2 * Copyright (C) 2016 The Android Open Source Project
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
16 package com.android.settings;
18 import android.annotation.NonNull;
19 import android.app.Activity;
20 import android.app.AlertDialog;
21 import android.app.admin.DevicePolicyManager;
22 import android.content.DialogInterface;
23 import android.content.pm.UserInfo;
24 import android.net.http.SslCertificate;
25 import android.os.UserHandle;
26 import android.os.UserManager;
27 import android.view.View;
28 import android.view.animation.AnimationUtils;
29 import android.widget.AdapterView;
30 import android.widget.ArrayAdapter;
31 import android.widget.Button;
32 import android.widget.LinearLayout;
33 import android.widget.Spinner;
35 import com.android.internal.widget.LockPatternUtils;
36 import com.android.settings.TrustedCredentialsSettings.CertHolder;
37 import com.android.settingslib.RestrictedLockUtils;
39 import java.security.cert.X509Certificate;
40 import java.util.ArrayList;
41 import java.util.List;
42 import java.util.function.IntConsumer;
44 class TrustedCredentialsDialogBuilder extends AlertDialog.Builder {
45 public interface DelegateInterface {
46 List<X509Certificate> getX509CertsFromCertHolder(CertHolder certHolder);
47 void removeOrInstallCert(CertHolder certHolder);
48 boolean startConfirmCredentialIfNotConfirmed(int userId,
49 IntConsumer onCredentialConfirmedListener);
52 private final DialogEventHandler mDialogEventHandler;
54 public TrustedCredentialsDialogBuilder(Activity activity, DelegateInterface delegate) {
56 mDialogEventHandler = new DialogEventHandler(activity, delegate);
58 initDefaultBuilderParams();
61 public TrustedCredentialsDialogBuilder setCertHolder(CertHolder certHolder) {
62 return setCertHolders(certHolder == null ? new CertHolder[0]
63 : new CertHolder[]{certHolder});
66 public TrustedCredentialsDialogBuilder setCertHolders(@NonNull CertHolder[] certHolders) {
67 mDialogEventHandler.setCertHolders(certHolders);
72 public AlertDialog create() {
73 AlertDialog dialog = super.create();
74 dialog.setOnShowListener(mDialogEventHandler);
75 mDialogEventHandler.setDialog(dialog);
79 private void initDefaultBuilderParams() {
80 setTitle(com.android.internal.R.string.ssl_certificate);
81 setView(mDialogEventHandler.mRootContainer);
83 // Enable buttons here. The actual labels and listeners are configured in nextOrDismiss
84 setPositiveButton(R.string.trusted_credentials_trust_label, null);
85 setNegativeButton(android.R.string.ok, null);
88 private static class DialogEventHandler implements DialogInterface.OnShowListener,
89 View.OnClickListener {
90 private static final long OUT_DURATION_MS = 300;
91 private static final long IN_DURATION_MS = 200;
93 private final Activity mActivity;
94 private final DevicePolicyManager mDpm;
95 private final UserManager mUserManager;
96 private final DelegateInterface mDelegate;
97 private final LinearLayout mRootContainer;
99 private int mCurrentCertIndex = -1;
100 private AlertDialog mDialog;
101 private Button mPositiveButton;
102 private Button mNegativeButton;
103 private boolean mNeedsApproval;
104 private CertHolder[] mCertHolders = new CertHolder[0];
105 private View mCurrentCertLayout = null;
107 public DialogEventHandler(Activity activity, DelegateInterface delegate) {
108 mActivity = activity;
109 mDpm = activity.getSystemService(DevicePolicyManager.class);
110 mUserManager = activity.getSystemService(UserManager.class);
111 mDelegate = delegate;
113 mRootContainer = new LinearLayout(mActivity);
114 mRootContainer.setOrientation(LinearLayout.VERTICAL);
117 public void setDialog(AlertDialog dialog) {
121 public void setCertHolders(CertHolder[] certHolder) {
122 mCertHolders = certHolder;
126 public void onShow(DialogInterface dialogInterface) {
127 // Config the display content only when the dialog is shown because the
128 // positive/negative buttons don't exist until the dialog is shown
133 public void onClick(View view) {
134 if (view == mPositiveButton) {
135 if (mNeedsApproval) {
140 } else if (view == mNegativeButton) {
141 onClickEnableOrDisable();
145 private void onClickOk() {
149 private void onClickTrust() {
150 CertHolder certHolder = getCurrentCertInfo();
151 if (!mDelegate.startConfirmCredentialIfNotConfirmed(certHolder.getUserId(),
152 this::onCredentialConfirmed)) {
153 mDpm.approveCaCert(certHolder.getAlias(), certHolder.getUserId(), true);
158 private void onClickEnableOrDisable() {
159 final CertHolder certHolder = getCurrentCertInfo();
160 DialogInterface.OnClickListener onConfirm = new DialogInterface.OnClickListener() {
162 public void onClick(DialogInterface dialog, int id) {
163 mDelegate.removeOrInstallCert(certHolder);
167 if (certHolder.isSystemCert()) {
168 // Removing system certs is reversible, so skip confirmation.
169 onConfirm.onClick(null, -1);
171 new AlertDialog.Builder(mActivity)
172 .setMessage(R.string.trusted_credentials_remove_confirmation)
173 .setPositiveButton(android.R.string.yes, onConfirm)
174 .setNegativeButton(android.R.string.no, null)
180 private void onCredentialConfirmed(int userId) {
181 if (mDialog.isShowing() && mNeedsApproval && getCurrentCertInfo() != null
182 && getCurrentCertInfo().getUserId() == userId) {
183 // Treat it as user just clicks "trust" for this cert
188 private CertHolder getCurrentCertInfo() {
189 return mCurrentCertIndex < mCertHolders.length ? mCertHolders[mCurrentCertIndex] : null;
192 private void nextOrDismiss() {
194 // find next non-null cert or dismiss
195 while (mCurrentCertIndex < mCertHolders.length && getCurrentCertInfo() == null) {
199 if (mCurrentCertIndex >= mCertHolders.length) {
204 updateViewContainer();
205 updatePositiveButton();
206 updateNegativeButton();
210 * @return true if current user or parent user is guarded by screenlock
212 private boolean isUserSecure(int userId) {
213 final LockPatternUtils lockPatternUtils = new LockPatternUtils(mActivity);
214 if (lockPatternUtils.isSecure(userId)) {
217 UserInfo parentUser = mUserManager.getProfileParent(userId);
218 if (parentUser == null) {
221 return lockPatternUtils.isSecure(parentUser.id);
224 private void updatePositiveButton() {
225 final CertHolder certHolder = getCurrentCertInfo();
226 mNeedsApproval = !certHolder.isSystemCert()
227 && isUserSecure(certHolder.getUserId())
228 && !mDpm.isCaCertApproved(certHolder.getAlias(), certHolder.getUserId());
230 final boolean isProfileOrDeviceOwner = RestrictedLockUtils.getProfileOrDeviceOwner(
231 mActivity, certHolder.getUserId()) != null;
233 // Show trust button only when it requires consumer user (non-PO/DO) to approve
234 CharSequence displayText = mActivity.getText(!isProfileOrDeviceOwner && mNeedsApproval
235 ? R.string.trusted_credentials_trust_label
236 : android.R.string.ok);
237 mPositiveButton = updateButton(DialogInterface.BUTTON_POSITIVE, displayText);
240 private void updateNegativeButton() {
241 final CertHolder certHolder = getCurrentCertInfo();
242 final boolean showRemoveButton = !mUserManager.hasUserRestriction(
243 UserManager.DISALLOW_CONFIG_CREDENTIALS,
244 new UserHandle(certHolder.getUserId()));
245 CharSequence displayText = mActivity.getText(getButtonLabel(certHolder));
246 mNegativeButton = updateButton(DialogInterface.BUTTON_NEGATIVE, displayText);
247 mNegativeButton.setVisibility(showRemoveButton ? View.VISIBLE : View.GONE);
251 * mDialog.setButton doesn't trigger text refresh since mDialog has been shown.
252 * It's invoked only in case mDialog is refreshed.
253 * setOnClickListener is invoked to avoid dismiss dialog onClick
255 private Button updateButton(int buttonType, CharSequence displayText) {
256 mDialog.setButton(buttonType, displayText, (DialogInterface.OnClickListener) null);
257 Button button = mDialog.getButton(buttonType);
258 button.setText(displayText);
259 button.setOnClickListener(this);
264 private void updateViewContainer() {
265 CertHolder certHolder = getCurrentCertInfo();
266 LinearLayout nextCertLayout = getCertLayout(certHolder);
268 // Displaying first cert doesn't require animation
269 if (mCurrentCertLayout == null) {
270 mCurrentCertLayout = nextCertLayout;
271 mRootContainer.addView(mCurrentCertLayout);
273 animateViewTransition(nextCertLayout);
277 private LinearLayout getCertLayout(final CertHolder certHolder) {
278 final ArrayList<View> views = new ArrayList<View>();
279 final ArrayList<String> titles = new ArrayList<String>();
280 List<X509Certificate> certificates = mDelegate.getX509CertsFromCertHolder(certHolder);
281 if (certificates != null) {
282 for (X509Certificate certificate : certificates) {
283 SslCertificate sslCert = new SslCertificate(certificate);
284 views.add(sslCert.inflateCertificateView(mActivity));
285 titles.add(sslCert.getIssuedTo().getCName());
289 ArrayAdapter<String> arrayAdapter = new ArrayAdapter<String>(mActivity,
290 android.R.layout.simple_spinner_item,
292 arrayAdapter.setDropDownViewResource(android.R.layout.simple_spinner_dropdown_item);
293 Spinner spinner = new Spinner(mActivity);
294 spinner.setAdapter(arrayAdapter);
295 spinner.setOnItemSelectedListener(new AdapterView.OnItemSelectedListener() {
297 public void onItemSelected(AdapterView<?> parent, View view, int position,
299 for (int i = 0; i < views.size(); i++) {
300 views.get(i).setVisibility(i == position ? View.VISIBLE : View.GONE);
305 public void onNothingSelected(AdapterView<?> parent) {
309 LinearLayout certLayout = new LinearLayout(mActivity);
310 certLayout.setOrientation(LinearLayout.VERTICAL);
311 certLayout.addView(spinner);
312 for (int i = 0; i < views.size(); ++i) {
313 View certificateView = views.get(i);
314 // Show first cert by default
315 certificateView.setVisibility(i == 0 ? View.VISIBLE : View.GONE);
316 certLayout.addView(certificateView);
322 private static int getButtonLabel(CertHolder certHolder) {
323 return certHolder.isSystemCert() ? ( certHolder.isDeleted()
324 ? R.string.trusted_credentials_enable_label
325 : R.string.trusted_credentials_disable_label )
326 : R.string.trusted_credentials_remove_label;
330 private void animateViewTransition(final View nextCertView) {
331 animateOldContent(new Runnable() {
334 addAndAnimateNewContent(nextCertView);
339 private void animateOldContent(Runnable callback) {
341 mCurrentCertLayout.animate()
343 .setDuration(OUT_DURATION_MS)
344 .setInterpolator(AnimationUtils.loadInterpolator(mActivity,
345 android.R.interpolator.fast_out_linear_in))
346 .withEndAction(callback)
350 private void addAndAnimateNewContent(View nextCertLayout) {
351 mCurrentCertLayout = nextCertLayout;
352 mRootContainer.removeAllViews();
353 mRootContainer.addView(nextCertLayout);
355 mRootContainer.addOnLayoutChangeListener( new View.OnLayoutChangeListener() {
357 public void onLayoutChange(View v, int left, int top, int right, int bottom,
358 int oldLeft, int oldTop, int oldRight, int oldBottom) {
359 mRootContainer.removeOnLayoutChangeListener(this);
361 // Animate slide in from the right
362 final int containerWidth = mRootContainer.getWidth();
363 mCurrentCertLayout.setTranslationX(containerWidth);
364 mCurrentCertLayout.animate()
366 .setInterpolator(AnimationUtils.loadInterpolator(mActivity,
367 android.R.interpolator.linear_out_slow_in))
368 .setDuration(IN_DURATION_MS)