Added functionality to select type of certificate to be installed from the Settings app

This is part of the changes to improve the UX and language for installing certificates.
Previously, the different types of certificate used the same installation flow. This CL
introduces a new settings page, where the type of certificate to be installed can be selected.

Bug: 139173976
Test: Atest com.android.settings.security
      manual testing from Settings by selecting the certificate type
	preference and ensuring the installation flow still worked as expected.

Change-Id: Iea7c91aa3801e429f0e22d29469958f4151b3cba

res/values/strings.xml

@@ -5834,10 +5834,8 @@
 
     <!-- Title of preference group for credential storage settings [CHAR LIMIT=30] -->
     <string name="credentials_title">Credential storage</string>
-    <!-- Title of preference to install certificates from SD card [CHAR LIMIT=30] -->
+    <!-- Title of preference to install certificates [CHAR LIMIT=30] -->
-    <string name="credentials_install" product="nosdcard">Install from storage</string>
+    <string name="credentials_install">Install a certificate</string>
-    <!-- Title of preference to install certificates from SD card [CHAR LIMIT=30] -->
-    <string name="credentials_install" product="default">Install from SD card</string>
     <!-- Summary of preference to install certificates from SD card [CHAR LIMIT=NONE] -->
     <string name="credentials_install_summary" product="nosdcard">Install certificates from storage</string>
     <!-- Summary of preference to install certificates from SD card [CHAR LIMIT=NONE] -->
@@ -5876,6 +5874,12 @@
     <string name="credentials_not_erased">Credential storage couldn\u2019t be erased.</string>
     <!-- Title of Usage Access preference item [CHAR LIMIT=30] -->
     <string name="usage_access_title">Apps with usage access</string>
+    <!-- Title of CA certificate [CHAR LIMIT=30] -->
+    <string name="ca_certificate">CA certificate</string>
+    <!-- Title of User certificate [CHAR LIMIT=30] -->
+    <string name="user_certificate">VPN &amp; app user certificate</string>
+    <!-- Title of Wi-Fi certificate [CHAR LIMIT=30] -->
+    <string name="wifi_certificate">Wi\u2011Fi certificate</string>
 
     <!-- Sound settings screen, setting check box label -->
     <string name="emergency_tone_title">Emergency dialing signal</string>
@@ -6833,6 +6837,8 @@
     <string name="help_url_security" translatable="false"></string>
     <!-- Help URL, Encryption settings [DO NOT TRANSLATE] -->
     <string name="help_url_encryption" translatable="false"></string>
+    <!-- Help URL, Install certificate settings [DO NOT TRANSLATE] -->
+    <string name="help_url_install_certificate" translatable="false"></string>
     <!-- Help URL, Tap & pay [DO NOT TRANSLATE] -->
     <string name="help_url_nfc_payment" translatable="false"></string>
     <!-- Help URL, Remote display [DO NOT TRANSLATE] -->

res/xml/encryption_and_credential.xml

@@ -58,17 +58,11 @@
             settings:userRestriction="no_config_credentials" />
 
         <com.android.settingslib.RestrictedPreference
-            android:key="credentials_install"
+            android:key="install_certificate"
             android:title="@string/credentials_install"
             android:summary="@string/credentials_install_summary"
-            settings:userRestriction="no_config_credentials">
+            android:fragment="com.android.settings.security.InstallCertificateFromStorage"
-
+            settings:userRestriction="no_config_credentials" />
-            <intent
-                android:action="android.credentials.INSTALL"
-                android:targetPackage="com.android.certinstaller"
-                android:targetClass="com.android.certinstaller.CertInstallerMain" />
-
-        </com.android.settingslib.RestrictedPreference>
 
         <com.android.settingslib.RestrictedPreference
             android:key="credentials_reset"

res/xml/install_certificate_from_storage.xml

@@ -0,0 +1,70 @@
+<!--
+  ~ Copyright (C) 2019 The Android Open Source Project
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~      http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<PreferenceScreen
+    xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:settings="http://schemas.android.com/apk/res-auto"
+    android:title="@string/credentials_install"
+    android:key="install_certificate_from_storage">
+
+    <PreferenceCategory
+        android:key="certificate_types">
+
+        <Preference
+            android:key="install_ca_certificate"
+            android:title="@string/ca_certificate">
+
+            <intent
+                android:action="android.credentials.INSTALL"
+                android:targetPackage="com.android.certinstaller"
+                android:targetClass="com.android.certinstaller.CertInstallerMain">
+                <!-- Same value as CERTIFICATE_USAGE_CA in keystore/java/android/security/Credentials.java -->
+                <extra android:name="certificate_install_usage" android:value="ca"/>
+            </intent>
+
+        </Preference>
+
+        <Preference
+            android:key="install_user_certificate"
+            android:title="@string/user_certificate">
+
+            <intent
+                android:action="android.credentials.INSTALL"
+                android:targetPackage="com.android.certinstaller"
+                android:targetClass="com.android.certinstaller.CertInstallerMain">
+                <!-- Same value as CERTIFICATE_USAGE_USER in keystore/java/android/security/Credentials.java -->
+                <extra android:name="certificate_install_usage" android:value="user"/>
+            </intent>
+
+        </Preference>
+
+        <Preference
+            android:key="install_wifi_certificate"
+            android:title="@string/wifi_certificate">
+
+            <intent
+                android:action="android.credentials.INSTALL"
+                android:targetPackage="com.android.certinstaller"
+                android:targetClass="com.android.certinstaller.CertInstallerMain">
+                <!-- Same value as CERTIFICATE_USAGE_WIFI in keystore/java/android/security/Credentials.java -->
+                <extra android:name="certificate_install_usage" android:value="wifi"/>
+            </intent>
+
+        </Preference>
+
+    </PreferenceCategory>
+
+</PreferenceScreen>

src/com/android/settings/security/EncryptionAndCredential.java

@@ -75,7 +75,7 @@ public class EncryptionAndCredential extends DashboardFragment {
         controllers.add(new CredentialStoragePreferenceController(context));
         controllers.add(new UserCredentialsPreferenceController(context));
         controllers.add(new ResetCredentialsPreferenceController(context, lifecycle));
-        controllers.add(new InstallCredentialsPreferenceController(context));
+        controllers.add(new InstallCertificatePreferenceController(context));
         return controllers;
     }
 

src/com/android/settings/security/InstallCaCertificatePreferenceController.java

@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.settings.security;
+
+import android.content.Context;
+import android.os.UserManager;
+
+import com.android.settings.core.BasePreferenceController;
+
+public class InstallCaCertificatePreferenceController extends
+        BasePreferenceController {
+
+    private static final String KEY_INSTALL_CA_CERTIFICATE = "install_ca_certificate";
+
+    public InstallCaCertificatePreferenceController(Context context) {
+        super(context, UserManager.DISALLOW_CONFIG_CREDENTIALS);
+    }
+
+    @Override
+    public int getAvailabilityStatus() {
+        return AVAILABLE;
+    }
+
+    @Override
+    public String getPreferenceKey() {
+        return KEY_INSTALL_CA_CERTIFICATE;
+    }
+}

src/com/android/settings/security/InstallCertificateFromStorage.java

@@ -0,0 +1,93 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.settings.security;
+
+import android.app.settings.SettingsEnums;
+import android.content.Context;
+import android.os.UserManager;
+
+import com.android.settings.R;
+import com.android.settings.dashboard.DashboardFragment;
+import com.android.settings.search.BaseSearchIndexProvider;
+import com.android.settingslib.core.AbstractPreferenceController;
+import com.android.settingslib.core.lifecycle.Lifecycle;
+import com.android.settingslib.search.SearchIndexable;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * Install certificate from storage settings.
+ */
+@SearchIndexable
+public class InstallCertificateFromStorage extends DashboardFragment {
+
+    private static final String TAG = "InstallCertificateFromStorage";
+
+    @Override
+    public int getMetricsCategory() {
+        return SettingsEnums.INSTALL_CERTIFICATE_FROM_STORAGE;
+    }
+
+    @Override
+    protected int getPreferenceScreenResId() {
+        return R.xml.install_certificate_from_storage;
+    }
+
+    @Override
+    protected String getLogTag() {
+        return TAG;
+    }
+
+    @Override
+    protected List<AbstractPreferenceController> createPreferenceControllers(Context context) {
+        return new ArrayList<AbstractPreferenceController>();
+    }
+
+    private static List<AbstractPreferenceController> buildPreferenceControllers(Context context,
+            Lifecycle lifecycle) {
+        final List<AbstractPreferenceController> controllers = new ArrayList<>();
+        controllers.add(new InstallCaCertificatePreferenceController(context));
+        controllers.add(new InstallUserCertificatePreferenceController(context));
+        controllers.add(new InstallWifiCertificatePreferenceController(context));
+        return controllers;
+    }
+
+    @Override
+    public int getHelpResource() {
+        return R.string.help_url_install_certificate;
+    }
+
+    /**
+     * For Search. Please keep it in sync when updating "createPreferenceHierarchy()"
+     */
+    public static final BaseSearchIndexProvider SEARCH_INDEX_DATA_PROVIDER =
+            new BaseSearchIndexProvider(R.xml.install_certificate_from_storage) {
+                @Override
+                public List<AbstractPreferenceController> createPreferenceControllers(
+                        Context context) {
+                    return buildPreferenceControllers(context, null /* lifecycle */);
+                }
+
+                @Override
+                protected boolean isPageSearchEnabled(Context context) {
+                    final UserManager um = (UserManager) context.getSystemService(
+                            Context.USER_SERVICE);
+                    return um.isAdminUser();
+                }
+            };
+}

src/com/android/settings/security/InstallCertificatePreferenceController.java

@@ -19,17 +19,17 @@ package com.android.settings.security;
 import android.content.Context;
 import android.os.UserManager;
 
-public class InstallCredentialsPreferenceController extends
+public class InstallCertificatePreferenceController extends
         RestrictedEncryptionPreferenceController {
 
-    private static final String KEY_CREDENTIALS_INSTALL = "credentials_install";
+    private static final String KEY_INSTALL_CERTIFICATE = "install_certificate";
 
-    public InstallCredentialsPreferenceController(Context context) {
+    public InstallCertificatePreferenceController(Context context) {
         super(context, UserManager.DISALLOW_CONFIG_CREDENTIALS);
     }
 
     @Override
     public String getPreferenceKey() {
-        return KEY_CREDENTIALS_INSTALL;
+        return KEY_INSTALL_CERTIFICATE;
     }
 }

src/com/android/settings/security/InstallUserCertificatePreferenceController.java

@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.settings.security;
+
+import android.content.Context;
+import android.os.UserManager;
+
+import com.android.settings.core.BasePreferenceController;
+
+public class InstallUserCertificatePreferenceController extends
+        BasePreferenceController {
+
+    private static final String KEY_INSTALL_USER_CERTIFICATE = "install_user_certificate";
+
+    public InstallUserCertificatePreferenceController(Context context) {
+        super(context, UserManager.DISALLOW_CONFIG_CREDENTIALS);
+    }
+
+    @Override
+    public int getAvailabilityStatus() {
+        return AVAILABLE;
+    }
+
+    @Override
+    public String getPreferenceKey() {
+        return KEY_INSTALL_USER_CERTIFICATE;
+    }
+}

src/com/android/settings/security/InstallWifiCertificatePreferenceController.java

@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.settings.security;
+
+import android.content.Context;
+import android.os.UserManager;
+
+import com.android.settings.core.BasePreferenceController;
+
+public class InstallWifiCertificatePreferenceController extends
+        BasePreferenceController {
+
+    private static final String KEY_INSTALL_WIFI_CERTIFICATE = "install_wifi_certificate";
+
+    public InstallWifiCertificatePreferenceController(Context context) {
+        super(context, UserManager.DISALLOW_CONFIG_CREDENTIALS);
+    }
+
+    @Override
+    public int getAvailabilityStatus() {
+        return AVAILABLE;
+    }
+
+    @Override
+    public String getPreferenceKey() {
+        return KEY_INSTALL_WIFI_CERTIFICATE;
+    }
+}

tests/robotests/src/com/android/settings/security/InstallCertificateFromStorageTest.java

@@ -0,0 +1,87 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.settings.security;
+
+import static com.android.settings.security.InstallCertificateFromStorage.SEARCH_INDEX_DATA_PROVIDER;
+
+import static com.google.common.truth.Truth.assertThat;
+
+import android.app.admin.DevicePolicyManager;
+import android.app.settings.SettingsEnums;
+import android.content.Context;
+import android.os.UserManager;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
+import org.robolectric.RobolectricTestRunner;
+import org.robolectric.RuntimeEnvironment;
+import org.robolectric.shadows.ShadowApplication;
+
+import java.util.ArrayList;
+import java.util.List;
+
+@RunWith(RobolectricTestRunner.class)
+public class InstallCertificateFromStorageTest {
+
+    @Mock
+    private UserManager mUserManager;
+
+    @Mock
+    private DevicePolicyManager mDevicePolicyManager;
+
+    private Context mContext;
+
+    private List<String> mTestKeys;
+
+    @Before
+    public void setUp() {
+        MockitoAnnotations.initMocks(this);
+        ShadowApplication application = ShadowApplication.getInstance();
+        application.setSystemService(Context.DEVICE_POLICY_SERVICE, mDevicePolicyManager);
+        application.setSystemService(Context.USER_SERVICE, mUserManager);
+        mContext = RuntimeEnvironment.application;
+        setUpTestKeys();
+    }
+
+    private void setUpTestKeys() {
+        mTestKeys = new ArrayList<>();
+        mTestKeys.add("install_certificate_from_storage");
+        mTestKeys.add("certificate_types");
+        mTestKeys.add("install_ca_certificate");
+        mTestKeys.add("install_user_certificate");
+        mTestKeys.add("install_wifi_certificate");
+    }
+
+    @Test
+    public void getMetricsCategory_shouldReturnInstallCertificateFromStorage() {
+        InstallCertificateFromStorage fragment = new InstallCertificateFromStorage();
+        assertThat(fragment.getMetricsCategory()).isEqualTo(
+                SettingsEnums.INSTALL_CERTIFICATE_FROM_STORAGE);
+    }
+
+    @Test
+    public void getNonIndexableKeys_existInXmlLayout() {
+        final List<String> nonIndexableKeys =
+                SEARCH_INDEX_DATA_PROVIDER.getNonIndexableKeys(mContext);
+
+        assertThat(nonIndexableKeys).containsAllIn(mTestKeys);
+    }
+
+}

tests/robotests/src/com/android/settings/security/RestrictedEncryptionPreferenceControllerTest.java

@@ -40,9 +40,12 @@ public class RestrictedEncryptionPreferenceControllerTest {
     private Context mContext;
     private ShadowUserManager mUserManager;
     private CredentialStoragePreferenceController mCredentialStoragePreferenceController;
-    private InstallCredentialsPreferenceController mInstallCredentialsPreferenceController;
+    private InstallCertificatePreferenceController mInstallCertificatePreferenceController;
     private ResetCredentialsPreferenceController mResetCredentialsPreferenceController;
     private UserCredentialsPreferenceController mUserCredentialsPreferenceController;
+    private InstallCaCertificatePreferenceController mInstallCaCertificatePreferenceController;
+    private InstallUserCertificatePreferenceController mInstallUserCertificatePreferenceController;
+    private InstallWifiCertificatePreferenceController mInstallWifiCertificatePreferenceController;
     private Lifecycle mLifecycle;
     private LifecycleOwner mLifecycleOwner;
 
@@ -53,21 +56,30 @@ public class RestrictedEncryptionPreferenceControllerTest {
         mLifecycle = new Lifecycle(mLifecycleOwner);
         mCredentialStoragePreferenceController =
                 new CredentialStoragePreferenceController(mContext);
-        mInstallCredentialsPreferenceController =
+        mInstallCertificatePreferenceController =
-                new InstallCredentialsPreferenceController(mContext);
+                new InstallCertificatePreferenceController(mContext);
         mResetCredentialsPreferenceController =
                 new ResetCredentialsPreferenceController(mContext, mLifecycle);
         mUserCredentialsPreferenceController =
                 new UserCredentialsPreferenceController(mContext);
+        mInstallCaCertificatePreferenceController =
+                new InstallCaCertificatePreferenceController(mContext);
+        mInstallUserCertificatePreferenceController =
+                new InstallUserCertificatePreferenceController(mContext);
+        mInstallWifiCertificatePreferenceController =
+                new InstallWifiCertificatePreferenceController(mContext);
         mUserManager = ShadowUserManager.getShadow();
     }
 
     @Test
     public void isAvailable_noRestriction_shouldReturnTrue() {
         assertThat(mCredentialStoragePreferenceController.isAvailable()).isTrue();
-        assertThat(mInstallCredentialsPreferenceController.isAvailable()).isTrue();
+        assertThat(mInstallCertificatePreferenceController.isAvailable()).isTrue();
         assertThat(mResetCredentialsPreferenceController.isAvailable()).isTrue();
         assertThat(mUserCredentialsPreferenceController.isAvailable()).isTrue();
+        assertThat(mInstallCaCertificatePreferenceController.isAvailable()).isTrue();
+        assertThat(mInstallUserCertificatePreferenceController.isAvailable()).isTrue();
+        assertThat(mInstallWifiCertificatePreferenceController.isAvailable()).isTrue();
     }
 
     @Test
@@ -75,8 +87,11 @@ public class RestrictedEncryptionPreferenceControllerTest {
         mUserManager.addBaseUserRestriction(UserManager.DISALLOW_CONFIG_CREDENTIALS);
 
         assertThat(mCredentialStoragePreferenceController.isAvailable()).isFalse();
-        assertThat(mInstallCredentialsPreferenceController.isAvailable()).isFalse();
+        assertThat(mInstallCertificatePreferenceController.isAvailable()).isFalse();
         assertThat(mResetCredentialsPreferenceController.isAvailable()).isFalse();
         assertThat(mUserCredentialsPreferenceController.isAvailable()).isFalse();
+        assertThat(mInstallCaCertificatePreferenceController.isAvailable()).isFalse();
+        assertThat(mInstallUserCertificatePreferenceController.isAvailable()).isFalse();
+        assertThat(mInstallWifiCertificatePreferenceController.isAvailable()).isFalse();
     }
 }