blob: 0dc8c25676156d0a920ce705b111a9641590a211 [file] [log] [blame]
/*
* Copyright (C) 2016 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.android.settings;
import android.annotation.NonNull;
import android.app.Activity;
import android.app.admin.DevicePolicyManager;
import android.content.DialogInterface;
import android.content.pm.UserInfo;
import android.net.http.SslCertificate;
import android.os.UserHandle;
import android.os.UserManager;
import android.view.View;
import android.view.animation.AnimationUtils;
import android.widget.AdapterView;
import android.widget.ArrayAdapter;
import android.widget.Button;
import android.widget.LinearLayout;
import android.widget.Spinner;
import androidx.appcompat.app.AlertDialog;
import com.android.internal.widget.LockPatternUtils;
import com.android.settings.TrustedCredentialsFragment.CertHolder;
import com.android.settingslib.RestrictedLockUtils;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.function.IntConsumer;
class TrustedCredentialsDialogBuilder extends AlertDialog.Builder {
public interface DelegateInterface {
List<X509Certificate> getX509CertsFromCertHolder(CertHolder certHolder);
void removeOrInstallCert(CertHolder certHolder);
boolean startConfirmCredentialIfNotConfirmed(int userId,
IntConsumer onCredentialConfirmedListener);
}
private final DialogEventHandler mDialogEventHandler;
public TrustedCredentialsDialogBuilder(Activity activity, DelegateInterface delegate) {
super(activity);
mDialogEventHandler = new DialogEventHandler(activity, delegate);
initDefaultBuilderParams();
}
public TrustedCredentialsDialogBuilder setCertHolder(CertHolder certHolder) {
return setCertHolders(certHolder == null ? new CertHolder[0]
: new CertHolder[]{certHolder});
}
public TrustedCredentialsDialogBuilder setCertHolders(@NonNull CertHolder[] certHolders) {
mDialogEventHandler.setCertHolders(certHolders);
return this;
}
@Override
public AlertDialog create() {
AlertDialog dialog = super.create();
dialog.setOnShowListener(mDialogEventHandler);
mDialogEventHandler.setDialog(dialog);
return dialog;
}
private void initDefaultBuilderParams() {
setTitle(com.android.internal.R.string.ssl_certificate);
setView(mDialogEventHandler.mRootContainer);
// Enable buttons here. The actual labels and listeners are configured in nextOrDismiss
setPositiveButton(R.string.trusted_credentials_trust_label, null);
setNegativeButton(android.R.string.ok, null);
}
private static class DialogEventHandler implements DialogInterface.OnShowListener,
View.OnClickListener {
private static final long OUT_DURATION_MS = 300;
private static final long IN_DURATION_MS = 200;
private final Activity mActivity;
private final DevicePolicyManager mDpm;
private final UserManager mUserManager;
private final DelegateInterface mDelegate;
private final LinearLayout mRootContainer;
private int mCurrentCertIndex = -1;
private AlertDialog mDialog;
private Button mPositiveButton;
private Button mNegativeButton;
private boolean mNeedsApproval;
private CertHolder[] mCertHolders = new CertHolder[0];
private View mCurrentCertLayout = null;
public DialogEventHandler(Activity activity, DelegateInterface delegate) {
mActivity = activity;
mDpm = activity.getSystemService(DevicePolicyManager.class);
mUserManager = activity.getSystemService(UserManager.class);
mDelegate = delegate;
mRootContainer = new LinearLayout(mActivity);
mRootContainer.setOrientation(LinearLayout.VERTICAL);
}
public void setDialog(AlertDialog dialog) {
mDialog = dialog;
}
public void setCertHolders(CertHolder[] certHolder) {
mCertHolders = certHolder;
}
@Override
public void onShow(DialogInterface dialogInterface) {
// Config the display content only when the dialog is shown because the
// positive/negative buttons don't exist until the dialog is shown
nextOrDismiss();
}
@Override
public void onClick(View view) {
if (view == mPositiveButton) {
if (mNeedsApproval) {
onClickTrust();
} else {
onClickOk();
}
} else if (view == mNegativeButton) {
onClickEnableOrDisable();
}
}
private void onClickOk() {
nextOrDismiss();
}
private void onClickTrust() {
CertHolder certHolder = getCurrentCertInfo();
if (!mDelegate.startConfirmCredentialIfNotConfirmed(certHolder.getUserId(),
this::onCredentialConfirmed)) {
mDpm.approveCaCert(certHolder.getAlias(), certHolder.getUserId(), true);
nextOrDismiss();
}
}
private void onClickEnableOrDisable() {
final CertHolder certHolder = getCurrentCertInfo();
DialogInterface.OnClickListener onConfirm = new DialogInterface.OnClickListener() {
@Override
public void onClick(DialogInterface dialog, int id) {
mDelegate.removeOrInstallCert(certHolder);
nextOrDismiss();
}
};
if (certHolder.isSystemCert()) {
// Removing system certs is reversible, so skip confirmation.
onConfirm.onClick(null, -1);
} else {
new AlertDialog.Builder(mActivity)
.setMessage(R.string.trusted_credentials_remove_confirmation)
.setPositiveButton(android.R.string.yes, onConfirm)
.setNegativeButton(android.R.string.no, null)
.show();
}
}
private void onCredentialConfirmed(int userId) {
if (mDialog.isShowing() && mNeedsApproval && getCurrentCertInfo() != null
&& getCurrentCertInfo().getUserId() == userId) {
// Treat it as user just clicks "trust" for this cert
onClickTrust();
}
}
private CertHolder getCurrentCertInfo() {
return mCurrentCertIndex < mCertHolders.length ? mCertHolders[mCurrentCertIndex] : null;
}
private void nextOrDismiss() {
mCurrentCertIndex++;
// find next non-null cert or dismiss
while (mCurrentCertIndex < mCertHolders.length && getCurrentCertInfo() == null) {
mCurrentCertIndex++;
}
if (mCurrentCertIndex >= mCertHolders.length) {
mDialog.dismiss();
return;
}
updateViewContainer();
updatePositiveButton();
updateNegativeButton();
}
/**
* @return true if current user or parent user is guarded by screenlock
*/
private boolean isUserSecure(int userId) {
final LockPatternUtils lockPatternUtils = new LockPatternUtils(mActivity);
if (lockPatternUtils.isSecure(userId)) {
return true;
}
UserInfo parentUser = mUserManager.getProfileParent(userId);
if (parentUser == null) {
return false;
}
return lockPatternUtils.isSecure(parentUser.id);
}
private void updatePositiveButton() {
final CertHolder certHolder = getCurrentCertInfo();
mNeedsApproval = !certHolder.isSystemCert()
&& isUserSecure(certHolder.getUserId())
&& !mDpm.isCaCertApproved(certHolder.getAlias(), certHolder.getUserId());
final boolean isProfileOrDeviceOwner = RestrictedLockUtils.getProfileOrDeviceOwner(
mActivity, UserHandle.of(certHolder.getUserId())) != null;
// Show trust button only when it requires consumer user (non-PO/DO) to approve
CharSequence displayText = mActivity.getText(!isProfileOrDeviceOwner && mNeedsApproval
? R.string.trusted_credentials_trust_label
: android.R.string.ok);
mPositiveButton = updateButton(DialogInterface.BUTTON_POSITIVE, displayText);
}
private void updateNegativeButton() {
final CertHolder certHolder = getCurrentCertInfo();
final boolean showRemoveButton = !mUserManager.hasUserRestriction(
UserManager.DISALLOW_CONFIG_CREDENTIALS,
new UserHandle(certHolder.getUserId()));
CharSequence displayText = mActivity.getText(getButtonLabel(certHolder));
mNegativeButton = updateButton(DialogInterface.BUTTON_NEGATIVE, displayText);
mNegativeButton.setVisibility(showRemoveButton ? View.VISIBLE : View.GONE);
}
/**
* mDialog.setButton doesn't trigger text refresh since mDialog has been shown.
* It's invoked only in case mDialog is refreshed.
* setOnClickListener is invoked to avoid dismiss dialog onClick
*/
private Button updateButton(int buttonType, CharSequence displayText) {
mDialog.setButton(buttonType, displayText, (DialogInterface.OnClickListener) null);
Button button = mDialog.getButton(buttonType);
button.setText(displayText);
button.setOnClickListener(this);
return button;
}
private void updateViewContainer() {
CertHolder certHolder = getCurrentCertInfo();
LinearLayout nextCertLayout = getCertLayout(certHolder);
// Displaying first cert doesn't require animation
if (mCurrentCertLayout == null) {
mCurrentCertLayout = nextCertLayout;
mRootContainer.addView(mCurrentCertLayout);
} else {
animateViewTransition(nextCertLayout);
}
}
private LinearLayout getCertLayout(final CertHolder certHolder) {
final ArrayList<View> views = new ArrayList<View>();
final ArrayList<String> titles = new ArrayList<String>();
List<X509Certificate> certificates = mDelegate.getX509CertsFromCertHolder(certHolder);
if (certificates != null) {
for (X509Certificate certificate : certificates) {
SslCertificate sslCert = new SslCertificate(certificate);
views.add(sslCert.inflateCertificateView(mActivity));
titles.add(sslCert.getIssuedTo().getCName());
}
}
ArrayAdapter<String> arrayAdapter = new ArrayAdapter<String>(mActivity,
android.R.layout.simple_spinner_item,
titles);
arrayAdapter.setDropDownViewResource(android.R.layout.simple_spinner_dropdown_item);
Spinner spinner = new Spinner(mActivity);
spinner.setAdapter(arrayAdapter);
spinner.setOnItemSelectedListener(new AdapterView.OnItemSelectedListener() {
@Override
public void onItemSelected(AdapterView<?> parent, View view, int position,
long id) {
for (int i = 0; i < views.size(); i++) {
views.get(i).setVisibility(i == position ? View.VISIBLE : View.GONE);
}
}
@Override
public void onNothingSelected(AdapterView<?> parent) {
}
});
LinearLayout certLayout = new LinearLayout(mActivity);
certLayout.setOrientation(LinearLayout.VERTICAL);
certLayout.addView(spinner);
for (int i = 0; i < views.size(); ++i) {
View certificateView = views.get(i);
// Show first cert by default
certificateView.setVisibility(i == 0 ? View.VISIBLE : View.GONE);
certLayout.addView(certificateView);
}
return certLayout;
}
private static int getButtonLabel(CertHolder certHolder) {
return certHolder.isSystemCert() ? ( certHolder.isDeleted()
? R.string.trusted_credentials_enable_label
: R.string.trusted_credentials_disable_label )
: R.string.trusted_credentials_remove_label;
}
/* Animation code */
private void animateViewTransition(final View nextCertView) {
animateOldContent(new Runnable() {
@Override
public void run() {
addAndAnimateNewContent(nextCertView);
}
});
}
private void animateOldContent(Runnable callback) {
// Fade out
mCurrentCertLayout.animate()
.alpha(0)
.setDuration(OUT_DURATION_MS)
.setInterpolator(AnimationUtils.loadInterpolator(mActivity,
android.R.interpolator.fast_out_linear_in))
.withEndAction(callback)
.start();
}
private void addAndAnimateNewContent(View nextCertLayout) {
mCurrentCertLayout = nextCertLayout;
mRootContainer.removeAllViews();
mRootContainer.addView(nextCertLayout);
mRootContainer.addOnLayoutChangeListener( new View.OnLayoutChangeListener() {
@Override
public void onLayoutChange(View v, int left, int top, int right, int bottom,
int oldLeft, int oldTop, int oldRight, int oldBottom) {
mRootContainer.removeOnLayoutChangeListener(this);
// Animate slide in from the right
final int containerWidth = mRootContainer.getWidth();
mCurrentCertLayout.setTranslationX(containerWidth);
mCurrentCertLayout.animate()
.translationX(0)
.setInterpolator(AnimationUtils.loadInterpolator(mActivity,
android.R.interpolator.linear_out_slow_in))
.setDuration(IN_DURATION_MS)
.start();
}
});
}
}
}