From 0b181743a3d6b1423e112b17a400b5ac4ac09bcb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Sun, 20 Sep 2015 22:42:50 +0200
Subject: Keyservers: Dont follow redirects, pin pgp.mit.edu, check for pinned
 cert on add (OKC-01-018)

---
 .../keychain/util/TlsHelper.java                   | 82 +++++++---------------
 1 file changed, 27 insertions(+), 55 deletions(-)

(limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util')

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/TlsHelper.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/TlsHelper.java
index d1d1ada2a..1492abdeb 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/TlsHelper.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/TlsHelper.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013-2014 Dominik Schürmann <dominik@dominikschuermann.de>
+ * Copyright (C) 2013-2015 Dominik Schürmann <dominik@dominikschuermann.de>
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -20,6 +20,7 @@ package org.sufficientlysecure.keychain.util;
 import android.content.res.AssetManager;
 
 import com.squareup.okhttp.OkHttpClient;
+
 import org.sufficientlysecure.keychain.Constants;
 
 import java.io.ByteArrayInputStream;
@@ -37,7 +38,6 @@ import java.security.cert.CertificateFactory;
 import java.util.HashMap;
 import java.util.Map;
 
-import javax.net.ssl.HttpsURLConnection;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.TrustManagerFactory;
 
@@ -49,15 +49,14 @@ public class TlsHelper {
         }
     }
 
-    private static Map<String, byte[]> sStaticCA = new HashMap<>();
-
-    public static void addStaticCA(String domain, byte[] certificate) {
-        sStaticCA.put(domain, certificate);
-    }
+    private static Map<String, byte[]> sPinnedCertificates = new HashMap<>();
 
-    public static void addStaticCA(String domain, AssetManager assetManager, String name) {
+    /**
+     * Add certificate from assets to pinned certificate map.
+     */
+    public static void addPinnedCertificate(String host, AssetManager assetManager, String cerFilename) {
         try {
-            InputStream is = assetManager.open(name);
+            InputStream is = assetManager.open(cerFilename);
             ByteArrayOutputStream baos = new ByteArrayOutputStream();
             int reads = is.read();
 
@@ -68,27 +67,36 @@ public class TlsHelper {
 
             is.close();
 
-            addStaticCA(domain, baos.toByteArray());
+            sPinnedCertificates.put(host, baos.toByteArray());
         } catch (IOException e) {
             Log.w(Constants.TAG, e);
         }
     }
 
-    public static void pinCertificateIfNecessary(OkHttpClient client, URL url) throws TlsHelperException, IOException {
+    /**
+     * Use pinned certificate for OkHttpClient if we have one.
+     *
+     * @return true, if certificate is available, false if not
+     * @throws TlsHelperException
+     * @throws IOException
+     */
+    public static boolean usePinnedCertificateIfAvailable(OkHttpClient client, URL url) throws TlsHelperException, IOException {
         if (url.getProtocol().equals("https")) {
-            for (String domain : sStaticCA.keySet()) {
-                if (url.getHost().endsWith(domain)) {
-                    pinCertificate(sStaticCA.get(domain), client);
+            // use certificate PIN from assets if we have one
+            for (String host : sPinnedCertificates.keySet()) {
+                if (url.getHost().endsWith(host)) {
+                    pinCertificate(sPinnedCertificates.get(host), client);
+                    return true;
                 }
             }
         }
+        return false;
     }
 
     /**
      * Modifies the client to accept only requests with a given certificate. Applies to all URLs requested by the
      * client.
      * Therefore a client that is pinned this way should be used to only make requests to URLs with passed certificate.
-     * TODO: Refactor - More like SSH StrictHostKeyChecking than pinning?
      *
      * @param certificate certificate to pin
      * @param client      OkHttpClient to enforce pinning on
@@ -97,8 +105,10 @@ public class TlsHelper {
      */
     private static void pinCertificate(byte[] certificate, OkHttpClient client)
             throws TlsHelperException, IOException {
-        // We don't use OkHttp's CertificatePinner since it depends on a TrustManager to verify it too. Refer to
-        // note at end of description: http://square.github.io/okhttp/javadoc/com/squareup/okhttp/CertificatePinner.html
+        // We don't use OkHttp's CertificatePinner since it can not be used to pin self-signed
+        // certificate if such certificate is not accepted by TrustManager.
+        // (Refer to note at end of description:
+        // http://square.github.io/okhttp/javadoc/com/squareup/okhttp/CertificatePinner.html )
         // Creating our own TrustManager that trusts only our certificate eliminates the need for certificate pinning
         try {
             // Load CA
@@ -126,42 +136,4 @@ public class TlsHelper {
         }
     }
 
-    /**
-     * Opens a Connection that will only accept certificates signed with a specific CA and skips common name check.
-     * This is required for some distributed Keyserver networks like sks-keyservers.net
-     *
-     * @param certificate The X.509 certificate used to sign the servers certificate
-     * @param url         Connection target
-     */
-    public static HttpsURLConnection openCAConnection(byte[] certificate, URL url)
-            throws TlsHelperException, IOException {
-        try {
-            // Load CA
-            CertificateFactory cf = CertificateFactory.getInstance("X.509");
-            Certificate ca = cf.generateCertificate(new ByteArrayInputStream(certificate));
-
-            // Create a KeyStore containing our trusted CAs
-            String keyStoreType = KeyStore.getDefaultType();
-            KeyStore keyStore = KeyStore.getInstance(keyStoreType);
-            keyStore.load(null, null);
-            keyStore.setCertificateEntry("ca", ca);
-
-            // Create a TrustManager that trusts the CAs in our KeyStore
-            String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
-            TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
-            tmf.init(keyStore);
-
-            // Create an SSLContext that uses our TrustManager
-            SSLContext context = SSLContext.getInstance("TLS");
-            context.init(null, tmf.getTrustManagers(), null);
-
-            // Tell the URLConnection to use a SocketFactory from our SSLContext
-            HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection();
-            urlConnection.setSSLSocketFactory(context.getSocketFactory());
-
-            return urlConnection;
-        } catch (CertificateException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException e) {
-            throw new TlsHelperException(e);
-        }
-    }
 }
-- 
cgit v1.2.3


From ad2c8867e67e71f8b3d88db93911a7e37ed4bf69 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Mon, 21 Sep 2015 12:49:02 +0200
Subject: Use more modular Keybase lib with OkHttp wrapper

---
 .../keychain/util/FilterCursorWrapper.java         | 17 +++++
 .../keychain/util/OkHttpKeybaseClient.java         | 74 ++++++++++++++++++++++
 2 files changed, 91 insertions(+)
 create mode 100644 OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/OkHttpKeybaseClient.java

(limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util')

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/FilterCursorWrapper.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/FilterCursorWrapper.java
index ab73f59b8..d06f2ab65 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/FilterCursorWrapper.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/FilterCursorWrapper.java
@@ -1,3 +1,20 @@
+/*
+ * Copyright (C) 2015 Dominik Schürmann <dominik@dominikschuermann.de>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
 package org.sufficientlysecure.keychain.util;
 
 
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/OkHttpKeybaseClient.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/OkHttpKeybaseClient.java
new file mode 100644
index 000000000..7c1d9f291
--- /dev/null
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/OkHttpKeybaseClient.java
@@ -0,0 +1,74 @@
+package org.sufficientlysecure.keychain.util;
+
+import com.squareup.okhttp.OkHttpClient;
+import com.squareup.okhttp.OkUrlFactory;
+/*
+ * Copyright (C) 2015 Dominik Schürmann <dominik@dominikschuermann.de>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+import com.textuality.keybase.lib.KeybaseUrlConnectionClient;
+
+import java.io.IOException;
+import java.net.Proxy;
+import java.net.URL;
+import java.net.URLConnection;
+import java.util.concurrent.TimeUnit;
+
+/**
+ * Wrapper for Keybase Lib
+ */
+public class OkHttpKeybaseClient implements KeybaseUrlConnectionClient {
+
+    private final OkUrlFactory factory;
+    private final OkUrlFactory proxyFactory;
+
+    private static OkUrlFactory generateUrlFactory() {
+        OkHttpClient client = new OkHttpClient();
+        client.setConnectTimeout(5000, TimeUnit.MILLISECONDS);
+        client.setReadTimeout(25000, TimeUnit.MILLISECONDS);
+        return new OkUrlFactory(client);
+    }
+
+    private static OkUrlFactory generateProxyUrlFactory() {
+        OkHttpClient client = new OkHttpClient();
+        client.setConnectTimeout(30000, TimeUnit.MILLISECONDS);
+        client.setReadTimeout(40000, TimeUnit.MILLISECONDS);
+        return new OkUrlFactory(client);
+    }
+
+    public OkHttpKeybaseClient() {
+        factory = generateUrlFactory();
+        proxyFactory = generateProxyUrlFactory();
+    }
+
+    @Override
+    public URLConnection openConnection(URL url) throws IOException {
+        return openConnection(url, null);
+    }
+
+    @Override
+    public URLConnection openConnection(URL url, Proxy proxy) throws IOException {
+        URLConnection conn;
+        if (proxy != null) {
+            proxyFactory.client().setProxy(proxy);
+            conn = proxyFactory.open(url);
+        } else {
+            conn = factory.open(url);
+        }
+        return conn;
+    }
+
+}
\ No newline at end of file
-- 
cgit v1.2.3


From 9ee61dc0dfa5990126b7fb79c5373beb83a8b040 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Mon, 21 Sep 2015 14:05:44 +0200
Subject: Pin keybase certificate

---
 .../keychain/util/OkHttpKeybaseClient.java         | 45 ++++++++++++----------
 1 file changed, 25 insertions(+), 20 deletions(-)

(limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util')

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/OkHttpKeybaseClient.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/OkHttpKeybaseClient.java
index 7c1d9f291..32a5406e0 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/OkHttpKeybaseClient.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/OkHttpKeybaseClient.java
@@ -1,7 +1,3 @@
-package org.sufficientlysecure.keychain.util;
-
-import com.squareup.okhttp.OkHttpClient;
-import com.squareup.okhttp.OkUrlFactory;
 /*
  * Copyright (C) 2015 Dominik Schürmann <dominik@dominikschuermann.de>
  *
@@ -19,8 +15,14 @@ import com.squareup.okhttp.OkUrlFactory;
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
+package org.sufficientlysecure.keychain.util;
+
+import com.squareup.okhttp.OkHttpClient;
+import com.squareup.okhttp.OkUrlFactory;
 import com.textuality.keybase.lib.KeybaseUrlConnectionClient;
 
+import org.sufficientlysecure.keychain.Constants;
+
 import java.io.IOException;
 import java.net.Proxy;
 import java.net.URL;
@@ -33,25 +35,14 @@ import java.util.concurrent.TimeUnit;
 public class OkHttpKeybaseClient implements KeybaseUrlConnectionClient {
 
     private final OkUrlFactory factory;
-    private final OkUrlFactory proxyFactory;
 
     private static OkUrlFactory generateUrlFactory() {
         OkHttpClient client = new OkHttpClient();
-        client.setConnectTimeout(5000, TimeUnit.MILLISECONDS);
-        client.setReadTimeout(25000, TimeUnit.MILLISECONDS);
-        return new OkUrlFactory(client);
-    }
-
-    private static OkUrlFactory generateProxyUrlFactory() {
-        OkHttpClient client = new OkHttpClient();
-        client.setConnectTimeout(30000, TimeUnit.MILLISECONDS);
-        client.setReadTimeout(40000, TimeUnit.MILLISECONDS);
         return new OkUrlFactory(client);
     }
 
     public OkHttpKeybaseClient() {
         factory = generateUrlFactory();
-        proxyFactory = generateProxyUrlFactory();
     }
 
     @Override
@@ -61,14 +52,28 @@ public class OkHttpKeybaseClient implements KeybaseUrlConnectionClient {
 
     @Override
     public URLConnection openConnection(URL url, Proxy proxy) throws IOException {
-        URLConnection conn;
         if (proxy != null) {
-            proxyFactory.client().setProxy(proxy);
-            conn = proxyFactory.open(url);
+            factory.client().setProxy(proxy);
+            factory.client().setConnectTimeout(30000, TimeUnit.MILLISECONDS);
+            factory.client().setReadTimeout(40000, TimeUnit.MILLISECONDS);
         } else {
-            conn = factory.open(url);
+            factory.client().setConnectTimeout(5000, TimeUnit.MILLISECONDS);
+            factory.client().setReadTimeout(25000, TimeUnit.MILLISECONDS);
         }
-        return conn;
+
+        factory.client().setFollowSslRedirects(false);
+
+        // forced the usage of keybase.io pinned certificate
+        try {
+            if (!TlsHelper.usePinnedCertificateIfAvailable(factory.client(), url)) {
+                throw new IOException("no pinned certificate found for URL!");
+            }
+        } catch (TlsHelper.TlsHelperException e) {
+            Log.e(Constants.TAG, "TlsHelper failed", e);
+            throw new IOException("TlsHelper failed");
+        }
+
+        return factory.open(url);
     }
 
 }
\ No newline at end of file
-- 
cgit v1.2.3


From f924e7d40cbfd9ebaa78b5f00edf3d486e595678 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Thu, 24 Sep 2015 19:03:33 +0200
Subject: Fix some illegal state exceptions

---
 .../src/main/java/org/sufficientlysecure/keychain/util/NfcHelper.java | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util')

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/NfcHelper.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/NfcHelper.java
index 2b47fd623..1040e683b 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/NfcHelper.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/NfcHelper.java
@@ -141,6 +141,10 @@ public class NfcHelper {
                             }
 
                             protected void onPostExecute(Void unused) {
+                                if (mActivity.isFinishing()) {
+                                    return;
+                                }
+
                                 // Register callback to set NDEF message
                                 mNfcAdapter.setNdefPushMessageCallback(mNdefCallback,
                                         mActivity);
-- 
cgit v1.2.3


From 63f1b84914778b8bd11d65bbc261c550a60b2c42 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Thu, 24 Sep 2015 22:57:11 +0200
Subject: Remove save support for Android < 4.4 (OKC-01-014)

---
 .../keychain/util/ExportHelper.java                | 15 ++---
 .../keychain/util/FileHelper.java                  | 65 +---------------------
 2 files changed, 9 insertions(+), 71 deletions(-)

(limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util')

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/ExportHelper.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/ExportHelper.java
index 45dc33906..f2ce456f6 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/ExportHelper.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/ExportHelper.java
@@ -69,13 +69,14 @@ public class ExportHelper
                     : R.string.specify_backup_dest_single);
         }
 
-        FileHelper.saveDocumentDialog(new FileHelper.FileDialogCallback() {
-            @Override
-            public void onFileSelected(File file, boolean checked) {
-                mExportFile = file;
-                exportKeys(masterKeyId == null ? null : new long[] { masterKeyId }, exportSecret);
-            }
-        }, mActivity.getSupportFragmentManager(), title, message, exportFile, null);
+        // TODO: for valodim
+//        FileHelper.saveDocumentDialog(new FileHelper.FileDialogCallback() {
+//            @Override
+//            public void onFileSelected(File file, boolean checked) {
+//                mExportFile = file;
+//                exportKeys(masterKeyId == null ? null : new long[] { masterKeyId }, exportSecret);
+//            }
+//        }, mActivity.getSupportFragmentManager(), title, message, exportFile, null);
     }
 
     // TODO: If ExportHelper requires pending data (see CryptoOPerationHelper), activities using
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/FileHelper.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/FileHelper.java
index 9fb362412..09ea67f42 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/FileHelper.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/FileHelper.java
@@ -18,7 +18,6 @@
 package org.sufficientlysecure.keychain.util;
 
 import android.annotation.TargetApi;
-import android.app.Activity;
 import android.content.ActivityNotFoundException;
 import android.content.ContentResolver;
 import android.content.Context;
@@ -30,20 +29,13 @@ import android.net.Uri;
 import android.os.Build;
 import android.os.Build.VERSION_CODES;
 import android.os.Environment;
-import android.os.Handler;
-import android.os.Message;
-import android.os.Messenger;
 import android.provider.DocumentsContract;
 import android.provider.OpenableColumns;
 import android.support.annotation.StringRes;
 import android.support.v4.app.Fragment;
-import android.support.v4.app.FragmentManager;
 import android.widget.Toast;
 
-import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
-import org.sufficientlysecure.keychain.compatibility.DialogFragmentWorkaround;
-import org.sufficientlysecure.keychain.ui.dialog.FileDialogFragment;
 
 import java.io.BufferedInputStream;
 import java.io.BufferedOutputStream;
@@ -97,37 +89,12 @@ public class FileHelper {
     public static void saveDocument(Fragment fragment, String targetName, Uri inputUri, String mimeType,
             @StringRes int title, @StringRes int message, int requestCode) {
         if (Build.VERSION.SDK_INT < Build.VERSION_CODES.KITKAT) {
-            saveDocumentDialog(fragment, targetName, inputUri, title, message, requestCode);
+            throw new RuntimeException("saveDocument does not support Android < 4.4!");
         } else {
             saveDocumentKitKat(fragment, mimeType, targetName, requestCode);
         }
     }
 
-    public static void saveDocumentDialog(final Fragment fragment, String targetName, Uri inputUri,
-            @StringRes int title, @StringRes int message, final int requestCode) {
-
-        saveDocumentDialog(fragment, targetName, inputUri, title, message, new FileDialogCallback() {
-            // is this a good idea? seems hacky...
-            @Override
-            public void onFileSelected(File file, boolean checked) {
-                Intent intent = new Intent();
-                intent.setData(Uri.fromFile(file));
-                fragment.onActivityResult(requestCode, Activity.RESULT_OK, intent);
-            }
-        });
-    }
-
-    public static void saveDocumentDialog(final Fragment fragment, String targetName, Uri inputUri,
-            @StringRes int title, @StringRes int message, FileDialogCallback callback) {
-
-        File file = inputUri == null ? null : new File(inputUri.getPath());
-        File parentDir = file != null && file.exists() ? file.getParentFile() : Constants.Path.APP_DIR;
-        File targetFile = new File(parentDir, targetName);
-        saveDocumentDialog(callback, fragment.getActivity().getSupportFragmentManager(),
-                fragment.getString(title), fragment.getString(message), targetFile, null);
-
-    }
-
     /** Opens the preferred installed file manager on Android and shows a toast
      * if no manager is installed. */
     private static void openDocumentPreKitKat(
@@ -172,36 +139,6 @@ public class FileHelper {
         fragment.startActivityForResult(intent, requestCode);
     }
 
-    public static void saveDocumentDialog(
-            final FileDialogCallback callback, final FragmentManager fragmentManager,
-            final String title, final String message, final File defaultFile,
-            final String checkMsg) {
-        // Message is received after file is selected
-        Handler returnHandler = new Handler() {
-            @Override
-            public void handleMessage(Message message) {
-                if (message.what == FileDialogFragment.MESSAGE_OKAY) {
-                    callback.onFileSelected(
-                            new File(message.getData().getString(FileDialogFragment.MESSAGE_DATA_FILE)),
-                            message.getData().getBoolean(FileDialogFragment.MESSAGE_DATA_CHECKED));
-                }
-            }
-        };
-
-        // Create a new Messenger for the communication back
-        final Messenger messenger = new Messenger(returnHandler);
-
-        DialogFragmentWorkaround.INTERFACE.runnableRunDelayed(new Runnable() {
-            @Override
-            public void run() {
-                FileDialogFragment fileDialog = FileDialogFragment.newInstance(messenger, title, message,
-                        defaultFile, checkMsg);
-
-                fileDialog.show(fragmentManager, "fileDialog");
-            }
-        });
-    }
-
     public static String getFilename(Context context, Uri uri) {
         String filename = null;
         try {
-- 
cgit v1.2.3


From 756ee28fb0bfb63f1d013d6b82bedc13c811b32f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Thu, 24 Sep 2015 23:15:19 +0200
Subject: Cleanup FileHelper

---
 .../keychain/util/FileHelper.java                   | 21 ++++++++++-----------
 1 file changed, 10 insertions(+), 11 deletions(-)

(limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util')

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/FileHelper.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/FileHelper.java
index 09ea67f42..fea3e65b6 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/FileHelper.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/FileHelper.java
@@ -74,24 +74,23 @@ import java.text.DecimalFormat;
 public class FileHelper {
 
     public static void openDocument(Fragment fragment, Uri last, String mimeType, boolean multiple, int requestCode) {
-        if (Build.VERSION.SDK_INT < Build.VERSION_CODES.KITKAT) {
-            openDocumentPreKitKat(fragment, last, mimeType, multiple, requestCode);
-        } else {
+        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT) {
             openDocumentKitKat(fragment, mimeType, multiple, requestCode);
+        } else {
+            openDocumentPreKitKat(fragment, last, mimeType, multiple, requestCode);
         }
     }
 
-    public static void saveDocument(Fragment fragment, String targetName, Uri inputUri,
-            @StringRes int title, @StringRes int message, int requestCode) {
-        saveDocument(fragment, targetName, inputUri, "*/*", title, message, requestCode);
+    public static void saveDocument(Fragment fragment, String targetName, int requestCode) {
+        saveDocument(fragment, targetName, "*/*", requestCode);
     }
 
-    public static void saveDocument(Fragment fragment, String targetName, Uri inputUri, String mimeType,
-            @StringRes int title, @StringRes int message, int requestCode) {
-        if (Build.VERSION.SDK_INT < Build.VERSION_CODES.KITKAT) {
-            throw new RuntimeException("saveDocument does not support Android < 4.4!");
-        } else {
+    public static void saveDocument(Fragment fragment, String targetName, String mimeType,
+                                    int requestCode) {
+        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT) {
             saveDocumentKitKat(fragment, mimeType, targetName, requestCode);
+        } else {
+            throw new RuntimeException("saveDocument does not support Android < 4.4!");
         }
     }
 
-- 
cgit v1.2.3


From 3df9bea4554c0edddce57aa6a2e32cfe5250ed72 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Fri, 25 Sep 2015 02:22:23 +0200
Subject: Harden parsing of keyserver results (OKC-01-003)

---
 .../main/java/org/sufficientlysecure/keychain/util/EmailKeyHelper.java | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util')

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/EmailKeyHelper.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/EmailKeyHelper.java
index d7491ab26..9a6d33260 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/EmailKeyHelper.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/EmailKeyHelper.java
@@ -103,8 +103,7 @@ public class EmailKeyHelper {
                     }
                 }
             }
-        } catch (Keyserver.QueryFailedException ignored) {
-        } catch (Keyserver.QueryNeedsRepairException ignored) {
+        } catch (Keyserver.CloudSearchFailureException ignored) {
         }
         return new ArrayList<>(keys);
     }
-- 
cgit v1.2.3