Merge commit 'c91bc62' into merge2
diff --git a/api/current.txt b/api/current.txt
index 6accb34..71dc772 100644
--- a/api/current.txt
+++ b/api/current.txt
@@ -19353,6 +19353,7 @@
method public java.lang.String getAnonymousIdentity();
method public java.security.cert.X509Certificate getCaCertificate();
method public java.security.cert.X509Certificate getClientCertificate();
+ method public java.lang.String getDomSubjectMatch();
method public int getEapMethod();
method public java.lang.String getIdentity();
method public java.lang.String getPassword();
@@ -19364,6 +19365,7 @@
method public void setAnonymousIdentity(java.lang.String);
method public void setCaCertificate(java.security.cert.X509Certificate);
method public void setClientKeyEntry(java.security.PrivateKey, java.security.cert.X509Certificate);
+ method public void setDomSuffixMatch(java.lang.String);
method public void setEapMethod(int);
method public void setIdentity(java.lang.String);
method public void setPassword(java.lang.String);
diff --git a/api/system-current.txt b/api/system-current.txt
index 6c321ad..699025f 100644
--- a/api/system-current.txt
+++ b/api/system-current.txt
@@ -21074,6 +21074,7 @@
method public java.lang.String getAnonymousIdentity();
method public java.security.cert.X509Certificate getCaCertificate();
method public java.security.cert.X509Certificate getClientCertificate();
+ method public java.lang.String getDomSubjectMatch();
method public int getEapMethod();
method public java.lang.String getIdentity();
method public java.lang.String getPassword();
@@ -21085,6 +21086,7 @@
method public void setAnonymousIdentity(java.lang.String);
method public void setCaCertificate(java.security.cert.X509Certificate);
method public void setClientKeyEntry(java.security.PrivateKey, java.security.cert.X509Certificate);
+ method public void setDomSuffixMatch(java.lang.String);
method public void setEapMethod(int);
method public void setIdentity(java.lang.String);
method public void setPassword(java.lang.String);
diff --git a/wifi/java/android/net/wifi/WifiConfiguration.java b/wifi/java/android/net/wifi/WifiConfiguration.java
index c6f2991..802e0d2 100644
--- a/wifi/java/android/net/wifi/WifiConfiguration.java
+++ b/wifi/java/android/net/wifi/WifiConfiguration.java
@@ -953,7 +953,7 @@
if (!TextUtils.isEmpty(FQDN)) {
/* this is passpoint configuration; it must not have an SSID */
if (!TextUtils.isEmpty(SSID)) {
- return "no SSID";
+ return "SSID not expected for Passpoint: '" + SSID + "'";
}
/* this is passpoint configuration; it must have a providerFriendlyName */
if (TextUtils.isEmpty(providerFriendlyName)) {
diff --git a/wifi/java/android/net/wifi/WifiEnterpriseConfig.java b/wifi/java/android/net/wifi/WifiEnterpriseConfig.java
index 6917971..bee07ab 100644
--- a/wifi/java/android/net/wifi/WifiEnterpriseConfig.java
+++ b/wifi/java/android/net/wifi/WifiEnterpriseConfig.java
@@ -56,6 +56,8 @@
/** @hide */
public static final String ALTSUBJECT_MATCH_KEY = "altsubject_match";
/** @hide */
+ public static final String DOM_SUFFIX_MATCH_KEY = "domain_suffix_match";
+ /** @hide */
public static final String OPP_KEY_CACHING = "proactive_key_caching";
/**
* String representing the keystore OpenSSL ENGINE's ID.
@@ -577,6 +579,36 @@
}
/**
+ * Set the domain_suffix_match directive on wpa_supplicant. This is the parameter to use
+ * for Hotspot 2.0 defined matching of AAA server certs per WFA HS2.0 spec, section 7.3.3.2,
+ * second paragraph.
+ *
+ * From wpa_supplicant documentation:
+ * Constraint for server domain name. If set, this FQDN is used as a suffix match requirement
+ * for the AAAserver certificate in SubjectAltName dNSName element(s). If a matching dNSName is
+ * found, this constraint is met. If no dNSName values are present, this constraint is matched
+ * against SubjectName CN using same suffix match comparison.
+ * Suffix match here means that the host/domain name is compared one label at a time starting
+ * from the top-level domain and all the labels in domain_suffix_match shall be included in the
+ * certificate. The certificate may include additional sub-level labels in addition to the
+ * required labels.
+ * For example, domain_suffix_match=example.com would match test.example.com but would not
+ * match test-example.com.
+ * @param domain The domain value
+ */
+ public void setDomSuffixMatch(String domain) {
+ setFieldValue(DOM_SUFFIX_MATCH_KEY, domain);
+ }
+
+ /**
+ * Get the domain_suffix_match value. See setDomSuffixMatch.
+ * @return The domain value.
+ */
+ public String getDomSubjectMatch() {
+ return getFieldValue(DOM_SUFFIX_MATCH_KEY, "");
+ }
+
+ /**
* Set realm for passpoint credential
* @param realm the realm
*/