Added in API level 18

WifiEnterpriseConfig

open class WifiEnterpriseConfig : Parcelable
kotlin.Any
   ↳ android.net.wifi.WifiEnterpriseConfig

Enterprise configuration details for Wi-Fi. Stores details about the EAP method and any associated credentials.

Summary

Nested classes

The Extensible Authentication Protocol method used

The inner authentication method used

Constants
static String

Intent extra: data for WAPI AS certificates

static String

Intent extra: name for WAPI AS certificates

static String

Intent extra: data for WAPI USER certificates

static String

Intent extra: name for WAPI USER certificates

static Int

Constant definition for TLS v1.

static Int

Constant definition for TLS v1.

static Int

Constant definition for TLS v1.

static Int

Constant definition for TLS v1.

static String

Key prefix for WAPI AS certificates.

static String

Key prefix for WAPI user certificates.

Inherited constants
Public constructors

Copy constructor.

Public methods
open Int

open Unit

Enable Trust On First Use.

open String!

Get alternate subject match

open String!

Get the anonymous identity

open X509Certificate?

Get CA certificate.

open Array<X509Certificate!>?

Get CA certificates.

open X509Certificate!

Get client certificate

open Array<X509Certificate!>?

Get the complete client certificate chain in the same order as it was last supplied.

open String?

Get KeyChain alias to use for client authentication.

open PrivateKey?

Get the client private key as supplied in setClientKeyEntryWithCertificateChain, or null if unset.

open String?

Get the decorated identity prefix.

open String!

Get the domain_suffix_match value.

open Int

Get the eap method.

open String!

Get the identity

open Int

Get the minimum TLS version for TLS-based EAP methods.

open String!

Get the password.

open Int

Get the phase 2 authentication method.

open String!

Get plmn (Public Land Mobile Network) for Passpoint credential; see (java.lang.String) for more information

open String!

Get realm for Passpoint credential; see setRealm(java.lang.String) for more information

open String!

Get subject match (deprecated)

open Boolean

Indicates whether or not this enterprise config has a CA certificate configured.

open Boolean

Utility method to determine whether the configuration's authentication method is SIM-based.

open Boolean

Determines whether an Enterprise configuration's EAP method requires a Root CA certification to validate the authentication server i.

open Boolean

Determines whether an Enterprise configuration enables server certificate validation.

open Boolean

Indicates whether or not Trust On First Use (TOFU) is enabled.

open Unit
setAltSubjectMatch(altSubjectMatch: String!)

Set alternate subject match.

open Unit
setAnonymousIdentity(anonymousIdentity: String!)

Set anonymous identity.

open Unit

Specify a X.

open Unit

Specify a list of X.

open Unit
setClientKeyEntry(privateKey: PrivateKey!, clientCertificate: X509Certificate!)

Specify a private key and client certificate for client authorization.

open Unit
setClientKeyEntryWithCertificateChain(privateKey: PrivateKey!, clientCertificateChain: Array<X509Certificate!>!)

Specify a private key and client certificate chain for client authorization.

open Unit

Specify a key pair via KeyChain alias for client authentication.

open Unit
setDecoratedIdentityPrefix(decoratedIdentityPrefix: String?)

Set a prefix for a decorated identity as per RFC 7542.

open Unit

Set the domain_suffix_match directive on wpa_supplicant.

open Unit
setEapMethod(eapMethod: Int)

Set the EAP authentication method.

open Unit
setIdentity(identity: String!)

Set the identity

open Unit

Set the minimum TLS version for TLS-based EAP methods.

open Unit
setPassword(password: String!)

Set the password.

open Unit
setPhase2Method(phase2Method: Int)

Set Phase 2 authentication method.

open Unit
setPlmn(plmn: String!)

Set plmn (Public Land Mobile Network) of the provider of Passpoint credential

open Unit
setRealm(realm: String!)

Set realm for Passpoint credential; realm identifies a set of networks where your Passpoint credential can be used

open Unit
setSubjectMatch(subjectMatch: String!)

Set subject match (deprecated).

open String

open Unit
writeToParcel(dest: Parcel, flags: Int)

Properties
static Parcelable.Creator<WifiEnterpriseConfig!>

Constants

EXTRA_WAPI_AS_CERTIFICATE_DATA

Added in API level 30
static val EXTRA_WAPI_AS_CERTIFICATE_DATA: String

Intent extra: data for WAPI AS certificates

Value: "android.net.wifi.extra.WAPI_AS_CERTIFICATE_DATA"

EXTRA_WAPI_AS_CERTIFICATE_NAME

Added in API level 30
static val EXTRA_WAPI_AS_CERTIFICATE_NAME: String

Intent extra: name for WAPI AS certificates

Value: "android.net.wifi.extra.WAPI_AS_CERTIFICATE_NAME"

EXTRA_WAPI_USER_CERTIFICATE_DATA

Added in API level 30
static val EXTRA_WAPI_USER_CERTIFICATE_DATA: String

Intent extra: data for WAPI USER certificates

Value: "android.net.wifi.extra.WAPI_USER_CERTIFICATE_DATA"

EXTRA_WAPI_USER_CERTIFICATE_NAME

Added in API level 30
static val EXTRA_WAPI_USER_CERTIFICATE_NAME: String

Intent extra: name for WAPI USER certificates

Value: "android.net.wifi.extra.WAPI_USER_CERTIFICATE_NAME"

TLS_V1_0

Added in API level 34
static val TLS_V1_0: Int

Constant definition for TLS v1.0 which is used in setMinimumTlsVersion(int)

Value: 0

TLS_V1_1

Added in API level 34
static val TLS_V1_1: Int

Constant definition for TLS v1.1 which is used in setMinimumTlsVersion(int)

Value: 1

TLS_V1_2

Added in API level 34
static val TLS_V1_2: Int

Constant definition for TLS v1.2 which is used in setMinimumTlsVersion(int)

Value: 2

TLS_V1_3

Added in API level 34
static val TLS_V1_3: Int

Constant definition for TLS v1.3 which is used in setMinimumTlsVersion(int)

Value: 3

WAPI_AS_CERTIFICATE

Added in API level 30
static val WAPI_AS_CERTIFICATE: String

Key prefix for WAPI AS certificates.

Value: "WAPIAS_"

WAPI_USER_CERTIFICATE

Added in API level 30
static val WAPI_USER_CERTIFICATE: String

Key prefix for WAPI user certificates.

Value: "WAPIUSR_"

Public constructors

WifiEnterpriseConfig

Added in API level 18
WifiEnterpriseConfig()

WifiEnterpriseConfig

Added in API level 18
WifiEnterpriseConfig(source: WifiEnterpriseConfig!)

Copy constructor. This copies over all the fields verbatim (does not ignore masked password fields).

Parameters
source WifiEnterpriseConfig!: Source WifiEnterpriseConfig object.

Public methods

describeContents

Added in API level 18
open fun describeContents(): Int
Return
Int a bitmask indicating the set of special object types marshaled by this Parcelable object instance. Value is either 0 or android.os.Parcelable#CONTENTS_FILE_DESCRIPTOR

enableTrustOnFirstUse

Added in API level 33
open fun enableTrustOnFirstUse(enable: Boolean): Unit

Enable Trust On First Use. Trust On First Use (TOFU) simplifies manual or partial configurations of TLS-based EAP networks. TOFU operates by installing the Root CA cert which is received from the server during an initial connection to a new network. Such installation is gated by user approval. Use only when it is not possible to configure the Root CA cert for the server.
Note: If a Root CA cert is already configured, this option is ignored, e.g. if setCaCertificate(java.security.cert.X509Certificate), or setCaCertificates(java.security.cert.X509Certificate[]) is called.

Parameters
enable Boolean: true to enable; false otherwise (the default if the method is not called).

getAltSubjectMatch

Added in API level 23
open fun getAltSubjectMatch(): String!

Get alternate subject match

Return
String! the alternate subject match string

getAnonymousIdentity

Added in API level 18
open fun getAnonymousIdentity(): String!

Get the anonymous identity

Return
String! anonymous identity

getCaCertificate

Added in API level 18
open fun getCaCertificate(): X509Certificate?

Get CA certificate. If multiple CA certificates are configured previously, return the first one.

Return
X509Certificate? X.509 CA certificate This value may be null.

getCaCertificates

Added in API level 24
open fun getCaCertificates(): Array<X509Certificate!>?

Get CA certificates.

Return
Array<X509Certificate!>? This value may be null.

getClientCertificate

Added in API level 18
open fun getClientCertificate(): X509Certificate!

Get client certificate

Return
X509Certificate! X.509 client certificate

getClientCertificateChain

Added in API level 26
open fun getClientCertificateChain(): Array<X509Certificate!>?

Get the complete client certificate chain in the same order as it was last supplied.

If the chain was last supplied by a call to setClientKeyEntry(java.security.PrivateKey,java.security.cert.X509Certificate) with a non-null * certificate instance, a single-element array containing the certificate will be * returned. If setClientKeyEntryWithCertificateChain(java.security.PrivateKey,java.security.cert.X509Certificate[]) was last called with a non-empty array, this array will be returned in the same order as it was supplied. Otherwise, null will be returned.

Return
Array<X509Certificate!>? X.509 client certificates

getClientKeyPairAlias

Added in API level 31
open fun getClientKeyPairAlias(): String?

Get KeyChain alias to use for client authentication.

Return
String? This value may be null.

getClientPrivateKey

Added in API level 30
open fun getClientPrivateKey(): PrivateKey?

Get the client private key as supplied in setClientKeyEntryWithCertificateChain, or null if unset.

getDecoratedIdentityPrefix

Added in API level 31
open fun getDecoratedIdentityPrefix(): String?

Get the decorated identity prefix.

Return
String? The decorated identity prefix This value may be null.

getDomainSuffixMatch

Added in API level 23
open fun getDomainSuffixMatch(): String!

Get the domain_suffix_match value. See setDomSuffixMatch.

Return
String! The domain value.

getEapMethod

Added in API level 18
open fun getEapMethod(): Int

Get the eap method.

Return
Int eap method configured

getIdentity

Added in API level 18
open fun getIdentity(): String!

Get the identity

Return
String! the identity

getMinimumTlsVersion

Added in API level 34
open fun getMinimumTlsVersion(): Int

Get the minimum TLS version for TLS-based EAP methods.

Return
Int the TLS version Value is android.net.wifi.WifiEnterpriseConfig#TLS_V1_0, android.net.wifi.WifiEnterpriseConfig#TLS_V1_1, android.net.wifi.WifiEnterpriseConfig#TLS_V1_2, or android.net.wifi.WifiEnterpriseConfig#TLS_V1_3

getPassword

Added in API level 18
open fun getPassword(): String!

Get the password. Returns locally set password value. For networks fetched from framework, returns "*".

getPhase2Method

Added in API level 18
open fun getPhase2Method(): Int

Get the phase 2 authentication method.

Return
Int a phase 2 method defined at Phase2

getPlmn

Added in API level 23
open fun getPlmn(): String!

Get plmn (Public Land Mobile Network) for Passpoint credential; see (java.lang.String) for more information

Return
String! the plmn

getRealm

Added in API level 23
open fun getRealm(): String!

Get realm for Passpoint credential; see setRealm(java.lang.String) for more information

Return
String! the realm

getSubjectMatch

Added in API level 18
Deprecated in API level 23
open fun getSubjectMatch(): String!

Deprecated: in favor of altSubjectMatch

Get subject match (deprecated)

Return
String! the subject match string

hasCaCertificate

Added in API level 33
open fun hasCaCertificate(): Boolean

Indicates whether or not this enterprise config has a CA certificate configured.

isAuthenticationSimBased

Added in API level 30
open fun isAuthenticationSimBased(): Boolean

Utility method to determine whether the configuration's authentication method is SIM-based.

Return
Boolean true if the credential information requires SIM card for current authentication method, otherwise it returns false.

isEapMethodServerCertUsed

Added in API level 31
open fun isEapMethodServerCertUsed(): Boolean

Determines whether an Enterprise configuration's EAP method requires a Root CA certification to validate the authentication server i.e. PEAP, TLS, UNAUTH_TLS, or TTLS.

Return
Boolean True if configuration requires a CA certification, false otherwise.

isServerCertValidationEnabled

Added in API level 31
open fun isServerCertValidationEnabled(): Boolean

Determines whether an Enterprise configuration enables server certificate validation.

The caller can determine, along with isEapMethodServerCertUsed(), if an Enterprise configuration enables server certificate validation, which is a mandatory requirement for networks that use TLS based EAP methods. A configuration that does not enable server certificate validation will be ignored and will not be considered for network selection. A network suggestion with such a configuration will cause an IllegalArgumentException to be thrown when suggested. Server validation is achieved by the following: - Either certificate or CA path is configured. - Either alternative subject match or domain suffix match is set.

Return
Boolean True for server certificate validation is enabled, false otherwise.
Exceptions
java.lang.IllegalStateException on configuration which doesn't use server certificate.

isTrustOnFirstUseEnabled

Added in API level 33
open fun isTrustOnFirstUseEnabled(): Boolean

Indicates whether or not Trust On First Use (TOFU) is enabled.

Return
Boolean Trust On First Use is enabled or not.

setAltSubjectMatch

Added in API level 23
open fun setAltSubjectMatch(altSubjectMatch: String!): Unit

Set alternate subject match. This is the substring to be matched against the alternate subject of the authentication server certificate. Note: If no alternate subject is set for an Enterprise configuration, either by not calling this API, or by calling it with null, or not setting domain suffix match using the setDomainSuffixMatch(java.lang.String), then the server certificate validation is incomplete - which means that the connection is not secure.

Parameters
altSubjectMatch String!: substring to be matched, for example DNS:server.example.com;EMAIL:server@example.com

setAnonymousIdentity

Added in API level 18
open fun setAnonymousIdentity(anonymousIdentity: String!): Unit

Set anonymous identity. This is used as the unencrypted identity with certain EAP types

Parameters
anonymousIdentity String!: the anonymous identity

setCaCertificate

Added in API level 18
open fun setCaCertificate(cert: X509Certificate?): Unit

Specify a X.509 certificate that identifies the server.

A default name is automatically assigned to the certificate and used with this configuration. The framework takes care of installing the certificate when the config is saved and removing the certificate when the config is removed. Note: If no certificate is set for an Enterprise configuration, either by not calling this API (or the setCaCertificates(java.security.cert.X509Certificate[]), or by calling it with null, then the server certificate validation is skipped - which means that the connection is not secure.

Parameters
cert X509Certificate?: X.509 CA certificate This value may be null.
Exceptions
java.lang.IllegalArgumentException if not a CA certificate

setCaCertificates

Added in API level 24
open fun setCaCertificates(certs: Array<X509Certificate!>?): Unit

Specify a list of X.509 certificates that identifies the server. The validation passes if the CA of server certificate matches one of the given certificates.

Default names are automatically assigned to the certificates and used with this configuration. The framework takes care of installing the certificates when the config is saved and removing the certificates when the config is removed. Note: If no certificates are set for an Enterprise configuration, either by not calling this API (or the setCaCertificate(java.security.cert.X509Certificate), or by calling it with null, then the server certificate validation is skipped - which means that the connection is not secure.

Parameters
certs Array<X509Certificate!>?: X.509 CA certificates This value may be null.
Exceptions
java.lang.IllegalArgumentException if any of the provided certificates is not a CA certificate, or if too many CA certificates are provided

setClientKeyEntry

Added in API level 18
open fun setClientKeyEntry(
    privateKey: PrivateKey!,
    clientCertificate: X509Certificate!
): Unit

Specify a private key and client certificate for client authorization.

A default name is automatically assigned to the key entry and used with this configuration. The framework takes care of installing the key entry when the config is saved and removing the key entry when the config is removed.

Parameters
privateKey PrivateKey!: a PrivateKey instance for the end certificate.
clientCertificate X509Certificate!: an X509Certificate representing the end certificate.
Exceptions
java.lang.IllegalArgumentException for an invalid key or certificate.

setClientKeyEntryWithCertificateChain

Added in API level 26
open fun setClientKeyEntryWithCertificateChain(
    privateKey: PrivateKey!,
    clientCertificateChain: Array<X509Certificate!>!
): Unit

Specify a private key and client certificate chain for client authorization.

A default name is automatically assigned to the key entry and used with this configuration. The framework takes care of installing the key entry when the config is saved and removing the key entry when the config is removed.

Parameters
privateKey PrivateKey!: a PrivateKey instance for the end certificate.
clientCertificateChain Array<X509Certificate!>!: an array of X509Certificate instances which starts with end certificate and continues with additional CA certificates necessary to link the end certificate with some root certificate known by the authenticator.
Exceptions
java.lang.IllegalArgumentException for an invalid key or certificate.

setClientKeyPairAlias

Added in API level 31
open fun setClientKeyPairAlias(alias: String): Unit

Specify a key pair via KeyChain alias for client authentication. The alias should refer to a key pair in KeyChain that is allowed for WiFi authentication.

Parameters
alias String: key pair alias This value cannot be null.

setDecoratedIdentityPrefix

Added in API level 31
open fun setDecoratedIdentityPrefix(decoratedIdentityPrefix: String?): Unit

Set a prefix for a decorated identity as per RFC 7542. This prefix must contain a list of realms (could be a list of 1) delimited by a '!' character. e.g. homerealm.example.org! or proxyrealm.example.net!homerealm.example.org! A prefix of "homerealm.example.org!" will generate a decorated identity that looks like: homerealm.example.org!user@otherrealm.example.net Calling with a null parameter will clear the decorated prefix. Note: Caller must verify that the device supports this feature by calling WifiManager#isDecoratedIdentitySupported()

Parameters
decoratedIdentityPrefix String?: The prefix to add to the outer/anonymous identity This value may be null.

setDomainSuffixMatch

Added in API level 23
open fun setDomainSuffixMatch(domain: String!): Unit

Set the domain_suffix_match directive on wpa_supplicant. This is the parameter to use for Hotspot 2.0 defined matching of AAA server certs per WFA HS2.0 spec, section 7.3.3.2, second paragraph.

From wpa_supplicant documentation:

Constraint for server domain name. If set, this FQDN is used as a suffix match requirement for the AAAserver certificate in SubjectAltName dNSName element(s). If a matching dNSName is found, this constraint is met.

Suffix match here means that the host/domain name is compared one label at a time starting from the top-level domain and all the labels in domain_suffix_match shall be included in the certificate. The certificate may include additional sub-level labels in addition to the required labels.

More than one match string can be provided by using semicolons to separate the strings (e.g., example.org;example.com). When multiple strings are specified, a match with any one of the values is considered a sufficient match for the certificate, i.e., the conditions are ORed ogether.

For example, domain_suffix_match=example.com would match test.example.com but would not match test-example.com. Note: If no domain suffix is set for an Enterprise configuration, either by not calling this API, or by calling it with null, or not setting alternate subject match using the setAltSubjectMatch(java.lang.String), then the server certificate validation is incomplete - which means that the connection is not secure.

Parameters
domain String!: The domain value

setEapMethod

Added in API level 18
open fun setEapMethod(eapMethod: Int): Unit

Set the EAP authentication method.

Parameters
eapMethod Int: is one of Eap, except for Eap#NONE
Exceptions
java.lang.IllegalArgumentException on an invalid eap method

setIdentity

Added in API level 18
open fun setIdentity(identity: String!): Unit

Set the identity

Parameters
identity String!:

setMinimumTlsVersion

Added in API level 34
open fun setMinimumTlsVersion(tlsVersion: Int): Unit

Set the minimum TLS version for TLS-based EAP methods. WifiManager#isTlsMinimumVersionSupported() indicates whether or not a minimum TLS version can be set. If not supported, the minimum TLS version is always TLS v1.0.

WifiManager#isTlsV13Supported() indicates whether or not TLS v1.3 is supported. If requested minimum is not supported, it will default to the maximum supported version.

Parameters
tlsVersion Int: the TLS version Value is android.net.wifi.WifiEnterpriseConfig#TLS_V1_0, android.net.wifi.WifiEnterpriseConfig#TLS_V1_1, android.net.wifi.WifiEnterpriseConfig#TLS_V1_2, or android.net.wifi.WifiEnterpriseConfig#TLS_V1_3
Exceptions
java.lang.IllegalArgumentException if the TLS version is invalid.

setPassword

Added in API level 18
open fun setPassword(password: String!): Unit

Set the password.

Parameters
password String!: the password

setPhase2Method

Added in API level 18
open fun setPhase2Method(phase2Method: Int): Unit

Set Phase 2 authentication method. Sets the inner authentication method to be used in phase 2 after setting up a secure channel

Parameters
phase2Method Int: is the inner authentication method and can be one of Phase2
Exceptions
java.lang.IllegalArgumentException on an invalid phase2 method

setPlmn

Added in API level 23
open fun setPlmn(plmn: String!): Unit

Set plmn (Public Land Mobile Network) of the provider of Passpoint credential

Parameters
plmn String!: the plmn value derived from mcc (mobile country code) & mnc (mobile network code)

setRealm

Added in API level 23
open fun setRealm(realm: String!): Unit

Set realm for Passpoint credential; realm identifies a set of networks where your Passpoint credential can be used

Parameters
realm String!: the realm

setSubjectMatch

Added in API level 18
Deprecated in API level 23
open fun setSubjectMatch(subjectMatch: String!): Unit

Deprecated: in favor of altSubjectMatch

Set subject match (deprecated). This is the substring to be matched against the subject of the authentication server certificate.

Parameters
subjectMatch String!: substring to be matched

toString

Added in API level 18
open fun toString(): String
Return
String a string representation of the object.

writeToParcel

Added in API level 18
open fun writeToParcel(
    dest: Parcel,
    flags: Int
): Unit
Parameters
dest Parcel: The Parcel in which the object should be written. This value cannot be null.
flags Int: Additional flags about how the object should be written. May be 0 or PARCELABLE_WRITE_RETURN_VALUE. Value is either 0 or a combination of android.os.Parcelable#PARCELABLE_WRITE_RETURN_VALUE, and android.os.Parcelable.PARCELABLE_ELIDE_DUPLICATES

Properties

CREATOR

Added in API level 18
static val CREATOR: Parcelable.Creator<WifiEnterpriseConfig!>