Merge "[DO NOT MERGE] EAP-TLS PMKID mismatch error" into mnc-dr-dev am: e8e62c91f8

am: 0b14bbb35f

* commit '0b14bbb35f1561e7ab529e32fe529a041610cc68':
  [DO NOT MERGE] EAP-TLS PMKID mismatch error

3 files changed, 51 insertions, 4 deletions

diff --git a/service/java/com/android/server/wifi/WifiConfigStore.java b/service/java/com/android/server/wifi/WifiConfigStore.java
index a7c63d4f0..d40b8756c 100644
--- a/service/java/com/android/server/wifi/WifiConfigStore.java
+++ b/service/java/com/android/server/wifi/WifiConfigStore.java
@@ -469,7 +469,7 @@ public class WifiConfigStore extends IpConfigStore {
             WifiEnterpriseConfig.CA_CERT_KEY, WifiEnterpriseConfig.SUBJECT_MATCH_KEY,
             WifiEnterpriseConfig.ENGINE_KEY, WifiEnterpriseConfig.ENGINE_ID_KEY,
             WifiEnterpriseConfig.PRIVATE_KEY_ID_KEY, WifiEnterpriseConfig.ALTSUBJECT_MATCH_KEY,
-            WifiEnterpriseConfig.DOM_SUFFIX_MATCH_KEY
+            WifiEnterpriseConfig.DOM_SUFFIX_MATCH_KEY, WifiEnterpriseConfig.PHASE1_KEY
     };
 
 
@@ -1792,7 +1792,7 @@ public class WifiConfigStore extends IpConfigStore {
         mLastPriority = 0;
 
         mConfiguredNetworks.clear();
-
+        List<WifiConfiguration> configTlsResetList = new ArrayList<WifiConfiguration>();
         int last_id = -1;
         boolean done = false;
         while (!done) {
@@ -1861,6 +1861,14 @@ public class WifiConfigStore extends IpConfigStore {
                     if (showNetworks) log("Ignoring loaded configured for network " + config.networkId
                         + " because config are not valid");
                 }
+
+                if (config != null && config.enterpriseConfig != null &&
+                        config.enterpriseConfig.getEapMethod() < WifiEnterpriseConfig.Eap.PWD) {
+                    if (!config.enterpriseConfig.getTls12Enable()) {
+                        //re-enable the TLS1.2 every time when load the network
+                        configTlsResetList.add(config);
+                    }
+                }
             }
 
             done = (lines.length == 1);
@@ -1884,6 +1892,12 @@ public class WifiConfigStore extends IpConfigStore {
             logContents(SUPPLICANT_CONFIG_FILE_BACKUP);
             logContents(networkHistoryConfigFile);
         }
+
+        //reset TLS default to 1.2
+        for (WifiConfiguration config : configTlsResetList) {
+            config.enterpriseConfig.setTls12Enable(true);
+            addOrUpdateNetwork(config, WifiConfiguration.UNKNOWN_UID);
+        }
     }
 
     private void logContents(String file) {
diff --git a/service/java/com/android/server/wifi/WifiMonitor.java b/service/java/com/android/server/wifi/WifiMonitor.java
index 9758d5769..ffca502d4 100644
--- a/service/java/com/android/server/wifi/WifiMonitor.java
+++ b/service/java/com/android/server/wifi/WifiMonitor.java
@@ -230,6 +230,10 @@ public class WifiMonitor {
     private static final String BSS_REMOVED_STR = "BSS-REMOVED";
 
     /**
+     * This indicate supplicant encounter RSN PMKID mismatch error
+     */
+    private static final String RSN_PMKID_STR = "RSN: PMKID mismatch";
+    /**
      * Regex pattern for extracting an Ethernet-style MAC address from a string.
      * Matches a strings like the following:<pre>
      * CTRL-EVENT-CONNECTED - Connection to 00:1e:58:ec:d5:6d completed (reauth) [id=1 id_str=]</pre>
@@ -502,6 +506,7 @@ public class WifiMonitor {
     public static final int HS20_REMEDIATION_EVENT               = BASE + 61;
     public static final int HS20_DEAUTH_EVENT                    = BASE + 62;
 
+    public static final int RSN_PMKID_MISMATCH_EVENT             = BASE + 63;
     /**
      * This indicates a read error on the monitor socket conenction
      */
@@ -829,6 +834,8 @@ public class WifiMonitor {
             } else if (eventStr.startsWith(AUTH_EVENT_PREFIX_STR) &&
                     eventStr.endsWith(AUTH_TIMEOUT_STR)) {
                 mStateMachine.sendMessage(AUTHENTICATION_FAILURE_EVENT);
+            } else if (eventStr.startsWith(RSN_PMKID_STR)) {
+                mStateMachine.sendMessage(RSN_PMKID_MISMATCH_EVENT);
             } else {
                 if (DBG) Log.w(TAG, "couldn't identify event type - " + eventStr);
             }
diff --git a/service/java/com/android/server/wifi/WifiStateMachine.java b/service/java/com/android/server/wifi/WifiStateMachine.java
index 5e3ef6fcc..8e8678259 100644
--- a/service/java/com/android/server/wifi/WifiStateMachine.java
+++ b/service/java/com/android/server/wifi/WifiStateMachine.java
@@ -212,7 +212,7 @@ public class WifiStateMachine extends StateMachine implements WifiNative.WifiPno
     private int mNumScanResultsReturned;
 
     private boolean mScreenOn = false;
-
+    private int mCurrentAssociateNetworkId = -1;
     /* Chipset supports background scan */
     private final boolean mBackgroundScanSupported;
 
@@ -4054,7 +4054,7 @@ public class WifiStateMachine extends StateMachine implements WifiNative.WifiPno
             synchronized (mScanResultCache) {
                 // AutoJoincontroller will directly acces the scan result list and update it with
                 // ScanResult status
-                mNumScanResultsKnown = mWifiAutoJoinController.newSupplicantResults(attemptAutoJoin);
+                mNumScanResultsKnown = 1mWifiAutoJoinController.newSupplicantResults(attemptAutoJoin);
             }
         }
         if (linkDebouncing) {
@@ -6924,6 +6924,9 @@ public class WifiStateMachine extends StateMachine implements WifiNative.WifiPno
             case WifiMonitor.GAS_QUERY_START_EVENT:
                 s = "WifiMonitor.GAS_QUERY_START_EVENT";
                 break;
+            case WifiMonitor.RSN_PMKID_MISMATCH_EVENT:
+                s =  "WifiMonitor.RSN_PMKID_MISMATCH_EVENT";
+                break;
             case CMD_SET_OPERATIONAL_MODE:
                 s = "CMD_SET_OPERATIONAL_MODE";
                 break;
@@ -7244,6 +7247,13 @@ public class WifiStateMachine extends StateMachine implements WifiNative.WifiPno
                             mIpReachabilityMonitor.probeAll();
                         }
                     }
+
+                    if (state == SupplicantState.ASSOCIATED) {
+                        StateChangeResult stateChangeResult = (StateChangeResult) message.obj;
+                        if (stateChangeResult != null) {
+                            mCurrentAssociateNetworkId = stateChangeResult.networkId;
+                        }
+                    }
                     break;
                 case WifiP2pServiceImpl.DISCONNECT_WIFI_REQUEST:
                     if (message.arg1 == 1) {
@@ -9556,6 +9566,22 @@ public class WifiStateMachine extends StateMachine implements WifiNative.WifiPno
                 case CMD_SCREEN_STATE_CHANGED:
                     handleScreenStateChanged(message.arg1 != 0);
                     break;
+                case WifiMonitor.RSN_PMKID_MISMATCH_EVENT:
+                    //WAR: In release M, there is a TLS bugs for some radius. M upgrade the TLS to
+                    // 1.2. However,some old radius can not support it. So if possibly disconnected
+                    // due to TLS failure, we will toggler the TLS version between 1.1 and 1.2 for
+                    // next retry connection
+                    int nid = mCurrentAssociateNetworkId;
+                    WifiConfiguration currentNet = mWifiConfigStore.getWifiConfiguration(nid);
+                    if (currentNet != null && currentNet.enterpriseConfig != null) {
+                        currentNet.enterpriseConfig.setTls12Enable(
+                                !currentNet.enterpriseConfig.getTls12Enable());
+                        mWifiConfigStore.saveNetwork(currentNet, WifiConfiguration.UNKNOWN_UID);
+                        Log.e(TAG, "NetWork ID =" + nid + " switch to TLS1.2: " +
+                            currentNet.enterpriseConfig.getTls12Enable());
+                    }
+
+                    break;
                 default:
                     ret = NOT_HANDLED;
             }