Scope certs for wifi UID and handle migration
Bug: 8183303
Change-Id: I842c9b0c0d4f2fa42a3fc5b1ac22c28e202ef188
diff --git a/wifi/java/android/net/wifi/WifiConfigStore.java b/wifi/java/android/net/wifi/WifiConfigStore.java
index 2385c24..47f1fbf 100644
--- a/wifi/java/android/net/wifi/WifiConfigStore.java
+++ b/wifi/java/android/net/wifi/WifiConfigStore.java
@@ -1468,6 +1468,8 @@
if (config.enterpriseConfig.migrateOldEapTlsNative(mWifiNative, netId)) {
saveConfig();
}
+
+ config.enterpriseConfig.migrateCerts(mKeyStore);
}
private String removeDoubleQuotes(String string) {
diff --git a/wifi/java/android/net/wifi/WifiEnterpriseConfig.java b/wifi/java/android/net/wifi/WifiEnterpriseConfig.java
index 95ffb1c..f73a13c 100644
--- a/wifi/java/android/net/wifi/WifiEnterpriseConfig.java
+++ b/wifi/java/android/net/wifi/WifiEnterpriseConfig.java
@@ -17,9 +17,9 @@
import android.os.Parcel;
import android.os.Parcelable;
+import android.os.Process;
import android.security.Credentials;
import android.text.TextUtils;
-import android.util.Log;
import com.android.org.bouncycastle.asn1.ASN1InputStream;
import com.android.org.bouncycastle.asn1.ASN1Sequence;
@@ -481,7 +481,7 @@
String caCertName = Credentials.CA_CERTIFICATE + name;
if (mClientCertificate != null) {
byte[] privKeyData = mClientPrivateKey.getEncoded();
- ret = keyStore.importKey(privKeyName, privKeyData);
+ ret = keyStore.importKey(privKeyName, privKeyData, Process.WIFI_UID);
if (ret == false) {
return ret;
}
@@ -489,7 +489,7 @@
ret = putCertInKeyStore(keyStore, userCertName, mClientCertificate);
if (ret == false) {
// Remove private key installed
- keyStore.delKey(privKeyName);
+ keyStore.delKey(privKeyName, Process.WIFI_UID);
return ret;
}
}
@@ -499,8 +499,8 @@
if (ret == false) {
if (mClientCertificate != null) {
// Remove client key+cert
- keyStore.delKey(privKeyName);
- keyStore.delete(userCertName);
+ keyStore.delKey(privKeyName, Process.WIFI_UID);
+ keyStore.delete(userCertName, Process.WIFI_UID);
}
return ret;
}
@@ -525,7 +525,7 @@
Certificate cert) {
try {
byte[] certData = Credentials.convertToPem(cert);
- return keyStore.put(name, certData);
+ return keyStore.put(name, certData, Process.WIFI_UID);
} catch (IOException e1) {
return false;
} catch (CertificateException e2) {
@@ -537,14 +537,14 @@
String client = getFieldValue(CLIENT_CERT_KEY, CLIENT_CERT_PREFIX);
// a valid client certificate is configured
if (!TextUtils.isEmpty(client)) {
- keyStore.delKey(Credentials.USER_PRIVATE_KEY + client);
- keyStore.delete(Credentials.USER_CERTIFICATE + client);
+ keyStore.delKey(Credentials.USER_PRIVATE_KEY + client, Process.WIFI_UID);
+ keyStore.delete(Credentials.USER_CERTIFICATE + client, Process.WIFI_UID);
}
String ca = getFieldValue(CA_CERT_KEY, CA_CERT_PREFIX);
// a valid ca certificate is configured
if (!TextUtils.isEmpty(ca)) {
- keyStore.delete(Credentials.CA_CERTIFICATE + ca);
+ keyStore.delete(Credentials.CA_CERTIFICATE + ca, Process.WIFI_UID);
}
}
@@ -625,6 +625,29 @@
return true;
}
+ /** Migrate certs from global pool to wifi UID if not already done */
+ void migrateCerts(android.security.KeyStore keyStore) {
+ String client = getFieldValue(CLIENT_CERT_KEY, CLIENT_CERT_PREFIX);
+ // a valid client certificate is configured
+ if (!TextUtils.isEmpty(client)) {
+ if (!keyStore.contains(Credentials.USER_PRIVATE_KEY + client, Process.WIFI_UID)) {
+ keyStore.duplicate(Credentials.USER_PRIVATE_KEY + client, -1,
+ Credentials.USER_PRIVATE_KEY + client, Process.WIFI_UID);
+ keyStore.duplicate(Credentials.USER_CERTIFICATE + client, -1,
+ Credentials.USER_CERTIFICATE + client, Process.WIFI_UID);
+ }
+ }
+
+ String ca = getFieldValue(CA_CERT_KEY, CA_CERT_PREFIX);
+ // a valid ca certificate is configured
+ if (!TextUtils.isEmpty(ca)) {
+ if (!keyStore.contains(Credentials.CA_CERTIFICATE + ca, Process.WIFI_UID)) {
+ keyStore.duplicate(Credentials.CA_CERTIFICATE + ca, -1,
+ Credentials.CA_CERTIFICATE + ca, Process.WIFI_UID);
+ }
+ }
+ }
+
private String removeDoubleQuotes(String string) {
int length = string.length();
if ((length > 1) && (string.charAt(0) == '"')