Fixes #297: properly implement onReceivedSslError() method

Validation of SSL certificates is still not ideal, as https://badssl.com/ shows, but further improvements require more investigation.
9 years ago · 06e80ad541
15 changed files with 50 additions and 25 deletions
--- a/app/src/main/java/acr/browser/lightning/view/LightningView.java
+++ b/app/src/main/java/acr/browser/lightning/view/LightningView.java
@ -54,6 +54,8 @@ import java.io.File;
				@@ -54,6 +54,8 @@ import java.io.File;
 import java.io.FileOutputStream;
 import java.io.IOException;
 import java.net.URISyntaxException;
+import java.util.ArrayList;
+import java.util.List;

 import acr.browser.lightning.R;
 import acr.browser.lightning.app.BrowserApp;
@ -774,11 +776,47 @@ public class LightningView {
				@@ -774,11 +776,47 @@ public class LightningView {
            }
        }

+        private List<Integer> getAllSslErrorMessageCodes(SslError error) {
+
+            List<Integer> errorCodeMessageCodes = new ArrayList<>();
+
+            if (error.hasError(SslError.SSL_DATE_INVALID)) {
+                errorCodeMessageCodes.add(R.string.message_certificate_date_invalid);
+            }
+            if (error.hasError(SslError.SSL_EXPIRED)) {
+                errorCodeMessageCodes.add(R.string.message_certificate_expired);
+            }
+            if (error.hasError(SslError.SSL_IDMISMATCH)) {
+                errorCodeMessageCodes.add(R.string.message_certificate_domain_mismatch);
+            }
+            if (error.hasError(SslError.SSL_NOTYETVALID)) {
+                errorCodeMessageCodes.add(R.string.message_certificate_not_yet_valid);
+            }
+            if (error.hasError(SslError.SSL_UNTRUSTED)) {
+                errorCodeMessageCodes.add(R.string.message_certificate_untrusted);
+            }
+            if (error.hasError(SslError.SSL_INVALID)) {
+                errorCodeMessageCodes.add(R.string.message_certificate_invalid);
+            }
+
+            return errorCodeMessageCodes;
+        }
+
        @Override
        public void onReceivedSslError(WebView view, @NonNull final SslErrorHandler handler, SslError error) {
+
+            List<Integer> errorCodeMessageCodes = getAllSslErrorMessageCodes(error);
+
+            StringBuilder stringBuilder = new StringBuilder();
+            for (Integer messageCode : errorCodeMessageCodes) {
+                stringBuilder.append(" - ").append(mActivity.getString(messageCode)).append('\n');
+            }
+            String alertMessage =
+                    mActivity.getString(R.string.message_insecure_connection, stringBuilder.toString());
+
            AlertDialog.Builder builder = new AlertDialog.Builder(mActivity);
            builder.setTitle(mActivity.getString(R.string.title_warning));
-            builder.setMessage(mActivity.getString(R.string.message_untrusted_certificate))
+            builder.setMessage(alertMessage)
                    .setCancelable(true)
                    .setPositiveButton(mActivity.getString(R.string.action_yes),
                            new DialogInterface.OnClickListener() {
@ -794,13 +832,7 @@ public class LightningView {
				@@ -794,13 +832,7 @@ public class LightningView {
                                    handler.cancel();
                                }
                            });
-            AlertDialog alert = builder.create();
-            if (error.getPrimaryError() == SslError.SSL_UNTRUSTED) {
-                alert.show();
-            } else {
-                handler.proceed();
-            }
-
+            builder.create().show();
        }

        @Override
--- a/app/src/main/res/values-de/strings.xml
+++ b/app/src/main/res/values-de/strings.xml
@ -123,7 +123,6 @@
				@@ -123,7 +123,6 @@
    <string name="licenses">Open Source-Lizenzen</string>
    <string name="suggestion">Suche nach</string>
    <string name="block_ads">Werbung blockieren</string>
-    <string name="message_untrusted_certificate">Das Zertifikat dieser Webseite ist nicht vertrauenswürdig. Trotzdem fortsetzen?</string>
    <string name="title_form_resubmission">Formularneuzustellung</string>
    <string name="message_form_resubmission">Daten erneut senden?</string>
    <string name="message_location">\nMeine Position verwenden?</string>
--- a/app/src/main/res/values-es/strings.xml
+++ b/app/src/main/res/values-es/strings.xml
@ -106,7 +106,6 @@
				@@ -106,7 +106,6 @@
    <string name="licenses">Licencias de código abierto (open source)</string>
    <string name="suggestion">Buscar</string>
    <string name="block_ads">Bloquear anuncios</string>
-    <string name="message_untrusted_certificate">El certificado del sitio no es de fiar. ¿Continuar de todas maneras?</string>
    <string name="title_form_resubmission">Resubir el formulario</string>
    <string name="message_form_resubmission">¿Quieres mandar los datos de nuevo?</string>
    <string name="message_location">\n¿Quieres usar tu geolocalización?</string>
--- a/app/src/main/res/values-gr/strings.xml
+++ b/app/src/main/res/values-gr/strings.xml
@ -107,7 +107,6 @@
				@@ -107,7 +107,6 @@
    <string name="licenses">Άδειες ανοιχτού κώδικα</string>
    <string name="suggestion">Αναζήτηση για</string>
    <string name="block_ads">Μπλοκάρισμα διαφημίσεων</string>
-    <string name="message_untrusted_certificate">Το πιστοποιητικό δεν είναι αξιόπιστο. Συνέχεια παρ\'όλα αυτά;</string>
    <string name="title_form_resubmission">Επαναυποβολή φόρμας</string>
    <string name="message_form_resubmission">Θα θέλατε να ξαναστείλετε τα στοιχεία;</string>
    <string name="message_location">\nΘα θέλατε να χρησιμοποιήσετε την τοποθεσία σας;</string>
--- a/app/src/main/res/values-hu/strings.xml
+++ b/app/src/main/res/values-hu/strings.xml
@ -123,7 +123,6 @@
				@@ -123,7 +123,6 @@
    <string name="licenses">Nyílt forráskódú licencek</string>
    <string name="suggestion">Keresés</string>
    <string name="block_ads">Reklámok blokkolása</string>
-    <string name="message_untrusted_certificate">Az oldal tanusítványa nem megfelelő.Folytatja mindenképpen?</string>
    <string name="title_form_resubmission">Űrlap újraküldése</string>
    <string name="message_form_resubmission">Szeretnél újból elküldi az adatokat?</string>
    <string name="message_location">\nSzeretné használni a saját helyét?</string>
--- a/app/src/main/res/values-it/strings.xml
+++ b/app/src/main/res/values-it/strings.xml
@ -1,10 +1,10 @@
				@@ -1,10 +1,10 @@
 <?xml version="1.0" encoding="utf-8"?><!--
  Copyright 2013 The Android Open Source Project
-  
+
  Licensed under the Apache License, Version 2.0 (the "License");
  you may not use this file except in compliance with the License.
  You may obtain a copy of the License at
-  
+
      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
@ -120,7 +120,6 @@
				@@ -120,7 +120,6 @@
    <string name="custom_url">URL personale</string>
    <string name="message_blocked_local">Il caricamento del file locale è stato bloccato</string>
    <string name="suggestion">Cerca</string>
-    <string name="message_untrusted_certificate">Il certificato del sito non è fidato. Procedere comunque?</string>
    <string name="title_form_resubmission">Reinvio form</string>
    <string name="message_form_resubmission">Vuoi reinviare i dati?</string>
    <string name="message_location">\nVorrebbe usare la tua posizione</string>
--- a/app/src/main/res/values-ja/strings.xml
+++ b/app/src/main/res/values-ja/strings.xml
@ -120,7 +120,6 @@
				@@ -120,7 +120,6 @@
    <string name="licenses">オープンソースライセンス</string>
    <string name="suggestion">Search for</string>
    <string name="block_ads">広告ブロック</string>
-    <string name="message_untrusted_certificate">このページに信用性の証明書がありません。読み込みを続けますか?</string>
    <string name="title_form_resubmission">フォームの再送</string>
    <string name="message_form_resubmission">データを再送しますか?</string>
    <string name="message_location">\n位置情報の提供を許可しますか?</string>
--- a/app/src/main/res/values-ko/strings.xml
+++ b/app/src/main/res/values-ko/strings.xml
@ -106,7 +106,6 @@
				@@ -106,7 +106,6 @@
    <string name="licenses">오픈 소스 라이센스</string>
    <string name="suggestion">다음을 검색</string>
    <string name="block_ads">광고 차단</string>
-    <string name="message_untrusted_certificate">이 웹사이트의 인증서는 신뢰할 수 없습니다. 계속할까요?</string>
    <string name="title_form_resubmission">양식 다시 제출</string>
    <string name="message_form_resubmission">다시 전송할까요?</string>
    <string name="message_location">\n 이(가) 위치를 사용하고자 합니다</string>
@ -170,4 +169,4 @@
				@@ -170,4 +169,4 @@
    <string name="invert_color">색상 반전</string>
    <string name="dark_theme">어두운 테마 사용</string>
    <string name="tabs">탭</string>
-</resources>
+</resources>
--- a/app/src/main/res/values-pl/strings.xml
+++ b/app/src/main/res/values-pl/strings.xml
@ -106,7 +106,6 @@
				@@ -106,7 +106,6 @@
    <string name="licenses">Licencje Open Source</string>
    <string name="suggestion">Wyszukaj</string>
    <string name="block_ads">Blokuj reklamy</string>
-    <string name="message_untrusted_certificate">Certyfikat używany przez tę stronę nie jest zaufany. Kontynuować mimo wszystko?</string>
    <string name="title_form_resubmission">Ponowne wysyłanie formularza</string>
    <string name="message_form_resubmission">Czy chciałbyś ponownie wysłać dane wprowadzone do formularza?</string>
    <string name="message_location">\nTa strona prosi o dostęp do twojej geolokalizacji</string>
--- a/app/src/main/res/values-pt/strings.xml
+++ b/app/src/main/res/values-pt/strings.xml
@ -122,7 +122,6 @@
				@@ -122,7 +122,6 @@
    <string name="licenses">Licenças Open Source</string>
    <string name="suggestion">Pesquisar por</string>
    <string name="block_ads">Bloquear anúncios</string>
-    <string name="message_untrusted_certificate">O certificado deste sítio web não é fiável. Continuar?</string>
    <string name="title_form_resubmission">Submissão de formulário</string>
    <string name="message_form_resubmission">Gostaria de reenviar os dados?</string>
    <string name="message_location">\nGostaria de utilizar a sua localização</string>
--- a/app/src/main/res/values-ru/strings.xml
+++ b/app/src/main/res/values-ru/strings.xml
@ -106,7 +106,6 @@
				@@ -106,7 +106,6 @@
    <string name="licenses">Open Source Licenses</string>
    <string name="suggestion">Искать</string>
    <string name="block_ads">Блокировать рекламу</string>
-    <string name="message_untrusted_certificate">Сертификат сайта не является доверенным. Все равно продолжить?</string>
    <string name="title_form_resubmission">Повторная форма</string>
    <string name="message_form_resubmission">Вы действительно хотите отправить данные?</string>
    <string name="message_location">\Хотите использовать своё местоположение?</string>
--- a/app/src/main/res/values-sr/strings.xml
+++ b/app/src/main/res/values-sr/strings.xml
@ -120,7 +120,6 @@
				@@ -120,7 +120,6 @@
    <string name="licenses">Лиценце отвореног кôда</string>
    <string name="suggestion">Тражи</string>
    <string name="block_ads">Блокирај рекламе</string>
-    <string name="message_untrusted_certificate">Сертификат овог сајта није поуздан. Да наставим свеједно?</string>
    <string name="title_form_resubmission">Поновно слање формулара</string>
    <string name="message_form_resubmission">Желите ли да поново пошаљете податке?</string>
    <string name="message_location">\nЖелите ли да користите вашу локацију</string>
--- a/app/src/main/res/values-tr/strings.xml
+++ b/app/src/main/res/values-tr/strings.xml
@ -107,7 +107,6 @@
				@@ -107,7 +107,6 @@
    <string name="licenses">Open Source Licenses</string>
    <string name="suggestion">Ara</string>
    <string name="block_ads">Reklamları Engelle</string>
-    <string name="message_untrusted_certificate">Sitenin sertifikası güvenilir değil. Yine de devam edilsin mi?</string>
    <string name="title_form_resubmission">Formu yeniden gönder</string>
    <string name="message_form_resubmission">Veriyi yeniden göndermek istiyor musun?</string>
    <string name="message_location">\nKonum bilgisi isteniyor</string>
--- a/app/src/main/res/values-zh-rCN/strings.xml
+++ b/app/src/main/res/values-zh-rCN/strings.xml
@ -107,7 +107,6 @@
				@@ -107,7 +107,6 @@
    <string name="licenses">开源许可</string>
    <string name="suggestion">搜索目标</string>
    <string name="block_ads">拦截广告</string>
-    <string name="message_untrusted_certificate">该网站的证书不被信任。是否仍要继续？</string>
    <string name="title_form_resubmission">重新提交表单</string>
    <string name="message_form_resubmission">你想重新发送数据吗？</string>
    <string name="message_location">\n你想使用你的位置吗？</string>
--- a/app/src/main/res/values/strings.xml
+++ b/app/src/main/res/values/strings.xml
@ -126,7 +126,13 @@
				@@ -126,7 +126,13 @@
    <string name="licenses">Open Source Licenses</string>
    <string name="suggestion">Search for</string>
    <string name="block_ads">Block Ads</string>
-    <string name="message_untrusted_certificate">The certificate of the site is not trusted. Proceed anyway?</string>
+    <string name="message_insecure_connection">Connection to this site is not secure:\n%1$s\nProceed anyway?</string>
+    <string name="message_certificate_date_invalid">date of certificate is invalid</string>
+    <string name="message_certificate_expired">certificate is expired</string>
+    <string name="message_certificate_domain_mismatch">domain in certificate does not match the site domain</string>
+    <string name="message_certificate_invalid">certificate is invalid</string>
+    <string name="message_certificate_not_yet_valid">certificate is not yet valid</string>
+    <string name="message_certificate_untrusted">certificate is not trusted</string>
    <string name="title_form_resubmission">Form Resubmission</string>
    <string name="message_form_resubmission">Would you like to resend the data?</string>
    <string name="message_location">\nWould like to use your location</string>