Merge pull request #1722 from open-keychain/api-seperation

Better seperation of remote activities

OpenKeychain/src/main/AndroidManifest.xml

@@ -844,6 +844,21 @@
             android:name=".remote.ui.AccountSettingsActivity"
             android:configChanges="orientation|screenSize|keyboardHidden|keyboard"
             android:exported="false" />
+        <activity
+            android:name=".remote.ui.RemotePassphraseDialogActivity"
+            android:theme="@style/Theme.Keychain.Transparent" />
+        <!-- see SecurityTokenOperationActivity for reasons why
+             allowTaskReparenting, singleTop, and taskAffinity is used  -->
+        <activity
+            android:name=".remote.ui.RemoteSecurityTokenOperationActivity"
+            android:allowTaskReparenting="true"
+            android:launchMode="singleTop"
+            android:taskAffinity=":Nfc"
+            android:theme="@style/Theme.Keychain.Light.Dialog" />
+        <activity
+            android:name=".remote.ui.RemoteImportKeysActivity"
+            android:configChanges="orientation|screenSize|keyboardHidden|keyboard"
+            android:label="@string/title_import_keys" />
 
         <!-- DEPRECATED service,
              using this service may lead to truncated data being returned to the caller -->

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ApiPendingIntentFactory.java

@@ -0,0 +1,180 @@
+/*
+ * Copyright (C) 2016 Dominik Schürmann <dominik@dominikschuermann.de>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package org.sufficientlysecure.keychain.remote;
+
+import android.app.PendingIntent;
+import android.content.Context;
+import android.content.Intent;
+import android.os.Build;
+
+import org.sufficientlysecure.keychain.provider.KeychainContract;
+import org.sufficientlysecure.keychain.remote.ui.RemoteCreateAccountActivity;
+import org.sufficientlysecure.keychain.remote.ui.RemoteErrorActivity;
+import org.sufficientlysecure.keychain.remote.ui.RemoteImportKeysActivity;
+import org.sufficientlysecure.keychain.remote.ui.RemotePassphraseDialogActivity;
+import org.sufficientlysecure.keychain.remote.ui.RemoteRegisterActivity;
+import org.sufficientlysecure.keychain.remote.ui.RemoteSecurityTokenOperationActivity;
+import org.sufficientlysecure.keychain.remote.ui.RemoteSelectPubKeyActivity;
+import org.sufficientlysecure.keychain.remote.ui.SelectAllowedKeysActivity;
+import org.sufficientlysecure.keychain.remote.ui.SelectSignKeyIdActivity;
+import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
+import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
+import org.sufficientlysecure.keychain.ui.ViewKeyActivity;
+
+import java.util.ArrayList;
+
+public class ApiPendingIntentFactory {
+
+    Context mContext;
+    private Intent mPendingIntentData;
+
+    public ApiPendingIntentFactory(Context context, Intent data) {
+        mContext = context;
+        mPendingIntentData = data;
+    }
+
+    PendingIntent requiredInputPi(RequiredInputParcel requiredInput,
+                                  CryptoInputParcel cryptoInput) {
+
+        switch (requiredInput.mType) {
+            case NFC_MOVE_KEY_TO_CARD:
+            case NFC_DECRYPT:
+            case NFC_SIGN: {
+                return createNfcOperationPendingIntent(requiredInput, cryptoInput);
+            }
+
+            case PASSPHRASE: {
+                return createPassphrasePendingIntent(requiredInput, cryptoInput);
+            }
+
+            default:
+                throw new AssertionError("Unhandled required input type!");
+        }
+    }
+
+    private PendingIntent createNfcOperationPendingIntent(RequiredInputParcel requiredInput, CryptoInputParcel cryptoInput) {
+        Intent intent = new Intent(mContext, RemoteSecurityTokenOperationActivity.class);
+        // pass params through to activity that it can be returned again later to repeat pgp operation
+        intent.putExtra(RemoteSecurityTokenOperationActivity.EXTRA_REQUIRED_INPUT, requiredInput);
+        intent.putExtra(RemoteSecurityTokenOperationActivity.EXTRA_CRYPTO_INPUT, cryptoInput);
+
+        return createInternal(intent);
+    }
+
+    private PendingIntent createPassphrasePendingIntent(RequiredInputParcel requiredInput, CryptoInputParcel cryptoInput) {
+        Intent intent = new Intent(mContext, RemotePassphraseDialogActivity.class);
+        // pass params through to activity that it can be returned again later to repeat pgp operation
+        intent.putExtra(RemotePassphraseDialogActivity.EXTRA_REQUIRED_INPUT, requiredInput);
+        intent.putExtra(RemotePassphraseDialogActivity.EXTRA_CRYPTO_INPUT, cryptoInput);
+
+        return createInternal(intent);
+    }
+
+    PendingIntent createSelectPublicKeyPendingIntent(long[] keyIdsArray, ArrayList<String> missingEmails,
+                                                     ArrayList<String> duplicateEmails, boolean noUserIdsCheck) {
+        Intent intent = new Intent(mContext, RemoteSelectPubKeyActivity.class);
+        intent.putExtra(RemoteSelectPubKeyActivity.EXTRA_SELECTED_MASTER_KEY_IDS, keyIdsArray);
+        intent.putExtra(RemoteSelectPubKeyActivity.EXTRA_NO_USER_IDS_CHECK, noUserIdsCheck);
+        intent.putExtra(RemoteSelectPubKeyActivity.EXTRA_MISSING_EMAILS, missingEmails);
+        intent.putExtra(RemoteSelectPubKeyActivity.EXTRA_DUPLICATE_EMAILS, duplicateEmails);
+
+        return createInternal(intent);
+    }
+
+    PendingIntent createImportFromKeyserverPendingIntent(long masterKeyId) {
+        Intent intent = new Intent(mContext, RemoteImportKeysActivity.class);
+        intent.setAction(RemoteImportKeysActivity.ACTION_IMPORT_KEY_FROM_KEYSERVER_AND_RETURN_RESULT);
+        intent.putExtra(RemoteImportKeysActivity.EXTRA_KEY_ID, masterKeyId);
+
+        return createInternal(intent);
+    }
+
+    PendingIntent createSelectAllowedKeysPendingIntent(String packageName) {
+        Intent intent = new Intent(mContext, SelectAllowedKeysActivity.class);
+        intent.setData(KeychainContract.ApiApps.buildByPackageNameUri(packageName));
+
+        return createInternal(intent);
+    }
+
+    PendingIntent createShowKeyPendingIntent(long masterKeyId) {
+        Intent intent = new Intent(mContext, ViewKeyActivity.class);
+        intent.setData(KeychainContract.KeyRings.buildGenericKeyRingUri(masterKeyId));
+
+        return createInternal(intent);
+    }
+
+    PendingIntent createSelectSignKeyIdPendingIntent(String packageName, String preferredUserId) {
+        Intent intent = new Intent(mContext, SelectSignKeyIdActivity.class);
+        intent.setData(KeychainContract.ApiApps.buildByPackageNameUri(packageName));
+        intent.putExtra(SelectSignKeyIdActivity.EXTRA_USER_ID, preferredUserId);
+
+        return createInternal(intent);
+    }
+
+    @Deprecated
+    PendingIntent createAccountCreationPendingIntent(String packageName, String accountName) {
+        Intent intent = new Intent(mContext, RemoteCreateAccountActivity.class);
+        intent.putExtra(RemoteCreateAccountActivity.EXTRA_PACKAGE_NAME, packageName);
+        intent.putExtra(RemoteCreateAccountActivity.EXTRA_ACC_NAME, accountName);
+
+        return createInternal(intent);
+    }
+
+    PendingIntent createErrorPendingIntent(String errorMessage) {
+        Intent intent = new Intent(mContext, RemoteErrorActivity.class);
+        intent.putExtra(RemoteErrorActivity.EXTRA_ERROR_MESSAGE, errorMessage);
+
+        return createInternal(intent);
+    }
+
+    private PendingIntent createInternal(Intent intent) {
+        // re-attach "data" for pass through. It will be used later to repeat pgp operation
+        intent.putExtra(RemoteSecurityTokenOperationActivity.EXTRA_DATA, mPendingIntentData);
+
+        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
+            //noinspection ResourceType, looks like lint is missing FLAG_IMMUTABLE
+            return PendingIntent.getActivity(mContext, 0,
+                    intent,
+                    PendingIntent.FLAG_CANCEL_CURRENT | PendingIntent.FLAG_IMMUTABLE);
+        } else {
+            return PendingIntent.getActivity(mContext, 0,
+                    intent,
+                    PendingIntent.FLAG_CANCEL_CURRENT);
+        }
+    }
+
+    PendingIntent createRegisterPendingIntent(String packageName, byte[] packageCertificate) {
+        Intent intent = new Intent(mContext, RemoteRegisterActivity.class);
+        intent.putExtra(RemoteRegisterActivity.EXTRA_PACKAGE_NAME, packageName);
+        intent.putExtra(RemoteRegisterActivity.EXTRA_PACKAGE_SIGNATURE, packageCertificate);
+        intent.putExtra(RemoteRegisterActivity.EXTRA_DATA, mPendingIntentData);
+
+        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
+            //noinspection ResourceType, looks like lint is missing FLAG_IMMUTABLE
+            return PendingIntent.getActivity(mContext, 0,
+                    intent,
+                    PendingIntent.FLAG_CANCEL_CURRENT | PendingIntent.FLAG_ONE_SHOT
+                            | PendingIntent.FLAG_IMMUTABLE);
+        } else {
+            return PendingIntent.getActivity(mContext, 0,
+                    intent,
+                    PendingIntent.FLAG_CANCEL_CURRENT | PendingIntent.FLAG_ONE_SHOT);
+        }
+    }
+
+}

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ApiPermissionHelper.java

@@ -18,11 +18,6 @@
 package org.sufficientlysecure.keychain.remote;
 
 
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.Arrays;
-
 import android.annotation.SuppressLint;
 import android.app.PendingIntent;
 import android.content.Context;
@@ -40,11 +35,13 @@ import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.provider.KeychainContract;
 import org.sufficientlysecure.keychain.provider.ProviderHelper;
-import org.sufficientlysecure.keychain.remote.ui.RemoteCreateAccountActivity;
-import org.sufficientlysecure.keychain.remote.ui.RemoteErrorActivity;
-import org.sufficientlysecure.keychain.remote.ui.RemoteRegisterActivity;
 import org.sufficientlysecure.keychain.util.Log;
 
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Arrays;
+
 
 /**
  * Abstract service class for remote APIs that handle app registration and user input.
@@ -75,6 +72,8 @@ public class ApiPermissionHelper {
      * @return null if caller is allowed, or a Bundle with a PendingIntent
      */
     protected Intent isAllowed(Intent data) {
+        ApiPendingIntentFactory piFactory = new ApiPendingIntentFactory(mContext, data);
+
         try {
             if (isCallerAllowed()) {
                 return null;
@@ -96,14 +95,7 @@ public class ApiPermissionHelper {
                 }
                 Log.e(Constants.TAG, "Not allowed to use service! return PendingIntent for registration!");
 
-                Intent intent = new Intent(mContext, RemoteRegisterActivity.class);
+                PendingIntent pi = piFactory.createRegisterPendingIntent(packageName, packageCertificate);
-                intent.putExtra(RemoteRegisterActivity.EXTRA_PACKAGE_NAME, packageName);
-                intent.putExtra(RemoteRegisterActivity.EXTRA_PACKAGE_SIGNATURE, packageCertificate);
-                intent.putExtra(RemoteRegisterActivity.EXTRA_DATA, data);
-
-                PendingIntent pi = PendingIntent.getActivity(mContext, 0,
-                        intent,
-                        PendingIntent.FLAG_CANCEL_CURRENT | PendingIntent.FLAG_ONE_SHOT);
 
                 // return PendingIntent to be executed by client
                 Intent result = new Intent();
@@ -115,14 +107,7 @@ public class ApiPermissionHelper {
         } catch (WrongPackageCertificateException e) {
             Log.e(Constants.TAG, "wrong signature!", e);
 
-            Intent intent = new Intent(mContext, RemoteErrorActivity.class);
+            PendingIntent pi = piFactory.createErrorPendingIntent(mContext.getString(R.string.api_error_wrong_signature));
-            intent.putExtra(RemoteErrorActivity.EXTRA_ERROR_MESSAGE,
-                    mContext.getString(R.string.api_error_wrong_signature));
-            intent.putExtra(RemoteErrorActivity.EXTRA_DATA, data);
-
-            PendingIntent pi = PendingIntent.getActivity(mContext, 0,
-                    intent,
-                    PendingIntent.FLAG_CANCEL_CURRENT);
 
             // return PendingIntent to be executed by client
             Intent result = new Intent();
@@ -173,10 +158,9 @@ public class ApiPermissionHelper {
     }
 
     /**
-     * DEPRECATED API
-     * <p/>
      * Retrieves AccountSettings from database for the application calling this remote service
      */
+    @Deprecated
     protected AccountSettings getAccSettings(String accountName) {
         String currentPkg = getCurrentCallingPackage();
         Log.d(Constants.TAG, "getAccSettings accountName: " + accountName);
@@ -186,21 +170,14 @@ public class ApiPermissionHelper {
         return mProviderHelper.getApiAccountSettings(uri); // can be null!
     }
 
-    /**
+    @Deprecated
-     * Deprecated API
-     */
     protected Intent getCreateAccountIntent(Intent data, String accountName) {
         String packageName = getCurrentCallingPackage();
         Log.d(Constants.TAG, "getCreateAccountIntent accountName: " + accountName);
 
-        Intent intent = new Intent(mContext, RemoteCreateAccountActivity.class);
+        ApiPendingIntentFactory piFactory = new ApiPendingIntentFactory(mContext, data);
-        intent.putExtra(RemoteCreateAccountActivity.EXTRA_PACKAGE_NAME, packageName);
-        intent.putExtra(RemoteCreateAccountActivity.EXTRA_ACC_NAME, accountName);
-        intent.putExtra(RemoteCreateAccountActivity.EXTRA_DATA, data);
 
-        PendingIntent pi = PendingIntent.getActivity(mContext, 0,
+        PendingIntent pi = piFactory.createAccountCreationPendingIntent(packageName, accountName);
-                intent,
-                PendingIntent.FLAG_CANCEL_CURRENT);
 
         // return PendingIntent to be executed by client
         Intent result = new Intent();

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java

@@ -19,7 +19,6 @@ package org.sufficientlysecure.keychain.remote;
 
 import android.app.PendingIntent;
 import android.app.Service;
-import android.content.Context;
 import android.content.Intent;
 import android.database.Cursor;
 import android.net.Uri;
@@ -30,13 +29,13 @@ import android.support.annotation.NonNull;
 import android.support.annotation.Nullable;
 import android.text.TextUtils;
 
+import org.bouncycastle.bcpg.ArmoredOutputStream;
 import org.openintents.openpgp.IOpenPgpService;
 import org.openintents.openpgp.OpenPgpDecryptionResult;
 import org.openintents.openpgp.OpenPgpError;
 import org.openintents.openpgp.OpenPgpMetadata;
 import org.openintents.openpgp.OpenPgpSignatureResult;
 import org.openintents.openpgp.util.OpenPgpApi;
-import org.bouncycastle.bcpg.ArmoredOutputStream;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult;
 import org.sufficientlysecure.keychain.operations.results.OperationResult.LogEntryParcel;
@@ -53,15 +52,8 @@ import org.sufficientlysecure.keychain.provider.KeychainContract.ApiAccounts;
 import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
 import org.sufficientlysecure.keychain.provider.KeychainDatabase.Tables;
 import org.sufficientlysecure.keychain.provider.ProviderHelper;
-import org.sufficientlysecure.keychain.remote.ui.RemoteSelectPubKeyActivity;
-import org.sufficientlysecure.keychain.remote.ui.SelectAllowedKeysActivity;
-import org.sufficientlysecure.keychain.remote.ui.SelectSignKeyIdActivity;
 import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
 import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
-import org.sufficientlysecure.keychain.ui.ImportKeysActivity;
-import org.sufficientlysecure.keychain.ui.SecurityTokenOperationActivity;
-import org.sufficientlysecure.keychain.ui.PassphraseDialogActivity;
-import org.sufficientlysecure.keychain.ui.ViewKeyActivity;
 import org.sufficientlysecure.keychain.util.InputData;
 import org.sufficientlysecure.keychain.util.Log;
 import org.sufficientlysecure.keychain.util.Passphrase;
@@ -151,16 +143,9 @@ public class OpenPgpService extends Service {
         if (noUserIdsCheck || missingUserIdsCheck || duplicateUserIdsCheck) {
             // allow the user to verify pub key selection
 
-            Intent intent = new Intent(getBaseContext(), RemoteSelectPubKeyActivity.class);
+            ApiPendingIntentFactory piFactory = new ApiPendingIntentFactory(getBaseContext(), data);
-            intent.putExtra(RemoteSelectPubKeyActivity.EXTRA_SELECTED_MASTER_KEY_IDS, keyIdsArray);
+            PendingIntent pi = piFactory.createSelectPublicKeyPendingIntent(keyIdsArray, missingEmails,
-            intent.putExtra(RemoteSelectPubKeyActivity.EXTRA_NO_USER_IDS_CHECK, noUserIdsCheck);
+                    duplicateEmails, noUserIdsCheck);
-            intent.putExtra(RemoteSelectPubKeyActivity.EXTRA_MISSING_EMAILS, missingEmails);
-            intent.putExtra(RemoteSelectPubKeyActivity.EXTRA_DUPLICATE_EMAILS, duplicateEmails);
-            intent.putExtra(RemoteSelectPubKeyActivity.EXTRA_DATA, data);
-
-            PendingIntent pi = PendingIntent.getActivity(getBaseContext(), 0,
-                    intent,
-                    PendingIntent.FLAG_CANCEL_CURRENT);
 
             // return PendingIntent to be executed by client
             Intent result = new Intent();
@@ -181,76 +166,6 @@ public class OpenPgpService extends Service {
         }
     }
 
-    private static PendingIntent getRequiredInputPendingIntent(Context context,
-                                                               Intent data,
-                                                               RequiredInputParcel requiredInput,
-                                                               CryptoInputParcel cryptoInput) {
-
-        switch (requiredInput.mType) {
-            case NFC_MOVE_KEY_TO_CARD:
-            case NFC_DECRYPT:
-            case NFC_SIGN: {
-                // build PendingIntent for Security Token NFC operations
-                Intent intent = new Intent(context, SecurityTokenOperationActivity.class);
-                // pass params through to activity that it can be returned again later to repeat pgp operation
-                intent.putExtra(SecurityTokenOperationActivity.EXTRA_SERVICE_INTENT, data);
-                intent.putExtra(SecurityTokenOperationActivity.EXTRA_REQUIRED_INPUT, requiredInput);
-                intent.putExtra(SecurityTokenOperationActivity.EXTRA_CRYPTO_INPUT, cryptoInput);
-                return PendingIntent.getActivity(context, 0, intent,
-                        PendingIntent.FLAG_CANCEL_CURRENT);
-            }
-
-            case PASSPHRASE: {
-                // build PendingIntent for Passphrase request
-                Intent intent = new Intent(context, PassphraseDialogActivity.class);
-                // pass params through to activity that it can be returned again later to repeat pgp operation
-                intent.putExtra(PassphraseDialogActivity.EXTRA_SERVICE_INTENT, data);
-                intent.putExtra(PassphraseDialogActivity.EXTRA_REQUIRED_INPUT, requiredInput);
-                intent.putExtra(PassphraseDialogActivity.EXTRA_CRYPTO_INPUT, cryptoInput);
-                return PendingIntent.getActivity(context, 0, intent,
-                        PendingIntent.FLAG_CANCEL_CURRENT);
-            }
-
-            default:
-                throw new AssertionError("Unhandled required input type!");
-        }
-
-    }
-
-    private PendingIntent getKeyserverPendingIntent(Intent data, long masterKeyId) {
-        // If signature is unknown we return an _additional_ PendingIntent
-        // to retrieve the missing key
-        Intent intent = new Intent(getBaseContext(), ImportKeysActivity.class);
-        intent.setAction(ImportKeysActivity.ACTION_IMPORT_KEY_FROM_KEYSERVER_AND_RETURN_TO_SERVICE);
-        intent.putExtra(ImportKeysActivity.EXTRA_KEY_ID, masterKeyId);
-        intent.putExtra(ImportKeysActivity.EXTRA_PENDING_INTENT_DATA, data);
-
-        return PendingIntent.getActivity(getBaseContext(), 0,
-                intent,
-                PendingIntent.FLAG_CANCEL_CURRENT);
-    }
-
-    private PendingIntent getSelectAllowedKeysIntent(Intent data) {
-        // If signature is unknown we return an _additional_ PendingIntent
-        // to retrieve the missing key
-        Intent intent = new Intent(getBaseContext(), SelectAllowedKeysActivity.class);
-        intent.putExtra(SelectAllowedKeysActivity.EXTRA_SERVICE_INTENT, data);
-        intent.setData(KeychainContract.ApiApps.buildByPackageNameUri(mApiPermissionHelper.getCurrentCallingPackage()));
-
-        return PendingIntent.getActivity(getBaseContext(), 0,
-                intent,
-                PendingIntent.FLAG_CANCEL_CURRENT);
-    }
-
-    private PendingIntent getShowKeyPendingIntent(long masterKeyId) {
-        Intent intent = new Intent(getBaseContext(), ViewKeyActivity.class);
-        intent.setData(KeyRings.buildGenericKeyRingUri(masterKeyId));
-
-        return PendingIntent.getActivity(getBaseContext(), 0,
-                intent,
-                PendingIntent.FLAG_CANCEL_CURRENT);
-    }
-
     private Intent signImpl(Intent data, InputStream inputStream,
                             OutputStream outputStream, boolean cleartextSign) {
         try {
@@ -311,10 +226,10 @@ public class OpenPgpService extends Service {
             PgpSignEncryptResult pgpResult = pse.execute(pseInput, inputParcel, inputData, outputStream);
 
             if (pgpResult.isPending()) {
+                ApiPendingIntentFactory piFactory = new ApiPendingIntentFactory(getBaseContext(), data);
 
                 RequiredInputParcel requiredInput = pgpResult.getRequiredInputParcel();
-                PendingIntent pIntent = getRequiredInputPendingIntent(getBaseContext(), data,
+                PendingIntent pIntent = piFactory.requiredInputPi(requiredInput, pgpResult.mCryptoInputParcel);
-                        requiredInput, pgpResult.mCryptoInputParcel);
 
                 // return PendingIntent to be executed by client
                 Intent result = new Intent();
@@ -448,9 +363,10 @@ public class OpenPgpService extends Service {
             PgpSignEncryptResult pgpResult = op.execute(pseInput, inputParcel, inputData, outputStream);
 
             if (pgpResult.isPending()) {
+                ApiPendingIntentFactory piFactory = new ApiPendingIntentFactory(getBaseContext(), data);
+
                 RequiredInputParcel requiredInput = pgpResult.getRequiredInputParcel();
-                PendingIntent pIntent = getRequiredInputPendingIntent(getBaseContext(), data,
+                PendingIntent pIntent = piFactory.requiredInputPi(requiredInput, pgpResult.mCryptoInputParcel);
-                        requiredInput, pgpResult.mCryptoInputParcel);
 
                 // return PendingIntent to be executed by client
                 Intent result = new Intent();
@@ -520,11 +436,12 @@ public class OpenPgpService extends Service {
 
             DecryptVerifyResult pgpResult = op.execute(input, cryptoInput, inputData, outputStream);
 
+            ApiPendingIntentFactory piFactory = new ApiPendingIntentFactory(getBaseContext(), data);
+
             if (pgpResult.isPending()) {
                 // prepare and return PendingIntent to be executed by client
                 RequiredInputParcel requiredInput = pgpResult.getRequiredInputParcel();
-                PendingIntent pIntent = getRequiredInputPendingIntent(getBaseContext(), data,
+                PendingIntent pIntent = piFactory.requiredInputPi(requiredInput, pgpResult.mCryptoInputParcel);
-                        requiredInput, pgpResult.mCryptoInputParcel);
 
                 Intent result = new Intent();
                 result.putExtra(OpenPgpApi.RESULT_INTENT, pIntent);
@@ -541,7 +458,8 @@ public class OpenPgpService extends Service {
                 switch (signatureResult.getResult()) {
                     case OpenPgpSignatureResult.RESULT_KEY_MISSING: {
                         // If signature key is missing we return a PendingIntent to retrieve the key
-                        result.putExtra(OpenPgpApi.RESULT_INTENT, getKeyserverPendingIntent(data, signatureResult.getKeyId()));
+                        result.putExtra(OpenPgpApi.RESULT_INTENT,
+                                piFactory.createImportFromKeyserverPendingIntent(signatureResult.getKeyId()));
                         break;
                     }
                     case OpenPgpSignatureResult.RESULT_VALID_CONFIRMED:
@@ -550,7 +468,7 @@ public class OpenPgpService extends Service {
                     case OpenPgpSignatureResult.RESULT_INVALID_KEY_EXPIRED:
                     case OpenPgpSignatureResult.RESULT_INVALID_INSECURE: {
                         // If signature key is known, return PendingIntent to show key
-                        result.putExtra(OpenPgpApi.RESULT_INTENT, getShowKeyPendingIntent(signatureResult.getKeyId()));
+                        result.putExtra(OpenPgpApi.RESULT_INTENT, piFactory.createShowKeyPendingIntent(signatureResult.getKeyId()));
                         break;
                     }
                     default:
@@ -623,7 +541,8 @@ public class OpenPgpService extends Service {
                 if (pgpResult.isKeysDisallowed()) {
                     // allow user to select allowed keys
                     Intent result = new Intent();
-                    result.putExtra(OpenPgpApi.RESULT_INTENT, getSelectAllowedKeysIntent(data));
+                    String packageName = mApiPermissionHelper.getCurrentCallingPackage();
+                    result.putExtra(OpenPgpApi.RESULT_INTENT, piFactory.createSelectAllowedKeysPendingIntent(packageName));
                     result.putExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_USER_INTERACTION_REQUIRED);
                     return result;
                 }
@@ -647,6 +566,8 @@ public class OpenPgpService extends Service {
 
     private Intent getKeyImpl(Intent data, OutputStream outputStream) {
         try {
+            ApiPendingIntentFactory piFactory = new ApiPendingIntentFactory(getBaseContext(), data);
+
             long masterKeyId = data.getLongExtra(OpenPgpApi.EXTRA_KEY_ID, 0);
 
             try {
@@ -676,14 +597,14 @@ public class OpenPgpService extends Service {
                 }
 
                 // also return PendingIntent that opens the key view activity
-                result.putExtra(OpenPgpApi.RESULT_INTENT, getShowKeyPendingIntent(masterKeyId));
+                result.putExtra(OpenPgpApi.RESULT_INTENT, piFactory.createShowKeyPendingIntent(masterKeyId));
 
                 return result;
             } catch (ProviderHelper.NotFoundException e) {
                 // If keys are not in db we return an additional PendingIntent
                 // to retrieve the missing key
                 Intent result = new Intent();
-                result.putExtra(OpenPgpApi.RESULT_INTENT, getKeyserverPendingIntent(data, masterKeyId));
+                result.putExtra(OpenPgpApi.RESULT_INTENT, piFactory.createImportFromKeyserverPendingIntent(masterKeyId));
                 result.putExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_USER_INTERACTION_REQUIRED);
                 return result;
             }
@@ -709,17 +630,11 @@ public class OpenPgpService extends Service {
             result.putExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_SUCCESS);
             return result;
         } else {
+            String currentPkg = mApiPermissionHelper.getCurrentCallingPackage();
             String preferredUserId = data.getStringExtra(OpenPgpApi.EXTRA_USER_ID);
 
-            Intent intent = new Intent(getBaseContext(), SelectSignKeyIdActivity.class);
+            ApiPendingIntentFactory piFactory = new ApiPendingIntentFactory(getBaseContext(), data);
-            String currentPkg = mApiPermissionHelper.getCurrentCallingPackage();
+            PendingIntent pi = piFactory.createSelectSignKeyIdPendingIntent(currentPkg, preferredUserId);
-            intent.setData(KeychainContract.ApiApps.buildByPackageNameUri(currentPkg));
-            intent.putExtra(SelectSignKeyIdActivity.EXTRA_USER_ID, preferredUserId);
-            intent.putExtra(SelectSignKeyIdActivity.EXTRA_DATA, data);
-
-            PendingIntent pi = PendingIntent.getActivity(getBaseContext(), 0,
-                    intent,
-                    PendingIntent.FLAG_CANCEL_CURRENT);
 
             // return PendingIntent to be executed by client
             Intent result = new Intent();
@@ -782,7 +697,7 @@ public class OpenPgpService extends Service {
      * - has supported API version
      * - is allowed to call the service (access has been granted)
      *
-     * @return null if everything is okay, or a Bundle with an error/PendingIntent
+     * @return null if everything is okay, or a Bundle with an createErrorPendingIntent/PendingIntent
      */
     private Intent checkRequirements(Intent data) {
         // params Bundle is required!
@@ -845,7 +760,7 @@ public class OpenPgpService extends Service {
         try {
             return executeInternalWithStreams(data, inputStream, outputStream);
         } finally {
-            // always close input and output file descriptors even in error cases
+            // always close input and output file descriptors even in createErrorPendingIntent cases
             if (inputStream != null) {
                 try {
                     inputStream.close();

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ui/RemoteImportKeysActivity.java

@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2016 Dominik Schürmann <dominik@dominikschuermann.de>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package org.sufficientlysecure.keychain.remote.ui;
+
+import android.content.Intent;
+import android.os.Bundle;
+
+import org.sufficientlysecure.keychain.operations.results.ImportKeyResult;
+import org.sufficientlysecure.keychain.remote.CryptoInputParcelCacheService;
+import org.sufficientlysecure.keychain.ui.ImportKeysActivity;
+import org.sufficientlysecure.keychain.ui.SecurityTokenOperationActivity;
+
+public class RemoteImportKeysActivity extends ImportKeysActivity {
+
+    public static final String EXTRA_DATA = "data";
+
+    private Intent mPendingIntentData;
+
+    @Override
+    protected void onCreate(Bundle savedInstanceState) {
+        super.onCreate(savedInstanceState);
+
+        mPendingIntentData = getIntent().getParcelableExtra(EXTRA_DATA);
+    }
+
+    @Override
+    public void handleResult(ImportKeyResult result) {
+        setResult(RESULT_OK, mPendingIntentData);
+        finish();
+    }
+
+}

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ui/RemotePassphraseDialogActivity.java

@@ -0,0 +1,46 @@
+/*
+ * Copyright (C) 2016 Dominik Schürmann <dominik@dominikschuermann.de>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package org.sufficientlysecure.keychain.remote.ui;
+
+import android.content.Intent;
+import android.os.Bundle;
+
+import org.sufficientlysecure.keychain.remote.CryptoInputParcelCacheService;
+import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
+import org.sufficientlysecure.keychain.ui.PassphraseDialogActivity;
+
+public class RemotePassphraseDialogActivity extends PassphraseDialogActivity {
+
+    public static final String EXTRA_DATA = "data";
+
+    private Intent mPendingIntentData;
+
+    @Override
+    protected void onCreate(Bundle savedInstanceState) {
+        super.onCreate(savedInstanceState);
+
+        mPendingIntentData = getIntent().getParcelableExtra(EXTRA_DATA);
+    }
+
+    @Override
+    protected void handleResult(CryptoInputParcel inputParcel) {
+        CryptoInputParcelCacheService.addCryptoInputParcel(this, mPendingIntentData, inputParcel);
+        setResult(RESULT_OK, mPendingIntentData);
+    }
+
+}

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ui/RemoteSecurityTokenOperationActivity.java

@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2016 Dominik Schürmann <dominik@dominikschuermann.de>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package org.sufficientlysecure.keychain.remote.ui;
+
+import android.content.Intent;
+import android.os.Bundle;
+
+import org.sufficientlysecure.keychain.remote.CryptoInputParcelCacheService;
+import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
+import org.sufficientlysecure.keychain.ui.SecurityTokenOperationActivity;
+
+public class RemoteSecurityTokenOperationActivity extends SecurityTokenOperationActivity {
+
+    public static final String EXTRA_DATA = "data";
+
+    private Intent mPendingIntentData;
+
+    @Override
+    protected void onCreate(Bundle savedInstanceState) {
+        super.onCreate(savedInstanceState);
+
+        Intent intent = getIntent();
+        Bundle data = intent.getExtras();
+        mPendingIntentData = data.getParcelable(EXTRA_DATA);
+    }
+
+    @Override
+    protected void handleResult(CryptoInputParcel inputParcel) {
+        // save updated cryptoInputParcel in cache
+        CryptoInputParcelCacheService.addCryptoInputParcel(this, mPendingIntentData, inputParcel);
+        setResult(RESULT_OK, mPendingIntentData);
+    }
+
+}

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateSecurityTokenImportResetFragment.java

@@ -231,7 +231,6 @@ public class CreateSecurityTokenImportResetFragment
 
     public void resetCard() {
         Intent intent = new Intent(getActivity(), SecurityTokenOperationActivity.class);
-        intent.putExtra(SecurityTokenOperationActivity.EXTRA_SERVICE_INTENT, (Parcelable[]) null);
         RequiredInputParcel resetP = RequiredInputParcel.createNfcReset();
         intent.putExtra(SecurityTokenOperationActivity.EXTRA_REQUIRED_INPUT, resetP);
         intent.putExtra(SecurityTokenOperationActivity.EXTRA_CRYPTO_INPUT, new CryptoInputParcel());

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ImportKeysActivity.java

@@ -57,8 +57,6 @@ public class ImportKeysActivity extends BaseActivity
             = Constants.INTENT_PREFIX + "IMPORT_KEY_FROM_FACEBOOK";
     public static final String ACTION_IMPORT_KEY_FROM_KEYSERVER_AND_RETURN_RESULT =
             Constants.INTENT_PREFIX + "IMPORT_KEY_FROM_KEY_SERVER_AND_RETURN_RESULT";
-    public static final String ACTION_IMPORT_KEY_FROM_KEYSERVER_AND_RETURN_TO_SERVICE = Constants.INTENT_PREFIX
-            + "IMPORT_KEY_FROM_KEY_SERVER_AND_RETURN";
     public static final String ACTION_IMPORT_KEY_FROM_FILE_AND_RETURN = Constants.INTENT_PREFIX
             + "IMPORT_KEY_FROM_FILE_AND_RETURN";
 
@@ -77,10 +75,6 @@ public class ImportKeysActivity extends BaseActivity
     public static final String EXTRA_KEY_ID = Constants.EXTRA_PREFIX + "EXTRA_KEY_ID";
     public static final String EXTRA_FINGERPRINT = OpenKeychainIntents.IMPORT_KEY_FROM_KEYSERVER_EXTRA_FINGERPRINT;
 
-    // only used by ACTION_IMPORT_KEY_FROM_KEYSERVER_AND_RETURN_TO_SERVICE when used from OpenPgpService
-    public static final String EXTRA_PENDING_INTENT_DATA = "data";
-    private Intent mPendingIntentData;
-
     public static final String TAG_FRAG_LIST = "frag_list";
     public static final String TAG_FRAG_TOP = "frag_top";
 
@@ -106,11 +100,6 @@ public class ImportKeysActivity extends BaseActivity
                 importSelectedKeys();
             }
         });
-
-        // only used for OpenPgpService
-        if (getIntent().hasExtra(EXTRA_PENDING_INTENT_DATA)) {
-            mPendingIntentData = getIntent().getParcelableExtra(EXTRA_PENDING_INTENT_DATA);
-        }
     }
 
     @Override
@@ -172,7 +161,6 @@ public class ImportKeysActivity extends BaseActivity
                 break;
             }
             case ACTION_IMPORT_KEY_FROM_KEYSERVER:
-            case ACTION_IMPORT_KEY_FROM_KEYSERVER_AND_RETURN_TO_SERVICE:
             case ACTION_IMPORT_KEY_FROM_KEYSERVER_AND_RETURN_RESULT: {
 
                 if (extras.containsKey(EXTRA_QUERY) || extras.containsKey(EXTRA_KEY_ID)) {
@@ -412,7 +400,11 @@ public class ImportKeysActivity extends BaseActivity
         super.onActivityResult(requestCode, resultCode, data);
     }
 
-    public void handleResult(ImportKeyResult result) {
+    /**
+     * Defines how the result of this activity is returned.
+     * Is overwritten in RemoteImportKeysActivity
+     */
+    protected void handleResult(ImportKeyResult result) {
         String intentAction = getIntent().getAction();
 
         if (ACTION_IMPORT_KEY_FROM_KEYSERVER_AND_RETURN_RESULT.equals(intentAction)
@@ -424,15 +416,10 @@ public class ImportKeysActivity extends BaseActivity
             return;
         }
 
-        if (ACTION_IMPORT_KEY_FROM_KEYSERVER_AND_RETURN_TO_SERVICE.equals(intentAction)) {
-            setResult(RESULT_OK, mPendingIntentData);
-            finish();
-            return;
-        }
-
         result.createNotify(ImportKeysActivity.this)
                 .show((ViewGroup) findViewById(R.id.import_snackbar));
     }
+
     // methods from CryptoOperationHelper.Callback
 
     @Override

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/PassphraseDialogActivity.java

@@ -85,9 +85,6 @@ public class PassphraseDialogActivity extends FragmentActivity {
     public static final String EXTRA_REQUIRED_INPUT = "required_input";
     public static final String EXTRA_CRYPTO_INPUT = "crypto_input";
 
-    // special extra for OpenPgpService
-    public static final String EXTRA_SERVICE_INTENT = "data";
-
     @Override
     protected void onCreate(Bundle savedInstanceState) {
         super.onCreate(savedInstanceState);
@@ -393,10 +390,10 @@ public class PassphraseDialogActivity extends FragmentActivity {
                                 boolean unlockSucceeded = secretKeyToUnlock.unlock(passphrase);
 
                                 // if it didn't take that long, give the user time to appreciate the progress bar
-                                long operationTime = System.currentTimeMillis() -timeBeforeOperation;
+                                long operationTime = System.currentTimeMillis() - timeBeforeOperation;
                                 if (operationTime < 100) {
                                     try {
-                                        Thread.sleep(100 -operationTime);
+                                        Thread.sleep(100 - operationTime);
                                     } catch (InterruptedException e) {
                                         // ignore
                                     }
@@ -467,16 +464,7 @@ public class PassphraseDialogActivity extends FragmentActivity {
             // noinspection ConstantConditions, we handle the non-null case in PassphraseDialogActivity.onCreate()
             inputParcel.mPassphrase = passphrase;
 
-            Intent serviceIntent = getArguments().getParcelable(EXTRA_SERVICE_INTENT);
+            ((PassphraseDialogActivity) getActivity()).handleResult(inputParcel);
-            if (serviceIntent != null) {
-                CryptoInputParcelCacheService.addCryptoInputParcel(getActivity(), serviceIntent, inputParcel);
-                getActivity().setResult(RESULT_OK, serviceIntent);
-            } else {
-                // also return passphrase back to activity
-                Intent returnIntent = new Intent();
-                returnIntent.putExtra(RESULT_CRYPTO_INPUT, inputParcel);
-                getActivity().setResult(RESULT_OK, returnIntent);
-            }
 
             dismiss();
             getActivity().finish();
@@ -526,5 +514,15 @@ public class PassphraseDialogActivity extends FragmentActivity {
 
     }
 
+    /**
+     * Defines how the result of this activity is returned.
+     * Is overwritten in RemotePassphraseDialogActivity
+     */
+    protected void handleResult(CryptoInputParcel inputParcel) {
+        // also return passphrase back to activity
+        Intent returnIntent = new Intent();
+        returnIntent.putExtra(RESULT_CRYPTO_INPUT, inputParcel);
+        setResult(RESULT_OK, returnIntent);
+    }
 
 }

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java

@@ -35,7 +35,6 @@ import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey;
 import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKeyRing;
 import org.sufficientlysecure.keychain.provider.KeychainContract;
 import org.sufficientlysecure.keychain.provider.ProviderHelper;
-import org.sufficientlysecure.keychain.remote.CryptoInputParcelCacheService;
 import org.sufficientlysecure.keychain.service.PassphraseCacheService;
 import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
 import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
@@ -61,9 +60,6 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity
     public static final String EXTRA_REQUIRED_INPUT = "required_input";
     public static final String EXTRA_CRYPTO_INPUT = "crypto_input";
 
-    // passthrough for OpenPgpService
-    public static final String EXTRA_SERVICE_INTENT = "data";
-
     public static final String RESULT_CRYPTO_INPUT = "result_data";
 
     public ViewAnimator vAnimator;
@@ -72,7 +68,6 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity
     public NfcGuideView nfcGuideView;
 
     private RequiredInputParcel mRequiredInput;
-    private Intent mServiceIntent;
 
     private static final byte[] BLANK_FINGERPRINT = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
 
@@ -136,7 +131,6 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity
         Bundle data = intent.getExtras();
 
         mRequiredInput = data.getParcelable(EXTRA_REQUIRED_INPUT);
-        mServiceIntent = data.getParcelable(EXTRA_SERVICE_INTENT);
 
         obtainPassphraseIfRequired();
     }
@@ -273,18 +267,8 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity
     }
 
     @Override
-    protected void onNfcPostExecute() {
+    protected final void onNfcPostExecute() {
-        if (mServiceIntent != null) {
+        handleResult(mInputParcel);
-            // if we're triggered by OpenPgpService
-            // save updated cryptoInputParcel in cache
-            CryptoInputParcelCacheService.addCryptoInputParcel(this, mServiceIntent, mInputParcel);
-            setResult(RESULT_OK, mServiceIntent);
-        } else {
-            Intent result = new Intent();
-            // send back the CryptoInputParcel we received
-            result.putExtra(RESULT_CRYPTO_INPUT, mInputParcel);
-            setResult(RESULT_OK, result);
-        }
 
         // show finish
         vAnimator.setDisplayedChild(2);
@@ -315,6 +299,17 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenNfcActivity
         }.execute();
     }
 
+    /**
+     * Defines how the result of this activity is returned.
+     * Is overwritten in RemoteSecurityTokenOperationActivity
+     */
+    protected void handleResult(CryptoInputParcel inputParcel) {
+        Intent result = new Intent();
+        // send back the CryptoInputParcel we received
+        result.putExtra(RESULT_CRYPTO_INPUT, inputParcel);
+        setResult(RESULT_OK, result);
+    }
+
     @Override
     protected void onNfcError(String error) {
         pauseTagHandling();