Merge "[WifiEnterpriseConfig] Update javadoc for setCaCert/Path" into rvc-dev

author: TreeHugger Robot <treehugger-gerrit@google.com> 2020-06-19 20:17:59 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2020-06-19 20:17:59 +0000
commit: 4058b3b95072016e7c10764a3e9ea39a43b5c0c3 (patch)
tree: 58bf34cc1f9a12693bcc9ad4736f937ae76eed49 /wifi/java
parent: 5731877f1e5d488eaeda1684c7a80e6999099b8b (diff)
parent: 21f67c5fb03700d470bbbc59e85a62bcdfb2d3fe (diff)
1 files changed, 29 insertions, 1 deletions
diff --git a/wifi/java/android/net/wifi/WifiEnterpriseConfig.java b/wifi/java/android/net/wifi/WifiEnterpriseConfig.java
index 7b86b084baab..abd573f4bea9 100644
--- a/wifi/java/android/net/wifi/WifiEnterpriseConfig.java
+++ b/wifi/java/android/net/wifi/WifiEnterpriseConfig.java
@@ -769,6 +769,10 @@ public class WifiEnterpriseConfig implements Parcelable {
      * certificate when the config is saved and removing the certificate when
      * the config is removed.
      *
+     * Note: If no certificate is set for an Enterprise configuration, either by not calling this
+     * API (or the {@link #setCaCertificates(X509Certificate[])}, or by calling it with null, then
+     * the server certificate validation is skipped - which means that the connection is not secure.
+     *
      * @param cert X.509 CA certificate
      * @throws IllegalArgumentException if not a CA certificate
      */
@@ -808,6 +812,11 @@ public class WifiEnterpriseConfig implements Parcelable {
      * certificates when the config is saved and removing the certificates when
      * the config is removed.
      *
+     * Note: If no certificates are set for an Enterprise configuration, either by not calling this
+     * API (or the {@link #setCaCertificate(X509Certificate)}, or by calling it with null, then the
+     * server certificate validation is skipped - which means that the
+     * connection is not secure.
+     *
      * @param certs X.509 CA certificates
      * @throws IllegalArgumentException if any of the provided certificates is
      *     not a CA certificate
@@ -859,6 +868,13 @@ public class WifiEnterpriseConfig implements Parcelable {
      * like /etc/ssl/certs. If configured, these certificates are added to the
      * list of trusted CAs. ca_cert may also be included in that case, but it is
      * not required.
+     *
+     * Note: If no certificate path is set for an Enterprise configuration, either by not calling
+     * this API, or by calling it with null, and no certificate is set by
+     * {@link #setCaCertificate(X509Certificate)} or {@link #setCaCertificates(X509Certificate[])},
+     * then the server certificate validation is skipped - which means that the connection is not
+     * secure.
+     *
      * @param path The path for CA certificate files, or empty string to clear.
      * @hide
      */
@@ -868,7 +884,7 @@ public class WifiEnterpriseConfig implements Parcelable {
     }
 
     /**
-     * Get the domain_suffix_match value. See setDomSuffixMatch.
+     * Get the ca_path directive from wpa_supplicant.
      * @return The path for CA certificate files, or an empty string if unset.
      * @hide
      */
@@ -1061,6 +1077,12 @@ public class WifiEnterpriseConfig implements Parcelable {
     /**
      * Set alternate subject match. This is the substring to be matched against the
      * alternate subject of the authentication server certificate.
+     *
+     * Note: If no alternate subject is set for an Enterprise configuration, either by not calling
+     * this API, or by calling it with null, or not setting domain suffix match using the
+     * {@link #setDomainSuffixMatch(String)}, then the server certificate validation is incomplete -
+     * which means that the connection is not secure.
+     *
      * @param altSubjectMatch substring to be matched, for example
      *                     DNS:server.example.com;EMAIL:server@example.com
      */
@@ -1095,6 +1117,12 @@ public class WifiEnterpriseConfig implements Parcelable {
      * ORed ogether.
      * <p>For example, domain_suffix_match=example.com would match test.example.com but would not
      * match test-example.com.
+     *
+     * Note: If no domain suffix is set for an Enterprise configuration, either by not calling this
+     * API, or by calling it with null, or not setting alternate subject match using the
+     * {@link #setAltSubjectMatch(String)}, then the server certificate
+     * validation is incomplete - which means that the connection is not secure.
+     *
      * @param domain The domain value
      */
     public void setDomainSuffixMatch(String domain) {
author	TreeHugger Robot <treehugger-gerrit@google.com>	2020-06-19 20:17:59 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2020-06-19 20:17:59 +0000
commit	4058b3b95072016e7c10764a3e9ea39a43b5c0c3 (patch)
tree	58bf34cc1f9a12693bcc9ad4736f937ae76eed49 /wifi/java
parent	5731877f1e5d488eaeda1684c7a80e6999099b8b (diff)
parent	21f67c5fb03700d470bbbc59e85a62bcdfb2d3fe (diff)