diff options
3 files changed, 57 insertions, 78 deletions
diff --git a/wifi/java/android/net/wifi/hotspot2/PasspointConfiguration.java b/wifi/java/android/net/wifi/hotspot2/PasspointConfiguration.java index 4507cc2707d4..d1d1780a25fd 100644 --- a/wifi/java/android/net/wifi/hotspot2/PasspointConfiguration.java +++ b/wifi/java/android/net/wifi/hotspot2/PasspointConfiguration.java @@ -722,7 +722,7 @@ public final class PasspointConfiguration implements Parcelable { if (mSubscriptionUpdate != null && !mSubscriptionUpdate.validate()) { return false; } - return validateForCommonR1andR2(true); + return validateForCommonR1andR2(); } /** @@ -741,17 +741,17 @@ public final class PasspointConfiguration implements Parcelable { if (mSubscriptionUpdate == null || !mSubscriptionUpdate.validate()) { return false; } - return validateForCommonR1andR2(false); + return validateForCommonR1andR2(); } - private boolean validateForCommonR1andR2(boolean isR1) { + private boolean validateForCommonR1andR2() { // Required: PerProviderSubscription/<X+>/HomeSP if (mHomeSp == null || !mHomeSp.validate()) { return false; } // Required: PerProviderSubscription/<X+>/Credential - if (mCredential == null || !mCredential.validate(isR1)) { + if (mCredential == null || !mCredential.validate()) { return false; } diff --git a/wifi/java/android/net/wifi/hotspot2/pps/Credential.java b/wifi/java/android/net/wifi/hotspot2/pps/Credential.java index 9c01d3643c19..65e8b3d9283d 100644 --- a/wifi/java/android/net/wifi/hotspot2/pps/Credential.java +++ b/wifi/java/android/net/wifi/hotspot2/pps/Credential.java @@ -1081,11 +1081,10 @@ public final class Credential implements Parcelable { /** * Validate the configuration data. * - * @param isR1 {@code true} if the configuration is for R1 * @return true on success or false on failure * @hide */ - public boolean validate(boolean isR1) { + public boolean validate() { if (TextUtils.isEmpty(mRealm)) { Log.d(TAG, "Missing realm"); return false; @@ -1098,11 +1097,11 @@ public final class Credential implements Parcelable { // Verify the credential. if (mUserCredential != null) { - if (!verifyUserCredential(isR1)) { + if (!verifyUserCredential()) { return false; } } else if (mCertCredential != null) { - if (!verifyCertCredential(isR1)) { + if (!verifyCertCredential()) { return false; } } else if (mSimCredential != null) { @@ -1143,11 +1142,11 @@ public final class Credential implements Parcelable { /** * Verify user credential. + * If no CA certificate is provided, then the system uses the CAs in the trust store. * - * @param isR1 {@code true} if credential is for R1 * @return true if user credential is valid, false otherwise. */ - private boolean verifyUserCredential(boolean isR1) { + private boolean verifyUserCredential() { if (mUserCredential == null) { Log.d(TAG, "Missing user credential"); return false; @@ -1160,24 +1159,17 @@ public final class Credential implements Parcelable { return false; } - // CA certificate is required for R1 Passpoint profile. - // For R2, it is downloaded using cert URL provided in PPS MO after validation completes. - if (isR1 && mCaCertificates == null) { - Log.d(TAG, "Missing CA Certificate for user credential"); - return false; - } - return true; } /** * Verify certificate credential, which is used for EAP-TLS. This will verify * that the necessary client key and certificates are provided. + * If no CA certificate is provided, then the system uses the CAs in the trust store. * - * @param isR1 {@code true} if credential is for R1 * @return true if certificate credential is valid, false otherwise. */ - private boolean verifyCertCredential(boolean isR1) { + private boolean verifyCertCredential() { if (mCertCredential == null) { Log.d(TAG, "Missing certificate credential"); return false; @@ -1191,13 +1183,6 @@ public final class Credential implements Parcelable { return false; } - // Verify required key and certificates for certificate credential. - // CA certificate is required for R1 Passpoint profile. - // For R2, it is downloaded using cert URL provided in PPS MO after validation completes. - if (isR1 && mCaCertificates == null) { - Log.d(TAG, "Missing CA Certificate for certificate credential"); - return false; - } if (mClientPrivateKey == null) { Log.d(TAG, "Missing client private key for certificate credential"); return false; diff --git a/wifi/tests/src/android/net/wifi/hotspot2/pps/CredentialTest.java b/wifi/tests/src/android/net/wifi/hotspot2/pps/CredentialTest.java index 0a3e989d18f0..c6825822f4cc 100644 --- a/wifi/tests/src/android/net/wifi/hotspot2/pps/CredentialTest.java +++ b/wifi/tests/src/android/net/wifi/hotspot2/pps/CredentialTest.java @@ -158,7 +158,7 @@ public class CredentialTest { } /** - * Verify parcel read/write for an user credential. + * Verify parcel read/write for a user credential. * * @throws Exception */ @@ -176,14 +176,14 @@ public class CredentialTest { Credential cred = createCredentialWithUserCredential(); // For R1 validation - assertTrue(cred.validate(true)); + assertTrue(cred.validate()); // For R2 validation - assertTrue(cred.validate(false)); + assertTrue(cred.validate()); } /** - * Verify that an user credential without CA Certificate is invalid. + * Verify that a user credential without CA Certificate is valid. * * @throws Exception */ @@ -192,15 +192,12 @@ public class CredentialTest { Credential cred = createCredentialWithUserCredential(); cred.setCaCertificate(null); - // For R1 validation - assertFalse(cred.validate(true)); - - // For R2 validation - assertTrue(cred.validate(false)); + // Accept a configuration with no CA certificate, the system will use the default cert store + assertTrue(cred.validate()); } /** - * Verify that an user credential with EAP type other than EAP-TTLS is invalid. + * Verify that a user credential with EAP type other than EAP-TTLS is invalid. * * @throws Exception */ @@ -210,15 +207,15 @@ public class CredentialTest { cred.getUserCredential().setEapType(EAPConstants.EAP_TLS); // For R1 validation - assertFalse(cred.validate(true)); + assertFalse(cred.validate()); // For R2 validation - assertFalse(cred.validate(false)); + assertFalse(cred.validate()); } /** - * Verify that an user credential without realm is invalid. + * Verify that a user credential without realm is invalid. * * @throws Exception */ @@ -228,14 +225,14 @@ public class CredentialTest { cred.setRealm(null); // For R1 validation - assertFalse(cred.validate(true)); + assertFalse(cred.validate()); // For R2 validation - assertFalse(cred.validate(false)); + assertFalse(cred.validate()); } /** - * Verify that an user credential without username is invalid. + * Verify that a user credential without username is invalid. * * @throws Exception */ @@ -245,14 +242,14 @@ public class CredentialTest { cred.getUserCredential().setUsername(null); // For R1 validation - assertFalse(cred.validate(true)); + assertFalse(cred.validate()); // For R2 validation - assertFalse(cred.validate(false)); + assertFalse(cred.validate()); } /** - * Verify that an user credential without password is invalid. + * Verify that a user credential without password is invalid. * * @throws Exception */ @@ -262,14 +259,14 @@ public class CredentialTest { cred.getUserCredential().setPassword(null); // For R1 validation - assertFalse(cred.validate(true)); + assertFalse(cred.validate()); // For R2 validation - assertFalse(cred.validate(false)); + assertFalse(cred.validate()); } /** - * Verify that an user credential without auth methoh (non-EAP inner method) is invalid. + * Verify that a user credential without auth methoh (non-EAP inner method) is invalid. * * @throws Exception */ @@ -279,10 +276,10 @@ public class CredentialTest { cred.getUserCredential().setNonEapInnerMethod(null); // For R1 validation - assertFalse(cred.validate(true)); + assertFalse(cred.validate()); // For R2 validation - assertFalse(cred.validate(false)); + assertFalse(cred.validate()); } /** @@ -297,10 +294,10 @@ public class CredentialTest { Credential cred = createCredentialWithCertificateCredential(); // For R1 validation - assertTrue(cred.validate(true)); + assertTrue(cred.validate()); // For R2 validation - assertTrue(cred.validate(true)); + assertTrue(cred.validate()); } /** @@ -313,11 +310,8 @@ public class CredentialTest { Credential cred = createCredentialWithCertificateCredential(); cred.setCaCertificate(null); - // For R1 validation - assertFalse(cred.validate(true)); - - // For R2 validation - assertTrue(cred.validate(false)); + // Accept a configuration with no CA certificate, the system will use the default cert store + assertTrue(cred.validate()); } /** @@ -331,10 +325,10 @@ public class CredentialTest { cred.setClientCertificateChain(null); // For R1 validation - assertFalse(cred.validate(true)); + assertFalse(cred.validate()); // For R2 validation - assertFalse(cred.validate(false)); + assertFalse(cred.validate()); } /** @@ -348,10 +342,10 @@ public class CredentialTest { cred.setClientPrivateKey(null); // For R1 validation - assertFalse(cred.validate(true)); + assertFalse(cred.validate()); // For R2 validation - assertFalse(cred.validate(false)); + assertFalse(cred.validate()); } /** @@ -366,10 +360,10 @@ public class CredentialTest { cred.getCertCredential().setCertSha256Fingerprint(new byte[32]); // For R1 validation - assertFalse(cred.validate(true)); + assertFalse(cred.validate()); // For R2 validation - assertFalse(cred.validate(false)); + assertFalse(cred.validate()); } /** @@ -382,10 +376,10 @@ public class CredentialTest { Credential cred = createCredentialWithSimCredential(); // For R1 validation - assertTrue(cred.validate(true)); + assertTrue(cred.validate()); // For R2 validation - assertTrue(cred.validate(false)); + assertTrue(cred.validate()); } /** @@ -399,10 +393,10 @@ public class CredentialTest { cred.getSimCredential().setEapType(EAPConstants.EAP_AKA); // For R1 validation - assertTrue(cred.validate(true)); + assertTrue(cred.validate()); // For R2 validation - assertTrue(cred.validate(false)); + assertTrue(cred.validate()); } /** @@ -416,10 +410,10 @@ public class CredentialTest { cred.getSimCredential().setEapType(EAPConstants.EAP_AKA_PRIME); // For R1 validation - assertTrue(cred.validate(true)); + assertTrue(cred.validate()); // For R2 validation - assertTrue(cred.validate(false)); + assertTrue(cred.validate()); } /** @@ -433,10 +427,10 @@ public class CredentialTest { cred.getSimCredential().setImsi(null); // For R1 validation - assertFalse(cred.validate(true)); + assertFalse(cred.validate()); // For R2 validation - assertFalse(cred.validate(false)); + assertFalse(cred.validate()); } /** @@ -450,10 +444,10 @@ public class CredentialTest { cred.getSimCredential().setImsi("dummy"); // For R1 validation - assertFalse(cred.validate(true)); + assertFalse(cred.validate()); // For R2 validation - assertFalse(cred.validate(false)); + assertFalse(cred.validate()); } /** @@ -467,14 +461,14 @@ public class CredentialTest { cred.getSimCredential().setEapType(EAPConstants.EAP_TLS); // For R1 validation - assertFalse(cred.validate(true)); + assertFalse(cred.validate()); // For R2 validation - assertFalse(cred.validate(false)); + assertFalse(cred.validate()); } /** - * Verify that a credential contained both an user and a SIM credential is invalid. + * Verify that a credential contained both a user and a SIM credential is invalid. * * @throws Exception */ @@ -488,10 +482,10 @@ public class CredentialTest { cred.setSimCredential(simCredential); // For R1 validation - assertFalse(cred.validate(true)); + assertFalse(cred.validate()); // For R2 validation - assertFalse(cred.validate(false)); + assertFalse(cred.validate()); } /** |