Bug 1099088 - Part 2: Show "This is a secure Firefox page" site identity popup on about: pages r=liuche

--HG-- extra : commitid : 2Kj5CX8oKPq
2016-01-12 15:27:33 -08:00 · 2016-01-12 15:27:33 -08:00 · 37560901b4
--- a/mobile/android/base/java/org/mozilla/gecko/toolbar/SiteIdentityPopup.java
+++ b/mobile/android/base/java/org/mozilla/gecko/toolbar/SiteIdentityPopup.java
@ -311,7 +311,16 @@ public class SiteIdentityPopup extends AnchoredPopup implements GeckoEventListen
     * @param siteIdentity SiteIdentity information about the connection.
     */
    private void updateConnectionState(final SiteIdentity siteIdentity) {
-        if (!siteIdentity.isSecure()) {
+        if (siteIdentity.getSecurityMode() == SecurityMode.CHROMEUI) {
+            mSecurityState.setText(R.string.identity_connection_chromeui);
+            mSecurityState.setTextColor(ColorUtils.getColor(mContext, R.color.placeholder_active_grey));
+
+            mIcon.setImageResource(R.drawable.icon);
+            clearSecurityStateIcon();
+
+            mMixedContentActivity.setVisibility(View.GONE);
+            mLink.setVisibility(View.GONE);
+        } else if (!siteIdentity.isSecure()) {
            if (siteIdentity.loginInsecure()) {
                // Login detected on an insecure page.
                mIcon.setImageResource(R.drawable.lock_disabled);
@ -464,11 +473,14 @@ public class SiteIdentityPopup extends AnchoredPopup implements GeckoEventListen
            return;
        }

-        // about: has an unknown SiteIdentity in code, but showing "This
-        // site's identity is unknown" is misleading! So don't show a popup.
+        // Verified about: pages have the CHROMEUI SiteIdentity, however there can also
+        // be unverified about: pages for which  "This site's identity is unknown" or
+        // "This is a secure Firefox page" are both misleading, so don't show a popup.
        final Tab selectedTab = Tabs.getInstance().getSelectedTab();
-        if (selectedTab != null && AboutPages.isAboutPage(selectedTab.getURL())) {
-            Log.d(LOGTAG, "We don't show site identity popups for about: pages");
+        if (selectedTab != null &&
+                AboutPages.isAboutPage(selectedTab.getURL()) &&
+                mSiteIdentity.getSecurityMode() != SecurityMode.CHROMEUI) {
+            Log.d(LOGTAG, "We don't show site identity popups for unverified about: pages");
            return;
        }

@ -485,15 +497,23 @@ public class SiteIdentityPopup extends AnchoredPopup implements GeckoEventListen
            Log.e(LOGTAG, "Error adding selectLogin doorhanger", e);
        }

-        mTitle.setText(selectedTab.getBaseDomain());
-        final Bitmap favicon = selectedTab.getFavicon();
-        if (favicon != null) {
-            final Drawable faviconDrawable = new BitmapDrawable(mResources, favicon);
-            final int dimen = (int) mResources.getDimension(R.dimen.browser_toolbar_favicon_size);
-            faviconDrawable.setBounds(0, 0, dimen, dimen);
+        if (mSiteIdentity.getSecurityMode() == SecurityMode.CHROMEUI) {
+            // For about: pages we display the product icon in place of the verified/globe
+            // image, hence we don't also set the favicon (for most about pages the
+            // favicon is the product icon, hence we'd be showing the same icon twice).
+            mTitle.setText(R.string.moz_app_displayname);
+        } else {
+            mTitle.setText(selectedTab.getBaseDomain());

-            mTitle.setCompoundDrawables(faviconDrawable, null, null, null);
-            mTitle.setCompoundDrawablePadding((int) mContext.getResources().getDimension(R.dimen.doorhanger_drawable_padding));
+            final Bitmap favicon = selectedTab.getFavicon();
+            if (favicon != null) {
+                final Drawable faviconDrawable = new BitmapDrawable(mResources, favicon);
+                final int dimen = (int) mResources.getDimension(R.dimen.browser_toolbar_favicon_size);
+                faviconDrawable.setBounds(0, 0, dimen, dimen);
+
+                mTitle.setCompoundDrawables(faviconDrawable, null, null, null);
+                mTitle.setCompoundDrawablePadding((int) mContext.getResources().getDimension(R.dimen.doorhanger_drawable_padding));
+            }
        }

        showDividers();
--- a/mobile/android/base/java/org/mozilla/gecko/toolbar/ToolbarDisplayLayout.java
+++ b/mobile/android/base/java/org/mozilla/gecko/toolbar/ToolbarDisplayLayout.java
@ -127,6 +127,10 @@ public class ToolbarDisplayLayout extends ThemedLinearLayout
    private final SiteIdentityPopup mSiteIdentityPopup;
    private int mSecurityImageLevel;

+    // Security level constants, which map to the icons / levels defined in:
+    // http://mxr.mozilla.org/mozilla-central/source/mobile/android/base/java/org/mozilla/gecko/resources/drawable/site_security_level.xml
+    // Default level (unverified pages) - globe icon:
+    private final int LEVEL_DEFAULT_GLOBE = 0;
    // Levels for displaying Mixed Content state icons.
    private final int LEVEL_WARNING_MINOR = 3;
    private final int LEVEL_LOCK_DISABLED = 4;
@ -440,6 +444,14 @@ public class ToolbarDisplayLayout extends ThemedLinearLayout
        // Default to the identity level
        int imageLevel = securityMode.ordinal();

+        // about: pages should default to having no icon too (the same as SecurityMode.UNKNOWN), however
+        // SecurityMode.CHROMEUI has a different ordinal - hence we need to manually reset it here.
+        // (We then continue and process the tracking / mixed content icons as usual, even for about: pages, as they
+        //  can still load external sites.)
+        if (securityMode == SecurityMode.CHROMEUI) {
+            imageLevel = LEVEL_DEFAULT_GLOBE; // == SecurityMode.UNKNOWN.ordinal()
+        }
+
        // Check to see if any protection was overridden first
        if (loginInsecure) {
            imageLevel = LEVEL_LOCK_DISABLED;
--- a/mobile/android/base/locales/en-US/android_strings.dtd
+++ b/mobile/android/base/locales/en-US/android_strings.dtd
@ -592,6 +592,7 @@ just addresses the organization to follow, e.g. "This site is run by " -->
 <!ENTITY identity_connection_secure "Secure Connection">
 <!ENTITY identity_connection_insecure "Insecure connection">
 <!ENTITY identity_login_insecure "This page is not secure and your login could be vulnerable.">
+<!ENTITY identity_connection_chromeui "This is a secure &brandShortName; page">

 <!-- Mixed content notifications in site identity popup -->
 <!ENTITY mixed_content_blocked_all1 "&brandShortName; has blocked insecure content on this page.">
--- a/mobile/android/base/strings.xml.in
+++ b/mobile/android/base/strings.xml.in
@ -487,6 +487,7 @@
  <string name="identity_connection_secure">&identity_connection_secure;</string>
  <string name="identity_connection_insecure">&identity_connection_insecure;</string>
  <string name="identity_login_insecure">&identity_login_insecure;</string>
+  <string name="identity_connection_chromeui">&identity_connection_chromeui;</string>

  <string name="mixed_content_blocked_all">&mixed_content_blocked_all1;</string>
  <string name="mixed_content_blocked_some">&mixed_content_blocked_some1;</string>