From 41338e115cb015c492dc44f224bc4b4cffe15cd2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= Date: Mon, 17 Jun 2013 15:52:09 +0200 Subject: Better API demo, open activity from service, discover crypto provider with packagemanager instead of register intent --- OpenPGP-Keychain/AndroidManifest.xml | 22 +-- .../crypto/CryptoServiceConnection.java | 2 +- .../keychain/crypto_provider/CryptoActivity.java | 119 +++++++++++++- .../keychain/crypto_provider/CryptoService.java | 180 ++++++++++++++++----- .../crypto_provider/ICryptoServiceActivity.aidl | 28 ++++ .../keychain/crypto_provider/RegisterActivity.java | 74 --------- .../keychain/util/PausableThreadPoolExecutor.java | 89 ++++++++++ 7 files changed, 380 insertions(+), 134 deletions(-) create mode 100644 OpenPGP-Keychain/src/org/sufficientlysecure/keychain/crypto_provider/ICryptoServiceActivity.aidl delete mode 100644 OpenPGP-Keychain/src/org/sufficientlysecure/keychain/crypto_provider/RegisterActivity.java create mode 100644 OpenPGP-Keychain/src/org/sufficientlysecure/keychain/util/PausableThreadPoolExecutor.java (limited to 'OpenPGP-Keychain') diff --git a/OpenPGP-Keychain/AndroidManifest.xml b/OpenPGP-Keychain/AndroidManifest.xml index 219cf2751..0b8ed515e 100644 --- a/OpenPGP-Keychain/AndroidManifest.xml +++ b/OpenPGP-Keychain/AndroidManifest.xml @@ -456,29 +456,18 @@ android:authorities="org.sufficientlysecure.keychain.provider.apgserviceblobprovider" android:permission="org.sufficientlysecure.keychain.permission.ACCESS_API" /> - + + - - - - + - - - - - - - + + + + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + package org.sufficientlysecure.keychain.crypto_provider; import org.sufficientlysecure.keychain.Constants; -import org.sufficientlysecure.keychain.Id; import org.sufficientlysecure.keychain.R; import org.sufficientlysecure.keychain.helper.PgpMain; -import org.sufficientlysecure.keychain.provider.ProviderHelper; import org.sufficientlysecure.keychain.ui.dialog.PassphraseDialogFragment; import org.sufficientlysecure.keychain.util.Log; import com.actionbarsherlock.app.SherlockFragmentActivity; -import android.app.Activity; +import android.content.ComponentName; +import android.content.Context; import android.content.Intent; +import android.content.ServiceConnection; import android.os.Bundle; import android.os.Handler; +import android.os.IBinder; import android.os.Message; import android.os.Messenger; import android.view.View; @@ -22,21 +39,81 @@ import android.widget.Button; public class CryptoActivity extends SherlockFragmentActivity { + public static final String ACTION_REGISTER = "org.sufficientlysecure.keychain.REGISTER"; public static final String ACTION_CACHE_PASSPHRASE = "org.sufficientlysecure.keychain.CRYPTO_CACHE_PASSPHRASE"; - public static final String EXTRA_SECRET_KEY_ID = "secret_key_id"; + public static final String EXTRA_SECRET_KEY_ID = "secretKeyId"; + public static final String EXTRA_PACKAGE_NAME = "packageName"; + + private ICryptoServiceActivity mService; + private boolean mServiceBound; + + private ServiceConnection mServiceActivityConnection = new ServiceConnection() { + public void onServiceConnected(ComponentName name, IBinder service) { + mService = ICryptoServiceActivity.Stub.asInterface(service); + Log.d(Constants.TAG, "connected to ICryptoServiceActivity"); + mServiceBound = true; + } + + public void onServiceDisconnected(ComponentName name) { + mService = null; + Log.d(Constants.TAG, "disconnected from ICryptoServiceActivity"); + mServiceBound = false; + } + }; + + /** + * If not already bound, bind! + * + * @return + */ + public boolean bindToService() { + if (mService == null && !mServiceBound) { // if not already connected + try { + Log.d(Constants.TAG, "not bound yet"); + + Intent serviceIntent = new Intent(); + serviceIntent.setAction("org.openintents.crypto.ICryptoService"); + bindService(serviceIntent, mServiceActivityConnection, Context.BIND_AUTO_CREATE); + + return true; + } catch (Exception e) { + Log.d(Constants.TAG, "Exception", e); + return false; + } + } else { // already connected + Log.d(Constants.TAG, "already bound... "); + return true; + } + } + + public void unbindFromService() { + unbindService(mServiceActivityConnection); + } @Override protected void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); + Log.d(Constants.TAG, "onCreate…"); + + // bind to our own crypto service + bindToService(); + handleActions(getIntent()); } - protected void handleActions(Intent intent) { + @Override + protected void onDestroy() { + super.onDestroy(); - // TODO: Important: Check if calling package is in list! + // unbind from our crypto service + if (mServiceActivityConnection != null) { + unbindFromService(); + } + } + protected void handleActions(Intent intent) { String action = intent.getAction(); Bundle extras = intent.getExtras(); @@ -47,7 +124,35 @@ public class CryptoActivity extends SherlockFragmentActivity { /** * com.android.crypto actions */ - if (ACTION_CACHE_PASSPHRASE.equals(action)) { + if (ACTION_REGISTER.equals(action)) { + final String packageName = extras.getString(EXTRA_PACKAGE_NAME); + + setContentView(R.layout.register_crypto_consumer_activity); + + Button allowButton = (Button) findViewById(R.id.register_crypto_consumer_allow); + Button disallowButton = (Button) findViewById(R.id.register_crypto_consumer_disallow); + + allowButton.setOnClickListener(new OnClickListener() { + + @Override + public void onClick(View v) { + // ProviderHelper.addCryptoConsumer(RegisterActivity.this, callingPackageName); + // Intent data = new Intent(); + + setResult(RESULT_OK); + finish(); + } + }); + + disallowButton.setOnClickListener(new OnClickListener() { + + @Override + public void onClick(View v) { + setResult(RESULT_CANCELED); + finish(); + } + }); + } else if (ACTION_CACHE_PASSPHRASE.equals(action)) { long secretKeyId = extras.getLong(EXTRA_SECRET_KEY_ID); showPassphraseDialog(secretKeyId); diff --git a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/crypto_provider/CryptoService.java b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/crypto_provider/CryptoService.java index a367c613f..10eb94c7f 100644 --- a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/crypto_provider/CryptoService.java +++ b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/crypto_provider/CryptoService.java @@ -20,6 +20,9 @@ import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.InputStream; import java.io.OutputStream; +import java.util.ArrayList; +import java.util.concurrent.ArrayBlockingQueue; +import java.util.concurrent.TimeUnit; import org.openintents.crypto.CryptoError; import org.openintents.crypto.CryptoSignatureResult; @@ -29,8 +32,10 @@ import org.sufficientlysecure.keychain.helper.PgpMain; import org.sufficientlysecure.keychain.util.InputData; import org.sufficientlysecure.keychain.util.Log; import org.sufficientlysecure.keychain.R; +import org.sufficientlysecure.keychain.provider.ProviderHelper; import org.sufficientlysecure.keychain.service.KeychainIntentService; import org.sufficientlysecure.keychain.service.PassphraseCacheService; +import org.sufficientlysecure.keychain.util.PausableThreadPoolExecutor; import org.openintents.crypto.ICryptoCallback; import org.openintents.crypto.ICryptoService; @@ -38,6 +43,7 @@ import org.openintents.crypto.ICryptoService; import android.app.Service; import android.content.Context; import android.content.Intent; +import android.os.Binder; import android.os.Bundle; import android.os.IBinder; import android.os.RemoteException; @@ -45,11 +51,26 @@ import android.os.RemoteException; public class CryptoService extends Service { Context mContext; + // just one pool of 4 threads, pause on every user action needed + final ArrayBlockingQueue mPoolQueue = new ArrayBlockingQueue(20); + PausableThreadPoolExecutor mThreadPool = new PausableThreadPoolExecutor(2, 4, 10, + TimeUnit.SECONDS, mPoolQueue); + + private ArrayList mAllowedPackages; + + // RemoteCallbackList + + public static final String ACTION_SERVICE_ACTIVITY = "org.sufficientlysecure.keychain.crypto_provider.ICryptoServiceActivity"; + @Override public void onCreate() { super.onCreate(); mContext = this; Log.d(Constants.TAG, "CryptoService, onCreate()"); + + // load allowed packages from database + mAllowedPackages = ProviderHelper.getCryptoConsumers(mContext); + Log.d(Constants.TAG, "allowed: " + mAllowedPackages); } @Override @@ -60,7 +81,20 @@ public class CryptoService extends Service { @Override public IBinder onBind(Intent intent) { - return mBinder; + // return different binder for connections from internal service activity + if (ACTION_SERVICE_ACTIVITY.equals(intent.getAction())) { + String callingPackageName = intent.getPackage(); + + // this binder can only be used from OpenPGP Keychain + if (callingPackageName.equals(Constants.PACKAGE_NAME)) { + return mBinderServiceActivity; + } else { + Log.e(Constants.TAG, "This binder can only be used from " + Constants.PACKAGE_NAME); + return null; + } + } else { + return mBinder; + } } private synchronized void decryptAndVerifySafe(byte[] inputBytes, ICryptoCallback callback) @@ -77,8 +111,8 @@ public class CryptoService extends Service { if (secretKeyId == Id.key.none) { throw new PgpMain.PgpGeneralException(getString(R.string.error_noSecretKeyFound)); } - - Log.d(Constants.TAG, "Got input:\n"+new String(inputBytes)); + + Log.d(Constants.TAG, "Got input:\n" + new String(inputBytes)); Log.d(Constants.TAG, "secretKeyId " + secretKeyId); @@ -86,13 +120,11 @@ public class CryptoService extends Service { if (passphrase == null) { Log.d(Constants.TAG, "No passphrase! Activity required!"); - // No passphrase cached for this ciphertext! Intent required to cache - // passphrase! - Intent intent = new Intent(CryptoActivity.ACTION_CACHE_PASSPHRASE); - intent.putExtra(CryptoActivity.EXTRA_SECRET_KEY_ID, secretKeyId); - // TODO: start activity bind to service from activity send back intent on success -// callback.onActivityRequired(intent); - return; + + // start passphrase dialog + Bundle extras = new Bundle(); + extras.putLong(CryptoActivity.EXTRA_SECRET_KEY_ID, secretKeyId); + pauseQueueAndStartCryptoActivity(CryptoActivity.ACTION_CACHE_PASSPHRASE, extras); } // if (signedOnly) { @@ -162,37 +194,111 @@ public class CryptoService extends Service { } @Override - public void decryptAndVerify(byte[] inputBytes, ICryptoCallback callback) + public void decryptAndVerify(final byte[] inputBytes, final ICryptoCallback callback) throws RemoteException { - decryptAndVerifySafe(inputBytes, callback); + + Runnable r = new Runnable() { + + @Override + public void run() { + try { + decryptAndVerifySafe(inputBytes, callback); + } catch (RemoteException e) { + Log.e(Constants.TAG, "CryptoService", e); + } + } + }; + + checkAndEnqueue(r); } }; - // /** - // * As we can not throw an exception through Android RPC, we assign identifiers to the - // exception - // * types. - // * - // * @param e - // * @return - // */ - // private int getExceptionId(Exception e) { - // if (e instanceof NoSuchProviderException) { - // return 0; - // } else if (e instanceof NoSuchAlgorithmException) { - // return 1; - // } else if (e instanceof SignatureException) { - // return 2; - // } else if (e instanceof IOException) { - // return 3; - // } else if (e instanceof PgpGeneralException) { - // return 4; - // } else if (e instanceof PGPException) { - // return 5; - // } else { - // return -1; - // } - // } + private final ICryptoServiceActivity.Stub mBinderServiceActivity = new ICryptoServiceActivity.Stub() { + + @Override + public void register(boolean success, String packageName) throws RemoteException { + if (success) { + // reload allowed packages + mAllowedPackages = ProviderHelper.getCryptoConsumers(mContext); + + // resume threads + if (isCallerAllowed()) { + mThreadPool.resume(); + } else { + // TODO: should not happen? + } + } else { + // TODO + mPoolQueue.clear(); + } + + } + + @Override + public void cachePassphrase(boolean success, String passphrase) throws RemoteException { + + } + + }; + + private void checkAndEnqueue(Runnable r) { + if (isCallerAllowed()) { + mThreadPool.execute(r); + + Log.d(Constants.TAG, "Enqueued runnable…"); + } else { + Log.e(Constants.TAG, "Not allowed to use service! Starting register with activity!"); + pauseQueueAndStartCryptoActivity(CryptoActivity.ACTION_REGISTER, null); + mThreadPool.execute(r); + + Log.d(Constants.TAG, "Enqueued runnable…"); + } + } + + /** + * Checks if process that binds to this service (i.e. the package name corresponding to the + * process) is in the list of allowed package names. + * + * @return true if process is allowed to use this service + */ + private boolean isCallerAllowed() { + String[] callingPackages = getPackageManager().getPackagesForUid(Binder.getCallingUid()); + + // is calling package allowed to use this service? + for (int i = 0; i < callingPackages.length; i++) { + String currentPkg = callingPackages[i]; + Log.d(Constants.TAG, "Caller packageName: " + currentPkg); + + // check if package is allowed to use our service + if (mAllowedPackages.contains(currentPkg)) { + Log.d(Constants.TAG, "Caller is allowed! packageName: " + currentPkg); + + return true; + } else if (Constants.PACKAGE_NAME.equals(currentPkg)) { + Log.d(Constants.TAG, "Caller is OpenPGP Keychain! -> allowed!"); + + return true; + } + } + + Log.d(Constants.TAG, "Caller is NOT allowed!"); + return false; + } + + private void pauseQueueAndStartCryptoActivity(String action, Bundle extras) { + mThreadPool.pause(); + + Log.d(Constants.TAG, "starting activity..."); + Intent intent = new Intent(getBaseContext(), CryptoActivity.class); + intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK); + // intent.addFlags(Intent.FLAG_ACTIVITY_CLEAR_TOP); + // intent.addFlags(Intent.FLAG_ACTIVITY_NO_HISTORY); + intent.setAction(action); + if (extras != null) { + intent.putExtras(extras); + } + getApplication().startActivity(intent); + } } diff --git a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/crypto_provider/ICryptoServiceActivity.aidl b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/crypto_provider/ICryptoServiceActivity.aidl new file mode 100644 index 000000000..51586cae6 --- /dev/null +++ b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/crypto_provider/ICryptoServiceActivity.aidl @@ -0,0 +1,28 @@ +/* + * Copyright (C) 2013 Dominik Schürmann + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.sufficientlysecure.keychain.crypto_provider; + + +interface ICryptoServiceActivity { + + + oneway void register(in boolean success, in String packageName); + + oneway void cachePassphrase(in boolean success, in String passphrase); + + +} \ No newline at end of file diff --git a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/crypto_provider/RegisterActivity.java b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/crypto_provider/RegisterActivity.java deleted file mode 100644 index 39b29f9a0..000000000 --- a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/crypto_provider/RegisterActivity.java +++ /dev/null @@ -1,74 +0,0 @@ -package org.sufficientlysecure.keychain.crypto_provider; - -import org.sufficientlysecure.keychain.Constants; -import org.sufficientlysecure.keychain.R; -import org.sufficientlysecure.keychain.provider.ProviderHelper; -import org.sufficientlysecure.keychain.util.Log; - -import android.app.Activity; -import android.content.Intent; -import android.os.Bundle; -import android.view.View; -import android.view.View.OnClickListener; -import android.widget.Button; - -public class RegisterActivity extends Activity { - - public static final String ACTION_REGISTER = "com.android.crypto.REGISTER"; - - public static final String EXTRA_PACKAGE_NAME = "packageName"; - - @Override - protected void onCreate(Bundle savedInstanceState) { - super.onCreate(savedInstanceState); - - handleActions(getIntent()); - } - - protected void handleActions(Intent intent) { - String action = intent.getAction(); - Bundle extras = intent.getExtras(); - - if (extras == null) { - extras = new Bundle(); - } - - final String callingPackageName = this.getCallingPackage(); - - /** - * com.android.crypto actions - */ - if (ACTION_REGISTER.equals(action)) { - setContentView(R.layout.register_crypto_consumer_activity); - - Button allowButton = (Button) findViewById(R.id.register_crypto_consumer_allow); - Button disallowButton = (Button) findViewById(R.id.register_crypto_consumer_disallow); - - allowButton.setOnClickListener(new OnClickListener() { - - @Override - public void onClick(View v) { - ProviderHelper.addCryptoConsumer(RegisterActivity.this, callingPackageName); - Intent data = new Intent(); - data.putExtra(EXTRA_PACKAGE_NAME, "org.sufficientlysecure.keychain"); - - setResult(RESULT_OK, data); - finish(); - } - }); - - disallowButton.setOnClickListener(new OnClickListener() { - - @Override - public void onClick(View v) { - setResult(RESULT_CANCELED); - finish(); - } - }); - - } else { - Log.e(Constants.TAG, "Please use com.android.crypto.REGISTER as intent action!"); - finish(); - } - } -} diff --git a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/util/PausableThreadPoolExecutor.java b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/util/PausableThreadPoolExecutor.java new file mode 100644 index 000000000..d6170a4e2 --- /dev/null +++ b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/util/PausableThreadPoolExecutor.java @@ -0,0 +1,89 @@ +/* + * Copyright (C) 2013 Dominik Schürmann + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.sufficientlysecure.keychain.util; + +import java.util.concurrent.BlockingQueue; +import java.util.concurrent.RejectedExecutionHandler; +import java.util.concurrent.ThreadFactory; +import java.util.concurrent.ThreadPoolExecutor; +import java.util.concurrent.TimeUnit; +import java.util.concurrent.locks.Condition; +import java.util.concurrent.locks.ReentrantLock; + +/** + * Example from + * http://docs.oracle.com/javase/1.5.0/docs/api/java/util/concurrent/ThreadPoolExecutor.html + */ +public class PausableThreadPoolExecutor extends ThreadPoolExecutor { + + public PausableThreadPoolExecutor(int corePoolSize, int maximumPoolSize, long keepAliveTime, + TimeUnit unit, BlockingQueue workQueue, RejectedExecutionHandler handler) { + super(corePoolSize, maximumPoolSize, keepAliveTime, unit, workQueue, handler); + } + + public PausableThreadPoolExecutor(int corePoolSize, int maximumPoolSize, long keepAliveTime, + TimeUnit unit, BlockingQueue workQueue, ThreadFactory threadFactory, + RejectedExecutionHandler handler) { + super(corePoolSize, maximumPoolSize, keepAliveTime, unit, workQueue, threadFactory, handler); + } + + public PausableThreadPoolExecutor(int corePoolSize, int maximumPoolSize, long keepAliveTime, + TimeUnit unit, BlockingQueue workQueue, ThreadFactory threadFactory) { + super(corePoolSize, maximumPoolSize, keepAliveTime, unit, workQueue, threadFactory); + } + + public PausableThreadPoolExecutor(int corePoolSize, int maximumPoolSize, long keepAliveTime, + TimeUnit unit, BlockingQueue workQueue) { + super(corePoolSize, maximumPoolSize, keepAliveTime, unit, workQueue); + } + + private boolean isPaused; + private ReentrantLock pauseLock = new ReentrantLock(); + private Condition unpaused = pauseLock.newCondition(); + + protected void beforeExecute(Thread t, Runnable r) { + super.beforeExecute(t, r); + pauseLock.lock(); + try { + while (isPaused) + unpaused.await(); + } catch (InterruptedException ie) { + t.interrupt(); + } finally { + pauseLock.unlock(); + } + } + + public void pause() { + pauseLock.lock(); + try { + isPaused = true; + } finally { + pauseLock.unlock(); + } + } + + public void resume() { + pauseLock.lock(); + try { + isPaused = false; + unpaused.signalAll(); + } finally { + pauseLock.unlock(); + } + } +} \ No newline at end of file -- cgit v1.2.3