OSDN Git Service

(root) / android-x86 / packages-apps-Settings.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3d8cdb1) | patch
Allow trusted system certificates to be used in EAP network configs
authorSamuel Tan <samueltan@google.com>
Tue, 2 Feb 2016 23:54:37 +0000 (15:54 -0800)
committerSamuel Tan <samueltan@google.com>
Mon, 8 Feb 2016 16:54:42 +0000 (08:54 -0800)
commit2b16cd3920f95b2cd5c2426d81b5e1584ffc682d
tree6a552431856967a120587242f9e79e78a8c0883etree | snapshot
parent3d8cdb10f6103a794e4cb68adb5de03a325d1c8fcommit | diff
Allow trusted system certificates to be used in EAP network configs

Add an option to the "CA certificate" field of the EAP network
configuration menu, "Use system certificates". Choosing this option
will cause the trusted, pre-installed, system CA certificates
to be used to validate EAP servers during the authentication process.
This only applies to EAP-TLS, EAP-TTLS, and EAP-PEAP network
configurations, where the CA certificate option is available.

If the user selects "Use system certificates" and leaves the
"Domain" field empty, display a warning and prevent the
EAP network configuration from being saved. Such a configuration
would be insecure--the user should constrain the domain that
the system certificates can be used to validate.

BUG: 26879191
TEST: 1)  Set up AP connected to test RADIUS server.
TEST: 2)  Generate a self-signed cert (Cert 1)
TEST: 3)  Use Cert 1 to sign another cert (Cert 2) with common name
          "sub1.sub2.domain.com"
TEST: 4)  Setup RADIUS server, and configure it to present Cert 2 to EAP peer.
TEST: 5)  Build angler image with Cert 1 installed in
          /system/etc/security/cacerts/
TEST: 6)  Set up an AP connected to the RADIUS server to broadcast
          a WPA-Enterprise network.
TEST: 7)  On Angler, connect to this WPA-Enterprise network with settings:
            Network name: (AP SSID)
            Security: 802.1x EAP
            EAP method: TLS
            CA certificate: Use system certificates
            Domain: domain.com
            User certificate: (test certificate from RADIUS setup)
            Identity: (identity used for RADIUS setup)
TEST: 8)  Verify that we connect successfully to the AP.
TEST: 9)  Verify that connection still succeeds if Domain is set to
          "sub2.domain.com" and "sub1.sub2.domain.com".
TEST: 10) Verify that connection fails if Domain is set to
          "sub0.sub1.domain.com" and "otherdomain.com".
TEST: 11) Verify that network configuration cannot be saved, and an
          warning message "Must specify a domain" is displayed if Domain
          is left blank in the configuration in step 7
TEST: 12) Verify that the "Do not validate" option still appears in the
          CA certificate dropdown menu.

Change-Id: I346d4d301305719033b84ec4599bf3d57d9d4ee5
res/layout/wifi_dialog.xml diff | blob | history
res/values/strings.xml diff | blob | history
src/com/android/settings/wifi/WifiConfigController.java diff | blob | history
packages/apps/Settings
About OSDN
Find Software
Develop Software
Help