From 7296b67126feb9dcd1817b20c83acd6e49d6de16 Mon Sep 17 00:00:00 2001 From: Joe Steele Date: Mon, 2 Dec 2013 14:37:07 -0500 Subject: [PATCH] "upgrade" the LocalKeyStore Implement an "upgrade" capability for the key store file, and then use it to delete the old file. The existing certs in the old file are not a security risk, but they are now useless because the format of their aliases was changed in commit a4440b4. They now are just taking up storage space and memory. Users will need to re-accept *ALL* certificates that they had previously accepted and are still using. (Actually, this requirement was effective with commit 4b57d79a. Before that, certificates whose Subject matched did not require re-accepting.) --- src/com/fsck/k9/security/LocalKeyStore.java | 39 ++++++++++++++++----- 1 file changed, 30 insertions(+), 9 deletions(-) diff --git a/src/com/fsck/k9/security/LocalKeyStore.java b/src/com/fsck/k9/security/LocalKeyStore.java index ac6e755f0..b2cfa72ca 100644 --- a/src/com/fsck/k9/security/LocalKeyStore.java +++ b/src/com/fsck/k9/security/LocalKeyStore.java @@ -22,6 +22,7 @@ import com.fsck.k9.K9; import com.fsck.k9.activity.setup.AccountSetupCheckSettings.CheckDirection; public class LocalKeyStore { + private static final int KEY_STORE_FILE_VERSION = 1; private static final LocalKeyStore sInstance = new LocalKeyStore(); private File mKeyStoreFile; private KeyStore mKeyStore; @@ -31,6 +32,7 @@ public class LocalKeyStore { } private LocalKeyStore() { + upgradeKeyStoreFile(); setKeyStoreFile(null); } @@ -45,14 +47,14 @@ public class LocalKeyStore { */ public synchronized void setKeyStoreFile(File file) { if (file == null) { - file = new File(K9.app.getDir("KeyStore", Context.MODE_PRIVATE) - + File.separator + "KeyStore.bks"); + file = new File(getKeyStoreFilePath(KEY_STORE_FILE_VERSION)); } if (file.length() == 0) { - // The file may be empty (e.g., if it was created with - // File.createTempFile) - // We can't pass an empty file to Keystore.load. Instead, we let it - // be created anew. + /* + * The file may be empty (e.g., if it was created with + * File.createTempFile). We can't pass an empty file to + * Keystore.load. Instead, we let it be created anew. + */ file.delete(); } @@ -185,13 +187,32 @@ public class LocalKeyStore { } /** - * Examine the settings for the account and attempt to delete (possibly non-existent) - * certificates for the incoming and outgoing servers. + * Examine the settings for the account and attempt to delete (possibly + * non-existent) certificates for the incoming and outgoing servers. + * * @param account */ public void deleteCertificates(Account account) { Uri uri = Uri.parse(account.getStoreUri()); deleteCertificate(uri.getHost(), uri.getPort()); uri = Uri.parse(account.getTransportUri()); - deleteCertificate(uri.getHost(), uri.getPort()); } + deleteCertificate(uri.getHost(), uri.getPort()); + } + + private void upgradeKeyStoreFile() { + if (KEY_STORE_FILE_VERSION > 0) { + // Blow away version "0" because certificate aliases have changed. + new File(getKeyStoreFilePath(0)).delete(); + } + } + + private String getKeyStoreFilePath(int version) { + if (version < 1) { + return K9.app.getDir("KeyStore", Context.MODE_PRIVATE) + + File.separator + "KeyStore.bks"; + } else { + return K9.app.getDir("KeyStore", Context.MODE_PRIVATE) + + File.separator + "KeyStore_v" + version + ".bks"; + } + } }