1 /* 2 * Copyright (C) 2014 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.captiveportallogin; 18 19 import android.app.Activity; 20 import android.app.LoadedApk; 21 import android.content.Context; 22 import android.content.Intent; 23 import android.graphics.Bitmap; 24 import android.net.CaptivePortal; 25 import android.net.ConnectivityManager; 26 import android.net.ConnectivityManager.NetworkCallback; 27 import android.net.Network; 28 import android.net.NetworkCapabilities; 29 import android.net.NetworkInfo; 30 import android.net.NetworkRequest; 31 import android.net.Proxy; 32 import android.net.Uri; 33 import android.net.http.SslError; 34 import android.os.Build; 35 import android.os.Bundle; 36 import android.provider.Settings; 37 import android.util.ArrayMap; 38 import android.util.Log; 39 import android.util.TypedValue; 40 import android.view.Menu; 41 import android.view.MenuItem; 42 import android.view.View; 43 import android.webkit.SslErrorHandler; 44 import android.webkit.WebChromeClient; 45 import android.webkit.WebSettings; 46 import android.webkit.WebView; 47 import android.webkit.WebViewClient; 48 import android.widget.ProgressBar; 49 import android.widget.TextView; 50 51 import com.android.internal.logging.MetricsLogger; 52 import com.android.internal.logging.nano.MetricsProto.MetricsEvent; 53 54 import java.io.IOException; 55 import java.net.HttpURLConnection; 56 import java.net.MalformedURLException; 57 import java.net.URL; 58 import java.lang.InterruptedException; 59 import java.lang.reflect.Field; 60 import java.lang.reflect.Method; 61 import java.util.Objects; 62 import java.util.Random; 63 import java.util.concurrent.atomic.AtomicBoolean; 64 65 public class CaptivePortalLoginActivity extends Activity { 66 private static final String TAG = CaptivePortalLoginActivity.class.getSimpleName(); 67 private static final boolean DBG = true; 68 private static final boolean VDBG = false; 69 70 private static final int SOCKET_TIMEOUT_MS = 10000; 71 72 private enum Result { 73 DISMISSED(MetricsEvent.ACTION_CAPTIVE_PORTAL_LOGIN_RESULT_DISMISSED), 74 UNWANTED(MetricsEvent.ACTION_CAPTIVE_PORTAL_LOGIN_RESULT_UNWANTED), 75 WANTED_AS_IS(MetricsEvent.ACTION_CAPTIVE_PORTAL_LOGIN_RESULT_WANTED_AS_IS); 76 77 final int metricsEvent; 78 Result(int metricsEvent) { this.metricsEvent = metricsEvent; } 79 }; 80 81 private URL mUrl; 82 private String mUserAgent; 83 private Network mNetwork; 84 private CaptivePortal mCaptivePortal; 85 private NetworkCallback mNetworkCallback; 86 private ConnectivityManager mCm; 87 private boolean mLaunchBrowser = false; 88 private MyWebViewClient mWebViewClient; 89 // Ensures that done() happens once exactly, handling concurrent callers with atomic operations. 90 private final AtomicBoolean isDone = new AtomicBoolean(false); 91 92 @Override 93 protected void onCreate(Bundle savedInstanceState) { 94 super.onCreate(savedInstanceState); 95 96 logMetricsEvent(MetricsEvent.ACTION_CAPTIVE_PORTAL_LOGIN_ACTIVITY); 97 98 mCm = ConnectivityManager.from(this); 99 mNetwork = getIntent().getParcelableExtra(ConnectivityManager.EXTRA_NETWORK); 100 mCaptivePortal = getIntent().getParcelableExtra(ConnectivityManager.EXTRA_CAPTIVE_PORTAL); 101 mUserAgent = 102 getIntent().getStringExtra(ConnectivityManager.EXTRA_CAPTIVE_PORTAL_USER_AGENT); 103 mUrl = getUrl(); 104 if (mUrl == null) { 105 // getUrl() failed to parse the url provided in the intent: bail out in a way that 106 // at least provides network access. 107 done(Result.WANTED_AS_IS); 108 return; 109 } 110 if (DBG) { 111 Log.d(TAG, String.format("onCreate for %s", mUrl.toString())); 112 } 113 114 // Also initializes proxy system properties. 115 mCm.bindProcessToNetwork(mNetwork); 116 117 // Proxy system properties must be initialized before setContentView is called because 118 // setContentView initializes the WebView logic which in turn reads the system properties. 119 setContentView(R.layout.activity_captive_portal_login); 120 121 // Exit app if Network disappears. 122 final NetworkCapabilities networkCapabilities = mCm.getNetworkCapabilities(mNetwork); 123 if (networkCapabilities == null) { 124 finishAndRemoveTask(); 125 return; 126 } 127 mNetworkCallback = new NetworkCallback() { 128 @Override 129 public void onLost(Network lostNetwork) { 130 if (mNetwork.equals(lostNetwork)) done(Result.UNWANTED); 131 } 132 }; 133 final NetworkRequest.Builder builder = new NetworkRequest.Builder(); 134 for (int transportType : networkCapabilities.getTransportTypes()) { 135 builder.addTransportType(transportType); 136 } 137 mCm.registerNetworkCallback(builder.build(), mNetworkCallback); 138 139 getActionBar().setDisplayShowHomeEnabled(false); 140 getActionBar().setElevation(0); // remove shadow 141 getActionBar().setTitle(getHeaderTitle()); 142 getActionBar().setSubtitle(""); 143 144 final WebView webview = getWebview(); 145 webview.clearCache(true); 146 WebSettings webSettings = webview.getSettings(); 147 webSettings.setJavaScriptEnabled(true); 148 webSettings.setMixedContentMode(WebSettings.MIXED_CONTENT_COMPATIBILITY_MODE); 149 webSettings.setUseWideViewPort(true); 150 webSettings.setLoadWithOverviewMode(true); 151 webSettings.setSupportZoom(true); 152 webSettings.setBuiltInZoomControls(true); 153 webSettings.setDisplayZoomControls(false); 154 mWebViewClient = new MyWebViewClient(); 155 webview.setWebViewClient(mWebViewClient); 156 webview.setWebChromeClient(new MyWebChromeClient()); 157 // Start initial page load so WebView finishes loading proxy settings. 158 // Actual load of mUrl is initiated by MyWebViewClient. 159 webview.loadData("", "text/html", null); 160 } 161 162 // Find WebView's proxy BroadcastReceiver and prompt it to read proxy system properties. 163 private void setWebViewProxy() { 164 LoadedApk loadedApk = getApplication().mLoadedApk; 165 try { 166 Field receiversField = LoadedApk.class.getDeclaredField("mReceivers"); 167 receiversField.setAccessible(true); 168 ArrayMap receivers = (ArrayMap) receiversField.get(loadedApk); 169 for (Object receiverMap : receivers.values()) { 170 for (Object rec : ((ArrayMap) receiverMap).keySet()) { 171 Class clazz = rec.getClass(); 172 if (clazz.getName().contains("ProxyChangeListener")) { 173 Method onReceiveMethod = clazz.getDeclaredMethod("onReceive", Context.class, 174 Intent.class); 175 Intent intent = new Intent(Proxy.PROXY_CHANGE_ACTION); 176 onReceiveMethod.invoke(rec, getApplicationContext(), intent); 177 Log.v(TAG, "Prompting WebView proxy reload."); 178 } 179 } 180 } 181 } catch (Exception e) { 182 Log.e(TAG, "Exception while setting WebView proxy: " + e); 183 } 184 } 185 186 private void done(Result result) { 187 if (isDone.getAndSet(true)) { 188 // isDone was already true: done() already called 189 return; 190 } 191 if (DBG) { 192 Log.d(TAG, String.format("Result %s for %s", result.name(), mUrl.toString())); 193 } 194 logMetricsEvent(result.metricsEvent); 195 switch (result) { 196 case DISMISSED: 197 mCaptivePortal.reportCaptivePortalDismissed(); 198 break; 199 case UNWANTED: 200 mCaptivePortal.ignoreNetwork(); 201 break; 202 case WANTED_AS_IS: 203 mCaptivePortal.useNetwork(); 204 break; 205 } 206 finishAndRemoveTask(); 207 } 208 209 @Override 210 public boolean onCreateOptionsMenu(Menu menu) { 211 getMenuInflater().inflate(R.menu.captive_portal_login, menu); 212 return true; 213 } 214 215 @Override 216 public void onBackPressed() { 217 WebView myWebView = findViewById(R.id.webview); 218 if (myWebView.canGoBack() && mWebViewClient.allowBack()) { 219 myWebView.goBack(); 220 } else { 221 super.onBackPressed(); 222 } 223 } 224 225 @Override 226 public boolean onOptionsItemSelected(MenuItem item) { 227 final Result result; 228 final String action; 229 final int id = item.getItemId(); 230 switch (id) { 231 case R.id.action_use_network: 232 result = Result.WANTED_AS_IS; 233 action = "USE_NETWORK"; 234 break; 235 case R.id.action_do_not_use_network: 236 result = Result.UNWANTED; 237 action = "DO_NOT_USE_NETWORK"; 238 break; 239 default: 240 return super.onOptionsItemSelected(item); 241 } 242 if (DBG) { 243 Log.d(TAG, String.format("onOptionsItemSelect %s for %s", action, mUrl.toString())); 244 } 245 done(result); 246 return true; 247 } 248 249 @Override 250 public void onDestroy() { 251 super.onDestroy(); 252 if (mNetworkCallback != null) { 253 // mNetworkCallback is not null if mUrl is not null. 254 mCm.unregisterNetworkCallback(mNetworkCallback); 255 } 256 if (mLaunchBrowser) { 257 // Give time for this network to become default. After 500ms just proceed. 258 for (int i = 0; i < 5; i++) { 259 // TODO: This misses when mNetwork underlies a VPN. 260 if (mNetwork.equals(mCm.getActiveNetwork())) break; 261 try { 262 Thread.sleep(100); 263 } catch (InterruptedException e) { 264 } 265 } 266 final String url = mUrl.toString(); 267 if (DBG) { 268 Log.d(TAG, "starting activity with intent ACTION_VIEW for " + url); 269 } 270 startActivity(new Intent(Intent.ACTION_VIEW, Uri.parse(url))); 271 } 272 } 273 274 private URL getUrl() { 275 String url = getIntent().getStringExtra(ConnectivityManager.EXTRA_CAPTIVE_PORTAL_URL); 276 if (url == null) { 277 url = mCm.getCaptivePortalServerUrl(); 278 } 279 return makeURL(url); 280 } 281 282 private static URL makeURL(String url) { 283 try { 284 return new URL(url); 285 } catch (MalformedURLException e) { 286 Log.e(TAG, "Invalid URL " + url); 287 } 288 return null; 289 } 290 291 private static String host(URL url) { 292 if (url == null) { 293 return null; 294 } 295 return url.getHost(); 296 } 297 298 private static String sanitizeURL(URL url) { 299 // In non-Debug build, only show host to avoid leaking private info. 300 return Build.IS_DEBUGGABLE ? Objects.toString(url) : host(url); 301 } 302 303 private void testForCaptivePortal() { 304 // TODO: reuse NetworkMonitor facilities for consistent captive portal detection. 305 new Thread(new Runnable() { 306 public void run() { 307 // Give time for captive portal to open. 308 try { 309 Thread.sleep(1000); 310 } catch (InterruptedException e) { 311 } 312 HttpURLConnection urlConnection = null; 313 int httpResponseCode = 500; 314 try { 315 urlConnection = (HttpURLConnection) mNetwork.openConnection(mUrl); 316 urlConnection.setInstanceFollowRedirects(false); 317 urlConnection.setConnectTimeout(SOCKET_TIMEOUT_MS); 318 urlConnection.setReadTimeout(SOCKET_TIMEOUT_MS); 319 urlConnection.setUseCaches(false); 320 if (mUserAgent != null) { 321 urlConnection.setRequestProperty("User-Agent", mUserAgent); 322 } 323 // cannot read request header after connection 324 String requestHeader = urlConnection.getRequestProperties().toString(); 325 326 urlConnection.getInputStream(); 327 httpResponseCode = urlConnection.getResponseCode(); 328 if (DBG) { 329 Log.d(TAG, "probe at " + mUrl + 330 " ret=" + httpResponseCode + 331 " request=" + requestHeader + 332 " headers=" + urlConnection.getHeaderFields()); 333 } 334 } catch (IOException e) { 335 } finally { 336 if (urlConnection != null) urlConnection.disconnect(); 337 } 338 if (httpResponseCode == 204) { 339 done(Result.DISMISSED); 340 } 341 } 342 }).start(); 343 } 344 345 private class MyWebViewClient extends WebViewClient { 346 private static final String INTERNAL_ASSETS = "file:///android_asset/"; 347 348 private final String mBrowserBailOutToken = Long.toString(new Random().nextLong()); 349 // How many Android device-independent-pixels per scaled-pixel 350 // dp/sp = (px/sp) / (px/dp) = (1/sp) / (1/dp) 351 private final float mDpPerSp = TypedValue.applyDimension(TypedValue.COMPLEX_UNIT_SP, 1, 352 getResources().getDisplayMetrics()) / 353 TypedValue.applyDimension(TypedValue.COMPLEX_UNIT_DIP, 1, 354 getResources().getDisplayMetrics()); 355 private int mPagesLoaded; 356 // the host of the page that this webview is currently loading. Can be null when undefined. 357 private String mHostname; 358 359 // If we haven't finished cleaning up the history, don't allow going back. 360 public boolean allowBack() { 361 return mPagesLoaded > 1; 362 } 363 364 @Override 365 public void onPageStarted(WebView view, String urlString, Bitmap favicon) { 366 if (urlString.contains(mBrowserBailOutToken)) { 367 mLaunchBrowser = true; 368 done(Result.WANTED_AS_IS); 369 return; 370 } 371 // The first page load is used only to cause the WebView to 372 // fetch the proxy settings. Don't update the URL bar, and 373 // don't check if the captive portal is still there. 374 if (mPagesLoaded == 0) { 375 return; 376 } 377 final URL url = makeURL(urlString); 378 Log.d(TAG, "onPageSarted: " + sanitizeURL(url)); 379 mHostname = host(url); 380 // For internally generated pages, leave URL bar listing prior URL as this is the URL 381 // the page refers to. 382 if (!urlString.startsWith(INTERNAL_ASSETS)) { 383 String subtitle = (url != null) ? getHeaderSubtitle(url) : urlString; 384 getActionBar().setSubtitle(subtitle); 385 } 386 getProgressBar().setVisibility(View.VISIBLE); 387 testForCaptivePortal(); 388 } 389 390 @Override 391 public void onPageFinished(WebView view, String url) { 392 mPagesLoaded++; 393 getProgressBar().setVisibility(View.INVISIBLE); 394 if (mPagesLoaded == 1) { 395 // Now that WebView has loaded at least one page we know it has read in the proxy 396 // settings. Now prompt the WebView read the Network-specific proxy settings. 397 setWebViewProxy(); 398 // Load the real page. 399 view.loadUrl(mUrl.toString()); 400 return; 401 } else if (mPagesLoaded == 2) { 402 // Prevent going back to empty first page. 403 // Fix for missing focus, see b/62449959 for details. Remove it once we get a 404 // newer version of WebView (60.x.y). 405 view.requestFocus(); 406 view.clearHistory(); 407 } 408 testForCaptivePortal(); 409 } 410 411 // Convert Android scaled-pixels (sp) to HTML size. 412 private String sp(int sp) { 413 // Convert sp to dp's. 414 float dp = sp * mDpPerSp; 415 // Apply a scale factor to make things look right. 416 dp *= 1.3; 417 // Convert dp's to HTML size. 418 // HTML px's are scaled just like dp's, so just add "px" suffix. 419 return Integer.toString((int)dp) + "px"; 420 } 421 422 // A web page consisting of a large broken lock icon to indicate SSL failure. 423 424 @Override 425 public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) { 426 final URL url = makeURL(error.getUrl()); 427 final String host = host(url); 428 Log.d(TAG, String.format("SSL error: %s, url: %s, certificate: %s", 429 error.getPrimaryError(), sanitizeURL(url), error.getCertificate())); 430 if (url == null || !Objects.equals(host, mHostname)) { 431 // Ignore ssl errors for resources coming from a different hostname than the page 432 // that we are currently loading, and only cancel the request. 433 handler.cancel(); 434 return; 435 } 436 logMetricsEvent(MetricsEvent.CAPTIVE_PORTAL_LOGIN_ACTIVITY_SSL_ERROR); 437 final String sslErrorPage = makeSslErrorPage(); 438 view.loadDataWithBaseURL(INTERNAL_ASSETS, sslErrorPage, "text/HTML", "UTF-8", null); 439 } 440 441 private String makeSslErrorPage() { 442 final String warningMsg = getString(R.string.ssl_error_warning); 443 final String exampleMsg = getString(R.string.ssl_error_example); 444 final String continueMsg = getString(R.string.ssl_error_continue); 445 return String.join("\n", 446 "<html>", 447 "<head>", 448 " <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">", 449 " <style>", 450 " body {", 451 " background-color:#fafafa;", 452 " margin:auto;", 453 " width:80%;", 454 " margin-top: 96px", 455 " }", 456 " img {", 457 " height:48px;", 458 " width:48px;", 459 " }", 460 " div.warn {", 461 " font-size:" + sp(16) + ";", 462 " line-height:1.28;", 463 " margin-top:16px;", 464 " opacity:0.87;", 465 " }", 466 " div.example {", 467 " font-size:" + sp(14) + ";", 468 " line-height:1.21905;", 469 " margin-top:16px;", 470 " opacity:0.54;", 471 " }", 472 " a {", 473 " color:#4285F4;", 474 " display:inline-block;", 475 " font-size:" + sp(14) + ";", 476 " font-weight:bold;", 477 " height:48px;", 478 " margin-top:24px;", 479 " text-decoration:none;", 480 " text-transform:uppercase;", 481 " }", 482 " </style>", 483 "</head>", 484 "<body>", 485 " <p><img src=quantum_ic_warning_amber_96.png><br>", 486 " <div class=warn>" + warningMsg + "</div>", 487 " <div class=example>" + exampleMsg + "</div>", 488 " <a href=" + mBrowserBailOutToken + ">" + continueMsg + "</a>", 489 "</body>", 490 "</html>"); 491 } 492 493 @Override 494 public boolean shouldOverrideUrlLoading (WebView view, String url) { 495 if (url.startsWith("tel:")) { 496 startActivity(new Intent(Intent.ACTION_DIAL, Uri.parse(url))); 497 return true; 498 } 499 return false; 500 } 501 } 502 503 private class MyWebChromeClient extends WebChromeClient { 504 @Override 505 public void onProgressChanged(WebView view, int newProgress) { 506 getProgressBar().setProgress(newProgress); 507 } 508 } 509 510 private ProgressBar getProgressBar() { 511 return findViewById(R.id.progress_bar); 512 } 513 514 private WebView getWebview() { 515 return findViewById(R.id.webview); 516 } 517 518 private String getHeaderTitle() { 519 NetworkInfo info = mCm.getNetworkInfo(mNetwork); 520 if (info == null) { 521 return getString(R.string.action_bar_label); 522 } 523 NetworkCapabilities nc = mCm.getNetworkCapabilities(mNetwork); 524 if (!nc.hasTransport(NetworkCapabilities.TRANSPORT_WIFI)) { 525 return getString(R.string.action_bar_label); 526 } 527 return getString(R.string.action_bar_title, info.getExtraInfo().replaceAll("^\"|\"$", "")); 528 } 529 530 private String getHeaderSubtitle(URL url) { 531 String host = host(url); 532 final String https = "https"; 533 if (https.equals(url.getProtocol())) { 534 return https + "://" + host; 535 } 536 return host; 537 } 538 539 private void logMetricsEvent(int event) { 540 MetricsLogger.action(this, event, getPackageName()); 541 } 542 } 543