From c0c75a3e961e73d44841aeba1029fdcc1d5c5639 Mon Sep 17 00:00:00 2001
From: Alex Johnston <acjohnston@google.com>
Date: Fri, 18 Oct 2019 14:20:27 +0100
Subject: [PATCH] Added a warning dialog when installing a CA certificate

This is part of the changes to improve the UX and language for installing certificates.
Previously, the different types of certificate used the same installation flow.
Due to concerns around users installing CA certificates without understanding the conseqences,
this CL introduces a new warning dialog when a CA certificate is installed from settings.

Bug: 139173976
Test: Atest com.android.settings.security
      manual testing from Settings by selecting the certificate type
	preference and ensuring the installation flow still worked as expected.

Screenshot of the screen: https://hsv.googleplex.com/5046848484016128

Change-Id: If95bffd1e68f14734fb20e8cc4b60eeb1c372358
---
 AndroidManifest.xml                           |   5 ++
 res/drawable-hdpi/ic_warning_googred_48dp.png | Bin 0 -> 603 bytes
 res/layout/ca_certificate_warning_dialog.xml  |  56 ++++++++++++
 res/values/strings.xml                        |  10 +++
 res/xml/install_certificate_from_storage.xml  |   7 +-
 .../security/InstallCaCertificateWarning.java |  83 ++++++++++++++++++
 6 files changed, 156 insertions(+), 5 deletions(-)
 create mode 100644 res/drawable-hdpi/ic_warning_googred_48dp.png
 create mode 100644 res/layout/ca_certificate_warning_dialog.xml
 create mode 100644 src/com/android/settings/security/InstallCaCertificateWarning.java

diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index 956477b3854..0a72b752df7 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -1342,6 +1342,11 @@
             </intent-filter>
         </activity>
 
+        <activity android:name=".security.InstallCaCertificateWarning"
+                  android:theme="@style/GlifV3Theme.Light"
+                  android:exported="false">
+        </activity>
+
         <activity
             android:name="Settings$DeviceAdminSettingsActivity"
             android:label="@string/device_admin_settings_title"
diff --git a/res/drawable-hdpi/ic_warning_googred_48dp.png b/res/drawable-hdpi/ic_warning_googred_48dp.png
new file mode 100644
index 0000000000000000000000000000000000000000..70381dd06bba417985d62217728f0f53ebdf05aa
GIT binary patch
literal 603
zcmeAS@N?(olHy`uVBq!ia0vp^9w5xY3?!3`olAjKZ-7sT>uneF!GoMdE~^0@rdJZ=
z7tG+rdh<qck=O^(*|UuP8Xi6r5zhJOVMD##H`$ddY;Bm%olQ;QfAzAjSN)gTwyl~E
z{j(Vu82vq6978JN-d;HybjU$~A+eclqP*b(N0uh0SsfSN|F4j9@N&8_^XA!un_jTL
zcwGL~f47M1*BYto=DksFh9<9n+}XCEH2m-i-V2=nOR5?6{(cZB&miYy&-t4zasET)
z-}BlW7f*3sJmLK38P1QVH(YFq_x)>c+;^(R{&RR=)$Hm%u_;l%YQx@7`4v&wTjZxz
zV>dtBFRH$>$1G&a*AG)qDeYb#k``wE%*S{0`l&Oo<`!@3yLjDsxAE>ZufDC6nR(T>
zpjRTIR=5Amt7SXfd$#Q3QeL}DxMgC{UCB=!K95%$Tw1l;!8l3tw^q-VSI=I!i7Z<0
z<W*|E;x^a5SKV*+&AQracy-G!trgloUM08$ZNGiF*QNCL3%5zTIKK%px37QX5nz5a
z{fNhh&=U*av7BGV7oVHT7vC!LN{=HW@>A$s=eu(jaGeZay=&9@O}pyXcu(KQXsBuD
Vb1`@l2QX3?JYD@<);T3K0RTxy6iomC

literal 0
HcmV?d00001

diff --git a/res/layout/ca_certificate_warning_dialog.xml b/res/layout/ca_certificate_warning_dialog.xml
new file mode 100644
index 00000000000..d863b08aa4b
--- /dev/null
+++ b/res/layout/ca_certificate_warning_dialog.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+  ~ Copyright (C) 2019 The Android Open Source Project
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~      http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<com.google.android.setupdesign.GlifLayout
+    xmlns:android="http://schemas.android.com/apk/res/android"
+    android:id="@+id/setup_wizard_layout"
+    android:layout_width="match_parent"
+    android:layout_height="match_parent">
+
+    <LinearLayout
+        style="@style/SudContentFrame"
+        android:layout_width="match_parent"
+        android:layout_height="wrap_content"
+        android:orientation="vertical"
+        android:gravity="center_horizontal">
+
+        <ImageView
+            android:id="@+id/sud_layout_icon"
+            style="@style/SudGlifIcon"
+            android:layout_width="wrap_content"
+            android:layout_height="wrap_content"
+            android:gravity="center"
+            android:src="@drawable/ic_warning_googred_48dp"/>
+
+        <TextView
+            android:id="@+id/sud_layout_title"
+            style="@style/SudGlifHeaderTitle"
+            android:layout_width="match_parent"
+            android:layout_height="wrap_content"
+            android:gravity="center"
+            android:text="@string/ca_certificate_warning_title"/>
+
+        <TextView
+            android:id="@+id/sud_layout_description"
+            style="@style/SudDescription.Glif"
+            android:layout_marginTop="16dp"
+            android:layout_width="match_parent"
+            android:layout_height="wrap_content"
+            android:text="@string/ca_certificate_warning_description"/>
+
+    </LinearLayout>
+
+</com.google.android.setupdesign.GlifLayout>
\ No newline at end of file
diff --git a/res/values/strings.xml b/res/values/strings.xml
index 60febe7dff3..381ef57828e 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -5880,6 +5880,16 @@
     <string name="user_certificate">VPN &amp; app user certificate</string>
     <!-- Title of Wi-Fi certificate [CHAR LIMIT=30] -->
     <string name="wifi_certificate">Wi\u2011Fi certificate</string>
+    <!-- Title of warning shown to the user before they can install a CA certificate [CHAR LIMIT=NONE] -->
+    <string name="ca_certificate_warning_title">Your privacy is at risk</string>
+    <!-- Description of warning shown to the user before they can install a CA certificate [CHAR LIMIT=NONE] -->
+    <string name="ca_certificate_warning_description">CA certificates are used by websites, apps, and VPNs for encryption. Only install CA certificates from organizations you trust. \n\n If you install a CA certificate, the certificate owner could access your information, such as passwords, messages, or credit card details, from websites you visit or apps you use - even if that information is encrypted.</string>
+    <!-- Label for button to not install a CA certificate [CHAR_LIMIT=50] -->
+    <string name="ca_certificate_warning_dont_install">Don\u2019t install</string>
+    <!-- Label for button to continue installing a CA certificate [CHAR_LIMIT=50] -->
+    <string name="ca_certificate_warning_install_anyway">Install anyways</string>
+    <!-- Toast message that a certificate was not installed -->
+    <string name="cert_not_installed">Certificate not installed</string>
 
     <!-- Sound settings screen, setting check box label -->
     <string name="emergency_tone_title">Emergency dialing signal</string>
diff --git a/res/xml/install_certificate_from_storage.xml b/res/xml/install_certificate_from_storage.xml
index 0116713204c..0cf4a36e46d 100644
--- a/res/xml/install_certificate_from_storage.xml
+++ b/res/xml/install_certificate_from_storage.xml
@@ -28,11 +28,8 @@
             android:title="@string/ca_certificate">
 
             <intent
-                android:action="android.credentials.INSTALL"
-                android:targetPackage="com.android.certinstaller"
-                android:targetClass="com.android.certinstaller.CertInstallerMain">
-                <!-- Same value as CERTIFICATE_USAGE_CA in keystore/java/android/security/Credentials.java -->
-                <extra android:name="certificate_install_usage" android:value="ca"/>
+                android:targetPackage="com.android.settings"
+                android:targetClass="com.android.settings.security.InstallCaCertificateWarning">
             </intent>
 
         </Preference>
diff --git a/src/com/android/settings/security/InstallCaCertificateWarning.java b/src/com/android/settings/security/InstallCaCertificateWarning.java
new file mode 100644
index 00000000000..701d9f46432
--- /dev/null
+++ b/src/com/android/settings/security/InstallCaCertificateWarning.java
@@ -0,0 +1,83 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.settings.security;
+
+import android.annotation.Nullable;
+import android.app.Activity;
+import android.content.Intent;
+import android.os.Bundle;
+import android.security.Credentials;
+import android.view.View;
+import android.widget.Toast;
+
+import com.android.settings.R;
+
+import com.google.android.setupcompat.template.FooterBarMixin;
+import com.google.android.setupcompat.template.FooterButton;
+import com.google.android.setupdesign.GlifLayout;
+
+/**
+ * Creates a warning dialog explaining the consequences of installing a CA certificate
+ * This is displayed before a CA certificate can be installed from Settings.
+ */
+public class InstallCaCertificateWarning extends Activity {
+
+    @Override
+    public void onCreate(@Nullable Bundle savedInstanceState) {
+        super.onCreate(savedInstanceState);
+
+        setContentView(R.layout.ca_certificate_warning_dialog);
+        final GlifLayout layout = findViewById(R.id.setup_wizard_layout);
+
+        final FooterBarMixin mixin = layout.getMixin(FooterBarMixin.class);
+        mixin.setSecondaryButton(
+                new FooterButton.Builder(this)
+                        .setText(R.string.ca_certificate_warning_install_anyway)
+                        .setListener(installCaCertificate())
+                        .setButtonType(FooterButton.ButtonType.OTHER)
+                        .setTheme(R.style.SudGlifButton_Secondary)
+                        .build()
+        );
+
+        mixin.setPrimaryButton(
+                new FooterButton.Builder(this)
+                        .setText(R.string.ca_certificate_warning_dont_install)
+                        .setListener(returnToInstallCertificateFromStorage())
+                        .setButtonType(FooterButton.ButtonType.NEXT)
+                        .setTheme(R.style.SudGlifButton_Primary)
+                        .build()
+        );
+    }
+
+    private View.OnClickListener installCaCertificate() {
+        return v -> {
+            final Intent intent = new Intent();
+            intent.setAction(Credentials.INSTALL_ACTION);
+            intent.putExtra(Credentials.EXTRA_CERTIFICATE_USAGE, Credentials.CERTIFICATE_USAGE_CA);
+            startActivity(intent);
+            finish();
+        };
+    }
+
+    private View.OnClickListener returnToInstallCertificateFromStorage() {
+        return v -> {
+            Toast.makeText(this, R.string.cert_not_installed, Toast.LENGTH_SHORT).show();
+            finish();
+        };
+    }
+
+}