aboutsummaryrefslogtreecommitdiffstats
path: root/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
diff options
context:
space:
mode:
Diffstat (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java')
-rw-r--r--OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java194
1 files changed, 137 insertions, 57 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
index a5dc2a03c..88cd066a2 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
@@ -1,5 +1,6 @@
/*
* Copyright (C) 2013-2015 Dominik Schürmann <dominik@dominikschuermann.de>
+ * Copyright (C) 2016 Vincent Breitmoser <look@my.amazin.horse>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -17,11 +18,24 @@
package org.sufficientlysecure.keychain.remote;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Date;
+import java.util.HashSet;
+import java.util.List;
+
import android.app.PendingIntent;
import android.app.Service;
import android.content.Intent;
import android.database.Cursor;
import android.net.Uri;
+import android.os.Bundle;
import android.os.IBinder;
import android.os.ParcelFileDescriptor;
import android.os.Parcelable;
@@ -43,12 +57,15 @@ import org.sufficientlysecure.keychain.operations.results.ExportResult;
import org.sufficientlysecure.keychain.operations.results.OperationResult.LogEntryParcel;
import org.sufficientlysecure.keychain.operations.results.PgpSignEncryptResult;
import org.sufficientlysecure.keychain.pgp.CanonicalizedPublicKeyRing;
+import org.sufficientlysecure.keychain.pgp.KeyRing;
+import org.sufficientlysecure.keychain.pgp.KeyRing.UserId;
import org.sufficientlysecure.keychain.pgp.PgpDecryptVerifyInputParcel;
import org.sufficientlysecure.keychain.pgp.PgpDecryptVerifyOperation;
import org.sufficientlysecure.keychain.pgp.PgpSecurityConstants;
import org.sufficientlysecure.keychain.pgp.PgpSignEncryptInputParcel;
import org.sufficientlysecure.keychain.pgp.PgpSignEncryptOperation;
import org.sufficientlysecure.keychain.pgp.exception.PgpKeyNotFoundException;
+import org.sufficientlysecure.keychain.provider.ApiDataAccessObject;
import org.sufficientlysecure.keychain.provider.KeychainContract;
import org.sufficientlysecure.keychain.provider.KeychainContract.ApiAccounts;
import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
@@ -61,18 +78,12 @@ import org.sufficientlysecure.keychain.util.InputData;
import org.sufficientlysecure.keychain.util.Log;
import org.sufficientlysecure.keychain.util.Passphrase;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Date;
-import java.util.HashSet;
-import java.util.List;
-
public class OpenPgpService extends Service {
- static final String[] EMAIL_SEARCH_PROJECTION = new String[]{
+ public static final List<Integer> SUPPORTED_VERSIONS =
+ Collections.unmodifiableList(Arrays.asList(3, 4, 5, 6, 7, 8, 9, 10, 11));
+
+ static final String[] KEY_SEARCH_PROJECTION = new String[]{
KeyRings._ID,
KeyRings.MASTER_KEY_ID,
KeyRings.IS_EXPIRED,
@@ -80,35 +91,50 @@ public class OpenPgpService extends Service {
};
// do not pre-select revoked or expired keys
- static final String EMAIL_SEARCH_WHERE = Tables.KEYS + "." + KeychainContract.KeyRings.IS_REVOKED
+ static final String KEY_SEARCH_WHERE = Tables.KEYS + "." + KeychainContract.KeyRings.IS_REVOKED
+ " = 0 AND " + KeychainContract.KeyRings.IS_EXPIRED + " = 0";
private ApiPermissionHelper mApiPermissionHelper;
private ProviderHelper mProviderHelper;
+ private ApiDataAccessObject mApiDao;
@Override
public void onCreate() {
super.onCreate();
- mApiPermissionHelper = new ApiPermissionHelper(this);
+ mApiPermissionHelper = new ApiPermissionHelper(this, new ApiDataAccessObject(this));
mProviderHelper = new ProviderHelper(this);
+ mApiDao = new ApiDataAccessObject(this);
}
- /**
- * Search database for key ids based on emails.
- */
- private Intent returnKeyIdsFromEmails(Intent data, String[] encryptionUserIds) {
+ private static class KeyIdResult {
+ final Intent mResultIntent;
+ final HashSet<Long> mKeyIds;
+
+ KeyIdResult(Intent resultIntent) {
+ mResultIntent = resultIntent;
+ mKeyIds = null;
+ }
+ KeyIdResult(HashSet<Long> keyIds) {
+ mResultIntent = null;
+ mKeyIds = keyIds;
+ }
+ }
+
+ private KeyIdResult returnKeyIdsFromEmails(Intent data, String[] encryptionUserIds, boolean isOpportunistic) {
boolean noUserIdsCheck = (encryptionUserIds == null || encryptionUserIds.length == 0);
boolean missingUserIdsCheck = false;
boolean duplicateUserIdsCheck = false;
- ArrayList<Long> keyIds = new ArrayList<>();
+ HashSet<Long> keyIds = new HashSet<>();
ArrayList<String> missingEmails = new ArrayList<>();
ArrayList<String> duplicateEmails = new ArrayList<>();
if (!noUserIdsCheck) {
- for (String email : encryptionUserIds) {
+ for (String rawUserId : encryptionUserIds) {
+ UserId userId = KeyRing.splitUserId(rawUserId);
+ String email = userId.email != null ? userId.email : rawUserId;
// try to find the key for this specific email
Uri uri = KeyRings.buildUnifiedKeyRingsFindByEmailUri(email);
- Cursor cursor = getContentResolver().query(uri, EMAIL_SEARCH_PROJECTION, EMAIL_SEARCH_WHERE, null, null);
+ Cursor cursor = getContentResolver().query(uri, KEY_SEARCH_PROJECTION, KEY_SEARCH_WHERE, null, null);
try {
// result should be one entry containing the key id
if (cursor != null && cursor.moveToFirst()) {
@@ -137,15 +163,17 @@ public class OpenPgpService extends Service {
}
}
- // convert ArrayList<Long> to long[]
- long[] keyIdsArray = new long[keyIds.size()];
- for (int i = 0; i < keyIdsArray.length; i++) {
- keyIdsArray[i] = keyIds.get(i);
+ if (isOpportunistic && (noUserIdsCheck || missingUserIdsCheck)) {
+ Intent result = new Intent();
+ result.putExtra(OpenPgpApi.RESULT_ERROR,
+ new OpenPgpError(OpenPgpError.OPPORTUNISTIC_MISSING_KEYS, "missing keys in opportunistic mode"));
+ result.putExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_ERROR);
+ return new KeyIdResult(result);
}
if (noUserIdsCheck || missingUserIdsCheck || duplicateUserIdsCheck) {
- // allow the user to verify pub key selection
-
+ // convert ArrayList<Long> to long[]
+ long[] keyIdsArray = getUnboxedLongArray(keyIds);
ApiPendingIntentFactory piFactory = new ApiPendingIntentFactory(getBaseContext());
PendingIntent pi = piFactory.createSelectPublicKeyPendingIntent(data, keyIdsArray,
missingEmails, duplicateEmails, noUserIdsCheck);
@@ -154,19 +182,15 @@ public class OpenPgpService extends Service {
Intent result = new Intent();
result.putExtra(OpenPgpApi.RESULT_INTENT, pi);
result.putExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_USER_INTERACTION_REQUIRED);
- return result;
- } else {
- // everything was easy, we have exactly one key for every email
-
- if (keyIdsArray.length == 0) {
- Log.e(Constants.TAG, "keyIdsArray.length == 0, should never happen!");
- }
+ return new KeyIdResult(result);
+ }
- Intent result = new Intent();
- result.putExtra(OpenPgpApi.RESULT_KEY_IDS, keyIdsArray);
- result.putExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_SUCCESS);
- return result;
+ // everything was easy, we have exactly one key for every email
+ if (keyIds.isEmpty()) {
+ Log.e(Constants.TAG, "keyIdsArray.length == 0, should never happen!");
}
+
+ return new KeyIdResult(keyIds);
}
private Intent signImpl(Intent data, InputStream inputStream,
@@ -280,20 +304,31 @@ public class OpenPgpService extends Service {
compressionId = PgpSecurityConstants.OpenKeychainCompressionAlgorithmTags.UNCOMPRESSED;
}
- // first try to get key ids from non-ambiguous key id extra
- long[] keyIds = data.getLongArrayExtra(OpenPgpApi.EXTRA_KEY_IDS);
- if (keyIds == null) {
+ long[] keyIds;
+ {
+ HashSet<Long> encryptKeyIds = new HashSet<>();
+
// get key ids based on given user ids
- String[] userIds = data.getStringArrayExtra(OpenPgpApi.EXTRA_USER_IDS);
- // give params through to activity...
- Intent result = returnKeyIdsFromEmails(data, userIds);
+ if (data.hasExtra(OpenPgpApi.EXTRA_USER_IDS)) {
+ String[] userIds = data.getStringArrayExtra(OpenPgpApi.EXTRA_USER_IDS);
+ boolean isOpportunistic = data.getBooleanExtra(OpenPgpApi.EXTRA_OPPORTUNISTIC_ENCRYPTION, false);
+ // give params through to activity...
+ KeyIdResult result = returnKeyIdsFromEmails(data, userIds, isOpportunistic);
+
+ if (result.mResultIntent != null) {
+ return result.mResultIntent;
+ }
+ encryptKeyIds.addAll(result.mKeyIds);
+ }
- if (result.getIntExtra(OpenPgpApi.RESULT_CODE, 0) == OpenPgpApi.RESULT_CODE_SUCCESS) {
- keyIds = result.getLongArrayExtra(OpenPgpApi.RESULT_KEY_IDS);
- } else {
- // if not success -> result contains a PendingIntent for user interaction
- return result;
+ // add key ids from non-ambiguous key id extra
+ if (data.hasExtra(OpenPgpApi.EXTRA_KEY_IDS)) {
+ for (long keyId : data.getLongArrayExtra(OpenPgpApi.EXTRA_KEY_IDS)) {
+ encryptKeyIds.add(keyId);
+ }
}
+
+ keyIds = getUnboxedLongArray(encryptKeyIds);
}
// TODO this is not correct!
@@ -305,8 +340,7 @@ public class OpenPgpService extends Service {
.setVersionHeader(null)
.setCompressionAlgorithm(compressionId)
.setSymmetricEncryptionAlgorithm(PgpSecurityConstants.OpenKeychainSymmetricKeyAlgorithmTags.USE_DEFAULT)
- .setEncryptionMasterKeyIds(keyIds)
- .setFailOnMissingEncryptionKeyIds(true);
+ .setEncryptionMasterKeyIds(keyIds);
if (sign) {
@@ -405,11 +439,11 @@ public class OpenPgpService extends Service {
}
String currentPkg = mApiPermissionHelper.getCurrentCallingPackage();
- HashSet<Long> allowedKeyIds = mProviderHelper.getAllowedKeyIdsForApp(
+ HashSet<Long> allowedKeyIds = mApiDao.getAllowedKeyIdsForApp(
KeychainContract.ApiAllowedKeys.buildBaseUri(currentPkg));
if (data.getIntExtra(OpenPgpApi.EXTRA_API_VERSION, -1) < 7) {
- allowedKeyIds.addAll(mProviderHelper.getAllKeyIdsForApp(
+ allowedKeyIds.addAll(mApiDao.getAllKeyIdsForApp(
ApiAccounts.buildBaseUri(currentPkg)));
}
@@ -422,6 +456,15 @@ public class OpenPgpService extends Service {
cryptoInput.mPassphrase =
new Passphrase(data.getCharArrayExtra(OpenPgpApi.EXTRA_PASSPHRASE));
}
+ if (data.hasExtra(OpenPgpApi.EXTRA_DECRYPTION_RESULT_WRAPPER)) {
+ // this is wrapped in a Bundle to avoid ClassLoader problems
+ Bundle wrapperBundle = data.getBundleExtra(OpenPgpApi.EXTRA_DECRYPTION_RESULT_WRAPPER);
+ wrapperBundle.setClassLoader(getClassLoader());
+ OpenPgpDecryptionResult decryptionResult = wrapperBundle.getParcelable(OpenPgpApi.EXTRA_DECRYPTION_RESULT);
+ if (decryptionResult != null && decryptionResult.hasDecryptedSessionKey()) {
+ cryptoInput.addCryptoData(decryptionResult.sessionKey, decryptionResult.decryptedSessionKey);
+ }
+ }
byte[] detachedSignature = data.getByteArrayExtra(OpenPgpApi.EXTRA_DETACHED_SIGNATURE);
@@ -582,7 +625,8 @@ public class OpenPgpService extends Service {
try {
// try to find key, throws NotFoundException if not in db!
CanonicalizedPublicKeyRing keyRing =
- mProviderHelper.getCanonicalizedPublicKeyRing(masterKeyId);
+ mProviderHelper.getCanonicalizedPublicKeyRing(
+ KeyRings.buildUnifiedKeyRingsFindBySubkeyUri(masterKeyId));
Intent result = new Intent();
result.putExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_SUCCESS);
@@ -669,7 +713,21 @@ public class OpenPgpService extends Service {
} else {
// get key ids based on given user ids
String[] userIds = data.getStringArrayExtra(OpenPgpApi.EXTRA_USER_IDS);
- return returnKeyIdsFromEmails(data, userIds);
+ KeyIdResult keyResult = returnKeyIdsFromEmails(data, userIds, false);
+ if (keyResult.mResultIntent != null) {
+ return keyResult.mResultIntent;
+ }
+
+ if (keyResult.mKeyIds == null) {
+ throw new AssertionError("one of requiredUserInteraction and keyIds must be non-null, this is a bug!");
+ }
+
+ long[] keyIds = getUnboxedLongArray(keyResult.mKeyIds);
+
+ Intent resultIntent = new Intent();
+ resultIntent.putExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_SUCCESS);
+ resultIntent.putExtra(OpenPgpApi.RESULT_KEY_IDS, keyIds);
+ return resultIntent;
}
}
@@ -716,6 +774,26 @@ public class OpenPgpService extends Service {
}
}
+ @NonNull
+ private static long[] getUnboxedLongArray(@NonNull Collection<Long> arrayList) {
+ long[] result = new long[arrayList.size()];
+ int i = 0;
+ for (Long e : arrayList) {
+ result[i++] = e;
+ }
+ return result;
+ }
+
+ private Intent checkPermissionImpl(@NonNull Intent data) {
+ Intent permissionIntent = mApiPermissionHelper.isAllowedOrReturnIntent(data);
+ if (permissionIntent != null) {
+ return permissionIntent;
+ }
+ Intent result = new Intent();
+ result.putExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_SUCCESS);
+ return result;
+ }
+
private Intent getSignKeyMasterId(Intent data) {
// NOTE: Accounts are deprecated on API version >= 7
if (data.getIntExtra(OpenPgpApi.EXTRA_API_VERSION, -1) < 7) {
@@ -765,20 +843,19 @@ public class OpenPgpService extends Service {
// version code is required and needs to correspond to version code of service!
// History of versions in openpgp-api's CHANGELOG.md
- List<Integer> supportedVersions = Arrays.asList(3, 4, 5, 6, 7, 8, 9, 10);
- if (!supportedVersions.contains(data.getIntExtra(OpenPgpApi.EXTRA_API_VERSION, -1))) {
+ if (!SUPPORTED_VERSIONS.contains(data.getIntExtra(OpenPgpApi.EXTRA_API_VERSION, -1))) {
Intent result = new Intent();
OpenPgpError error = new OpenPgpError
(OpenPgpError.INCOMPATIBLE_API_VERSIONS, "Incompatible API versions!\n"
+ "used API version: " + data.getIntExtra(OpenPgpApi.EXTRA_API_VERSION, -1) + "\n"
- + "supported API versions: " + supportedVersions);
+ + "supported API versions: " + SUPPORTED_VERSIONS);
result.putExtra(OpenPgpApi.RESULT_ERROR, error);
result.putExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_ERROR);
return result;
}
// check if caller is allowed to access OpenKeychain
- Intent result = mApiPermissionHelper.isAllowed(data);
+ Intent result = mApiPermissionHelper.isAllowedOrReturnIntent(data);
if (result != null) {
return result;
}
@@ -845,6 +922,9 @@ public class OpenPgpService extends Service {
String action = data.getAction();
switch (action) {
+ case OpenPgpApi.ACTION_CHECK_PERMISSION: {
+ return checkPermissionImpl(data);
+ }
case OpenPgpApi.ACTION_CLEARTEXT_SIGN: {
return signImpl(data, inputStream, outputStream, true);
}