cthrace/open-keychain
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:open-keychain/open-keychain

Browse Source
This commit is contained in:
Adithya Abraham Philip
2015-06-30 22:12:16 +05:30
parent 51d3daeccd 677afa90fc
commit a5257ec71d
140 changed files with 5316 additions and 1937 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainProvider.java
View File

@@ -520,7 +520,6 @@ public class KeychainProvider extends ContentProvider {
}
break;
}
case KEY_RINGS_PUBLIC:
@@ -607,23 +606,26 @@ public class KeychainProvider extends ContentProvider {
break;
}
case API_APPS:
case API_APPS: {
qb.setTables(Tables.API_APPS);
break;
case API_APPS_BY_PACKAGE_NAME:
}
case API_APPS_BY_PACKAGE_NAME: {
qb.setTables(Tables.API_APPS);
qb.appendWhere(ApiApps.PACKAGE_NAME + " = ");
qb.appendWhereEscapeString(uri.getLastPathSegment());
break;
case API_ACCOUNTS:
}
case API_ACCOUNTS: {
qb.setTables(Tables.API_ACCOUNTS);
qb.appendWhere(Tables.API_ACCOUNTS + "." + ApiAccounts.PACKAGE_NAME + " = ");
qb.appendWhereEscapeString(uri.getPathSegments().get(1));
break;
case API_ACCOUNTS_BY_ACCOUNT_NAME:
}
case API_ACCOUNTS_BY_ACCOUNT_NAME: {
qb.setTables(Tables.API_ACCOUNTS);
qb.appendWhere(Tables.API_ACCOUNTS + "." + ApiAccounts.PACKAGE_NAME + " = ");
qb.appendWhereEscapeString(uri.getPathSegments().get(1));
@@ -632,14 +634,17 @@ public class KeychainProvider extends ContentProvider {
qb.appendWhereEscapeString(uri.getLastPathSegment());
break;
case API_ALLOWED_KEYS:
}
case API_ALLOWED_KEYS: {
qb.setTables(Tables.API_ALLOWED_KEYS);
qb.appendWhere(Tables.API_ALLOWED_KEYS + "." + ApiAccounts.PACKAGE_NAME + " = ");
qb.appendWhereEscapeString(uri.getPathSegments().get(1));
break;
default:
}
default: {
throw new IllegalArgumentException("Unknown URI " + uri + " (" + match + ")");
}
}
@@ -684,47 +689,47 @@ public class KeychainProvider extends ContentProvider {
final int match = mUriMatcher.match(uri);
switch (match) {
case KEY_RING_PUBLIC:
case KEY_RING_PUBLIC: {
db.insertOrThrow(Tables.KEY_RINGS_PUBLIC, null, values);
keyId = values.getAsLong(KeyRings.MASTER_KEY_ID);
break;
case KEY_RING_SECRET:
}
case KEY_RING_SECRET: {
db.insertOrThrow(Tables.KEY_RINGS_SECRET, null, values);
keyId = values.getAsLong(KeyRings.MASTER_KEY_ID);
break;
case KEY_RING_KEYS:
}
case KEY_RING_KEYS: {
db.insertOrThrow(Tables.KEYS, null, values);
keyId = values.getAsLong(Keys.MASTER_KEY_ID);
break;
case KEY_RING_USER_IDS:
}
case KEY_RING_USER_IDS: {
// iff TYPE is null, user_id MUST be null as well
if ( ! (values.get(UserPacketsColumns.TYPE) == null
if (!(values.get(UserPacketsColumns.TYPE) == null
? (values.get(UserPacketsColumns.USER_ID) != null && values.get(UserPacketsColumns.ATTRIBUTE_DATA) == null)
: (values.get(UserPacketsColumns.ATTRIBUTE_DATA) != null && values.get(UserPacketsColumns.USER_ID) == null)
)) {
)) {
throw new AssertionError("Incorrect type for user packet! This is a bug!");
}
if (((Number)values.get(UserPacketsColumns.RANK)).intValue() == 0 && values.get(UserPacketsColumns.USER_ID) == null) {
if (((Number) values.get(UserPacketsColumns.RANK)).intValue() == 0 && values.get(UserPacketsColumns.USER_ID) == null) {
throw new AssertionError("Rank 0 user packet must be a user id!");
}
db.insertOrThrow(Tables.USER_PACKETS, null, values);
keyId = values.getAsLong(UserPackets.MASTER_KEY_ID);
break;
case KEY_RING_CERTS:
}
case KEY_RING_CERTS: {
// we replace here, keeping only the latest signature
// TODO this would be better handled in savePublicKeyRing directly!
db.replaceOrThrow(Tables.CERTS, null, values);
keyId = values.getAsLong(Certs.MASTER_KEY_ID);
break;
case API_APPS:
}
case API_APPS: {
db.insertOrThrow(Tables.API_APPS, null, values);
break;
}
case API_ACCOUNTS: {
// set foreign key automatically based on given uri
// e.g., api_apps/com.example.app/accounts/
@@ -743,8 +748,9 @@ public class KeychainProvider extends ContentProvider {
db.insertOrThrow(Tables.API_ALLOWED_KEYS, null, values);
break;
}
default:
default: {
throw new UnsupportedOperationException("Unknown uri: " + uri);
}
}
if (keyId != null) {
@@ -802,20 +808,24 @@ public class KeychainProvider extends ContentProvider {
break;
}
case API_APPS_BY_PACKAGE_NAME:
case API_APPS_BY_PACKAGE_NAME: {
count = db.delete(Tables.API_APPS, buildDefaultApiAppsSelection(uri, additionalSelection),
selectionArgs);
break;
case API_ACCOUNTS_BY_ACCOUNT_NAME:
}
case API_ACCOUNTS_BY_ACCOUNT_NAME: {
count = db.delete(Tables.API_ACCOUNTS, buildDefaultApiAccountsSelection(uri, additionalSelection),
selectionArgs);
break;
case API_ALLOWED_KEYS:
}
case API_ALLOWED_KEYS: {
count = db.delete(Tables.API_ALLOWED_KEYS, buildDefaultApiAllowedKeysSelection(uri, additionalSelection),
selectionArgs);
break;
default:
}
default: {
throw new UnsupportedOperationException("Unknown uri: " + uri);
}
}
// notify of changes in db
@@ -851,16 +861,19 @@ public class KeychainProvider extends ContentProvider {
count = db.update(Tables.KEYS, values, actualSelection, selectionArgs);
break;
}
case API_APPS_BY_PACKAGE_NAME:
case API_APPS_BY_PACKAGE_NAME: {
count = db.update(Tables.API_APPS, values,
buildDefaultApiAppsSelection(uri, selection), selectionArgs);
break;
case API_ACCOUNTS_BY_ACCOUNT_NAME:
}
case API_ACCOUNTS_BY_ACCOUNT_NAME: {
count = db.update(Tables.API_ACCOUNTS, values,
buildDefaultApiAccountsSelection(uri, selection), selectionArgs);
break;
default:
}
default: {
throw new UnsupportedOperationException("Unknown uri: " + uri);
}
}
// notify of changes in db

63
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/TemporaryStorageProvider.java
View File

@@ -19,23 +19,15 @@
package org.sufficientlysecure.keychain.provider;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.util.UUID;
import android.content.ClipDescription;
import android.content.ContentProvider;
import android.content.ContentValues;
import android.content.Context;
import android.content.res.AssetFileDescriptor;
import android.database.Cursor;
import android.database.MatrixCursor;
import android.database.sqlite.SQLiteDatabase;
import android.database.sqlite.SQLiteOpenHelper;
import android.net.Uri;
import android.os.Bundle;
import android.os.CancellationSignal;
import android.os.ParcelFileDescriptor;
import android.provider.OpenableColumns;
@@ -43,6 +35,30 @@ import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.util.DatabaseUtil;
import org.sufficientlysecure.keychain.util.Log;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.util.UUID;
/**
* TemporaryStorageProvider stores decrypted files inside the app's cache directory previously to
* sharing them with other applications.
*
* Security:
* - It is writable by OpenKeychain only (see Manifest), but exported for reading files
* - It uses UUIDs as identifiers which makes predicting files from outside impossible
* - Querying a number of files is not allowed, only querying single files
* -> You can only open a file if you know the Uri containing the precise UUID, this Uri is only
* revealed when the user shares a decrypted file with another app.
*
* Why is support lib's FileProvider not used?
* Because granting Uri permissions temporarily does not work correctly. See
* - https://code.google.com/p/android/issues/detail?id=76683
* - https://github.com/nmr8acme/FileProvider-permission-bug
* - http://stackoverflow.com/q/24467696
* - http://stackoverflow.com/q/18249007
* - Comments at http://www.blogc.at/2014/03/23/share-private-files-with-other-apps-fileprovider/
*/
public class TemporaryStorageProvider extends ContentProvider {
private static final String DB_NAME = "tempstorage.db";
@@ -143,6 +159,10 @@ public class TemporaryStorageProvider extends ContentProvider {
@Override
public Cursor query(Uri uri, String[] projection, String selection, String[] selectionArgs, String sortOrder) {
if (uri.getLastPathSegment() == null) {
throw new SecurityException("Listing temporary files is not allowed, only querying single files.");
}
File file;
try {
file = getFile(uri);
@@ -153,9 +173,15 @@ public class TemporaryStorageProvider extends ContentProvider {
new String[]{uri.getLastPathSegment()}, null, null, null);
if (fileName != null) {
if (fileName.moveToNext()) {
MatrixCursor cursor =
new MatrixCursor(new String[]{OpenableColumns.DISPLAY_NAME, OpenableColumns.SIZE, "_data"});
cursor.newRow().add(fileName.getString(0)).add(file.length()).add(file.getAbsolutePath());
MatrixCursor cursor = new MatrixCursor(new String[]{
OpenableColumns.DISPLAY_NAME,
OpenableColumns.SIZE,
"_data"
});
cursor.newRow()
.add(fileName.getString(0))
.add(file.length())
.add(file.getAbsolutePath());
fileName.close();
return cursor;
}
@@ -167,8 +193,8 @@ public class TemporaryStorageProvider extends ContentProvider {
@Override
public String getType(Uri uri) {
Cursor cursor = db.getReadableDatabase().query(TABLE_FILES,
new String[]{ COLUMN_TYPE }, COLUMN_ID + "=?",
new String[]{ uri.getLastPathSegment() }, null, null, null);
new String[]{COLUMN_TYPE}, COLUMN_ID + "=?",
new String[]{uri.getLastPathSegment()}, null, null, null);
if (cursor != null) {
try {
if (cursor.moveToNext()) {
@@ -180,14 +206,14 @@ public class TemporaryStorageProvider extends ContentProvider {
cursor.close();
}
}
return "*/*";
return "application/octet-stream";
}
@Override
public String[] getStreamTypes(Uri uri, String mimeTypeFilter) {
String type = getType(uri);
if (ClipDescription.compareMimeTypes(type, mimeTypeFilter)) {
return new String[] { type };
return new String[]{type};
}
return null;
}
@@ -200,9 +226,14 @@ public class TemporaryStorageProvider extends ContentProvider {
String uuid = UUID.randomUUID().toString();
values.put(COLUMN_ID, uuid);
int insert = (int) db.getWritableDatabase().insert(TABLE_FILES, null, values);
if (insert == -1) {
Log.e(Constants.TAG, "Insert failed!");
return null;
}
try {
getFile(uuid).createNewFile();
} catch (IOException e) {
Log.e(Constants.TAG, "File creation failed!");
return null;
}
return Uri.withAppendedPath(BASE_URI, uuid);
@@ -238,7 +269,7 @@ public class TemporaryStorageProvider extends ContentProvider {
throw new UnsupportedOperationException("Update supported only for plain uri!");
}
return db.getWritableDatabase().update(TABLE_FILES, values,
COLUMN_ID + " = ?", new String[]{ uri.getLastPathSegment() });
COLUMN_ID + " = ?", new String[]{uri.getLastPathSegment()});
}
@Override