Google Git
Sign in
android / platform / packages / apps / Settings / 9f374307c5d471b063057be3c71cd29840102a63 / . / src / com / android / settings / password / ChooseLockPassword.java
blob: 21ef7208a250de14a38401867de8ccf3dd1f8241 [file] [log] [blame]
/*
* Copyright (C) 2010 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.android.settings.password;
import static android.app.admin.DevicePolicyManager.PASSWORD_COMPLEXITY_NONE;
import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_ALPHABETIC;
import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC;
import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_COMPLEX;
import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_NUMERIC;
import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_NUMERIC_COMPLEX;
import static com.android.settings.password.ChooseLockSettingsHelper.EXTRA_KEY_REQUESTED_MIN_COMPLEXITY;
import android.app.Activity;
import android.app.admin.DevicePolicyManager;
import android.app.admin.DevicePolicyManager.PasswordComplexity;
import android.app.admin.PasswordMetrics;
import android.app.settings.SettingsEnums;
import android.content.Context;
import android.content.Intent;
import android.content.res.Resources.Theme;
import android.graphics.Insets;
import android.graphics.Typeface;
import android.os.Bundle;
import android.os.Handler;
import android.os.Message;
import android.text.Editable;
import android.text.InputType;
import android.text.Selection;
import android.text.Spannable;
import android.text.TextUtils;
import android.text.TextWatcher;
import android.util.Log;
import android.util.Pair;
import android.view.KeyEvent;
import android.view.LayoutInflater;
import android.view.View;
import android.view.ViewGroup;
import android.view.inputmethod.EditorInfo;
import android.widget.LinearLayout;
import android.widget.TextView;
import android.widget.TextView.OnEditorActionListener;
import androidx.annotation.StringRes;
import androidx.fragment.app.Fragment;
import androidx.recyclerview.widget.LinearLayoutManager;
import androidx.recyclerview.widget.RecyclerView;
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.widget.LockPatternUtils;
import com.android.internal.widget.LockPatternUtils.RequestThrottledException;
import com.android.internal.widget.TextViewInputDisabler;
import com.android.settings.EncryptionInterstitial;
import com.android.settings.R;
import com.android.settings.SettingsActivity;
import com.android.settings.SetupWizardUtils;
import com.android.settings.Utils;
import com.android.settings.core.InstrumentedFragment;
import com.android.settings.notification.RedactionInterstitial;
import com.android.settings.widget.ImeAwareEditText;
import com.google.android.setupcompat.template.FooterBarMixin;
import com.google.android.setupcompat.template.FooterButton;
import com.google.android.setupdesign.GlifLayout;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
public class ChooseLockPassword extends SettingsActivity {
private static final String TAG = "ChooseLockPassword";
@Override
public Intent getIntent() {
Intent modIntent = new Intent(super.getIntent());
modIntent.putExtra(EXTRA_SHOW_FRAGMENT, getFragmentClass().getName());
return modIntent;
}
@Override
protected void onApplyThemeResource(Theme theme, int resid, boolean first) {
resid = SetupWizardUtils.getTheme(getIntent());
super.onApplyThemeResource(theme, resid, first);
}
public static class IntentBuilder {
private final Intent mIntent;
public IntentBuilder(Context context) {
mIntent = new Intent(context, ChooseLockPassword.class);
mIntent.putExtra(ChooseLockGeneric.CONFIRM_CREDENTIALS, false);
mIntent.putExtra(EncryptionInterstitial.EXTRA_REQUIRE_PASSWORD, false);
mIntent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_HAS_CHALLENGE, false);
}
public IntentBuilder setPasswordQuality(int quality) {
mIntent.putExtra(LockPatternUtils.PASSWORD_TYPE_KEY, quality);
return this;
}
public IntentBuilder setUserId(int userId) {
mIntent.putExtra(Intent.EXTRA_USER_ID, userId);
return this;
}
public IntentBuilder setChallenge(long challenge) {
mIntent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_HAS_CHALLENGE, true);
mIntent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE, challenge);
return this;
}
public IntentBuilder setPassword(byte[] password) {
mIntent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_PASSWORD, password);
return this;
}
public IntentBuilder setForFingerprint(boolean forFingerprint) {
mIntent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_FOR_FINGERPRINT, forFingerprint);
return this;
}
public IntentBuilder setForFace(boolean forFace) {
mIntent.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_FOR_FACE, forFace);
return this;
}
public IntentBuilder setRequestedMinComplexity(@PasswordComplexity int level) {
mIntent.putExtra(EXTRA_KEY_REQUESTED_MIN_COMPLEXITY, level);
return this;
}
public Intent build() {
return mIntent;
}
}
@Override
protected boolean isValidFragment(String fragmentName) {
if (ChooseLockPasswordFragment.class.getName().equals(fragmentName)) return true;
return false;
}
/* package */ Class<? extends Fragment> getFragmentClass() {
return ChooseLockPasswordFragment.class;
}
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
final boolean forFingerprint = getIntent()
.getBooleanExtra(ChooseLockSettingsHelper.EXTRA_KEY_FOR_FINGERPRINT, false);
final boolean forFace = getIntent()
.getBooleanExtra(ChooseLockSettingsHelper.EXTRA_KEY_FOR_FACE, false);
CharSequence msg = getText(R.string.lockpassword_choose_your_screen_lock_header);
if (forFingerprint) {
msg = getText(R.string.lockpassword_choose_your_password_header_for_fingerprint);
} else if (forFace) {
msg = getText(R.string.lockpassword_choose_your_password_header_for_face);
}
setTitle(msg);
LinearLayout layout = (LinearLayout) findViewById(R.id.content_parent);
layout.setFitsSystemWindows(false);
}
public static class ChooseLockPasswordFragment extends InstrumentedFragment
implements OnEditorActionListener, TextWatcher, SaveAndFinishWorker.Listener {
private static final String KEY_FIRST_PIN = "first_pin";
private static final String KEY_UI_STAGE = "ui_stage";
private static final String KEY_CURRENT_PASSWORD = "current_password";
private static final String FRAGMENT_TAG_SAVE_AND_FINISH = "save_and_finish_worker";
private byte[] mCurrentPassword;
private byte[] mChosenPassword;
private boolean mHasChallenge;
private long mChallenge;
private ImeAwareEditText mPasswordEntry;
private TextViewInputDisabler mPasswordEntryInputDisabler;
private int mPasswordMinLength = LockPatternUtils.MIN_LOCK_PASSWORD_SIZE;
private int mPasswordMaxLength = 16;
private int mPasswordMinLetters = 0;
private int mPasswordMinUpperCase = 0;
private int mPasswordMinLowerCase = 0;
private int mPasswordMinSymbols = 0;
private int mPasswordMinNumeric = 0;
private int mPasswordMinNonLetter = 0;
private int mPasswordMinLengthToFulfillAllPolicies = 0;
private boolean mPasswordNumSequenceAllowed = true;
@PasswordComplexity private int mRequestedMinComplexity = PASSWORD_COMPLEXITY_NONE;
protected int mUserId;
private byte[] mPasswordHistoryHashFactor;
private LockPatternUtils mLockPatternUtils;
private SaveAndFinishWorker mSaveAndFinishWorker;
private int mRequestedQuality = DevicePolicyManager.PASSWORD_QUALITY_NUMERIC;
private ChooseLockSettingsHelper mChooseLockSettingsHelper;
protected Stage mUiStage = Stage.Introduction;
private PasswordRequirementAdapter mPasswordRequirementAdapter;
private GlifLayout mLayout;
protected boolean mForFingerprint;
protected boolean mForFace;
private byte[] mFirstPin;
private RecyclerView mPasswordRestrictionView;
protected boolean mIsAlphaMode;
protected FooterButton mSkipOrClearButton;
private FooterButton mNextButton;
private TextView mMessage;
private TextChangedHandler mTextChangedHandler;
private static final int CONFIRM_EXISTING_REQUEST = 58;
static final int RESULT_FINISHED = RESULT_FIRST_USER;
private static final int MIN_LETTER_IN_PASSWORD = 0;
private static final int MIN_UPPER_LETTERS_IN_PASSWORD = 1;
private static final int MIN_LOWER_LETTERS_IN_PASSWORD = 2;
private static final int MIN_SYMBOLS_IN_PASSWORD = 3;
private static final int MIN_NUMBER_IN_PASSWORD = 4;
private static final int MIN_NON_LETTER_IN_PASSWORD = 5;
// Error code returned from {@link #validatePassword(byte[])}.
static final int NO_ERROR = 0;
static final int CONTAIN_INVALID_CHARACTERS = 1 << 0;
static final int TOO_SHORT = 1 << 1;
static final int TOO_LONG = 1 << 2;
static final int CONTAIN_NON_DIGITS = 1 << 3;
static final int CONTAIN_SEQUENTIAL_DIGITS = 1 << 4;
static final int RECENTLY_USED = 1 << 5;
static final int NOT_ENOUGH_LETTER = 1 << 6;
static final int NOT_ENOUGH_UPPER_CASE = 1 << 7;
static final int NOT_ENOUGH_LOWER_CASE = 1 << 8;
static final int NOT_ENOUGH_DIGITS = 1 << 9;
static final int NOT_ENOUGH_SYMBOLS = 1 << 10;
static final int NOT_ENOUGH_NON_LETTER = 1 << 11;
/**
* Keep track internally of where the user is in choosing a pattern.
*/
protected enum Stage {
Introduction(
R.string.lockpassword_choose_your_screen_lock_header, // password
R.string.lockpassword_choose_your_password_header_for_fingerprint,
R.string.lockpassword_choose_your_password_header_for_face,
R.string.lockpassword_choose_your_screen_lock_header, // pin
R.string.lockpassword_choose_your_pin_header_for_fingerprint,
R.string.lockpassword_choose_your_pin_header_for_face,
R.string.lockpassword_choose_your_password_message, // added security message
R.string.lock_settings_picker_biometrics_added_security_message,
R.string.lockpassword_choose_your_pin_message,
R.string.lock_settings_picker_biometrics_added_security_message,
R.string.next_label),
NeedToConfirm(
R.string.lockpassword_confirm_your_password_header,
R.string.lockpassword_confirm_your_password_header,
R.string.lockpassword_confirm_your_password_header,
R.string.lockpassword_confirm_your_pin_header,
R.string.lockpassword_confirm_your_pin_header,
R.string.lockpassword_confirm_your_pin_header,
0,
0,
0,
0,
R.string.lockpassword_confirm_label),
ConfirmWrong(
R.string.lockpassword_confirm_passwords_dont_match,
R.string.lockpassword_confirm_passwords_dont_match,
R.string.lockpassword_confirm_passwords_dont_match,
R.string.lockpassword_confirm_pins_dont_match,
R.string.lockpassword_confirm_pins_dont_match,
R.string.lockpassword_confirm_pins_dont_match,
0,
0,
0,
0,
R.string.lockpassword_confirm_label);
Stage(int hintInAlpha, int hintInAlphaForFingerprint, int hintInAlphaForFace,
int hintInNumeric, int hintInNumericForFingerprint, int hintInNumericForFace,
int messageInAlpha, int messageInAlphaForBiometrics,
int messageInNumeric, int messageInNumericForBiometrics,
int nextButtonText) {
this.alphaHint = hintInAlpha;
this.alphaHintForFingerprint = hintInAlphaForFingerprint;
this.alphaHintForFace = hintInAlphaForFace;
this.numericHint = hintInNumeric;
this.numericHintForFingerprint = hintInNumericForFingerprint;
this.numericHintForFace = hintInNumericForFace;
this.alphaMessage = messageInAlpha;
this.alphaMessageForBiometrics = messageInAlphaForBiometrics;
this.numericMessage = messageInNumeric;
this.numericMessageForBiometrics = messageInNumericForBiometrics;
this.buttonText = nextButtonText;
}
public static final int TYPE_NONE = 0;
public static final int TYPE_FINGERPRINT = 1;
public static final int TYPE_FACE = 2;
// Password
public final int alphaHint;
public final int alphaHintForFingerprint;
public final int alphaHintForFace;
// PIN
public final int numericHint;
public final int numericHintForFingerprint;
public final int numericHintForFace;
public final int alphaMessage;
public final int alphaMessageForBiometrics;
public final int numericMessage;
public final int numericMessageForBiometrics;
public final int buttonText;
public @StringRes int getHint(boolean isAlpha, int type) {
if (isAlpha) {
if (type == TYPE_FINGERPRINT) {
return alphaHintForFingerprint;
} else if (type == TYPE_FACE) {
return alphaHintForFace;
} else {
return alphaHint;
}
} else {
if (type == TYPE_FINGERPRINT) {
return numericHintForFingerprint;
} else if (type == TYPE_FACE) {
return numericHintForFace;
} else {
return numericHint;
}
}
}
public @StringRes int getMessage(boolean isAlpha, int type) {
if (isAlpha) {
return type != TYPE_NONE ? alphaMessageForBiometrics : alphaMessage;
} else {
return type != TYPE_NONE ? numericMessageForBiometrics : numericMessage;
}
}
}
// required constructor for fragments
public ChooseLockPasswordFragment() {
}
@Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
mLockPatternUtils = new LockPatternUtils(getActivity());
Intent intent = getActivity().getIntent();
if (!(getActivity() instanceof ChooseLockPassword)) {
throw new SecurityException("Fragment contained in wrong activity");
}
// Only take this argument into account if it belongs to the current profile.
mUserId = Utils.getUserIdFromBundle(getActivity(), intent.getExtras());
mForFingerprint = intent.getBooleanExtra(
ChooseLockSettingsHelper.EXTRA_KEY_FOR_FINGERPRINT, false);
mForFace = intent.getBooleanExtra(ChooseLockSettingsHelper.EXTRA_KEY_FOR_FACE, false);
mRequestedMinComplexity = intent.getIntExtra(
EXTRA_KEY_REQUESTED_MIN_COMPLEXITY, PASSWORD_COMPLEXITY_NONE);
mRequestedQuality = Math.max(
intent.getIntExtra(LockPatternUtils.PASSWORD_TYPE_KEY, mRequestedQuality),
mLockPatternUtils.getRequestedPasswordQuality(mUserId));
loadDpmPasswordRequirements();
mChooseLockSettingsHelper = new ChooseLockSettingsHelper(getActivity());
if (intent.getBooleanExtra(
ChooseLockSettingsHelper.EXTRA_KEY_FOR_CHANGE_CRED_REQUIRED_FOR_BOOT, false)) {
SaveAndFinishWorker w = new SaveAndFinishWorker();
final boolean required = getActivity().getIntent().getBooleanExtra(
EncryptionInterstitial.EXTRA_REQUIRE_PASSWORD, true);
byte[] currentBytes = intent.getByteArrayExtra(
ChooseLockSettingsHelper.EXTRA_KEY_PASSWORD);
w.setBlocking(true);
w.setListener(this);
w.start(mChooseLockSettingsHelper.utils(), required, false, 0,
currentBytes, currentBytes, mRequestedQuality, mUserId);
}
mTextChangedHandler = new TextChangedHandler();
}
@Override
public View onCreateView(LayoutInflater inflater, ViewGroup container,
Bundle savedInstanceState) {
return inflater.inflate(R.layout.choose_lock_password, container, false);
}
@Override
public void onViewCreated(View view, Bundle savedInstanceState) {
super.onViewCreated(view, savedInstanceState);
mLayout = (GlifLayout) view;
// Make the password container consume the optical insets so the edit text is aligned
// with the sides of the parent visually.
ViewGroup container = view.findViewById(R.id.password_container);
container.setOpticalInsets(Insets.NONE);
final FooterBarMixin mixin = mLayout.getMixin(FooterBarMixin.class);
mixin.setSecondaryButton(
new FooterButton.Builder(getActivity())
.setText(R.string.lockpassword_clear_label)
.setListener(this::onSkipOrClearButtonClick)
.setButtonType(FooterButton.ButtonType.SKIP)
.setTheme(R.style.SudGlifButton_Secondary)
.build()
);
mixin.setPrimaryButton(
new FooterButton.Builder(getActivity())
.setText(R.string.next_label)
.setListener(this::onNextButtonClick)
.setButtonType(FooterButton.ButtonType.NEXT)
.setTheme(R.style.SudGlifButton_Primary)
.build()
);
mSkipOrClearButton = mixin.getSecondaryButton();
mNextButton = mixin.getPrimaryButton();
mMessage = view.findViewById(R.id.sud_layout_description);
if (mForFingerprint) {
mLayout.setIcon(getActivity().getDrawable(R.drawable.ic_fingerprint_header));
} else if (mForFace) {
mLayout.setIcon(getActivity().getDrawable(R.drawable.ic_face_header));
}
mIsAlphaMode = DevicePolicyManager.PASSWORD_QUALITY_ALPHABETIC == mRequestedQuality
|| DevicePolicyManager.PASSWORD_QUALITY_ALPHANUMERIC == mRequestedQuality
|| DevicePolicyManager.PASSWORD_QUALITY_COMPLEX == mRequestedQuality;
setupPasswordRequirementsView(view);
mPasswordRestrictionView.setLayoutManager(new LinearLayoutManager(getActivity()));
mPasswordEntry = view.findViewById(R.id.password_entry);
mPasswordEntry.setOnEditorActionListener(this);
mPasswordEntry.addTextChangedListener(this);
mPasswordEntry.requestFocus();
mPasswordEntryInputDisabler = new TextViewInputDisabler(mPasswordEntry);
final Activity activity = getActivity();
int currentType = mPasswordEntry.getInputType();
mPasswordEntry.setInputType(mIsAlphaMode ? currentType
: (InputType.TYPE_CLASS_NUMBER | InputType.TYPE_NUMBER_VARIATION_PASSWORD));
// Can't set via XML since setInputType resets the fontFamily to null
mPasswordEntry.setTypeface(Typeface.create(
getContext().getString(com.android.internal.R.string.config_headlineFontFamily),
Typeface.NORMAL));
Intent intent = getActivity().getIntent();
final boolean confirmCredentials = intent.getBooleanExtra(
ChooseLockGeneric.CONFIRM_CREDENTIALS, true);
mCurrentPassword = intent.getByteArrayExtra(
ChooseLockSettingsHelper.EXTRA_KEY_PASSWORD);
mHasChallenge = intent.getBooleanExtra(
ChooseLockSettingsHelper.EXTRA_KEY_HAS_CHALLENGE, false);
mChallenge = intent.getLongExtra(ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE, 0);
if (savedInstanceState == null) {
updateStage(Stage.Introduction);
if (confirmCredentials) {
mChooseLockSettingsHelper.launchConfirmationActivity(CONFIRM_EXISTING_REQUEST,
getString(R.string.unlock_set_unlock_launch_picker_title), true,
mUserId);
}
} else {
// restore from previous state
mFirstPin = savedInstanceState.getByteArray(KEY_FIRST_PIN);
final String state = savedInstanceState.getString(KEY_UI_STAGE);
if (state != null) {
mUiStage = Stage.valueOf(state);
updateStage(mUiStage);
}
if (mCurrentPassword == null) {
mCurrentPassword = savedInstanceState.getByteArray(KEY_CURRENT_PASSWORD);
}
// Re-attach to the exiting worker if there is one.
mSaveAndFinishWorker = (SaveAndFinishWorker) getFragmentManager().findFragmentByTag(
FRAGMENT_TAG_SAVE_AND_FINISH);
}
if (activity instanceof SettingsActivity) {
final SettingsActivity sa = (SettingsActivity) activity;
int title = Stage.Introduction.getHint(mIsAlphaMode, getStageType());
sa.setTitle(title);
mLayout.setHeaderText(title);
}
}
private int getStageType() {
return mForFingerprint ? Stage.TYPE_FINGERPRINT :
mForFace ? Stage.TYPE_FACE :
Stage.TYPE_NONE;
}
private void setupPasswordRequirementsView(View view) {
mPasswordRestrictionView = view.findViewById(R.id.password_requirements_view);
mPasswordRestrictionView.setLayoutManager(new LinearLayoutManager(getActivity()));
mPasswordRequirementAdapter = new PasswordRequirementAdapter();
mPasswordRestrictionView.setAdapter(mPasswordRequirementAdapter);
}
@Override
public int getMetricsCategory() {
return SettingsEnums.CHOOSE_LOCK_PASSWORD;
}
@Override
public void onResume() {
super.onResume();
updateStage(mUiStage);
if (mSaveAndFinishWorker != null) {
mSaveAndFinishWorker.setListener(this);
} else {
mPasswordEntry.requestFocus();
mPasswordEntry.scheduleShowSoftInput();
}
}
@Override
public void onPause() {
if (mSaveAndFinishWorker != null) {
mSaveAndFinishWorker.setListener(null);
}
super.onPause();
}
@Override
public void onSaveInstanceState(Bundle outState) {
super.onSaveInstanceState(outState);
outState.putString(KEY_UI_STAGE, mUiStage.name());
outState.putByteArray(KEY_FIRST_PIN, mFirstPin);
outState.putByteArray(KEY_CURRENT_PASSWORD, mCurrentPassword);
}
@Override
public void onActivityResult(int requestCode, int resultCode,
Intent data) {
super.onActivityResult(requestCode, resultCode, data);
switch (requestCode) {
case CONFIRM_EXISTING_REQUEST:
if (resultCode != Activity.RESULT_OK) {
getActivity().setResult(RESULT_FINISHED);
getActivity().finish();
} else {
mCurrentPassword = data.getByteArrayExtra(
ChooseLockSettingsHelper.EXTRA_KEY_PASSWORD);
}
break;
}
}
protected Intent getRedactionInterstitialIntent(Context context) {
return RedactionInterstitial.createStartIntent(context, mUserId);
}
protected void updateStage(Stage stage) {
final Stage previousStage = mUiStage;
mUiStage = stage;
updateUi();
// If the stage changed, announce the header for accessibility. This
// is a no-op when accessibility is disabled.
if (previousStage != stage) {
mLayout.announceForAccessibility(mLayout.getHeaderText());
}
}
/**
* Read the requirements from {@link DevicePolicyManager} and intent and aggregate them.
*/
private void loadDpmPasswordRequirements() {
final int dpmPasswordQuality = mLockPatternUtils.getRequestedPasswordQuality(mUserId);
if (dpmPasswordQuality == PASSWORD_QUALITY_NUMERIC_COMPLEX) {
mPasswordNumSequenceAllowed = false;
}
mPasswordMinLength = Math.max(LockPatternUtils.MIN_LOCK_PASSWORD_SIZE,
mLockPatternUtils.getRequestedMinimumPasswordLength(mUserId));
mPasswordMaxLength = mLockPatternUtils.getMaximumPasswordLength(mRequestedQuality);
mPasswordMinLetters = mLockPatternUtils.getRequestedPasswordMinimumLetters(mUserId);
mPasswordMinUpperCase = mLockPatternUtils.getRequestedPasswordMinimumUpperCase(mUserId);
mPasswordMinLowerCase = mLockPatternUtils.getRequestedPasswordMinimumLowerCase(mUserId);
mPasswordMinNumeric = mLockPatternUtils.getRequestedPasswordMinimumNumeric(mUserId);
mPasswordMinSymbols = mLockPatternUtils.getRequestedPasswordMinimumSymbols(mUserId);
mPasswordMinNonLetter = mLockPatternUtils.getRequestedPasswordMinimumNonLetter(mUserId);
// Modify the value based on dpm policy
switch (dpmPasswordQuality) {
case PASSWORD_QUALITY_ALPHABETIC:
if (mPasswordMinLetters == 0) {
mPasswordMinLetters = 1;
}
break;
case PASSWORD_QUALITY_ALPHANUMERIC:
if (mPasswordMinLetters == 0) {
mPasswordMinLetters = 1;
}
if (mPasswordMinNumeric == 0) {
mPasswordMinNumeric = 1;
}
break;
case PASSWORD_QUALITY_COMPLEX:
// Reserve all the requirements.
break;
default:
mPasswordMinNumeric = 0;
mPasswordMinLetters = 0;
mPasswordMinUpperCase = 0;
mPasswordMinLowerCase = 0;
mPasswordMinSymbols = 0;
mPasswordMinNonLetter = 0;
}
mPasswordMinLengthToFulfillAllPolicies = getMinLengthToFulfillAllPolicies();
}
/**
* Merges the dpm requirements and the min complexity requirements.
*
* <p>Since there are more than one set of metrics to meet the min complexity requirement,
* and we are not hard-coding any one of them to be the requirements the user must fulfil,
* we are taking what the user has already entered into account when compiling the list of
* requirements from min complexity. Then we merge this list with the DPM requirements, and
* present the merged set as validation results to the user on the UI.
*
* <p>For example, suppose min complexity requires either ALPHABETIC(8+), or
* ALPHANUMERIC(6+). If the user has entered "a", the length requirement displayed on the UI
* would be 8. Then the user appends "1" to make it "a1". We now know the user is entering
* an alphanumeric password so we would update the min complexity required min length to 6.
* This might result in a little confusion for the user but the UI does not support showing
* multiple sets of requirements / validation results as options to users, this is the best
* we can do now.
*/
private void mergeMinComplexityAndDpmRequirements(int userEnteredPasswordQuality) {
if (mRequestedMinComplexity == PASSWORD_COMPLEXITY_NONE) {
// dpm requirements are dominant if min complexity is none
return;
}
// reset dpm requirements
loadDpmPasswordRequirements();
PasswordMetrics minMetrics = PasswordMetrics.getMinimumMetrics(
mRequestedMinComplexity, userEnteredPasswordQuality, mRequestedQuality,
requiresNumeric(), requiresLettersOrSymbols());
mPasswordNumSequenceAllowed = mPasswordNumSequenceAllowed
&& minMetrics.quality != PASSWORD_QUALITY_NUMERIC_COMPLEX;
mPasswordMinLength = Math.max(mPasswordMinLength, minMetrics.length);
mPasswordMinLetters = Math.max(mPasswordMinLetters, minMetrics.letters);
mPasswordMinUpperCase = Math.max(mPasswordMinUpperCase, minMetrics.upperCase);
mPasswordMinLowerCase = Math.max(mPasswordMinLowerCase, minMetrics.lowerCase);
mPasswordMinNumeric = Math.max(mPasswordMinNumeric, minMetrics.numeric);
mPasswordMinSymbols = Math.max(mPasswordMinSymbols, minMetrics.symbols);
mPasswordMinNonLetter = Math.max(mPasswordMinNonLetter, minMetrics.nonLetter);
if (minMetrics.quality == PASSWORD_QUALITY_ALPHABETIC) {
if (!requiresLettersOrSymbols()) {
mPasswordMinLetters = 1;
}
}
if (minMetrics.quality == PASSWORD_QUALITY_ALPHANUMERIC) {
if (!requiresLettersOrSymbols()) {
mPasswordMinLetters = 1;
}
if (!requiresNumeric()) {
mPasswordMinNumeric = 1;
}
}
mPasswordMinLengthToFulfillAllPolicies = getMinLengthToFulfillAllPolicies();
}
private boolean requiresLettersOrSymbols() {
// This is the condition for the password to be considered ALPHABETIC according to
// PasswordMetrics.computeForPassword()
return mPasswordMinLetters + mPasswordMinUpperCase
+ mPasswordMinLowerCase + mPasswordMinSymbols + mPasswordMinNonLetter > 0;
}
private boolean requiresNumeric() {
return mPasswordMinNumeric > 0;
}
/**
* Validates PIN/Password and returns the validation result.
*
* @param password the raw password the user typed in
* @return the validation result.
*/
@VisibleForTesting
int validatePassword(byte[] password) {
int errorCode = NO_ERROR;
final PasswordMetrics metrics = PasswordMetrics.computeForPassword(password);
mergeMinComplexityAndDpmRequirements(metrics.quality);
if (password == null || password.length < mPasswordMinLength) {
if (mPasswordMinLength > mPasswordMinLengthToFulfillAllPolicies) {
errorCode |= TOO_SHORT;
}
} else if (password.length > mPasswordMaxLength) {
errorCode |= TOO_LONG;
} else {
// The length requirements are fulfilled.
if (!mPasswordNumSequenceAllowed
&& !requiresLettersOrSymbols()
&& metrics.numeric == password.length) {
// Check for repeated characters or sequences (e.g. '1234', '0000', '2468')
// if DevicePolicyManager or min password complexity requires a complex numeric
// password. There can be two cases in the UI: 1. User chooses to enroll a
// PIN, 2. User chooses to enroll a password but enters a numeric-only pin. We
// should carry out the sequence check in both cases.
//
// Conditions for the !requiresLettersOrSymbols() to be necessary:
// - DPM requires NUMERIC_COMPLEX
// - min complexity not NONE, user picks PASSWORD type so ALPHABETIC or
// ALPHANUMERIC is required
// Imagine user has entered "12345678", if we don't skip the sequence check, the
// validation result would show both "requires a letter" and "sequence not
// allowed", while the only requirement the user needs to know is "requires a
// letter" because once the user has fulfilled the alphabetic requirement, the
// password would not be containing only digits so this check would not be
// performed anyway.
final int sequence = PasswordMetrics.maxLengthSequence(password);
if (sequence > PasswordMetrics.MAX_ALLOWED_SEQUENCE) {
errorCode |= CONTAIN_SEQUENTIAL_DIGITS;
}
}
// Is the password recently used?
if (mLockPatternUtils.checkPasswordHistory(password, getPasswordHistoryHashFactor(),
mUserId)) {
errorCode |= RECENTLY_USED;
}
}
// Allow non-control Latin-1 characters only.
for (int i = 0; i < password.length; i++) {
char c = (char) password[i];
if (c < 32 || c > 127) {
errorCode |= CONTAIN_INVALID_CHARACTERS;
break;
}
}
// Ensure no non-digits if we are requesting numbers. This shouldn't be possible unless
// user finds some way to bring up soft keyboard.
if (mRequestedQuality == PASSWORD_QUALITY_NUMERIC
|| mRequestedQuality == PASSWORD_QUALITY_NUMERIC_COMPLEX) {
if (metrics.letters > 0 || metrics.symbols > 0) {
errorCode |= CONTAIN_NON_DIGITS;
}
}
if (metrics.letters < mPasswordMinLetters) {
errorCode |= NOT_ENOUGH_LETTER;
}
if (metrics.upperCase < mPasswordMinUpperCase) {
errorCode |= NOT_ENOUGH_UPPER_CASE;
}
if (metrics.lowerCase < mPasswordMinLowerCase) {
errorCode |= NOT_ENOUGH_LOWER_CASE;
}
if (metrics.symbols < mPasswordMinSymbols) {
errorCode |= NOT_ENOUGH_SYMBOLS;
}
if (metrics.numeric < mPasswordMinNumeric) {
errorCode |= NOT_ENOUGH_DIGITS;
}
if (metrics.nonLetter < mPasswordMinNonLetter) {
errorCode |= NOT_ENOUGH_NON_LETTER;
}
return errorCode;
}
/**
* Lazily compute and return the history hash factor of the current user (mUserId), used for
* password history check.
*/
private byte[] getPasswordHistoryHashFactor() {
if (mPasswordHistoryHashFactor == null) {
mPasswordHistoryHashFactor = mLockPatternUtils.getPasswordHistoryHashFactor(
mCurrentPassword, mUserId);
}
return mPasswordHistoryHashFactor;
}
public void handleNext() {
if (mSaveAndFinishWorker != null) return;
// TODO(b/120484642): This is a point of entry for passwords from the UI
mChosenPassword = LockPatternUtils.charSequenceToByteArray(mPasswordEntry.getText());
if (mChosenPassword == null || mChosenPassword.length == 0) {
return;
}
if (mUiStage == Stage.Introduction) {
if (validatePassword(mChosenPassword) == NO_ERROR) {
mFirstPin = mChosenPassword;
mPasswordEntry.setText("");
updateStage(Stage.NeedToConfirm);
} else {
Arrays.fill(mChosenPassword, (byte) 0);
}
} else if (mUiStage == Stage.NeedToConfirm) {
if (Arrays.equals(mFirstPin, mChosenPassword)) {
startSaveAndFinish();
} else {
CharSequence tmp = mPasswordEntry.getText();
if (tmp != null) {
Selection.setSelection((Spannable) tmp, 0, tmp.length());
}
updateStage(Stage.ConfirmWrong);
Arrays.fill(mChosenPassword, (byte) 0);
}
}
}
protected void setNextEnabled(boolean enabled) {
mNextButton.setEnabled(enabled);
}
protected void setNextText(int text) {
mNextButton.setText(getActivity(), text);
}
protected void onSkipOrClearButtonClick(View view) {
mPasswordEntry.setText("");
}
protected void onNextButtonClick(View view) {
handleNext();
}
public boolean onEditorAction(TextView v, int actionId, KeyEvent event) {
// Check if this was the result of hitting the enter or "done" key
if (actionId == EditorInfo.IME_NULL
|| actionId == EditorInfo.IME_ACTION_DONE
|| actionId == EditorInfo.IME_ACTION_NEXT) {
handleNext();
return true;
}
return false;
}
/**
* @param errorCode error code returned from {@link #validatePassword(String)}.
* @return an array of messages describing the error, important messages come first.
*/
String[] convertErrorCodeToMessages(int errorCode) {
List<String> messages = new ArrayList<>();
if ((errorCode & CONTAIN_INVALID_CHARACTERS) > 0) {
messages.add(getString(R.string.lockpassword_illegal_character));
}
if ((errorCode & CONTAIN_NON_DIGITS) > 0) {
messages.add(getString(R.string.lockpassword_pin_contains_non_digits));
}
if ((errorCode & NOT_ENOUGH_UPPER_CASE) > 0) {
messages.add(getResources().getQuantityString(
R.plurals.lockpassword_password_requires_uppercase, mPasswordMinUpperCase,
mPasswordMinUpperCase));
}
if ((errorCode & NOT_ENOUGH_LOWER_CASE) > 0) {
messages.add(getResources().getQuantityString(
R.plurals.lockpassword_password_requires_lowercase, mPasswordMinLowerCase,
mPasswordMinLowerCase));
}
if ((errorCode & NOT_ENOUGH_LETTER) > 0) {
messages.add(getResources().getQuantityString(
R.plurals.lockpassword_password_requires_letters, mPasswordMinLetters,
mPasswordMinLetters));
}
if ((errorCode & NOT_ENOUGH_DIGITS) > 0) {
messages.add(getResources().getQuantityString(
R.plurals.lockpassword_password_requires_numeric, mPasswordMinNumeric,
mPasswordMinNumeric));
}
if ((errorCode & NOT_ENOUGH_SYMBOLS) > 0) {
messages.add(getResources().getQuantityString(
R.plurals.lockpassword_password_requires_symbols, mPasswordMinSymbols,
mPasswordMinSymbols));
}
if ((errorCode & NOT_ENOUGH_NON_LETTER) > 0) {
messages.add(getResources().getQuantityString(
R.plurals.lockpassword_password_requires_nonletter, mPasswordMinNonLetter,
mPasswordMinNonLetter));
}
if ((errorCode & TOO_SHORT) > 0) {
messages.add(getResources().getQuantityString(
mIsAlphaMode
? R.plurals.lockpassword_password_too_short
: R.plurals.lockpassword_pin_too_short,
mPasswordMinLength,
mPasswordMinLength));
}
if ((errorCode & TOO_LONG) > 0) {
messages.add(getResources().getQuantityString(
mIsAlphaMode
? R.plurals.lockpassword_password_too_long
: R.plurals.lockpassword_pin_too_long,
mPasswordMaxLength + 1,
mPasswordMaxLength + 1));
}
if ((errorCode & CONTAIN_SEQUENTIAL_DIGITS) > 0) {
messages.add(getString(R.string.lockpassword_pin_no_sequential_digits));
}
if ((errorCode & RECENTLY_USED) > 0) {
messages.add(getString((mIsAlphaMode) ? R.string.lockpassword_password_recently_used
: R.string.lockpassword_pin_recently_used));
}
return messages.toArray(new String[0]);
}
private int getMinLengthToFulfillAllPolicies() {
final int minLengthForLetters = Math.max(mPasswordMinLetters,
mPasswordMinUpperCase + mPasswordMinLowerCase);
final int minLengthForNonLetters = Math.max(mPasswordMinNonLetter,
mPasswordMinSymbols + mPasswordMinNumeric);
return minLengthForLetters + minLengthForNonLetters;
}
/**
* Update the hint based on current Stage and length of password entry
*/
protected void updateUi() {
final boolean canInput = mSaveAndFinishWorker == null;
byte[] password = LockPatternUtils.charSequenceToByteArray(mPasswordEntry.getText());
final int length = password.length;
if (mUiStage == Stage.Introduction) {
mPasswordRestrictionView.setVisibility(View.VISIBLE);
final int errorCode = validatePassword(password);
String[] messages = convertErrorCodeToMessages(errorCode);
// Update the fulfillment of requirements.
mPasswordRequirementAdapter.setRequirements(messages);
// Enable/Disable the next button accordingly.
setNextEnabled(errorCode == NO_ERROR);
} else {
// Hide password requirement view when we are just asking user to confirm the pw.
mPasswordRestrictionView.setVisibility(View.GONE);
setHeaderText(getString(mUiStage.getHint(mIsAlphaMode, getStageType())));
setNextEnabled(canInput && length >= mPasswordMinLength);
mSkipOrClearButton.setVisibility(toVisibility(canInput && length > 0));
}
int message = mUiStage.getMessage(mIsAlphaMode, getStageType());
if (message != 0) {
mMessage.setVisibility(View.VISIBLE);
mMessage.setText(message);
} else {
mMessage.setVisibility(View.INVISIBLE);
}
setNextText(mUiStage.buttonText);
mPasswordEntryInputDisabler.setInputEnabled(canInput);
Arrays.fill(password, (byte) 0);
}
protected int toVisibility(boolean visibleOrGone) {
return visibleOrGone ? View.VISIBLE : View.GONE;
}
private void setHeaderText(String text) {
// Only set the text if it is different than the existing one to avoid announcing again.
if (!TextUtils.isEmpty(mLayout.getHeaderText())
&& mLayout.getHeaderText().toString().equals(text)) {
return;
}
mLayout.setHeaderText(text);
}
public void afterTextChanged(Editable s) {
// Changing the text while error displayed resets to NeedToConfirm state
if (mUiStage == Stage.ConfirmWrong) {
mUiStage = Stage.NeedToConfirm;
}
// Schedule the UI update.
mTextChangedHandler.notifyAfterTextChanged();
}
public void beforeTextChanged(CharSequence s, int start, int count, int after) {
}
public void onTextChanged(CharSequence s, int start, int before, int count) {
}
private void startSaveAndFinish() {
if (mSaveAndFinishWorker != null) {
Log.w(TAG, "startSaveAndFinish with an existing SaveAndFinishWorker.");
return;
}
mPasswordEntryInputDisabler.setInputEnabled(false);
setNextEnabled(false);
mSaveAndFinishWorker = new SaveAndFinishWorker();
mSaveAndFinishWorker.setListener(this);
getFragmentManager().beginTransaction().add(mSaveAndFinishWorker,
FRAGMENT_TAG_SAVE_AND_FINISH).commit();
getFragmentManager().executePendingTransactions();
final boolean required = getActivity().getIntent().getBooleanExtra(
EncryptionInterstitial.EXTRA_REQUIRE_PASSWORD, true);
mSaveAndFinishWorker.start(mLockPatternUtils, required, mHasChallenge, mChallenge,
mChosenPassword, mCurrentPassword, mRequestedQuality, mUserId);
}
@Override
public void onChosenLockSaveFinished(boolean wasSecureBefore, Intent resultData) {
getActivity().setResult(RESULT_FINISHED, resultData);
if (mChosenPassword != null) {
Arrays.fill(mChosenPassword, (byte) 0);
}
if (mCurrentPassword != null) {
Arrays.fill(mCurrentPassword, (byte) 0);
}
if (mFirstPin != null) {
Arrays.fill(mFirstPin, (byte) 0);
}
mPasswordEntry.setText("");
if (!wasSecureBefore) {
Intent intent = getRedactionInterstitialIntent(getActivity());
if (intent != null) {
startActivity(intent);
}
}
getActivity().finish();
}
class TextChangedHandler extends Handler {
private static final int ON_TEXT_CHANGED = 1;
private static final int DELAY_IN_MILLISECOND = 100;
/**
* With the introduction of delay, we batch processing the text changed event to reduce
* unnecessary UI updates.
*/
private void notifyAfterTextChanged() {
removeMessages(ON_TEXT_CHANGED);
sendEmptyMessageDelayed(ON_TEXT_CHANGED, DELAY_IN_MILLISECOND);
}
@Override
public void handleMessage(Message msg) {
if (getActivity() == null) {
return;
}
if (msg.what == ON_TEXT_CHANGED) {
updateUi();
}
}
}
}
public static class SaveAndFinishWorker extends SaveChosenLockWorkerBase {
private byte[] mChosenPassword;
private byte[] mCurrentPassword;
private int mRequestedQuality;
public void start(LockPatternUtils utils, boolean required,
boolean hasChallenge, long challenge,
byte[] chosenPassword, byte[] currentPassword, int requestedQuality, int userId) {
prepare(utils, required, hasChallenge, challenge, userId);
mChosenPassword = chosenPassword;
mCurrentPassword = currentPassword;
mRequestedQuality = requestedQuality;
mUserId = userId;
start();
}
@Override
protected Pair<Boolean, Intent> saveAndVerifyInBackground() {
final boolean success = mUtils.saveLockPassword(
mChosenPassword, mCurrentPassword, mRequestedQuality, mUserId);
Intent result = null;
if (success && mHasChallenge) {
byte[] token;
try {
token = mUtils.verifyPassword(mChosenPassword, mChallenge, mUserId);
} catch (RequestThrottledException e) {
token = null;
}
if (token == null) {
Log.e(TAG, "critical: no token returned for known good password.");
}
result = new Intent();
result.putExtra(ChooseLockSettingsHelper.EXTRA_KEY_CHALLENGE_TOKEN, token);
}
return Pair.create(success, result);
}
}
}