k-9/src/com/fsck/k9/security/LocalKeyStore.java

package com.fsck.k9.security;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import org.apache.commons.io.IOUtils;

import android.util.Log;

import com.fsck.k9.K9;

public class LocalKeyStore {
    private static final int KEY_STORE_FILE_VERSION = 1;

    private static String sKeyStoreLocation;

    public static void setKeyStoreLocation(String directory) {
        sKeyStoreLocation = directory;
    }

    private static class LocalKeyStoreHolder {
        static final LocalKeyStore INSTANCE = new LocalKeyStore();
    }

    public static LocalKeyStore getInstance() {
        return LocalKeyStoreHolder.INSTANCE;
    }


    private File mKeyStoreFile;
    private KeyStore mKeyStore;


    private LocalKeyStore() {
        try {
            upgradeKeyStoreFile();
            setKeyStoreFile(null);
        } catch (CertificateException e) {
            /*
             * Can happen if setKeyStoreLocation(String directory) has not been
             * called before the first call to getInstance(). Not necessarily an
             * error, presuming setKeyStoreFile(File) is called next with a
             * non-null File.
             */
            Log.w(K9.LOG_TAG, "Local key store has not been initialized");
        }
    }

    /**
     * Reinitialize the local key store with certificates contained in
     * {@code file}
     *
     * @param file
     *            {@link File} containing locally saved certificates. May be 0
     *            length, in which case it is deleted and recreated. May be
     *            {@code null}, in which case a default file location is used.
     * @throws CertificateException
     *            Occurs if {@code file == null} and
     *            {@code setKeyStoreLocation(directory)} was not called previously.
     */
    public synchronized void setKeyStoreFile(File file) throws CertificateException {
        if (file == null) {
            file = new File(getKeyStoreFilePath(KEY_STORE_FILE_VERSION));
        }
        if (file.length() == 0) {
            /*
             * The file may be empty (e.g., if it was created with
             * File.createTempFile). We can't pass an empty file to
             * Keystore.load. Instead, we let it be created anew.
             */
            file.delete();
        }

        FileInputStream fis = null;
        try {
            fis = new FileInputStream(file);
        } catch (FileNotFoundException e) {
            // If the file doesn't exist, that's fine, too
        }

        try {
            KeyStore store = KeyStore.getInstance(KeyStore.getDefaultType());
            store.load(fis, "".toCharArray());
            mKeyStore = store;
            mKeyStoreFile = file;
        } catch (Exception e) {
            Log.e(K9.LOG_TAG, "Failed to initialize local key store", e);
            // Use of the local key store is effectively disabled.
            mKeyStore = null;
            mKeyStoreFile = null;
        } finally {
            IOUtils.closeQuietly(fis);
        }
    }

    public synchronized void addCertificate(String host, int port,
            X509Certificate certificate) throws CertificateException {
        if (mKeyStore == null) {
            throw new CertificateException(
                    "Certificate not added because key store not initialized");
        }
        try {
            mKeyStore.setCertificateEntry(getCertKey(host, port), certificate);
        } catch (KeyStoreException e) {
            throw new CertificateException(
                    "Failed to add certificate to local key store", e);
        }
        writeCertificateFile();
    }

    private void writeCertificateFile() throws CertificateException {
        java.io.OutputStream keyStoreStream = null;
        try {
            keyStoreStream = new java.io.FileOutputStream(mKeyStoreFile);
            mKeyStore.store(keyStoreStream, "".toCharArray());
        } catch (FileNotFoundException e) {
            throw new CertificateException("Unable to write KeyStore: "
                    + e.getMessage());
        } catch (CertificateException e) {
            throw new CertificateException("Unable to write KeyStore: "
                    + e.getMessage());
        } catch (IOException e) {
            throw new CertificateException("Unable to write KeyStore: "
                    + e.getMessage());
        } catch (NoSuchAlgorithmException e) {
            throw new CertificateException("Unable to write KeyStore: "
                    + e.getMessage());
        } catch (KeyStoreException e) {
            throw new CertificateException("Unable to write KeyStore: "
                    + e.getMessage());
        } finally {
            IOUtils.closeQuietly(keyStoreStream);
        }
    }

    public synchronized boolean isValidCertificate(Certificate certificate,
            String host, int port) {
        if (mKeyStore == null) {
            return false;
        }
        Certificate storedCert = null;
        try {
            storedCert = mKeyStore.getCertificate(getCertKey(host, port));
            return (storedCert != null && storedCert.equals(certificate));
        } catch (KeyStoreException e) {
            return false;
        }
    }

    private static String getCertKey(String host, int port) {
        return host + ":" + port;
    }

    public synchronized void deleteCertificate(String oldHost, int oldPort) {
        if (mKeyStore == null) {
            return;
        }
        try {
            mKeyStore.deleteEntry(getCertKey(oldHost, oldPort));
            writeCertificateFile();
        } catch (KeyStoreException e) {
            // Ignore: most likely there was no cert. found
        } catch (CertificateException e) {
            Log.e(K9.LOG_TAG, "Error updating the local key store file", e);
        }
    }

    private void upgradeKeyStoreFile() throws CertificateException {
        if (KEY_STORE_FILE_VERSION > 0) {
            // Blow away version "0" because certificate aliases have changed.
            new File(getKeyStoreFilePath(0)).delete();
        }
    }

    private String getKeyStoreFilePath(int version) throws CertificateException {
        if (sKeyStoreLocation == null) {
            throw new CertificateException("Local key store location has not been initialized");
        }
        if (version < 1) {
            return sKeyStoreLocation + File.separator + "KeyStore.bks";
        } else {
            return sKeyStoreLocation + File.separator + "KeyStore_v" + version + ".bks";
        }
    }
}
Move some classes out of com.fsck.k9.mail.store The classes are just as much related to com.fsck.k9.mail.transport as com.fsck.k9.mail.store, so having them in com.fsck.k9.mail.store doesn't seem appropriate. Move LocalKeyStore to com.fsck.k9.security Move TrustManagerFactory and TrustedSocketFactory to com.fsck.k9.net.ssl 2013-12-02 14:07:57 -05:00			`package com.fsck.k9.security;`
Extract code into new LocalKeyStore class Also, implement the ability to configure an alternate key store file location. This permits the running of unit tests without clobbering the live key store file. Also, add a test to confirm that the key store file is being written out and reread correctly. 2013-12-02 14:04:40 -05:00
			`import java.io.File;`
			`import java.io.FileInputStream;`
			`import java.io.FileNotFoundException;`
			`import java.io.IOException;`
			`import java.security.KeyStore;`
			`import java.security.KeyStoreException;`
			`import java.security.NoSuchAlgorithmException;`
			`import java.security.cert.Certificate;`
			`import java.security.cert.CertificateException;`
			`import java.security.cert.X509Certificate;`

			`import org.apache.commons.io.IOUtils;`

			`import android.util.Log;`

			`import com.fsck.k9.K9;`

			`public class LocalKeyStore {`
"upgrade" the LocalKeyStore Implement an "upgrade" capability for the key store file, and then use it to delete the old file. The existing certs in the old file are not a security risk, but they are now useless because the format of their aliases was changed in commit a4440b4. They now are just taking up storage space and memory. Users will need to re-accept ALL certificates that they had previously accepted and are still using. (Actually, this requirement was effective with commit 4b57d79a. Before that, certificates whose Subject matched did not require re-accepting.) 2013-12-02 14:37:07 -05:00			`private static final int KEY_STORE_FILE_VERSION = 1;`
Extract code into new LocalKeyStore class Also, implement the ability to configure an alternate key store file location. This permits the running of unit tests without clobbering the live key store file. Also, add a test to confirm that the key store file is being written out and reread correctly. 2013-12-02 14:04:40 -05:00
Eliminate the need to pass a context to LocalKeyStore.getInstance Instead, have K9.onCreate initialize the location of the key store file (similar to what is done with BinaryTempFileBody.setTempDirectory). Also, LocalKeyStore.getInstance has been changed so that it no longer needs to be synchronized. 2013-12-03 19:20:20 -05:00			`private static String sKeyStoreLocation;`
Remove LocalKeyStore's dependency on K9.app 2013-12-03 07:28:48 -05:00
Eliminate the need to pass a context to LocalKeyStore.getInstance Instead, have K9.onCreate initialize the location of the key store file (similar to what is done with BinaryTempFileBody.setTempDirectory). Also, LocalKeyStore.getInstance has been changed so that it no longer needs to be synchronized. 2013-12-03 19:20:20 -05:00			`public static void setKeyStoreLocation(String directory) {`
			`sKeyStoreLocation = directory;`
			`}`
Remove LocalKeyStore's dependency on K9.app 2013-12-03 07:28:48 -05:00
Eliminate the need to pass a context to LocalKeyStore.getInstance Instead, have K9.onCreate initialize the location of the key store file (similar to what is done with BinaryTempFileBody.setTempDirectory). Also, LocalKeyStore.getInstance has been changed so that it no longer needs to be synchronized. 2013-12-03 19:20:20 -05:00			`private static class LocalKeyStoreHolder {`
			`static final LocalKeyStore INSTANCE = new LocalKeyStore();`
			`}`

			`public static LocalKeyStore getInstance() {`
			`return LocalKeyStoreHolder.INSTANCE;`
Extract code into new LocalKeyStore class Also, implement the ability to configure an alternate key store file location. This permits the running of unit tests without clobbering the live key store file. Also, add a test to confirm that the key store file is being written out and reread correctly. 2013-12-02 14:04:40 -05:00			`}`

Remove LocalKeyStore's dependency on K9.app 2013-12-03 07:28:48 -05:00
			`private File mKeyStoreFile;`
			`private KeyStore mKeyStore;`


Eliminate the need to pass a context to LocalKeyStore.getInstance Instead, have K9.onCreate initialize the location of the key store file (similar to what is done with BinaryTempFileBody.setTempDirectory). Also, LocalKeyStore.getInstance has been changed so that it no longer needs to be synchronized. 2013-12-03 19:20:20 -05:00			`private LocalKeyStore() {`
Change LocalKeyStore error reporting The error reporting assures an exception is thrown if setKeyStoreFile(null) is called without a prior call to setKeyStoreLocation(String directory). Also, fix TrustManagerFactoryTest indentation. 2013-12-04 12:10:12 -05:00			`try {`
Eliminate the need to pass a context to LocalKeyStore.getInstance Instead, have K9.onCreate initialize the location of the key store file (similar to what is done with BinaryTempFileBody.setTempDirectory). Also, LocalKeyStore.getInstance has been changed so that it no longer needs to be synchronized. 2013-12-03 19:20:20 -05:00			`upgradeKeyStoreFile();`
			`setKeyStoreFile(null);`
Change LocalKeyStore error reporting The error reporting assures an exception is thrown if setKeyStoreFile(null) is called without a prior call to setKeyStoreLocation(String directory). Also, fix TrustManagerFactoryTest indentation. 2013-12-04 12:10:12 -05:00			`} catch (CertificateException e) {`
			`/*`
			`* Can happen if setKeyStoreLocation(String directory) has not been`
			`* called before the first call to getInstance(). Not necessarily an`
			`* error, presuming setKeyStoreFile(File) is called next with a`
			`* non-null File.`
			`*/`
			`Log.w(K9.LOG_TAG, "Local key store has not been initialized");`
Eliminate the need to pass a context to LocalKeyStore.getInstance Instead, have K9.onCreate initialize the location of the key store file (similar to what is done with BinaryTempFileBody.setTempDirectory). Also, LocalKeyStore.getInstance has been changed so that it no longer needs to be synchronized. 2013-12-03 19:20:20 -05:00			`}`
Extract code into new LocalKeyStore class Also, implement the ability to configure an alternate key store file location. This permits the running of unit tests without clobbering the live key store file. Also, add a test to confirm that the key store file is being written out and reread correctly. 2013-12-02 14:04:40 -05:00			`}`

			`/**`
			`* Reinitialize the local key store with certificates contained in`
			`* {@code file}`
			`*`
			`* @param file`
			`* {@link File} containing locally saved certificates. May be 0`
			`* length, in which case it is deleted and recreated. May be`
			`* {@code null}, in which case a default file location is used.`
Change LocalKeyStore error reporting The error reporting assures an exception is thrown if setKeyStoreFile(null) is called without a prior call to setKeyStoreLocation(String directory). Also, fix TrustManagerFactoryTest indentation. 2013-12-04 12:10:12 -05:00			`* @throws CertificateException`
			`* Occurs if {@code file == null} and`
			`* {@code setKeyStoreLocation(directory)} was not called previously.`
Extract code into new LocalKeyStore class Also, implement the ability to configure an alternate key store file location. This permits the running of unit tests without clobbering the live key store file. Also, add a test to confirm that the key store file is being written out and reread correctly. 2013-12-02 14:04:40 -05:00			`*/`
Change LocalKeyStore error reporting The error reporting assures an exception is thrown if setKeyStoreFile(null) is called without a prior call to setKeyStoreLocation(String directory). Also, fix TrustManagerFactoryTest indentation. 2013-12-04 12:10:12 -05:00			`public synchronized void setKeyStoreFile(File file) throws CertificateException {`
Extract code into new LocalKeyStore class Also, implement the ability to configure an alternate key store file location. This permits the running of unit tests without clobbering the live key store file. Also, add a test to confirm that the key store file is being written out and reread correctly. 2013-12-02 14:04:40 -05:00			`if (file == null) {`
"upgrade" the LocalKeyStore Implement an "upgrade" capability for the key store file, and then use it to delete the old file. The existing certs in the old file are not a security risk, but they are now useless because the format of their aliases was changed in commit a4440b4. They now are just taking up storage space and memory. Users will need to re-accept ALL certificates that they had previously accepted and are still using. (Actually, this requirement was effective with commit 4b57d79a. Before that, certificates whose Subject matched did not require re-accepting.) 2013-12-02 14:37:07 -05:00			`file = new File(getKeyStoreFilePath(KEY_STORE_FILE_VERSION));`
Extract code into new LocalKeyStore class Also, implement the ability to configure an alternate key store file location. This permits the running of unit tests without clobbering the live key store file. Also, add a test to confirm that the key store file is being written out and reread correctly. 2013-12-02 14:04:40 -05:00			`}`
			`if (file.length() == 0) {`
"upgrade" the LocalKeyStore Implement an "upgrade" capability for the key store file, and then use it to delete the old file. The existing certs in the old file are not a security risk, but they are now useless because the format of their aliases was changed in commit a4440b4. They now are just taking up storage space and memory. Users will need to re-accept ALL certificates that they had previously accepted and are still using. (Actually, this requirement was effective with commit 4b57d79a. Before that, certificates whose Subject matched did not require re-accepting.) 2013-12-02 14:37:07 -05:00			`/*`
			`* The file may be empty (e.g., if it was created with`
			`* File.createTempFile). We can't pass an empty file to`
			`* Keystore.load. Instead, we let it be created anew.`
			`*/`
Extract code into new LocalKeyStore class Also, implement the ability to configure an alternate key store file location. This permits the running of unit tests without clobbering the live key store file. Also, add a test to confirm that the key store file is being written out and reread correctly. 2013-12-02 14:04:40 -05:00			`file.delete();`
			`}`

			`FileInputStream fis = null;`
			`try {`
			`fis = new FileInputStream(file);`
			`} catch (FileNotFoundException e) {`
			`// If the file doesn't exist, that's fine, too`
			`}`

			`try {`
			`KeyStore store = KeyStore.getInstance(KeyStore.getDefaultType());`
			`store.load(fis, "".toCharArray());`
			`mKeyStore = store;`
			`mKeyStoreFile = file;`
			`} catch (Exception e) {`
			`Log.e(K9.LOG_TAG, "Failed to initialize local key store", e);`
			`// Use of the local key store is effectively disabled.`
			`mKeyStore = null;`
			`mKeyStoreFile = null;`
			`} finally {`
			`IOUtils.closeQuietly(fis);`
			`}`
			`}`

			`public synchronized void addCertificate(String host, int port,`
			`X509Certificate certificate) throws CertificateException {`
			`if (mKeyStore == null) {`
			`throw new CertificateException(`
			`"Certificate not added because key store not initialized");`
			`}`
			`try {`
			`mKeyStore.setCertificateEntry(getCertKey(host, port), certificate);`
Implement pruning of old certificates from LocalKeyStore Certificates are deleted whenever server settings are changed or an account is deleted. 2013-12-02 14:33:01 -05:00			`} catch (KeyStoreException e) {`
			`throw new CertificateException(`
			`"Failed to add certificate to local key store", e);`
			`}`
			`writeCertificateFile();`
			`}`

			`private void writeCertificateFile() throws CertificateException {`
			`java.io.OutputStream keyStoreStream = null;`
			`try {`
Extract code into new LocalKeyStore class Also, implement the ability to configure an alternate key store file location. This permits the running of unit tests without clobbering the live key store file. Also, add a test to confirm that the key store file is being written out and reread correctly. 2013-12-02 14:04:40 -05:00			`keyStoreStream = new java.io.FileOutputStream(mKeyStoreFile);`
			`mKeyStore.store(keyStoreStream, "".toCharArray());`
			`} catch (FileNotFoundException e) {`
			`throw new CertificateException("Unable to write KeyStore: "`
			`+ e.getMessage());`
			`} catch (CertificateException e) {`
			`throw new CertificateException("Unable to write KeyStore: "`
			`+ e.getMessage());`
			`} catch (IOException e) {`
			`throw new CertificateException("Unable to write KeyStore: "`
			`+ e.getMessage());`
			`} catch (NoSuchAlgorithmException e) {`
			`throw new CertificateException("Unable to write KeyStore: "`
			`+ e.getMessage());`
			`} catch (KeyStoreException e) {`
			`throw new CertificateException("Unable to write KeyStore: "`
			`+ e.getMessage());`
			`} finally {`
			`IOUtils.closeQuietly(keyStoreStream);`
			`}`
			`}`

Implement pruning of old certificates from LocalKeyStore Certificates are deleted whenever server settings are changed or an account is deleted. 2013-12-02 14:33:01 -05:00			`public synchronized boolean isValidCertificate(Certificate certificate,`
			`String host, int port) {`
Extract code into new LocalKeyStore class Also, implement the ability to configure an alternate key store file location. This permits the running of unit tests without clobbering the live key store file. Also, add a test to confirm that the key store file is being written out and reread correctly. 2013-12-02 14:04:40 -05:00			`if (mKeyStore == null) {`
			`return false;`
			`}`
			`Certificate storedCert = null;`
			`try {`
			`storedCert = mKeyStore.getCertificate(getCertKey(host, port));`
			`return (storedCert != null && storedCert.equals(certificate));`
			`} catch (KeyStoreException e) {`
			`return false;`
			`}`
			`}`

			`private static String getCertKey(String host, int port) {`
			`return host + ":" + port;`
			`}`
Implement pruning of old certificates from LocalKeyStore Certificates are deleted whenever server settings are changed or an account is deleted. 2013-12-02 14:33:01 -05:00
			`public synchronized void deleteCertificate(String oldHost, int oldPort) {`
			`if (mKeyStore == null) {`
			`return;`
			`}`
			`try {`
			`mKeyStore.deleteEntry(getCertKey(oldHost, oldPort));`
			`writeCertificateFile();`
			`} catch (KeyStoreException e) {`
			`// Ignore: most likely there was no cert. found`
			`} catch (CertificateException e) {`
			`Log.e(K9.LOG_TAG, "Error updating the local key store file", e);`
			`}`
			`}`

Change LocalKeyStore error reporting The error reporting assures an exception is thrown if setKeyStoreFile(null) is called without a prior call to setKeyStoreLocation(String directory). Also, fix TrustManagerFactoryTest indentation. 2013-12-04 12:10:12 -05:00			`private void upgradeKeyStoreFile() throws CertificateException {`
"upgrade" the LocalKeyStore Implement an "upgrade" capability for the key store file, and then use it to delete the old file. The existing certs in the old file are not a security risk, but they are now useless because the format of their aliases was changed in commit a4440b4. They now are just taking up storage space and memory. Users will need to re-accept ALL certificates that they had previously accepted and are still using. (Actually, this requirement was effective with commit 4b57d79a. Before that, certificates whose Subject matched did not require re-accepting.) 2013-12-02 14:37:07 -05:00			`if (KEY_STORE_FILE_VERSION > 0) {`
			`// Blow away version "0" because certificate aliases have changed.`
			`new File(getKeyStoreFilePath(0)).delete();`
			`}`
			`}`

Change LocalKeyStore error reporting The error reporting assures an exception is thrown if setKeyStoreFile(null) is called without a prior call to setKeyStoreLocation(String directory). Also, fix TrustManagerFactoryTest indentation. 2013-12-04 12:10:12 -05:00			`private String getKeyStoreFilePath(int version) throws CertificateException {`
			`if (sKeyStoreLocation == null) {`
			`throw new CertificateException("Local key store location has not been initialized");`
			`}`
"upgrade" the LocalKeyStore Implement an "upgrade" capability for the key store file, and then use it to delete the old file. The existing certs in the old file are not a security risk, but they are now useless because the format of their aliases was changed in commit a4440b4. They now are just taking up storage space and memory. Users will need to re-accept ALL certificates that they had previously accepted and are still using. (Actually, this requirement was effective with commit 4b57d79a. Before that, certificates whose Subject matched did not require re-accepting.) 2013-12-02 14:37:07 -05:00			`if (version < 1) {`
Eliminate the need to pass a context to LocalKeyStore.getInstance Instead, have K9.onCreate initialize the location of the key store file (similar to what is done with BinaryTempFileBody.setTempDirectory). Also, LocalKeyStore.getInstance has been changed so that it no longer needs to be synchronized. 2013-12-03 19:20:20 -05:00			`return sKeyStoreLocation + File.separator + "KeyStore.bks";`
"upgrade" the LocalKeyStore Implement an "upgrade" capability for the key store file, and then use it to delete the old file. The existing certs in the old file are not a security risk, but they are now useless because the format of their aliases was changed in commit a4440b4. They now are just taking up storage space and memory. Users will need to re-accept ALL certificates that they had previously accepted and are still using. (Actually, this requirement was effective with commit 4b57d79a. Before that, certificates whose Subject matched did not require re-accepting.) 2013-12-02 14:37:07 -05:00			`} else {`
Eliminate the need to pass a context to LocalKeyStore.getInstance Instead, have K9.onCreate initialize the location of the key store file (similar to what is done with BinaryTempFileBody.setTempDirectory). Also, LocalKeyStore.getInstance has been changed so that it no longer needs to be synchronized. 2013-12-03 19:20:20 -05:00			`return sKeyStoreLocation + File.separator + "KeyStore_v" + version + ".bks";`
"upgrade" the LocalKeyStore Implement an "upgrade" capability for the key store file, and then use it to delete the old file. The existing certs in the old file are not a security risk, but they are now useless because the format of their aliases was changed in commit a4440b4. They now are just taking up storage space and memory. Users will need to re-accept ALL certificates that they had previously accepted and are still using. (Actually, this requirement was effective with commit 4b57d79a. Before that, certificates whose Subject matched did not require re-accepting.) 2013-12-02 14:37:07 -05:00			`}`
			`}`
Extract code into new LocalKeyStore class Also, implement the ability to configure an alternate key store file location. This permits the running of unit tests without clobbering the live key store file. Also, add a test to confirm that the key store file is being written out and reread correctly. 2013-12-02 14:04:40 -05:00			`}`