Code formatting and package re-structuring
This commit is contained in:
parent
b89ba85313
commit
63244a113a
|
@ -105,7 +105,7 @@
|
|||
</intent-filter>
|
||||
</receiver>
|
||||
<!-- broadcast receiver for Orbots status -->
|
||||
<receiver android:name=".util.orbot.OrbotStatusReceiver">
|
||||
<receiver android:name=".network.orbot.OrbotStatusReceiver">
|
||||
<intent-filter>
|
||||
<action android:name="org.torproject.android.intent.action.STATUS"/>
|
||||
</intent-filter>
|
||||
|
|
|
@ -40,7 +40,7 @@ import org.sufficientlysecure.keychain.ui.util.FormattingUtils;
|
|||
import org.sufficientlysecure.keychain.util.Log;
|
||||
import org.sufficientlysecure.keychain.util.PRNGFixes;
|
||||
import org.sufficientlysecure.keychain.util.Preferences;
|
||||
import org.sufficientlysecure.keychain.util.TlsHelper;
|
||||
import org.sufficientlysecure.keychain.network.TlsCertificatePinning;
|
||||
|
||||
import java.security.Security;
|
||||
import java.util.HashMap;
|
||||
|
@ -114,9 +114,9 @@ public class KeychainApplication extends Application {
|
|||
// Update keyserver list as needed
|
||||
Preferences.getPreferences(this).upgradePreferences(this);
|
||||
|
||||
TlsHelper.addPinnedCertificate("hkps.pool.sks-keyservers.net", getAssets(), "hkps.pool.sks-keyservers.net.CA.cer");
|
||||
TlsHelper.addPinnedCertificate("pgp.mit.edu", getAssets(), "pgp.mit.edu.cer");
|
||||
TlsHelper.addPinnedCertificate("api.keybase.io", getAssets(), "api.keybase.io.CA.cer");
|
||||
TlsCertificatePinning.addPinnedCertificate("hkps.pool.sks-keyservers.net", getAssets(), "hkps.pool.sks-keyservers.net.CA.cer");
|
||||
TlsCertificatePinning.addPinnedCertificate("pgp.mit.edu", getAssets(), "pgp.mit.edu.cer");
|
||||
TlsCertificatePinning.addPinnedCertificate("api.keybase.io", getAssets(), "api.keybase.io.CA.cer");
|
||||
|
||||
TemporaryFileProvider.cleanUp(this);
|
||||
|
||||
|
|
|
@ -30,9 +30,9 @@ import org.sufficientlysecure.keychain.pgp.UncachedPublicKey;
|
|||
import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
|
||||
import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
|
||||
import org.sufficientlysecure.keychain.util.Log;
|
||||
import org.sufficientlysecure.keychain.util.OkHttpClientFactory;
|
||||
import org.sufficientlysecure.keychain.network.OkHttpClientFactory;
|
||||
import org.sufficientlysecure.keychain.util.ParcelableProxy;
|
||||
import org.sufficientlysecure.keychain.util.TlsHelper;
|
||||
import org.sufficientlysecure.keychain.network.TlsCertificatePinning;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.net.Proxy;
|
||||
|
@ -128,7 +128,7 @@ public class FacebookKeyserver extends Keyserver {
|
|||
throw new QueryFailedException("Cannot connect to Facebook. "
|
||||
+ "Check your Internet connection!"
|
||||
+ (proxy.getProxy() == Proxy.NO_PROXY ? "" : " Using proxy " + proxy.getProxy()));
|
||||
} catch (TlsHelper.TlsHelperException e) {
|
||||
} catch (TlsCertificatePinning.TlsCertificatePinningException e) {
|
||||
Log.e(Constants.TAG, "Exception in cert pinning", e);
|
||||
throw new QueryFailedException("Exception in cert pinning.");
|
||||
}
|
||||
|
|
|
@ -25,7 +25,7 @@ import com.textuality.keybase.lib.User;
|
|||
import org.sufficientlysecure.keychain.Constants;
|
||||
import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
|
||||
import org.sufficientlysecure.keychain.util.Log;
|
||||
import org.sufficientlysecure.keychain.util.OkHttpKeybaseClient;
|
||||
import org.sufficientlysecure.keychain.network.OkHttpKeybaseClient;
|
||||
import org.sufficientlysecure.keychain.util.ParcelableProxy;
|
||||
|
||||
import java.util.ArrayList;
|
||||
|
|
|
@ -54,9 +54,9 @@ import org.sufficientlysecure.keychain.Constants;
|
|||
import org.sufficientlysecure.keychain.pgp.PgpHelper;
|
||||
import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
|
||||
import org.sufficientlysecure.keychain.util.Log;
|
||||
import org.sufficientlysecure.keychain.util.OkHttpClientFactory;
|
||||
import org.sufficientlysecure.keychain.network.OkHttpClientFactory;
|
||||
import org.sufficientlysecure.keychain.util.ParcelableProxy;
|
||||
import org.sufficientlysecure.keychain.util.TlsHelper;
|
||||
import org.sufficientlysecure.keychain.network.TlsCertificatePinning;
|
||||
|
||||
public class ParcelableHkpKeyserver extends Keyserver implements Parcelable {
|
||||
|
||||
|
@ -228,7 +228,7 @@ public class ParcelableHkpKeyserver extends Keyserver implements Parcelable {
|
|||
Log.e(Constants.TAG, "IOException at HkpKeyserver", e);
|
||||
throw new Keyserver.QueryFailedException("Keyserver '" + mUrl + "' is unavailable. Check your Internet connection!" +
|
||||
(proxy.getProxy() == Proxy.NO_PROXY ? "" : " Using proxy " + proxy.getProxy()));
|
||||
} catch (TlsHelper.TlsHelperException e) {
|
||||
} catch (TlsCertificatePinning.TlsCertificatePinningException e) {
|
||||
Log.e(Constants.TAG, "Exception in pinning certs", e);
|
||||
throw new Keyserver.QueryFailedException("Exception in pinning certs");
|
||||
} catch (UnsupportedCharsetException e) {
|
||||
|
@ -439,7 +439,7 @@ public class ParcelableHkpKeyserver extends Keyserver implements Parcelable {
|
|||
} catch (IOException e) {
|
||||
Log.e(Constants.TAG, "IOException", e);
|
||||
throw new Keyserver.AddKeyException();
|
||||
} catch (TlsHelper.TlsHelperException e) {
|
||||
} catch (TlsCertificatePinning.TlsCertificatePinningException e) {
|
||||
Log.e(Constants.TAG, "Exception in pinning certs", e);
|
||||
throw new Keyserver.AddKeyException();
|
||||
} catch (URISyntaxException e) {
|
||||
|
|
|
@ -33,7 +33,7 @@ import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
|
|||
import org.sufficientlysecure.keychain.util.Log;
|
||||
import org.sufficientlysecure.keychain.util.ParcelableProxy;
|
||||
import org.sufficientlysecure.keychain.util.Preferences;
|
||||
import org.sufficientlysecure.keychain.util.orbot.OrbotHelper;
|
||||
import org.sufficientlysecure.keychain.network.orbot.OrbotHelper;
|
||||
|
||||
import java.util.ArrayList;
|
||||
|
||||
|
|
|
@ -33,7 +33,7 @@ import org.sufficientlysecure.keychain.operations.results.OperationResult.LogTyp
|
|||
import org.sufficientlysecure.keychain.operations.results.OperationResult.OperationLog;
|
||||
import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
|
||||
import org.sufficientlysecure.keychain.util.Log;
|
||||
import org.sufficientlysecure.keychain.util.OkHttpClientFactory;
|
||||
import org.sufficientlysecure.keychain.network.OkHttpClientFactory;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.net.MalformedURLException;
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
package org.sufficientlysecure.keychain.util;
|
||||
package org.sufficientlysecure.keychain.network;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.net.Proxy;
|
||||
|
@ -47,7 +47,7 @@ public class OkHttpClientFactory {
|
|||
}
|
||||
|
||||
public static OkHttpClient getClientPinnedIfAvailable(URL url, Proxy proxy)
|
||||
throws IOException, TlsHelper.TlsHelperException {
|
||||
throws IOException, TlsCertificatePinning.TlsCertificatePinningException {
|
||||
OkHttpClient.Builder builder = new OkHttpClient.Builder();
|
||||
|
||||
// don't follow any redirects for keyservers, as discussed in the security audit
|
||||
|
@ -66,8 +66,8 @@ public class OkHttpClientFactory {
|
|||
|
||||
// If a pinned cert is available, use it!
|
||||
// NOTE: this fails gracefully back to "no pinning" if no cert is available.
|
||||
if (url != null && TlsHelper.getPinnedSslSocketFactory(url) != null) {
|
||||
builder.sslSocketFactory(TlsHelper.getPinnedSslSocketFactory(url));
|
||||
if (url != null && TlsCertificatePinning.getPinnedSslSocketFactory(url) != null) {
|
||||
builder.sslSocketFactory(TlsCertificatePinning.getPinnedSslSocketFactory(url));
|
||||
}
|
||||
|
||||
return builder.build();
|
|
@ -15,8 +15,7 @@
|
|||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
package org.sufficientlysecure.keychain.util;
|
||||
|
||||
package org.sufficientlysecure.keychain.network;
|
||||
|
||||
import com.textuality.keybase.lib.KeybaseUrlConnectionClient;
|
||||
|
||||
|
@ -24,6 +23,7 @@ import okhttp3.OkHttpClient;
|
|||
import okhttp3.Request;
|
||||
|
||||
import org.sufficientlysecure.keychain.Constants;
|
||||
import org.sufficientlysecure.keychain.util.Log;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.net.Proxy;
|
||||
|
@ -44,7 +44,7 @@ public class OkHttpKeybaseClient implements KeybaseUrlConnectionClient {
|
|||
} else {
|
||||
client = OkHttpClientFactory.getSimpleClient();
|
||||
}
|
||||
} catch (TlsHelper.TlsHelperException e) {
|
||||
} catch (TlsCertificatePinning.TlsCertificatePinningException e) {
|
||||
Log.e(Constants.TAG, "TlsHelper failed", e);
|
||||
throw new IOException("TlsHelper failed");
|
||||
}
|
|
@ -15,11 +15,12 @@
|
|||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
package org.sufficientlysecure.keychain.util;
|
||||
package org.sufficientlysecure.keychain.network;
|
||||
|
||||
import android.content.res.AssetManager;
|
||||
|
||||
import org.sufficientlysecure.keychain.Constants;
|
||||
import org.sufficientlysecure.keychain.util.Log;
|
||||
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.io.ByteArrayOutputStream;
|
||||
|
@ -40,7 +41,7 @@ import javax.net.ssl.SSLContext;
|
|||
import javax.net.ssl.SSLSocketFactory;
|
||||
import javax.net.ssl.TrustManagerFactory;
|
||||
|
||||
public class TlsHelper {
|
||||
public class TlsCertificatePinning {
|
||||
|
||||
private static Map<String, byte[]> sPinnedCertificates = new HashMap<>();
|
||||
|
||||
|
@ -70,10 +71,10 @@ public class TlsHelper {
|
|||
* Use pinned certificate for OkHttpClient if we have one.
|
||||
*
|
||||
* @return true, if certificate is available, false if not
|
||||
* @throws TlsHelperException
|
||||
* @throws TlsCertificatePinningException
|
||||
* @throws IOException
|
||||
*/
|
||||
public static SSLSocketFactory getPinnedSslSocketFactory(URL url) throws TlsHelperException, IOException {
|
||||
public static SSLSocketFactory getPinnedSslSocketFactory(URL url) throws TlsCertificatePinningException, IOException {
|
||||
if (url.getProtocol().equals("https")) {
|
||||
// use certificate PIN from assets if we have one
|
||||
for (String host : sPinnedCertificates.keySet()) {
|
||||
|
@ -92,11 +93,11 @@ public class TlsHelper {
|
|||
* to URLs with passed certificate.
|
||||
*
|
||||
* @param certificate certificate to pin
|
||||
* @throws TlsHelperException
|
||||
* @throws TlsCertificatePinningException
|
||||
* @throws IOException
|
||||
*/
|
||||
private static SSLSocketFactory pinCertificate(byte[] certificate)
|
||||
throws TlsHelperException, IOException {
|
||||
throws TlsCertificatePinningException, IOException {
|
||||
// We don't use OkHttp's CertificatePinner since it can not be used to pin self-signed
|
||||
// certificate if such certificate is not accepted by TrustManager.
|
||||
// (Refer to note at end of description:
|
||||
|
@ -124,12 +125,12 @@ public class TlsHelper {
|
|||
|
||||
return context.getSocketFactory();
|
||||
} catch (CertificateException | KeyStoreException | KeyManagementException | NoSuchAlgorithmException e) {
|
||||
throw new TlsHelperException(e);
|
||||
throw new TlsCertificatePinningException(e);
|
||||
}
|
||||
}
|
||||
|
||||
public static class TlsHelperException extends Exception {
|
||||
public TlsHelperException(Exception e) {
|
||||
public static class TlsCertificatePinningException extends Exception {
|
||||
TlsCertificatePinningException(Exception e) {
|
||||
super(e);
|
||||
}
|
||||
}
|
|
@ -47,7 +47,7 @@
|
|||
*****
|
||||
*/
|
||||
|
||||
package org.sufficientlysecure.keychain.util.orbot;
|
||||
package org.sufficientlysecure.keychain.network.orbot;
|
||||
|
||||
import android.app.Activity;
|
||||
import android.app.ProgressDialog;
|
|
@ -13,7 +13,7 @@
|
|||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
package org.sufficientlysecure.keychain.util.orbot;
|
||||
package org.sufficientlysecure.keychain.network.orbot;
|
||||
|
||||
import android.content.BroadcastReceiver;
|
||||
import android.content.Context;
|
|
@ -50,10 +50,9 @@ import org.sufficientlysecure.keychain.util.ParcelableFileCache;
|
|||
import org.sufficientlysecure.keychain.util.ParcelableProxy;
|
||||
import org.sufficientlysecure.keychain.util.Preferences;
|
||||
import org.sufficientlysecure.keychain.util.ProgressScaler;
|
||||
import org.sufficientlysecure.keychain.util.orbot.OrbotHelper;
|
||||
import org.sufficientlysecure.keychain.network.orbot.OrbotHelper;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.net.Proxy;
|
||||
import java.util.ArrayList;
|
||||
import java.util.GregorianCalendar;
|
||||
import java.util.Iterator;
|
||||
|
|
|
@ -40,9 +40,9 @@ import org.sufficientlysecure.keychain.provider.ProviderHelper;
|
|||
import org.sufficientlysecure.keychain.service.KeybaseVerificationParcel;
|
||||
import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
|
||||
import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
|
||||
import org.sufficientlysecure.keychain.util.OkHttpKeybaseClient;
|
||||
import org.sufficientlysecure.keychain.network.OkHttpKeybaseClient;
|
||||
import org.sufficientlysecure.keychain.util.Preferences;
|
||||
import org.sufficientlysecure.keychain.util.orbot.OrbotHelper;
|
||||
import org.sufficientlysecure.keychain.network.orbot.OrbotHelper;
|
||||
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.io.InputStream;
|
||||
|
|
|
@ -45,7 +45,7 @@ import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
|
|||
import org.sufficientlysecure.keychain.util.Log;
|
||||
import org.sufficientlysecure.keychain.util.ParcelableProxy;
|
||||
import org.sufficientlysecure.keychain.util.Preferences;
|
||||
import org.sufficientlysecure.keychain.util.orbot.OrbotHelper;
|
||||
import org.sufficientlysecure.keychain.network.orbot.OrbotHelper;
|
||||
|
||||
import java.io.ByteArrayOutputStream;
|
||||
import java.io.IOException;
|
||||
|
|
|
@ -42,13 +42,15 @@ public class ECKeyFormat extends KeyFormat {
|
|||
return mECAlgorithmFormat;
|
||||
}
|
||||
|
||||
public ASN1ObjectIdentifier getCurveOID() { return mECCurveOID; }
|
||||
public ASN1ObjectIdentifier getCurveOID() {
|
||||
return mECCurveOID;
|
||||
}
|
||||
|
||||
public enum ECAlgorithmFormat {
|
||||
ECDH((byte)18, true, false),
|
||||
ECDH_WITH_PUBKEY((byte)18, true, true),
|
||||
ECDSA((byte)19, false, false),
|
||||
ECDSA_WITH_PUBKEY((byte)19, false, true);
|
||||
ECDH((byte) 18, true, false),
|
||||
ECDH_WITH_PUBKEY((byte) 18, true, true),
|
||||
ECDSA((byte) 19, false, false),
|
||||
ECDSA_WITH_PUBKEY((byte) 19, false, true);
|
||||
|
||||
private final byte mValue;
|
||||
private final boolean mIsECDH;
|
||||
|
@ -62,16 +64,24 @@ public class ECKeyFormat extends KeyFormat {
|
|||
|
||||
public static ECKeyFormat.ECAlgorithmFormat from(final byte bFirst, final byte bLast) {
|
||||
for (ECKeyFormat.ECAlgorithmFormat format : values()) {
|
||||
if (format.mValue == bFirst && ((bLast == (byte)0xff) == format.isWithPubkey())) {
|
||||
if (format.mValue == bFirst && ((bLast == (byte) 0xff) == format.isWithPubkey())) {
|
||||
return format;
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
public final byte getValue() { return mValue; }
|
||||
public final boolean isECDH() { return mIsECDH; }
|
||||
public final boolean isWithPubkey() { return mWithPubkey; }
|
||||
public final byte getValue() {
|
||||
return mValue;
|
||||
}
|
||||
|
||||
public final boolean isECDH() {
|
||||
return mIsECDH;
|
||||
}
|
||||
|
||||
public final boolean isWithPubkey() {
|
||||
return mWithPubkey;
|
||||
}
|
||||
}
|
||||
|
||||
public void addToSaveKeyringParcel(SaveKeyringParcel keyring, int keyFlags) {
|
||||
|
@ -80,7 +90,7 @@ public class ECKeyFormat extends KeyFormat {
|
|||
|
||||
SaveKeyringParcel.Algorithm algo = SaveKeyringParcel.Algorithm.ECDSA;
|
||||
if (((keyFlags & KeyFlags.ENCRYPT_COMMS) == KeyFlags.ENCRYPT_COMMS)
|
||||
|| ((keyFlags & KeyFlags.ENCRYPT_STORAGE) == KeyFlags.ENCRYPT_STORAGE)) {
|
||||
|| ((keyFlags & KeyFlags.ENCRYPT_STORAGE) == KeyFlags.ENCRYPT_STORAGE)) {
|
||||
algo = SaveKeyringParcel.Algorithm.ECDH;
|
||||
}
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.sufficientlysecure.keychain.util;
|
||||
package org.sufficientlysecure.keychain.securitytoken;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.nio.ByteBuffer;
|
|
@ -17,8 +17,6 @@
|
|||
|
||||
package org.sufficientlysecure.keychain.securitytoken;
|
||||
|
||||
import org.sufficientlysecure.keychain.util.Iso7816TLV;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
@ -108,7 +106,7 @@ public class OpenPgpCapabilities {
|
|||
private void parseExtendedCaps(byte[] v) {
|
||||
mHasSM = (v[0] & MASK_SM) != 0;
|
||||
mHasKeyImport = (v[0] & MASK_KEY_IMPORT) != 0;
|
||||
mAttriburesChangable =(v[0] & MASK_ATTRIBUTES_CHANGABLE) != 0;
|
||||
mAttriburesChangable = (v[0] & MASK_ATTRIBUTES_CHANGABLE) != 0;
|
||||
|
||||
mSMAESKeySize = (v[1] == 1) ? 16 : 32;
|
||||
|
||||
|
|
|
@ -47,10 +47,10 @@ public class RSAKeyFormat extends KeyFormat {
|
|||
}
|
||||
|
||||
public enum RSAAlgorithmFormat {
|
||||
STANDARD((byte)0, false, false),
|
||||
STANDARD_WITH_MODULUS((byte)1, false, true),
|
||||
CRT((byte)2, true, false),
|
||||
CRT_WITH_MODULUS((byte)3, true, true);
|
||||
STANDARD((byte) 0, false, false),
|
||||
STANDARD_WITH_MODULUS((byte) 1, false, true),
|
||||
CRT((byte) 2, true, false),
|
||||
CRT_WITH_MODULUS((byte) 3, true, true);
|
||||
|
||||
private byte mValue;
|
||||
private boolean mIncludeModulus;
|
||||
|
@ -71,7 +71,9 @@ public class RSAKeyFormat extends KeyFormat {
|
|||
return null;
|
||||
}
|
||||
|
||||
public byte getValue() { return mValue; }
|
||||
public byte getValue() {
|
||||
return mValue;
|
||||
}
|
||||
|
||||
public boolean isIncludeModulus() {
|
||||
return mIncludeModulus;
|
||||
|
|
|
@ -18,9 +18,7 @@
|
|||
package org.sufficientlysecure.keychain.securitytoken;
|
||||
|
||||
import android.content.Context;
|
||||
import android.content.SharedPreferences;
|
||||
import android.support.annotation.NonNull;
|
||||
import android.util.Log;
|
||||
|
||||
import org.bouncycastle.asn1.nist.NISTNamedCurves;
|
||||
import org.bouncycastle.asn1.x9.ECNamedCurveTable;
|
||||
|
@ -28,19 +26,11 @@ import org.bouncycastle.asn1.x9.X9ECParameters;
|
|||
import org.bouncycastle.math.ec.ECCurve;
|
||||
import org.bouncycastle.math.ec.ECPoint;
|
||||
import org.bouncycastle.util.Arrays;
|
||||
import org.bouncycastle.util.Iterable;
|
||||
import org.bouncycastle.util.encoders.Hex;
|
||||
import org.sufficientlysecure.keychain.ui.SettingsSmartPGPAuthoritiesActivity;
|
||||
import org.sufficientlysecure.keychain.ui.util.Notify;
|
||||
import org.sufficientlysecure.keychain.util.Iso7816TLV;
|
||||
import org.sufficientlysecure.keychain.util.Preferences;
|
||||
import org.sufficientlysecure.keychain.util.SecurityTokenUtils;
|
||||
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.io.ByteArrayOutputStream;
|
||||
import java.io.File;
|
||||
import java.io.FileInputStream;
|
||||
import java.io.FileNotFoundException;
|
||||
import java.io.IOException;
|
||||
import java.security.AlgorithmParameters;
|
||||
import java.security.InvalidAlgorithmParameterException;
|
||||
|
@ -55,7 +45,6 @@ import java.security.NoSuchAlgorithmException;
|
|||
import java.security.NoSuchProviderException;
|
||||
import java.security.PublicKey;
|
||||
import java.security.SecureRandom;
|
||||
import java.security.SignatureException;
|
||||
import java.security.cert.CertPathBuilder;
|
||||
import java.security.cert.CertPathBuilderException;
|
||||
import java.security.cert.CertStore;
|
||||
|
@ -65,7 +54,6 @@ import java.security.cert.CertificateFactory;
|
|||
import java.security.cert.CollectionCertStoreParameters;
|
||||
import java.security.cert.PKIXBuilderParameters;
|
||||
import java.security.cert.PKIXCertPathBuilderResult;
|
||||
import java.security.cert.TrustAnchor;
|
||||
import java.security.cert.X509CertSelector;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.security.interfaces.ECPrivateKey;
|
||||
|
@ -75,10 +63,6 @@ import java.security.spec.ECParameterSpec;
|
|||
import java.security.spec.InvalidKeySpecException;
|
||||
import java.security.spec.InvalidParameterSpecException;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Enumeration;
|
||||
import java.util.HashSet;
|
||||
import java.util.Iterator;
|
||||
import java.util.Set;
|
||||
|
||||
import javax.crypto.BadPaddingException;
|
||||
import javax.crypto.Cipher;
|
||||
|
@ -89,7 +73,6 @@ import javax.crypto.NoSuchPaddingException;
|
|||
import javax.crypto.SecretKey;
|
||||
import javax.crypto.spec.IvParameterSpec;
|
||||
import javax.crypto.spec.SecretKeySpec;
|
||||
import javax.net.ssl.TrustManagerFactory;
|
||||
import javax.smartcardio.CommandAPDU;
|
||||
import javax.smartcardio.ResponseAPDU;
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* Copyright (C) 2016 Nikita Mikhailov <nikita.s.mikhailov@gmail.com>
|
||||
* Copyright (C) 2013-2015 Dominik Schürmann <dominik@dominikschuermann.de>
|
||||
* Copyright (C) 2013-2017 Dominik Schürmann <dominik@dominikschuermann.de>
|
||||
* Copyright (C) 2015 Vincent Breitmoser <v.breitmoser@mugenguild.com>
|
||||
* Copyright (C) 2013-2014 Signe Rüsch
|
||||
* Copyright (C) 2013-2014 Philipp Jakubeit
|
||||
|
@ -48,11 +48,10 @@ import javax.crypto.NoSuchPaddingException;
|
|||
import javax.crypto.spec.SecretKeySpec;
|
||||
import javax.smartcardio.CommandAPDU;
|
||||
import javax.smartcardio.ResponseAPDU;
|
||||
|
||||
import org.sufficientlysecure.keychain.securitytoken.usb.UsbTransportException;
|
||||
import org.sufficientlysecure.keychain.util.Iso7816TLV;
|
||||
import org.sufficientlysecure.keychain.util.Log;
|
||||
import org.sufficientlysecure.keychain.util.Passphrase;
|
||||
import org.sufficientlysecure.keychain.util.SecurityTokenUtils;
|
||||
|
||||
import java.io.ByteArrayOutputStream;
|
||||
import java.io.IOException;
|
||||
|
@ -101,7 +100,7 @@ public class SecurityTokenHelper {
|
|||
private boolean mPw1ValidatedForDecrypt; // Mode 82 does other things; consider renaming?
|
||||
private boolean mPw3Validated;
|
||||
|
||||
protected SecurityTokenHelper() {
|
||||
private SecurityTokenHelper() {
|
||||
}
|
||||
|
||||
public static double parseOpenPgpVersion(final byte[] aid) {
|
||||
|
@ -169,12 +168,14 @@ public class SecurityTokenHelper {
|
|||
private boolean isSlotEmpty(KeyType keyType) throws IOException {
|
||||
// Note: special case: This should not happen, but happens with
|
||||
// https://github.com/FluffyKaon/OpenPGP-Card, thus for now assume true
|
||||
if (getKeyFingerprint(keyType) == null) return true;
|
||||
if (getKeyFingerprint(keyType) == null) {
|
||||
return true;
|
||||
}
|
||||
|
||||
return keyMatchesFingerPrint(keyType, BLANK_FINGERPRINT);
|
||||
}
|
||||
|
||||
public boolean keyMatchesFingerPrint(KeyType keyType, byte[] fingerprint) throws IOException {
|
||||
private boolean keyMatchesFingerPrint(KeyType keyType, byte[] fingerprint) throws IOException {
|
||||
return java.util.Arrays.equals(getKeyFingerprint(keyType), fingerprint);
|
||||
}
|
||||
|
||||
|
@ -208,7 +209,7 @@ public class SecurityTokenHelper {
|
|||
if (mOpenPgpCapabilities.isHasSM()) {
|
||||
try {
|
||||
SCP11bSecureMessaging.establish(this, ctx);
|
||||
} catch(SecureMessagingException e) {
|
||||
} catch (SecureMessagingException e) {
|
||||
mSecureMessaging = null;
|
||||
Log.e(Constants.TAG, "failed to establish secure messaging", e);
|
||||
}
|
||||
|
@ -276,7 +277,7 @@ public class SecurityTokenHelper {
|
|||
byte[] data;
|
||||
int pLen = 0;
|
||||
|
||||
X9ECParameters x9Params = null;
|
||||
X9ECParameters x9Params;
|
||||
|
||||
switch (kf.keyFormatType()) {
|
||||
case RSAKeyFormatType:
|
||||
|
@ -292,7 +293,7 @@ public class SecurityTokenHelper {
|
|||
|
||||
System.arraycopy(encryptedSessionKey, 2, data, 0, pLen);
|
||||
|
||||
final ECKeyFormat eckf = (ECKeyFormat)kf;
|
||||
final ECKeyFormat eckf = (ECKeyFormat) kf;
|
||||
x9Params = NISTNamedCurves.getByOID(eckf.getCurveOID());
|
||||
|
||||
final ECPoint p = x9Params.getCurve().decodePoint(data);
|
||||
|
@ -303,15 +304,15 @@ public class SecurityTokenHelper {
|
|||
data = p.getEncoded(false);
|
||||
data = Arrays.concatenate(
|
||||
Hex.decode("86"),
|
||||
new byte[]{ (byte)data.length },
|
||||
new byte[]{(byte) data.length},
|
||||
data);
|
||||
data = Arrays.concatenate(
|
||||
Hex.decode("7F49"),
|
||||
new byte[] { (byte)data.length },
|
||||
new byte[]{(byte) data.length},
|
||||
data);
|
||||
data = Arrays.concatenate(
|
||||
Hex.decode("A6"),
|
||||
new byte[] { (byte)data.length },
|
||||
new byte[]{(byte) data.length},
|
||||
data);
|
||||
break;
|
||||
|
||||
|
@ -353,7 +354,7 @@ public class SecurityTokenHelper {
|
|||
try {
|
||||
final MessageDigest kdf = MessageDigest.getInstance(MessageDigestUtils.getDigestName(publicKey.getSecurityTokenHashAlgorithm()));
|
||||
|
||||
kdf.update(new byte[]{ (byte)0, (byte)0, (byte)0, (byte)1 });
|
||||
kdf.update(new byte[]{(byte) 0, (byte) 0, (byte) 0, (byte) 1});
|
||||
kdf.update(data);
|
||||
kdf.update(publicKey.createUserKeyingMaterial(fingerprintCalculator));
|
||||
|
||||
|
@ -364,7 +365,7 @@ public class SecurityTokenHelper {
|
|||
|
||||
final Key paddedSessionKey = c.unwrap(keyEnc, "Session", Cipher.SECRET_KEY);
|
||||
|
||||
Arrays.fill(kek, (byte)0);
|
||||
Arrays.fill(kek, (byte) 0);
|
||||
|
||||
return PGPPad.unpadSessionData(paddedSessionKey.getEncoded());
|
||||
} catch (NoSuchAlgorithmException e) {
|
||||
|
@ -443,7 +444,7 @@ public class SecurityTokenHelper {
|
|||
|
||||
|
||||
private void setKeyAttributes(final KeyType slot, final CanonicalizedSecretKey secretKey)
|
||||
throws IOException {
|
||||
throws IOException {
|
||||
|
||||
if (mOpenPgpCapabilities.isAttributesChangable()) {
|
||||
int tag;
|
||||
|
@ -619,10 +620,10 @@ public class SecurityTokenHelper {
|
|||
}
|
||||
dsi = Arrays.concatenate(Hex.decode(
|
||||
"3021" // Tag/Length of Sequence, the 0x21 includes all following 33 bytes
|
||||
+ "3009" // Tag/Length of Sequence, the 0x09 are the following header bytes
|
||||
+ "0605" + "2B0E03021A" // OID of SHA1
|
||||
+ "0500" // TLV coding of ZERO
|
||||
+ "0414"), hash); // 0x14 are 20 hash bytes
|
||||
+ "3009" // Tag/Length of Sequence, the 0x09 are the following header bytes
|
||||
+ "0605" + "2B0E03021A" // OID of SHA1
|
||||
+ "0500" // TLV coding of ZERO
|
||||
+ "0414"), hash); // 0x14 are 20 hash bytes
|
||||
break;
|
||||
case HashAlgorithmTags.RIPEMD160:
|
||||
if (hash.length != 20) {
|
||||
|
@ -700,13 +701,13 @@ public class SecurityTokenHelper {
|
|||
}
|
||||
final byte[] br = new byte[signature.length / 2];
|
||||
final byte[] bs = new byte[signature.length / 2];
|
||||
for(int i = 0; i < br.length; ++i) {
|
||||
for (int i = 0; i < br.length; ++i) {
|
||||
br[i] = signature[i];
|
||||
bs[i] = signature[br.length + i];
|
||||
}
|
||||
final ByteArrayOutputStream baos = new ByteArrayOutputStream();
|
||||
ASN1OutputStream out = new ASN1OutputStream(baos);
|
||||
out.writeObject(new DERSequence(new ASN1Encodable[] { new ASN1Integer(br), new ASN1Integer(bs) }));
|
||||
out.writeObject(new DERSequence(new ASN1Encodable[]{new ASN1Integer(br), new ASN1Integer(bs)}));
|
||||
out.flush();
|
||||
signature = baos.toByteArray();
|
||||
break;
|
||||
|
@ -720,6 +721,7 @@ public class SecurityTokenHelper {
|
|||
* Transceives APDU
|
||||
* Splits extended APDU into short APDUs and chains them if necessary
|
||||
* Performs GET RESPONSE command(ISO/IEC 7816-4 par.7.6.1) on retrieving if necessary
|
||||
*
|
||||
* @param apdu short or extended APDU to transceive
|
||||
* @return response from the card
|
||||
* @throws IOException
|
||||
|
@ -730,7 +732,7 @@ public class SecurityTokenHelper {
|
|||
apdu = mSecureMessaging.encryptAndSign(apdu);
|
||||
} catch (SecureMessagingException e) {
|
||||
clearSecureMessaging();
|
||||
throw new IOException("secure messaging encrypt/sign failure : " + e. getMessage());
|
||||
throw new IOException("secure messaging encrypt/sign failure : " + e.getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -787,7 +789,7 @@ public class SecurityTokenHelper {
|
|||
lastResponse = mSecureMessaging.verifyAndDecrypt(lastResponse);
|
||||
} catch (SecureMessagingException e) {
|
||||
clearSecureMessaging();
|
||||
throw new IOException("secure messaging verify/decrypt failure : " + e. getMessage());
|
||||
throw new IOException("secure messaging verify/decrypt failure : " + e.getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -923,7 +925,7 @@ public class SecurityTokenHelper {
|
|||
return mTransport != null &&
|
||||
mTransport.isPersistentConnectionAllowed() &&
|
||||
(mSecureMessaging == null ||
|
||||
!mSecureMessaging.isEstablished());
|
||||
!mSecureMessaging.isEstablished());
|
||||
}
|
||||
|
||||
public boolean isConnected() {
|
||||
|
@ -931,7 +933,7 @@ public class SecurityTokenHelper {
|
|||
}
|
||||
|
||||
public void clearSecureMessaging() {
|
||||
if(mSecureMessaging != null) {
|
||||
if (mSecureMessaging != null) {
|
||||
mSecureMessaging.clearSession();
|
||||
}
|
||||
mSecureMessaging = null;
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
package org.sufficientlysecure.keychain.util;
|
||||
package org.sufficientlysecure.keychain.securitytoken;
|
||||
|
||||
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
|
||||
import org.bouncycastle.util.Arrays;
|
||||
|
@ -41,11 +41,11 @@ public class SecurityTokenUtils {
|
|||
final byte[] attrs = new byte[6];
|
||||
int i = 0;
|
||||
|
||||
attrs[i++] = (byte)0x01;
|
||||
attrs[i++] = (byte)((mModulusLength >> 8) & 0xff);
|
||||
attrs[i++] = (byte)(mModulusLength & 0xff);
|
||||
attrs[i++] = (byte)((mExponentLength >> 8) & 0xff);
|
||||
attrs[i++] = (byte)(mExponentLength & 0xff);
|
||||
attrs[i++] = (byte) 0x01;
|
||||
attrs[i++] = (byte) ((mModulusLength >> 8) & 0xff);
|
||||
attrs[i++] = (byte) (mModulusLength & 0xff);
|
||||
attrs[i++] = (byte) ((mExponentLength >> 8) & 0xff);
|
||||
attrs[i++] = (byte) (mExponentLength & 0xff);
|
||||
attrs[i++] = RSAKeyFormat.RSAAlgorithmFormat.CRT_WITH_MODULUS.getValue();
|
||||
|
||||
return attrs;
|
||||
|
@ -61,7 +61,7 @@ public class SecurityTokenUtils {
|
|||
|
||||
System.arraycopy(oid, 2, attrs, 1, (oid.length - 2));
|
||||
|
||||
attrs[attrs.length - 1] = (byte)0xff;
|
||||
attrs[attrs.length - 1] = (byte) 0xff;
|
||||
|
||||
return attrs;
|
||||
} else {
|
||||
|
@ -143,7 +143,7 @@ public class SecurityTokenUtils {
|
|||
data = new ByteArrayOutputStream(),
|
||||
res = new ByteArrayOutputStream();
|
||||
|
||||
final int csize = (int)Math.ceil(publicKey.getParams().getCurve().getField().getFieldSize() / 8.0);
|
||||
final int csize = (int) Math.ceil(publicKey.getParams().getCurve().getField().getFieldSize() / 8.0);
|
||||
|
||||
writeBits(data, secretKey.getS(), csize);
|
||||
template.write(Hex.decode("92"));
|
||||
|
@ -222,7 +222,7 @@ public class SecurityTokenUtils {
|
|||
final byte[] prime = value.toByteArray();
|
||||
int skip = 0;
|
||||
|
||||
while((skip < prime.length) && (prime[skip] == 0)) ++skip;
|
||||
while ((skip < prime.length) && (prime[skip] == 0)) ++skip;
|
||||
|
||||
if ((prime.length - skip) > width) {
|
||||
throw new IllegalArgumentException("not enough width to fit value: "
|
||||
|
@ -232,8 +232,8 @@ public class SecurityTokenUtils {
|
|||
byte[] res = new byte[width];
|
||||
|
||||
System.arraycopy(prime, skip,
|
||||
res, width - (prime.length - skip),
|
||||
prime.length - skip);
|
||||
res, width - (prime.length - skip),
|
||||
prime.length - skip);
|
||||
|
||||
stream.write(res, 0, width);
|
||||
Arrays.fill(res, (byte) 0);
|
|
@ -15,7 +15,7 @@
|
|||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
package org.sufficientlysecure.keychain.util;
|
||||
package org.sufficientlysecure.keychain.securitytoken;
|
||||
|
||||
import android.app.Activity;
|
||||
import android.content.BroadcastReceiver;
|
||||
|
@ -27,6 +27,7 @@ import android.hardware.usb.UsbManager;
|
|||
|
||||
import org.sufficientlysecure.keychain.Constants;
|
||||
import org.sufficientlysecure.keychain.ui.UsbEventReceiverActivity;
|
||||
import org.sufficientlysecure.keychain.util.Log;
|
||||
|
||||
public class UsbConnectionDispatcher {
|
||||
private Activity mActivity;
|
|
@ -44,7 +44,7 @@ import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
|
|||
import org.sufficientlysecure.keychain.util.Log;
|
||||
import org.sufficientlysecure.keychain.util.ParcelableProxy;
|
||||
import org.sufficientlysecure.keychain.util.Preferences;
|
||||
import org.sufficientlysecure.keychain.util.orbot.OrbotHelper;
|
||||
import org.sufficientlysecure.keychain.network.orbot.OrbotHelper;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.GregorianCalendar;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (C) 2015 Dominik Schürmann <dominik@dominikschuermann.de>
|
||||
* Copyright (C) 2016 Dominik Schürmann <dominik@dominikschuermann.de>
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
|
@ -35,15 +35,12 @@ import org.sufficientlysecure.keychain.securitytoken.KeyFormat;
|
|||
import org.sufficientlysecure.keychain.securitytoken.SecurityTokenHelper;
|
||||
import org.sufficientlysecure.keychain.ui.CreateKeyActivity.FragAction;
|
||||
import org.sufficientlysecure.keychain.util.Choice;
|
||||
import org.sufficientlysecure.keychain.util.Log;
|
||||
import org.sufficientlysecure.keychain.util.SecurityTokenUtils;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
public class CreateSecurityTokenAlgorithmFragment extends Fragment {
|
||||
|
||||
|
||||
public enum SupportedKeyType {
|
||||
RSA_2048, RSA_3072, RSA_4096, ECC_P256, ECC_P384, ECC_P521
|
||||
}
|
||||
|
@ -57,7 +54,6 @@ public class CreateSecurityTokenAlgorithmFragment extends Fragment {
|
|||
private Spinner mDecKeySpinner;
|
||||
private Spinner mAuthKeySpinner;
|
||||
|
||||
|
||||
/**
|
||||
* Creates new instance of this fragment
|
||||
*/
|
||||
|
@ -75,8 +71,8 @@ public class CreateSecurityTokenAlgorithmFragment extends Fragment {
|
|||
final FragmentActivity context = getActivity();
|
||||
View view = inflater.inflate(R.layout.create_yubi_key_algorithm_fragment, container, false);
|
||||
|
||||
mBackButton = (TextView) view.findViewById(R.id.create_key_back_button);
|
||||
mNextButton = (TextView) view.findViewById(R.id.create_key_next_button);
|
||||
mBackButton = view.findViewById(R.id.create_key_back_button);
|
||||
mNextButton = view.findViewById(R.id.create_key_next_button);
|
||||
|
||||
mBackButton.setOnClickListener(new View.OnClickListener() {
|
||||
@Override
|
||||
|
@ -154,19 +150,17 @@ public class CreateSecurityTokenAlgorithmFragment extends Fragment {
|
|||
}
|
||||
|
||||
private void nextClicked() {
|
||||
mCreateKeyActivity.mSecurityTokenSign = KeyFormat.fromCreationKeyType(((Choice<SupportedKeyType>)mSignKeySpinner.getSelectedItem()).getId(), false);
|
||||
mCreateKeyActivity.mSecurityTokenDec = KeyFormat.fromCreationKeyType(((Choice<SupportedKeyType>)mDecKeySpinner.getSelectedItem()).getId(), true);
|
||||
mCreateKeyActivity.mSecurityTokenAuth = KeyFormat.fromCreationKeyType(((Choice<SupportedKeyType>)mAuthKeySpinner.getSelectedItem()).getId(), false);
|
||||
mCreateKeyActivity.mSecurityTokenSign = KeyFormat.fromCreationKeyType(((Choice<SupportedKeyType>) mSignKeySpinner.getSelectedItem()).getId(), false);
|
||||
mCreateKeyActivity.mSecurityTokenDec = KeyFormat.fromCreationKeyType(((Choice<SupportedKeyType>) mDecKeySpinner.getSelectedItem()).getId(), true);
|
||||
mCreateKeyActivity.mSecurityTokenAuth = KeyFormat.fromCreationKeyType(((Choice<SupportedKeyType>) mAuthKeySpinner.getSelectedItem()).getId(), false);
|
||||
|
||||
CreateKeyFinalFragment frag = CreateKeyFinalFragment.newInstance();
|
||||
mCreateKeyActivity.loadFragment(frag, FragAction.TO_RIGHT);
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
private class TwoLineArrayAdapter extends ArrayAdapter<Choice<SupportedKeyType>> {
|
||||
public TwoLineArrayAdapter(Context context, int resource, List<Choice<SupportedKeyType>> objects) {
|
||||
TwoLineArrayAdapter(Context context, int resource, List<Choice<SupportedKeyType>> objects) {
|
||||
super(context, resource, objects);
|
||||
}
|
||||
|
||||
|
|
|
@ -52,7 +52,7 @@ import org.sufficientlysecure.keychain.ui.util.PermissionsUtil;
|
|||
import org.sufficientlysecure.keychain.util.ParcelableProxy;
|
||||
import org.sufficientlysecure.keychain.util.Preferences;
|
||||
import org.sufficientlysecure.keychain.util.Preferences.CloudSearchPrefs;
|
||||
import org.sufficientlysecure.keychain.util.orbot.OrbotHelper;
|
||||
import org.sufficientlysecure.keychain.network.orbot.OrbotHelper;
|
||||
|
||||
import java.util.ArrayList;
|
||||
|
||||
|
|
|
@ -35,7 +35,7 @@ import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
|
|||
import org.sufficientlysecure.keychain.ui.util.ThemeChanger;
|
||||
import org.sufficientlysecure.keychain.util.Log;
|
||||
import org.sufficientlysecure.keychain.util.ParcelableProxy;
|
||||
import org.sufficientlysecure.keychain.util.orbot.OrbotHelper;
|
||||
import org.sufficientlysecure.keychain.network.orbot.OrbotHelper;
|
||||
|
||||
/**
|
||||
* Simply encapsulates a dialog. If orbot is not installed, it shows an install dialog, else a
|
||||
|
|
|
@ -56,7 +56,7 @@ import org.sufficientlysecure.keychain.ui.util.ThemeChanger;
|
|||
import org.sufficientlysecure.keychain.keyimport.ParcelableHkpKeyserver;
|
||||
import org.sufficientlysecure.keychain.util.Log;
|
||||
import org.sufficientlysecure.keychain.util.Preferences;
|
||||
import org.sufficientlysecure.keychain.util.orbot.OrbotHelper;
|
||||
import org.sufficientlysecure.keychain.network.orbot.OrbotHelper;
|
||||
|
||||
import java.security.KeyStore;
|
||||
import java.security.KeyStoreException;
|
||||
|
|
|
@ -53,10 +53,10 @@ import org.sufficientlysecure.keychain.ui.base.CryptoOperationHelper;
|
|||
import org.sufficientlysecure.keychain.ui.base.LoaderFragment;
|
||||
import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
|
||||
import org.sufficientlysecure.keychain.util.Log;
|
||||
import org.sufficientlysecure.keychain.util.OkHttpKeybaseClient;
|
||||
import org.sufficientlysecure.keychain.network.OkHttpKeybaseClient;
|
||||
import org.sufficientlysecure.keychain.util.ParcelableProxy;
|
||||
import org.sufficientlysecure.keychain.util.Preferences;
|
||||
import org.sufficientlysecure.keychain.util.orbot.OrbotHelper;
|
||||
import org.sufficientlysecure.keychain.network.orbot.OrbotHelper;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Hashtable;
|
||||
|
|
|
@ -46,7 +46,7 @@ import org.sufficientlysecure.keychain.securitytoken.CardException;
|
|||
import org.sufficientlysecure.keychain.securitytoken.NfcTransport;
|
||||
import org.sufficientlysecure.keychain.securitytoken.SecurityTokenHelper;
|
||||
import org.sufficientlysecure.keychain.securitytoken.Transport;
|
||||
import org.sufficientlysecure.keychain.util.UsbConnectionDispatcher;
|
||||
import org.sufficientlysecure.keychain.securitytoken.UsbConnectionDispatcher;
|
||||
import org.sufficientlysecure.keychain.securitytoken.usb.UsbTransport;
|
||||
import org.sufficientlysecure.keychain.ui.CreateKeyActivity;
|
||||
import org.sufficientlysecure.keychain.ui.PassphraseDialogActivity;
|
||||
|
|
|
@ -48,11 +48,11 @@ import org.sufficientlysecure.keychain.Constants;
|
|||
import org.sufficientlysecure.keychain.R;
|
||||
import org.sufficientlysecure.keychain.keyimport.ParcelableHkpKeyserver;
|
||||
import org.sufficientlysecure.keychain.util.Log;
|
||||
import org.sufficientlysecure.keychain.util.OkHttpClientFactory;
|
||||
import org.sufficientlysecure.keychain.network.OkHttpClientFactory;
|
||||
import org.sufficientlysecure.keychain.util.ParcelableProxy;
|
||||
import org.sufficientlysecure.keychain.util.Preferences;
|
||||
import org.sufficientlysecure.keychain.util.TlsHelper;
|
||||
import org.sufficientlysecure.keychain.util.orbot.OrbotHelper;
|
||||
import org.sufficientlysecure.keychain.network.TlsCertificatePinning;
|
||||
import org.sufficientlysecure.keychain.network.orbot.OrbotHelper;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.net.MalformedURLException;
|
||||
|
@ -367,7 +367,7 @@ public class AddEditKeyserverDialogFragment extends DialogFragment implements On
|
|||
|
||||
// check TLS pinning only for non-Tor keyservers
|
||||
if (onlyTrustedKeyserver
|
||||
&& TlsHelper.getPinnedSslSocketFactory(keyserverUriHttp.toURL()) == null) {
|
||||
&& TlsCertificatePinning.getPinnedSslSocketFactory(keyserverUriHttp.toURL()) == null) {
|
||||
Log.w(Constants.TAG, "No pinned certificate for this host in OpenKeychain's assets.");
|
||||
reason = VerifyReturn.NO_PINNED_CERTIFICATE;
|
||||
return reason;
|
||||
|
@ -385,7 +385,7 @@ public class AddEditKeyserverDialogFragment extends DialogFragment implements On
|
|||
keyserverUriOnion.toURL(), proxy.getProxy());
|
||||
clientTor.newCall(new Request.Builder().url(keyserverUriOnion.toURL()).build()).execute();
|
||||
}
|
||||
} catch (TlsHelper.TlsHelperException e) {
|
||||
} catch (TlsCertificatePinning.TlsCertificatePinningException e) {
|
||||
reason = VerifyReturn.CONNECTION_FAILED;
|
||||
} catch (MalformedURLException | URISyntaxException e) {
|
||||
Log.w(Constants.TAG, "Invalid keyserver URL entered by user.");
|
||||
|
|
|
@ -36,7 +36,7 @@ import org.sufficientlysecure.keychain.Constants;
|
|||
import org.sufficientlysecure.keychain.R;
|
||||
import org.sufficientlysecure.keychain.ui.util.ThemeChanger;
|
||||
import org.sufficientlysecure.keychain.util.Log;
|
||||
import org.sufficientlysecure.keychain.util.orbot.OrbotHelper;
|
||||
import org.sufficientlysecure.keychain.network.orbot.OrbotHelper;
|
||||
|
||||
/**
|
||||
* displays a dialog asking the user to enable Tor
|
||||
|
|
|
@ -38,6 +38,7 @@ import org.sufficientlysecure.keychain.R;
|
|||
import org.sufficientlysecure.keychain.provider.KeychainContract;
|
||||
import org.sufficientlysecure.keychain.provider.ProviderHelper;
|
||||
import org.sufficientlysecure.keychain.ui.util.Notify;
|
||||
import org.sufficientlysecure.keychain.util.Log;
|
||||
|
||||
import java.lang.ref.WeakReference;
|
||||
|
||||
|
|
|
@ -13,20 +13,19 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.sufficientlysecure.keychain.util;
|
||||
package org.sufficientlysecure.keychain.securitytoken;
|
||||
|
||||
import org.junit.Assert;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.robolectric.RobolectricGradleTestRunner;
|
||||
import org.robolectric.RobolectricTestRunner;
|
||||
import org.robolectric.annotation.Config;
|
||||
import org.robolectric.shadows.ShadowLog;
|
||||
import org.bouncycastle.util.encoders.Hex;
|
||||
import org.sufficientlysecure.keychain.BuildConfig;
|
||||
import org.sufficientlysecure.keychain.WorkaroundBuildConfig;
|
||||
import org.sufficientlysecure.keychain.util.Iso7816TLV.Iso7816CompositeTLV;
|
||||
import org.sufficientlysecure.keychain.securitytoken.Iso7816TLV;
|
||||
import org.sufficientlysecure.keychain.securitytoken.Iso7816TLV.Iso7816CompositeTLV;
|
||||
|
||||
@RunWith(RobolectricGradleTestRunner.class)
|
||||
@Config(constants = WorkaroundBuildConfig.class, sdk = 23, manifest = "src/main/AndroidManifest.xml")
|
|
@ -30,7 +30,6 @@ import org.robolectric.annotation.Config;
|
|||
import org.robolectric.shadows.ShadowLog;
|
||||
import org.sufficientlysecure.keychain.WorkaroundBuildConfig;
|
||||
import org.sufficientlysecure.keychain.securitytoken.usb.UsbTransportException;
|
||||
import org.sufficientlysecure.keychain.util.SecurityTokenUtils;
|
||||
|
||||
import java.io.ByteArrayOutputStream;
|
||||
import java.io.IOException;
|
||||
|
|
Loading…
Reference in a new issue