1
0
mirror of https://github.com/moparisthebest/k-9 synced 2024-11-17 23:15:10 -05:00
Commit Graph

5180 Commits

Author SHA1 Message Date
Joe Steele
43c38a047f Implement SSL file-based session caching
Caching is beneficial because it can eliminate redundant cryptographic
computations and network traffic when re-establishing a connection to
the same server, thus saving time and conserving power.
2014-09-06 19:32:06 -04:00
Joe Steele
7dfbd906c9 Eliminate DomainNameChecker
There's no need to maintain our own implementation when comparable
classes already exist in the Android API.

StrictHostnameVerifier is used instead.
2014-09-06 19:32:03 -04:00
Joe Steele
6f14294164 Remove SslHelper. Don't use SecureRandom.
SslHelper has been removed, and its functionality has been transferred
into TrustedSocketFactory.  The added layer of indirection wasn't really
simplifying anything.  It's now easier to see what happens when
createSocket() is invoked.

A new instance of SecureRandom is no longer passed to SSLContext.init().
Instead, null is passed.

The (default) provider of the TLS SSLContext used is OpenSSLProvider,
which provides an SSLSocket instance of type OpenSSLSocketImpl.  The only
use of SecureRandom is in OpenSSLSocketImpl.startHandshake(), where it is
used to seed the OpenSSL PRNG with additional random data.  But if
SecureRandom is null, then /dev/urandom is used for seeding instead.

Meanwhile, the default provider for the SecureRandom service is
OpenSSLRandom, which uses the OpenSSL PRNG as its data source.  So we were
effectively seeding the OpenSSL PRNG with itself.  That's probably okay
(we trust that the OpenSSL PRNG was properly initialized with random data
before first use), but using /dev/urandom would seem like a better source
(or at least as good a source) for the additional seed data added with
each new connection.

Note that our PRNGFixes class replaces the default SecureRandom service
with one whose data source is /dev/urandom for certain vulnerable API
levels anyway.  (It also makes sure that the OpenSSL PRNG is properly
seeded before first use for certain vulnerable API levels.)
2014-09-06 18:15:25 -04:00
cketti
5f0f4e9c21 Merge pull request #485 from haselwarter
Conflicts:
	src/com/fsck/k9/preferences/Settings.java
2014-09-04 23:55:30 +02:00
cketti
f5cfaceef4 Increase settings version in preparation of merge into master 2014-09-04 23:54:06 +02:00
cketti
5802e6a36a Remove getNotifyClass() from Folder 2014-09-04 23:54:06 +02:00
cketti
7edd1cb53c Simplify database upgrade when adding 'notify_class' to 'folders' 2014-09-04 23:54:06 +02:00
zjw
8ef45e8f9a Merge pull request #492 from k9mail/remove_unused_resources
Resources cleanup
2014-09-04 17:01:28 -04:00
cketti
bd9efa8d01 Whitespace fixes 2014-09-04 22:58:38 +02:00
cketti
cb67a21a93 Remove commented-out code 2014-09-04 21:58:18 +02:00
cketti
ae8dcc5e8a Fix typo in attribute name 2014-09-04 20:18:05 +02:00
cketti
0c38d4f169 Remove unused resources and merge resource folders 2014-09-04 20:18:05 +02:00
cketti
759fa77c9a Merge pull request #474 from k9mail/tls-client-cert-auth
Client Certificate Authentication
2014-08-30 01:06:28 +02:00
Joe Steele
7c4a684f86 Clean up indentation
White space changes only
2014-08-29 10:47:46 -04:00
Joe Steele
9728609c4c Make the foldable container view INVISIBLE, not GONE
Now when toggling the foldable view, the screen no longer
jumps half a line up or down to recenter itself when
the view is displayed.
2014-08-29 10:47:45 -04:00
Joe Steele
8ade424270 Save/Restore the FoldableLinearLayout state 2014-08-29 10:47:43 -04:00
Joe Steele
a756fa3683 Use Theme consistent styles in FoldableLinearLayout
For support of the dark and light themes.

Also:

Redefine mFolded and call it mIsFolded.  Previously,
the view started with mFolded = false (which implies to me
the initial state is unfolded) and yet the view
started in a folded state, which seemed contradictory.

Create updateFoldedState() with code from onClick() (In
preparation for subsequent commit.)
2014-08-29 10:47:41 -04:00
Joe Steele
348fb4dceb Validate client certificate dates 2014-08-29 10:47:39 -04:00
Joe Steele
c80634d501 Format log messages with spaces 2014-08-29 09:06:25 -04:00
cketti
c2db88d960 Add top margin to the "advanced options" area 2014-08-29 03:43:54 +02:00
cketti
1282e9d461 Remove ldpi resources 2014-08-29 02:41:50 +02:00
cketti
0993e5c57e Merge branch 'remove_obsolete_code'
PR #491 from zjw
2014-08-29 01:55:22 +02:00
cketti
ac1ed9eef3 Increment settings version 2014-08-29 01:45:48 +02:00
Dominik Schürmann
05d8fb5e42 Hide client cert option under advanced options dropdown 2014-08-27 11:48:49 +02:00
Dominik Schürmann
2a1733564e Add FoldableLinearLayout for advanced options 2014-08-27 11:30:53 +02:00
Joe Steele
e4d26b8c75 Remove code for unsupported API levels
An assortment of miscellaneous changes, each usually limited in scope to a
single file.
2014-08-19 17:17:55 -04:00
Joe Steele
bc60c860b8 Remove com.fsck.k9.helper.NotificationBuilder
Only useful on pre-Honeycomb devices.
2014-08-19 17:17:52 -04:00
Joe Steele
786511ed88 Simplify ClipboardManager
No longer API dependent.
2014-08-19 17:17:50 -04:00
Joe Steele
028f6f9055 Remove AccessibleWebView
Only used on pre-ICS devices
2014-08-19 17:17:48 -04:00
Joe Steele
0fba273357 Remove the obsolete "Condensed layout" preference 2014-08-19 17:17:45 -04:00
Joe Steele
8166f03e87 Remove obsolete "Show unread count" preference
Only applies to pre-Honeycomb devices
2014-08-19 17:17:42 -04:00
Joe Steele
af77bbd1bc Eliminate obsolete background data sync option
It only applied to pre-ICS devices.

ConnectivityManager.ACTION_BACKGROUND_DATA_SETTING_CHANGED is no longer
broadcast.

ConnectivityManager.getBackgroundDataSetting() always returns true.
2014-08-19 17:14:44 -04:00
Joe Steele
c472b89d23 Additional 'Show password' changes after merging master 2014-08-19 16:48:11 -04:00
Joe Steele
1783dd1a63 Merge branch 'master' into tls-client-cert-auth
Conflicts:
	res/layout/account_setup_basics.xml
	res/values/strings.xml
	src/com/fsck/k9/activity/setup/AccountSetupBasics.java
2014-08-19 16:19:02 -04:00
Joe Steele
b39f9b95f1 Move initializeViewListeners() to onPostCreate()
Per comments in PR #474

https://github.com/k9mail/k-9/pull/474#commitcomment-7417262
2014-08-19 15:50:32 -04:00
Joe Steele
f7fb0cca41 Compare Enum types with ==, !=
Per comments in PR #473

https://github.com/k9mail/k-9/pull/474#commitcomment-7416979

https://github.com/k9mail/k-9/pull/474#commitcomment-7416999
2014-08-18 18:12:39 -04:00
cketti
3bd9e7edf1 Merge pull request #490 from pylerSM/master
Add 'Show password' check box to account setup screen
2014-08-18 22:30:06 +02:00
pylerSM
a495627d72 Show password feature 2014-08-18 13:06:25 +02:00
cketti
a659393326 Make fields in KeyChainKeyManager final 2014-08-18 05:18:38 +02:00
cketti
ac08f520ae Remove KeyChainKeyManager's dependency on 'K9.app' 2014-08-18 05:08:01 +02:00
cketti
4ce2a56b0c Synchronize access to sClientCertificateReferenceWorkaround
Also, refactor for easier readability.
2014-08-18 04:59:57 +02:00
Joe Steele
c881207295 Use isFinishing() instead
As suggested by @maniac103
https://github.com/k9mail/k-9/commit/41570e4#commitcomment-7388209
2014-08-14 16:22:51 -04:00
Joe Steele
c8f6c4d625 Eliminate searching for '3' in exception message
This was dead code.  The exception message will always start with either
"SMTP response is 0 length" from checkLine() or else "Negative SMTP reply"
from NegativeSmtpReplyException().

The problem originated from way back before 4.904.
2014-08-11 11:08:51 -04:00
Joe Steele
21237c3720 KeyChainKeyManager modifications
The constructor now saves the certificate chain, so the code to retrieve
it again or to perform any additional error checking in
getCertificateChain() is no longer needed.

The constructor now retrieves and saves the private key so that any
resulting errors are detected sooner.

Methods that retrieve the alias perform checks to assure that the client
cert. satisfies the requested issuers and key type.  It's known that
Sendmail may provide a list of issuers in its certificate request, but
then may authenticate against a much larger set of CAs, but then later
reject the mail because the client certificate was not acceptable.
Vetting against the issuer list helps detect such certificate problems
sooner (upon connection) rather than later (upon transmission of mail).
Earlier error detection is necessary so that errors may be presented to
the user during account setup.

Portions of these modifications are based on code from KeyManagerImpl:
https://android.googlesource.com/platform/external/conscrypt/+/master/src/main/java/org/conscrypt/KeyManagerImpl.java
2014-08-11 11:08:26 -04:00
Joe Steele
2b05f90d4d Move KeyChainKeyManager
Move KeyChainKeyManager to com.fsck.k9.net.ssl because it is used by
SslHelper and because the class extends X509ExtendedKeyManager, which is
in javax.net.ssl.
2014-08-11 11:08:24 -04:00
Joe Steele
c5085be2ca Restore view visibility based on restored CheckBox state
The problem can be observed if, when modifying the outgoing server
settings, you change the state of the mRequireLoginView check box,
then change the screen orientation.

This is necessary because the OnCheckChanged listener (which
normally updates the view visibility) is not yet set. (The listeners
are set up after view initialization so that they only fire on
user input.)
2014-08-11 11:08:22 -04:00
Joe Steele
346d903ec3 Only trigger certificate chooser on user input
It should not be triggered when the instance state is restored
with an AuthType spinner selection of EXTERNAL.

The logic here for the AuthType spinner is similar to that of
the parent commit for the SecurityType spinner.
2014-08-11 11:08:20 -04:00
Joe Steele
5d5fab3081 Fix default port setting reversion
The problem:  begin modifying the server settings by changing the security
type (which will change the port to a default value), then change the port
to a custom value, then change screen orientation.  The default port value
is restored, wiping out the custom value.

When onRestoreInstanceState() is called, the custom port value is
restored.  But the spinner doesn't actually restore its state at that
time.  Instead, it waits until View.layout(), at which time it posts a
runnable to call onItemSelected() if the restored state doesn't match the
state initialized in onCreate().  When onItemSelected() is eventually run
sometime later, it wipes out the custom port value that was restored.

The solution is to keep track of the spinner state ourselves and only
revert the port to a default when we see the spinner state changed by the
user.

This problem goes back to 4.904 and before.
2014-08-11 11:07:58 -04:00
Joe Steele
cf3561da5c Trigger certificate chooser when check box checked
For convenience.  Implemented in onCheckChanged().

As a consequence, onCheckChanged() must not be triggered when the instance
state is restored (would occur if the check box state was checked when
saved), otherwise the certificate chooser would pop up once the state was
restored.  Therefore, all listeners have been moved into
initializeViewListeners() which is invoked after the state has been
restored.

Because onCheckChanged() is no longer triggered in
onRestoreInstanceState(), updateViewVisibility() was implemented to
restore the view visibility.
2014-08-11 11:07:56 -04:00
Joe Steele
301ac48a38 Throw CertificateValidationException if EXTERNAL authentication fails
This is done when the SASL EXTERNAL mechanism isn't advertised (indicating
the possibility that the server did not accept the client certificate) or
when the command for authenticating with SASL EXTERNAL fails.

The CertificateValidationException will trigger a notification to the user
that there's an authentication problem that needs addressing.

Also, there were instances where CertificateValidationException was being
thrown with a new CertificateException as the cause for the purpose of
notifying the user when STARTTLS is not available.  This has been slightly
simplified by eliminating the need to include a new CertificateException
as a cause.
2014-08-11 11:07:54 -04:00