Fix ConfirmCredential is not presented before trusting cert installed by PO/DO

- Show ConfirmCredential in TrustedCredentialsSettings when Trust button is clicked
  for the very first time since the activity launched
- Warning activity (work mode off, crpyto-aware) should not be shown when the activity is started. Also fixed it here.

Bug: 28619980
Change-Id: I084b70883c087376e437a9ad3238d7c3313a0a17

3 files changed, 81 insertions, 15 deletions

diff --git a/src/com/android/settings/MonitoringCertInfoActivity.java b/src/com/android/settings/MonitoringCertInfoActivity.java
index 7bf5768094..0111ae7e99 100644
--- a/src/com/android/settings/MonitoringCertInfoActivity.java
+++ b/src/com/android/settings/MonitoringCertInfoActivity.java
@@ -29,15 +29,20 @@ import android.provider.Settings;
 
 /**
  * Activity that shows a dialog explaining that a CA cert is allowing someone to monitor network
- * traffic. This activity should be launched for the user into which the CA cert is installed.
+ * traffic. This activity should be launched for the user into which the CA cert is installed
+ * unless Intent.EXTRA_USER_ID is provided.
  */
 public class MonitoringCertInfoActivity extends Activity implements OnClickListener,
         OnDismissListener {
 
+    private int mUserId;
+
     @Override
     protected void onCreate(Bundle savedStates) {
         super.onCreate(savedStates);
 
+        mUserId = getIntent().getIntExtra(Intent.EXTRA_USER_ID, UserHandle.myUserId());
+
         DevicePolicyManager dpm = getSystemService(DevicePolicyManager.class);
         final int numberOfCertificates = getIntent().getIntExtra(
                 Settings.EXTRA_NUMBER_OF_CERTIFICATES, 1);
@@ -53,7 +58,7 @@ public class MonitoringCertInfoActivity extends Activity implements OnClickListe
         builder.setNeutralButton(R.string.cancel, null);
         builder.setOnDismissListener(this);
 
-        if (dpm.getProfileOwner() != null) {
+        if (dpm.getProfileOwnerAsUser(mUserId) != null) {
             builder.setMessage(getResources().getQuantityString(R.plurals.ssl_ca_cert_info_message,
                     numberOfCertificates, dpm.getProfileOwnerName()));
         } else if (dpm.getDeviceOwnerComponentOnCallingUser() != null) {
@@ -72,7 +77,7 @@ public class MonitoringCertInfoActivity extends Activity implements OnClickListe
     public void onClick(DialogInterface dialog, int which) {
         Intent intent = new Intent(android.provider.Settings.ACTION_TRUSTED_CREDENTIALS_USER);
         intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK | Intent.FLAG_ACTIVITY_CLEAR_TOP);
-        intent.putExtra(TrustedCredentialsSettings.ARG_SHOW_NEW_FOR_USER, UserHandle.myUserId());
+        intent.putExtra(TrustedCredentialsSettings.ARG_SHOW_NEW_FOR_USER, mUserId);
         startActivity(intent);
         finish();
     }
diff --git a/src/com/android/settings/TrustedCredentialsDialogBuilder.java b/src/com/android/settings/TrustedCredentialsDialogBuilder.java
index ed2ab09496..2508d8c1fc 100644
--- a/src/com/android/settings/TrustedCredentialsDialogBuilder.java
+++ b/src/com/android/settings/TrustedCredentialsDialogBuilder.java
@@ -43,6 +43,7 @@ class TrustedCredentialsDialogBuilder extends AlertDialog.Builder {
     public interface DelegateInterface {
         List<X509Certificate> getX509CertsFromCertHolder(CertHolder certHolder);
         void removeOrInstallCert(CertHolder certHolder);
+        boolean startConfirmCredentialIfNotConfirmed(int userId);
     }
 
     private final DialogEventHandler mDialogEventHandler;
@@ -144,8 +145,10 @@ class TrustedCredentialsDialogBuilder extends AlertDialog.Builder {
 
         private void onClickTrust() {
             CertHolder certHolder = getCurrentCertInfo();
-            mDpm.approveCaCert(certHolder.getAlias(), certHolder.getUserId(), true);
-            nextOrDismiss();
+            if (!mDelegate.startConfirmCredentialIfNotConfirmed(certHolder.getUserId())) {
+                mDpm.approveCaCert(certHolder.getAlias(), certHolder.getUserId(), true);
+                nextOrDismiss();
+            }
         }
 
         private void onClickRemove() {
diff --git a/src/com/android/settings/TrustedCredentialsSettings.java b/src/com/android/settings/TrustedCredentialsSettings.java
index e7ab406703..c630ed6c37 100644
--- a/src/com/android/settings/TrustedCredentialsSettings.java
+++ b/src/com/android/settings/TrustedCredentialsSettings.java
@@ -17,6 +17,7 @@
 package com.android.settings;
 
 import android.annotation.UiThread;
+import android.app.Activity;
 import android.app.KeyguardManager;
 import android.app.admin.DevicePolicyManager;
 import android.content.BroadcastReceiver;
@@ -79,8 +80,10 @@ public class TrustedCredentialsSettings extends OptionsMenuFragment
     private KeyguardManager mKeyguardManager;
     private int mTrustAllCaUserId;
 
-
+    private static final String SAVED_CONFIRMED_CREDENTIAL_USERS = "ConfirmedCredentialUsers";
+    private static final String SAVED_CONFIRMING_CREDENTIAL_USER = "ConfirmingCredentialUser";
     private static final String USER_ACTION = "com.android.settings.TRUSTED_CREDENTIALS_USER";
+    private static final int REQUEST_CONFIRM_CREDENTIALS = 1;
 
     @Override
     protected int getMetricsCategory() {
@@ -154,6 +157,8 @@ public class TrustedCredentialsSettings extends OptionsMenuFragment
     private TabHost mTabHost;
     private ArrayList<GroupAdapter> mGroupAdapters = new ArrayList<>(2);
     private AliasOperation mAliasOperation;
+    private ArraySet<Integer> mConfirmedCredentialUsers;
+    private int mConfirmingCredentialUser;
     private Set<AdapterData.AliasLoader> mAliasLoaders = new ArraySet<AdapterData.AliasLoader>(2);
     private final SparseArray<KeyChainConnection>
             mKeyChainConnectionByProfileId = new SparseArray<KeyChainConnection>();
@@ -182,6 +187,17 @@ public class TrustedCredentialsSettings extends OptionsMenuFragment
                 .getSystemService(Context.KEYGUARD_SERVICE);
         mTrustAllCaUserId = getActivity().getIntent().getIntExtra(ARG_SHOW_NEW_FOR_USER,
                 UserHandle.USER_NULL);
+        mConfirmedCredentialUsers = new ArraySet<>(2);
+        mConfirmingCredentialUser = UserHandle.USER_NULL;
+        if (savedInstanceState != null) {
+            mConfirmingCredentialUser = savedInstanceState.getInt(SAVED_CONFIRMING_CREDENTIAL_USER,
+                    UserHandle.USER_NULL);
+            ArrayList<Integer> users = savedInstanceState.getIntegerArrayList(
+                    SAVED_CONFIRMED_CREDENTIAL_USERS);
+            if (users != null) {
+                mConfirmedCredentialUsers.addAll(users);
+            }
+        }
 
         IntentFilter filter = new IntentFilter();
         filter.addAction(Intent.ACTION_MANAGED_PROFILE_AVAILABLE);
@@ -190,6 +206,14 @@ public class TrustedCredentialsSettings extends OptionsMenuFragment
         getActivity().registerReceiver(mWorkProfileChangedReceiver, filter);
     }
 
+    @Override
+    public void onSaveInstanceState(Bundle outState) {
+        super.onSaveInstanceState(outState);
+        outState.putIntegerArrayList(SAVED_CONFIRMED_CREDENTIAL_USERS, new ArrayList<>(
+                mConfirmedCredentialUsers));
+        outState.putInt(SAVED_CONFIRMING_CREDENTIAL_USER, mConfirmingCredentialUser);
+    }
+
     @Override public View onCreateView(
             LayoutInflater inflater, ViewGroup parent, Bundle savedInstanceState) {
         mTabHost = (TabHost) inflater.inflate(R.layout.trusted_credentials, parent, false);
@@ -219,6 +243,16 @@ public class TrustedCredentialsSettings extends OptionsMenuFragment
         super.onDestroy();
     }
 
+    @Override
+    public void onActivityResult(int requestCode, int resultCode, Intent data) {
+        if (requestCode == REQUEST_CONFIRM_CREDENTIALS) {
+            if (resultCode == Activity.RESULT_OK) {
+                mConfirmedCredentialUsers.add(mConfirmingCredentialUser);
+            }
+            mConfirmingCredentialUser = UserHandle.USER_NULL;
+        }
+    }
+
     private void closeKeyChainConnections() {
         final int n = mKeyChainConnectionByProfileId.size();
         for (int i = 0; i < n; ++i) {
@@ -262,14 +296,18 @@ public class TrustedCredentialsSettings extends OptionsMenuFragment
     }
 
     /**
-     * Start work challenge activity. TODO: Move and refactor this method as a util function.
+     * Start work challenge activity.
+     * @return true if screenlock exists
      */
-    private void startWorkChallenge(int userId) {
+    private boolean startConfirmCredential(int userId) {
         final Intent newIntent = mKeyguardManager.createConfirmDeviceCredentialIntent(null, null,
                 userId);
-        newIntent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK
-                | Intent.FLAG_ACTIVITY_EXCLUDE_FROM_RECENTS | Intent.FLAG_ACTIVITY_CLEAR_TASK);
-        getActivity().startActivity(newIntent);
+        if (newIntent == null) {
+            return false;
+        }
+        mConfirmingCredentialUser = userId;
+        startActivityForResult(newIntent, REQUEST_CONFIRM_CREDENTIALS);
+        return true;
     }
 
     /**
@@ -303,7 +341,8 @@ public class TrustedCredentialsSettings extends OptionsMenuFragment
         }
         @Override
         public CertHolder getChild(int groupPosition, int childPosition) {
-            return mData.mCertHoldersByUserId.get(getUserIdByGroup(groupPosition)).get(childPosition);
+            return mData.mCertHoldersByUserId.get(getUserIdByGroup(groupPosition)).get(
+                    childPosition);
         }
         @Override
         public long getGroupId(int groupPosition) {
@@ -386,18 +425,27 @@ public class TrustedCredentialsSettings extends OptionsMenuFragment
         }
 
         public boolean checkGroupExpandableAndStartWarningActivity(int groupPosition) {
+            return checkGroupExpandableAndStartWarningActivity(groupPosition, true);
+        }
+
+        public boolean checkGroupExpandableAndStartWarningActivity(int groupPosition,
+                boolean startActivity) {
             final UserHandle groupUser = getGroup(groupPosition);
             final int groupUserId = groupUser.getIdentifier();
             if (mUserManager.isQuietModeEnabled(groupUser)) {
                 final Intent intent = UnlaunchableAppActivity.createInQuietModeDialogIntent(
                         groupUserId);
-                getActivity().startActivity(intent);
+                if (startActivity) {
+                    getActivity().startActivity(intent);
+                }
                 return false;
             } else if (!mUserManager.isUserUnlocked(groupUser)) {
                 final LockPatternUtils lockPatternUtils = new LockPatternUtils(
                         getActivity());
                 if (lockPatternUtils.isSeparateProfileChallengeEnabled(groupUserId)) {
-                    startWorkChallenge(groupUserId);
+                    if (startActivity) {
+                        startConfirmCredential(groupUserId);
+                    }
                     return false;
                 }
             }
@@ -548,7 +596,8 @@ public class TrustedCredentialsSettings extends OptionsMenuFragment
         }
 
         public void prepare() {
-            mIsListExpanded = checkGroupExpandableAndStartWarningActivity();
+            mIsListExpanded = mParent.checkGroupExpandableAndStartWarningActivity(mGroupPosition,
+                    false /* startActivity */);
             refreshViews();
         }
 
@@ -890,6 +939,15 @@ public class TrustedCredentialsSettings extends OptionsMenuFragment
         new AliasOperation(certHolder).execute();
     }
 
+    @Override
+    public boolean startConfirmCredentialIfNotConfirmed(int userId) {
+        if (mConfirmedCredentialUsers.contains(userId)) {
+            // Credential has been confirmed. Don't start activity.
+            return false;
+        }
+        return startConfirmCredential(userId);
+    }
+
     private class AliasOperation extends AsyncTask<Void, Void, Boolean> {
         private final CertHolder mCertHolder;