Added a warning dialog when installing a CA certificate
This is part of the changes to improve the UX and language for installing certificates.
Previously, the different types of certificate used the same installation flow.
Due to concerns around users installing CA certificates without understanding the conseqences,
this CL introduces a new warning dialog when a CA certificate is installed from settings.
Bug: 139173976
Test: Atest com.android.settings.security
manual testing from Settings by selecting the certificate type
preference and ensuring the installation flow still worked as expected.
Screenshot of the screen: https://hsv.googleplex.com/5046848484016128
Change-Id: If95bffd1e68f14734fb20e8cc4b60eeb1c372358
diff --git a/AndroidManifest.xml b/AndroidManifest.xml
index 956477b..0a72b75 100644
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@@ -1342,6 +1342,11 @@
</intent-filter>
</activity>
+ <activity android:name=".security.InstallCaCertificateWarning"
+ android:theme="@style/GlifV3Theme.Light"
+ android:exported="false">
+ </activity>
+
<activity
android:name="Settings$DeviceAdminSettingsActivity"
android:label="@string/device_admin_settings_title"
diff --git a/res/drawable-hdpi/ic_warning_googred_48dp.png b/res/drawable-hdpi/ic_warning_googred_48dp.png
new file mode 100644
index 0000000..70381dd
--- /dev/null
+++ b/res/drawable-hdpi/ic_warning_googred_48dp.png
Binary files differ
diff --git a/res/layout/ca_certificate_warning_dialog.xml b/res/layout/ca_certificate_warning_dialog.xml
new file mode 100644
index 0000000..d863b08
--- /dev/null
+++ b/res/layout/ca_certificate_warning_dialog.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ~ Copyright (C) 2019 The Android Open Source Project
+ ~
+ ~ Licensed under the Apache License, Version 2.0 (the "License");
+ ~ you may not use this file except in compliance with the License.
+ ~ You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+<com.google.android.setupdesign.GlifLayout
+ xmlns:android="http://schemas.android.com/apk/res/android"
+ android:id="@+id/setup_wizard_layout"
+ android:layout_width="match_parent"
+ android:layout_height="match_parent">
+
+ <LinearLayout
+ style="@style/SudContentFrame"
+ android:layout_width="match_parent"
+ android:layout_height="wrap_content"
+ android:orientation="vertical"
+ android:gravity="center_horizontal">
+
+ <ImageView
+ android:id="@+id/sud_layout_icon"
+ style="@style/SudGlifIcon"
+ android:layout_width="wrap_content"
+ android:layout_height="wrap_content"
+ android:gravity="center"
+ android:src="@drawable/ic_warning_googred_48dp"/>
+
+ <TextView
+ android:id="@+id/sud_layout_title"
+ style="@style/SudGlifHeaderTitle"
+ android:layout_width="match_parent"
+ android:layout_height="wrap_content"
+ android:gravity="center"
+ android:text="@string/ca_certificate_warning_title"/>
+
+ <TextView
+ android:id="@+id/sud_layout_description"
+ style="@style/SudDescription.Glif"
+ android:layout_marginTop="16dp"
+ android:layout_width="match_parent"
+ android:layout_height="wrap_content"
+ android:text="@string/ca_certificate_warning_description"/>
+
+ </LinearLayout>
+
+</com.google.android.setupdesign.GlifLayout>
\ No newline at end of file
diff --git a/res/values/strings.xml b/res/values/strings.xml
index 60febe7..381ef57 100644
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -5880,6 +5880,16 @@
<string name="user_certificate">VPN & app user certificate</string>
<!-- Title of Wi-Fi certificate [CHAR LIMIT=30] -->
<string name="wifi_certificate">Wi\u2011Fi certificate</string>
+ <!-- Title of warning shown to the user before they can install a CA certificate [CHAR LIMIT=NONE] -->
+ <string name="ca_certificate_warning_title">Your privacy is at risk</string>
+ <!-- Description of warning shown to the user before they can install a CA certificate [CHAR LIMIT=NONE] -->
+ <string name="ca_certificate_warning_description">CA certificates are used by websites, apps, and VPNs for encryption. Only install CA certificates from organizations you trust. \n\n If you install a CA certificate, the certificate owner could access your information, such as passwords, messages, or credit card details, from websites you visit or apps you use - even if that information is encrypted.</string>
+ <!-- Label for button to not install a CA certificate [CHAR_LIMIT=50] -->
+ <string name="ca_certificate_warning_dont_install">Don\u2019t install</string>
+ <!-- Label for button to continue installing a CA certificate [CHAR_LIMIT=50] -->
+ <string name="ca_certificate_warning_install_anyway">Install anyways</string>
+ <!-- Toast message that a certificate was not installed -->
+ <string name="cert_not_installed">Certificate not installed</string>
<!-- Sound settings screen, setting check box label -->
<string name="emergency_tone_title">Emergency dialing signal</string>
diff --git a/res/xml/install_certificate_from_storage.xml b/res/xml/install_certificate_from_storage.xml
index 0116713..0cf4a36 100644
--- a/res/xml/install_certificate_from_storage.xml
+++ b/res/xml/install_certificate_from_storage.xml
@@ -28,11 +28,8 @@
android:title="@string/ca_certificate">
<intent
- android:action="android.credentials.INSTALL"
- android:targetPackage="com.android.certinstaller"
- android:targetClass="com.android.certinstaller.CertInstallerMain">
- <!-- Same value as CERTIFICATE_USAGE_CA in keystore/java/android/security/Credentials.java -->
- <extra android:name="certificate_install_usage" android:value="ca"/>
+ android:targetPackage="com.android.settings"
+ android:targetClass="com.android.settings.security.InstallCaCertificateWarning">
</intent>
</Preference>
diff --git a/src/com/android/settings/security/InstallCaCertificateWarning.java b/src/com/android/settings/security/InstallCaCertificateWarning.java
new file mode 100644
index 0000000..701d9f4
--- /dev/null
+++ b/src/com/android/settings/security/InstallCaCertificateWarning.java
@@ -0,0 +1,83 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.settings.security;
+
+import android.annotation.Nullable;
+import android.app.Activity;
+import android.content.Intent;
+import android.os.Bundle;
+import android.security.Credentials;
+import android.view.View;
+import android.widget.Toast;
+
+import com.android.settings.R;
+
+import com.google.android.setupcompat.template.FooterBarMixin;
+import com.google.android.setupcompat.template.FooterButton;
+import com.google.android.setupdesign.GlifLayout;
+
+/**
+ * Creates a warning dialog explaining the consequences of installing a CA certificate
+ * This is displayed before a CA certificate can be installed from Settings.
+ */
+public class InstallCaCertificateWarning extends Activity {
+
+ @Override
+ public void onCreate(@Nullable Bundle savedInstanceState) {
+ super.onCreate(savedInstanceState);
+
+ setContentView(R.layout.ca_certificate_warning_dialog);
+ final GlifLayout layout = findViewById(R.id.setup_wizard_layout);
+
+ final FooterBarMixin mixin = layout.getMixin(FooterBarMixin.class);
+ mixin.setSecondaryButton(
+ new FooterButton.Builder(this)
+ .setText(R.string.ca_certificate_warning_install_anyway)
+ .setListener(installCaCertificate())
+ .setButtonType(FooterButton.ButtonType.OTHER)
+ .setTheme(R.style.SudGlifButton_Secondary)
+ .build()
+ );
+
+ mixin.setPrimaryButton(
+ new FooterButton.Builder(this)
+ .setText(R.string.ca_certificate_warning_dont_install)
+ .setListener(returnToInstallCertificateFromStorage())
+ .setButtonType(FooterButton.ButtonType.NEXT)
+ .setTheme(R.style.SudGlifButton_Primary)
+ .build()
+ );
+ }
+
+ private View.OnClickListener installCaCertificate() {
+ return v -> {
+ final Intent intent = new Intent();
+ intent.setAction(Credentials.INSTALL_ACTION);
+ intent.putExtra(Credentials.EXTRA_CERTIFICATE_USAGE, Credentials.CERTIFICATE_USAGE_CA);
+ startActivity(intent);
+ finish();
+ };
+ }
+
+ private View.OnClickListener returnToInstallCertificateFromStorage() {
+ return v -> {
+ Toast.makeText(this, R.string.cert_not_installed, Toast.LENGTH_SHORT).show();
+ finish();
+ };
+ }
+
+}
