Add SSL certificate pinning. Implements https://redmine.stoutner.com/issues/54.
[PrivacyBrowser.git] / app / src / main / java / com / stoutner / privacybrowser / dialogs / SslCertificateErrorDialog.java
1 /*
2  * Copyright © 2016-2017 Soren Stoutner <soren@stoutner.com>.
3  *
4  * This file is part of Privacy Browser <https://www.stoutner.com/privacy-browser>.
5  *
6  * Privacy Browser is free software: you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License as published by
8  * the Free Software Foundation, either version 3 of the License, or
9  * (at your option) any later version.
10  *
11  * Privacy Browser is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  * GNU General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with Privacy Browser.  If not, see <http://www.gnu.org/licenses/>.
18  */
19
20 package com.stoutner.privacybrowser.dialogs;
21
22 import android.annotation.SuppressLint;
23 import android.app.AlertDialog;
24 import android.app.Dialog;
25 import android.content.Context;
26 import android.content.DialogInterface;
27 import android.net.http.SslCertificate;
28 import android.net.http.SslError;
29 import android.os.Bundle;
30 import android.support.annotation.NonNull;
31 // We have to use `AppCompatDialogFragment` instead of `DialogFragment` or an error is produced on API <= 22.
32 import android.support.v7.app.AppCompatDialogFragment;
33 import android.text.SpannableStringBuilder;
34 import android.text.Spanned;
35 import android.text.style.ForegroundColorSpan;
36 import android.view.LayoutInflater;
37 import android.widget.TextView;
38
39 import com.stoutner.privacybrowser.R;
40 import com.stoutner.privacybrowser.activities.MainWebViewActivity;
41
42 import java.text.DateFormat;
43 import java.util.Date;
44
45 public class SslCertificateErrorDialog extends AppCompatDialogFragment {
46
47     private int primaryErrorInt;
48     private String urlWithError;
49     private String issuedToCName;
50     private String issuedToOName;
51     private String issuedToUName;
52     private String issuedByCName;
53     private String issuedByOName;
54     private String issuedByUName;
55     private String startDate;
56     private String endDate;
57
58     public static SslCertificateErrorDialog displayDialog(SslError error) {
59         // Get the various components of the SSL error message.
60         int primaryErrorIntForBundle = error.getPrimaryError();
61         String urlWithErrorForBundle = error.getUrl();
62         SslCertificate sslCertificate = error.getCertificate();
63         String issuedToCNameForBundle = sslCertificate.getIssuedTo().getCName();
64         String issuedToONameForBundle = sslCertificate.getIssuedTo().getOName();
65         String issuedToUNameForBundle = sslCertificate.getIssuedTo().getUName();
66         String issuedByCNameForBundle = sslCertificate.getIssuedBy().getCName();
67         String issuedByONameForBundle = sslCertificate.getIssuedBy().getOName();
68         String issuedByUNameForBundle = sslCertificate.getIssuedBy().getUName();
69         Date startDateForBundle = sslCertificate.getValidNotBeforeDate();
70         Date endDateForBundle = sslCertificate.getValidNotAfterDate();
71
72         // Store the SSL error message components in a `Bundle`.
73         Bundle argumentsBundle = new Bundle();
74         argumentsBundle.putInt("PrimaryErrorInt", primaryErrorIntForBundle);
75         argumentsBundle.putString("UrlWithError", urlWithErrorForBundle);
76         argumentsBundle.putString("IssuedToCName", issuedToCNameForBundle);
77         argumentsBundle.putString("IssuedToOName", issuedToONameForBundle);
78         argumentsBundle.putString("IssuedToUName", issuedToUNameForBundle);
79         argumentsBundle.putString("IssuedByCName", issuedByCNameForBundle);
80         argumentsBundle.putString("IssuedByOName", issuedByONameForBundle);
81         argumentsBundle.putString("IssuedByUName", issuedByUNameForBundle);
82         argumentsBundle.putString("StartDate", DateFormat.getDateTimeInstance(DateFormat.MEDIUM, DateFormat.LONG).format(startDateForBundle));
83         argumentsBundle.putString("EndDate", DateFormat.getDateTimeInstance(DateFormat.MEDIUM, DateFormat.LONG).format(endDateForBundle));
84
85         // Add `argumentsBundle` to this instance of `SslCertificateErrorDialog`.
86         SslCertificateErrorDialog thisSslCertificateErrorDialog = new SslCertificateErrorDialog();
87         thisSslCertificateErrorDialog.setArguments(argumentsBundle);
88         return thisSslCertificateErrorDialog;
89     }
90
91     @Override
92     public void onCreate(Bundle savedInstanceState) {
93         super.onCreate(savedInstanceState);
94
95         // Save the components of the SSL error message in class variables.
96         primaryErrorInt = getArguments().getInt("PrimaryErrorInt");
97         urlWithError = getArguments().getString("UrlWithError");
98         issuedToCName = getArguments().getString("IssuedToCName");
99         issuedToOName = getArguments().getString("IssuedToOName");
100         issuedToUName = getArguments().getString("IssuedToUName");
101         issuedByCName = getArguments().getString("IssuedByCName");
102         issuedByOName = getArguments().getString("IssuedByOName");
103         issuedByUName = getArguments().getString("IssuedByUName");
104         startDate = getArguments().getString("StartDate");
105         endDate = getArguments().getString("EndDate");
106     }
107
108     // The public interface is used to send information back to the parent activity.
109     public interface SslCertificateErrorListener {
110         void onSslErrorCancel();
111
112         void onSslErrorProceed();
113     }
114
115     // `sslCertificateErrorListener` is used in `onAttach` and `onCreateDialog`.
116     private SslCertificateErrorListener sslCertificateErrorListener;
117
118     // Check to make sure that the parent activity implements the listener.
119     public void onAttach(Context context) {
120         super.onAttach(context);
121
122         try {
123             sslCertificateErrorListener = (SslCertificateErrorListener) context;
124         } catch(ClassCastException exception) {
125             throw new ClassCastException(context.toString() + " must implement SslCertificateErrorListener");
126         }
127     }
128
129     // `@SuppressLing("InflateParams")` removes the warning about using `null` as the parent view group when inflating the `AlertDialog`.
130     @SuppressLint("InflateParams")
131     @SuppressWarnings("deprecation")
132     @Override
133     @NonNull
134     public Dialog onCreateDialog(Bundle savedInstanceState) {
135         // Get the activity's layout inflater.
136         LayoutInflater layoutInflater = getActivity().getLayoutInflater();
137
138         // Use `AlertDialog.Builder` to create the `AlertDialog`.
139         AlertDialog.Builder dialogBuilder;
140
141         // Set the style and icon according to the theme.
142         if (MainWebViewActivity.darkTheme) {
143             // Set the style.
144             dialogBuilder = new AlertDialog.Builder(getActivity(), R.style.PrivacyBrowserAlertDialogDark);
145
146             // Set the icon.
147             dialogBuilder.setIcon(R.drawable.ssl_certificate_enabled_dark);
148         } else {
149             // Set the style.
150             dialogBuilder = new AlertDialog.Builder(getActivity(), R.style.PrivacyBrowserAlertDialogLight);
151
152             // Set the icon.
153             dialogBuilder.setIcon(R.drawable.ssl_certificate_enabled_light);
154         }
155
156         // Set the title.
157         dialogBuilder.setTitle(R.string.ssl_certificate_error);
158
159         // Set the view.  The parent view is `null` because it will be assigned by `AlertDialog`.
160         dialogBuilder.setView(layoutInflater.inflate(R.layout.ssl_certificate_error, null));
161
162         // Set an `onClick` listener on the negative button.  `null` doesn't do anything extra when the button is pressed.  The `Dialog` will automatically close.
163         dialogBuilder.setNegativeButton(R.string.cancel, new DialogInterface.OnClickListener() {
164             @Override
165             public void onClick(DialogInterface dialog, int which) {
166                 sslCertificateErrorListener.onSslErrorCancel();
167             }
168         });
169
170         // Set an `onClick` listener on the positive button.
171         dialogBuilder.setPositiveButton(R.string.proceed, new DialogInterface.OnClickListener() {
172             @Override
173             public void onClick(DialogInterface dialog, int which) {
174                 sslCertificateErrorListener.onSslErrorProceed();
175             }
176         });
177
178
179         // Create an `AlertDialog` from the `AlertDialog.Builder`.
180         AlertDialog alertDialog = dialogBuilder.create();
181
182         // We have to show the `AlertDialog` before we can modify the content.
183         alertDialog.show();
184
185         // Get handles for the `TextViews`
186         TextView primaryErrorTextView = (TextView) alertDialog.findViewById(R.id.primary_error);
187         TextView urlTextView = (TextView) alertDialog.findViewById(R.id.url_error_dialog);
188         TextView issuedToCNameTextView = (TextView) alertDialog.findViewById(R.id.issued_to_cname_error_dialog);
189         TextView issuedToONameTextView = (TextView) alertDialog.findViewById(R.id.issued_to_oname_error_dialog);
190         TextView issuedToUNameTextView = (TextView) alertDialog.findViewById(R.id.issued_to_uname_error_dialog);
191         TextView issuedByTextView = (TextView) alertDialog.findViewById(R.id.issued_by_textview);
192         TextView issuedByCNameTextView = (TextView) alertDialog.findViewById(R.id.issued_by_cname_error_dialog);
193         TextView issuedByONameTextView = (TextView) alertDialog.findViewById(R.id.issued_by_oname_error_dialog);
194         TextView issuedByUNameTextView = (TextView) alertDialog.findViewById(R.id.issued_by_uname_error_dialog);
195         TextView validDatesTextView = (TextView) alertDialog.findViewById(R.id.valid_dates_textview);
196         TextView startDateTextView = (TextView) alertDialog.findViewById(R.id.start_date_error_dialog);
197         TextView endDateTextView = (TextView) alertDialog.findViewById(R.id.end_date_error_dialog);
198
199         // Setup the common strings.
200         String urlLabel = getString(R.string.url_label) + "  ";
201         String cNameLabel = getString(R.string.common_name) + "  ";
202         String oNameLabel = getString(R.string.organization) + "  ";
203         String uNameLabel = getString(R.string.organizational_unit) + "  ";
204         String startDateLabel = getString(R.string.start_date) + "  ";
205         String endDateLabel = getString(R.string.end_date) + "  ";
206
207         // Create a `SpannableStringBuilder` for each `TextView` that needs multiple colors of text.
208         SpannableStringBuilder urlStringBuilder = new SpannableStringBuilder(urlLabel + urlWithError);
209         SpannableStringBuilder issuedToCNameStringBuilder = new SpannableStringBuilder(cNameLabel + issuedToCName);
210         SpannableStringBuilder issuedToONameStringBuilder = new SpannableStringBuilder(oNameLabel + issuedToOName);
211         SpannableStringBuilder issuedToUNameStringBuilder = new SpannableStringBuilder(uNameLabel + issuedToUName);
212         SpannableStringBuilder issuedByCNameStringBuilder = new SpannableStringBuilder(cNameLabel + issuedByCName);
213         SpannableStringBuilder issuedByONameStringBuilder = new SpannableStringBuilder(oNameLabel + issuedByOName);
214         SpannableStringBuilder issuedByUNameStringBuilder = new SpannableStringBuilder(uNameLabel + issuedByUName);
215         SpannableStringBuilder startDateStringBuilder = new SpannableStringBuilder(startDateLabel + startDate);
216         SpannableStringBuilder endDateStringBuilder = new SpannableStringBuilder((endDateLabel + endDate));
217
218         // Create a red `ForegroundColorSpan`.  We have to use the deprecated `getColor` until API >= 23.
219         @SuppressWarnings("deprecation") ForegroundColorSpan redColorSpan = new ForegroundColorSpan(getResources().getColor(R.color.red_a700));
220
221         // Create a blue `ForegroundColorSpan`.
222         ForegroundColorSpan blueColorSpan;
223
224         // Set `blueColorSpan` according to the theme.  We have to use the deprecated `getColor()` until API >= 23.
225         if (MainWebViewActivity.darkTheme) {
226             //noinspection deprecation
227             blueColorSpan = new ForegroundColorSpan(getResources().getColor(R.color.blue_400));
228         } else {
229             //noinspection deprecation
230             blueColorSpan = new ForegroundColorSpan(getResources().getColor(R.color.blue_700));
231         }
232
233         // Setup the spans to display the certificate information in blue.  `SPAN_INCLUSIVE_INCLUSIVE` allows the span to grow in either direction.
234         urlStringBuilder.setSpan(blueColorSpan, urlLabel.length(), urlStringBuilder.length(), Spanned.SPAN_INCLUSIVE_INCLUSIVE);
235         issuedToCNameStringBuilder.setSpan(blueColorSpan, cNameLabel.length(), issuedToCNameStringBuilder.length(), Spanned.SPAN_INCLUSIVE_INCLUSIVE);
236         issuedToONameStringBuilder.setSpan(blueColorSpan, oNameLabel.length(), issuedToONameStringBuilder.length(), Spanned.SPAN_INCLUSIVE_INCLUSIVE);
237         issuedToUNameStringBuilder.setSpan(blueColorSpan, uNameLabel.length(), issuedToUNameStringBuilder.length(), Spanned.SPAN_INCLUSIVE_INCLUSIVE);
238         issuedByCNameStringBuilder.setSpan(blueColorSpan, cNameLabel.length(), issuedByCNameStringBuilder.length(), Spanned.SPAN_INCLUSIVE_INCLUSIVE);
239         issuedByONameStringBuilder.setSpan(blueColorSpan, oNameLabel.length(), issuedByONameStringBuilder.length(), Spanned.SPAN_INCLUSIVE_INCLUSIVE);
240         issuedByUNameStringBuilder.setSpan(blueColorSpan, uNameLabel.length(), issuedByUNameStringBuilder.length(), Spanned.SPAN_INCLUSIVE_INCLUSIVE);
241         startDateStringBuilder.setSpan(blueColorSpan, startDateLabel.length(), startDateStringBuilder.length(), Spanned.SPAN_INCLUSIVE_INCLUSIVE);
242         endDateStringBuilder.setSpan(blueColorSpan, endDateLabel.length(), endDateStringBuilder.length(), Spanned.SPAN_INCLUSIVE_INCLUSIVE);
243
244         // Initialize `primaryErrorString`.
245         String primaryErrorString = "";
246
247         // Highlight the primary error in red and store the primary error string in `primaryErrorString`.
248         switch (primaryErrorInt) {
249             case SslError.SSL_IDMISMATCH:
250                 // Change the URL span colors to red.
251                 urlStringBuilder.setSpan(redColorSpan, urlLabel.length(), urlStringBuilder.length(), Spanned.SPAN_INCLUSIVE_INCLUSIVE);
252                 issuedToCNameStringBuilder.setSpan(redColorSpan, cNameLabel.length(), issuedToCNameStringBuilder.length(), Spanned.SPAN_INCLUSIVE_INCLUSIVE);
253
254                 // Store the primary error string.
255                 primaryErrorString = getString(R.string.cn_mismatch);
256                 break;
257
258             case SslError.SSL_UNTRUSTED:
259                 // Change the `issuesByTextView` text to red.  We have to use the deprecated `getColor()` until API >= 23.
260                 issuedByTextView.setTextColor(getResources().getColor(R.color.red_a700));
261
262                 // Change the issued by span color to red.
263                 issuedByCNameStringBuilder.setSpan(redColorSpan, cNameLabel.length(), issuedByCNameStringBuilder.length(), Spanned.SPAN_INCLUSIVE_INCLUSIVE);
264                 issuedByONameStringBuilder.setSpan(redColorSpan, oNameLabel.length(), issuedByONameStringBuilder.length(), Spanned.SPAN_INCLUSIVE_INCLUSIVE);
265                 issuedByUNameStringBuilder.setSpan(redColorSpan, uNameLabel.length(), issuedByUNameStringBuilder.length(), Spanned.SPAN_INCLUSIVE_INCLUSIVE);
266
267                 // Store the primary error string.
268                 primaryErrorString = getString(R.string.untrusted);
269                 break;
270
271             case SslError.SSL_DATE_INVALID:
272                 // Change the `validDatesTextView` text to red.  We have to use the deprecated `getColor()` until API >= 23.
273                 validDatesTextView.setTextColor(getResources().getColor(R.color.red_a700));
274
275                 // Change the date span colors to red.
276                 startDateStringBuilder.setSpan(redColorSpan, startDateLabel.length(), startDateStringBuilder.length(), Spanned.SPAN_INCLUSIVE_INCLUSIVE);
277                 endDateStringBuilder.setSpan(redColorSpan, endDateLabel.length(), endDateStringBuilder.length(), Spanned.SPAN_INCLUSIVE_INCLUSIVE);
278
279                 // Store the primary error string.
280                 primaryErrorString = getString(R.string.invalid_date);
281                 break;
282
283             case SslError.SSL_NOTYETVALID:
284                 // Change the start date span color to red.
285                 startDateStringBuilder.setSpan(redColorSpan, startDateLabel.length(), startDateStringBuilder.length(), Spanned.SPAN_INCLUSIVE_INCLUSIVE);
286
287                 // Store the primary error string.
288                 primaryErrorString = getString(R.string.future_certificate);
289                 break;
290
291             case SslError.SSL_EXPIRED:
292                 // Change the end date span color to red.
293                 endDateStringBuilder.setSpan(redColorSpan, endDateLabel.length(), endDateStringBuilder.length(), Spanned.SPAN_INCLUSIVE_INCLUSIVE);
294
295                 // Store the primary error string.
296                 primaryErrorString = getString(R.string.expired_certificate);
297                 break;
298
299             case SslError.SSL_INVALID:
300                 // Store the primary error string.
301                 primaryErrorString = getString(R.string.invalid_certificate);
302                 break;
303         }
304
305
306         // Display the strings.
307         primaryErrorTextView.setText(primaryErrorString);
308         urlTextView.setText(urlStringBuilder);
309         issuedToCNameTextView.setText(issuedToCNameStringBuilder);
310         issuedToONameTextView.setText(issuedToONameStringBuilder);
311         issuedToUNameTextView.setText(issuedToUNameStringBuilder);
312         issuedByCNameTextView.setText(issuedByCNameStringBuilder);
313         issuedByONameTextView.setText(issuedByONameStringBuilder);
314         issuedByUNameTextView.setText(issuedByUNameStringBuilder);
315         startDateTextView.setText(startDateStringBuilder);
316         endDateTextView.setText(endDateStringBuilder);
317
318         // `onCreateDialog` requires the return of an `AlertDialog`.
319         return alertDialog;
320     }
321 }