WifiEnterpriseConfig
open class WifiEnterpriseConfig : Parcelable
| kotlin.Any | |
| ↳ | android.net.wifi.WifiEnterpriseConfig |
Enterprise configuration details for Wi-Fi. Stores details about the EAP method and any associated credentials.
Summary
| Nested classes | |
|---|---|
|
The Extensible Authentication Protocol method used |
|
|
The inner authentication method used |
|
| Constants | |
|---|---|
| static String |
Intent extra: data for WAPI AS certificates |
| static String |
Intent extra: name for WAPI AS certificates |
| static String |
Intent extra: data for WAPI USER certificates |
| static String |
Intent extra: name for WAPI USER certificates |
| static Int |
Constant definition for TLS v1. |
| static Int |
Constant definition for TLS v1. |
| static Int |
Constant definition for TLS v1. |
| static Int |
Constant definition for TLS v1. |
| static String |
Key prefix for WAPI AS certificates. |
| static String |
Key prefix for WAPI user certificates. |
| Inherited constants | |
|---|---|
| Public constructors | |
|---|---|
WifiEnterpriseConfig(source: WifiEnterpriseConfig!)Copy constructor. |
|
| Public methods | |
|---|---|
| open Int | |
| open Unit |
enableTrustOnFirstUse(enable: Boolean)Enable Trust On First Use. |
| open String! |
Get alternate subject match |
| open String! |
Get the anonymous identity |
| open X509Certificate? |
Get CA certificate. |
| open Array<X509Certificate!>? |
Get CA certificates. |
| open X509Certificate! |
Get client certificate |
| open Array<X509Certificate!>? |
Get the complete client certificate chain in the same order as it was last supplied. |
| open String? |
Get KeyChain alias to use for client authentication. |
| open PrivateKey? |
Get the client private key as supplied in |
| open String? |
Get the decorated identity prefix. |
| open String! |
Get the domain_suffix_match value. |
| open Int |
Get the eap method. |
| open String! |
Get the identity |
| open Int |
Get the minimum TLS version for TLS-based EAP methods. |
| open String! |
Get the password. |
| open Int |
Get the phase 2 authentication method. |
| open String! |
getPlmn()Get plmn (Public Land Mobile Network) for Passpoint credential; see |
| open String! |
getRealm()Get realm for Passpoint credential; see |
| open String! |
Get subject match (deprecated) |
| open Boolean |
Indicates whether or not this enterprise config has a CA certificate configured. |
| open Boolean |
Utility method to determine whether the configuration's authentication method is SIM-based. |
| open Boolean |
Determines whether an Enterprise configuration's EAP method requires a Root CA certification to validate the authentication server i. |
| open Boolean |
Determines whether an Enterprise configuration enables server certificate validation. |
| open Boolean |
Indicates whether or not Trust On First Use (TOFU) is enabled. |
| open Unit |
setAltSubjectMatch(altSubjectMatch: String!)Set alternate subject match. |
| open Unit |
setAnonymousIdentity(anonymousIdentity: String!)Set anonymous identity. |
| open Unit |
setCaCertificate(cert: X509Certificate?)Specify a X. |
| open Unit |
setCaCertificates(certs: Array<X509Certificate!>?)Specify a list of X. |
| open Unit |
setClientKeyEntry(privateKey: PrivateKey!, clientCertificate: X509Certificate!)Specify a private key and client certificate for client authorization. |
| open Unit |
setClientKeyEntryWithCertificateChain(privateKey: PrivateKey!, clientCertificateChain: Array<X509Certificate!>!)Specify a private key and client certificate chain for client authorization. |
| open Unit |
setClientKeyPairAlias(alias: String)Specify a key pair via KeyChain alias for client authentication. |
| open Unit |
setDecoratedIdentityPrefix(decoratedIdentityPrefix: String?)Set a prefix for a decorated identity as per RFC 7542. |
| open Unit |
setDomainSuffixMatch(domain: String!)Set the domain_suffix_match directive on wpa_supplicant. |
| open Unit |
setEapMethod(eapMethod: Int)Set the EAP authentication method. |
| open Unit |
setIdentity(identity: String!)Set the identity |
| open Unit |
setMinimumTlsVersion(tlsVersion: Int)Set the minimum TLS version for TLS-based EAP methods. |
| open Unit |
setPassword(password: String!)Set the password. |
| open Unit |
setPhase2Method(phase2Method: Int)Set Phase 2 authentication method. |
| open Unit |
Set plmn (Public Land Mobile Network) of the provider of Passpoint credential |
| open Unit |
Set realm for Passpoint credential; realm identifies a set of networks where your Passpoint credential can be used |
| open Unit |
setSubjectMatch(subjectMatch: String!)Set subject match (deprecated). |
| open String |
toString() |
| open Unit |
writeToParcel(dest: Parcel, flags: Int) |
| Properties | |
|---|---|
| static Parcelable.Creator<WifiEnterpriseConfig!> | |
Constants
EXTRA_WAPI_AS_CERTIFICATE_DATA
static val EXTRA_WAPI_AS_CERTIFICATE_DATA: String
Intent extra: data for WAPI AS certificates
Value: "android.net.wifi.extra.WAPI_AS_CERTIFICATE_DATA"EXTRA_WAPI_AS_CERTIFICATE_NAME
static val EXTRA_WAPI_AS_CERTIFICATE_NAME: String
Intent extra: name for WAPI AS certificates
Value: "android.net.wifi.extra.WAPI_AS_CERTIFICATE_NAME"EXTRA_WAPI_USER_CERTIFICATE_DATA
static val EXTRA_WAPI_USER_CERTIFICATE_DATA: String
Intent extra: data for WAPI USER certificates
Value: "android.net.wifi.extra.WAPI_USER_CERTIFICATE_DATA"EXTRA_WAPI_USER_CERTIFICATE_NAME
static val EXTRA_WAPI_USER_CERTIFICATE_NAME: String
Intent extra: name for WAPI USER certificates
Value: "android.net.wifi.extra.WAPI_USER_CERTIFICATE_NAME"TLS_V1_0
static val TLS_V1_0: Int
Constant definition for TLS v1.0 which is used in setMinimumTlsVersion(int)
Value: 0TLS_V1_1
static val TLS_V1_1: Int
Constant definition for TLS v1.1 which is used in setMinimumTlsVersion(int)
Value: 1TLS_V1_2
static val TLS_V1_2: Int
Constant definition for TLS v1.2 which is used in setMinimumTlsVersion(int)
Value: 2TLS_V1_3
static val TLS_V1_3: Int
Constant definition for TLS v1.3 which is used in setMinimumTlsVersion(int)
Value: 3WAPI_AS_CERTIFICATE
static val WAPI_AS_CERTIFICATE: String
Key prefix for WAPI AS certificates.
Value: "WAPIAS_"WAPI_USER_CERTIFICATE
static val WAPI_USER_CERTIFICATE: String
Key prefix for WAPI user certificates.
Value: "WAPIUSR_"Public constructors
WifiEnterpriseConfig
WifiEnterpriseConfig(source: WifiEnterpriseConfig!)
Copy constructor. This copies over all the fields verbatim (does not ignore masked password fields).
| Parameters | |
|---|---|
source |
WifiEnterpriseConfig!: Source WifiEnterpriseConfig object. |
Public methods
describeContents
open fun describeContents(): Int
| Return | |
|---|---|
Int |
a bitmask indicating the set of special object types marshaled by this Parcelable object instance. Value is either 0 or android.os.Parcelable#CONTENTS_FILE_DESCRIPTOR |
enableTrustOnFirstUse
open fun enableTrustOnFirstUse(enable: Boolean): Unit
Enable Trust On First Use. Trust On First Use (TOFU) simplifies manual or partial configurations of TLS-based EAP networks. TOFU operates by installing the Root CA cert which is received from the server during an initial connection to a new network. Such installation is gated by user approval. Use only when it is not possible to configure the Root CA cert for the server.
Note: If a Root CA cert is already configured, this option is ignored, e.g. if setCaCertificate(java.security.cert.X509Certificate), or setCaCertificates(java.security.cert.X509Certificate[]) is called.
| Parameters | |
|---|---|
enable |
Boolean: true to enable; false otherwise (the default if the method is not called). |
getAltSubjectMatch
open fun getAltSubjectMatch(): String!
Get alternate subject match
| Return | |
|---|---|
String! |
the alternate subject match string |
getAnonymousIdentity
open fun getAnonymousIdentity(): String!
Get the anonymous identity
| Return | |
|---|---|
String! |
anonymous identity |
getCaCertificate
open fun getCaCertificate(): X509Certificate?
Get CA certificate. If multiple CA certificates are configured previously, return the first one.
| Return | |
|---|---|
X509Certificate? |
X.509 CA certificate This value may be null. |
getCaCertificates
open fun getCaCertificates(): Array<X509Certificate!>?
Get CA certificates.
| Return | |
|---|---|
Array<X509Certificate!>? |
This value may be null. |
getClientCertificate
open fun getClientCertificate(): X509Certificate!
Get client certificate
| Return | |
|---|---|
X509Certificate! |
X.509 client certificate |
getClientCertificateChain
open fun getClientCertificateChain(): Array<X509Certificate!>?
Get the complete client certificate chain in the same order as it was last supplied.
If the chain was last supplied by a call to setClientKeyEntry(java.security.PrivateKey,java.security.cert.X509Certificate) with a non-null * certificate instance, a single-element array containing the certificate will be * returned. If setClientKeyEntryWithCertificateChain(java.security.PrivateKey,java.security.cert.X509Certificate[]) was last called with a non-empty array, this array will be returned in the same order as it was supplied. Otherwise, null will be returned.
| Return | |
|---|---|
Array<X509Certificate!>? |
X.509 client certificates |
getClientKeyPairAlias
open fun getClientKeyPairAlias(): String?
Get KeyChain alias to use for client authentication.
| Return | |
|---|---|
String? |
This value may be null. |
getClientPrivateKey
open fun getClientPrivateKey(): PrivateKey?
Get the client private key as supplied in setClientKeyEntryWithCertificateChain, or null if unset.
getDecoratedIdentityPrefix
open fun getDecoratedIdentityPrefix(): String?
Get the decorated identity prefix.
| Return | |
|---|---|
String? |
The decorated identity prefix This value may be null. |
getDomainSuffixMatch
open fun getDomainSuffixMatch(): String!
Get the domain_suffix_match value. See setDomSuffixMatch.
| Return | |
|---|---|
String! |
The domain value. |
getEapMethod
open fun getEapMethod(): Int
Get the eap method.
| Return | |
|---|---|
Int |
eap method configured |
getIdentity
open fun getIdentity(): String!
Get the identity
| Return | |
|---|---|
String! |
the identity |
getMinimumTlsVersion
open fun getMinimumTlsVersion(): Int
Get the minimum TLS version for TLS-based EAP methods.
getPassword
open fun getPassword(): String!
Get the password. Returns locally set password value. For networks fetched from framework, returns "*".
getPhase2Method
open fun getPhase2Method(): Int
Get the phase 2 authentication method.
| Return | |
|---|---|
Int |
a phase 2 method defined at Phase2 |
getPlmn
open fun getPlmn(): String!
Get plmn (Public Land Mobile Network) for Passpoint credential; see (java.lang.String) for more information
| Return | |
|---|---|
String! |
the plmn |
getRealm
open fun getRealm(): String!
Get realm for Passpoint credential; see setRealm(java.lang.String) for more information
| Return | |
|---|---|
String! |
the realm |
getSubjectMatch
open fungetSubjectMatch(): String!
Deprecated: in favor of altSubjectMatch
Get subject match (deprecated)
| Return | |
|---|---|
String! |
the subject match string |
hasCaCertificate
open fun hasCaCertificate(): Boolean
Indicates whether or not this enterprise config has a CA certificate configured.
isAuthenticationSimBased
open fun isAuthenticationSimBased(): Boolean
Utility method to determine whether the configuration's authentication method is SIM-based.
| Return | |
|---|---|
Boolean |
true if the credential information requires SIM card for current authentication method, otherwise it returns false. |
isEapMethodServerCertUsed
open fun isEapMethodServerCertUsed(): Boolean
Determines whether an Enterprise configuration's EAP method requires a Root CA certification to validate the authentication server i.e. PEAP, TLS, UNAUTH_TLS, or TTLS.
| Return | |
|---|---|
Boolean |
True if configuration requires a CA certification, false otherwise. |
isServerCertValidationEnabled
open fun isServerCertValidationEnabled(): Boolean
Determines whether an Enterprise configuration enables server certificate validation.
The caller can determine, along with isEapMethodServerCertUsed(), if an Enterprise configuration enables server certificate validation, which is a mandatory requirement for networks that use TLS based EAP methods. A configuration that does not enable server certificate validation will be ignored and will not be considered for network selection. A network suggestion with such a configuration will cause an IllegalArgumentException to be thrown when suggested. Server validation is achieved by the following: - Either certificate or CA path is configured. - Either alternative subject match or domain suffix match is set.
| Return | |
|---|---|
Boolean |
True for server certificate validation is enabled, false otherwise. |
| Exceptions | |
|---|---|
java.lang.IllegalStateException |
on configuration which doesn't use server certificate. |
See Also
isTrustOnFirstUseEnabled
open fun isTrustOnFirstUseEnabled(): Boolean
Indicates whether or not Trust On First Use (TOFU) is enabled.
| Return | |
|---|---|
Boolean |
Trust On First Use is enabled or not. |
setAltSubjectMatch
open fun setAltSubjectMatch(altSubjectMatch: String!): Unit
Set alternate subject match. This is the substring to be matched against the alternate subject of the authentication server certificate. Note: If no alternate subject is set for an Enterprise configuration, either by not calling this API, or by calling it with null, or not setting domain suffix match using the setDomainSuffixMatch(java.lang.String), then the server certificate validation is incomplete - which means that the connection is not secure.
| Parameters | |
|---|---|
altSubjectMatch |
String!: substring to be matched, for example DNS:server.example.com;EMAIL:server@example.com |
setAnonymousIdentity
open fun setAnonymousIdentity(anonymousIdentity: String!): Unit
Set anonymous identity. This is used as the unencrypted identity with certain EAP types
| Parameters | |
|---|---|
anonymousIdentity |
String!: the anonymous identity |
setCaCertificate
open fun setCaCertificate(cert: X509Certificate?): Unit
Specify a X.509 certificate that identifies the server.
A default name is automatically assigned to the certificate and used with this configuration. The framework takes care of installing the certificate when the config is saved and removing the certificate when the config is removed. Note: If no certificate is set for an Enterprise configuration, either by not calling this API (or the setCaCertificates(java.security.cert.X509Certificate[]), or by calling it with null, then the server certificate validation is skipped - which means that the connection is not secure.
| Parameters | |
|---|---|
cert |
X509Certificate?: X.509 CA certificate This value may be null. |
| Exceptions | |
|---|---|
java.lang.IllegalArgumentException |
if not a CA certificate |
setCaCertificates
open fun setCaCertificates(certs: Array<X509Certificate!>?): Unit
Specify a list of X.509 certificates that identifies the server. The validation passes if the CA of server certificate matches one of the given certificates.
Default names are automatically assigned to the certificates and used with this configuration. The framework takes care of installing the certificates when the config is saved and removing the certificates when the config is removed. Note: If no certificates are set for an Enterprise configuration, either by not calling this API (or the setCaCertificate(java.security.cert.X509Certificate), or by calling it with null, then the server certificate validation is skipped - which means that the connection is not secure.
| Parameters | |
|---|---|
certs |
Array<X509Certificate!>?: X.509 CA certificates This value may be null. |
| Exceptions | |
|---|---|
java.lang.IllegalArgumentException |
if any of the provided certificates is not a CA certificate, or if too many CA certificates are provided |
setClientKeyEntry
open fun setClientKeyEntry(
privateKey: PrivateKey!,
clientCertificate: X509Certificate!
): Unit
Specify a private key and client certificate for client authorization.
A default name is automatically assigned to the key entry and used with this configuration. The framework takes care of installing the key entry when the config is saved and removing the key entry when the config is removed.
| Parameters | |
|---|---|
privateKey |
PrivateKey!: a PrivateKey instance for the end certificate. |
clientCertificate |
X509Certificate!: an X509Certificate representing the end certificate. |
| Exceptions | |
|---|---|
java.lang.IllegalArgumentException |
for an invalid key or certificate. |
setClientKeyEntryWithCertificateChain
open fun setClientKeyEntryWithCertificateChain(
privateKey: PrivateKey!,
clientCertificateChain: Array<X509Certificate!>!
): Unit
Specify a private key and client certificate chain for client authorization.
A default name is automatically assigned to the key entry and used with this configuration. The framework takes care of installing the key entry when the config is saved and removing the key entry when the config is removed.
| Parameters | |
|---|---|
privateKey |
PrivateKey!: a PrivateKey instance for the end certificate. |
clientCertificateChain |
Array<X509Certificate!>!: an array of X509Certificate instances which starts with end certificate and continues with additional CA certificates necessary to link the end certificate with some root certificate known by the authenticator. |
| Exceptions | |
|---|---|
java.lang.IllegalArgumentException |
for an invalid key or certificate. |
setClientKeyPairAlias
open fun setClientKeyPairAlias(alias: String): Unit
Specify a key pair via KeyChain alias for client authentication. The alias should refer to a key pair in KeyChain that is allowed for WiFi authentication.
| Parameters | |
|---|---|
alias |
String: key pair alias This value cannot be null. |
setDecoratedIdentityPrefix
open fun setDecoratedIdentityPrefix(decoratedIdentityPrefix: String?): Unit
Set a prefix for a decorated identity as per RFC 7542. This prefix must contain a list of realms (could be a list of 1) delimited by a '!' character. e.g. homerealm.example.org! or proxyrealm.example.net!homerealm.example.org! A prefix of "homerealm.example.org!" will generate a decorated identity that looks like: homerealm.example.org!user@otherrealm.example.net Calling with a null parameter will clear the decorated prefix. Note: Caller must verify that the device supports this feature by calling WifiManager#isDecoratedIdentitySupported()
| Parameters | |
|---|---|
decoratedIdentityPrefix |
String?: The prefix to add to the outer/anonymous identity This value may be null. |
setDomainSuffixMatch
open fun setDomainSuffixMatch(domain: String!): Unit
Set the domain_suffix_match directive on wpa_supplicant. This is the parameter to use for Hotspot 2.0 defined matching of AAA server certs per WFA HS2.0 spec, section 7.3.3.2, second paragraph.
From wpa_supplicant documentation:
Constraint for server domain name. If set, this FQDN is used as a suffix match requirement for the AAAserver certificate in SubjectAltName dNSName element(s). If a matching dNSName is found, this constraint is met.
Suffix match here means that the host/domain name is compared one label at a time starting from the top-level domain and all the labels in domain_suffix_match shall be included in the certificate. The certificate may include additional sub-level labels in addition to the required labels.
More than one match string can be provided by using semicolons to separate the strings (e.g., example.org;example.com). When multiple strings are specified, a match with any one of the values is considered a sufficient match for the certificate, i.e., the conditions are ORed ogether.
For example, domain_suffix_match=example.com would match test.example.com but would not match test-example.com. Note: If no domain suffix is set for an Enterprise configuration, either by not calling this API, or by calling it with null, or not setting alternate subject match using the setAltSubjectMatch(java.lang.String), then the server certificate validation is incomplete - which means that the connection is not secure.
| Parameters | |
|---|---|
domain |
String!: The domain value |
setEapMethod
open fun setEapMethod(eapMethod: Int): Unit
Set the EAP authentication method.
| Parameters | |
|---|---|
eapMethod |
Int: is one of Eap, except for Eap#NONE |
| Exceptions | |
|---|---|
java.lang.IllegalArgumentException |
on an invalid eap method |
setIdentity
open fun setIdentity(identity: String!): Unit
Set the identity
| Parameters | |
|---|---|
identity |
String!: |
setMinimumTlsVersion
open fun setMinimumTlsVersion(tlsVersion: Int): Unit
Set the minimum TLS version for TLS-based EAP methods. WifiManager#isTlsMinimumVersionSupported() indicates whether or not a minimum TLS version can be set. If not supported, the minimum TLS version is always TLS v1.0.
WifiManager#isTlsV13Supported() indicates whether or not TLS v1.3 is supported. If requested minimum is not supported, it will default to the maximum supported version.
| Parameters | |
|---|---|
tlsVersion |
Int: the TLS version Value is android.net.wifi.WifiEnterpriseConfig#TLS_V1_0, android.net.wifi.WifiEnterpriseConfig#TLS_V1_1, android.net.wifi.WifiEnterpriseConfig#TLS_V1_2, or android.net.wifi.WifiEnterpriseConfig#TLS_V1_3 |
| Exceptions | |
|---|---|
java.lang.IllegalArgumentException |
if the TLS version is invalid. |
setPassword
open fun setPassword(password: String!): Unit
Set the password.
| Parameters | |
|---|---|
password |
String!: the password |
setPhase2Method
open fun setPhase2Method(phase2Method: Int): Unit
Set Phase 2 authentication method. Sets the inner authentication method to be used in phase 2 after setting up a secure channel
| Parameters | |
|---|---|
phase2Method |
Int: is the inner authentication method and can be one of Phase2 |
| Exceptions | |
|---|---|
java.lang.IllegalArgumentException |
on an invalid phase2 method |
setPlmn
open fun setPlmn(plmn: String!): Unit
Set plmn (Public Land Mobile Network) of the provider of Passpoint credential
| Parameters | |
|---|---|
plmn |
String!: the plmn value derived from mcc (mobile country code) & mnc (mobile network code) |
setRealm
open fun setRealm(realm: String!): Unit
Set realm for Passpoint credential; realm identifies a set of networks where your Passpoint credential can be used
| Parameters | |
|---|---|
realm |
String!: the realm |
setSubjectMatch
open funsetSubjectMatch(subjectMatch: String!): Unit
Deprecated: in favor of altSubjectMatch
Set subject match (deprecated). This is the substring to be matched against the subject of the authentication server certificate.
| Parameters | |
|---|---|
subjectMatch |
String!: substring to be matched |
toString
open fun toString(): String
| Return | |
|---|---|
String |
a string representation of the object. |
writeToParcel
open fun writeToParcel(
dest: Parcel,
flags: Int
): Unit
| Parameters | |
|---|---|
dest |
Parcel: The Parcel in which the object should be written. This value cannot be null. |
flags |
Int: Additional flags about how the object should be written. May be 0 or PARCELABLE_WRITE_RETURN_VALUE. Value is either 0 or a combination of android.os.Parcelable#PARCELABLE_WRITE_RETURN_VALUE, and android.os.Parcelable.PARCELABLE_ELIDE_DUPLICATES |