1
0
mirror of https://github.com/moparisthebest/k-9 synced 2024-12-18 05:42:15 -05:00
Commit Graph

5313 Commits

Author SHA1 Message Date
Joe Steele
348fb4dceb Validate client certificate dates 2014-08-29 10:47:39 -04:00
Joe Steele
c80634d501 Format log messages with spaces 2014-08-29 09:06:25 -04:00
cketti
c2db88d960 Add top margin to the "advanced options" area 2014-08-29 03:43:54 +02:00
cketti
1282e9d461 Remove ldpi resources 2014-08-29 02:41:50 +02:00
cketti
0993e5c57e Merge branch 'remove_obsolete_code'
PR #491 from zjw
2014-08-29 01:55:22 +02:00
cketti
ac1ed9eef3 Increment settings version 2014-08-29 01:45:48 +02:00
Dominik Schürmann
05d8fb5e42 Hide client cert option under advanced options dropdown 2014-08-27 11:48:49 +02:00
Dominik Schürmann
2a1733564e Add FoldableLinearLayout for advanced options 2014-08-27 11:30:53 +02:00
Joe Steele
e4d26b8c75 Remove code for unsupported API levels
An assortment of miscellaneous changes, each usually limited in scope to a
single file.
2014-08-19 17:17:55 -04:00
Joe Steele
bc60c860b8 Remove com.fsck.k9.helper.NotificationBuilder
Only useful on pre-Honeycomb devices.
2014-08-19 17:17:52 -04:00
Joe Steele
786511ed88 Simplify ClipboardManager
No longer API dependent.
2014-08-19 17:17:50 -04:00
Joe Steele
028f6f9055 Remove AccessibleWebView
Only used on pre-ICS devices
2014-08-19 17:17:48 -04:00
Joe Steele
0fba273357 Remove the obsolete "Condensed layout" preference 2014-08-19 17:17:45 -04:00
Joe Steele
8166f03e87 Remove obsolete "Show unread count" preference
Only applies to pre-Honeycomb devices
2014-08-19 17:17:42 -04:00
Joe Steele
af77bbd1bc Eliminate obsolete background data sync option
It only applied to pre-ICS devices.

ConnectivityManager.ACTION_BACKGROUND_DATA_SETTING_CHANGED is no longer
broadcast.

ConnectivityManager.getBackgroundDataSetting() always returns true.
2014-08-19 17:14:44 -04:00
Joe Steele
c472b89d23 Additional 'Show password' changes after merging master 2014-08-19 16:48:11 -04:00
Joe Steele
1783dd1a63 Merge branch 'master' into tls-client-cert-auth
Conflicts:
	res/layout/account_setup_basics.xml
	res/values/strings.xml
	src/com/fsck/k9/activity/setup/AccountSetupBasics.java
2014-08-19 16:19:02 -04:00
Joe Steele
b39f9b95f1 Move initializeViewListeners() to onPostCreate()
Per comments in PR #474

https://github.com/k9mail/k-9/pull/474#commitcomment-7417262
2014-08-19 15:50:32 -04:00
Joe Steele
f7fb0cca41 Compare Enum types with ==, !=
Per comments in PR #473

https://github.com/k9mail/k-9/pull/474#commitcomment-7416979

https://github.com/k9mail/k-9/pull/474#commitcomment-7416999
2014-08-18 18:12:39 -04:00
cketti
3bd9e7edf1 Merge pull request #490 from pylerSM/master
Add 'Show password' check box to account setup screen
2014-08-18 22:30:06 +02:00
pylerSM
a495627d72 Show password feature 2014-08-18 13:06:25 +02:00
cketti
a659393326 Make fields in KeyChainKeyManager final 2014-08-18 05:18:38 +02:00
cketti
ac08f520ae Remove KeyChainKeyManager's dependency on 'K9.app' 2014-08-18 05:08:01 +02:00
cketti
4ce2a56b0c Synchronize access to sClientCertificateReferenceWorkaround
Also, refactor for easier readability.
2014-08-18 04:59:57 +02:00
Joe Steele
c881207295 Use isFinishing() instead
As suggested by @maniac103
https://github.com/k9mail/k-9/commit/41570e4#commitcomment-7388209
2014-08-14 16:22:51 -04:00
Joe Steele
c8f6c4d625 Eliminate searching for '3' in exception message
This was dead code.  The exception message will always start with either
"SMTP response is 0 length" from checkLine() or else "Negative SMTP reply"
from NegativeSmtpReplyException().

The problem originated from way back before 4.904.
2014-08-11 11:08:51 -04:00
Joe Steele
21237c3720 KeyChainKeyManager modifications
The constructor now saves the certificate chain, so the code to retrieve
it again or to perform any additional error checking in
getCertificateChain() is no longer needed.

The constructor now retrieves and saves the private key so that any
resulting errors are detected sooner.

Methods that retrieve the alias perform checks to assure that the client
cert. satisfies the requested issuers and key type.  It's known that
Sendmail may provide a list of issuers in its certificate request, but
then may authenticate against a much larger set of CAs, but then later
reject the mail because the client certificate was not acceptable.
Vetting against the issuer list helps detect such certificate problems
sooner (upon connection) rather than later (upon transmission of mail).
Earlier error detection is necessary so that errors may be presented to
the user during account setup.

Portions of these modifications are based on code from KeyManagerImpl:
https://android.googlesource.com/platform/external/conscrypt/+/master/src/main/java/org/conscrypt/KeyManagerImpl.java
2014-08-11 11:08:26 -04:00
Joe Steele
2b05f90d4d Move KeyChainKeyManager
Move KeyChainKeyManager to com.fsck.k9.net.ssl because it is used by
SslHelper and because the class extends X509ExtendedKeyManager, which is
in javax.net.ssl.
2014-08-11 11:08:24 -04:00
Joe Steele
c5085be2ca Restore view visibility based on restored CheckBox state
The problem can be observed if, when modifying the outgoing server
settings, you change the state of the mRequireLoginView check box,
then change the screen orientation.

This is necessary because the OnCheckChanged listener (which
normally updates the view visibility) is not yet set. (The listeners
are set up after view initialization so that they only fire on
user input.)
2014-08-11 11:08:22 -04:00
Joe Steele
346d903ec3 Only trigger certificate chooser on user input
It should not be triggered when the instance state is restored
with an AuthType spinner selection of EXTERNAL.

The logic here for the AuthType spinner is similar to that of
the parent commit for the SecurityType spinner.
2014-08-11 11:08:20 -04:00
Joe Steele
5d5fab3081 Fix default port setting reversion
The problem:  begin modifying the server settings by changing the security
type (which will change the port to a default value), then change the port
to a custom value, then change screen orientation.  The default port value
is restored, wiping out the custom value.

When onRestoreInstanceState() is called, the custom port value is
restored.  But the spinner doesn't actually restore its state at that
time.  Instead, it waits until View.layout(), at which time it posts a
runnable to call onItemSelected() if the restored state doesn't match the
state initialized in onCreate().  When onItemSelected() is eventually run
sometime later, it wipes out the custom port value that was restored.

The solution is to keep track of the spinner state ourselves and only
revert the port to a default when we see the spinner state changed by the
user.

This problem goes back to 4.904 and before.
2014-08-11 11:07:58 -04:00
Joe Steele
cf3561da5c Trigger certificate chooser when check box checked
For convenience.  Implemented in onCheckChanged().

As a consequence, onCheckChanged() must not be triggered when the instance
state is restored (would occur if the check box state was checked when
saved), otherwise the certificate chooser would pop up once the state was
restored.  Therefore, all listeners have been moved into
initializeViewListeners() which is invoked after the state has been
restored.

Because onCheckChanged() is no longer triggered in
onRestoreInstanceState(), updateViewVisibility() was implemented to
restore the view visibility.
2014-08-11 11:07:56 -04:00
Joe Steele
301ac48a38 Throw CertificateValidationException if EXTERNAL authentication fails
This is done when the SASL EXTERNAL mechanism isn't advertised (indicating
the possibility that the server did not accept the client certificate) or
when the command for authenticating with SASL EXTERNAL fails.

The CertificateValidationException will trigger a notification to the user
that there's an authentication problem that needs addressing.

Also, there were instances where CertificateValidationException was being
thrown with a new CertificateException as the cause for the purpose of
notifying the user when STARTTLS is not available.  This has been slightly
simplified by eliminating the need to include a new CertificateException
as a cause.
2014-08-11 11:07:54 -04:00
Joe Steele
b557ba008c Implement SMTP AUTH EXTERNAL
Also, simplify by using Utility.base64Encode(String) in lieu of
new String(Base64.encodeBase64(String.getBytes())
2014-08-11 11:07:53 -04:00
Joe Steele
c0be0eea12 Use the correct POP3 AUTH command 2014-08-11 11:07:51 -04:00
Joe Steele
fe033e014f Avoid setting conflict warning when SMTP login not required 2014-08-11 11:07:49 -04:00
Joe Steele
65144e3759 Handle client certificate errors
If the alias is empty or null, don't bother using KeyChainKeyManager.

If the alias is not empty, confirm that it is associated with a
certificate, otherwise throw a CertificateValidationException
which will notify the user of the problem and ask the user to
check the server settings.

Likewise, the user is notified if the client certificate was
not accepted by the server.
2014-08-11 11:07:48 -04:00
Joe Steele
231f3645f9 Trigger certificate chooser on authentication change
If the user chooses client certificate authentication,
immediately pop up the certificate chooser.

If the user chooses password authentication, move the focus to the
password View.
2014-08-11 11:07:46 -04:00
Joe Steele
21cc3d9176 Remove ClientCertificateRequiredException
With this commit, KeyChainKeyManager no longer throws the exception and
AccountSetupCheckSettings no longer catches it.

It was being thrown when the server requested a client certificate but no
client certificate alias had been configured for the server.

The code was making the incorrect assumption that the server would only
request a client certificate when such a certificate was *required*.
However, servers can be configured to accept multiple forms of
authentication, including both password authentication and client
certificate authentication.  So a server may request a certificate without
requiring it.  If a user has not configured a client certificate, then
that should not be treated as an error because the configuration may be
valid and the server may accept it.

The only indication that a certificate is *required* is when a
SSLProtocolException is thrown, caused by a SSLHandshakeException
resulting from a fatal handshake alert message received from the server.
Unfortunately, such a message is fairly generic and only "indicates that
the sender was unable to negotiate an acceptable set of security
parameters given the options available."  So there is no definitive way to
know that a client certificate is required.

Also, KeyChainKeyManager.getCertificateChain() and getPrivateKey() no
longer throw IllegalStateException().  These methods are permitted to
return null, and such a response is appropriate if the user has deleted
client certificates from the device.  Again, this may or may not cause the
server to abort the connection, depending on whether the server *requires*
a client certificate.
2014-08-11 11:07:44 -04:00
Joe Steele
fa853f7e1d Remove SslHelper.isClientCertificateSupportAvailable()
The app's minSdkVersion = 15 (Android 4.0.3, Ice Cream Sandwich MR1),
so there's no need to test the API level.

This also removes '@SuppressLint("TrulyRandom")'.  I find no
documentation for it, nor do I find any additional lint errors
with its removal.
2014-08-11 11:07:42 -04:00
Joe Steele
b10b13b865 Force manual setup if using client certificates
Presently, auto-setup doesn't support certificates,
resulting in "Cannot connect to server. (Error
while decoding store URI)".
2014-08-11 11:07:41 -04:00
Joe Steele
0224a89109 Use theme based style 2014-08-11 11:07:38 -04:00
Joe Steele
88016ae52e Revert unused code changes 2014-08-11 11:07:37 -04:00
Joe Steele
38e9af5320 Don't clear widgets when removing
The user may toggle the checkbox, and then decide to toggle it again.

This also fixes a problem when restoring the activity state.  When the
checkbox was restored as checked, the listener was firing and wiping the
the restored alias.
2014-08-11 11:07:35 -04:00
Joe Steele
acab554ee5 Save/Restore activity state
This assures that changes made to the port setting and to the chosen
client certificate are saved and restored.
2014-08-11 11:07:34 -04:00
Joe Steele
2e981e0c7d Don't trigger validateFields() except on user input
Previously, with settings of Security=SSL and authentication=certificate,
attempting to change Security=None would (of course) be blocked.  So
Security would remain SSL.  But the authentication options would then
include "Password, transmitted insecurely", whereas the option should
have remained as "Normal password" (because the security remained SSL).

The problem could have been fixed with a simple shuffling in
updatePortFromSecurityType() so that updateAuthPlainTextFromSecurityType()
was invoked before mPortView.setText(), but the logic for requiring that
ordering was not plain to see.  (Although no longer necessary, the
shuffling was done as well.)
2014-08-11 11:06:50 -04:00
Joe Steele
c861b27df8 Fix outgoing server settings display
Add test for username == "".

Without it, the mRequireLoginView remains checked, and the empty username
and password boxes are not hidden.

The problem occurs if importing an SMTP server that has an
authenticationType, but no username or password (i.e., no authentication
required).

That's the way settings were exported in 4.904 and before.
2014-08-11 11:06:48 -04:00
Joe Steele
373c7569ed Fix password prompts on account import
Don't prompt if server's AuthType == EXTERNAL

Don't prompt for SMTP servers that don't require authentication
(no user name).
2014-08-11 11:06:46 -04:00
Joe Steele
6d8497a3c3 Fix WebDAV manual account setup
When creating a new account, the Incoming Server Settings screen
was initialized with the user name = PLAIN.
2014-08-11 11:06:45 -04:00
Joe Steele
bef10812d3 Fix so WebDAV does not have STARTTLS auth. type option 2014-08-11 11:06:43 -04:00