From 06e80ad5418a04871aea024b09714ae33d74bd3a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mi=C5=82osz=20Sieradzki?= <milosz+github@sieradzki.it>
Date: Wed, 30 Sep 2015 21:56:14 +0200
Subject: [PATCH] Fixes #297: properly implement onReceivedSslError() method

Validation of SSL certificates is still not ideal, as https://badssl.com/ shows, but further improvements require more investigation.
---
 .../browser/lightning/view/LightningView.java | 48 +++++++++++++++----
 app/src/main/res/values-de/strings.xml        |  1 -
 app/src/main/res/values-es/strings.xml        |  1 -
 app/src/main/res/values-gr/strings.xml        |  1 -
 app/src/main/res/values-hu/strings.xml        |  1 -
 app/src/main/res/values-it/strings.xml        |  5 +-
 app/src/main/res/values-ja/strings.xml        |  1 -
 app/src/main/res/values-ko/strings.xml        |  3 +-
 app/src/main/res/values-pl/strings.xml        |  1 -
 app/src/main/res/values-pt/strings.xml        |  1 -
 app/src/main/res/values-ru/strings.xml        |  1 -
 app/src/main/res/values-sr/strings.xml        |  1 -
 app/src/main/res/values-tr/strings.xml        |  1 -
 app/src/main/res/values-zh-rCN/strings.xml    |  1 -
 app/src/main/res/values/strings.xml           |  8 +++-
 15 files changed, 50 insertions(+), 25 deletions(-)

diff --git a/app/src/main/java/acr/browser/lightning/view/LightningView.java b/app/src/main/java/acr/browser/lightning/view/LightningView.java
index 2c9a9e1..a14f65d 100644
--- a/app/src/main/java/acr/browser/lightning/view/LightningView.java
+++ b/app/src/main/java/acr/browser/lightning/view/LightningView.java
@@ -54,6 +54,8 @@ import java.io.File;
 import java.io.FileOutputStream;
 import java.io.IOException;
 import java.net.URISyntaxException;
+import java.util.ArrayList;
+import java.util.List;
 
 import acr.browser.lightning.R;
 import acr.browser.lightning.app.BrowserApp;
@@ -774,11 +776,47 @@ public class LightningView {
             }
         }
 
+        private List<Integer> getAllSslErrorMessageCodes(SslError error) {
+
+            List<Integer> errorCodeMessageCodes = new ArrayList<>();
+
+            if (error.hasError(SslError.SSL_DATE_INVALID)) {
+                errorCodeMessageCodes.add(R.string.message_certificate_date_invalid);
+            }
+            if (error.hasError(SslError.SSL_EXPIRED)) {
+                errorCodeMessageCodes.add(R.string.message_certificate_expired);
+            }
+            if (error.hasError(SslError.SSL_IDMISMATCH)) {
+                errorCodeMessageCodes.add(R.string.message_certificate_domain_mismatch);
+            }
+            if (error.hasError(SslError.SSL_NOTYETVALID)) {
+                errorCodeMessageCodes.add(R.string.message_certificate_not_yet_valid);
+            }
+            if (error.hasError(SslError.SSL_UNTRUSTED)) {
+                errorCodeMessageCodes.add(R.string.message_certificate_untrusted);
+            }
+            if (error.hasError(SslError.SSL_INVALID)) {
+                errorCodeMessageCodes.add(R.string.message_certificate_invalid);
+            }
+
+            return errorCodeMessageCodes;
+        }
+
         @Override
         public void onReceivedSslError(WebView view, @NonNull final SslErrorHandler handler, SslError error) {
+
+            List<Integer> errorCodeMessageCodes = getAllSslErrorMessageCodes(error);
+
+            StringBuilder stringBuilder = new StringBuilder();
+            for (Integer messageCode : errorCodeMessageCodes) {
+                stringBuilder.append(" - ").append(mActivity.getString(messageCode)).append('\n');
+            }
+            String alertMessage =
+                    mActivity.getString(R.string.message_insecure_connection, stringBuilder.toString());
+
             AlertDialog.Builder builder = new AlertDialog.Builder(mActivity);
             builder.setTitle(mActivity.getString(R.string.title_warning));
-            builder.setMessage(mActivity.getString(R.string.message_untrusted_certificate))
+            builder.setMessage(alertMessage)
                     .setCancelable(true)
                     .setPositiveButton(mActivity.getString(R.string.action_yes),
                             new DialogInterface.OnClickListener() {
@@ -794,13 +832,7 @@ public class LightningView {
                                     handler.cancel();
                                 }
                             });
-            AlertDialog alert = builder.create();
-            if (error.getPrimaryError() == SslError.SSL_UNTRUSTED) {
-                alert.show();
-            } else {
-                handler.proceed();
-            }
-
+            builder.create().show();
         }
 
         @Override
diff --git a/app/src/main/res/values-de/strings.xml b/app/src/main/res/values-de/strings.xml
index f30e7d9..c332fc1 100644
--- a/app/src/main/res/values-de/strings.xml
+++ b/app/src/main/res/values-de/strings.xml
@@ -123,7 +123,6 @@
     <string name="licenses">Open Source-Lizenzen</string>
     <string name="suggestion">Suche nach</string>
     <string name="block_ads">Werbung blockieren</string>
-    <string name="message_untrusted_certificate">Das Zertifikat dieser Webseite ist nicht vertrauenswürdig. Trotzdem fortsetzen?</string>
     <string name="title_form_resubmission">Formularneuzustellung</string>
     <string name="message_form_resubmission">Daten erneut senden?</string>
     <string name="message_location">\nMeine Position verwenden?</string>
diff --git a/app/src/main/res/values-es/strings.xml b/app/src/main/res/values-es/strings.xml
index b6c61a0..1503551 100644
--- a/app/src/main/res/values-es/strings.xml
+++ b/app/src/main/res/values-es/strings.xml
@@ -106,7 +106,6 @@
     <string name="licenses">Licencias de código abierto (open source)</string>
     <string name="suggestion">Buscar</string>
     <string name="block_ads">Bloquear anuncios</string>
-    <string name="message_untrusted_certificate">El certificado del sitio no es de fiar. ¿Continuar de todas maneras?</string>
     <string name="title_form_resubmission">Resubir el formulario</string>
     <string name="message_form_resubmission">¿Quieres mandar los datos de nuevo?</string>
     <string name="message_location">\n¿Quieres usar tu geolocalización?</string>
diff --git a/app/src/main/res/values-gr/strings.xml b/app/src/main/res/values-gr/strings.xml
index 55ab54d..fc5a410 100644
--- a/app/src/main/res/values-gr/strings.xml
+++ b/app/src/main/res/values-gr/strings.xml
@@ -107,7 +107,6 @@
     <string name="licenses">Άδειες ανοιχτού κώδικα</string>
     <string name="suggestion">Αναζήτηση για</string>
     <string name="block_ads">Μπλοκάρισμα διαφημίσεων</string>
-    <string name="message_untrusted_certificate">Το πιστοποιητικό δεν είναι αξιόπιστο. Συνέχεια παρ\'όλα αυτά;</string>
     <string name="title_form_resubmission">Επαναυποβολή φόρμας</string>
     <string name="message_form_resubmission">Θα θέλατε να ξαναστείλετε τα στοιχεία;</string>
     <string name="message_location">\nΘα θέλατε να χρησιμοποιήσετε την τοποθεσία σας;</string>
diff --git a/app/src/main/res/values-hu/strings.xml b/app/src/main/res/values-hu/strings.xml
index 5c03fb8..39d13db 100644
--- a/app/src/main/res/values-hu/strings.xml
+++ b/app/src/main/res/values-hu/strings.xml
@@ -123,7 +123,6 @@
     <string name="licenses">Nyílt forráskódú licencek</string>
     <string name="suggestion">Keresés</string>
     <string name="block_ads">Reklámok blokkolása</string>
-    <string name="message_untrusted_certificate">Az oldal tanusítványa nem megfelelő.Folytatja mindenképpen?</string>
     <string name="title_form_resubmission">Űrlap újraküldése</string>
     <string name="message_form_resubmission">Szeretnél újból elküldi az adatokat?</string>
     <string name="message_location">\nSzeretné használni a saját helyét?</string>
diff --git a/app/src/main/res/values-it/strings.xml b/app/src/main/res/values-it/strings.xml
index a547cea..f8d4205 100644
--- a/app/src/main/res/values-it/strings.xml
+++ b/app/src/main/res/values-it/strings.xml
@@ -1,10 +1,10 @@
 <?xml version="1.0" encoding="utf-8"?><!--
   Copyright 2013 The Android Open Source Project
-  
+
   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at
-  
+
       http://www.apache.org/licenses/LICENSE-2.0
 
   Unless required by applicable law or agreed to in writing, software
@@ -120,7 +120,6 @@
     <string name="custom_url">URL personale</string>
     <string name="message_blocked_local">Il caricamento del file locale è stato bloccato</string>
     <string name="suggestion">Cerca</string>
-    <string name="message_untrusted_certificate">Il certificato del sito non è fidato. Procedere comunque?</string>
     <string name="title_form_resubmission">Reinvio form</string>
     <string name="message_form_resubmission">Vuoi reinviare i dati?</string>
     <string name="message_location">\nVorrebbe usare la tua posizione</string>
diff --git a/app/src/main/res/values-ja/strings.xml b/app/src/main/res/values-ja/strings.xml
index ea17fbf..d1bc5b6 100644
--- a/app/src/main/res/values-ja/strings.xml
+++ b/app/src/main/res/values-ja/strings.xml
@@ -120,7 +120,6 @@
     <string name="licenses">オープンソースライセンス</string>
     <string name="suggestion">Search for</string>
     <string name="block_ads">広告ブロック</string>
-    <string name="message_untrusted_certificate">このページに信用性の証明書がありません。読み込みを続けますか?</string>
     <string name="title_form_resubmission">フォームの再送</string>
     <string name="message_form_resubmission">データを再送しますか?</string>
     <string name="message_location">\n位置情報の提供を許可しますか?</string>
diff --git a/app/src/main/res/values-ko/strings.xml b/app/src/main/res/values-ko/strings.xml
index 6522596..2da2861 100644
--- a/app/src/main/res/values-ko/strings.xml
+++ b/app/src/main/res/values-ko/strings.xml
@@ -106,7 +106,6 @@
     <string name="licenses">오픈 소스 라이센스</string>
     <string name="suggestion">다음을 검색</string>
     <string name="block_ads">광고 차단</string>
-    <string name="message_untrusted_certificate">이 웹사이트의 인증서는 신뢰할 수 없습니다. 계속할까요?</string>
     <string name="title_form_resubmission">양식 다시 제출</string>
     <string name="message_form_resubmission">다시 전송할까요?</string>
     <string name="message_location">\n 이(가) 위치를 사용하고자 합니다</string>
@@ -170,4 +169,4 @@
     <string name="invert_color">색상 반전</string>
     <string name="dark_theme">어두운 테마 사용</string>
     <string name="tabs">탭</string>
-</resources>
\ No newline at end of file
+</resources>
diff --git a/app/src/main/res/values-pl/strings.xml b/app/src/main/res/values-pl/strings.xml
index 6cb9792..261345b 100644
--- a/app/src/main/res/values-pl/strings.xml
+++ b/app/src/main/res/values-pl/strings.xml
@@ -106,7 +106,6 @@
     <string name="licenses">Licencje Open Source</string>
     <string name="suggestion">Wyszukaj</string>
     <string name="block_ads">Blokuj reklamy</string>
-    <string name="message_untrusted_certificate">Certyfikat używany przez tę stronę nie jest zaufany. Kontynuować mimo wszystko?</string>
     <string name="title_form_resubmission">Ponowne wysyłanie formularza</string>
     <string name="message_form_resubmission">Czy chciałbyś ponownie wysłać dane wprowadzone do formularza?</string>
     <string name="message_location">\nTa strona prosi o dostęp do twojej geolokalizacji</string>
diff --git a/app/src/main/res/values-pt/strings.xml b/app/src/main/res/values-pt/strings.xml
index 4812dd3..e05a5d6 100644
--- a/app/src/main/res/values-pt/strings.xml
+++ b/app/src/main/res/values-pt/strings.xml
@@ -122,7 +122,6 @@
     <string name="licenses">Licenças Open Source</string>
     <string name="suggestion">Pesquisar por</string>
     <string name="block_ads">Bloquear anúncios</string>
-    <string name="message_untrusted_certificate">O certificado deste sítio web não é fiável. Continuar?</string>
     <string name="title_form_resubmission">Submissão de formulário</string>
     <string name="message_form_resubmission">Gostaria de reenviar os dados?</string>
     <string name="message_location">\nGostaria de utilizar a sua localização</string>
diff --git a/app/src/main/res/values-ru/strings.xml b/app/src/main/res/values-ru/strings.xml
index f01682d..be8cc51 100644
--- a/app/src/main/res/values-ru/strings.xml
+++ b/app/src/main/res/values-ru/strings.xml
@@ -106,7 +106,6 @@
     <string name="licenses">Open Source Licenses</string>
     <string name="suggestion">Искать</string>
     <string name="block_ads">Блокировать рекламу</string>
-    <string name="message_untrusted_certificate">Сертификат сайта не является доверенным. Все равно продолжить?</string>
     <string name="title_form_resubmission">Повторная форма</string>
     <string name="message_form_resubmission">Вы действительно хотите отправить данные?</string>
     <string name="message_location">\Хотите использовать своё местоположение?</string>
diff --git a/app/src/main/res/values-sr/strings.xml b/app/src/main/res/values-sr/strings.xml
index 2101586..d2951cd 100644
--- a/app/src/main/res/values-sr/strings.xml
+++ b/app/src/main/res/values-sr/strings.xml
@@ -120,7 +120,6 @@
     <string name="licenses">Лиценце отвореног кôда</string>
     <string name="suggestion">Тражи</string>
     <string name="block_ads">Блокирај рекламе</string>
-    <string name="message_untrusted_certificate">Сертификат овог сајта није поуздан. Да наставим свеједно?</string>
     <string name="title_form_resubmission">Поновно слање формулара</string>
     <string name="message_form_resubmission">Желите ли да поново пошаљете податке?</string>
     <string name="message_location">\nЖелите ли да користите вашу локацију</string>
diff --git a/app/src/main/res/values-tr/strings.xml b/app/src/main/res/values-tr/strings.xml
index 311cd92..c39a470 100644
--- a/app/src/main/res/values-tr/strings.xml
+++ b/app/src/main/res/values-tr/strings.xml
@@ -107,7 +107,6 @@
     <string name="licenses">Open Source Licenses</string>
     <string name="suggestion">Ara</string>
     <string name="block_ads">Reklamları Engelle</string>
-    <string name="message_untrusted_certificate">Sitenin sertifikası güvenilir değil. Yine de devam edilsin mi?</string>
     <string name="title_form_resubmission">Formu yeniden gönder</string>
     <string name="message_form_resubmission">Veriyi yeniden göndermek istiyor musun?</string>
     <string name="message_location">\nKonum bilgisi isteniyor</string>
diff --git a/app/src/main/res/values-zh-rCN/strings.xml b/app/src/main/res/values-zh-rCN/strings.xml
index 9947540..e35777b 100644
--- a/app/src/main/res/values-zh-rCN/strings.xml
+++ b/app/src/main/res/values-zh-rCN/strings.xml
@@ -107,7 +107,6 @@
     <string name="licenses">开源许可</string>
     <string name="suggestion">搜索目标</string>
     <string name="block_ads">拦截广告</string>
-    <string name="message_untrusted_certificate">该网站的证书不被信任。是否仍要继续？</string>
     <string name="title_form_resubmission">重新提交表单</string>
     <string name="message_form_resubmission">你想重新发送数据吗？</string>
     <string name="message_location">\n你想使用你的位置吗？</string>
diff --git a/app/src/main/res/values/strings.xml b/app/src/main/res/values/strings.xml
index 9183d6c..2e7ef0e 100644
--- a/app/src/main/res/values/strings.xml
+++ b/app/src/main/res/values/strings.xml
@@ -126,7 +126,13 @@
     <string name="licenses">Open Source Licenses</string>
     <string name="suggestion">Search for</string>
     <string name="block_ads">Block Ads</string>
-    <string name="message_untrusted_certificate">The certificate of the site is not trusted. Proceed anyway?</string>
+    <string name="message_insecure_connection">Connection to this site is not secure:\n%1$s\nProceed anyway?</string>
+    <string name="message_certificate_date_invalid">date of certificate is invalid</string>
+    <string name="message_certificate_expired">certificate is expired</string>
+    <string name="message_certificate_domain_mismatch">domain in certificate does not match the site domain</string>
+    <string name="message_certificate_invalid">certificate is invalid</string>
+    <string name="message_certificate_not_yet_valid">certificate is not yet valid</string>
+    <string name="message_certificate_untrusted">certificate is not trusted</string>
     <string name="title_form_resubmission">Form Resubmission</string>
     <string name="message_form_resubmission">Would you like to resend the data?</string>
     <string name="message_location">\nWould like to use your location</string>