Confirm credential after warning dialog when installing CA certificate
This is part of the changes to improve the UX and language for installing certificates.
Previously, confirm credentials occurs once a CA certificate is selected
from the file picker. This CL moves the confirm credential logic to appear after the
warning dialog and before the file picker, when installing CA certificates.
Bug: 139173976
Test: manual testing from Settings by selecting the certificate type
preference and ensuring the installation flow still worked as expected.
Change-Id: Iba737f391fa672a305daae475467d5d25a6206df
diff --git a/src/com/android/certinstaller/CertInstaller.java b/src/com/android/certinstaller/CertInstaller.java
index 061ba77..cd99c8a 100644
--- a/src/com/android/certinstaller/CertInstaller.java
+++ b/src/com/android/certinstaller/CertInstaller.java
@@ -57,7 +57,6 @@
private static final int PROGRESS_BAR_DIALOG = 3;
private static final int REQUEST_SYSTEM_INSTALL_CODE = 1;
- private static final int REQUEST_CONFIRM_CREDENTIALS = 2;
// key to states Bundle
private static final String NEXT_ACTION_KEY = "na";
@@ -95,20 +94,8 @@
toastErrorAndFinish(R.string.no_cert_to_saved);
finish();
} else {
- // Confirm credentials if there's _only_ a CA certificate
- // NOTE: This will affect WiFi CA certificates - those should not require
- // confirming the lock screen credentials but the code currently cannot skip the
- // confirmation for WiFi CA certificates because the user designates the certificate
- // to a UID only after this stage.
- if (mCredentials.hasCaCerts() && !mCredentials.hasPrivateKey() &&
- !mCredentials.hasUserCertificate()) {
- KeyguardManager keyguardManager = getSystemService(KeyguardManager.class);
- Intent intent = keyguardManager.createConfirmDeviceCredentialIntent(null, null);
- if (intent == null) { // No screenlock
- extractPkcs12OrInstall();
- } else {
- startActivityForResult(intent, REQUEST_CONFIRM_CREDENTIALS);
- }
+ if (installingCaCertificate()) {
+ extractPkcs12OrInstall();
} else {
if (mCredentials.hasUserCertificate() && !mCredentials.hasPrivateKey()) {
toastErrorAndFinish(R.string.action_missing_private_key);
@@ -126,6 +113,11 @@
}
}
+ private boolean installingCaCertificate() {
+ return mCredentials.hasCaCerts() && !mCredentials.hasPrivateKey() &&
+ !mCredentials.hasUserCertificate();
+ }
+
@Override
protected void onResume() {
super.onResume();
@@ -192,14 +184,6 @@
setResult(RESULT_OK);
finish();
break;
- case REQUEST_CONFIRM_CREDENTIALS:
- if (resultCode == RESULT_OK) {
- extractPkcs12OrInstall();
- return;
- }
- // Failed to confirm credentials, do nothing.
- finish();
- break;
default:
Log.w(TAG, "unknown request code: " + requestCode);
finish();
diff --git a/src/com/android/certinstaller/CertInstallerMain.java b/src/com/android/certinstaller/CertInstallerMain.java
index f2b19f4..972afec 100644
--- a/src/com/android/certinstaller/CertInstallerMain.java
+++ b/src/com/android/certinstaller/CertInstallerMain.java
@@ -16,6 +16,7 @@
package com.android.certinstaller;
+import android.app.KeyguardManager;
import android.content.Context;
import android.content.Intent;
import android.net.Uri;
@@ -46,6 +47,7 @@
private static final int REQUEST_INSTALL = 1;
private static final int REQUEST_OPEN_DOCUMENT = 2;
+ private static final int REQUEST_CONFIRM_CREDENTIALS = 3;
private static final String INSTALL_CERT_AS_USER_CLASS = ".InstallCertAsUser";
@@ -102,7 +104,13 @@
if (nullOrEmptyBundle(bundle) || bundleContainsNameOnly(bundle)
|| bundleContainsInstallAsUidOnly(bundle)
|| bundleContainsExtraCertificateUsageOnly(bundle)) {
- startOpenDocumentActivity();
+
+ // Confirm credentials if there's only a CA certificate
+ if (installingCaCertificate(bundle)) {
+ confirmDeviceCredential();
+ } else {
+ startOpenDocumentActivity();
+ }
} else {
startInstallActivity(intent);
}
@@ -127,6 +135,21 @@
return bundle.size() == 1 && bundle.containsKey(Credentials.EXTRA_CERTIFICATE_USAGE);
}
+ private boolean installingCaCertificate(Bundle bundle) {
+ return bundle.size() == 1 && bundle.containsKey(Credentials.EXTRA_CERTIFICATE_USAGE)
+ && bundle.getString(Credentials.EXTRA_CERTIFICATE_USAGE).equals(
+ Credentials.CERTIFICATE_USAGE_CA);
+ }
+ private void confirmDeviceCredential() {
+ KeyguardManager keyguardManager = getSystemService(KeyguardManager.class);
+ Intent intent = keyguardManager.createConfirmDeviceCredentialIntent(null,
+ null);
+ if (intent == null) { // No screenlock
+ startOpenDocumentActivity();
+ } else {
+ startActivityForResult(intent, REQUEST_CONFIRM_CREDENTIALS);
+ }
+ }
// The maximum amount of data to read into memory before aborting.
// Without a limit, a sufficiently-large file will run us out of memory. A
@@ -219,17 +242,29 @@
@Override
protected void onActivityResult(int requestCode, int resultCode, Intent data) {
- if (requestCode == REQUEST_OPEN_DOCUMENT) {
- if (resultCode == RESULT_OK) {
- startInstallActivity(null, data.getData());
- } else {
+ switch (requestCode) {
+ case REQUEST_INSTALL:
+ setResult(resultCode);
finish();
- }
- } else if (requestCode == REQUEST_INSTALL) {
- setResult(resultCode);
- finish();
- } else {
- Log.w(TAG, "unknown request code: " + requestCode);
+ break;
+ case REQUEST_OPEN_DOCUMENT:
+ if (resultCode == RESULT_OK) {
+ startInstallActivity(null, data.getData());
+ } else {
+ finish();
+ }
+ break;
+ case REQUEST_CONFIRM_CREDENTIALS:
+ if (resultCode == RESULT_OK) {
+ startOpenDocumentActivity();
+ return;
+ }
+ // Failed to confirm credentials, do nothing.
+ finish();
+ break;
+ default:
+ Log.w(TAG, "unknown request code: " + requestCode);
+ break;
}
}
}