From e573cd774a4a41234c229d9c49ef7a5656445f93 Mon Sep 17 00:00:00 2001 From: Vincent Breitmoser Date: Tue, 24 Mar 2015 16:41:01 +0100 Subject: work on cookie scanning during creation --- .../keychain/pgp/linked/LinkedCookieResource.java | 26 ++++- .../pgp/linked/resources/GenericHttpsResource.java | 49 ++-------- .../pgp/linked/resources/GithubResource.java | 73 +++++++------- .../pgp/linked/resources/TwitterResource.java | 107 ++++++++++----------- 4 files changed, 117 insertions(+), 138 deletions(-) (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp') diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/linked/LinkedCookieResource.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/linked/LinkedCookieResource.java index 940e0f7eb..606c951b8 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/linked/LinkedCookieResource.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/linked/LinkedCookieResource.java @@ -4,10 +4,10 @@ import android.content.Context; import org.apache.http.HttpEntity; import org.apache.http.HttpResponse; -import org.apache.http.HttpStatus; import org.apache.http.client.methods.HttpRequestBase; import org.apache.http.impl.client.DefaultHttpClient; import org.apache.http.params.BasicHttpParams; +import org.json.JSONException; import org.sufficientlysecure.keychain.Constants; import org.sufficientlysecure.keychain.operations.results.LinkedVerifyResult; import org.sufficientlysecure.keychain.operations.results.OperationResult.LogType; @@ -19,6 +19,7 @@ import java.io.BufferedReader; import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; +import java.net.MalformedURLException; import java.net.URI; import java.util.HashMap; import java.util.Map.Entry; @@ -86,7 +87,23 @@ public abstract class LinkedCookieResource extends LinkedResource { log.add(LogType.MSG_LV, 0); // Try to fetch resource. Logs for itself - String res = fetchResource(log, 1); + String res = null; + try { + res = fetchResource(log, 1); + } catch (HttpStatusException e) { + // log verbose output to logcat + Log.e(Constants.TAG, "http error (" + e.getStatus() + "): " + e.getReason()); + log.add(LogType.MSG_LV_FETCH_ERROR, 2, Integer.toString(e.getStatus())); + } catch (MalformedURLException e) { + log.add(LogType.MSG_LV_FETCH_ERROR_URL, 2); + } catch (IOException e) { + Log.e(Constants.TAG, "io error", e); + log.add(LogType.MSG_LV_FETCH_ERROR_IO, 2); + } catch (JSONException e) { + Log.e(Constants.TAG, "json error", e); + log.add(LogType.MSG_LV_FETCH_ERROR_FORMAT, 2); + } + if (res == null) { // if this is null, an error was recorded in fetchResource above return new LinkedVerifyResult(LinkedVerifyResult.RESULT_ERROR, log); @@ -98,7 +115,8 @@ public abstract class LinkedCookieResource extends LinkedResource { } - protected abstract String fetchResource (OperationLog log, int indent); + protected abstract String fetchResource (OperationLog log, int indent) throws HttpStatusException, IOException, + JSONException; protected Matcher matchResource (OperationLog log, int indent, String res) { return magicPattern.matcher(res); @@ -130,6 +148,8 @@ public abstract class LinkedCookieResource extends LinkedResource { public static String getResponseBody(HttpRequestBase request) throws IOException, HttpStatusException { StringBuilder sb = new StringBuilder(); + request.setHeader("User-Agent", "Open Keychain"); + DefaultHttpClient httpClient = new DefaultHttpClient(new BasicHttpParams()); HttpResponse response = httpClient.execute(request); int statusCode = response.getStatusLine().getStatusCode(); diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/linked/resources/GenericHttpsResource.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/linked/resources/GenericHttpsResource.java index c6d5883ee..4cf56fe67 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/linked/resources/GenericHttpsResource.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/linked/resources/GenericHttpsResource.java @@ -8,6 +8,7 @@ import android.support.annotation.StringRes; import com.textuality.keybase.lib.Search; +import org.apache.http.client.methods.HttpGet; import org.sufficientlysecure.keychain.Constants; import org.sufficientlysecure.keychain.R; import org.sufficientlysecure.keychain.operations.results.OperationResult.LogType; @@ -40,53 +41,15 @@ public class GenericHttpsResource extends LinkedCookieResource { } @Override - protected String fetchResource (OperationLog log, int indent) { + protected String fetchResource (OperationLog log, int indent) throws HttpStatusException, IOException { log.add(LogType.MSG_LV_FETCH, indent, mSubUri.toString()); indent += 1; - try { - - HttpsURLConnection conn = null; - URL url = mSubUri.toURL(); - int status = 0; - int redirects = 0; - - while (redirects < 5) { - conn = (HttpsURLConnection) url.openConnection(); - conn.addRequestProperty("User-Agent", "OpenKeychain"); - conn.setConnectTimeout(5000); - conn.setReadTimeout(25000); - conn.connect(); - status = conn.getResponseCode(); - if (status == 301) { - redirects++; - url = new URL(conn.getHeaderFields().get("Location").get(0)); - log.add(LogType.MSG_LV_FETCH_REDIR, indent, url.toString()); - } else { - break; - } - } - - if (status >= 200 && status < 300) { - log.add(LogType.MSG_LV_FETCH_OK, indent, Integer.toString(status)); - return Search.snarf(conn.getInputStream()); - } else { - // log verbose output to logcat - Log.e(Constants.TAG, Search.snarf(conn.getErrorStream())); - log.add(LogType.MSG_LV_FETCH_ERROR, indent, Integer.toString(status)); - return null; - } - - } catch (MalformedURLException e) { - log.add(LogType.MSG_LV_FETCH_ERROR_URL, indent); - return null; - } catch (IOException e) { - Log.e(Constants.TAG, "io error", e); - e.printStackTrace(); - log.add(LogType.MSG_LV_FETCH_ERROR_IO, indent); - return null; - } + HttpGet httpGet = new HttpGet(mSubUri); + return getResponseBody(httpGet); + + // log.add(LogType.MSG_LV_FETCH_REDIR, indent, url.toString()); } diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/linked/resources/GithubResource.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/linked/resources/GithubResource.java index 400a0a678..9300b67e7 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/linked/resources/GithubResource.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/linked/resources/GithubResource.java @@ -48,58 +48,43 @@ public class GithubResource extends LinkedCookieResource { } @Override - protected String fetchResource (OperationLog log, int indent) { + protected String fetchResource (OperationLog log, int indent) + throws HttpStatusException, IOException, JSONException { log.add(LogType.MSG_LV_FETCH, indent, mSubUri.toString()); indent += 1; - try { - - HttpGet httpGet = new HttpGet("https://api.github.com/gists/" + mGistId); - httpGet.setHeader("User-Agent", "OpenKeychain"); + HttpGet httpGet = new HttpGet("https://api.github.com/gists/" + mGistId); + String response = getResponseBody(httpGet); - String response = getResponseBody(httpGet); + JSONObject obj = new JSONObject(response); - JSONObject obj = new JSONObject(response); - - JSONObject owner = obj.getJSONObject("owner"); - if (!mHandle.equals(owner.getString("login"))) { - log.add(LogType.MSG_LV_FETCH_ERROR_FORMAT, indent); - return null; - } - - JSONObject files = obj.getJSONObject("files"); - Iterator it = files.keys(); - if (it.hasNext()) { - // TODO can there be multiple candidates? - JSONObject file = files.getJSONObject(it.next()); - return file.getString("content"); - } + JSONObject owner = obj.getJSONObject("owner"); + if (!mHandle.equals(owner.getString("login"))) { + log.add(LogType.MSG_LV_ERROR_GITHUB_HANDLE, indent); + return null; + } - } catch (HttpStatusException e) { - // log verbose output to logcat - Log.e(Constants.TAG, "http error (" + e.getStatus() + "): " + e.getReason()); - log.add(LogType.MSG_LV_FETCH_ERROR, indent, Integer.toString(e.getStatus())); - } catch (MalformedURLException e) { - log.add(LogType.MSG_LV_FETCH_ERROR_URL, indent); - } catch (IOException e) { - Log.e(Constants.TAG, "io error", e); - log.add(LogType.MSG_LV_FETCH_ERROR_IO, indent); - } catch (JSONException e) { - Log.e(Constants.TAG, "json error", e); - log.add(LogType.MSG_LV_FETCH_ERROR_FORMAT, indent); + JSONObject files = obj.getJSONObject("files"); + Iterator it = files.keys(); + if (it.hasNext()) { + // TODO can there be multiple candidates? + JSONObject file = files.getJSONObject(it.next()); + return file.getString("content"); } + + log.add(LogType.MSG_LV_ERROR_GITHUB_NOT_FOUND, indent); return null; } - public static GithubResource searchInGithubStream(String screenName, String needle) { + public static GithubResource searchInGithubStream(String screenName, String needle, + OperationLog log) { // narrow the needle down to important part Matcher matcher = magicPattern.matcher(needle); if (!matcher.find()) { - Log.e(Constants.TAG, "needle didn't contain cookie!"); - return null; + throw new AssertionError("Needle must contain cookie pattern! This is a programming error, please report."); } needle = matcher.group(); @@ -150,9 +135,21 @@ public class GithubResource extends LinkedCookieResource { } // update the results with the body of the response + log.add(LogType.MSG_LV_FETCH_ERROR_NOTHING, 2); return null; - } catch (JSONException | HttpStatusException | IOException e) { - Log.e(Constants.TAG, "exception parsing stream", e); + + } catch (HttpStatusException e) { + // log verbose output to logcat + Log.e(Constants.TAG, "http error (" + e.getStatus() + "): " + e.getReason()); + log.add(LogType.MSG_LV_FETCH_ERROR, 2, Integer.toString(e.getStatus())); + } catch (MalformedURLException e) { + log.add(LogType.MSG_LV_FETCH_ERROR_URL, 2); + } catch (IOException e) { + Log.e(Constants.TAG, "io error", e); + log.add(LogType.MSG_LV_FETCH_ERROR_IO, 2); + } catch (JSONException e) { + Log.e(Constants.TAG, "json error", e); + log.add(LogType.MSG_LV_FETCH_ERROR_FORMAT, 2); } return null; diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/linked/resources/TwitterResource.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/linked/resources/TwitterResource.java index 136d87d03..e56d281b7 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/linked/resources/TwitterResource.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/linked/resources/TwitterResource.java @@ -22,6 +22,7 @@ import org.sufficientlysecure.keychain.operations.results.OperationResult.Operat import org.sufficientlysecure.keychain.pgp.linked.LinkedCookieResource; import java.io.IOException; +import java.net.MalformedURLException; import java.net.URI; import java.util.HashMap; import java.util.HashSet; @@ -66,11 +67,14 @@ public class TwitterResource extends LinkedCookieResource { } @Override - protected String fetchResource(OperationLog log, int indent) { + protected String fetchResource(OperationLog log, int indent) throws IOException, HttpStatusException, + JSONException { - String authToken = getAuthToken(); - - if (authToken == null) { + String authToken; + try { + authToken = getAuthToken(); + } catch (IOException | HttpStatusException | JSONException e) { + log.add(LogType.MSG_LV_ERROR_TWITTER_AUTH, indent); return null; } @@ -87,32 +91,19 @@ public class TwitterResource extends LinkedCookieResource { try { String response = getResponseBody(httpGet); JSONObject obj = new JSONObject(response); - - if (!obj.has("text")) { - return null; - } - JSONObject user = obj.getJSONObject("user"); if (!mHandle.equalsIgnoreCase(user.getString("screen_name"))) { - log.add(LogType.MSG_LV_FETCH_ERROR_FORMAT, indent); + log.add(LogType.MSG_LV_ERROR_TWITTER_HANDLE, indent); return null; } // update the results with the body of the response return obj.getString("text"); - } catch (HttpStatusException e) { - // log verbose output to logcat - Log.e(Constants.TAG, "http error (" + e.getStatus() + "): " + e.getReason()); - log.add(LogType.MSG_LV_FETCH_ERROR, indent, Integer.toString(e.getStatus())); - } catch (IOException e) { - Log.e(Constants.TAG, "io error", e); - log.add(LogType.MSG_LV_FETCH_ERROR_IO, indent); } catch (JSONException e) { - Log.e(Constants.TAG, "json error", e); - log.add(LogType.MSG_LV_FETCH_ERROR_FORMAT, indent); + log.add(LogType.MSG_LV_ERROR_TWITTER_RESPONSE, indent); + return null; } - return null; } @Override @@ -148,11 +139,14 @@ public class TwitterResource extends LinkedCookieResource { return intent; } - public static TwitterResource searchInTwitterStream(String screenName, String needle) { - - String authToken = getAuthToken(); + public static TwitterResource searchInTwitterStream( + String screenName, String needle, OperationLog log) { - if (authToken == null) { + String authToken; + try { + authToken = getAuthToken(); + } catch (IOException | HttpStatusException | JSONException e) { + log.add(LogType.MSG_LV_ERROR_TWITTER_AUTH, 1); return null; } @@ -184,46 +178,51 @@ public class TwitterResource extends LinkedCookieResource { } // update the results with the body of the response + log.add(LogType.MSG_LV_FETCH_ERROR_NOTHING, 1); return null; - } catch (JSONException | HttpStatusException | IOException e) { - Log.e(Constants.TAG, "exception parsing stream", e); + + } catch (HttpStatusException e) { + // log verbose output to logcat + Log.e(Constants.TAG, "http error (" + e.getStatus() + "): " + e.getReason()); + log.add(LogType.MSG_LV_FETCH_ERROR, 1, Integer.toString(e.getStatus())); + } catch (MalformedURLException e) { + log.add(LogType.MSG_LV_FETCH_ERROR_URL, 1); + } catch (IOException e) { + Log.e(Constants.TAG, "io error", e); + log.add(LogType.MSG_LV_FETCH_ERROR_IO, 1); + } catch (JSONException e) { + Log.e(Constants.TAG, "json error", e); + log.add(LogType.MSG_LV_FETCH_ERROR_FORMAT, 1); } return null; } - private static String authToken; + private static String cachedAuthToken; - private static String getAuthToken() { - if (authToken != null) { - return authToken; + private static String getAuthToken() throws IOException, HttpStatusException, JSONException { + if (cachedAuthToken != null) { + return cachedAuthToken; } - try { - - String base64Encoded = rot13("D293FQqanH0jH29KIaWJER5DomqSGRE2Ewc1LJACn3cbD1c" - + "Fq1bmqSAQAz5MI2cIHKOuo3cPoRAQI1OyqmIVFJS6LHMXq2g6MRLkIj") + "=="; - - // Step 2: Obtain a bearer token - HttpPost httpPost = new HttpPost("https://api.twitter.com/oauth2/token"); - httpPost.setHeader("Authorization", "Basic " + base64Encoded); - httpPost.setHeader("Content-Type", "application/x-www-form-urlencoded;charset=UTF-8"); - httpPost.setEntity(new StringEntity("grant_type=client_credentials")); - JSONObject rawAuthorization = new JSONObject(getResponseBody(httpPost)); - - // Applications should verify that the value associated with the - // token_type key of the returned object is bearer - if (!"bearer".equals(JWalk.getString(rawAuthorization, "token_type"))) { - return null; - } - - authToken = JWalk.getString(rawAuthorization, "access_token"); - return authToken; - - } catch (JSONException | IllegalStateException | HttpStatusException | IOException ex) { - Log.e(Constants.TAG, "exception fetching auth token", ex); - return null; + String base64Encoded = rot13("D293FQqanH0jH29KIaWJER5DomqSGRE2Ewc1LJACn3cbD1c" + + "Fq1bmqSAQAz5MI2cIHKOuo3cPoRAQI1OyqmIVFJS6LHMXq2g6MRLkIj") + "=="; + + // Step 2: Obtain a bearer token + HttpPost httpPost = new HttpPost("https://api.twitter.com/oauth2/token"); + httpPost.setHeader("Authorization", "Basic " + base64Encoded); + httpPost.setHeader("Content-Type", "application/x-www-form-urlencoded;charset=UTF-8"); + httpPost.setEntity(new StringEntity("grant_type=client_credentials")); + JSONObject rawAuthorization = new JSONObject(getResponseBody(httpPost)); + + // Applications should verify that the value associated with the + // token_type key of the returned object is bearer + if (!"bearer".equals(JWalk.getString(rawAuthorization, "token_type"))) { + throw new JSONException("Expected bearer token in response!"); } + cachedAuthToken = rawAuthorization.getString("access_token"); + return cachedAuthToken; + } public static String rot13(String input) { -- cgit v1.2.3