Home | History | Annotate | Download | only in settings
      1 /*
      2  * Copyright (C) 2016 The Android Open Source Project
      3  *
      4  * Licensed under the Apache License, Version 2.0 (the "License");
      5  * you may not use this file except in compliance with the License.
      6  * You may obtain a copy of the License at
      7  *
      8  *      http://www.apache.org/licenses/LICENSE-2.0
      9  *
     10  * Unless required by applicable law or agreed to in writing, software
     11  * distributed under the License is distributed on an "AS IS" BASIS,
     12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13  * See the License for the specific language governing permissions and
     14  * limitations under the License.
     15  */
     16 package com.android.settings;
     17 
     18 import android.annotation.NonNull;
     19 import android.app.Activity;
     20 import android.app.AlertDialog;
     21 import android.app.admin.DevicePolicyManager;
     22 import android.content.DialogInterface;
     23 import android.content.pm.UserInfo;
     24 import android.net.http.SslCertificate;
     25 import android.os.UserHandle;
     26 import android.os.UserManager;
     27 import android.view.View;
     28 import android.view.animation.AnimationUtils;
     29 import android.widget.AdapterView;
     30 import android.widget.ArrayAdapter;
     31 import android.widget.Button;
     32 import android.widget.LinearLayout;
     33 import android.widget.Spinner;
     34 
     35 import com.android.internal.widget.LockPatternUtils;
     36 import com.android.settings.TrustedCredentialsSettings.CertHolder;
     37 import com.android.settingslib.RestrictedLockUtils;
     38 
     39 import java.security.cert.X509Certificate;
     40 import java.util.ArrayList;
     41 import java.util.List;
     42 import java.util.function.IntConsumer;
     43 
     44 class TrustedCredentialsDialogBuilder extends AlertDialog.Builder {
     45     public interface DelegateInterface {
     46         List<X509Certificate> getX509CertsFromCertHolder(CertHolder certHolder);
     47         void removeOrInstallCert(CertHolder certHolder);
     48         boolean startConfirmCredentialIfNotConfirmed(int userId,
     49                 IntConsumer onCredentialConfirmedListener);
     50     }
     51 
     52     private final DialogEventHandler mDialogEventHandler;
     53 
     54     public TrustedCredentialsDialogBuilder(Activity activity, DelegateInterface delegate) {
     55         super(activity);
     56         mDialogEventHandler = new DialogEventHandler(activity, delegate);
     57 
     58         initDefaultBuilderParams();
     59     }
     60 
     61     public TrustedCredentialsDialogBuilder setCertHolder(CertHolder certHolder) {
     62         return setCertHolders(certHolder == null ? new CertHolder[0]
     63                 : new CertHolder[]{certHolder});
     64     }
     65 
     66     public TrustedCredentialsDialogBuilder setCertHolders(@NonNull CertHolder[] certHolders) {
     67         mDialogEventHandler.setCertHolders(certHolders);
     68         return this;
     69     }
     70 
     71     @Override
     72     public AlertDialog create() {
     73         AlertDialog dialog = super.create();
     74         dialog.setOnShowListener(mDialogEventHandler);
     75         mDialogEventHandler.setDialog(dialog);
     76         return dialog;
     77     }
     78 
     79     private void initDefaultBuilderParams() {
     80         setTitle(com.android.internal.R.string.ssl_certificate);
     81         setView(mDialogEventHandler.mRootContainer);
     82 
     83         // Enable buttons here. The actual labels and listeners are configured in nextOrDismiss
     84         setPositiveButton(R.string.trusted_credentials_trust_label, null);
     85         setNegativeButton(android.R.string.ok, null);
     86     }
     87 
     88     private static class DialogEventHandler implements DialogInterface.OnShowListener,
     89             View.OnClickListener  {
     90         private static final long OUT_DURATION_MS = 300;
     91         private static final long IN_DURATION_MS = 200;
     92 
     93         private final Activity mActivity;
     94         private final DevicePolicyManager mDpm;
     95         private final UserManager mUserManager;
     96         private final DelegateInterface mDelegate;
     97         private final LinearLayout mRootContainer;
     98 
     99         private int mCurrentCertIndex = -1;
    100         private AlertDialog mDialog;
    101         private Button mPositiveButton;
    102         private Button mNegativeButton;
    103         private boolean mNeedsApproval;
    104         private CertHolder[] mCertHolders = new CertHolder[0];
    105         private View mCurrentCertLayout = null;
    106 
    107         public DialogEventHandler(Activity activity, DelegateInterface delegate) {
    108             mActivity = activity;
    109             mDpm = activity.getSystemService(DevicePolicyManager.class);
    110             mUserManager = activity.getSystemService(UserManager.class);
    111             mDelegate = delegate;
    112 
    113             mRootContainer = new LinearLayout(mActivity);
    114             mRootContainer.setOrientation(LinearLayout.VERTICAL);
    115         }
    116 
    117         public void setDialog(AlertDialog dialog) {
    118             mDialog = dialog;
    119         }
    120 
    121         public void setCertHolders(CertHolder[] certHolder) {
    122             mCertHolders = certHolder;
    123         }
    124 
    125         @Override
    126         public void onShow(DialogInterface dialogInterface) {
    127             // Config the display content only when the dialog is shown because the
    128             // positive/negative buttons don't exist until the dialog is shown
    129             nextOrDismiss();
    130         }
    131 
    132         @Override
    133         public void onClick(View view) {
    134             if (view == mPositiveButton) {
    135                 if (mNeedsApproval) {
    136                     onClickTrust();
    137                 } else {
    138                     onClickOk();
    139                 }
    140             } else if (view == mNegativeButton) {
    141                 onClickEnableOrDisable();
    142             }
    143         }
    144 
    145         private void onClickOk() {
    146             nextOrDismiss();
    147         }
    148 
    149         private void onClickTrust() {
    150             CertHolder certHolder = getCurrentCertInfo();
    151             if (!mDelegate.startConfirmCredentialIfNotConfirmed(certHolder.getUserId(),
    152                     this::onCredentialConfirmed)) {
    153                 mDpm.approveCaCert(certHolder.getAlias(), certHolder.getUserId(), true);
    154                 nextOrDismiss();
    155             }
    156         }
    157 
    158         private void onClickEnableOrDisable() {
    159             final CertHolder certHolder = getCurrentCertInfo();
    160             DialogInterface.OnClickListener onConfirm = new DialogInterface.OnClickListener() {
    161                 @Override
    162                 public void onClick(DialogInterface dialog, int id) {
    163                     mDelegate.removeOrInstallCert(certHolder);
    164                     nextOrDismiss();
    165                 }
    166             };
    167             if (certHolder.isSystemCert()) {
    168                 // Removing system certs is reversible, so skip confirmation.
    169                 onConfirm.onClick(null, -1);
    170             } else {
    171                 new AlertDialog.Builder(mActivity)
    172                         .setMessage(R.string.trusted_credentials_remove_confirmation)
    173                         .setPositiveButton(android.R.string.yes, onConfirm)
    174                         .setNegativeButton(android.R.string.no, null)
    175                         .show();
    176 
    177             }
    178         }
    179 
    180         private void onCredentialConfirmed(int userId) {
    181             if (mDialog.isShowing() && mNeedsApproval && getCurrentCertInfo() != null
    182                     && getCurrentCertInfo().getUserId() == userId) {
    183                 // Treat it as user just clicks "trust" for this cert
    184                 onClickTrust();
    185             }
    186         }
    187 
    188         private CertHolder getCurrentCertInfo() {
    189             return mCurrentCertIndex < mCertHolders.length ? mCertHolders[mCurrentCertIndex] : null;
    190         }
    191 
    192         private void nextOrDismiss() {
    193             mCurrentCertIndex++;
    194             // find next non-null cert or dismiss
    195             while (mCurrentCertIndex < mCertHolders.length && getCurrentCertInfo() == null) {
    196                 mCurrentCertIndex++;
    197             }
    198 
    199             if (mCurrentCertIndex >= mCertHolders.length) {
    200                 mDialog.dismiss();
    201                 return;
    202             }
    203 
    204             updateViewContainer();
    205             updatePositiveButton();
    206             updateNegativeButton();
    207         }
    208 
    209         /**
    210          * @return true if current user or parent user is guarded by screenlock
    211          */
    212         private boolean isUserSecure(int userId) {
    213             final LockPatternUtils lockPatternUtils = new LockPatternUtils(mActivity);
    214             if (lockPatternUtils.isSecure(userId)) {
    215                 return true;
    216             }
    217             UserInfo parentUser = mUserManager.getProfileParent(userId);
    218             if (parentUser == null) {
    219                 return false;
    220             }
    221             return lockPatternUtils.isSecure(parentUser.id);
    222         }
    223 
    224         private void updatePositiveButton() {
    225             final CertHolder certHolder = getCurrentCertInfo();
    226             mNeedsApproval = !certHolder.isSystemCert()
    227                     && isUserSecure(certHolder.getUserId())
    228                     && !mDpm.isCaCertApproved(certHolder.getAlias(), certHolder.getUserId());
    229 
    230             final boolean isProfileOrDeviceOwner = RestrictedLockUtils.getProfileOrDeviceOwner(
    231                     mActivity, certHolder.getUserId()) != null;
    232 
    233             // Show trust button only when it requires consumer user (non-PO/DO) to approve
    234             CharSequence displayText = mActivity.getText(!isProfileOrDeviceOwner && mNeedsApproval
    235                     ? R.string.trusted_credentials_trust_label
    236                     : android.R.string.ok);
    237             mPositiveButton = updateButton(DialogInterface.BUTTON_POSITIVE, displayText);
    238         }
    239 
    240         private void updateNegativeButton() {
    241             final CertHolder certHolder = getCurrentCertInfo();
    242             final boolean showRemoveButton = !mUserManager.hasUserRestriction(
    243                     UserManager.DISALLOW_CONFIG_CREDENTIALS,
    244                     new UserHandle(certHolder.getUserId()));
    245             CharSequence displayText = mActivity.getText(getButtonLabel(certHolder));
    246             mNegativeButton = updateButton(DialogInterface.BUTTON_NEGATIVE, displayText);
    247             mNegativeButton.setVisibility(showRemoveButton ? View.VISIBLE : View.GONE);
    248         }
    249 
    250         /**
    251          * mDialog.setButton doesn't trigger text refresh since mDialog has been shown.
    252          * It's invoked only in case mDialog is refreshed.
    253          * setOnClickListener is invoked to avoid dismiss dialog onClick
    254          */
    255         private Button updateButton(int buttonType, CharSequence displayText) {
    256             mDialog.setButton(buttonType, displayText, (DialogInterface.OnClickListener) null);
    257             Button button = mDialog.getButton(buttonType);
    258             button.setText(displayText);
    259             button.setOnClickListener(this);
    260             return button;
    261         }
    262 
    263 
    264         private void updateViewContainer() {
    265             CertHolder certHolder = getCurrentCertInfo();
    266             LinearLayout nextCertLayout = getCertLayout(certHolder);
    267 
    268             // Displaying first cert doesn't require animation
    269             if (mCurrentCertLayout == null) {
    270                 mCurrentCertLayout = nextCertLayout;
    271                 mRootContainer.addView(mCurrentCertLayout);
    272             } else {
    273                 animateViewTransition(nextCertLayout);
    274             }
    275         }
    276 
    277         private LinearLayout getCertLayout(final CertHolder certHolder) {
    278             final ArrayList<View> views =  new ArrayList<View>();
    279             final ArrayList<String> titles = new ArrayList<String>();
    280             List<X509Certificate> certificates = mDelegate.getX509CertsFromCertHolder(certHolder);
    281             if (certificates != null) {
    282                 for (X509Certificate certificate : certificates) {
    283                     SslCertificate sslCert = new SslCertificate(certificate);
    284                     views.add(sslCert.inflateCertificateView(mActivity));
    285                     titles.add(sslCert.getIssuedTo().getCName());
    286                 }
    287             }
    288 
    289             ArrayAdapter<String> arrayAdapter = new ArrayAdapter<String>(mActivity,
    290                     android.R.layout.simple_spinner_item,
    291                     titles);
    292             arrayAdapter.setDropDownViewResource(android.R.layout.simple_spinner_dropdown_item);
    293             Spinner spinner = new Spinner(mActivity);
    294             spinner.setAdapter(arrayAdapter);
    295             spinner.setOnItemSelectedListener(new AdapterView.OnItemSelectedListener() {
    296                 @Override
    297                 public void onItemSelected(AdapterView<?> parent, View view, int position,
    298                         long id) {
    299                     for (int i = 0; i < views.size(); i++) {
    300                         views.get(i).setVisibility(i == position ? View.VISIBLE : View.GONE);
    301                     }
    302                 }
    303 
    304                 @Override
    305                 public void onNothingSelected(AdapterView<?> parent) {
    306                 }
    307             });
    308 
    309             LinearLayout certLayout = new LinearLayout(mActivity);
    310             certLayout.setOrientation(LinearLayout.VERTICAL);
    311             certLayout.addView(spinner);
    312             for (int i = 0; i < views.size(); ++i) {
    313                 View certificateView = views.get(i);
    314                 // Show first cert by default
    315                 certificateView.setVisibility(i == 0 ? View.VISIBLE : View.GONE);
    316                 certLayout.addView(certificateView);
    317             }
    318 
    319             return certLayout;
    320         }
    321 
    322         private static int getButtonLabel(CertHolder certHolder) {
    323             return certHolder.isSystemCert() ? ( certHolder.isDeleted()
    324                         ? R.string.trusted_credentials_enable_label
    325                         : R.string.trusted_credentials_disable_label )
    326                     : R.string.trusted_credentials_remove_label;
    327         }
    328 
    329         /* Animation code */
    330         private void animateViewTransition(final View nextCertView) {
    331             animateOldContent(new Runnable() {
    332                 @Override
    333                 public void run() {
    334                     addAndAnimateNewContent(nextCertView);
    335                 }
    336             });
    337         }
    338 
    339         private void animateOldContent(Runnable callback) {
    340             // Fade out
    341             mCurrentCertLayout.animate()
    342                     .alpha(0)
    343                     .setDuration(OUT_DURATION_MS)
    344                     .setInterpolator(AnimationUtils.loadInterpolator(mActivity,
    345                             android.R.interpolator.fast_out_linear_in))
    346                     .withEndAction(callback)
    347                     .start();
    348         }
    349 
    350         private void addAndAnimateNewContent(View nextCertLayout) {
    351             mCurrentCertLayout = nextCertLayout;
    352             mRootContainer.removeAllViews();
    353             mRootContainer.addView(nextCertLayout);
    354 
    355             mRootContainer.addOnLayoutChangeListener( new View.OnLayoutChangeListener() {
    356                 @Override
    357                 public void onLayoutChange(View v, int left, int top, int right, int bottom,
    358                         int oldLeft, int oldTop, int oldRight, int oldBottom) {
    359                     mRootContainer.removeOnLayoutChangeListener(this);
    360 
    361                     // Animate slide in from the right
    362                     final int containerWidth = mRootContainer.getWidth();
    363                     mCurrentCertLayout.setTranslationX(containerWidth);
    364                     mCurrentCertLayout.animate()
    365                             .translationX(0)
    366                             .setInterpolator(AnimationUtils.loadInterpolator(mActivity,
    367                                     android.R.interpolator.linear_out_slow_in))
    368                             .setDuration(IN_DURATION_MS)
    369                             .start();
    370                 }
    371             });
    372         }
    373     }
    374 }
    375