From: Soren Stoutner <soren@stoutner.com>
Date: Wed, 23 Aug 2017 23:14:58 +0000 (-0700)
Subject: Add an SSL Certificate Pinning tab to the Guide.
X-Git-Tag: v2.5~4
X-Git-Url: https://gitweb.stoutner.com/?p=PrivacyBrowserAndroid.git;a=commitdiff_plain;h=6a240a3d02f43dae2ae30962958db6927a8bab2a

Add an SSL Certificate Pinning tab to the Guide.
---

diff --git a/.idea/dictionaries/soren.xml b/.idea/dictionaries/soren.xml
index 16a47ed1..f6ab929f 100644
--- a/.idea/dictionaries/soren.xml
+++ b/.idea/dictionaries/soren.xml
@@ -69,6 +69,7 @@
       <w>listview</w>
       <w>logins</w>
       <w>lossless</w>
+      <w>mitm</w>
       <w>mozilla</w>
       <w>navigationview</w>
       <w>nojs</w>
diff --git a/app/src/main/assets/en/guide_ssl_certificate_pinning.html b/app/src/main/assets/en/guide_ssl_certificate_pinning.html
new file mode 100644
index 00000000..429eb8da
--- /dev/null
+++ b/app/src/main/assets/en/guide_ssl_certificate_pinning.html
@@ -0,0 +1,65 @@
+<!--
+  Copyright © 2017 Soren Stoutner <soren@stoutner.com>.
+
+  This file is part of Privacy Browser <https://www.stoutner.com/privacy-browser>.
+
+  Privacy Browser is free software: you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation, either version 3 of the License, or
+  (at your option) any later version.
+
+  Privacy Browser is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with Privacy Browser.  If not, see <http://www.gnu.org/licenses/>. -->
+
+<html>
+    <head>
+        <meta charset="UTF-8">
+        <style>
+            h3 {
+                color: 0D4781;
+            }
+
+            img.title {
+                vertical-align: bottom;
+                height: 32;
+                width: 32;
+            }
+
+            img.center {
+                display: block;
+                margin-left: auto;
+                margin-right: auto;
+                height: 640;
+                width: 360;
+            }
+        </style>
+    </head>
+
+    <body>
+        <h3><img class="title" src="images/ic_vpn_lock_dark_blue.png"> Know Where You’re Going</h3>
+
+        <p>When visiting an encrypted URL (one that begins with HTTPS), the webserver uses an SSL certificate to both encrypt the information sent to the browser and to identify the server.
+            The purpose of the server identification is to prevent a machine located between the browser and the webserver from intercepting the traffic in transit, pretending to be the server, and decrypting the information as it is passed along.
+            This type of attack is known as a Man In The Middle (MITM) attack.  SSL certificates are generated by certificate authorities: companies that verify a server’s identity and produce a certificate for a fee.
+            Android has a list of trusted certificate authorities, and will accept any of their certificates for any website.
+            It isn’t supposed to be possible for an organization to acquire an SSL certificate for a domain they do not control, but in practice many governments and large corporations have been able to do so.</p>
+
+        <p>The purpose of SSL certificate pinning is to tell the browser that only one specific SSL certificate is to be trusted for a particular domain.  Any other valid certificate will be rejected.</p>
+
+        <p><img class="center" src="images/ssl_certificate_mismatch.png"></p>
+
+        <p>SSL certificates expire on a specified date, so even pinned SSL certificates will legitimately need to be updated from time to time.
+            As a general rule, pinning SSL certificates probably isn’t needed in the majority of cases.
+            But for those connecting to their own servers, or for those who suspect that powerful organizations may be targeting them directly, SSL certificate pinning can detect and thwart a MITM attack.</p>
+
+        <p><img class="center" src="images/pinned_ssl_certificate.png"></p>
+
+        <p>SSL certificates can be pinned in Domain Settings.
+            Besides protecting against MITM attacks, pinning a self-signed certificate for a device like a wireless router or access point will remove the error message that is normally presented every time its website is loaded.</p>
+    </body>
+</html>
\ No newline at end of file
diff --git a/app/src/main/assets/en/images/ic_vpn_lock_dark_blue.png b/app/src/main/assets/en/images/ic_vpn_lock_dark_blue.png
new file mode 100644
index 00000000..60c5c166
Binary files /dev/null and b/app/src/main/assets/en/images/ic_vpn_lock_dark_blue.png differ
diff --git a/app/src/main/assets/en/images/pinned_ssl_certificate.png b/app/src/main/assets/en/images/pinned_ssl_certificate.png
new file mode 100644
index 00000000..a2f95187
Binary files /dev/null and b/app/src/main/assets/en/images/pinned_ssl_certificate.png differ
diff --git a/app/src/main/assets/en/images/ssl_certificate_mismatch.png b/app/src/main/assets/en/images/ssl_certificate_mismatch.png
new file mode 100644
index 00000000..59b7225e
Binary files /dev/null and b/app/src/main/assets/en/images/ssl_certificate_mismatch.png differ
diff --git a/app/src/main/java/com/stoutner/privacybrowser/activities/GuideActivity.java b/app/src/main/java/com/stoutner/privacybrowser/activities/GuideActivity.java
index 3bde5a16..ea19f3a3 100644
--- a/app/src/main/java/com/stoutner/privacybrowser/activities/GuideActivity.java
+++ b/app/src/main/java/com/stoutner/privacybrowser/activities/GuideActivity.java
@@ -99,9 +99,12 @@ public class GuideActivity extends AppCompatActivity {
                     return getString(R.string.domain_settings);
 
                 case 5:
-                    return getString(R.string.tor);
+                    return getString(R.string.ssl_certificate_pinning);
 
                 case 6:
+                    return getString(R.string.tor);
+
+                case 7:
                     return getString(R.string.tracking_ids);
 
                 default:
diff --git a/app/src/main/java/com/stoutner/privacybrowser/fragments/GuideTabFragment.java b/app/src/main/java/com/stoutner/privacybrowser/fragments/GuideTabFragment.java
index 7cec388b..2a9d0666 100644
--- a/app/src/main/java/com/stoutner/privacybrowser/fragments/GuideTabFragment.java
+++ b/app/src/main/java/com/stoutner/privacybrowser/fragments/GuideTabFragment.java
@@ -107,10 +107,14 @@ public class GuideTabFragment extends Fragment {
                 break;
 
             case 5:
-                tabWebView.loadUrl("file:///android_asset/" + getString(R.string.android_asset_path) + "/guide_tor.html");
+                tabWebView.loadUrl("file:///android_asset/" + getString(R.string.android_asset_path) + "/guide_ssl_certificate_pinning.html");
                 break;
 
             case 6:
+                tabWebView.loadUrl("file:///android_asset/" + getString(R.string.android_asset_path) + "/guide_tor.html");
+                break;
+
+            case 7:
                 tabWebView.loadUrl("file:///android_asset/" + getString(R.string.android_asset_path) + "/guide_tracking_ids.html");
                 break;
         }
diff --git a/app/src/main/res/values-de/strings.xml b/app/src/main/res/values-de/strings.xml
index c468a063..bb9bcfe6 100644
--- a/app/src/main/res/values-de/strings.xml
+++ b/app/src/main/res/values-de/strings.xml
@@ -182,7 +182,6 @@
     <string name="overview">Übersicht</string>
     <string name="local_storage">Lokale Speicherung</string>
     <string name="tracking_ids">Verolgungs-IDs</string>
-    <string name="planned_features">Geplante Features</string>
 
     <!-- Preferences. -->
     <string name="privacy">Privatsphäre</string>
diff --git a/app/src/main/res/values-es/strings.xml b/app/src/main/res/values-es/strings.xml
index 04fdac90..6c1ea32c 100644
--- a/app/src/main/res/values-es/strings.xml
+++ b/app/src/main/res/values-es/strings.xml
@@ -84,6 +84,12 @@
     <string name="url">URL</string>
     <string name="url_label">URL:</string>
 
+    <!-- Pinned SSL Certificate Mismatch. -->
+    <string name="update_ssl">Actualizar SSL</string>
+    <string name="ssl_certificate_mismatch">No coincide el certificado SSL</string>
+    <string name="current_ssl">SSL actual</string>
+    <string name="pinned_ssl">SSL fijado</string>
+
     <!-- MainWebViewActivity Navigation Drawer. -->
     <string name="navigation_drawer">Caja de navegación</string>
     <string name="navigation">Navegación</string>
@@ -196,13 +202,16 @@
         <item>Imágenes habilitadas</item>
         <item>Imágenes deshabilitadas</item>
     </string-array>
+    <string name="pinned_ssl_certificate">Certificado SSL fijado</string>
+    <string name="saved_ssl_certificate">Certificado SSL guardado</string>
+    <string name="current_website_ssl_certificate">Certificado SSL actual de la web</string>
+    <string name="load_an_encrypted_website">Cargar una página web cifrada antes de abrir la configuración de dominio para rellenar el certificado SSL de la página web actual.</string>
 
     <!-- Guide. -->
     <string name="privacy_browser_guide">Guía de Navegador Privado</string>
     <string name="overview">Visión general</string>
     <string name="local_storage">Almacenamiento local</string>
     <string name="tracking_ids">Rastreo de IDs</string>
-    <string name="planned_features">Funciones planeadas</string>
 
     <!-- Preferences. -->
     <string name="privacy">Privacidad</string>
@@ -300,7 +309,7 @@
     <string name="clear_form_data_preference">Borrar datos de formulario</string>
     <string name="clear_form_data_summary">Borra los datos de formulario.</string>
     <string name="clear_cache">Borrar caché</string>
-    <string name="clear_cache_summary">Borra la caché de WebView’.</string>
+    <string name="clear_cache_summary">Borra la caché de WebView.</string>
     <string name="general">General</string>
         <string name="homepage">Página de inicio</string>
         <string name="default_font_size">Tamaño de fuente por defecto</string>
diff --git a/app/src/main/res/values-it/strings.xml b/app/src/main/res/values-it/strings.xml
index c94d1443..e278dd3a 100644
--- a/app/src/main/res/values-it/strings.xml
+++ b/app/src/main/res/values-it/strings.xml
@@ -204,7 +204,6 @@
     <string name="overview">Descrizione</string>
     <string name="local_storage">Archiviazione Locale</string>
     <string name="tracking_ids">Tracciamento utenti</string>
-    <string name="planned_features">Funzionalità future</string>
 
     <!-- Preferences. -->
     <string name="privacy">Privacy</string>
diff --git a/app/src/main/res/values/strings.xml b/app/src/main/res/values/strings.xml
index 4bb849c3..8315ce56 100644
--- a/app/src/main/res/values/strings.xml
+++ b/app/src/main/res/values/strings.xml
@@ -216,8 +216,8 @@
     <string name="privacy_browser_guide">Privacy Browser Guide</string>
     <string name="overview">Overview</string>
     <string name="local_storage">Local Storage</string>
+    <string name="ssl_certificate_pinning">SSL Certificate Pinning</string>
     <string name="tracking_ids">Tracking IDs</string>
-    <string name="planned_features">Planned Features</string>
 
     <!-- Preferences. -->
     <string name="privacy">Privacy</string>