diff options
Diffstat (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util')
7 files changed, 283 insertions, 66 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/Choice.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/Choice.java index 48f10d4b9..5ffce9f24 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/Choice.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/Choice.java @@ -18,12 +18,15 @@ package org.sufficientlysecure.keychain.util; public class Choice <E> { + private String mName; private E mId; + private String mDescription; - public Choice(E id, String name) { + public Choice(E id, String name, String description) { mId = id; mName = name; + mDescription = description; } public E getId() { @@ -34,6 +37,10 @@ public class Choice <E> { return mName; } + public String getDescription() { + return mDescription; + } + @Override public String toString() { return mName; diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/FileHelper.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/FileHelper.java index 106775201..62dd87baa 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/FileHelper.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/FileHelper.java @@ -20,11 +20,13 @@ package org.sufficientlysecure.keychain.util; import java.io.BufferedInputStream; import java.io.BufferedOutputStream; +import java.io.BufferedReader; import java.io.ByteArrayOutputStream; import java.io.File; import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; +import java.io.InputStreamReader; import java.io.OutputStream; import java.io.UnsupportedEncodingException; import java.security.SecureRandom; @@ -223,6 +225,31 @@ public class FileHelper { } } + public static boolean isEncryptedFile(Context context, Uri uri) throws IOException { + boolean isEncrypted = false; + + BufferedReader br = null; + try { + InputStream is = context.getContentResolver().openInputStream(uri); + br = new BufferedReader(new InputStreamReader(is)); + + String header = "-----BEGIN PGP MESSAGE-----"; + int length = header.length(); + char[] buffer = new char[length]; + if (br.read(buffer, 0, length) == length) { + isEncrypted = new String(buffer).equals(header); + } + } finally { + try { + if (br != null) + br.close(); + } catch (IOException e) { + Log.e(Constants.TAG, "Error closing file", e); + } + } + return isEncrypted; + } + public static String readableFileSize(long size) { if (size <= 0) return "0"; final String[] units = new String[]{"B", "KB", "MB", "GB", "TB"}; diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/OkHttpClientFactory.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/OkHttpClientFactory.java new file mode 100644 index 000000000..ea2ae8368 --- /dev/null +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/OkHttpClientFactory.java @@ -0,0 +1,76 @@ +/* + * Copyright (C) 2016 Michał Kępkowski + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +package org.sufficientlysecure.keychain.util; + +import java.io.IOException; +import java.net.Proxy; +import java.net.URL; +import java.util.concurrent.TimeUnit; + +import okhttp3.CertificatePinner; +import okhttp3.OkHttpClient; + +public class OkHttpClientFactory { + private static OkHttpClient client; + + public static OkHttpClient getSimpleClient() { + if (client == null) { + client = new OkHttpClient.Builder() + .connectTimeout(5000, TimeUnit.MILLISECONDS) + .readTimeout(25000, TimeUnit.MILLISECONDS) + .build(); + } + return client; + } + + public static OkHttpClient getSimpleClientPinned(CertificatePinner pinner) { + return new OkHttpClient.Builder() + .connectTimeout(5000, TimeUnit.MILLISECONDS) + .readTimeout(25000, TimeUnit.MILLISECONDS) + .certificatePinner(pinner) + .build(); + } + + public static OkHttpClient getClientPinnedIfAvailable(URL url, Proxy proxy) throws IOException, + TlsHelper.TlsHelperException { + OkHttpClient.Builder builder = new OkHttpClient.Builder(); + + // don't follow any redirects for keyservers, as discussed in the security audit + builder.followRedirects(false) + .followSslRedirects(false); + + if (proxy != null) { + // set proxy and higher timeouts for Tor + builder.proxy(proxy); + builder.connectTimeout(30000, TimeUnit.MILLISECONDS) + .readTimeout(45000, TimeUnit.MILLISECONDS); + } else { + builder.connectTimeout(5000, TimeUnit.MILLISECONDS) + .readTimeout(25000, TimeUnit.MILLISECONDS); + } + + // If a pinned cert is available, use it! + // NOTE: this fails gracefully back to "no pinning" if no cert is available. + if (url != null && TlsHelper.getPinnedSslSocketFactory(url) != null) { + builder.sslSocketFactory(TlsHelper.getPinnedSslSocketFactory(url)); + } + + return builder.build(); + } + +} diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/OkHttpKeybaseClient.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/OkHttpKeybaseClient.java index d2c90cfcd..8d3eb6963 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/OkHttpKeybaseClient.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/OkHttpKeybaseClient.java @@ -17,55 +17,42 @@ package org.sufficientlysecure.keychain.util; -import com.squareup.okhttp.OkHttpClient; -import com.squareup.okhttp.OkUrlFactory; + import com.textuality.keybase.lib.KeybaseUrlConnectionClient; +import okhttp3.OkHttpClient; +import okhttp3.Request; + import org.sufficientlysecure.keychain.Constants; import java.io.IOException; import java.net.Proxy; import java.net.URL; -import java.net.URLConnection; -import java.util.concurrent.TimeUnit; /** * Wrapper for Keybase Lib */ public class OkHttpKeybaseClient implements KeybaseUrlConnectionClient { - private OkUrlFactory generateUrlFactory() { - OkHttpClient client = new OkHttpClient(); - return new OkUrlFactory(client); - } - @Override - public URLConnection openConnection(URL url, Proxy proxy, boolean isKeybase) throws IOException { - OkUrlFactory factory = generateUrlFactory(); - if (proxy != null) { - factory.client().setProxy(proxy); - factory.client().setConnectTimeout(30000, TimeUnit.MILLISECONDS); - factory.client().setReadTimeout(40000, TimeUnit.MILLISECONDS); - } else { - factory.client().setConnectTimeout(5000, TimeUnit.MILLISECONDS); - factory.client().setReadTimeout(25000, TimeUnit.MILLISECONDS); - } - - factory.client().setFollowSslRedirects(false); - - // forced the usage of api.keybase.io pinned certificate - if (isKeybase) { - try { - if (!TlsHelper.usePinnedCertificateIfAvailable(factory.client(), url)) { - throw new IOException("no pinned certificate found for URL!"); - } - } catch (TlsHelper.TlsHelperException e) { - Log.e(Constants.TAG, "TlsHelper failed", e); - throw new IOException("TlsHelper failed"); + public Response getUrlResponse(URL url, Proxy proxy, boolean isKeybase) throws IOException { + OkHttpClient client = null; + + try { + if (proxy != null) { + client = OkHttpClientFactory.getClientPinnedIfAvailable(url, proxy); + } else { + client = OkHttpClientFactory.getSimpleClient(); } + } catch (TlsHelper.TlsHelperException e) { + Log.e(Constants.TAG, "TlsHelper failed", e); + throw new IOException("TlsHelper failed"); } - return factory.open(url); + Request request = new Request.Builder() + .url(url).build(); + okhttp3.Response okResponse = client.newCall(request).execute(); + return new Response(okResponse.body().byteStream(), okResponse.code(), okResponse.message(), okResponse.headers().toMultimap()); } @Override diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/Preferences.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/Preferences.java index b3d679a0e..5f53845d8 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/Preferences.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/Preferences.java @@ -19,20 +19,9 @@ package org.sufficientlysecure.keychain.util; -import java.io.Serializable; -import java.net.Proxy; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Collection; -import java.util.Collections; -import java.util.HashMap; -import java.util.HashSet; -import java.util.ListIterator; -import java.util.Map; -import java.util.Set; -import java.util.Vector; - +import android.accounts.Account; import android.annotation.SuppressLint; +import android.content.ContentResolver; import android.content.Context; import android.content.SharedPreferences; import android.os.Parcel; @@ -42,9 +31,23 @@ import android.support.annotation.NonNull; import org.sufficientlysecure.keychain.Constants; import org.sufficientlysecure.keychain.Constants.Pref; +import org.sufficientlysecure.keychain.KeychainApplication; import org.sufficientlysecure.keychain.R; import org.sufficientlysecure.keychain.service.KeyserverSyncAdapterService; +import java.io.Serializable; +import java.net.Proxy; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.HashMap; +import java.util.HashSet; +import java.util.ListIterator; +import java.util.Map; +import java.util.Set; +import java.util.Vector; + /** * Singleton Implementation of a Preference Helper */ @@ -76,9 +79,8 @@ public class Preferences { /** * Makes android's preference framework write to our file instead of default. - * This allows us to use the "persistent" attribute to simplify code, which automatically + * This allows us to use the xml "persistent" attribute to simplify code, which automatically * writes and reads preference values. - * @param manager */ public static void setPreferenceManagerFileAndMode(PreferenceManager manager) { manager.setSharedPreferencesName(PREF_FILE_NAME); @@ -302,6 +304,23 @@ public class Preferences { } + /** + * @return true if a periodic sync exists and is set to run automatically, false otherwise + */ + public static boolean getKeyserverSyncEnabled(Context context) { + Account account = KeychainApplication.createAccountIfNecessary(context); + + if (account == null) { + // if the account could not be created for some reason, we can't have a sync + return false; + } + + String authority = Constants.PROVIDER_AUTHORITY; + + return ContentResolver.getSyncAutomatically(account, authority) && + !ContentResolver.getPeriodicSyncs(account, authority).isEmpty(); + } + public CacheTTLPrefs getPassphraseCacheTtl() { Set<String> pref = mSharedPreferences.getStringSet(Constants.Pref.PASSPHRASE_CACHE_TTLS, null); if (pref == null) { @@ -424,6 +443,12 @@ public class Preferences { }; } + // sync preferences + + public boolean getWifiOnlySync() { + return mSharedPreferences.getBoolean(Pref.ENABLE_WIFI_SYNC_ONLY, true); + } + // experimental prefs public boolean getExperimentalEnableWordConfirm() { diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/TlsHelper.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/TlsHelper.java index 1492abdeb..fe62eff55 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/TlsHelper.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/TlsHelper.java @@ -19,8 +19,6 @@ package org.sufficientlysecure.keychain.util; import android.content.res.AssetManager; -import com.squareup.okhttp.OkHttpClient; - import org.sufficientlysecure.keychain.Constants; import java.io.ByteArrayInputStream; @@ -39,16 +37,11 @@ import java.util.HashMap; import java.util.Map; import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManagerFactory; public class TlsHelper { - public static class TlsHelperException extends Exception { - public TlsHelperException(Exception e) { - super(e); - } - } - private static Map<String, byte[]> sPinnedCertificates = new HashMap<>(); /** @@ -80,30 +73,29 @@ public class TlsHelper { * @throws TlsHelperException * @throws IOException */ - public static boolean usePinnedCertificateIfAvailable(OkHttpClient client, URL url) throws TlsHelperException, IOException { + public static SSLSocketFactory getPinnedSslSocketFactory(URL url) throws TlsHelperException, IOException { if (url.getProtocol().equals("https")) { // use certificate PIN from assets if we have one for (String host : sPinnedCertificates.keySet()) { if (url.getHost().endsWith(host)) { - pinCertificate(sPinnedCertificates.get(host), client); - return true; + return pinCertificate(sPinnedCertificates.get(host)); } } } - return false; + return null; } /** - * Modifies the client to accept only requests with a given certificate. Applies to all URLs requested by the - * client. - * Therefore a client that is pinned this way should be used to only make requests to URLs with passed certificate. + * Modifies the builder to accept only requests with a given certificate. + * Applies to all URLs requested by the builder. + * Therefore a builder that is pinned this way should be used to only make requests + * to URLs with passed certificate. * * @param certificate certificate to pin - * @param client OkHttpClient to enforce pinning on * @throws TlsHelperException * @throws IOException */ - private static void pinCertificate(byte[] certificate, OkHttpClient client) + private static SSLSocketFactory pinCertificate(byte[] certificate) throws TlsHelperException, IOException { // We don't use OkHttp's CertificatePinner since it can not be used to pin self-signed // certificate if such certificate is not accepted by TrustManager. @@ -130,10 +122,16 @@ public class TlsHelper { SSLContext context = SSLContext.getInstance("TLS"); context.init(null, tmf.getTrustManagers(), null); - client.setSslSocketFactory(context.getSocketFactory()); + return context.getSocketFactory(); } catch (CertificateException | KeyStoreException | KeyManagementException | NoSuchAlgorithmException e) { throw new TlsHelperException(e); } } + public static class TlsHelperException extends Exception { + public TlsHelperException(Exception e) { + super(e); + } + } + } diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/UsbConnectionDispatcher.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/UsbConnectionDispatcher.java new file mode 100644 index 000000000..7a8e65ae4 --- /dev/null +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/UsbConnectionDispatcher.java @@ -0,0 +1,97 @@ +/* + * Copyright (C) 2016 Nikita Mikhailov <nikita.s.mikhailov@gmail.com> + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +package org.sufficientlysecure.keychain.util; + +import android.app.Activity; +import android.content.BroadcastReceiver; +import android.content.Context; +import android.content.Intent; +import android.content.IntentFilter; +import android.hardware.usb.UsbDevice; +import android.hardware.usb.UsbManager; + +import org.sufficientlysecure.keychain.Constants; +import org.sufficientlysecure.keychain.ui.UsbEventReceiverActivity; + +public class UsbConnectionDispatcher { + private Activity mActivity; + + private OnDiscoveredUsbDeviceListener mListener; + private UsbManager mUsbManager; + + /** + * Receives broadcast when a supported USB device get permission. + */ + private final BroadcastReceiver mUsbReceiver = new BroadcastReceiver() { + @Override + public void onReceive(Context context, Intent intent) { + String action = intent.getAction(); + + switch (action) { + case UsbEventReceiverActivity.ACTION_USB_PERMISSION: { + UsbDevice usbDevice = intent.getParcelableExtra(UsbManager.EXTRA_DEVICE); + boolean permission = intent.getBooleanExtra(UsbManager.EXTRA_PERMISSION_GRANTED, + false); + if (permission) { + Log.d(Constants.TAG, "Got permission for " + usbDevice.getDeviceName()); + mListener.usbDeviceDiscovered(usbDevice); + } + break; + } + } + } + }; + + public UsbConnectionDispatcher(final Activity activity, final OnDiscoveredUsbDeviceListener listener) { + this.mActivity = activity; + this.mListener = listener; + this.mUsbManager = (UsbManager) activity.getSystemService(Context.USB_SERVICE); + } + + public void onStart() { + final IntentFilter intentFilter = new IntentFilter(); + intentFilter.addAction(UsbEventReceiverActivity.ACTION_USB_PERMISSION); + + mActivity.registerReceiver(mUsbReceiver, intentFilter); + } + + public void onStop() { + mActivity.unregisterReceiver(mUsbReceiver); + } + + /** + * Rescans devices and triggers {@link OnDiscoveredUsbDeviceListener} + */ + public void rescanDevices() { + // Note: we don't check devices VID/PID because + // we check for permission instead. + // We should have permission only for matching devices + for (UsbDevice device : mUsbManager.getDeviceList().values()) { + if (mUsbManager.hasPermission(device)) { + if (mListener != null) { + mListener.usbDeviceDiscovered(device); + } + break; + } + } + } + + public interface OnDiscoveredUsbDeviceListener { + void usbDeviceDiscovered(UsbDevice usbDevice); + } +} |