fixed problems in certificate validation code (updates in Mono?) Also disabled linking in release to avoid problems.

This commit is contained in:
Philipp Crocoll 2014-02-02 23:36:19 +01:00
parent a765bd125e
commit bc1d5fb5f2
14 changed files with 6152 additions and 1853 deletions

View File

@ -42,9 +42,8 @@
<ItemGroup>
<None Include="Jars\AboutJars.txt" />
<None Include="Additions\AboutAdditions.txt" />
<None Include="libs\armeabi-v7a\libfinal-key.so" />
<None Include="libs\armeabi\libfinal-key.so" />
<None Include="libs\mips\libfinal-key.so" />
<EmbeddedNativeLibrary Include="libs\armeabi-v7a\libfinal-key.so" />
<EmbeddedNativeLibrary Include="libs\armeabi\libfinal-key.so" />
</ItemGroup>
<ItemGroup>
<TransformFile Include="Transforms\Metadata.xml">

View File

@ -20,7 +20,7 @@
<DebugType>full</DebugType>
<Optimize>False</Optimize>
<OutputPath>bin\Debug</OutputPath>
<DefineConstants>DEBUG;EXCLUDE_TWOFISH;EXCLUDE_KEYBOARD;EXCLUDE_FILECHOOSER;EXCLUDE_JAVAFILESTORAGE;EXCLUDE_KEYTRANSFORM</DefineConstants>
<DefineConstants>DEBUG;INCLUDE_TWOFISH;EXCLUDE_KEYBOARD;EXCLUDE_FILECHOOSER;INCLUDE_JAVAFILESTORAGE;INCLUDE_KEYTRANSFORM</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
<ConsolePause>False</ConsolePause>

View File

@ -68,6 +68,8 @@ namespace KeePassLib.Serialization
// get { return m_bSslCertsAcceptInvalid; }
set { m_bSslCertsAcceptInvalid = value; }
}
public static RemoteCertificateValidationCallback CertificateValidationCallback { get; set; }
#endif
// Web request methods
@ -192,11 +194,10 @@ namespace KeePassLib.Serialization
private static void PrepareWebAccess()
{
if(m_bSslCertsAcceptInvalid)
/*
ServicePointManager.ServerCertificateValidationCallback =
IOConnection.AcceptCertificate;
else
ServicePointManager.ServerCertificateValidationCallback = null;
IOConnection.AcceptCertificate;*/
ServicePointManager.ServerCertificateValidationCallback = CertificateValidationCallback;
}
private static IOWebClient CreateWebClient(IOConnectionInfo ioc, bool digestAuth)
@ -361,29 +362,25 @@ namespace KeePassLib.Serialization
public override void Close()
{
base.Close();
try
RepeatWithDigestOnFail(ioc, req =>
{
uploadData(IOConnection.CreateWebClient(ioc, false));
} catch (WebException ex)
{
if ((ex.Response is HttpWebResponse) && (((HttpWebResponse) ex.Response).StatusCode == HttpStatusCode.Unauthorized))
uploadData(IOConnection.CreateWebClient(ioc, true));
else
throw;
}
req.Headers.Add("Translate: f");
if (method != null)
req.Method = method;
var data = this.ToArray();
using (Stream s = req.GetRequestStream())
{
s.Write(data, 0, data.Length);
req.GetResponse();
s.Close();
}
});
}
void uploadData(WebClient webClient)
{
if (method != null)
{
webClient.UploadData(destinationFilePath, method, this.ToArray());
} else
{
webClient.UploadData(destinationFilePath, this.ToArray());
}
}
}
public static Stream OpenWrite(IOConnectionInfo ioc)

View File

@ -1,4 +1,6 @@
using System;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
using Android.App;
using System.IO;
using Android.Content;
@ -14,8 +16,8 @@ namespace keepass2android
/// Interface through which Activities and the logic layer can access some app specific functionalities and Application static data
/// </summary>
/// This also contains methods which are UI specific and should be replacable for testing.
public interface IKp2aApp
{
public interface IKp2aApp
{
/// <summary>
/// Locks the currently open database, quicklocking if available (unless false is passed for allowQuickUnlock)
/// </summary>
@ -24,51 +26,52 @@ namespace keepass2android
/// <summary>
/// Loads the specified data as the currently open database, as unlocked.
/// </summary>
void LoadDatabase(IOConnectionInfo ioConnectionInfo, MemoryStream memoryStream, CompositeKey compKey, ProgressDialogStatusLogger statusLogger, IDatabaseLoader databaseLoader);
void LoadDatabase(IOConnectionInfo ioConnectionInfo, MemoryStream memoryStream, CompositeKey compKey,
ProgressDialogStatusLogger statusLogger, IDatabaseLoader databaseLoader);
/// <summary>
/// Returns the current database
/// </summary>
Database GetDb();
Database GetDb();
/// <summary>
/// Tell the app that the file from ioc was opened with keyfile.
/// </summary>
void StoreOpenedFileAsRecent(IOConnectionInfo ioc, string keyfile);
void StoreOpenedFileAsRecent(IOConnectionInfo ioc, string keyfile);
/// <summary>
/// Creates a new database and returns it
/// </summary>
Database CreateNewDatabase();
Database CreateNewDatabase();
/// <summary>
/// Returns the user-displayable string identified by stringKey
/// </summary>
string GetResourceString(UiStringKey stringKey);
string GetResourceString(UiStringKey stringKey);
/// <summary>
/// Returns the value from the preferences corresponding to key
/// </summary>
bool GetBooleanPreference(PreferenceKey key);
bool GetBooleanPreference(PreferenceKey key);
/// <summary>
/// Asks the user the question "messageKey" with the options Yes/No/Cancel, calls the handler corresponding to the answer.
/// </summary>
void AskYesNoCancel(UiStringKey titleKey, UiStringKey messageKey,
EventHandler<DialogClickEventArgs> yesHandler,
EventHandler<DialogClickEventArgs> noHandler,
EventHandler<DialogClickEventArgs> cancelHandler,
Context ctx);
void AskYesNoCancel(UiStringKey titleKey, UiStringKey messageKey,
EventHandler<DialogClickEventArgs> yesHandler,
EventHandler<DialogClickEventArgs> noHandler,
EventHandler<DialogClickEventArgs> cancelHandler,
Context ctx);
/// <summary>
/// Asks the user the question "messageKey" with the options Yes/No/Cancel, but the yes/no strings can be selected freely, calls the handler corresponding to the answer.
/// </summary>
void AskYesNoCancel(UiStringKey titleKey, UiStringKey messageKey,
UiStringKey yesString, UiStringKey noString,
EventHandler<DialogClickEventArgs> yesHandler,
EventHandler<DialogClickEventArgs> noHandler,
EventHandler<DialogClickEventArgs> cancelHandler,
Context ctx);
UiStringKey yesString, UiStringKey noString,
EventHandler<DialogClickEventArgs> yesHandler,
EventHandler<DialogClickEventArgs> noHandler,
EventHandler<DialogClickEventArgs> cancelHandler,
Context ctx);
/// <summary>
/// Returns a Handler object which can run tasks on the UI thread
@ -84,6 +87,8 @@ namespace keepass2android
/// Handles a failed certificate validation. Returns true if the users wants to continue, false otherwise.
/// see http://msdn.microsoft.com/en-us/library/system.net.icertificatepolicy(v=vs.110).aspx
/// </summary>
bool OnServerCertificateError(int certificateProblem);
}
//bool OnServerCertificateError(int certificateProblem);
RemoteCertificateValidationCallback CertificateValidationCallback { get; }
}
}

View File

@ -37,31 +37,13 @@ namespace keepass2android.Io
private readonly IKp2aApp _app;
class CertificatePolicity: ICertificatePolicy
{
private readonly IKp2aApp _app;
public CertificatePolicity(IKp2aApp app)
{
_app = app;
}
public bool CheckValidationResult(ServicePoint srvPoint, System.Security.Cryptography.X509Certificates.X509Certificate certificate, WebRequest request,
int certificateProblem)
{
if (certificateProblem == 0) //ok
return true;
return _app.OnServerCertificateError(certificateProblem);
}
}
public BuiltInFileStorage(IKp2aApp app)
{
_app = app;
//use the obsolute CertificatePolicy because the ServerCertificateValidationCallback isn't called in Mono for Android (?)
ServicePointManager.CertificatePolicy = new CertificatePolicity(app);
//ServicePointManager.CertificatePolicy = new CertificatePolicity(app);
IOConnection.CertificateValidationCallback = app.CertificateValidationCallback;
}
public IEnumerable<string> SupportedProtocols

View File

@ -20,7 +20,7 @@
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>TRACE;DEBUG;EXCLUDE_TWOFISH;EXCLUDE_KEYBOARD;EXCLUDE_FILECHOOSER;EXCLUDE_JAVAFILESTORAGE;EXCLUDE_KEYTRANSFORM</DefineConstants>
<DefineConstants>TRACE;DEBUG;INCLUDE_TWOFISH;EXCLUDE_KEYBOARD;EXCLUDE_FILECHOOSER;INCLUDE_JAVAFILESTORAGE;INCLUDE_KEYTRANSFORM</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
@ -112,10 +112,22 @@
<Compile Include="Utils\Spr\SprEngine.PickChars.cs" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\JavaFileStorageBindings\JavaFileStorageBindings.csproj">
<Project>{48574278-4779-4b3a-a9e4-9cf1bc285d0b}</Project>
<Name>JavaFileStorageBindings</Name>
</ProjectReference>
<ProjectReference Include="..\KeePassLib2Android\KeePassLib2Android.csproj">
<Project>{545b4a6b-8bba-4fbe-92fc-4ac060122a54}</Project>
<Name>KeePassLib2Android</Name>
</ProjectReference>
<ProjectReference Include="..\KP2AKdbLibraryBinding\KP2AKdbLibraryBinding.csproj">
<Project>{70d3844a-d9fa-4a64-b205-a84c6a822196}</Project>
<Name>KP2AKdbLibraryBinding</Name>
</ProjectReference>
<ProjectReference Include="..\TwofishCipher\TwofishCipher.csproj">
<Project>{5cf675a5-9bee-4720-bed9-d5bf14a2ebf9}</Project>
<Name>TwofishCipher</Name>
</ProjectReference>
</ItemGroup>
<Import Project="$(MSBuildExtensionsPath)\Xamarin\Android\Xamarin.Android.CSharp.targets" />
<!-- To modify your build process, add your task inside one of the targets below and uncomment it.

View File

@ -43,7 +43,10 @@
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
<AndroidUseSharedRuntime>False</AndroidUseSharedRuntime>
<AndroidLinkMode>SdkOnly</AndroidLinkMode>
<AndroidLinkMode>None</AndroidLinkMode>
<AndroidLinkSkip />
<EmbedAssembliesIntoApk>True</EmbedAssembliesIntoApk>
<BundleAssemblies>False</BundleAssemblies>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'ReleaseNoNet|AnyCPU'">
<OutputPath>bin\ReleaseNoNet\</OutputPath>

View File

@ -18,11 +18,12 @@ namespace Kp2aUnitTests
{
TestRunner runner = new TestRunner();
// Run all tests from this assembly
runner.AddTests(Assembly.GetExecutingAssembly());
//runner.AddTests(Assembly.GetExecutingAssembly());
//runner.AddTests(new List<Type> { typeof(TestSynchronizeCachedDatabase)});
//runner.AddTests(typeof(TestLoadDb).GetMethod("LoadErrorWithCertificateTrustFailure"));
//runner.AddTests(typeof(TestLoadDb).GetMethod("LoadWithAcceptedCertificateTrustFailure"));
//runner.AddTests(new List<Type> { typeof(TestLoadDb) });
runner.AddTests(new List<Type> { typeof(TestLoadDb) });
//runner.AddTests(new List<Type> { typeof(TestCachingFileStorage) });
//runner.AddTests(typeof(TestLoadDb).GetMethod("TestLoadKdb1"));
//runner.AddTests(typeof(TestLoadDb).GetMethod("TestLoadWithKeyfileOnly"));

View File

@ -2,6 +2,7 @@
using System.Collections.Generic;
using System.IO;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
using Android.App;
using Android.Content;
using Android.OS;
@ -27,6 +28,7 @@ namespace Kp2aUnitTests
private YesNoCancelResult _yesNoCancelResult = YesNoCancelResult.Yes;
private Dictionary<PreferenceKey, bool> _preferences = new Dictionary<PreferenceKey, bool>();
private int id = new Random().Next(1000);
public void SetShutdown()
{
@ -140,6 +142,7 @@ namespace Kp2aUnitTests
public bool TriggerReloadCalled;
private TestFileStorage _testFileStorage;
private bool _serverCertificateErrorResponse;
public TestKp2aApp()
{
@ -151,13 +154,49 @@ namespace Kp2aUnitTests
TriggerReloadCalled = true;
}
public RemoteCertificateValidationCallback CertificateValidationCallback
{
get
{
Kp2aLog.Log("TESTAPP: " + id + "/ " + ServerCertificateErrorResponse);
if (!ServerCertificateErrorResponse)
{
return (sender, certificate, chain, errors) =>
{
if (errors == SslPolicyErrors.None)
return true;
return false;
};
}
// return null; //default behavior
return (sender, certificate, chain, errors) =>
{
return true;
};
}
}
public bool OnServerCertificateError(int sslPolicyErrors)
{
ServerCertificateErrorCalled = true;
return ServerCertificateErrorResponse;
}
public bool ServerCertificateErrorResponse { get; set; }
public bool ServerCertificateErrorResponse
{
get { return _serverCertificateErrorResponse; }
set {
_serverCertificateErrorResponse = value;
FileStorage = new BuiltInFileStorage(this); // recreate because of possibly changed validation behavior
}
}
protected bool ServerCertificateErrorCalled { get; set; }

View File

@ -261,7 +261,8 @@ namespace Kp2aUnitTests
[TestMethod]
public void FileNotFoundExceptionWithWebDav()
{
var fileStorage = new BuiltInFileStorage(new TestKp2aApp());
var app = new TestKp2aApp();
var fileStorage = app.FileStorage;
//should work:
using (var stream = fileStorage.OpenFileForRead(RemoteIoc1and1))

File diff suppressed because it is too large Load Diff

View File

@ -18,6 +18,7 @@ This file is part of Keepass2Android, Copyright 2013 Philipp Crocoll. This file
using System;
using System.Collections.Generic;
using System.IO;
using System.Net.Security;
using Android.App;
using Android.Content;
using Android.Graphics.Drawables;
@ -419,61 +420,63 @@ namespace keepass2android
});
}
private String GetProblemMessage(BuiltInFileStorage.CertificateProblem problem)
public RemoteCertificateValidationCallback CertificateValidationCallback
{
String problemMessage;
const BuiltInFileStorage.CertificateProblem problemList = new BuiltInFileStorage.CertificateProblem();
string problemCodeName = Enum.GetName(typeof(BuiltInFileStorage.CertificateProblem), problem);
if (problemCodeName != null)
problemMessage = problemCodeName;
else
problemMessage = "Unknown Certificate Problem";
return problemMessage;
get
{
var prefs = PreferenceManager.GetDefaultSharedPreferences(Application.Context);
ValidationMode validationMode = ValidationMode.Warn;
string strValMode = prefs.GetString(Application.Context.Resources.GetString(Resource.String.AcceptAllServerCertificates_key),
Application.Context.Resources.GetString(Resource.String.AcceptAllServerCertificates_default));
if (strValMode == "IGNORE")
validationMode = ValidationMode.Ignore;
else if (strValMode == "ERROR")
validationMode = ValidationMode.Error;
;
switch (validationMode)
{
case ValidationMode.Ignore:
return (sender, certificate, chain, errors) =>
{
ShowToast(Application.Context.GetString(Resource.String.CertificateWarning,
new Java.Lang.Object[]
{
errors.ToString()
}));
return true;
};
case ValidationMode.Warn:
return (sender, certificate, chain, errors) =>
{
return true;
};
case ValidationMode.Error:
return (sender, certificate, chain, errors) =>
{
if (errors == SslPolicyErrors.None)
return true;
return false;
};;
default:
throw new ArgumentOutOfRangeException();
}
}
}
enum ValidationMode
{
Ignore, Warn, Error
}
public bool OnServerCertificateError(int certificateProblem)
{
var prefs = PreferenceManager.GetDefaultSharedPreferences(Application.Context);
ValidationMode validationMode = ValidationMode.Warn;
string strValMode = prefs.GetString(Application.Context.Resources.GetString(Resource.String.AcceptAllServerCertificates_key),
Application.Context.Resources.GetString(Resource.String.AcceptAllServerCertificates_default));
if (strValMode == "IGNORE")
validationMode = ValidationMode.Ignore;
else if (strValMode == "ERROR")
validationMode = ValidationMode.Error;
;
switch (validationMode)
{
case ValidationMode.Ignore:
return true;
case ValidationMode.Warn:
ShowToast(Application.Context.GetString(Resource.String.CertificateWarning,
new Java.Lang.Object[]
{
GetProblemMessage(
(BuiltInFileStorage.CertificateProblem)
(System.UInt32) certificateProblem)
}));
return true;
case ValidationMode.Error:
return false;
default:
throw new ArgumentOutOfRangeException();
}
}
internal void OnTerminate()
{

View File

@ -50,7 +50,7 @@
<WarningLevel>4</WarningLevel>
<AndroidUseSharedRuntime>False</AndroidUseSharedRuntime>
<ConsolePause>False</ConsolePause>
<AndroidLinkMode>SdkOnly</AndroidLinkMode>
<AndroidLinkMode>None</AndroidLinkMode>
<AndroidSupportedAbis>armeabi,armeabi-v7a</AndroidSupportedAbis>
<CustomCommands>
<CustomCommands>
@ -59,6 +59,9 @@
</CustomCommands>
<DeployExternal>True</DeployExternal>
<DefineConstants>RELEASE</DefineConstants>
<AndroidLinkSkip />
<EmbedAssembliesIntoApk>True</EmbedAssembliesIntoApk>
<BundleAssemblies>False</BundleAssemblies>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'ReleaseNoNet|AnyCPU' ">
<DebugType>none</DebugType>
@ -173,12 +176,6 @@
<AndroidAsset Include="Assets\fontawesome-webfont.ttf" />
<AndroidAsset Include="Assets\DejaVuSansMono.ttf" />
<AndroidAsset Include="Assets\LICENSE_dejavu" />
<AndroidNativeLibrary Include="..\java\KP2AKdbLibrary\libs\armeabi-v7a\libfinal-key.so">
<Link>libs\armeabi-v7a\libfinal-key.so</Link>
</AndroidNativeLibrary>
<AndroidNativeLibrary Include="..\java\KP2AKdbLibrary\libs\armeabi\libfinal-key.so">
<Link>libs\armeabi\libfinal-key.so</Link>
</AndroidNativeLibrary>
<None Include="Resources\AboutResources.txt" />
<AndroidResource Include="Resources\drawable-hdpi\Thumbs.db" />
<None Include="Resources\drawable\Thumbs.db">
@ -663,10 +660,23 @@
</ItemGroup>
<Import Project="$(MSBuildExtensionsPath)\Novell\Novell.MonoDroid.CSharp.targets" />
<ItemGroup>
<Folder Include="libs\" />
<Folder Include="Resources\color\" />
<Folder Include="SupportLib\" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\AndroidFileChooserBinding\AndroidFileChooserBinding.csproj">
<Project>{3c0f7fe5-639f-4422-a087-8b26cf862d1b}</Project>
<Name>AndroidFileChooserBinding</Name>
</ProjectReference>
<ProjectReference Include="..\AppCompatV7Binding\AppCompatV7Binding.csproj">
<Project>{23233a28-d74f-4bf8-b4d8-834060840bd7}</Project>
<Name>AppCompatV7Binding</Name>
</ProjectReference>
<ProjectReference Include="..\JavaFileStorageBindings\JavaFileStorageBindings.csproj">
<Project>{48574278-4779-4b3a-a9e4-9cf1bc285d0b}</Project>
<Name>JavaFileStorageBindings</Name>
</ProjectReference>
<ProjectReference Include="..\KeePassLib2Android\KeePassLib2Android.csproj">
<Project>{545B4A6B-8BBA-4FBE-92FC-4AC060122A54}</Project>
<Name>KeePassLib2Android</Name>
@ -675,6 +685,18 @@
<Project>{53A9CB7F-6553-4BC0-B56B-9410BB2E59AA}</Project>
<Name>Kp2aBusinessLogic</Name>
</ProjectReference>
<ProjectReference Include="..\KP2AKdbLibraryBinding\KP2AKdbLibraryBinding.csproj">
<Project>{70d3844a-d9fa-4a64-b205-a84c6a822196}</Project>
<Name>KP2AKdbLibraryBinding</Name>
</ProjectReference>
<ProjectReference Include="..\Kp2aKeyboardBinding\Kp2aKeyboardBinding.csproj">
<Project>{a8779d4d-7c49-4c2f-82bd-2cdc448391da}</Project>
<Name>Kp2aKeyboardBinding</Name>
</ProjectReference>
<ProjectReference Include="..\TwofishCipher\TwofishCipher.csproj">
<Project>{5cf675a5-9bee-4720-bed9-d5bf14a2ebf9}</Project>
<Name>TwofishCipher</Name>
</ProjectReference>
</ItemGroup>
<ProjectExtensions>
<MonoDevelop>