/* * Copyright (C) 2014-2015 Dominik Schürmann * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.openintents.openpgp.util; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.util.concurrent.atomic.AtomicInteger; import android.annotation.TargetApi; import android.content.Context; import android.content.Intent; import android.os.AsyncTask; import android.os.Build; import android.os.ParcelFileDescriptor; import android.util.Log; import org.openintents.openpgp.IOpenPgpService2; import org.openintents.openpgp.OpenPgpError; public class OpenPgpApi { public static final String TAG = "OpenPgp API"; public static final String SERVICE_INTENT_2 = "org.openintents.openpgp.IOpenPgpService2"; /** * see CHANGELOG.md */ public static final int API_VERSION = 11; /** * General extras * -------------- * * required extras: * int EXTRA_API_VERSION (always required) * * returned extras: * int RESULT_CODE (RESULT_CODE_ERROR, RESULT_CODE_SUCCESS or RESULT_CODE_USER_INTERACTION_REQUIRED) * OpenPgpError RESULT_ERROR (if RESULT_CODE == RESULT_CODE_ERROR) * PendingIntent RESULT_INTENT (if RESULT_CODE == RESULT_CODE_USER_INTERACTION_REQUIRED) */ /** * This action performs no operation, but can be used to check if the App has permission * to access the API in general, returning a user interaction PendingIntent otherwise. * This can be used to trigger the permission dialog explicitly. * * This action uses no extras. */ public static final String ACTION_CHECK_PERMISSION = "org.openintents.openpgp.action.CHECK_PERMISSION"; @Deprecated public static final String ACTION_SIGN = "org.openintents.openpgp.action.SIGN"; /** * Sign text resulting in a cleartext signature * Some magic pre-processing of the text is done to convert it to a format usable for * cleartext signatures per RFC 4880 before the text is actually signed: * - end cleartext with newline * - remove whitespaces on line endings * * required extras: * long EXTRA_SIGN_KEY_ID (key id of signing key) * * optional extras: * char[] EXTRA_PASSPHRASE (key passphrase) */ public static final String ACTION_CLEARTEXT_SIGN = "org.openintents.openpgp.action.CLEARTEXT_SIGN"; /** * Sign text or binary data resulting in a detached signature. * No OutputStream necessary for ACTION_SSH_AUTH * The detached signature is returned separately in RESULT_DETACHED_SIGNATURE. * * required extras: * long EXTRA_SIGN_KEY_ID (key id of signing key) * * returned extras: * byte[] RESULT_DETACHED_SIGNATURE */ public static final String ACTION_SSH_AUTH = "org.openintents.openpgp.action.SSH_AUTH"; /** * Sign text or binary data resulting in a detached signature. * No OutputStream necessary for ACTION_DETACHED_SIGN (No magic pre-processing like in ACTION_CLEARTEXT_SIGN)! * The detached signature is returned separately in RESULT_DETACHED_SIGNATURE. * * required extras: * long EXTRA_SIGN_KEY_ID (key id of signing key) * * optional extras: * boolean EXTRA_REQUEST_ASCII_ARMOR (request ascii armor for detached signature) * char[] EXTRA_PASSPHRASE (key passphrase) * * returned extras: * byte[] RESULT_DETACHED_SIGNATURE * String RESULT_SIGNATURE_MICALG (contains the name of the used signature algorithm as a string) */ public static final String ACTION_DETACHED_SIGN = "org.openintents.openpgp.action.DETACHED_SIGN"; /** * Encrypt * * required extras: * String[] EXTRA_USER_IDS (=emails of recipients, if more than one key has a user_id, a PendingIntent is returned via RESULT_INTENT) * or * long[] EXTRA_KEY_IDS * * optional extras: * boolean EXTRA_REQUEST_ASCII_ARMOR (request ascii armor for output) * char[] EXTRA_PASSPHRASE (key passphrase) * String EXTRA_ORIGINAL_FILENAME (original filename to be encrypted as metadata) * boolean EXTRA_ENABLE_COMPRESSION (enable ZLIB compression, default ist true) */ public static final String ACTION_ENCRYPT = "org.openintents.openpgp.action.ENCRYPT"; /** * Sign and encrypt * * required extras: * String[] EXTRA_USER_IDS (=emails of recipients, if more than one key has a user_id, a PendingIntent is returned via RESULT_INTENT) * or * long[] EXTRA_KEY_IDS * * optional extras: * long EXTRA_SIGN_KEY_ID (key id of signing key) * boolean EXTRA_REQUEST_ASCII_ARMOR (request ascii armor for output) * char[] EXTRA_PASSPHRASE (key passphrase) * String EXTRA_ORIGINAL_FILENAME (original filename to be encrypted as metadata) * boolean EXTRA_ENABLE_COMPRESSION (enable ZLIB compression, default ist true) */ public static final String ACTION_SIGN_AND_ENCRYPT = "org.openintents.openpgp.action.SIGN_AND_ENCRYPT"; /** * Decrypts and verifies given input stream. This methods handles encrypted-only, signed-and-encrypted, * and also signed-only input. * OutputStream is optional, e.g., for verifying detached signatures! * * If OpenPgpSignatureResult.getResult() == OpenPgpSignatureResult.RESULT_KEY_MISSING * in addition a PendingIntent is returned via RESULT_INTENT to download missing keys. * On all other status, in addition a PendingIntent is returned via RESULT_INTENT to open * the key view in OpenKeychain. * * optional extras: * byte[] EXTRA_DETACHED_SIGNATURE (detached signature) * * returned extras: * OpenPgpSignatureResult RESULT_SIGNATURE * OpenPgpDecryptionResult RESULT_DECRYPTION * OpenPgpDecryptMetadata RESULT_METADATA * String RESULT_CHARSET (charset which was specified in the headers of ascii armored input, if any) */ public static final String ACTION_DECRYPT_VERIFY = "org.openintents.openpgp.action.DECRYPT_VERIFY"; /** * Decrypts the header of an encrypted file to retrieve metadata such as original filename. * * This does not decrypt the actual content of the file. * * returned extras: * OpenPgpDecryptMetadata RESULT_METADATA * String RESULT_CHARSET (charset which was specified in the headers of ascii armored input, if any) */ public static final String ACTION_DECRYPT_METADATA = "org.openintents.openpgp.action.DECRYPT_METADATA"; /** * Select key id for signing * * optional extras: * String EXTRA_USER_ID * * returned extras: * long EXTRA_SIGN_KEY_ID */ public static final String ACTION_GET_SIGN_KEY_ID = "org.openintents.openpgp.action.GET_SIGN_KEY_ID"; /** * Get key ids based on given user ids (=emails) * * required extras: * String[] EXTRA_USER_IDS * * returned extras: * long[] RESULT_KEY_IDS */ public static final String ACTION_GET_KEY_IDS = "org.openintents.openpgp.action.GET_KEY_IDS"; /** * This action returns RESULT_CODE_SUCCESS if the OpenPGP Provider already has the key * corresponding to the given key id in its database. * * It returns RESULT_CODE_USER_INTERACTION_REQUIRED if the Provider does not have the key. * The PendingIntent from RESULT_INTENT can be used to retrieve those from a keyserver. * * If an Output stream has been defined the whole public key is returned. * required extras: * long EXTRA_KEY_ID * * optional extras: * String EXTRA_REQUEST_ASCII_ARMOR (request that the returned key is encoded in ASCII Armor) */ public static final String ACTION_GET_KEY = "org.openintents.openpgp.action.GET_KEY"; /** * Backup all keys given by EXTRA_KEY_IDS and if requested their secret parts. * The encrypted backup will be written to the OutputStream. * The client app has no access to the backup code used to encrypt the backup! * This operation always requires user interaction with RESULT_CODE_USER_INTERACTION_REQUIRED! * * required extras: * long[] EXTRA_KEY_IDS (keys that should be included in the backup) * boolean EXTRA_BACKUP_SECRET (also backup secret keys) */ public static final String ACTION_BACKUP = "org.openintents.openpgp.action.BACKUP"; /* Intent extras */ public static final String EXTRA_API_VERSION = "api_version"; @Deprecated public static final String EXTRA_ACCOUNT_NAME = "account_name"; // ACTION_DETACHED_SIGN, ENCRYPT, SIGN_AND_ENCRYPT, DECRYPT_VERIFY // request ASCII Armor for output // OpenPGP Radix-64, 33 percent overhead compared to binary, see http://tools.ietf.org/html/rfc4880#page-53) public static final String EXTRA_REQUEST_ASCII_ARMOR = "ascii_armor"; // ACTION_DETACHED_SIGN, SSH_AUTH public static final String RESULT_DETACHED_SIGNATURE = "detached_signature"; // ACTION_DETACHED_SIGN public static final String RESULT_SIGNATURE_MICALG = "signature_micalg"; // ENCRYPT, SIGN_AND_ENCRYPT public static final String EXTRA_USER_IDS = "user_ids"; public static final String EXTRA_KEY_IDS = "key_ids"; public static final String EXTRA_SIGN_KEY_ID = "sign_key_id"; // optional extras: public static final String EXTRA_PASSPHRASE = "passphrase"; public static final String EXTRA_ORIGINAL_FILENAME = "original_filename"; public static final String EXTRA_ENABLE_COMPRESSION = "enable_compression"; public static final String EXTRA_OPPORTUNISTIC_ENCRYPTION = "opportunistic"; // GET_SIGN_KEY_ID public static final String EXTRA_USER_ID = "user_id"; // GET_KEY public static final String EXTRA_KEY_ID = "key_id"; public static final String RESULT_KEY_IDS = "key_ids"; // BACKUP public static final String EXTRA_BACKUP_SECRET = "backup_secret"; /* Service Intent returns */ public static final String RESULT_CODE = "result_code"; // get actual error object from RESULT_ERROR public static final int RESULT_CODE_ERROR = 0; // success! public static final int RESULT_CODE_SUCCESS = 1; // get PendingIntent from RESULT_INTENT, start PendingIntent with startIntentSenderForResult, // and execute service method again in onActivityResult public static final int RESULT_CODE_USER_INTERACTION_REQUIRED = 2; public static final String RESULT_ERROR = "error"; public static final String RESULT_INTENT = "intent"; // DECRYPT_VERIFY public static final String EXTRA_DETACHED_SIGNATURE = "detached_signature"; public static final String EXTRA_PROGRESS_MESSENGER = "progress_messenger"; public static final String EXTRA_DATA_LENGTH = "data_length"; public static final String EXTRA_DECRYPTION_RESULT_WRAPPER = "decryption_result_wrapper"; public static final String EXTRA_DECRYPTION_RESULT = "decryption_result"; public static final String RESULT_SIGNATURE = "signature"; public static final String RESULT_DECRYPTION = "decryption"; public static final String RESULT_METADATA = "metadata"; // This will be the charset which was specified in the headers of ascii armored input, if any public static final String RESULT_CHARSET = "charset"; // INTERNAL, must not be used public static final String EXTRA_CALL_UUID1 = "call_uuid1"; public static final String EXTRA_CALL_UUID2 = "call_uuid2"; IOpenPgpService2 mService; Context mContext; final AtomicInteger mPipeIdGen = new AtomicInteger(); public OpenPgpApi(Context context, IOpenPgpService2 service) { this.mContext = context; this.mService = service; } public interface IOpenPgpCallback { void onReturn(final Intent result); } private class OpenPgpAsyncTask extends AsyncTask { Intent data; InputStream is; OutputStream os; IOpenPgpCallback callback; private OpenPgpAsyncTask(Intent data, InputStream is, OutputStream os, IOpenPgpCallback callback) { this.data = data; this.is = is; this.os = os; this.callback = callback; } @Override protected Intent doInBackground(Void... unused) { return executeApi(data, is, os); } protected void onPostExecute(Intent result) { callback.onReturn(result); } } @TargetApi(Build.VERSION_CODES.HONEYCOMB) public void executeApiAsync(Intent data, InputStream is, OutputStream os, IOpenPgpCallback callback) { OpenPgpAsyncTask task = new OpenPgpAsyncTask(data, is, os, callback); // don't serialize async tasks! // http://commonsware.com/blog/2012/04/20/asynctask-threading-regression-confirmed.html if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.HONEYCOMB) { task.executeOnExecutor(AsyncTask.THREAD_POOL_EXECUTOR, (Void[]) null); } else { task.execute((Void[]) null); } } public Intent executeApi(Intent data, InputStream is, OutputStream os) { ParcelFileDescriptor input = null; try { if (is != null) { input = ParcelFileDescriptorUtil.pipeFrom(is); } return executeApi(data, input, os); } catch (Exception e) { Log.e(OpenPgpApi.TAG, "Exception in executeApi call", e); Intent result = new Intent(); result.putExtra(RESULT_CODE, RESULT_CODE_ERROR); result.putExtra(RESULT_ERROR, new OpenPgpError(OpenPgpError.CLIENT_SIDE_ERROR, e.getMessage())); return result; } finally { if (input != null) { try { input.close(); } catch (IOException e) { Log.e(OpenPgpApi.TAG, "IOException when closing ParcelFileDescriptor!", e); } } } } /** * InputStream and OutputStreams are always closed after operating on them! */ public Intent executeApi(Intent data, ParcelFileDescriptor input, OutputStream os) { ParcelFileDescriptor output = null; try { // always send version from client data.putExtra(EXTRA_API_VERSION, OpenPgpApi.API_VERSION); Intent result; Thread pumpThread = null; int outputPipeId = 0; if (os != null) { outputPipeId = mPipeIdGen.incrementAndGet(); output = mService.createOutputPipe(outputPipeId); pumpThread = ParcelFileDescriptorUtil.pipeTo(os, output); } // blocks until result is ready result = mService.execute(data, input, outputPipeId); // set class loader to current context to allow unparcelling // of OpenPgpError and OpenPgpSignatureResult // http://stackoverflow.com/a/3806769 result.setExtrasClassLoader(mContext.getClassLoader()); //wait for ALL data being pumped from remote side if (pumpThread != null) { pumpThread.join(); } return result; } catch (Exception e) { Log.e(OpenPgpApi.TAG, "Exception in executeApi call", e); Intent result = new Intent(); result.putExtra(RESULT_CODE, RESULT_CODE_ERROR); result.putExtra(RESULT_ERROR, new OpenPgpError(OpenPgpError.CLIENT_SIDE_ERROR, e.getMessage())); return result; } finally { // close() is required to halt the TransferThread if (output != null) { try { output.close(); } catch (IOException e) { Log.e(OpenPgpApi.TAG, "IOException when closing ParcelFileDescriptor!", e); } } } } }