# Print output for @column tags ?> WifiEnterpriseConfig - Android SDK | Android Developers

Most visited

Recently visited

WifiEnterpriseConfig

public class WifiEnterpriseConfig
extends Object implements Parcelable

java.lang.Object
   ↳ android.net.wifi.WifiEnterpriseConfig


Enterprise configuration details for Wi-Fi. Stores details about the EAP method and any associated credentials.

Summary

Nested classes

class WifiEnterpriseConfig.Eap

The Extensible Authentication Protocol method used 

class WifiEnterpriseConfig.Phase2

The inner authentication method used 

Constants

String EXTRA_WAPI_AS_CERTIFICATE_DATA

Intent extra: data for WAPI AS certificates

String EXTRA_WAPI_AS_CERTIFICATE_NAME

Intent extra: name for WAPI AS certificates

String EXTRA_WAPI_USER_CERTIFICATE_DATA

Intent extra: data for WAPI USER certificates

String EXTRA_WAPI_USER_CERTIFICATE_NAME

Intent extra: name for WAPI USER certificates

String WAPI_AS_CERTIFICATE

Key prefix for WAPI AS certificates.

String WAPI_USER_CERTIFICATE

Key prefix for WAPI user certificates.

Inherited constants

Fields

public static final Creator<WifiEnterpriseConfig> CREATOR

Public constructors

WifiEnterpriseConfig()
WifiEnterpriseConfig(WifiEnterpriseConfig source)

Copy constructor.

Public methods

int describeContents()

Describe the kinds of special objects contained in this Parcelable instance's marshaled representation.

String getAltSubjectMatch()

Get alternate subject match

String getAnonymousIdentity()

Get the anonymous identity

X509Certificate getCaCertificate()

Get CA certificate.

X509Certificate[] getCaCertificates()

Get CA certificates.

X509Certificate getClientCertificate()

Get client certificate

X509Certificate[] getClientCertificateChain()

Get the complete client certificate chain in the same order as it was last supplied.

String getClientKeyPairAlias()

Get KeyChain alias to use for client authentication.

PrivateKey getClientPrivateKey()

Get the client private key as supplied in setClientKeyEntryWithCertificateChain(PrivateKey, X509Certificate[]), or null if unset.

String getDecoratedIdentityPrefix()

Get the decorated identity prefix.

String getDomainSuffixMatch()

Get the domain_suffix_match value.

int getEapMethod()

Get the eap method.

String getIdentity()

Get the identity

String getPassword()

Get the password.

int getPhase2Method()

Get the phase 2 authentication method.

String getPlmn()

Get plmn (Public Land Mobile Network) for Passpoint credential; see (java.lang.String) for more information

String getRealm()

Get realm for Passpoint credential; see setRealm(java.lang.String) for more information

String getSubjectMatch()

This method is deprecated. in favor of altSubjectMatch

boolean isAuthenticationSimBased()

Utility method to determine whether the configuration's authentication method is SIM-based.

boolean isEapMethodServerCertUsed()

Determines whether an Enterprise configuration's EAP method requires a Root CA certification to validate the authentication server i.e.

boolean isServerCertValidationEnabled()

Determines whether an Enterprise configuration enables server certificate validation.

void setAltSubjectMatch(String altSubjectMatch)

Set alternate subject match.

void setAnonymousIdentity(String anonymousIdentity)

Set anonymous identity.

void setCaCertificate(X509Certificate cert)

Specify a X.509 certificate that identifies the server.

void setCaCertificates(X509Certificate[] certs)

Specify a list of X.509 certificates that identifies the server.

void setClientKeyEntry(PrivateKey privateKey, X509Certificate clientCertificate)

Specify a private key and client certificate for client authorization.

void setClientKeyEntryWithCertificateChain(PrivateKey privateKey, X509Certificate[] clientCertificateChain)

Specify a private key and client certificate chain for client authorization.

void setClientKeyPairAlias(String alias)

Specify a key pair via KeyChain alias for client authentication.

void setDecoratedIdentityPrefix(String decoratedIdentityPrefix)

Set a prefix for a decorated identity as per RFC 7542.

void setDomainSuffixMatch(String domain)

Set the domain_suffix_match directive on wpa_supplicant.

void setEapMethod(int eapMethod)

Set the EAP authentication method.

void setIdentity(String identity)

Set the identity

void setPassword(String password)

Set the password.

void setPhase2Method(int phase2Method)

Set Phase 2 authentication method.

void setPlmn(String plmn)

Set plmn (Public Land Mobile Network) of the provider of Passpoint credential

void setRealm(String realm)

Set realm for Passpoint credential; realm identifies a set of networks where your Passpoint credential can be used

void setSubjectMatch(String subjectMatch)

This method is deprecated. in favor of altSubjectMatch

String toString()

Returns a string representation of the object.

void writeToParcel(Parcel dest, int flags)

Flatten this object in to a Parcel.

Inherited methods

Constants

EXTRA_WAPI_AS_CERTIFICATE_DATA

public static final String EXTRA_WAPI_AS_CERTIFICATE_DATA

Intent extra: data for WAPI AS certificates

Constant Value: "android.net.wifi.extra.WAPI_AS_CERTIFICATE_DATA"

EXTRA_WAPI_AS_CERTIFICATE_NAME

public static final String EXTRA_WAPI_AS_CERTIFICATE_NAME

Intent extra: name for WAPI AS certificates

Constant Value: "android.net.wifi.extra.WAPI_AS_CERTIFICATE_NAME"

EXTRA_WAPI_USER_CERTIFICATE_DATA

public static final String EXTRA_WAPI_USER_CERTIFICATE_DATA

Intent extra: data for WAPI USER certificates

Constant Value: "android.net.wifi.extra.WAPI_USER_CERTIFICATE_DATA"

EXTRA_WAPI_USER_CERTIFICATE_NAME

public static final String EXTRA_WAPI_USER_CERTIFICATE_NAME

Intent extra: name for WAPI USER certificates

Constant Value: "android.net.wifi.extra.WAPI_USER_CERTIFICATE_NAME"

WAPI_AS_CERTIFICATE

public static final String WAPI_AS_CERTIFICATE

Key prefix for WAPI AS certificates.

Constant Value: "WAPIAS_"

WAPI_USER_CERTIFICATE

public static final String WAPI_USER_CERTIFICATE

Key prefix for WAPI user certificates.

Constant Value: "WAPIUSR_"

Fields

CREATOR

public static final Creator<WifiEnterpriseConfig> CREATOR

Public constructors

WifiEnterpriseConfig

public WifiEnterpriseConfig ()

WifiEnterpriseConfig

public WifiEnterpriseConfig (WifiEnterpriseConfig source)

Copy constructor. This copies over all the fields verbatim (does not ignore masked password fields).

Parameters
source WifiEnterpriseConfig: Source WifiEnterpriseConfig object.

Public methods

describeContents

public int describeContents ()

Describe the kinds of special objects contained in this Parcelable instance's marshaled representation. For example, if the object will include a file descriptor in the output of writeToParcel(android.os.Parcel, int), the return value of this method must include the CONTENTS_FILE_DESCRIPTOR bit.

Returns
int a bitmask indicating the set of special object types marshaled by this Parcelable object instance. Value is either 0 or CONTENTS_FILE_DESCRIPTOR

getAltSubjectMatch

public String getAltSubjectMatch ()

Get alternate subject match

Returns
String the alternate subject match string

getAnonymousIdentity

public String getAnonymousIdentity ()

Get the anonymous identity

Returns
String anonymous identity

getCaCertificate

public X509Certificate getCaCertificate ()

Get CA certificate. If multiple CA certificates are configured previously, return the first one.

Returns
X509Certificate X.509 CA certificate This value may be null.

getCaCertificates

public X509Certificate[] getCaCertificates ()

Get CA certificates.

Returns
X509Certificate[] This value may be null.

getClientCertificate

public X509Certificate getClientCertificate ()

Get client certificate

Returns
X509Certificate X.509 client certificate

getClientCertificateChain

public X509Certificate[] getClientCertificateChain ()

Get the complete client certificate chain in the same order as it was last supplied.

If the chain was last supplied by a call to setClientKeyEntry(java.security.PrivateKey, java.security.cert.X509Certificate) with a non-null * certificate instance, a single-element array containing the certificate will be * returned. If setClientKeyEntryWithCertificateChain(java.security.PrivateKey, java.security.cert.X509Certificate[]) was last called with a non-empty array, this array will be returned in the same order as it was supplied. Otherwise, null will be returned.

Returns
X509Certificate[] X.509 client certificates

getClientKeyPairAlias

public String getClientKeyPairAlias ()

Get KeyChain alias to use for client authentication.

Returns
String This value may be null.

getClientPrivateKey

public PrivateKey getClientPrivateKey ()

Get the client private key as supplied in setClientKeyEntryWithCertificateChain(PrivateKey, X509Certificate[]), or null if unset.

Returns
PrivateKey

getDecoratedIdentityPrefix

public String getDecoratedIdentityPrefix ()

Get the decorated identity prefix.

Returns
String The decorated identity prefix This value may be null.

getDomainSuffixMatch

public String getDomainSuffixMatch ()

Get the domain_suffix_match value. See setDomSuffixMatch.

Returns
String The domain value.

getEapMethod

public int getEapMethod ()

Get the eap method.

Returns
int eap method configured

getIdentity

public String getIdentity ()

Get the identity

Returns
String the identity

getPassword

public String getPassword ()

Get the password. Returns locally set password value. For networks fetched from framework, returns "*".

Returns
String

getPhase2Method

public int getPhase2Method ()

Get the phase 2 authentication method.

Returns
int a phase 2 method defined at Phase2

getPlmn

public String getPlmn ()

Get plmn (Public Land Mobile Network) for Passpoint credential; see (java.lang.String) for more information

Returns
String the plmn

getRealm

public String getRealm ()

Get realm for Passpoint credential; see setRealm(java.lang.String) for more information

Returns
String the realm

getSubjectMatch

public String getSubjectMatch ()

This method is deprecated.
in favor of altSubjectMatch

Get subject match (deprecated)

Returns
String the subject match string

isAuthenticationSimBased

public boolean isAuthenticationSimBased ()

Utility method to determine whether the configuration's authentication method is SIM-based.

Returns
boolean true if the credential information requires SIM card for current authentication method, otherwise it returns false.

isEapMethodServerCertUsed

public boolean isEapMethodServerCertUsed ()

Determines whether an Enterprise configuration's EAP method requires a Root CA certification to validate the authentication server i.e. PEAP, TLS, or TTLS.

Returns
boolean True if configuration requires a CA certification, false otherwise.

isServerCertValidationEnabled

public boolean isServerCertValidationEnabled ()

Determines whether an Enterprise configuration enables server certificate validation.

The caller can determine, along with isEapMethodServerCertUsed(), if an Enterprise configuration enables server certificate validation, which is a mandatory requirement for networks that use TLS based EAP methods. A configuration that does not enable server certificate validation will be ignored and will not be considered for network selection. A network suggestion with such a configuration will cause an IllegalArgumentException to be thrown when suggested. Server validation is achieved by the following: - Either certificate or CA path is configured. - Either alternative subject match or domain suffix match is set.

Returns
boolean True for server certificate validation is enabled, false otherwise.

Throws
IllegalStateException on configuration which doesn't use server certificate.

See also:

setAltSubjectMatch

public void setAltSubjectMatch (String altSubjectMatch)

Set alternate subject match. This is the substring to be matched against the alternate subject of the authentication server certificate. Note: If no alternate subject is set for an Enterprise configuration, either by not calling this API, or by calling it with null, or not setting domain suffix match using the setDomainSuffixMatch(java.lang.String), then the server certificate validation is incomplete - which means that the connection is not secure.

Parameters
altSubjectMatch String: substring to be matched, for example DNS:server.example.com;EMAIL:server@example.com

setAnonymousIdentity

public void setAnonymousIdentity (String anonymousIdentity)

Set anonymous identity. This is used as the unencrypted identity with certain EAP types

Parameters
anonymousIdentity String: the anonymous identity

setCaCertificate

public void setCaCertificate (X509Certificate cert)

Specify a X.509 certificate that identifies the server.

A default name is automatically assigned to the certificate and used with this configuration. The framework takes care of installing the certificate when the config is saved and removing the certificate when the config is removed. Note: If no certificate is set for an Enterprise configuration, either by not calling this API (or the setCaCertificates(java.security.cert.X509Certificate[]), or by calling it with null, then the server certificate validation is skipped - which means that the connection is not secure.

Parameters
cert X509Certificate: X.509 CA certificate This value may be null.

Throws
IllegalArgumentException if not a CA certificate

setCaCertificates

public void setCaCertificates (X509Certificate[] certs)

Specify a list of X.509 certificates that identifies the server. The validation passes if the CA of server certificate matches one of the given certificates.

Default names are automatically assigned to the certificates and used with this configuration. The framework takes care of installing the certificates when the config is saved and removing the certificates when the config is removed. Note: If no certificates are set for an Enterprise configuration, either by not calling this API (or the setCaCertificate(java.security.cert.X509Certificate), or by calling it with null, then the server certificate validation is skipped - which means that the connection is not secure.

Parameters
certs X509Certificate: X.509 CA certificates This value may be null.

Throws
IllegalArgumentException if any of the provided certificates is not a CA certificate

setClientKeyEntry

public void setClientKeyEntry (PrivateKey privateKey, 
                X509Certificate clientCertificate)

Specify a private key and client certificate for client authorization.

A default name is automatically assigned to the key entry and used with this configuration. The framework takes care of installing the key entry when the config is saved and removing the key entry when the config is removed.

Parameters
privateKey PrivateKey: a PrivateKey instance for the end certificate.

clientCertificate X509Certificate: an X509Certificate representing the end certificate.

Throws
IllegalArgumentException for an invalid key or certificate.

setClientKeyEntryWithCertificateChain

public void setClientKeyEntryWithCertificateChain (PrivateKey privateKey, 
                X509Certificate[] clientCertificateChain)

Specify a private key and client certificate chain for client authorization.

A default name is automatically assigned to the key entry and used with this configuration. The framework takes care of installing the key entry when the config is saved and removing the key entry when the config is removed.

Parameters
privateKey PrivateKey: a PrivateKey instance for the end certificate.

clientCertificateChain X509Certificate: an array of X509Certificate instances which starts with end certificate and continues with additional CA certificates necessary to link the end certificate with some root certificate known by the authenticator.

Throws
IllegalArgumentException for an invalid key or certificate.

setClientKeyPairAlias

public void setClientKeyPairAlias (String alias)

Specify a key pair via KeyChain alias for client authentication. The alias should refer to a key pair in KeyChain that is allowed for WiFi authentication.

Parameters
alias String: key pair alias This value cannot be null.

See also:

setDecoratedIdentityPrefix

public void setDecoratedIdentityPrefix (String decoratedIdentityPrefix)

Set a prefix for a decorated identity as per RFC 7542. This prefix must contain a list of realms (could be a list of 1) delimited by a '!' character. e.g. homerealm.example.org! or proxyrealm.example.net!homerealm.example.org! A prefix of "homerealm.example.org!" will generate a decorated identity that looks like: homerealm.example.org!user@otherrealm.example.net Calling with a null parameter will clear the decorated prefix. Note: Caller must verify that the device supports this feature by calling WifiManager#isDecoratedIdentitySupported()

Parameters
decoratedIdentityPrefix String: The prefix to add to the outer/anonymous identity This value may be null.

setDomainSuffixMatch

public void setDomainSuffixMatch (String domain)

Set the domain_suffix_match directive on wpa_supplicant. This is the parameter to use for Hotspot 2.0 defined matching of AAA server certs per WFA HS2.0 spec, section 7.3.3.2, second paragraph.

From wpa_supplicant documentation:

Constraint for server domain name. If set, this FQDN is used as a suffix match requirement for the AAAserver certificate in SubjectAltName dNSName element(s). If a matching dNSName is found, this constraint is met.

Suffix match here means that the host/domain name is compared one label at a time starting from the top-level domain and all the labels in domain_suffix_match shall be included in the certificate. The certificate may include additional sub-level labels in addition to the required labels.

More than one match string can be provided by using semicolons to separate the strings (e.g., example.org;example.com). When multiple strings are specified, a match with any one of the values is considered a sufficient match for the certificate, i.e., the conditions are ORed ogether.

For example, domain_suffix_match=example.com would match test.example.com but would not match test-example.com. Note: If no domain suffix is set for an Enterprise configuration, either by not calling this API, or by calling it with null, or not setting alternate subject match using the setAltSubjectMatch(java.lang.String), then the server certificate validation is incomplete - which means that the connection is not secure.

Parameters
domain String: The domain value

setEapMethod

public void setEapMethod (int eapMethod)

Set the EAP authentication method.

Parameters
eapMethod int: is one of Eap, except for Eap#NONE

Throws
IllegalArgumentException on an invalid eap method

setIdentity

public void setIdentity (String identity)

Set the identity

setPassword

public void setPassword (String password)

Set the password.

Parameters
password String: the password

setPhase2Method

public void setPhase2Method (int phase2Method)

Set Phase 2 authentication method. Sets the inner authentication method to be used in phase 2 after setting up a secure channel

Parameters
phase2Method int: is the inner authentication method and can be one of Phase2

Throws
IllegalArgumentException on an invalid phase2 method

setPlmn

public void setPlmn (String plmn)

Set plmn (Public Land Mobile Network) of the provider of Passpoint credential

Parameters
plmn String: the plmn value derived from mcc (mobile country code) & mnc (mobile network code)

setRealm

public void setRealm (String realm)

Set realm for Passpoint credential; realm identifies a set of networks where your Passpoint credential can be used

Parameters
realm String: the realm

setSubjectMatch

public void setSubjectMatch (String subjectMatch)

This method is deprecated.
in favor of altSubjectMatch

Set subject match (deprecated). This is the substring to be matched against the subject of the authentication server certificate.

Parameters
subjectMatch String: substring to be matched

toString

public String toString ()

Returns a string representation of the object. In general, the toString method returns a string that "textually represents" this object. The result should be a concise but informative representation that is easy for a person to read. It is recommended that all subclasses override this method.

The toString method for class Object returns a string consisting of the name of the class of which the object is an instance, the at-sign character `@', and the unsigned hexadecimal representation of the hash code of the object. In other words, this method returns a string equal to the value of:

 getClass().getName() + '@' + Integer.toHexString(hashCode())
 

Returns
String a string representation of the object.

writeToParcel

public void writeToParcel (Parcel dest, 
                int flags)

Flatten this object in to a Parcel.

Parameters
dest Parcel: The Parcel in which the object should be written.

flags int: Additional flags about how the object should be written. May be 0 or Parcelable.PARCELABLE_WRITE_RETURN_VALUE. Value is either 0 or a combination of Parcelable.PARCELABLE_WRITE_RETURN_VALUE, and android.os.Parcelable.PARCELABLE_ELIDE_DUPLICATES