9f (diff)