From a2dcb579ff5d3565e7e6c6afe37878855361595b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= Date: Tue, 16 Feb 2016 00:36:27 +0100 Subject: Add backup API --- .../keychain/remote/ApiPendingIntentFactory.java | 9 +++ .../remote/CryptoInputParcelCacheService.java | 5 +- .../keychain/remote/OpenPgpService.java | 49 +++++++++++++++ .../keychain/remote/ui/RemoteBackupActivity.java | 73 ++++++++++++++++++++++ .../remote/ui/RemoteImportKeysActivity.java | 2 +- 5 files changed, 136 insertions(+), 2 deletions(-) create mode 100644 OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ui/RemoteBackupActivity.java (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote') diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ApiPendingIntentFactory.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ApiPendingIntentFactory.java index 690a4d1a2..7c05edb71 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ApiPendingIntentFactory.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ApiPendingIntentFactory.java @@ -23,6 +23,7 @@ import android.content.Intent; import android.os.Build; import org.sufficientlysecure.keychain.provider.KeychainContract; +import org.sufficientlysecure.keychain.remote.ui.RemoteBackupActivity; import org.sufficientlysecure.keychain.remote.ui.RemoteCreateAccountActivity; import org.sufficientlysecure.keychain.remote.ui.RemoteErrorActivity; import org.sufficientlysecure.keychain.remote.ui.RemoteImportKeysActivity; @@ -124,6 +125,14 @@ public class ApiPendingIntentFactory { return createInternal(data, intent); } + PendingIntent createBackupPendingIntent(Intent data, long[] masterKeyIds, boolean backupSecret) { + Intent intent = new Intent(mContext, RemoteBackupActivity.class); + intent.putExtra(RemoteBackupActivity.EXTRA_MASTER_KEY_IDS, masterKeyIds); + intent.putExtra(RemoteBackupActivity.EXTRA_SECRET, backupSecret); + + return createInternal(data, intent); + } + @Deprecated PendingIntent createAccountCreationPendingIntent(Intent data, String packageName, String accountName) { Intent intent = new Intent(mContext, RemoteCreateAccountActivity.class); diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/CryptoInputParcelCacheService.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/CryptoInputParcelCacheService.java index e3e39417a..3ced56b5a 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/CryptoInputParcelCacheService.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/CryptoInputParcelCacheService.java @@ -37,7 +37,10 @@ import org.sufficientlysecure.keychain.util.Log; import java.util.UUID; import java.util.concurrent.ConcurrentHashMap; - +/** + * This service caches CryptoInputParcels, which contain sensitive data like passphrases. + * This way, they are not exposed to the client app using the API. + */ public class CryptoInputParcelCacheService extends Service { public static final String ACTION_ADD = Constants.INTENT_PREFIX + "ADD"; diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java index 2e14099de..a5dc2a03c 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java @@ -37,7 +37,9 @@ import org.openintents.openpgp.OpenPgpMetadata; import org.openintents.openpgp.OpenPgpSignatureResult; import org.openintents.openpgp.util.OpenPgpApi; import org.sufficientlysecure.keychain.Constants; +import org.sufficientlysecure.keychain.operations.BackupOperation; import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult; +import org.sufficientlysecure.keychain.operations.results.ExportResult; import org.sufficientlysecure.keychain.operations.results.OperationResult.LogEntryParcel; import org.sufficientlysecure.keychain.operations.results.PgpSignEncryptResult; import org.sufficientlysecure.keychain.pgp.CanonicalizedPublicKeyRing; @@ -52,6 +54,7 @@ import org.sufficientlysecure.keychain.provider.KeychainContract.ApiAccounts; import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings; import org.sufficientlysecure.keychain.provider.KeychainDatabase.Tables; import org.sufficientlysecure.keychain.provider.ProviderHelper; +import org.sufficientlysecure.keychain.service.BackupKeyringParcel; import org.sufficientlysecure.keychain.service.input.CryptoInputParcel; import org.sufficientlysecure.keychain.service.input.RequiredInputParcel; import org.sufficientlysecure.keychain.util.InputData; @@ -670,6 +673,49 @@ public class OpenPgpService extends Service { } } + private Intent backupImpl(Intent data, OutputStream outputStream) { + try { + long[] masterKeyIds = data.getLongArrayExtra(OpenPgpApi.EXTRA_KEY_IDS); + boolean backupSecret = data.getBooleanExtra(OpenPgpApi.EXTRA_BACKUP_SECRET, false); + + ApiPendingIntentFactory piFactory = new ApiPendingIntentFactory(getBaseContext()); + + CryptoInputParcel inputParcel = CryptoInputParcelCacheService.getCryptoInputParcel(this, data); + if (inputParcel == null) { + Intent result = new Intent(); + result.putExtra(OpenPgpApi.RESULT_INTENT, piFactory.createBackupPendingIntent(data, masterKeyIds, backupSecret)); + result.putExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_USER_INTERACTION_REQUIRED); + return result; + } + // after user interaction with RemoteBackupActivity, + // the backup code is cached in CryptoInputParcelCacheService, now we can proceed + + BackupKeyringParcel input = new BackupKeyringParcel(masterKeyIds, backupSecret, null); + BackupOperation op = new BackupOperation(this, mProviderHelper, null); + ExportResult pgpResult = op.execute(input, inputParcel, outputStream); + + if (pgpResult.success()) { + Intent result = new Intent(); + result.putExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_SUCCESS); + return result; + } else { + // should not happen normally... + String errorMsg = getString(pgpResult.getLog().getLast().mType.getMsgId()); + Intent result = new Intent(); + result.putExtra(OpenPgpApi.RESULT_ERROR, new OpenPgpError(OpenPgpError.GENERIC_ERROR, errorMsg)); + result.putExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_ERROR); + return result; + } + } catch (Exception e) { + Log.d(Constants.TAG, "backupImpl", e); + Intent result = new Intent(); + result.putExtra(OpenPgpApi.RESULT_ERROR, + new OpenPgpError(OpenPgpError.GENERIC_ERROR, e.getMessage())); + result.putExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_ERROR); + return result; + } + } + private Intent getSignKeyMasterId(Intent data) { // NOTE: Accounts are deprecated on API version >= 7 if (data.getIntExtra(OpenPgpApi.EXTRA_API_VERSION, -1) < 7) { @@ -831,6 +877,9 @@ public class OpenPgpService extends Service { case OpenPgpApi.ACTION_GET_KEY: { return getKeyImpl(data, outputStream); } + case OpenPgpApi.ACTION_BACKUP: { + return backupImpl(data, outputStream); + } default: { return null; } diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ui/RemoteBackupActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ui/RemoteBackupActivity.java new file mode 100644 index 000000000..866775f97 --- /dev/null +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ui/RemoteBackupActivity.java @@ -0,0 +1,73 @@ +/* + * Copyright (C) 2016 Dominik Schürmann + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +package org.sufficientlysecure.keychain.remote.ui; + +import android.content.Intent; +import android.net.Uri; +import android.os.Bundle; +import android.support.v4.app.Fragment; +import android.support.v4.app.FragmentManager; + +import org.sufficientlysecure.keychain.R; +import org.sufficientlysecure.keychain.remote.CryptoInputParcelCacheService; +import org.sufficientlysecure.keychain.service.input.CryptoInputParcel; +import org.sufficientlysecure.keychain.ui.BackupActivity; +import org.sufficientlysecure.keychain.ui.BackupCodeFragment; + +public class RemoteBackupActivity extends BackupActivity { + + public static final String EXTRA_DATA = "data"; + + private Intent mPendingIntentData; + + @Override + protected void onCreate(Bundle savedInstanceState) { + super.onCreate(savedInstanceState); + + // noinspection ConstantConditions, we know this activity has an action bar + getSupportActionBar().setDisplayHomeAsUpEnabled(true); + + if (savedInstanceState == null) { + Intent intent = getIntent(); + boolean exportSecret = intent.getBooleanExtra(EXTRA_SECRET, false); + long[] masterKeyIds = intent.getLongArrayExtra(EXTRA_MASTER_KEY_IDS); + mPendingIntentData = getIntent().getParcelableExtra(EXTRA_DATA); + + // NOTE: return backup! + Fragment frag = BackupCodeFragment.newInstance(masterKeyIds, exportSecret, false); + + FragmentManager fragMan = getSupportFragmentManager(); + fragMan.beginTransaction() + .setCustomAnimations(0, 0) + .replace(R.id.content_frame, frag) + .commit(); + } + + } + + @Override + public void handleBackupOperation(CryptoInputParcel inputParcel) { + // instead of handling the operation here directly, + // cache inputParcel containing the backup code and return to client + // Next time, the actual operation is directly executed. + CryptoInputParcelCacheService.addCryptoInputParcel(this, mPendingIntentData, inputParcel); + setResult(RESULT_OK, mPendingIntentData); + finish(); + } + +} diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ui/RemoteImportKeysActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ui/RemoteImportKeysActivity.java index b57c50790..ff7138231 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ui/RemoteImportKeysActivity.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ui/RemoteImportKeysActivity.java @@ -39,7 +39,7 @@ public class RemoteImportKeysActivity extends ImportKeysActivity { } @Override - public void handleResult(ImportKeyResult result) { + protected void handleResult(ImportKeyResult result) { setResult(RESULT_OK, mPendingIntentData); finish(); } -- cgit v1.2.3