Added functionality to select type of certificate to be installed from the Settings app

This is part of the changes to improve the UX and language for installing certificates.
Previously, the different types of certificate used the same installation flow. This CL
introduces a new settings page, where the type of certificate to be installed can be selected.

Bug: 139173976
Test: Atest com.android.settings.security
      manual testing from Settings by selecting the certificate type
	preference and ensuring the installation flow still worked as expected.

Change-Id: Iea7c91aa3801e429f0e22d29469958f4151b3cba
This commit is contained in:
Alex Johnston
2019-10-14 17:50:21 +01:00
parent cf596519cb
commit 7659e53a94
11 changed files with 414 additions and 23 deletions

View File

@@ -5834,10 +5834,8 @@
<!-- Title of preference group for credential storage settings [CHAR LIMIT=30] --> <!-- Title of preference group for credential storage settings [CHAR LIMIT=30] -->
<string name="credentials_title">Credential storage</string> <string name="credentials_title">Credential storage</string>
<!-- Title of preference to install certificates from SD card [CHAR LIMIT=30] --> <!-- Title of preference to install certificates [CHAR LIMIT=30] -->
<string name="credentials_install" product="nosdcard">Install from storage</string> <string name="credentials_install">Install a certificate</string>
<!-- Title of preference to install certificates from SD card [CHAR LIMIT=30] -->
<string name="credentials_install" product="default">Install from SD card</string>
<!-- Summary of preference to install certificates from SD card [CHAR LIMIT=NONE] --> <!-- Summary of preference to install certificates from SD card [CHAR LIMIT=NONE] -->
<string name="credentials_install_summary" product="nosdcard">Install certificates from storage</string> <string name="credentials_install_summary" product="nosdcard">Install certificates from storage</string>
<!-- Summary of preference to install certificates from SD card [CHAR LIMIT=NONE] --> <!-- Summary of preference to install certificates from SD card [CHAR LIMIT=NONE] -->
@@ -5876,6 +5874,12 @@
<string name="credentials_not_erased">Credential storage couldn\u2019t be erased.</string> <string name="credentials_not_erased">Credential storage couldn\u2019t be erased.</string>
<!-- Title of Usage Access preference item [CHAR LIMIT=30] --> <!-- Title of Usage Access preference item [CHAR LIMIT=30] -->
<string name="usage_access_title">Apps with usage access</string> <string name="usage_access_title">Apps with usage access</string>
<!-- Title of CA certificate [CHAR LIMIT=30] -->
<string name="ca_certificate">CA certificate</string>
<!-- Title of User certificate [CHAR LIMIT=30] -->
<string name="user_certificate">VPN &amp; app user certificate</string>
<!-- Title of Wi-Fi certificate [CHAR LIMIT=30] -->
<string name="wifi_certificate">Wi\u2011Fi certificate</string>
<!-- Sound settings screen, setting check box label --> <!-- Sound settings screen, setting check box label -->
<string name="emergency_tone_title">Emergency dialing signal</string> <string name="emergency_tone_title">Emergency dialing signal</string>
@@ -6833,6 +6837,8 @@
<string name="help_url_security" translatable="false"></string> <string name="help_url_security" translatable="false"></string>
<!-- Help URL, Encryption settings [DO NOT TRANSLATE] --> <!-- Help URL, Encryption settings [DO NOT TRANSLATE] -->
<string name="help_url_encryption" translatable="false"></string> <string name="help_url_encryption" translatable="false"></string>
<!-- Help URL, Install certificate settings [DO NOT TRANSLATE] -->
<string name="help_url_install_certificate" translatable="false"></string>
<!-- Help URL, Tap & pay [DO NOT TRANSLATE] --> <!-- Help URL, Tap & pay [DO NOT TRANSLATE] -->
<string name="help_url_nfc_payment" translatable="false"></string> <string name="help_url_nfc_payment" translatable="false"></string>
<!-- Help URL, Remote display [DO NOT TRANSLATE] --> <!-- Help URL, Remote display [DO NOT TRANSLATE] -->

View File

@@ -58,17 +58,11 @@
settings:userRestriction="no_config_credentials" /> settings:userRestriction="no_config_credentials" />
<com.android.settingslib.RestrictedPreference <com.android.settingslib.RestrictedPreference
android:key="credentials_install" android:key="install_certificate"
android:title="@string/credentials_install" android:title="@string/credentials_install"
android:summary="@string/credentials_install_summary" android:summary="@string/credentials_install_summary"
settings:userRestriction="no_config_credentials"> android:fragment="com.android.settings.security.InstallCertificateFromStorage"
settings:userRestriction="no_config_credentials" />
<intent
android:action="android.credentials.INSTALL"
android:targetPackage="com.android.certinstaller"
android:targetClass="com.android.certinstaller.CertInstallerMain" />
</com.android.settingslib.RestrictedPreference>
<com.android.settingslib.RestrictedPreference <com.android.settingslib.RestrictedPreference
android:key="credentials_reset" android:key="credentials_reset"

View File

@@ -0,0 +1,70 @@
<!--
~ Copyright (C) 2019 The Android Open Source Project
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<PreferenceScreen
xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:settings="http://schemas.android.com/apk/res-auto"
android:title="@string/credentials_install"
android:key="install_certificate_from_storage">
<PreferenceCategory
android:key="certificate_types">
<Preference
android:key="install_ca_certificate"
android:title="@string/ca_certificate">
<intent
android:action="android.credentials.INSTALL"
android:targetPackage="com.android.certinstaller"
android:targetClass="com.android.certinstaller.CertInstallerMain">
<!-- Same value as CERTIFICATE_USAGE_CA in keystore/java/android/security/Credentials.java -->
<extra android:name="certificate_install_usage" android:value="ca"/>
</intent>
</Preference>
<Preference
android:key="install_user_certificate"
android:title="@string/user_certificate">
<intent
android:action="android.credentials.INSTALL"
android:targetPackage="com.android.certinstaller"
android:targetClass="com.android.certinstaller.CertInstallerMain">
<!-- Same value as CERTIFICATE_USAGE_USER in keystore/java/android/security/Credentials.java -->
<extra android:name="certificate_install_usage" android:value="user"/>
</intent>
</Preference>
<Preference
android:key="install_wifi_certificate"
android:title="@string/wifi_certificate">
<intent
android:action="android.credentials.INSTALL"
android:targetPackage="com.android.certinstaller"
android:targetClass="com.android.certinstaller.CertInstallerMain">
<!-- Same value as CERTIFICATE_USAGE_WIFI in keystore/java/android/security/Credentials.java -->
<extra android:name="certificate_install_usage" android:value="wifi"/>
</intent>
</Preference>
</PreferenceCategory>
</PreferenceScreen>

View File

@@ -75,7 +75,7 @@ public class EncryptionAndCredential extends DashboardFragment {
controllers.add(new CredentialStoragePreferenceController(context)); controllers.add(new CredentialStoragePreferenceController(context));
controllers.add(new UserCredentialsPreferenceController(context)); controllers.add(new UserCredentialsPreferenceController(context));
controllers.add(new ResetCredentialsPreferenceController(context, lifecycle)); controllers.add(new ResetCredentialsPreferenceController(context, lifecycle));
controllers.add(new InstallCredentialsPreferenceController(context)); controllers.add(new InstallCertificatePreferenceController(context));
return controllers; return controllers;
} }

View File

@@ -0,0 +1,42 @@
/*
* Copyright (C) 2019 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.android.settings.security;
import android.content.Context;
import android.os.UserManager;
import com.android.settings.core.BasePreferenceController;
public class InstallCaCertificatePreferenceController extends
BasePreferenceController {
private static final String KEY_INSTALL_CA_CERTIFICATE = "install_ca_certificate";
public InstallCaCertificatePreferenceController(Context context) {
super(context, UserManager.DISALLOW_CONFIG_CREDENTIALS);
}
@Override
public int getAvailabilityStatus() {
return AVAILABLE;
}
@Override
public String getPreferenceKey() {
return KEY_INSTALL_CA_CERTIFICATE;
}
}

View File

@@ -0,0 +1,93 @@
/*
* Copyright (C) 2019 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.android.settings.security;
import android.app.settings.SettingsEnums;
import android.content.Context;
import android.os.UserManager;
import com.android.settings.R;
import com.android.settings.dashboard.DashboardFragment;
import com.android.settings.search.BaseSearchIndexProvider;
import com.android.settingslib.core.AbstractPreferenceController;
import com.android.settingslib.core.lifecycle.Lifecycle;
import com.android.settingslib.search.SearchIndexable;
import java.util.ArrayList;
import java.util.List;
/**
* Install certificate from storage settings.
*/
@SearchIndexable
public class InstallCertificateFromStorage extends DashboardFragment {
private static final String TAG = "InstallCertificateFromStorage";
@Override
public int getMetricsCategory() {
return SettingsEnums.INSTALL_CERTIFICATE_FROM_STORAGE;
}
@Override
protected int getPreferenceScreenResId() {
return R.xml.install_certificate_from_storage;
}
@Override
protected String getLogTag() {
return TAG;
}
@Override
protected List<AbstractPreferenceController> createPreferenceControllers(Context context) {
return new ArrayList<AbstractPreferenceController>();
}
private static List<AbstractPreferenceController> buildPreferenceControllers(Context context,
Lifecycle lifecycle) {
final List<AbstractPreferenceController> controllers = new ArrayList<>();
controllers.add(new InstallCaCertificatePreferenceController(context));
controllers.add(new InstallUserCertificatePreferenceController(context));
controllers.add(new InstallWifiCertificatePreferenceController(context));
return controllers;
}
@Override
public int getHelpResource() {
return R.string.help_url_install_certificate;
}
/**
* For Search. Please keep it in sync when updating "createPreferenceHierarchy()"
*/
public static final BaseSearchIndexProvider SEARCH_INDEX_DATA_PROVIDER =
new BaseSearchIndexProvider(R.xml.install_certificate_from_storage) {
@Override
public List<AbstractPreferenceController> createPreferenceControllers(
Context context) {
return buildPreferenceControllers(context, null /* lifecycle */);
}
@Override
protected boolean isPageSearchEnabled(Context context) {
final UserManager um = (UserManager) context.getSystemService(
Context.USER_SERVICE);
return um.isAdminUser();
}
};
}

View File

@@ -19,17 +19,17 @@ package com.android.settings.security;
import android.content.Context; import android.content.Context;
import android.os.UserManager; import android.os.UserManager;
public class InstallCredentialsPreferenceController extends public class InstallCertificatePreferenceController extends
RestrictedEncryptionPreferenceController { RestrictedEncryptionPreferenceController {
private static final String KEY_CREDENTIALS_INSTALL = "credentials_install"; private static final String KEY_INSTALL_CERTIFICATE = "install_certificate";
public InstallCredentialsPreferenceController(Context context) { public InstallCertificatePreferenceController(Context context) {
super(context, UserManager.DISALLOW_CONFIG_CREDENTIALS); super(context, UserManager.DISALLOW_CONFIG_CREDENTIALS);
} }
@Override @Override
public String getPreferenceKey() { public String getPreferenceKey() {
return KEY_CREDENTIALS_INSTALL; return KEY_INSTALL_CERTIFICATE;
} }
} }

View File

@@ -0,0 +1,42 @@
/*
* Copyright (C) 2019 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.android.settings.security;
import android.content.Context;
import android.os.UserManager;
import com.android.settings.core.BasePreferenceController;
public class InstallUserCertificatePreferenceController extends
BasePreferenceController {
private static final String KEY_INSTALL_USER_CERTIFICATE = "install_user_certificate";
public InstallUserCertificatePreferenceController(Context context) {
super(context, UserManager.DISALLOW_CONFIG_CREDENTIALS);
}
@Override
public int getAvailabilityStatus() {
return AVAILABLE;
}
@Override
public String getPreferenceKey() {
return KEY_INSTALL_USER_CERTIFICATE;
}
}

View File

@@ -0,0 +1,42 @@
/*
* Copyright (C) 2019 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.android.settings.security;
import android.content.Context;
import android.os.UserManager;
import com.android.settings.core.BasePreferenceController;
public class InstallWifiCertificatePreferenceController extends
BasePreferenceController {
private static final String KEY_INSTALL_WIFI_CERTIFICATE = "install_wifi_certificate";
public InstallWifiCertificatePreferenceController(Context context) {
super(context, UserManager.DISALLOW_CONFIG_CREDENTIALS);
}
@Override
public int getAvailabilityStatus() {
return AVAILABLE;
}
@Override
public String getPreferenceKey() {
return KEY_INSTALL_WIFI_CERTIFICATE;
}
}

View File

@@ -0,0 +1,87 @@
/*
* Copyright (C) 2019 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.android.settings.security;
import static com.android.settings.security.InstallCertificateFromStorage.SEARCH_INDEX_DATA_PROVIDER;
import static com.google.common.truth.Truth.assertThat;
import android.app.admin.DevicePolicyManager;
import android.app.settings.SettingsEnums;
import android.content.Context;
import android.os.UserManager;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.MockitoAnnotations;
import org.robolectric.RobolectricTestRunner;
import org.robolectric.RuntimeEnvironment;
import org.robolectric.shadows.ShadowApplication;
import java.util.ArrayList;
import java.util.List;
@RunWith(RobolectricTestRunner.class)
public class InstallCertificateFromStorageTest {
@Mock
private UserManager mUserManager;
@Mock
private DevicePolicyManager mDevicePolicyManager;
private Context mContext;
private List<String> mTestKeys;
@Before
public void setUp() {
MockitoAnnotations.initMocks(this);
ShadowApplication application = ShadowApplication.getInstance();
application.setSystemService(Context.DEVICE_POLICY_SERVICE, mDevicePolicyManager);
application.setSystemService(Context.USER_SERVICE, mUserManager);
mContext = RuntimeEnvironment.application;
setUpTestKeys();
}
private void setUpTestKeys() {
mTestKeys = new ArrayList<>();
mTestKeys.add("install_certificate_from_storage");
mTestKeys.add("certificate_types");
mTestKeys.add("install_ca_certificate");
mTestKeys.add("install_user_certificate");
mTestKeys.add("install_wifi_certificate");
}
@Test
public void getMetricsCategory_shouldReturnInstallCertificateFromStorage() {
InstallCertificateFromStorage fragment = new InstallCertificateFromStorage();
assertThat(fragment.getMetricsCategory()).isEqualTo(
SettingsEnums.INSTALL_CERTIFICATE_FROM_STORAGE);
}
@Test
public void getNonIndexableKeys_existInXmlLayout() {
final List<String> nonIndexableKeys =
SEARCH_INDEX_DATA_PROVIDER.getNonIndexableKeys(mContext);
assertThat(nonIndexableKeys).containsAllIn(mTestKeys);
}
}

View File

@@ -40,9 +40,12 @@ public class RestrictedEncryptionPreferenceControllerTest {
private Context mContext; private Context mContext;
private ShadowUserManager mUserManager; private ShadowUserManager mUserManager;
private CredentialStoragePreferenceController mCredentialStoragePreferenceController; private CredentialStoragePreferenceController mCredentialStoragePreferenceController;
private InstallCredentialsPreferenceController mInstallCredentialsPreferenceController; private InstallCertificatePreferenceController mInstallCertificatePreferenceController;
private ResetCredentialsPreferenceController mResetCredentialsPreferenceController; private ResetCredentialsPreferenceController mResetCredentialsPreferenceController;
private UserCredentialsPreferenceController mUserCredentialsPreferenceController; private UserCredentialsPreferenceController mUserCredentialsPreferenceController;
private InstallCaCertificatePreferenceController mInstallCaCertificatePreferenceController;
private InstallUserCertificatePreferenceController mInstallUserCertificatePreferenceController;
private InstallWifiCertificatePreferenceController mInstallWifiCertificatePreferenceController;
private Lifecycle mLifecycle; private Lifecycle mLifecycle;
private LifecycleOwner mLifecycleOwner; private LifecycleOwner mLifecycleOwner;
@@ -53,21 +56,30 @@ public class RestrictedEncryptionPreferenceControllerTest {
mLifecycle = new Lifecycle(mLifecycleOwner); mLifecycle = new Lifecycle(mLifecycleOwner);
mCredentialStoragePreferenceController = mCredentialStoragePreferenceController =
new CredentialStoragePreferenceController(mContext); new CredentialStoragePreferenceController(mContext);
mInstallCredentialsPreferenceController = mInstallCertificatePreferenceController =
new InstallCredentialsPreferenceController(mContext); new InstallCertificatePreferenceController(mContext);
mResetCredentialsPreferenceController = mResetCredentialsPreferenceController =
new ResetCredentialsPreferenceController(mContext, mLifecycle); new ResetCredentialsPreferenceController(mContext, mLifecycle);
mUserCredentialsPreferenceController = mUserCredentialsPreferenceController =
new UserCredentialsPreferenceController(mContext); new UserCredentialsPreferenceController(mContext);
mInstallCaCertificatePreferenceController =
new InstallCaCertificatePreferenceController(mContext);
mInstallUserCertificatePreferenceController =
new InstallUserCertificatePreferenceController(mContext);
mInstallWifiCertificatePreferenceController =
new InstallWifiCertificatePreferenceController(mContext);
mUserManager = ShadowUserManager.getShadow(); mUserManager = ShadowUserManager.getShadow();
} }
@Test @Test
public void isAvailable_noRestriction_shouldReturnTrue() { public void isAvailable_noRestriction_shouldReturnTrue() {
assertThat(mCredentialStoragePreferenceController.isAvailable()).isTrue(); assertThat(mCredentialStoragePreferenceController.isAvailable()).isTrue();
assertThat(mInstallCredentialsPreferenceController.isAvailable()).isTrue(); assertThat(mInstallCertificatePreferenceController.isAvailable()).isTrue();
assertThat(mResetCredentialsPreferenceController.isAvailable()).isTrue(); assertThat(mResetCredentialsPreferenceController.isAvailable()).isTrue();
assertThat(mUserCredentialsPreferenceController.isAvailable()).isTrue(); assertThat(mUserCredentialsPreferenceController.isAvailable()).isTrue();
assertThat(mInstallCaCertificatePreferenceController.isAvailable()).isTrue();
assertThat(mInstallUserCertificatePreferenceController.isAvailable()).isTrue();
assertThat(mInstallWifiCertificatePreferenceController.isAvailable()).isTrue();
} }
@Test @Test
@@ -75,8 +87,11 @@ public class RestrictedEncryptionPreferenceControllerTest {
mUserManager.addBaseUserRestriction(UserManager.DISALLOW_CONFIG_CREDENTIALS); mUserManager.addBaseUserRestriction(UserManager.DISALLOW_CONFIG_CREDENTIALS);
assertThat(mCredentialStoragePreferenceController.isAvailable()).isFalse(); assertThat(mCredentialStoragePreferenceController.isAvailable()).isFalse();
assertThat(mInstallCredentialsPreferenceController.isAvailable()).isFalse(); assertThat(mInstallCertificatePreferenceController.isAvailable()).isFalse();
assertThat(mResetCredentialsPreferenceController.isAvailable()).isFalse(); assertThat(mResetCredentialsPreferenceController.isAvailable()).isFalse();
assertThat(mUserCredentialsPreferenceController.isAvailable()).isFalse(); assertThat(mUserCredentialsPreferenceController.isAvailable()).isFalse();
assertThat(mInstallCaCertificatePreferenceController.isAvailable()).isFalse();
assertThat(mInstallUserCertificatePreferenceController.isAvailable()).isFalse();
assertThat(mInstallWifiCertificatePreferenceController.isAvailable()).isFalse();
} }
} }