Rename folder structure from OpenPGP Keychain to OpenKeychain

1 files changed, 261 insertions, 0 deletions

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/RemoteService.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/RemoteService.java
new file mode 100644
index 000000000..16a800022
--- /dev/null
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/RemoteService.java
@@ -0,0 +1,261 @@
+/*
+ * Copyright (C) 2013-2014 Dominik Schürmann <dominik@dominikschuermann.de>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package org.sufficientlysecure.keychain.remote;
+
+import android.app.PendingIntent;
+import android.app.Service;
+import android.content.Context;
+import android.content.Intent;
+import android.content.pm.PackageInfo;
+import android.content.pm.PackageManager;
+import android.content.pm.PackageManager.NameNotFoundException;
+import android.content.pm.Signature;
+import android.net.Uri;
+import android.os.Binder;
+
+import org.openintents.openpgp.OpenPgpError;
+import org.openintents.openpgp.util.OpenPgpApi;
+import org.sufficientlysecure.keychain.Constants;
+import org.sufficientlysecure.keychain.R;
+import org.sufficientlysecure.keychain.provider.KeychainContract;
+import org.sufficientlysecure.keychain.provider.ProviderHelper;
+import org.sufficientlysecure.keychain.remote.ui.RemoteServiceActivity;
+import org.sufficientlysecure.keychain.util.Log;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+
+/**
+ * Abstract service class for remote APIs that handle app registration and user input.
+ */
+public abstract class RemoteService extends Service {
+    Context mContext;
+
+    public Context getContext() {
+        return mContext;
+    }
+
+    protected Intent isAllowed(Intent data) {
+        try {
+            if (isCallerAllowed(false)) {
+                return null;
+            } else {
+                String packageName = getCurrentCallingPackage();
+                Log.d(Constants.TAG, "isAllowed packageName: " + packageName);
+
+                byte[] packageSignature;
+                try {
+                    packageSignature = getPackageSignature(packageName);
+                } catch (NameNotFoundException e) {
+                    Log.e(Constants.TAG, "Should not happen, returning!", e);
+                    // return error
+                    Intent result = new Intent();
+                    result.putExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_ERROR);
+                    result.putExtra(OpenPgpApi.RESULT_ERROR,
+                            new OpenPgpError(OpenPgpError.GENERIC_ERROR, e.getMessage()));
+                    return result;
+                }
+                Log.e(Constants.TAG, "Not allowed to use service! return PendingIntent for registration!");
+
+                Intent intent = new Intent(getBaseContext(), RemoteServiceActivity.class);
+                intent.setAction(RemoteServiceActivity.ACTION_REGISTER);
+                intent.putExtra(RemoteServiceActivity.EXTRA_PACKAGE_NAME, packageName);
+                intent.putExtra(RemoteServiceActivity.EXTRA_PACKAGE_SIGNATURE, packageSignature);
+                intent.putExtra(RemoteServiceActivity.EXTRA_DATA, data);
+
+                PendingIntent pi = PendingIntent.getActivity(getBaseContext(), 0,
+                        intent,
+                        PendingIntent.FLAG_CANCEL_CURRENT | PendingIntent.FLAG_ONE_SHOT);
+
+                // return PendingIntent to be executed by client
+                Intent result = new Intent();
+                result.putExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_USER_INTERACTION_REQUIRED);
+                result.putExtra(OpenPgpApi.RESULT_INTENT, pi);
+
+                return result;
+            }
+        } catch (WrongPackageSignatureException e) {
+            Log.e(Constants.TAG, "wrong signature!", e);
+
+            Intent intent = new Intent(getBaseContext(), RemoteServiceActivity.class);
+            intent.setAction(RemoteServiceActivity.ACTION_ERROR_MESSAGE);
+            intent.putExtra(RemoteServiceActivity.EXTRA_ERROR_MESSAGE,
+                    getString(R.string.api_error_wrong_signature));
+            intent.putExtra(RemoteServiceActivity.EXTRA_DATA, data);
+
+            PendingIntent pi = PendingIntent.getActivity(getBaseContext(), 0,
+                    intent,
+                    PendingIntent.FLAG_CANCEL_CURRENT);
+
+            // return PendingIntent to be executed by client
+            Intent result = new Intent();
+            result.putExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_USER_INTERACTION_REQUIRED);
+            result.putExtra(OpenPgpApi.RESULT_INTENT, pi);
+
+            return result;
+        }
+    }
+
+    private byte[] getPackageSignature(String packageName) throws NameNotFoundException {
+        PackageInfo pkgInfo = getPackageManager().getPackageInfo(packageName,
+                PackageManager.GET_SIGNATURES);
+        Signature[] signatures = pkgInfo.signatures;
+        // TODO: Only first signature?!
+        byte[] packageSignature = signatures[0].toByteArray();
+
+        return packageSignature;
+    }
+
+    /**
+     * Returns package name associated with the UID, which is assigned to the process that sent you the
+     * current transaction that is being processed :)
+     *
+     * @return package name
+     */
+    protected String getCurrentCallingPackage() {
+        // TODO:
+        // callingPackages contains more than one entry when sharedUserId has been used...
+        String[] callingPackages = getPackageManager().getPackagesForUid(Binder.getCallingUid());
+        String currentPkg = callingPackages[0];
+        Log.d(Constants.TAG, "currentPkg: " + currentPkg);
+
+        return currentPkg;
+    }
+
+    /**
+     * Retrieves AccountSettings from database for the application calling this remote service
+     *
+     * @return
+     */
+    protected AccountSettings getAccSettings(String accountName) {
+        String currentPkg = getCurrentCallingPackage();
+        Log.d(Constants.TAG, "accountName: " + accountName);
+
+        Uri uri = KeychainContract.ApiAccounts.buildByPackageAndAccountUri(currentPkg, accountName);
+
+        AccountSettings settings = ProviderHelper.getApiAccountSettings(this, uri);
+
+        return settings; // can be null!
+    }
+
+    protected Intent getCreateAccountIntent(Intent data, String accountName) {
+        String packageName = getCurrentCallingPackage();
+        Log.d(Constants.TAG, "accountName: " + accountName);
+
+        Intent intent = new Intent(getBaseContext(), RemoteServiceActivity.class);
+        intent.setAction(RemoteServiceActivity.ACTION_CREATE_ACCOUNT);
+        intent.putExtra(RemoteServiceActivity.EXTRA_PACKAGE_NAME, packageName);
+        intent.putExtra(RemoteServiceActivity.EXTRA_ACC_NAME, accountName);
+        intent.putExtra(RemoteServiceActivity.EXTRA_DATA, data);
+
+        PendingIntent pi = PendingIntent.getActivity(getBaseContext(), 0,
+                intent,
+                PendingIntent.FLAG_CANCEL_CURRENT);
+
+        // return PendingIntent to be executed by client
+        Intent result = new Intent();
+        result.putExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_USER_INTERACTION_REQUIRED);
+        result.putExtra(OpenPgpApi.RESULT_INTENT, pi);
+
+        return result;
+    }
+
+    /**
+     * Checks if process that binds to this service (i.e. the package name corresponding to the
+     * process) is in the list of allowed package names.
+     *
+     * @param allowOnlySelf allow only Keychain app itself
+     * @return true if process is allowed to use this service
+     * @throws WrongPackageSignatureException
+     */
+    private boolean isCallerAllowed(boolean allowOnlySelf) throws WrongPackageSignatureException {
+        return isUidAllowed(Binder.getCallingUid(), allowOnlySelf);
+    }
+
+    private boolean isUidAllowed(int uid, boolean allowOnlySelf)
+            throws WrongPackageSignatureException {
+        if (android.os.Process.myUid() == uid) {
+            return true;
+        }
+        if (allowOnlySelf) { // barrier
+            return false;
+        }
+
+        String[] callingPackages = getPackageManager().getPackagesForUid(uid);
+
+        // is calling package allowed to use this service?
+        for (int i = 0; i < callingPackages.length; i++) {
+            String currentPkg = callingPackages[i];
+
+            if (isPackageAllowed(currentPkg)) {
+                return true;
+            }
+        }
+
+        Log.d(Constants.TAG, "Uid is NOT allowed!");
+        return false;
+    }
+
+    /**
+     * Checks if packageName is a registered app for the API. Does not return true for own package!
+     *
+     * @param packageName
+     * @return
+     * @throws WrongPackageSignatureException
+     */
+    private boolean isPackageAllowed(String packageName) throws WrongPackageSignatureException {
+        Log.d(Constants.TAG, "isPackageAllowed packageName: " + packageName);
+
+        ArrayList<String> allowedPkgs = ProviderHelper.getRegisteredApiApps(this);
+        Log.d(Constants.TAG, "allowed: " + allowedPkgs);
+
+        // check if package is allowed to use our service
+        if (allowedPkgs.contains(packageName)) {
+            Log.d(Constants.TAG, "Package is allowed! packageName: " + packageName);
+
+            // check package signature
+            byte[] currentSig;
+            try {
+                currentSig = getPackageSignature(packageName);
+            } catch (NameNotFoundException e) {
+                throw new WrongPackageSignatureException(e.getMessage());
+            }
+
+            byte[] storedSig = ProviderHelper.getApiAppSignature(this, packageName);
+            if (Arrays.equals(currentSig, storedSig)) {
+                Log.d(Constants.TAG,
+                        "Package signature is correct! (equals signature from database)");
+                return true;
+            } else {
+                throw new WrongPackageSignatureException(
+                        "PACKAGE NOT ALLOWED! Signature wrong! (Signature not " +
+                            "equals signature from database)");
+            }
+        }
+
+        Log.d(Constants.TAG, "Package is NOT allowed! packageName: " + packageName);
+        return false;
+    }
+
+    @Override
+    public void onCreate() {
+        super.onCreate();
+        mContext = this;
+    }
+
+}