diff options
Diffstat (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations')
5 files changed, 519 insertions, 14 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/InputDataOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/InputDataOperation.java new file mode 100644 index 000000000..d9e48af8a --- /dev/null +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/InputDataOperation.java @@ -0,0 +1,374 @@ +/* + * Copyright (C) 2015 Dominik Schürmann <dominik@dominikschuermann.de> + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +package org.sufficientlysecure.keychain.operations; + + +import java.io.ByteArrayOutputStream; +import java.io.FileNotFoundException; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.util.ArrayList; + +import android.content.Context; +import android.net.Uri; +import android.support.annotation.NonNull; + +import org.apache.james.mime4j.MimeException; +import org.apache.james.mime4j.codec.DecodeMonitor; +import org.apache.james.mime4j.dom.field.ContentDispositionField; +import org.apache.james.mime4j.field.DefaultFieldParser; +import org.apache.james.mime4j.parser.AbstractContentHandler; +import org.apache.james.mime4j.parser.MimeStreamParser; +import org.apache.james.mime4j.stream.BodyDescriptor; +import org.apache.james.mime4j.stream.Field; +import org.apache.james.mime4j.stream.MimeConfig; +import org.openintents.openpgp.OpenPgpMetadata; +import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult; +import org.sufficientlysecure.keychain.operations.results.InputDataResult; +import org.sufficientlysecure.keychain.operations.results.OperationResult.LogType; +import org.sufficientlysecure.keychain.operations.results.OperationResult.OperationLog; +import org.sufficientlysecure.keychain.pgp.PgpDecryptVerifyInputParcel; +import org.sufficientlysecure.keychain.pgp.PgpDecryptVerifyOperation; +import org.sufficientlysecure.keychain.pgp.Progressable; +import org.sufficientlysecure.keychain.provider.ProviderHelper; +import org.sufficientlysecure.keychain.provider.TemporaryStorageProvider; +import org.sufficientlysecure.keychain.service.InputDataParcel; +import org.sufficientlysecure.keychain.service.input.CryptoInputParcel; + + +/** This operation deals with input data, trying to determine its type as it goes. + * + * We deal with four types of structures: + * + * - signed/encrypted non-mime data + * - signed/encrypted mime data + * - encrypted multipart/signed mime data + * - multipart/signed mime data (WIP) + * + */ +public class InputDataOperation extends BaseOperation<InputDataParcel> { + + final private byte[] buf = new byte[256]; + + public InputDataOperation(Context context, ProviderHelper providerHelper, Progressable progressable) { + super(context, providerHelper, progressable); + } + + Uri mSignedDataUri; + DecryptVerifyResult mSignedDataResult; + + @NonNull + @Override + public InputDataResult execute(InputDataParcel input, final CryptoInputParcel cryptoInput) { + + final OperationLog log = new OperationLog(); + + log.add(LogType.MSG_DATA, 0); + + Uri currentInputUri; + + DecryptVerifyResult decryptResult = null; + + PgpDecryptVerifyInputParcel decryptInput = input.getDecryptInput(); + if (decryptInput != null) { + + log.add(LogType.MSG_DATA_OPENPGP, 1); + + PgpDecryptVerifyOperation op = + new PgpDecryptVerifyOperation(mContext, mProviderHelper, mProgressable); + + decryptInput.setInputUri(input.getInputUri()); + + currentInputUri = TemporaryStorageProvider.createFile(mContext); + decryptInput.setOutputUri(currentInputUri); + + decryptResult = op.execute(decryptInput, cryptoInput); + if (decryptResult.isPending()) { + return new InputDataResult(log, decryptResult); + } + log.addByMerge(decryptResult, 2); + + if (!decryptResult.success()) { + log.add(LogType.MSG_DATA_ERROR_OPENPGP, 1); + return new InputDataResult(InputDataResult.RESULT_ERROR, log); + } + + } else { + currentInputUri = input.getInputUri(); + } + + // If we aren't supposed to attempt mime decode, we are done here + if (!input.getMimeDecode()) { + + if (decryptInput == null) { + throw new AssertionError("no decryption or mime decoding, this is probably a bug"); + } + + log.add(LogType.MSG_DATA_SKIP_MIME, 1); + + ArrayList<Uri> uris = new ArrayList<>(); + uris.add(currentInputUri); + ArrayList<OpenPgpMetadata> metadatas = new ArrayList<>(); + metadatas.add(decryptResult.getDecryptionMetadata()); + + log.add(LogType.MSG_DATA_OK, 1); + return new InputDataResult(InputDataResult.RESULT_OK, log, decryptResult, uris, metadatas); + + } + + final MimeStreamParser parser = new MimeStreamParser((MimeConfig) null); + + final ArrayList<Uri> outputUris = new ArrayList<>(); + final ArrayList<OpenPgpMetadata> metadatas = new ArrayList<>(); + + parser.setContentDecoding(true); + parser.setRecurse(); + parser.setContentHandler(new AbstractContentHandler() { + private Uri uncheckedSignedDataUri; + String mFilename; + + @Override + public void startMultipart(BodyDescriptor bd) throws MimeException { + if ("signed".equals(bd.getSubType())) { + if (mSignedDataUri != null) { + // recursive signed data is not supported, and will just be parsed as-is + log.add(LogType.MSG_DATA_DETACHED_NESTED, 2); + return; + } + log.add(LogType.MSG_DATA_DETACHED, 2); + if (!outputUris.isEmpty()) { + // we can't have previous data if we parse a detached signature! + log.add(LogType.MSG_DATA_DETACHED_CLEAR, 3); + outputUris.clear(); + metadatas.clear(); + } + // this is signed data, we require the next part raw + parser.setRaw(); + } + } + + @Override + public void raw(InputStream is) throws MimeException, IOException { + + if (uncheckedSignedDataUri != null) { + throw new AssertionError("raw parts must only be received as first part of multipart/signed!"); + } + + log.add(LogType.MSG_DATA_DETACHED_RAW, 3); + + uncheckedSignedDataUri = TemporaryStorageProvider.createFile(mContext, mFilename, "text/plain"); + OutputStream out = mContext.getContentResolver().openOutputStream(uncheckedSignedDataUri, "w"); + + if (out == null) { + throw new IOException("Error getting file for writing!"); + } + + int len; + while ((len = is.read(buf)) > 0) { + out.write(buf, 0, len); + } + + out.close(); + // continue to next body part the usual way + parser.setFlat(); + + } + + @Override + public void startHeader() throws MimeException { + mFilename = null; + } + + @Override + public void field(Field field) throws MimeException { + field = DefaultFieldParser.getParser().parse(field, DecodeMonitor.SILENT); + if (field instanceof ContentDispositionField) { + mFilename = ((ContentDispositionField) field).getFilename(); + } + } + + private void bodySignature(BodyDescriptor bd, InputStream is) throws MimeException, IOException { + + if (!"application/pgp-signature".equals(bd.getMimeType())) { + log.add(LogType.MSG_DATA_DETACHED_UNSUPPORTED, 3); + uncheckedSignedDataUri = null; + parser.setRecurse(); + return; + } + + log.add(LogType.MSG_DATA_DETACHED_SIG, 3); + + ByteArrayOutputStream detachedSig = new ByteArrayOutputStream(); + + int len, totalLength = 0; + while ((len = is.read(buf)) > 0) { + totalLength += len; + detachedSig.write(buf, 0, len); + if (totalLength > 4096) { + throw new IOException("detached signature is unreasonably large!"); + } + } + detachedSig.close(); + + PgpDecryptVerifyInputParcel decryptInput = new PgpDecryptVerifyInputParcel(); + decryptInput.setInputUri(uncheckedSignedDataUri); + decryptInput.setDetachedSignature(detachedSig.toByteArray()); + + PgpDecryptVerifyOperation op = + new PgpDecryptVerifyOperation(mContext, mProviderHelper, mProgressable); + DecryptVerifyResult verifyResult = op.execute(decryptInput, cryptoInput); + + log.addByMerge(verifyResult, 4); + + mSignedDataUri = uncheckedSignedDataUri; + mSignedDataResult = verifyResult; + + // reset parser state + uncheckedSignedDataUri = null; + parser.setRecurse(); + + } + + @Override + public void body(BodyDescriptor bd, InputStream is) throws MimeException, IOException { + + // if we have signed data waiting, we expect a signature for checking + if (uncheckedSignedDataUri != null) { + bodySignature(bd, is); + return; + } + + // we read first, no need to create an output file if nothing was read! + int len = is.read(buf); + if (len < 0) { + return; + } + + // If mSignedDataUri is non-null, we already parsed a signature. If mSignedDataResult is non-null + // too, we are still in the same parsing stage, so this is trailing data - skip it! + if (mSignedDataUri != null && mSignedDataResult != null) { + log.add(LogType.MSG_DATA_DETACHED_TRAILING, 2); + return; + } + + log.add(LogType.MSG_DATA_MIME_PART, 2); + + log.add(LogType.MSG_DATA_MIME_TYPE, 3, bd.getMimeType()); + if (mFilename != null) { + log.add(LogType.MSG_DATA_MIME_FILENAME, 3, mFilename); + } + + Uri uri = TemporaryStorageProvider.createFile(mContext, mFilename, bd.getMimeType()); + OutputStream out = mContext.getContentResolver().openOutputStream(uri, "w"); + + if (out == null) { + throw new IOException("Error getting file for writing!"); + } + + int totalLength = 0; + do { + totalLength += len; + out.write(buf, 0, len); + } while ((len = is.read(buf)) > 0); + + log.add(LogType.MSG_DATA_MIME_LENGTH, 3, Long.toString(totalLength)); + + String charset = bd.getCharset(); + // the charset defaults to us-ascii, but we want to default to utf-8 + if ("us-ascii".equals(charset)) { + charset = "utf-8"; + } + + OpenPgpMetadata metadata = new OpenPgpMetadata(mFilename, bd.getMimeType(), 0L, totalLength, charset); + + out.close(); + outputUris.add(uri); + metadatas.add(metadata); + + } + + }); + + try { + + log.add(LogType.MSG_DATA_MIME, 1); + + // open current uri for input + InputStream in = mContext.getContentResolver().openInputStream(currentInputUri); + parser.parse(in); + + if (mSignedDataUri != null) { + + if (decryptResult != null) { + decryptResult.setSignatureResult(mSignedDataResult.getSignatureResult()); + } else { + decryptResult = mSignedDataResult; + } + + // the actual content is the signed data now (and will be passed verbatim, if parsing fails) + currentInputUri = mSignedDataUri; + in = mContext.getContentResolver().openInputStream(currentInputUri); + // reset signed data result, to indicate to the parser that it is in the inner part + mSignedDataResult = null; + parser.parse(in); + + } + + // if we found data, return success + if (!outputUris.isEmpty()) { + log.add(LogType.MSG_DATA_MIME_OK, 2); + + log.add(LogType.MSG_DATA_OK, 1); + return new InputDataResult(InputDataResult.RESULT_OK, log, decryptResult, outputUris, metadatas); + } + + // if no mime data parsed, just return the raw data as fallback + log.add(LogType.MSG_DATA_MIME_NONE, 2); + + OpenPgpMetadata metadata; + if (decryptResult != null) { + metadata = decryptResult.getDecryptionMetadata(); + } else { + // if we neither decrypted nor mime-decoded, should this be treated as an error? + // either way, we know nothing about the data + metadata = new OpenPgpMetadata(); + } + + outputUris.add(currentInputUri); + metadatas.add(metadata); + + log.add(LogType.MSG_DATA_OK, 1); + return new InputDataResult(InputDataResult.RESULT_OK, log, decryptResult, outputUris, metadatas); + + } catch (FileNotFoundException e) { + log.add(LogType.MSG_DATA_ERROR_IO, 2); + return new InputDataResult(InputDataResult.RESULT_ERROR, log); + } catch (IOException e) { + e.printStackTrace(); + log.add(LogType.MSG_DATA_ERROR_IO, 2); + return new InputDataResult(InputDataResult.RESULT_ERROR, log); + } catch (MimeException e) { + e.printStackTrace(); + log.add(LogType.MSG_DATA_MIME_ERROR, 2); + return new InputDataResult(InputDataResult.RESULT_ERROR, log); + } + + } + +} diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/DecryptVerifyResult.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/DecryptVerifyResult.java index e8be9fa78..95cf179af 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/DecryptVerifyResult.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/DecryptVerifyResult.java @@ -34,9 +34,6 @@ public class DecryptVerifyResult extends InputPendingResult { OpenPgpSignatureResult mSignatureResult; OpenPgpDecryptionResult mDecryptionResult; OpenPgpMetadata mDecryptionMetadata; - // This holds the charset which was specified in the ascii armor, if specified - // https://tools.ietf.org/html/rfc4880#page56 - String mCharset; CryptoInputParcel mCachedCryptoInputParcel; @@ -96,14 +93,6 @@ public class DecryptVerifyResult extends InputPendingResult { mDecryptionMetadata = decryptMetadata; } - public String getCharset () { - return mCharset; - } - - public void setCharset(String charset) { - mCharset = charset; - } - public void setOutputBytes(byte[] outputBytes) { mOutputBytes = outputBytes; } diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/InputDataResult.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/InputDataResult.java new file mode 100644 index 000000000..56e99ba1b --- /dev/null +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/InputDataResult.java @@ -0,0 +1,96 @@ +/* + * Copyright (C) 2015 Dominik Schürmann <dominik@dominikschuermann.de> + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +package org.sufficientlysecure.keychain.operations.results; + + +import java.util.ArrayList; + +import android.net.Uri; +import android.os.Parcel; +import android.support.annotation.NonNull; + +import org.openintents.openpgp.OpenPgpMetadata; + + +public class InputDataResult extends InputPendingResult { + + public final ArrayList<Uri> mOutputUris; + final public DecryptVerifyResult mDecryptVerifyResult; + public final ArrayList<OpenPgpMetadata> mMetadata; + + public InputDataResult(OperationLog log, @NonNull InputPendingResult result) { + super(log, result); + mOutputUris = null; + mDecryptVerifyResult = null; + mMetadata = null; + } + + public InputDataResult(int result, OperationLog log) { + super(result, log); + mOutputUris = null; + mDecryptVerifyResult = null; + mMetadata = null; + } + + public InputDataResult(int result, OperationLog log, DecryptVerifyResult decryptResult, + @NonNull ArrayList<Uri> outputUris, @NonNull ArrayList<OpenPgpMetadata> metadata) { + super(result, log); + mDecryptVerifyResult = decryptResult; + if (outputUris.size() != metadata.size()) { + throw new AssertionError("number of output URIs must match metadata!"); + } + mOutputUris = outputUris; + mMetadata = metadata; + } + + protected InputDataResult(Parcel in) { + super(in); + mOutputUris = in.createTypedArrayList(Uri.CREATOR); + mDecryptVerifyResult = in.readParcelable(DecryptVerifyResult.class.getClassLoader()); + mMetadata = in.createTypedArrayList(OpenPgpMetadata.CREATOR); + } + + public ArrayList<Uri> getOutputUris() { + return mOutputUris; + } + + @Override + public int describeContents() { + return 0; + } + + @Override + public void writeToParcel(Parcel dest, int flags) { + super.writeToParcel(dest, flags); + dest.writeTypedList(mOutputUris); + dest.writeParcelable(mDecryptVerifyResult, 0); + dest.writeTypedList(mMetadata); + } + + public static final Creator<InputDataResult> CREATOR = new Creator<InputDataResult>() { + @Override + public InputDataResult createFromParcel(Parcel in) { + return new InputDataResult(in); + } + + @Override + public InputDataResult[] newArray(int size) { + return new InputDataResult[size]; + } + }; +}
\ No newline at end of file diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/InputPendingResult.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/InputPendingResult.java index d767382ae..0a8c1f653 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/InputPendingResult.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/InputPendingResult.java @@ -38,6 +38,15 @@ public class InputPendingResult extends OperationResult { mCryptoInputParcel = null; } + public InputPendingResult(OperationLog log, InputPendingResult result) { + super(RESULT_PENDING, log); + if (!result.isPending()) { + throw new AssertionError("sub result must be pending!"); + } + mRequiredInput = result.mRequiredInput; + mCryptoInputParcel = result.mCryptoInputParcel; + } + public InputPendingResult(OperationLog log, RequiredInputParcel requiredInput, CryptoInputParcel cryptoInputParcel) { super(RESULT_PENDING, log); diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java index 41691933e..b1dcc9202 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java @@ -126,6 +126,13 @@ public abstract class OperationResult implements Parcelable { Log.v(Constants.TAG, "log: " + this); } + /** Clones this LogEntryParcel, adding extra indent. Note that the parameter array is NOT cloned! */ + public LogEntryParcel (LogEntryParcel original, int extraIndent) { + mType = original.mType; + mParameters = original.mParameters; + mIndent = original.mIndent +extraIndent; + } + public LogEntryParcel(Parcel source) { mType = LogType.values()[source.readInt()]; mParameters = (Object[]) source.readSerializable(); @@ -818,7 +825,29 @@ public abstract class OperationResult implements Parcelable { MSG_KEYBASE_ERROR_PAYLOAD_MISMATCH(LogLevel.ERROR, R.string.msg_keybase_error_msg_payload_mismatch), - // export log + // InputData Operation + MSG_DATA (LogLevel.START, R.string.msg_data), + MSG_DATA_OPENPGP (LogLevel.DEBUG, R.string.msg_data_openpgp), + MSG_DATA_ERROR_IO (LogLevel.ERROR, R.string.msg_data_error_io), + MSG_DATA_ERROR_OPENPGP (LogLevel.ERROR, R.string.msg_data_error_openpgp), + MSG_DATA_DETACHED (LogLevel.INFO, R.string.msg_data_detached), + MSG_DATA_DETACHED_CLEAR (LogLevel.WARN, R.string.msg_data_detached_clear), + MSG_DATA_DETACHED_SIG (LogLevel.DEBUG, R.string.msg_data_detached_sig), + MSG_DATA_DETACHED_RAW (LogLevel.DEBUG, R.string.msg_data_detached_raw), + MSG_DATA_DETACHED_NESTED(LogLevel.WARN, R.string.msg_data_detached_nested), + MSG_DATA_DETACHED_TRAILING (LogLevel.WARN, R.string.msg_data_detached_trailing), + MSG_DATA_DETACHED_UNSUPPORTED (LogLevel.WARN, R.string.msg_data_detached_unsupported), + MSG_DATA_MIME_ERROR (LogLevel.ERROR, R.string.msg_data_mime_error), + MSG_DATA_MIME_FILENAME (LogLevel.DEBUG, R.string.msg_data_mime_filename), + MSG_DATA_MIME_LENGTH (LogLevel.DEBUG, R.string.msg_data_mime_length), + MSG_DATA_MIME (LogLevel.DEBUG, R.string.msg_data_mime), + MSG_DATA_MIME_OK (LogLevel.INFO, R.string.msg_data_mime_ok), + MSG_DATA_MIME_NONE (LogLevel.DEBUG, R.string.msg_data_mime_none), + MSG_DATA_MIME_PART (LogLevel.DEBUG, R.string.msg_data_mime_part), + MSG_DATA_MIME_TYPE (LogLevel.DEBUG, R.string.msg_data_mime_type), + MSG_DATA_OK (LogLevel.OK, R.string.msg_data_ok), + MSG_DATA_SKIP_MIME (LogLevel.DEBUG, R.string.msg_data_skip_mime), + MSG_LV (LogLevel.START, R.string.msg_lv), MSG_LV_MATCH (LogLevel.DEBUG, R.string.msg_lv_match), MSG_LV_MATCH_ERROR (LogLevel.ERROR, R.string.msg_lv_match_error), @@ -838,7 +867,8 @@ public abstract class OperationResult implements Parcelable { MSG_LV_FETCH_ERROR_URL (LogLevel.ERROR, R.string.msg_lv_fetch_error_url), MSG_LV_FETCH_ERROR_IO (LogLevel.ERROR, R.string.msg_lv_fetch_error_io), MSG_LV_FETCH_ERROR_FORMAT(LogLevel.ERROR, R.string.msg_lv_fetch_error_format), - MSG_LV_FETCH_ERROR_NOTHING (LogLevel.ERROR, R.string.msg_lv_fetch_error_nothing); + MSG_LV_FETCH_ERROR_NOTHING (LogLevel.ERROR, R.string.msg_lv_fetch_error_nothing), + ; public final int mMsgId; public final LogLevel mLevel; @@ -896,6 +926,13 @@ public abstract class OperationResult implements Parcelable { mParcels.add(new SubLogEntryParcel(subResult, subLog.getFirst().mType, indent, subLog.getFirst().mParameters)); } + public void addByMerge(OperationResult subResult, int indent) { + OperationLog subLog = subResult.getLog(); + for (LogEntryParcel entry : subLog) { + mParcels.add(new LogEntryParcel(entry, indent)); + } + } + public SubLogEntryParcel getSubResultIfSingle() { if (mParcels.size() != 1) { return null; @@ -974,7 +1011,7 @@ public abstract class OperationResult implements Parcelable { for (LogEntryParcel entry : this) { log.append(entry.getPrintableLogEntry(resources, indent)).append("\n"); } - return log.toString().substring(0, log.length() -1); // get rid of extra new line + return log.toString().substring(0, log.length() - 1); // get rid of extra new line } } |