2013-05-28 09:10:36 -04:00
|
|
|
/*
|
2013-05-28 16:48:42 -04:00
|
|
|
* Copyright (C) 2013 Dominik Schürmann <dominik@dominikschuermann.de>
|
2013-05-28 09:10:36 -04:00
|
|
|
*
|
2013-09-06 10:17:01 -04:00
|
|
|
* This program is free software: you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
|
|
|
* (at your option) any later version.
|
2013-05-28 09:10:36 -04:00
|
|
|
*
|
2013-09-06 10:17:01 -04:00
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
2013-05-28 09:10:36 -04:00
|
|
|
*
|
2013-09-06 10:17:01 -04:00
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
2013-05-28 09:10:36 -04:00
|
|
|
*/
|
|
|
|
|
|
2013-07-01 17:23:53 -04:00
|
|
|
package org.sufficientlysecure.keychain.remote_api;
|
2013-05-28 09:10:36 -04:00
|
|
|
|
|
|
|
|
import java.io.ByteArrayInputStream;
|
|
|
|
|
import java.io.ByteArrayOutputStream;
|
|
|
|
|
import java.io.InputStream;
|
|
|
|
|
import java.io.OutputStream;
|
2013-06-17 09:52:09 -04:00
|
|
|
import java.util.ArrayList;
|
|
|
|
|
import java.util.concurrent.ArrayBlockingQueue;
|
|
|
|
|
import java.util.concurrent.TimeUnit;
|
2013-05-29 09:58:50 -04:00
|
|
|
|
|
|
|
|
import org.openintents.crypto.CryptoError;
|
|
|
|
|
import org.openintents.crypto.CryptoSignatureResult;
|
2013-09-08 10:08:36 -04:00
|
|
|
import org.openintents.crypto.ICryptoCallback;
|
|
|
|
|
import org.openintents.crypto.ICryptoService;
|
2013-05-28 09:10:36 -04:00
|
|
|
import org.sufficientlysecure.keychain.Constants;
|
|
|
|
|
import org.sufficientlysecure.keychain.Id;
|
|
|
|
|
import org.sufficientlysecure.keychain.R;
|
2013-09-08 10:08:36 -04:00
|
|
|
import org.sufficientlysecure.keychain.helper.PgpMain;
|
2013-09-08 12:21:04 -04:00
|
|
|
import org.sufficientlysecure.keychain.helper.Preferences;
|
2013-09-06 07:48:27 -04:00
|
|
|
import org.sufficientlysecure.keychain.provider.KeychainContract;
|
2013-06-17 09:52:09 -04:00
|
|
|
import org.sufficientlysecure.keychain.provider.ProviderHelper;
|
2013-05-28 09:10:36 -04:00
|
|
|
import org.sufficientlysecure.keychain.service.KeychainIntentService;
|
|
|
|
|
import org.sufficientlysecure.keychain.service.PassphraseCacheService;
|
2013-09-08 10:08:36 -04:00
|
|
|
import org.sufficientlysecure.keychain.util.InputData;
|
|
|
|
|
import org.sufficientlysecure.keychain.util.Log;
|
2013-06-17 09:52:09 -04:00
|
|
|
import org.sufficientlysecure.keychain.util.PausableThreadPoolExecutor;
|
2013-05-28 09:10:36 -04:00
|
|
|
|
|
|
|
|
import android.app.Service;
|
|
|
|
|
import android.content.Context;
|
|
|
|
|
import android.content.Intent;
|
2013-09-06 12:36:16 -04:00
|
|
|
import android.database.Cursor;
|
2013-09-06 07:48:27 -04:00
|
|
|
import android.net.Uri;
|
2013-06-17 09:52:09 -04:00
|
|
|
import android.os.Binder;
|
2013-05-28 09:10:36 -04:00
|
|
|
import android.os.Bundle;
|
|
|
|
|
import android.os.IBinder;
|
|
|
|
|
import android.os.RemoteException;
|
|
|
|
|
|
|
|
|
|
public class CryptoService extends Service {
|
|
|
|
|
Context mContext;
|
|
|
|
|
|
2013-06-17 09:52:09 -04:00
|
|
|
// just one pool of 4 threads, pause on every user action needed
|
|
|
|
|
final ArrayBlockingQueue<Runnable> mPoolQueue = new ArrayBlockingQueue<Runnable>(20);
|
2013-09-08 13:24:47 -04:00
|
|
|
// TODO: Are these parameters okay?
|
|
|
|
|
PausableThreadPoolExecutor mThreadPool = new PausableThreadPoolExecutor(2, 4, 10,
|
2013-06-17 09:52:09 -04:00
|
|
|
TimeUnit.SECONDS, mPoolQueue);
|
|
|
|
|
|
2013-09-08 13:24:47 -04:00
|
|
|
final Object userInputLock = new Object();
|
|
|
|
|
|
2013-06-17 10:05:39 -04:00
|
|
|
public static final String ACTION_SERVICE_ACTIVITY = "org.sufficientlysecure.keychain.crypto_provider.IServiceActivityCallback";
|
2013-06-17 09:52:09 -04:00
|
|
|
|
2013-05-28 09:10:36 -04:00
|
|
|
@Override
|
|
|
|
|
public void onCreate() {
|
|
|
|
|
super.onCreate();
|
|
|
|
|
mContext = this;
|
2013-05-28 16:48:42 -04:00
|
|
|
Log.d(Constants.TAG, "CryptoService, onCreate()");
|
2013-05-28 09:10:36 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
|
public void onDestroy() {
|
|
|
|
|
super.onDestroy();
|
2013-05-28 16:48:42 -04:00
|
|
|
Log.d(Constants.TAG, "CryptoService, onDestroy()");
|
2013-05-28 09:10:36 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
|
public IBinder onBind(Intent intent) {
|
2013-06-17 09:52:09 -04:00
|
|
|
// return different binder for connections from internal service activity
|
|
|
|
|
if (ACTION_SERVICE_ACTIVITY.equals(intent.getAction())) {
|
|
|
|
|
|
|
|
|
|
// this binder can only be used from OpenPGP Keychain
|
2013-09-06 05:55:08 -04:00
|
|
|
if (isCallerAllowed(true)) {
|
2013-06-17 09:52:09 -04:00
|
|
|
return mBinderServiceActivity;
|
|
|
|
|
} else {
|
|
|
|
|
Log.e(Constants.TAG, "This binder can only be used from " + Constants.PACKAGE_NAME);
|
|
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
return mBinder;
|
|
|
|
|
}
|
2013-05-28 09:10:36 -04:00
|
|
|
}
|
|
|
|
|
|
2013-09-06 07:48:27 -04:00
|
|
|
private String getCachedPassphrase(long keyId) {
|
|
|
|
|
String passphrase = PassphraseCacheService.getCachedPassphrase(mContext, keyId);
|
|
|
|
|
|
|
|
|
|
if (passphrase == null) {
|
|
|
|
|
Log.d(Constants.TAG, "No passphrase! Activity required!");
|
|
|
|
|
|
|
|
|
|
// start passphrase dialog
|
|
|
|
|
Bundle extras = new Bundle();
|
|
|
|
|
extras.putLong(CryptoServiceActivity.EXTRA_SECRET_KEY_ID, keyId);
|
|
|
|
|
pauseQueueAndStartServiceActivity(CryptoServiceActivity.ACTION_CACHE_PASSPHRASE, extras);
|
2013-09-08 12:21:04 -04:00
|
|
|
|
|
|
|
|
// get again after it was entered
|
|
|
|
|
passphrase = PassphraseCacheService.getCachedPassphrase(mContext, keyId);
|
2013-09-06 07:48:27 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return passphrase;
|
|
|
|
|
}
|
|
|
|
|
|
2013-09-06 12:54:55 -04:00
|
|
|
/**
|
|
|
|
|
* Search database for key ids based on emails.
|
|
|
|
|
*
|
|
|
|
|
* @param encryptionUserIds
|
|
|
|
|
* @return
|
|
|
|
|
*/
|
2013-09-08 11:04:33 -04:00
|
|
|
private long[] getKeyIdsFromEmails(String[] encryptionUserIds, long ownKeyId) {
|
2013-09-06 12:54:55 -04:00
|
|
|
// find key ids to given emails in database
|
|
|
|
|
boolean manySameUserIds = false;
|
|
|
|
|
boolean missingUserIds = false;
|
|
|
|
|
ArrayList<Long> keyIds = new ArrayList<Long>();
|
|
|
|
|
for (String email : encryptionUserIds) {
|
|
|
|
|
Uri uri = KeychainContract.KeyRings.buildPublicKeyRingsByEmailsUri(email);
|
|
|
|
|
Cursor cur = getContentResolver().query(uri, null, null, null, null);
|
|
|
|
|
if (cur.moveToFirst()) {
|
|
|
|
|
long id = cur.getLong(cur.getColumnIndex(KeychainContract.KeyRings.MASTER_KEY_ID));
|
|
|
|
|
keyIds.add(id);
|
|
|
|
|
} else {
|
|
|
|
|
missingUserIds = true;
|
|
|
|
|
Log.d(Constants.TAG, "user id missing");
|
|
|
|
|
}
|
|
|
|
|
if (cur.moveToNext()) {
|
|
|
|
|
manySameUserIds = true;
|
|
|
|
|
Log.d(Constants.TAG, "more than one user id with the same email");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2013-09-08 11:04:33 -04:00
|
|
|
// also encrypt to our self (so that we can decrypt it later!)
|
|
|
|
|
keyIds.add(ownKeyId);
|
2013-09-06 12:54:55 -04:00
|
|
|
|
2013-09-08 11:04:33 -04:00
|
|
|
// convert o long[]
|
|
|
|
|
long[] keyIdsArray = new long[keyIds.size()];
|
|
|
|
|
for (int i = 0; i < keyIdsArray.length; i++) {
|
|
|
|
|
keyIdsArray[i] = keyIds.get(i);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (missingUserIds || manySameUserIds) {
|
|
|
|
|
Bundle extras = new Bundle();
|
|
|
|
|
extras.putLongArray(CryptoServiceActivity.EXTRA_SELECTED_MASTER_KEY_IDS, keyIdsArray);
|
|
|
|
|
pauseQueueAndStartServiceActivity(CryptoServiceActivity.ACTION_SELECT_PUB_KEYS, extras);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return keyIdsArray;
|
2013-09-06 12:54:55 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private synchronized void encryptAndSignSafe(byte[] inputBytes, String[] encryptionUserIds,
|
|
|
|
|
ICryptoCallback callback, AppSettings appSettings, boolean sign) throws RemoteException {
|
2013-06-17 13:51:41 -04:00
|
|
|
try {
|
|
|
|
|
// build InputData and write into OutputStream
|
|
|
|
|
InputStream inputStream = new ByteArrayInputStream(inputBytes);
|
|
|
|
|
long inputLength = inputBytes.length;
|
|
|
|
|
InputData inputData = new InputData(inputStream, inputLength);
|
|
|
|
|
|
2013-09-06 07:48:27 -04:00
|
|
|
OutputStream outputStream = new ByteArrayOutputStream();
|
|
|
|
|
|
2013-09-08 11:04:33 -04:00
|
|
|
long[] keyIds = getKeyIdsFromEmails(encryptionUserIds, appSettings.getKeyId());
|
2013-09-06 07:48:27 -04:00
|
|
|
|
2013-09-06 12:54:55 -04:00
|
|
|
if (sign) {
|
2013-09-08 12:21:04 -04:00
|
|
|
String passphrase = getCachedPassphrase(appSettings.getKeyId());
|
|
|
|
|
|
2013-09-06 12:54:55 -04:00
|
|
|
PgpMain.encryptAndSign(mContext, null, inputData, outputStream,
|
|
|
|
|
appSettings.isAsciiArmor(), appSettings.getCompression(), keyIds, null,
|
|
|
|
|
appSettings.getEncryptionAlgorithm(), appSettings.getKeyId(),
|
|
|
|
|
appSettings.getHashAlgorithm(), true, passphrase);
|
|
|
|
|
} else {
|
|
|
|
|
PgpMain.encryptAndSign(mContext, null, inputData, outputStream,
|
|
|
|
|
appSettings.isAsciiArmor(), appSettings.getCompression(), keyIds, null,
|
|
|
|
|
appSettings.getEncryptionAlgorithm(), Id.key.none,
|
|
|
|
|
appSettings.getHashAlgorithm(), true, null);
|
|
|
|
|
}
|
2013-06-17 13:51:41 -04:00
|
|
|
|
2013-09-06 07:48:27 -04:00
|
|
|
outputStream.close();
|
2013-06-17 13:51:41 -04:00
|
|
|
|
2013-09-06 07:48:27 -04:00
|
|
|
byte[] outputBytes = ((ByteArrayOutputStream) outputStream).toByteArray();
|
2013-06-17 13:51:41 -04:00
|
|
|
|
2013-09-06 07:48:27 -04:00
|
|
|
// return over handler on client side
|
|
|
|
|
callback.onSuccess(outputBytes, null);
|
2013-06-17 13:51:41 -04:00
|
|
|
} catch (Exception e) {
|
|
|
|
|
Log.e(Constants.TAG, "KeychainService, Exception!", e);
|
|
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
callback.onError(new CryptoError(0, e.getMessage()));
|
|
|
|
|
} catch (Exception t) {
|
|
|
|
|
Log.e(Constants.TAG, "Error returning exception to client", t);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2013-09-06 12:54:55 -04:00
|
|
|
private void signSafe(byte[] inputBytes, ICryptoCallback callback, AppSettings appSettings)
|
2013-05-28 16:48:42 -04:00
|
|
|
throws RemoteException {
|
2013-09-08 12:21:04 -04:00
|
|
|
try {
|
|
|
|
|
Log.d(Constants.TAG, "current therad id: " + Thread.currentThread().getId());
|
|
|
|
|
|
|
|
|
|
// build InputData and write into OutputStream
|
|
|
|
|
InputStream inputStream = new ByteArrayInputStream(inputBytes);
|
|
|
|
|
long inputLength = inputBytes.length;
|
|
|
|
|
InputData inputData = new InputData(inputStream, inputLength);
|
|
|
|
|
|
|
|
|
|
OutputStream outputStream = new ByteArrayOutputStream();
|
|
|
|
|
|
|
|
|
|
String passphrase = getCachedPassphrase(appSettings.getKeyId());
|
|
|
|
|
|
|
|
|
|
PgpMain.signText(this, null, inputData, outputStream, appSettings.getKeyId(),
|
|
|
|
|
passphrase, appSettings.getHashAlgorithm(), Preferences.getPreferences(this)
|
|
|
|
|
.getForceV3Signatures());
|
|
|
|
|
|
|
|
|
|
outputStream.close();
|
|
|
|
|
|
|
|
|
|
byte[] outputBytes = ((ByteArrayOutputStream) outputStream).toByteArray();
|
|
|
|
|
|
|
|
|
|
// return over handler on client side
|
|
|
|
|
callback.onSuccess(outputBytes, null);
|
|
|
|
|
} catch (Exception e) {
|
|
|
|
|
Log.e(Constants.TAG, "KeychainService, Exception!", e);
|
|
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
callback.onError(new CryptoError(0, e.getMessage()));
|
|
|
|
|
} catch (Exception t) {
|
|
|
|
|
Log.e(Constants.TAG, "Error returning exception to client", t);
|
|
|
|
|
}
|
|
|
|
|
}
|
2013-09-06 12:36:16 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private synchronized void decryptAndVerifySafe(byte[] inputBytes, ICryptoCallback callback,
|
|
|
|
|
AppSettings appSettings) throws RemoteException {
|
2013-05-28 09:10:36 -04:00
|
|
|
try {
|
|
|
|
|
// build InputData and write into OutputStream
|
|
|
|
|
InputStream inputStream = new ByteArrayInputStream(inputBytes);
|
|
|
|
|
long inputLength = inputBytes.length;
|
2013-05-28 16:48:42 -04:00
|
|
|
InputData inputData = new InputData(inputStream, inputLength);
|
2013-05-28 09:10:36 -04:00
|
|
|
|
2013-09-08 09:30:05 -04:00
|
|
|
Log.d(Constants.TAG, "in: " + new String(inputBytes));
|
|
|
|
|
|
2013-05-28 16:48:42 -04:00
|
|
|
OutputStream outputStream = new ByteArrayOutputStream();
|
2013-05-28 09:10:36 -04:00
|
|
|
|
2013-09-06 07:48:27 -04:00
|
|
|
// TODO: This allows to decrypt messages with ALL secret keys, not only the one for the
|
|
|
|
|
// app, Fix this?
|
2013-05-28 16:48:42 -04:00
|
|
|
long secretKeyId = PgpMain.getDecryptionKeyId(mContext, inputStream);
|
|
|
|
|
if (secretKeyId == Id.key.none) {
|
|
|
|
|
throw new PgpMain.PgpGeneralException(getString(R.string.error_noSecretKeyFound));
|
|
|
|
|
}
|
2013-06-17 09:52:09 -04:00
|
|
|
|
|
|
|
|
Log.d(Constants.TAG, "Got input:\n" + new String(inputBytes));
|
2013-05-28 09:10:36 -04:00
|
|
|
|
2013-05-28 16:48:42 -04:00
|
|
|
Log.d(Constants.TAG, "secretKeyId " + secretKeyId);
|
2013-05-28 09:10:36 -04:00
|
|
|
|
2013-09-06 07:48:27 -04:00
|
|
|
String passphrase = getCachedPassphrase(secretKeyId);
|
2013-05-28 09:10:36 -04:00
|
|
|
|
2013-05-28 16:48:42 -04:00
|
|
|
// if (signedOnly) {
|
|
|
|
|
// resultData = PgpMain.verifyText(this, this, inputData, outStream,
|
|
|
|
|
// lookupUnknownKey);
|
|
|
|
|
// } else {
|
|
|
|
|
// resultData = PgpMain.decryptAndVerify(this, this, inputData, outStream,
|
|
|
|
|
// PassphraseCacheService.getCachedPassphrase(this, secretKeyId),
|
|
|
|
|
// assumeSymmetricEncryption);
|
|
|
|
|
// }
|
2013-05-28 09:10:36 -04:00
|
|
|
|
|
|
|
|
Bundle outputBundle = PgpMain.decryptAndVerify(mContext, null, inputData, outputStream,
|
2013-05-28 16:48:42 -04:00
|
|
|
passphrase, false);
|
2013-05-28 09:10:36 -04:00
|
|
|
|
|
|
|
|
outputStream.close();
|
|
|
|
|
|
|
|
|
|
byte[] outputBytes = ((ByteArrayOutputStream) outputStream).toByteArray();
|
|
|
|
|
|
|
|
|
|
// get signature informations from bundle
|
|
|
|
|
boolean signature = outputBundle.getBoolean(KeychainIntentService.RESULT_SIGNATURE);
|
|
|
|
|
long signatureKeyId = outputBundle
|
|
|
|
|
.getLong(KeychainIntentService.RESULT_SIGNATURE_KEY_ID);
|
|
|
|
|
String signatureUserId = outputBundle
|
|
|
|
|
.getString(KeychainIntentService.RESULT_SIGNATURE_USER_ID);
|
|
|
|
|
boolean signatureSuccess = outputBundle
|
|
|
|
|
.getBoolean(KeychainIntentService.RESULT_SIGNATURE_SUCCESS);
|
|
|
|
|
boolean signatureUnknown = outputBundle
|
|
|
|
|
.getBoolean(KeychainIntentService.RESULT_SIGNATURE_UNKNOWN);
|
|
|
|
|
|
2013-05-28 16:48:42 -04:00
|
|
|
CryptoSignatureResult sigResult = new CryptoSignatureResult(signatureUserId, signature,
|
2013-05-28 09:10:36 -04:00
|
|
|
signatureSuccess, signatureUnknown);
|
|
|
|
|
|
2013-05-28 16:48:42 -04:00
|
|
|
// return over handler on client side
|
2013-07-01 17:19:53 -04:00
|
|
|
callback.onSuccess(outputBytes, sigResult);
|
2013-05-28 09:10:36 -04:00
|
|
|
} catch (Exception e) {
|
|
|
|
|
Log.e(Constants.TAG, "KeychainService, Exception!", e);
|
|
|
|
|
|
|
|
|
|
try {
|
2013-05-28 16:48:42 -04:00
|
|
|
callback.onError(new CryptoError(0, e.getMessage()));
|
2013-05-28 09:10:36 -04:00
|
|
|
} catch (Exception t) {
|
|
|
|
|
Log.e(Constants.TAG, "Error returning exception to client", t);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private final ICryptoService.Stub mBinder = new ICryptoService.Stub() {
|
|
|
|
|
|
|
|
|
|
@Override
|
2013-06-17 13:51:41 -04:00
|
|
|
public void encrypt(final byte[] inputBytes, final String[] encryptionUserIds,
|
|
|
|
|
final ICryptoCallback callback) throws RemoteException {
|
2013-05-28 09:10:36 -04:00
|
|
|
|
2013-09-06 07:48:27 -04:00
|
|
|
final AppSettings settings = getAppSettings();
|
|
|
|
|
|
2013-06-17 13:51:41 -04:00
|
|
|
Runnable r = new Runnable() {
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
|
public void run() {
|
|
|
|
|
try {
|
2013-09-06 12:54:55 -04:00
|
|
|
encryptAndSignSafe(inputBytes, encryptionUserIds, callback, settings, false);
|
2013-06-17 13:51:41 -04:00
|
|
|
} catch (RemoteException e) {
|
|
|
|
|
Log.e(Constants.TAG, "CryptoService", e);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
checkAndEnqueue(r);
|
2013-05-28 09:10:36 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Override
|
2013-09-06 12:36:16 -04:00
|
|
|
public void encryptAndSign(final byte[] inputBytes, final String[] encryptionUserIds,
|
2013-09-06 12:54:55 -04:00
|
|
|
final ICryptoCallback callback) throws RemoteException {
|
2013-09-06 12:36:16 -04:00
|
|
|
|
|
|
|
|
final AppSettings settings = getAppSettings();
|
|
|
|
|
|
|
|
|
|
Runnable r = new Runnable() {
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
|
public void run() {
|
|
|
|
|
try {
|
2013-09-06 12:54:55 -04:00
|
|
|
encryptAndSignSafe(inputBytes, encryptionUserIds, callback, settings, true);
|
2013-09-06 12:36:16 -04:00
|
|
|
} catch (RemoteException e) {
|
|
|
|
|
Log.e(Constants.TAG, "CryptoService", e);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
checkAndEnqueue(r);
|
2013-05-28 09:10:36 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Override
|
2013-09-06 12:54:55 -04:00
|
|
|
public void sign(final byte[] inputBytes, final ICryptoCallback callback)
|
2013-05-28 09:10:36 -04:00
|
|
|
throws RemoteException {
|
2013-09-06 12:54:55 -04:00
|
|
|
final AppSettings settings = getAppSettings();
|
|
|
|
|
|
|
|
|
|
Runnable r = new Runnable() {
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
|
public void run() {
|
|
|
|
|
try {
|
|
|
|
|
signSafe(inputBytes, callback, settings);
|
|
|
|
|
} catch (RemoteException e) {
|
|
|
|
|
Log.e(Constants.TAG, "CryptoService", e);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
checkAndEnqueue(r);
|
2013-05-28 09:10:36 -04:00
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Override
|
2013-06-17 09:52:09 -04:00
|
|
|
public void decryptAndVerify(final byte[] inputBytes, final ICryptoCallback callback)
|
2013-05-28 09:10:36 -04:00
|
|
|
throws RemoteException {
|
2013-06-17 09:52:09 -04:00
|
|
|
|
2013-09-06 12:36:16 -04:00
|
|
|
final AppSettings settings = getAppSettings();
|
|
|
|
|
|
2013-06-17 09:52:09 -04:00
|
|
|
Runnable r = new Runnable() {
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
|
public void run() {
|
|
|
|
|
try {
|
2013-09-06 12:36:16 -04:00
|
|
|
decryptAndVerifySafe(inputBytes, callback, settings);
|
2013-06-17 09:52:09 -04:00
|
|
|
} catch (RemoteException e) {
|
|
|
|
|
Log.e(Constants.TAG, "CryptoService", e);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
checkAndEnqueue(r);
|
2013-05-28 09:10:36 -04:00
|
|
|
}
|
|
|
|
|
|
2013-09-08 12:21:04 -04:00
|
|
|
// @Override
|
|
|
|
|
// public void setup(boolean asciiArmor, boolean newKeyring, String newKeyringUserId)
|
|
|
|
|
// throws RemoteException {
|
|
|
|
|
//
|
|
|
|
|
//
|
|
|
|
|
// }
|
2013-07-01 17:19:53 -04:00
|
|
|
|
2013-05-28 09:10:36 -04:00
|
|
|
};
|
|
|
|
|
|
2013-06-17 10:05:39 -04:00
|
|
|
private final IServiceActivityCallback.Stub mBinderServiceActivity = new IServiceActivityCallback.Stub() {
|
2013-06-17 09:52:09 -04:00
|
|
|
|
|
|
|
|
@Override
|
2013-07-25 10:25:20 -04:00
|
|
|
public void onRegistered(boolean success, String packageName) throws RemoteException {
|
2013-09-08 12:21:04 -04:00
|
|
|
Log.d(Constants.TAG, "current therad id: " + Thread.currentThread().getId());
|
2013-06-17 10:59:27 -04:00
|
|
|
|
2013-06-17 09:52:09 -04:00
|
|
|
if (success) {
|
|
|
|
|
// resume threads
|
2013-09-06 05:55:08 -04:00
|
|
|
if (isPackageAllowed(packageName, false)) {
|
2013-06-17 09:52:09 -04:00
|
|
|
mThreadPool.resume();
|
|
|
|
|
} else {
|
|
|
|
|
// TODO: should not happen?
|
2013-09-08 12:21:04 -04:00
|
|
|
mThreadPool.shutdownNow();
|
2013-06-17 09:52:09 -04:00
|
|
|
}
|
|
|
|
|
} else {
|
2013-09-08 12:21:04 -04:00
|
|
|
mThreadPool.resume();
|
2013-06-17 09:52:09 -04:00
|
|
|
// TODO
|
2013-09-08 12:21:04 -04:00
|
|
|
// mPoolQueue.clear();
|
|
|
|
|
// mPoolQueue.re
|
|
|
|
|
// mThreadPool.
|
2013-06-17 09:52:09 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Override
|
2013-07-25 10:25:20 -04:00
|
|
|
public void onCachedPassphrase(boolean success) throws RemoteException {
|
2013-09-08 12:21:04 -04:00
|
|
|
Log.d(Constants.TAG, "current therad id: " + Thread.currentThread().getId());
|
|
|
|
|
mThreadPool.resume();
|
2013-09-08 13:24:47 -04:00
|
|
|
|
|
|
|
|
synchronized (userInputLock) {
|
|
|
|
|
userInputLock.notifyAll();
|
|
|
|
|
}
|
2013-06-17 09:52:09 -04:00
|
|
|
}
|
|
|
|
|
|
2013-09-08 09:30:05 -04:00
|
|
|
@Override
|
|
|
|
|
public void onSelectedPublicKeys(long[] keyIds) throws RemoteException {
|
2013-09-08 13:24:47 -04:00
|
|
|
mThreadPool.resume();
|
2013-09-08 11:04:33 -04:00
|
|
|
|
2013-09-08 09:30:05 -04:00
|
|
|
}
|
|
|
|
|
|
2013-06-17 09:52:09 -04:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
private void checkAndEnqueue(Runnable r) {
|
2013-09-06 05:55:08 -04:00
|
|
|
if (isCallerAllowed(false)) {
|
2013-06-17 09:52:09 -04:00
|
|
|
mThreadPool.execute(r);
|
|
|
|
|
|
|
|
|
|
Log.d(Constants.TAG, "Enqueued runnable…");
|
|
|
|
|
} else {
|
2013-06-17 10:59:27 -04:00
|
|
|
String[] callingPackages = getPackageManager()
|
|
|
|
|
.getPackagesForUid(Binder.getCallingUid());
|
|
|
|
|
|
|
|
|
|
Log.e(Constants.TAG, "Not allowed to use service! Starting activity for registration!");
|
|
|
|
|
Bundle extras = new Bundle();
|
|
|
|
|
// TODO: currently simply uses first entry
|
2013-09-06 05:55:08 -04:00
|
|
|
extras.putString(CryptoServiceActivity.EXTRA_PACKAGE_NAME, callingPackages[0]);
|
|
|
|
|
pauseQueueAndStartServiceActivity(CryptoServiceActivity.ACTION_REGISTER, extras);
|
2013-06-17 10:59:27 -04:00
|
|
|
|
2013-06-17 09:52:09 -04:00
|
|
|
mThreadPool.execute(r);
|
|
|
|
|
|
|
|
|
|
Log.d(Constants.TAG, "Enqueued runnable…");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Checks if process that binds to this service (i.e. the package name corresponding to the
|
|
|
|
|
* process) is in the list of allowed package names.
|
|
|
|
|
*
|
2013-09-06 05:55:08 -04:00
|
|
|
* @param allowOnlySelf
|
|
|
|
|
* allow only Keychain app itself
|
2013-06-17 09:52:09 -04:00
|
|
|
* @return true if process is allowed to use this service
|
|
|
|
|
*/
|
2013-09-06 05:55:08 -04:00
|
|
|
private boolean isCallerAllowed(boolean allowOnlySelf) {
|
2013-06-17 09:52:09 -04:00
|
|
|
String[] callingPackages = getPackageManager().getPackagesForUid(Binder.getCallingUid());
|
|
|
|
|
|
|
|
|
|
// is calling package allowed to use this service?
|
|
|
|
|
for (int i = 0; i < callingPackages.length; i++) {
|
|
|
|
|
String currentPkg = callingPackages[i];
|
|
|
|
|
|
2013-09-06 05:55:08 -04:00
|
|
|
if (isPackageAllowed(currentPkg, allowOnlySelf)) {
|
2013-06-17 09:52:09 -04:00
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
}
|
2013-06-17 10:59:27 -04:00
|
|
|
|
2013-06-17 09:52:09 -04:00
|
|
|
Log.d(Constants.TAG, "Caller is NOT allowed!");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2013-09-06 07:48:27 -04:00
|
|
|
private AppSettings getAppSettings() {
|
|
|
|
|
String[] callingPackages = getPackageManager().getPackagesForUid(Binder.getCallingUid());
|
|
|
|
|
|
|
|
|
|
// is calling package allowed to use this service?
|
|
|
|
|
for (int i = 0; i < callingPackages.length; i++) {
|
|
|
|
|
String currentPkg = callingPackages[i];
|
|
|
|
|
|
|
|
|
|
Uri uri = KeychainContract.ApiApps.buildByPackageNameUri(currentPkg);
|
|
|
|
|
|
|
|
|
|
AppSettings settings = ProviderHelper.getApiAppSettings(this, uri);
|
|
|
|
|
|
|
|
|
|
return settings;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
|
2013-09-06 05:55:08 -04:00
|
|
|
/**
|
|
|
|
|
* Checks if packageName is a registered app for the API.
|
|
|
|
|
*
|
|
|
|
|
* @param packageName
|
|
|
|
|
* @param allowOnlySelf
|
|
|
|
|
* allow only Keychain app itself
|
|
|
|
|
* @return
|
|
|
|
|
*/
|
|
|
|
|
private boolean isPackageAllowed(String packageName, boolean allowOnlySelf) {
|
2013-06-17 10:59:27 -04:00
|
|
|
Log.d(Constants.TAG, "packageName: " + packageName);
|
|
|
|
|
|
2013-09-06 05:55:08 -04:00
|
|
|
ArrayList<String> allowedPkgs = ProviderHelper.getRegisteredApiApps(mContext);
|
2013-06-17 13:51:41 -04:00
|
|
|
Log.d(Constants.TAG, "allowed: " + allowedPkgs);
|
|
|
|
|
|
2013-06-17 10:59:27 -04:00
|
|
|
// check if package is allowed to use our service
|
2013-09-06 05:55:08 -04:00
|
|
|
if (allowedPkgs.contains(packageName) && (!allowOnlySelf)) {
|
2013-06-17 10:59:27 -04:00
|
|
|
Log.d(Constants.TAG, "Package is allowed! packageName: " + packageName);
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
} else if (Constants.PACKAGE_NAME.equals(packageName)) {
|
|
|
|
|
Log.d(Constants.TAG, "Package is OpenPGP Keychain! -> allowed!");
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2013-06-17 10:05:39 -04:00
|
|
|
private void pauseQueueAndStartServiceActivity(String action, Bundle extras) {
|
2013-06-17 09:52:09 -04:00
|
|
|
mThreadPool.pause();
|
|
|
|
|
|
|
|
|
|
Log.d(Constants.TAG, "starting activity...");
|
2013-09-06 05:55:08 -04:00
|
|
|
Intent intent = new Intent(getBaseContext(), CryptoServiceActivity.class);
|
2013-06-17 09:52:09 -04:00
|
|
|
intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
|
|
|
|
|
intent.setAction(action);
|
|
|
|
|
if (extras != null) {
|
|
|
|
|
intent.putExtras(extras);
|
|
|
|
|
}
|
|
|
|
|
getApplication().startActivity(intent);
|
2013-05-28 09:10:36 -04:00
|
|
|
|
2013-09-08 13:24:47 -04:00
|
|
|
// lock current thread for user input
|
|
|
|
|
synchronized (userInputLock) {
|
|
|
|
|
try {
|
|
|
|
|
userInputLock.wait();
|
|
|
|
|
} catch (InterruptedException e) {
|
|
|
|
|
Log.e(Constants.TAG, "CryptoService", e);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2013-05-28 09:10:36 -04:00
|
|
|
}
|
