Enterprise suggestion's certificate share same lifecycle as suggestion

Enterprise network suggestion's certificate will add to keystore immediately after add the suggestion, and will only remove after suggestion is removed.

Bug: 150500247
Test: atest com.android.server.wifi

Change-Id: I85fb81a98f16b6a343fb35ce31e1426e333773b0

3 files changed, 29 insertions, 13 deletions

diff --git a/service/java/com/android/server/wifi/WifiConfigManager.java b/service/java/com/android/server/wifi/WifiConfigManager.java
index cc0342c42..a40298391 100644
--- a/service/java/com/android/server/wifi/WifiConfigManager.java
+++ b/service/java/com/android/server/wifi/WifiConfigManager.java
@@ -1220,11 +1220,10 @@ public class WifiConfigManager {
             return new NetworkUpdateResult(WifiConfiguration.INVALID_NETWORK_ID);
         }
 
-        // Update the keys for non-Passpoint enterprise networks.  For Passpoint, the certificates
-        // and keys are installed at the time the provider is installed.
-        if (config.enterpriseConfig != null
-                && config.enterpriseConfig.getEapMethod() != WifiEnterpriseConfig.Eap.NONE
-                && !config.isPasspoint()) {
+        // Update the keys for saved enterprise networks. For Passpoint, the certificates
+        // and keys are installed at the time the provider is installed. For suggestion enterprise
+        // network the certificates and keys are installed at the time the suggestion is added
+        if (!config.isPasspoint() && !config.fromWifiNetworkSuggestion && config.isEnterprise()) {
             if (!(mWifiKeyStore.updateNetworkKeys(newInternalConfig, existingInternalConfig))) {
                 return new NetworkUpdateResult(WifiConfiguration.INVALID_NETWORK_ID);
             }
@@ -1366,9 +1365,10 @@ public class WifiConfigManager {
         if (mVerboseLoggingEnabled) {
             Log.v(TAG, "Removing network " + config.getPrintableSsid());
         }
-        // Remove any associated enterprise keys for non-Passpoint networks.
-        if (!config.isPasspoint() && config.enterpriseConfig != null
-                && config.enterpriseConfig.getEapMethod() != WifiEnterpriseConfig.Eap.NONE) {
+        // Remove any associated enterprise keys for saved enterprise networks. Passpoint network
+        // will remove the enterprise keys when provider is uninstalled. Suggestion enterprise
+        // networks will remove the enterprise keys when suggestion is removed.
+        if (!config.fromWifiNetworkSuggestion && !config.isPasspoint() && config.isEnterprise()) {
             mWifiKeyStore.removeKeys(config.enterpriseConfig);
         }
 
diff --git a/service/java/com/android/server/wifi/WifiInjector.java b/service/java/com/android/server/wifi/WifiInjector.java
index 1392b1774..02b8761e8 100644
--- a/service/java/com/android/server/wifi/WifiInjector.java
+++ b/service/java/com/android/server/wifi/WifiInjector.java
@@ -292,7 +292,7 @@ public class WifiInjector {
         mWifiMetrics.setWifiNetworkSelector(mWifiNetworkSelector);
         mWifiNetworkSuggestionsManager = new WifiNetworkSuggestionsManager(mContext, wifiHandler,
                 this, mWifiPermissionsUtil, mWifiConfigManager, mWifiConfigStore, mWifiMetrics,
-                mTelephonyUtil);
+                mTelephonyUtil, mWifiKeyStore);
         mPasspointManager = new PasspointManager(mContext, this,
                 wifiHandler, mWifiNative, mWifiKeyStore, mClock, new PasspointObjectFactory(),
                 mWifiConfigManager, mWifiConfigStore, mWifiMetrics, mTelephonyUtil);
diff --git a/service/java/com/android/server/wifi/WifiNetworkSuggestionsManager.java b/service/java/com/android/server/wifi/WifiNetworkSuggestionsManager.java
index a0c73eb74..aa1ef0f5d 100644
--- a/service/java/com/android/server/wifi/WifiNetworkSuggestionsManager.java
+++ b/service/java/com/android/server/wifi/WifiNetworkSuggestionsManager.java
@@ -135,6 +135,7 @@ public class WifiNetworkSuggestionsManager {
     private final WifiInjector mWifiInjector;
     private final FrameworkFacade mFrameworkFacade;
     private final TelephonyUtil mTelephonyUtil;
+    private final WifiKeyStore mWifiKeyStore;
 
     /**
      * Per app meta data to store network suggestions, status, etc for each app providing network
@@ -232,6 +233,10 @@ public class WifiNetworkSuggestionsManager {
             this.wns = wns;
             this.perAppInfo = perAppInfo;
             this.isAutojoinEnabled = isAutoJoinEnabled;
+            this.wns.wifiConfiguration.fromWifiNetworkSuggestion = true;
+            this.wns.wifiConfiguration.ephemeral = true;
+            this.wns.wifiConfiguration.creatorName = perAppInfo.packageName;
+            this.wns.wifiConfiguration.creatorUid = perAppInfo.uid;
         }
 
         @Override
@@ -274,8 +279,6 @@ public class WifiNetworkSuggestionsManager {
          */
         public WifiConfiguration createInternalWifiConfiguration() {
             WifiConfiguration config = new WifiConfiguration(wns.getWifiConfiguration());
-            config.ephemeral = true;
-            config.fromWifiNetworkSuggestion = true;
             config.allowAutojoin = isAutojoinEnabled;
             config.trusted = !wns.isNetworkUntrusted;
             return config;
@@ -531,7 +534,8 @@ public class WifiNetworkSuggestionsManager {
                                          WifiConfigManager wifiConfigManager,
                                          WifiConfigStore wifiConfigStore,
                                          WifiMetrics wifiMetrics,
-                                         TelephonyUtil telephonyUtil) {
+                                         TelephonyUtil telephonyUtil,
+                                         WifiKeyStore keyStore) {
         mContext = context;
         mResources = context.getResources();
         mHandler = handler;
@@ -545,6 +549,7 @@ public class WifiNetworkSuggestionsManager {
         mWifiConfigManager = wifiConfigManager;
         mWifiMetrics = wifiMetrics;
         mTelephonyUtil = telephonyUtil;
+        mWifiKeyStore = keyStore;
 
         // register the data store for serializing/deserializing data.
         wifiConfigStore.registerStoreData(
@@ -814,6 +819,13 @@ public class WifiNetworkSuggestionsManager {
                 if (carrierId != TelephonyManager.UNKNOWN_CARRIER_ID) {
                     ewns.wns.wifiConfiguration.carrierId = carrierId;
                 }
+                if (ewns.wns.wifiConfiguration.isEnterprise()) {
+                    if (!mWifiKeyStore.updateNetworkKeys(ewns.wns.wifiConfiguration, null)) {
+                        Log.e(TAG, "Enterprise network install failure for SSID: "
+                                + ewns.wns.wifiConfiguration.SSID);
+                        continue;
+                    }
+                }
                 addToScanResultMatchInfoMap(ewns);
             } else {
                 if (carrierId != TelephonyManager.UNKNOWN_CARRIER_ID) {
@@ -824,7 +836,8 @@ public class WifiNetworkSuggestionsManager {
                 if (!mWifiInjector.getPasspointManager().addOrUpdateProvider(
                         ewns.wns.passpointConfiguration, uid,
                         packageName, true, !ewns.wns.isNetworkUntrusted)) {
-                    Log.e(TAG, "Passpoint profile install failure.");
+                    Log.e(TAG, "Passpoint profile install failure for FQDN: "
+                            + ewns.wns.wifiConfiguration.FQDN);
                     continue;
                 }
                 addToPasspointInfoMap(ewns);
@@ -958,6 +971,9 @@ public class WifiNetworkSuggestionsManager {
                         ewns.wns.passpointConfiguration.getUniqueId(), null);
                 removeFromPassPointInfoMap(ewns);
             } else {
+                if (ewns.wns.wifiConfiguration.isEnterprise()) {
+                    mWifiKeyStore.removeKeys(ewns.wns.wifiConfiguration.enterpriseConfig);
+                }
                 removeFromScanResultMatchInfoMapAndRemoveRelatedScoreCard(ewns);
             }
         }