cthrace/open-keychain
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

change "select allowed keys" into "request key permission" activity

Browse Source
This commit is contained in:
Vincent Breitmoser
2017-02-02 22:32:01 +01:00
parent 5f56d3b85a
commit a9001b3b45
15 changed files with 443 additions and 177 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/DecryptVerifyResult.java
View File

@@ -40,14 +40,22 @@ public class DecryptVerifyResult extends InputPendingResult {
byte[] mOutputBytes;
public long mOperationTime;
private final long[] mSkippedDisallowedKeys;
public DecryptVerifyResult(int result, OperationLog log) {
super(result, log);
mSkippedDisallowedKeys = null;
}
public DecryptVerifyResult(int result, OperationLog log, long[] skippedDisallowedKeys) {
super(result, log);
mSkippedDisallowedKeys = skippedDisallowedKeys;
}
public DecryptVerifyResult(OperationLog log, RequiredInputParcel requiredInput,
CryptoInputParcel cryptoInputParcel) {
super(log, requiredInput, cryptoInputParcel);
mSkippedDisallowedKeys = null;
}
public DecryptVerifyResult(Parcel source) {
@@ -56,6 +64,7 @@ public class DecryptVerifyResult extends InputPendingResult {
mDecryptionResult = source.readParcelable(OpenPgpDecryptionResult.class.getClassLoader());
mDecryptionMetadata = source.readParcelable(OpenPgpMetadata.class.getClassLoader());
mCachedCryptoInputParcel = source.readParcelable(CryptoInputParcel.class.getClassLoader());
mSkippedDisallowedKeys = source.createLongArray();
}
@@ -103,6 +112,10 @@ public class DecryptVerifyResult extends InputPendingResult {
return mOutputBytes;
}
public long[] getSkippedDisallowedKeys() {
return mSkippedDisallowedKeys;
}
public int describeContents() {
return 0;
}
@@ -113,6 +126,7 @@ public class DecryptVerifyResult extends InputPendingResult {
dest.writeParcelable(mDecryptionResult, flags);
dest.writeParcelable(mDecryptionMetadata, flags);
dest.writeParcelable(mCachedCryptoInputParcel, flags);
dest.writeLongArray(mSkippedDisallowedKeys);
}
public static final Creator<DecryptVerifyResult> CREATOR = new Creator<DecryptVerifyResult>() {

10
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerifyOperation.java
View File

@@ -29,6 +29,7 @@ import java.io.OutputStream;
import java.nio.ByteBuffer;
import java.security.SignatureException;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Map.Entry;
@@ -208,7 +209,7 @@ public class PgpDecryptVerifyOperation extends BaseOperation<PgpDecryptVerifyInp
int symmetricEncryptionAlgo = 0;
boolean skippedDisallowedKey = false;
HashSet<Long> skippedDisallowedKeys = new HashSet<>();
boolean insecureEncryptionKey = false;
// convenience method to return with error
@@ -607,7 +608,7 @@ public class PgpDecryptVerifyOperation extends BaseOperation<PgpDecryptVerifyInp
if (!input.getAllowedKeyIds().contains(masterKeyId)) {
// this key is in our db, but NOT allowed!
// continue with the next packet in the while loop
result.skippedDisallowedKey = true;
result.skippedDisallowedKeys.add(masterKeyId);
log.add(LogType.MSG_DC_ASKIP_NOT_ALLOWED, indent + 1);
continue;
}
@@ -816,9 +817,10 @@ public class PgpDecryptVerifyOperation extends BaseOperation<PgpDecryptVerifyInp
return result.with(new DecryptVerifyResult(DecryptVerifyResult.RESULT_NO_DATA, log));
}
// there was data but key wasn't allowed
if (result.skippedDisallowedKey) {
if (!result.skippedDisallowedKeys.isEmpty()) {
log.add(LogType.MSG_DC_ERROR_NO_KEY, indent + 1);
return result.with(new DecryptVerifyResult(DecryptVerifyResult.RESULT_KEY_DISALLOWED, log));
long[] skippedDisallowedKeys = KeyFormattingUtils.getUnboxedLongArray(result.skippedDisallowedKeys);
return result.with(new DecryptVerifyResult(DecryptVerifyResult.RESULT_KEY_DISALLOWED, log, skippedDisallowedKeys));
}
// no packet has been found where we have the corresponding secret key in our db
log.add(LogType.MSG_DC_ERROR_NO_KEY, indent + 1);

5
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ApiDataAccessObject.java
View File

@@ -241,6 +241,11 @@ public class ApiDataAccessObject {
mQueryInterface.insert(uri, values);
}
public void addAllowedKeyIdForApp(String packageName, long allowedKeyId) {
Uri uri = ApiAllowedKeys.buildBaseUri(packageName);
addAllowedKeyIdForApp(uri, allowedKeyId);
}
public byte[] getApiAppCertificate(String packageName) {
Uri queryUri = ApiApps.buildByPackageNameUri(packageName);

9
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ApiPendingIntentFactory.java
View File

@@ -31,7 +31,7 @@ import org.sufficientlysecure.keychain.remote.ui.RemotePassphraseDialogActivity;
import org.sufficientlysecure.keychain.remote.ui.RemoteRegisterActivity;
import org.sufficientlysecure.keychain.remote.ui.RemoteSecurityTokenOperationActivity;
import org.sufficientlysecure.keychain.remote.ui.RemoteSelectPubKeyActivity;
import org.sufficientlysecure.keychain.remote.ui.SelectAllowedKeysActivity;
import org.sufficientlysecure.keychain.remote.ui.RequestKeyPermissionActivity;
import org.sufficientlysecure.keychain.remote.ui.SelectSignKeyIdActivity;
import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
@@ -103,9 +103,10 @@ public class ApiPendingIntentFactory {
return createInternal(data, intent);
}
PendingIntent createSelectAllowedKeysPendingIntent(Intent data, String packageName) {
Intent intent = new Intent(mContext, SelectAllowedKeysActivity.class);
intent.setData(KeychainContract.ApiApps.buildByPackageNameUri(packageName));
PendingIntent createSelectAllowedKeysPendingIntent(Intent data, String packageName, long[] skippedDisallowedKeys) {
Intent intent = new Intent(mContext, RequestKeyPermissionActivity.class);
intent.putExtra(RequestKeyPermissionActivity.EXTRA_PACKAGE_NAME, packageName);
intent.putExtra(RequestKeyPermissionActivity.EXTRA_REQUESTED_KEY_IDS, skippedDisallowedKeys);
return createInternal(data, intent);
}

2
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ApiPermissionHelper.java
View File

@@ -230,7 +230,7 @@ public class ApiPermissionHelper {
*
* @throws WrongPackageCertificateException
*/
private boolean isPackageAllowed(String packageName) throws WrongPackageCertificateException {
public boolean isPackageAllowed(String packageName) throws WrongPackageCertificateException {
Log.d(Constants.TAG, "isPackageAllowed packageName: " + packageName);
byte[] storedPackageCert = mApiDao.getApiAppCertificate(packageName);

5
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
View File

@@ -393,13 +393,14 @@ public class OpenPgpService extends Service {
result.putExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_SUCCESS);
return result;
} else {
//
if (pgpResult.isKeysDisallowed()) {
long[] skippedDisallowedKeys = pgpResult.getSkippedDisallowedKeys();
// allow user to select allowed keys
Intent result = new Intent();
String packageName = mApiPermissionHelper.getCurrentCallingPackage();
result.putExtra(OpenPgpApi.RESULT_INTENT,
mApiPendingIntentFactory.createSelectAllowedKeysPendingIntent(data, packageName));
mApiPendingIntentFactory.createSelectAllowedKeysPendingIntent(
data, packageName, skippedDisallowedKeys));
result.putExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_USER_INTERACTION_REQUIRED);
return result;
}

17
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpServiceKeyIdExtractor.java
View File

@@ -2,7 +2,6 @@ package org.sufficientlysecure.keychain.remote;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import android.app.PendingIntent;
@@ -10,7 +9,6 @@ import android.content.ContentResolver;
import android.content.Intent;
import android.database.Cursor;
import android.net.Uri;
import android.support.annotation.NonNull;
import android.support.annotation.VisibleForTesting;
import org.openintents.openpgp.OpenPgpError;
@@ -21,6 +19,7 @@ import org.sufficientlysecure.keychain.pgp.KeyRing;
import org.sufficientlysecure.keychain.provider.KeychainContract;
import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
import org.sufficientlysecure.keychain.provider.KeychainDatabase.Tables;
import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
import org.sufficientlysecure.keychain.util.Log;
@@ -146,7 +145,7 @@ class OpenPgpServiceKeyIdExtractor {
}
if (!hasUserIds || hasMissingUserIds || hasDuplicateUserIds) {
long[] keyIdsArray = getUnboxedLongArray(keyIds);
long[] keyIdsArray = KeyFormattingUtils.getUnboxedLongArray(keyIds);
PendingIntent pi = apiPendingIntentFactory.createSelectPublicKeyPendingIntent(data, keyIdsArray,
missingEmails, duplicateEmails, hasUserIds);
@@ -164,16 +163,6 @@ class OpenPgpServiceKeyIdExtractor {
return new KeyIdResult(keyIds);
}
@NonNull
private static long[] getUnboxedLongArray(@NonNull Collection<Long> arrayList) {
long[] result = new long[arrayList.size()];
int i = 0;
for (Long e : arrayList) {
result[i++] = e;
}
return result;
}
static class KeyIdResult {
private final Intent mResultIntent;
private final HashSet<Long> mKeyIds;
@@ -206,7 +195,7 @@ class OpenPgpServiceKeyIdExtractor {
if (mKeyIds == null) {
throw new AssertionError("key ids must not be null when getKeyIds is called!");
}
return getUnboxedLongArray(mKeyIds);
return KeyFormattingUtils.getUnboxedLongArray(mKeyIds);
}
}

188
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ui/RequestKeyPermissionActivity.java Normal file
View File

@@ -0,0 +1,188 @@
/*
* Copyright (C) 2017 Vincent Breitmoser <look@my.amazin.horse>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package org.sufficientlysecure.keychain.remote.ui;
import android.app.Activity;
import android.content.Intent;
import android.content.pm.ApplicationInfo;
import android.content.pm.PackageManager;
import android.content.pm.PackageManager.NameNotFoundException;
import android.graphics.drawable.Drawable;
import android.os.Bundle;
import android.view.View;
import android.view.View.OnClickListener;
import android.widget.ImageView;
import android.widget.TextView;
import android.widget.ViewAnimator;
import org.openintents.openpgp.util.OpenPgpUtils.UserId;
import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.R;
import org.sufficientlysecure.keychain.pgp.exception.PgpKeyNotFoundException;
import org.sufficientlysecure.keychain.provider.ApiDataAccessObject;
import org.sufficientlysecure.keychain.provider.CachedPublicKeyRing;
import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
import org.sufficientlysecure.keychain.provider.ProviderHelper;
import org.sufficientlysecure.keychain.remote.ApiPermissionHelper;
import org.sufficientlysecure.keychain.remote.ApiPermissionHelper.WrongPackageCertificateException;
import org.sufficientlysecure.keychain.ui.ViewKeyActivity;
import org.sufficientlysecure.keychain.ui.base.BaseActivity;
import org.sufficientlysecure.keychain.util.Log;
public class RequestKeyPermissionActivity extends BaseActivity {
public static final String EXTRA_PACKAGE_NAME = "package_name";
public static final String EXTRA_REQUESTED_KEY_IDS = "requested_key_ids";
private ViewAnimator viewAnimator;
private String packageName;
private View keyInfoLayout;
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
Intent intent = getIntent();
packageName = intent.getStringExtra(EXTRA_PACKAGE_NAME);
checkPackageAllowed(packageName);
// Inflate a "Done" custom action bar
setFullScreenDialogClose(
new View.OnClickListener() {
@Override
public void onClick(View v) {
setResult(RESULT_CANCELED);
finish();
}
});
ImageView iconClientApp = (ImageView) findViewById(R.id.icon_client_app);
Drawable appIcon;
CharSequence appName;
try {
PackageManager packageManager = getPackageManager();
ApplicationInfo applicationInfo = packageManager.getApplicationInfo(packageName, 0);
appIcon = packageManager.getApplicationIcon(applicationInfo);
appName = packageManager.getApplicationLabel(applicationInfo);
} catch (NameNotFoundException e) {
Log.e(Constants.TAG, "Unable to find info of calling app!");
finish();
return;
}
iconClientApp.setImageDrawable(appIcon);
TextView titleText = (TextView) findViewById(R.id.select_identity_key_title);
titleText.setText(getString(R.string.request_permission_title, appName));
viewAnimator = (ViewAnimator) findViewById(R.id.status_animator);
keyInfoLayout = findViewById(R.id.key_info_layout);
long[] requestedMasterKeyIds = getIntent().getLongArrayExtra(EXTRA_REQUESTED_KEY_IDS);
long masterKeyId = requestedMasterKeyIds[0];
// long masterKeyId = 4817915339785265755L;
try {
CachedPublicKeyRing cachedPublicKeyRing = new ProviderHelper(this).getCachedPublicKeyRing(masterKeyId);
UserId userId = cachedPublicKeyRing.getSplitPrimaryUserIdWithFallback();
displayKeyInfo(masterKeyId, userId);
if (cachedPublicKeyRing.hasAnySecret()) {
displayRequestKeyChoice(masterKeyId);
} else {
displayNoSecretKeyError();
}
} catch (PgpKeyNotFoundException e) {
keyInfoLayout.setVisibility(View.GONE);
displayUnknownSecretKeyError();
}
}
private void displayKeyInfo(final long masterKeyId, UserId userId) {
keyInfoLayout.setVisibility(View.VISIBLE);
TextView keyUserIdView = (TextView) findViewById(R.id.select_key_item_name);
keyUserIdView.setText(userId.name);
findViewById(R.id.display_key).setOnClickListener(new OnClickListener() {
@Override
public void onClick(View view) {
Intent intent = new Intent(RequestKeyPermissionActivity.this, ViewKeyActivity.class);
intent.setData(KeyRings.buildGenericKeyRingUri(masterKeyId));
startActivity(intent);
}
});
}
private void displayRequestKeyChoice(final long masterKeyId) {
viewAnimator.setDisplayedChild(0);
findViewById(R.id.button_allow).setOnClickListener(new OnClickListener() {
@Override
public void onClick(View view) {
allowAndFinish(masterKeyId);
}
});
findViewById(R.id.button_disallow).setOnClickListener(new OnClickListener() {
@Override
public void onClick(View view) {
setResult(Activity.RESULT_CANCELED);
finish();
}
});
}
private void allowAndFinish(long masterKeyId) {
new ApiDataAccessObject(this).addAllowedKeyIdForApp(packageName, masterKeyId);
finish();
}
private void displayNoSecretKeyError() {
viewAnimator.setDisplayedChild(1);
}
private void displayUnknownSecretKeyError() {
viewAnimator.setDisplayedChild(2);
}
private void checkPackageAllowed(String packageName) {
ApiDataAccessObject apiDao = new ApiDataAccessObject(this);
ApiPermissionHelper apiPermissionHelper = new ApiPermissionHelper(this, apiDao);
boolean packageAllowed;
try {
packageAllowed = apiPermissionHelper.isPackageAllowed(packageName);
} catch (WrongPackageCertificateException e) {
packageAllowed = false;
}
if (!packageAllowed) {
throw new IllegalStateException("Pending intent launched by unknown app!");
}
}
@Override
protected void initLayout() {
setContentView(R.layout.api_remote_request_key_permission);
}
}

113
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ui/SelectAllowedKeysActivity.java
View File

@@ -1,113 +0,0 @@
/*
* Copyright (C) 2015 Dominik Schürmann <dominik@dominikschuermann.de>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package org.sufficientlysecure.keychain.remote.ui;
import android.app.Activity;
import android.content.Intent;
import android.net.Uri;
import android.os.Bundle;
import android.view.View;
import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.R;
import org.sufficientlysecure.keychain.provider.KeychainContract;
import org.sufficientlysecure.keychain.ui.base.BaseActivity;
import org.sufficientlysecure.keychain.util.Log;
public class SelectAllowedKeysActivity extends BaseActivity {
public static final String EXTRA_SERVICE_INTENT = "data";
private AppSettingsAllowedKeysListFragment mAllowedKeysFragment;
Intent mServiceData;
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
// Inflate a "Done" custom action bar
setFullScreenDialogDoneClose(R.string.api_settings_save,
new View.OnClickListener() {
@Override
public void onClick(View v) {
save();
}
},
new View.OnClickListener() {
@Override
public void onClick(View v) {
cancel();
}
});
Intent intent = getIntent();
mServiceData = intent.getParcelableExtra(EXTRA_SERVICE_INTENT);
Uri appUri = intent.getData();
if (appUri == null) {
Log.e(Constants.TAG, "Intent data missing. Should be Uri of app!");
finish();
return;
} else {
Log.d(Constants.TAG, "uri: " + appUri);
loadData(savedInstanceState, appUri);
}
}
@Override
protected void initLayout() {
setContentView(R.layout.api_remote_select_allowed_keys);
}
private void save() {
mAllowedKeysFragment.saveAllowedKeys();
setResult(Activity.RESULT_OK, mServiceData);
finish();
}
private void cancel() {
setResult(Activity.RESULT_CANCELED);
finish();
}
private void loadData(Bundle savedInstanceState, Uri appUri) {
Uri allowedKeysUri = appUri.buildUpon().appendPath(KeychainContract.PATH_ALLOWED_KEYS).build();
Log.d(Constants.TAG, "allowedKeysUri: " + allowedKeysUri);
startListFragments(savedInstanceState, allowedKeysUri);
}
private void startListFragments(Bundle savedInstanceState, Uri allowedKeysUri) {
// However, if we're being restored from a previous state,
// then we don't need to do anything and should return or else
// we could end up with overlapping fragments.
if (savedInstanceState != null) {
return;
}
// Create an instance of the fragments
mAllowedKeysFragment = AppSettingsAllowedKeysListFragment.newInstance(allowedKeysUri);
// Add the fragment to the 'fragment_container' FrameLayout
// NOTE: We use commitAllowingStateLoss() to prevent weird crashes!
getSupportFragmentManager().beginTransaction()
.replace(R.id.api_allowed_keys_list_fragment, mAllowedKeysFragment)
.commitAllowingStateLoss();
// do it immediately!
getSupportFragmentManager().executePendingTransactions();
}
}

12
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/util/KeyFormattingUtils.java
View File

@@ -22,6 +22,7 @@ import android.content.Context;
import android.content.res.Resources;
import android.graphics.Color;
import android.graphics.PorterDuff;
import android.support.annotation.NonNull;
import android.text.Spannable;
import android.text.SpannableStringBuilder;
import android.text.style.ForegroundColorSpan;
@@ -51,6 +52,7 @@ import java.nio.ByteBuffer;
import java.security.DigestException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Collection;
import java.util.Locale;
public class KeyFormattingUtils {
@@ -410,6 +412,16 @@ public class KeyFormattingUtils {
public static final int DEFAULT_COLOR = -1;
@NonNull
public static long[] getUnboxedLongArray(@NonNull Collection<Long> arrayList) {
long[] result = new long[arrayList.size()];
int i = 0;
for (Long e : arrayList) {
result[i++] = e;
}
return result;
}
public enum State {
REVOKED,
EXPIRED,