1 /*
2  * Copyright (C) 2016 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 package com.android.settings;
17 
18 import android.app.Activity;
19 import android.app.admin.DevicePolicyManager;
20 import android.content.DialogInterface;
21 import android.content.pm.UserInfo;
22 import android.net.http.SslCertificate;
23 import android.os.UserHandle;
24 import android.os.UserManager;
25 import android.view.View;
26 import android.view.animation.AnimationUtils;
27 import android.widget.AdapterView;
28 import android.widget.ArrayAdapter;
29 import android.widget.Button;
30 import android.widget.LinearLayout;
31 import android.widget.Spinner;
32 
33 import androidx.annotation.NonNull;
34 import androidx.appcompat.app.AlertDialog;
35 
36 import com.android.internal.widget.LockPatternUtils;
37 import com.android.settings.TrustedCredentialsFragment.CertHolder;
38 import com.android.settingslib.RestrictedLockUtils;
39 
40 import java.security.cert.X509Certificate;
41 import java.util.ArrayList;
42 import java.util.List;
43 import java.util.function.IntConsumer;
44 
45 class TrustedCredentialsDialogBuilder extends AlertDialog.Builder {
46     public interface DelegateInterface {
getX509CertsFromCertHolder(CertHolder certHolder)47         List<X509Certificate> getX509CertsFromCertHolder(CertHolder certHolder);
removeOrInstallCert(CertHolder certHolder)48         void removeOrInstallCert(CertHolder certHolder);
startConfirmCredentialIfNotConfirmed(int userId, IntConsumer onCredentialConfirmedListener)49         boolean startConfirmCredentialIfNotConfirmed(int userId,
50                 IntConsumer onCredentialConfirmedListener);
51     }
52 
53     private final DialogEventHandler mDialogEventHandler;
54 
TrustedCredentialsDialogBuilder(Activity activity, DelegateInterface delegate)55     public TrustedCredentialsDialogBuilder(Activity activity, DelegateInterface delegate) {
56         super(activity);
57         mDialogEventHandler = new DialogEventHandler(activity, delegate);
58 
59         initDefaultBuilderParams();
60     }
61 
setCertHolder(CertHolder certHolder)62     public TrustedCredentialsDialogBuilder setCertHolder(CertHolder certHolder) {
63         return setCertHolders(certHolder == null ? new CertHolder[0]
64                 : new CertHolder[]{certHolder});
65     }
66 
setCertHolders(@onNull CertHolder[] certHolders)67     public TrustedCredentialsDialogBuilder setCertHolders(@NonNull CertHolder[] certHolders) {
68         mDialogEventHandler.setCertHolders(certHolders);
69         return this;
70     }
71 
72     @Override
create()73     public AlertDialog create() {
74         AlertDialog dialog = super.create();
75         dialog.setOnShowListener(mDialogEventHandler);
76         mDialogEventHandler.setDialog(dialog);
77         return dialog;
78     }
79 
initDefaultBuilderParams()80     private void initDefaultBuilderParams() {
81         setTitle(com.android.internal.R.string.ssl_certificate);
82         setView(mDialogEventHandler.mRootContainer);
83 
84         // Enable buttons here. The actual labels and listeners are configured in nextOrDismiss
85         setPositiveButton(R.string.trusted_credentials_trust_label, null);
86         setNegativeButton(android.R.string.ok, null);
87     }
88 
89     private static class DialogEventHandler implements DialogInterface.OnShowListener,
90             View.OnClickListener  {
91         private static final long OUT_DURATION_MS = 300;
92         private static final long IN_DURATION_MS = 200;
93 
94         private final Activity mActivity;
95         private final DevicePolicyManager mDpm;
96         private final UserManager mUserManager;
97         private final DelegateInterface mDelegate;
98         private final LinearLayout mRootContainer;
99 
100         private int mCurrentCertIndex = -1;
101         private AlertDialog mDialog;
102         private Button mPositiveButton;
103         private Button mNegativeButton;
104         private boolean mNeedsApproval;
105         private CertHolder[] mCertHolders = new CertHolder[0];
106         private View mCurrentCertLayout = null;
107 
DialogEventHandler(Activity activity, DelegateInterface delegate)108         public DialogEventHandler(Activity activity, DelegateInterface delegate) {
109             mActivity = activity;
110             mDpm = activity.getSystemService(DevicePolicyManager.class);
111             mUserManager = activity.getSystemService(UserManager.class);
112             mDelegate = delegate;
113 
114             mRootContainer = new LinearLayout(mActivity);
115             mRootContainer.setOrientation(LinearLayout.VERTICAL);
116         }
117 
setDialog(AlertDialog dialog)118         public void setDialog(AlertDialog dialog) {
119             mDialog = dialog;
120         }
121 
setCertHolders(CertHolder[] certHolder)122         public void setCertHolders(CertHolder[] certHolder) {
123             mCertHolders = certHolder;
124         }
125 
126         @Override
onShow(DialogInterface dialogInterface)127         public void onShow(DialogInterface dialogInterface) {
128             // Config the display content only when the dialog is shown because the
129             // positive/negative buttons don't exist until the dialog is shown
130             nextOrDismiss();
131         }
132 
133         @Override
onClick(View view)134         public void onClick(View view) {
135             if (view == mPositiveButton) {
136                 if (mNeedsApproval) {
137                     onClickTrust();
138                 } else {
139                     onClickOk();
140                 }
141             } else if (view == mNegativeButton) {
142                 onClickEnableOrDisable();
143             }
144         }
145 
onClickOk()146         private void onClickOk() {
147             nextOrDismiss();
148         }
149 
onClickTrust()150         private void onClickTrust() {
151             CertHolder certHolder = getCurrentCertInfo();
152             if (!mDelegate.startConfirmCredentialIfNotConfirmed(certHolder.getUserId(),
153                     this::onCredentialConfirmed)) {
154                 mDpm.approveCaCert(certHolder.getAlias(), certHolder.getUserId(), true);
155                 nextOrDismiss();
156             }
157         }
158 
onClickEnableOrDisable()159         private void onClickEnableOrDisable() {
160             final CertHolder certHolder = getCurrentCertInfo();
161             DialogInterface.OnClickListener onConfirm = new DialogInterface.OnClickListener() {
162                 @Override
163                 public void onClick(DialogInterface dialog, int id) {
164                     mDelegate.removeOrInstallCert(certHolder);
165                     nextOrDismiss();
166                 }
167             };
168             if (certHolder.isSystemCert()) {
169                 // Removing system certs is reversible, so skip confirmation.
170                 onConfirm.onClick(null, -1);
171             } else {
172                 new AlertDialog.Builder(mActivity)
173                         .setMessage(R.string.trusted_credentials_remove_confirmation)
174                         .setPositiveButton(android.R.string.ok, onConfirm)
175                         .setNegativeButton(android.R.string.cancel, null)
176                         .show();
177 
178             }
179         }
180 
onCredentialConfirmed(int userId)181         private void onCredentialConfirmed(int userId) {
182             if (mDialog.isShowing() && mNeedsApproval && getCurrentCertInfo() != null
183                     && getCurrentCertInfo().getUserId() == userId) {
184                 // Treat it as user just clicks "trust" for this cert
185                 onClickTrust();
186             }
187         }
188 
getCurrentCertInfo()189         private CertHolder getCurrentCertInfo() {
190             return mCurrentCertIndex < mCertHolders.length ? mCertHolders[mCurrentCertIndex] : null;
191         }
192 
nextOrDismiss()193         private void nextOrDismiss() {
194             mCurrentCertIndex++;
195             // find next non-null cert or dismiss
196             while (mCurrentCertIndex < mCertHolders.length && getCurrentCertInfo() == null) {
197                 mCurrentCertIndex++;
198             }
199 
200             if (mCurrentCertIndex >= mCertHolders.length) {
201                 mDialog.dismiss();
202                 return;
203             }
204 
205             updateViewContainer();
206             updatePositiveButton();
207             updateNegativeButton();
208         }
209 
210         /**
211          * @return true if current user or parent user is guarded by screenlock
212          */
isUserSecure(int userId)213         private boolean isUserSecure(int userId) {
214             final LockPatternUtils lockPatternUtils = new LockPatternUtils(mActivity);
215             if (lockPatternUtils.isSecure(userId)) {
216                 return true;
217             }
218             UserInfo parentUser = mUserManager.getProfileParent(userId);
219             if (parentUser == null) {
220                 return false;
221             }
222             return lockPatternUtils.isSecure(parentUser.id);
223         }
224 
updatePositiveButton()225         private void updatePositiveButton() {
226             final CertHolder certHolder = getCurrentCertInfo();
227             mNeedsApproval = !certHolder.isSystemCert()
228                     && isUserSecure(certHolder.getUserId())
229                     && !mDpm.isCaCertApproved(certHolder.getAlias(), certHolder.getUserId());
230 
231             final boolean isProfileOrDeviceOwner = RestrictedLockUtils.getProfileOrDeviceOwner(
232                     mActivity, UserHandle.of(certHolder.getUserId())) != null;
233 
234             // Show trust button only when it requires consumer user (non-PO/DO) to approve
235             CharSequence displayText = mActivity.getText(!isProfileOrDeviceOwner && mNeedsApproval
236                     ? R.string.trusted_credentials_trust_label
237                     : android.R.string.ok);
238             mPositiveButton = updateButton(DialogInterface.BUTTON_POSITIVE, displayText);
239         }
240 
updateNegativeButton()241         private void updateNegativeButton() {
242             final CertHolder certHolder = getCurrentCertInfo();
243             final boolean showRemoveButton = !mUserManager.hasUserRestriction(
244                     UserManager.DISALLOW_CONFIG_CREDENTIALS,
245                     new UserHandle(certHolder.getUserId()));
246             CharSequence displayText = mActivity.getText(getButtonLabel(certHolder));
247             mNegativeButton = updateButton(DialogInterface.BUTTON_NEGATIVE, displayText);
248             mNegativeButton.setVisibility(showRemoveButton ? View.VISIBLE : View.GONE);
249         }
250 
251         /**
252          * mDialog.setButton doesn't trigger text refresh since mDialog has been shown.
253          * It's invoked only in case mDialog is refreshed.
254          * setOnClickListener is invoked to avoid dismiss dialog onClick
255          */
updateButton(int buttonType, CharSequence displayText)256         private Button updateButton(int buttonType, CharSequence displayText) {
257             mDialog.setButton(buttonType, displayText, (DialogInterface.OnClickListener) null);
258             Button button = mDialog.getButton(buttonType);
259             button.setText(displayText);
260             button.setOnClickListener(this);
261             return button;
262         }
263 
264 
updateViewContainer()265         private void updateViewContainer() {
266             CertHolder certHolder = getCurrentCertInfo();
267             LinearLayout nextCertLayout = getCertLayout(certHolder);
268 
269             // Displaying first cert doesn't require animation
270             if (mCurrentCertLayout == null) {
271                 mCurrentCertLayout = nextCertLayout;
272                 mRootContainer.addView(mCurrentCertLayout);
273             } else {
274                 animateViewTransition(nextCertLayout);
275             }
276         }
277 
getCertLayout(final CertHolder certHolder)278         private LinearLayout getCertLayout(final CertHolder certHolder) {
279             final ArrayList<View> views =  new ArrayList<View>();
280             final ArrayList<String> titles = new ArrayList<String>();
281             List<X509Certificate> certificates = mDelegate.getX509CertsFromCertHolder(certHolder);
282             if (certificates != null) {
283                 for (X509Certificate certificate : certificates) {
284                     SslCertificate sslCert = new SslCertificate(certificate);
285                     views.add(sslCert.inflateCertificateView(mActivity));
286                     titles.add(sslCert.getIssuedTo().getCName());
287                 }
288             }
289 
290             ArrayAdapter<String> arrayAdapter = new ArrayAdapter<String>(mActivity,
291                     android.R.layout.simple_spinner_item,
292                     titles);
293             arrayAdapter.setDropDownViewResource(android.R.layout.simple_spinner_dropdown_item);
294             Spinner spinner = new Spinner(mActivity);
295             spinner.setAdapter(arrayAdapter);
296             spinner.setOnItemSelectedListener(new AdapterView.OnItemSelectedListener() {
297                 @Override
298                 public void onItemSelected(AdapterView<?> parent, View view, int position,
299                         long id) {
300                     for (int i = 0; i < views.size(); i++) {
301                         views.get(i).setVisibility(i == position ? View.VISIBLE : View.GONE);
302                     }
303                 }
304 
305                 @Override
306                 public void onNothingSelected(AdapterView<?> parent) {
307                 }
308             });
309 
310             LinearLayout certLayout = new LinearLayout(mActivity);
311             certLayout.setOrientation(LinearLayout.VERTICAL);
312             // Prevent content overlapping with spinner
313             certLayout.setClipChildren(true);
314             certLayout.addView(spinner);
315             for (int i = 0; i < views.size(); ++i) {
316                 View certificateView = views.get(i);
317                 // Show first cert by default
318                 certificateView.setVisibility(i == 0 ? View.VISIBLE : View.GONE);
319                 certLayout.addView(certificateView);
320             }
321 
322             return certLayout;
323         }
324 
getButtonLabel(CertHolder certHolder)325         private static int getButtonLabel(CertHolder certHolder) {
326             return certHolder.isSystemCert() ? ( certHolder.isDeleted()
327                         ? R.string.trusted_credentials_enable_label
328                         : R.string.trusted_credentials_disable_label )
329                     : R.string.trusted_credentials_remove_label;
330         }
331 
332         /* Animation code */
animateViewTransition(final View nextCertView)333         private void animateViewTransition(final View nextCertView) {
334             animateOldContent(new Runnable() {
335                 @Override
336                 public void run() {
337                     addAndAnimateNewContent(nextCertView);
338                 }
339             });
340         }
341 
animateOldContent(Runnable callback)342         private void animateOldContent(Runnable callback) {
343             // Fade out
344             mCurrentCertLayout.animate()
345                     .alpha(0)
346                     .setDuration(OUT_DURATION_MS)
347                     .setInterpolator(AnimationUtils.loadInterpolator(mActivity,
348                             android.R.interpolator.fast_out_linear_in))
349                     .withEndAction(callback)
350                     .start();
351         }
352 
addAndAnimateNewContent(View nextCertLayout)353         private void addAndAnimateNewContent(View nextCertLayout) {
354             mCurrentCertLayout = nextCertLayout;
355             mRootContainer.removeAllViews();
356             mRootContainer.addView(nextCertLayout);
357 
358             mRootContainer.addOnLayoutChangeListener( new View.OnLayoutChangeListener() {
359                 @Override
360                 public void onLayoutChange(View v, int left, int top, int right, int bottom,
361                         int oldLeft, int oldTop, int oldRight, int oldBottom) {
362                     mRootContainer.removeOnLayoutChangeListener(this);
363 
364                     // Animate slide in from the right
365                     final int containerWidth = mRootContainer.getWidth();
366                     mCurrentCertLayout.setTranslationX(containerWidth);
367                     mCurrentCertLayout.animate()
368                             .translationX(0)
369                             .setInterpolator(AnimationUtils.loadInterpolator(mActivity,
370                                     android.R.interpolator.linear_out_slow_in))
371                             .setDuration(IN_DURATION_MS)
372                             .start();
373                 }
374             });
375         }
376     }
377 }
378