1
0
mirror of https://github.com/moparisthebest/k-9 synced 2024-12-25 17:18:50 -05:00
Commit Graph

4879 Commits

Author SHA1 Message Date
Joe Steele
dab8d3807f Change LocalKeyStore error reporting
The error reporting assures an exception is thrown if
setKeyStoreFile(null) is called without a prior call to
setKeyStoreLocation(String directory).

Also, fix TrustManagerFactoryTest indentation.
2013-12-04 12:10:12 -05:00
cketti
3fd7470d68 Change the way we harden SSL/TLS sockets
Blacklist a couple of weak ciphers, bring known ones in a defined order and sort unknown
ciphers at the end. Also re-enable SSLv3 because it's still used a lot.
2013-12-04 04:50:41 +01:00
cketti
448a80e96a Merge branch 'cert_validation' 2013-12-04 04:46:06 +01:00
Joe Steele
cedcd7e47c Eliminate the need to pass a context to LocalKeyStore.getInstance
Instead, have K9.onCreate initialize the location of the key
store file (similar to what is done with
BinaryTempFileBody.setTempDirectory).

Also, LocalKeyStore.getInstance has been changed so that it
no longer needs to be synchronized.
2013-12-03 19:24:37 -05:00
Joe Steele
9333f4f7f4 Don't delete certs. on account creation, & assure that only one instance of LocalKeyStore is created. 2013-12-03 19:21:57 -05:00
cketti
765b390eb5 Remove LocalKeyStore's dependency on K9.app 2013-12-03 13:28:48 +01:00
cketti
2a9ac867b9 Remove LocalKeyStore's dependency on Account to reduce coupling 2013-12-03 12:56:31 +01:00
Joe Steele
5bf27c1031 Move unit test class to match changes in commit 40404c3 2013-12-02 16:50:57 -05:00
Joe Steele
9e6abf5fa7 Merge branch 'cert_validation' of git://github.com/k9mail/k-9.git into cert_validation
Conflicts:
	tests/src/com/fsck/k9/mail/store/TrustManagerFactoryTest.java
2013-12-02 16:30:11 -05:00
Joe Steele
0f39a9d5ba "upgrade" the LocalKeyStore
Implement an "upgrade" capability for the key store file,
and then use it to delete the old file.

The existing certs in the old file are not a security
risk, but they are now useless because the format of
their aliases was changed in commit a4440b4.  They now are
just taking up storage space and memory.

Users will need to re-accept *ALL* certificates that they had
previously accepted and are still using.  (Actually, this requirement
was effective with commit 4b57d79a.  Before that, certificates whose
Subject matched did not require re-accepting.)
2013-12-02 14:49:53 -05:00
Joe Steele
8eef43c282 Implement pruning of old certificates from LocalKeyStore
Certificates are deleted whenever server settings are changed
or an account is deleted.
2013-12-02 14:49:47 -05:00
Joe Steele
40404c3700 Move some classes out of com.fsck.k9.mail.store
The classes are just as much related to com.fsck.k9.mail.transport
as com.fsck.k9.mail.store, so having them in
com.fsck.k9.mail.store doesn't seem appropriate.

Move LocalKeyStore to com.fsck.k9.security

Move TrustManagerFactory and TrustedSocketFactory to com.fsck.k9.net.ssl
2013-12-02 14:07:57 -05:00
Joe Steele
76605f7d86 Extract code into new LocalKeyStore class
Also, implement the ability to configure an alternate key store
file location. This permits the running of unit tests without
clobbering the live key store file.

Also, add a test to confirm that the key store file is being written
out and reread correctly.
2013-12-02 14:04:40 -05:00
cketti
5f38306a9a Add more unit tests for TrustManagerFactory 2013-12-02 16:42:33 +01:00
Joe Steele
eb13691918 Eliminate the need for reflection to access hidden API 2013-11-30 18:34:57 -05:00
cketti
4b57d79acf Only check against the certificate stored for a server, not all of them 2013-11-29 14:06:02 +01:00
cketti
8368ba8a11 Add test to make sure we don't check the wrong certificates
Right now we happily accept every certificate in our local key store as long as
the hostname matches the certificate DN. So this test fails.
It's not a huge deal since the user accepted the certificate at one point. But we
want to do this right.
2013-11-29 11:39:04 +01:00
cketti
c5c195d243 Add unit tests for TrustManagerFactory 2013-11-29 10:49:52 +01:00
cketti
48d11fd386 Properly save and restore instance state in AccountSetupBasics 2013-11-29 05:33:48 +01:00
Joe Steele
a4440b4042 Fix inadequate certificate validation
Proper host name validation was not being performed for certificates
kept in the local keystore.  If an attacker could convince a user to
accept and store an attacker's certificate, then that certificate
could be used for MITM attacks, giving the attacker access to all
connections to all servers in all accounts in K-9.

This commit changes how the certificates are stored.  Previously, an
entire certificate chain was stored for a server (and any of those
certificates in the chain were available for validating signatures on
certificates received when connecting).  Now just the single
certificate for the server is stored.

This commit changes how locally stored certificates are retrieved.
They can only be retrieved using the host:port that the user
configured for the server.

This also fixes issue 1326.  Users can now use different certificates
for different servers on the same host (listening to different ports).

The above changes mean that users might have to re-accept certificates
that they had previously accepted and are still using (but only if the
certificate's Subject doesn't match the host that they are connecting
to).

This commit modifies AccountSetupBasics so that it now calls
AccountSetupCheckSettings twice -- once for checking the incoming
settings and once for the outgoing settings.  Otherwise, an exception
could occur while checking incoming settings, the user could say
continue (or the user could accept a certificate key), and the
outgoing settings would not be checked.  This also helps with
determining if a certificate exception was for the incoming or
outgoing server, which is needed if the user decides to add the
certificate to the keystore.
2013-11-23 13:26:57 -05:00
Danny Baumann
b500047e42 Fix contact picture color generation.
Make sure to return different colors for senders with different name,
but the same mail address (e.g. mails sent by certain issue tracking
systems).
2013-11-11 13:31:58 +01:00
cketti
0eb24512b0 Merge pull request #417 from bk2204/tsf-starttls
Use TrustedSocketFactory for STARTTLS
2013-11-10 18:17:37 -08:00
cketti
f4ebc098c4 Recreate app icon from SVG file
Add higher resolution icons so K-9 looks snazzy on newer devices.
2013-11-11 01:09:09 +01:00
cketti
042bd70290 Merge branch 'translations' 2013-11-10 23:11:50 +01:00
cketti
febf9b2fb3 Clean up Hungarian translation 2013-11-10 22:58:16 +01:00
RootRulez
9fee3e50c8 Update Hungarian translation 2013-11-10 22:50:23 +01:00
igavio
2a77aa1e41 Update Greek translation 2013-11-10 22:49:42 +01:00
Igor Nedoboy
9ea241f897 Update Russian translation 2013-11-10 22:49:00 +01:00
Jan Urbánek
b4c4dea527 Update Czech translation 2013-11-10 22:48:22 +01:00
Jacek Sowiński
37272fbaf4 Update Polish translation
new strings + one typo
2013-11-10 22:47:36 +01:00
brian m. carlson
1bfb78ee51 Use TrustedSocketFactory for STARTTLS.
The TrustedSocketFactory, which provides goodies like better cipher suites and
TLSv1.2, was only being used for tunnelled connections.  Use it for STARTTLS
connections as well.
2013-11-10 00:27:01 +00:00
Jesse Vincent
d4246a0976 With the new webview scrollview combo we've got loadinoverviewmode seems to behave better. 2013-11-07 10:39:37 -08:00
cketti
b398c4d7f4 Fix file selection for import
Using FLAG_ACTIVITY_NO_HISTORY will cause the file selection
to fail when KitKat's "Open from" activity opens a third-party activity.
2013-11-07 07:33:33 +01:00
cketti
9fe71bca2d Add Gradle wrapper 2013-11-07 06:48:10 +01:00
cketti
c58ef8bbc5 Upgrade Gradle build files 2013-11-07 06:48:10 +01:00
Koji Arai
6d08e69690 Fixed typo. 2013-11-06 23:39:08 +09:00
Koji Arai
fb6e8bc25b Updated Japanese translation of the changelog. 2013-11-06 23:23:56 +09:00
Jesse Vincent
5475f47bcf Bumped manifest to 4.701 2013-11-05 20:29:16 -05:00
Jesse Vincent
0986e822d2 changelog for 4.701 2013-11-05 20:28:46 -05:00
Jesse Vincent
e20e513039 Sadly, KitKat's file manager fails to recognize our mimetype and won't let users import settings 2013-11-05 20:19:27 -05:00
Jesse Vincent
8f19d56f00 Merge pull request #415 from zjw/non_locking_scroll_view_rebased
Kit Kat UI issue
2013-11-05 16:59:12 -08:00
Joe Steele
6089b9078e Fix missing 'download remainder' button. 2013-11-05 18:17:41 -05:00
Joe Steele
5957735a0b LinearLayout fill_parent
(Don't think it really matters.)
2013-11-05 18:17:39 -05:00
Joe Steele
1cbdd390f3 Use non-deprecated constants 2013-11-05 16:26:29 -05:00
Joe Steele
5311a2ef01 NonLockingScrollview fixes.
Implement methods missing in API 7

Fix coordinate reference frame mismatch.  Touch events are
relative to the view display, whereas view children are relative
to the view.
2013-11-05 16:26:28 -05:00
Joe Steele
fa962e7bd7 Move AOSP files.
Patch RigidWebView for K9.
MessageWebView would need to extend RigidWebView.
2013-11-05 16:26:27 -05:00
Joe Steele
97d571cb43 Import RigidWebView from AOSP Email client.
Also import prerequisite classes.

As contained in current master:
b3c37a31cc
2013-11-05 16:26:26 -05:00
Joe Steele
7b0082026c Revert auto-scroll changes that are no longer needed.
Revert "Only Jelly Bean seems to have the auto-scroll issue"

This reverts commit a3802a7a8e.

Revert "Hack around WebView's initial auto-scrolling past the message header"

This reverts commit 8dcc769c50.

Conflicts:

	src/com/fsck/k9/view/MessageWebView.java
2013-11-05 16:26:25 -05:00
Joe Steele
94a4585317 Switch to using NonLockingScrollView
This implements the AOSP Email solution for incorporating
a Webview inside a ScrollView, while still being able to
scroll diagonally.

This replaces the functionality of TitleBarWebView (which
is now removed).
2013-11-05 16:26:23 -05:00
Joe Steele
f4de21187d Import NonLockingScrollView from AOSP Email client.
As contained in current AOSP master:
b3c37a31cc
2013-11-05 16:24:48 -05:00