"upgrade" the LocalKeyStore

Implement an "upgrade" capability for the key store file,
and then use it to delete the old file.

The existing certs in the old file are not a security
risk, but they are now useless because the format of
their aliases was changed in commit a4440b4.  They now are
just taking up storage space and memory.

Users will need to re-accept *ALL* certificates that they had
previously accepted and are still using.  (Actually, this requirement
was effective with commit 4b57d79a.  Before that, certificates whose
Subject matched did not require re-accepting.)
This commit is contained in:
Joe Steele 2013-12-02 14:37:07 -05:00
parent 8eef43c282
commit 0f39a9d5ba
1 changed files with 30 additions and 9 deletions

View File

@ -22,6 +22,7 @@ import com.fsck.k9.K9;
import com.fsck.k9.activity.setup.AccountSetupCheckSettings.CheckDirection; import com.fsck.k9.activity.setup.AccountSetupCheckSettings.CheckDirection;
public class LocalKeyStore { public class LocalKeyStore {
private static final int KEY_STORE_FILE_VERSION = 1;
private static final LocalKeyStore sInstance = new LocalKeyStore(); private static final LocalKeyStore sInstance = new LocalKeyStore();
private File mKeyStoreFile; private File mKeyStoreFile;
private KeyStore mKeyStore; private KeyStore mKeyStore;
@ -31,6 +32,7 @@ public class LocalKeyStore {
} }
private LocalKeyStore() { private LocalKeyStore() {
upgradeKeyStoreFile();
setKeyStoreFile(null); setKeyStoreFile(null);
} }
@ -45,14 +47,14 @@ public class LocalKeyStore {
*/ */
public synchronized void setKeyStoreFile(File file) { public synchronized void setKeyStoreFile(File file) {
if (file == null) { if (file == null) {
file = new File(K9.app.getDir("KeyStore", Context.MODE_PRIVATE) file = new File(getKeyStoreFilePath(KEY_STORE_FILE_VERSION));
+ File.separator + "KeyStore.bks");
} }
if (file.length() == 0) { if (file.length() == 0) {
// The file may be empty (e.g., if it was created with /*
// File.createTempFile) * The file may be empty (e.g., if it was created with
// We can't pass an empty file to Keystore.load. Instead, we let it * File.createTempFile). We can't pass an empty file to
// be created anew. * Keystore.load. Instead, we let it be created anew.
*/
file.delete(); file.delete();
} }
@ -185,13 +187,32 @@ public class LocalKeyStore {
} }
/** /**
* Examine the settings for the account and attempt to delete (possibly non-existent) * Examine the settings for the account and attempt to delete (possibly
* certificates for the incoming and outgoing servers. * non-existent) certificates for the incoming and outgoing servers.
*
* @param account * @param account
*/ */
public void deleteCertificates(Account account) { public void deleteCertificates(Account account) {
Uri uri = Uri.parse(account.getStoreUri()); Uri uri = Uri.parse(account.getStoreUri());
deleteCertificate(uri.getHost(), uri.getPort()); deleteCertificate(uri.getHost(), uri.getPort());
uri = Uri.parse(account.getTransportUri()); uri = Uri.parse(account.getTransportUri());
deleteCertificate(uri.getHost(), uri.getPort()); } deleteCertificate(uri.getHost(), uri.getPort());
}
private void upgradeKeyStoreFile() {
if (KEY_STORE_FILE_VERSION > 0) {
// Blow away version "0" because certificate aliases have changed.
new File(getKeyStoreFilePath(0)).delete();
}
}
private String getKeyStoreFilePath(int version) {
if (version < 1) {
return K9.app.getDir("KeyStore", Context.MODE_PRIVATE)
+ File.separator + "KeyStore.bks";
} else {
return K9.app.getDir("KeyStore", Context.MODE_PRIVATE)
+ File.separator + "KeyStore_v" + version + ".bks";
}
}
} }