325 lines
13 KiB
Java
325 lines
13 KiB
Java
/*
|
|
* Copyright (C) 2012-2013 Dominik Schürmann <dominik@dominikschuermann.de>
|
|
*
|
|
* This program is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
package org.sufficientlysecure.keychain.service;
|
|
|
|
import java.io.ByteArrayInputStream;
|
|
import java.io.ByteArrayOutputStream;
|
|
import java.io.IOException;
|
|
import java.io.InputStream;
|
|
import java.io.OutputStream;
|
|
import java.security.NoSuchAlgorithmException;
|
|
import java.security.NoSuchProviderException;
|
|
import java.security.SignatureException;
|
|
|
|
import org.spongycastle.openpgp.PGPException;
|
|
import org.sufficientlysecure.keychain.Constants;
|
|
import org.sufficientlysecure.keychain.Id;
|
|
import org.sufficientlysecure.keychain.helper.PgpMain;
|
|
import org.sufficientlysecure.keychain.helper.PgpMain.PgpGeneralException;
|
|
import org.sufficientlysecure.keychain.util.InputData;
|
|
import org.sufficientlysecure.keychain.util.Log;
|
|
import org.sufficientlysecure.keychain.R;
|
|
import org.sufficientlysecure.keychain.service.IKeychainApiService;
|
|
import org.sufficientlysecure.keychain.service.handler.IKeychainDecryptHandler;
|
|
import org.sufficientlysecure.keychain.service.handler.IKeychainEncryptHandler;
|
|
import org.sufficientlysecure.keychain.service.handler.IKeychainGetDecryptionKeyIdHandler;
|
|
|
|
import android.app.Service;
|
|
import android.content.Context;
|
|
import android.content.Intent;
|
|
import android.os.Bundle;
|
|
import android.os.IBinder;
|
|
import android.os.RemoteException;
|
|
|
|
public class KeychainApiService extends Service {
|
|
Context mContext;
|
|
|
|
@Override
|
|
public void onCreate() {
|
|
super.onCreate();
|
|
mContext = this;
|
|
Log.d(Constants.TAG, "KeychainApiService, onCreate()");
|
|
}
|
|
|
|
@Override
|
|
public void onDestroy() {
|
|
super.onDestroy();
|
|
Log.d(Constants.TAG, "KeychainApiService, onDestroy()");
|
|
}
|
|
|
|
@Override
|
|
public IBinder onBind(Intent intent) {
|
|
return mBinder;
|
|
}
|
|
|
|
// private static void writeToOutputStream(InputStream is, OutputStream os) throws IOException {
|
|
// byte[] buffer = new byte[8];
|
|
// int len = 0;
|
|
// while ((len = is.read(buffer)) != -1) {
|
|
// os.write(buffer, 0, len);
|
|
// }
|
|
// }
|
|
|
|
private synchronized void encryptAndSignSafe(byte[] inputBytes, String inputUri,
|
|
boolean useAsciiArmor, int compression, long[] encryptionKeyIds,
|
|
String encryptionPassphrase, int symmetricEncryptionAlgorithm, long signatureKeyId,
|
|
int signatureHashAlgorithm, boolean signatureForceV3, String signaturePassphrase,
|
|
IKeychainEncryptHandler handler) throws RemoteException {
|
|
|
|
try {
|
|
// TODO use inputUri
|
|
|
|
// InputStream inStream = null;
|
|
// if (isBlob) {
|
|
// ContentResolver cr = getContentResolver();
|
|
// try {
|
|
// inStream = cr.openInputStream(Uri.parse(pArgs.getString(arg.BLOB.name())));
|
|
// } catch (Exception e) {
|
|
// Log.e(TAG, "... exception on opening blob", e);
|
|
// }
|
|
// } else {
|
|
// inStream = new ByteArrayInputStream(pArgs.getString(arg.MESSAGE.name()).getBytes());
|
|
// }
|
|
// InputData in = new InputData(inStream, 0); // XXX Size second param?
|
|
|
|
// build InputData and write into OutputStream
|
|
InputStream inputStream = new ByteArrayInputStream(inputBytes);
|
|
long inputLength = inputBytes.length;
|
|
InputData input = new InputData(inputStream, inputLength);
|
|
|
|
OutputStream output = new ByteArrayOutputStream();
|
|
|
|
PgpMain.encryptAndSign(mContext, null, input, output, useAsciiArmor, compression,
|
|
encryptionKeyIds, encryptionPassphrase, symmetricEncryptionAlgorithm,
|
|
signatureKeyId, signatureHashAlgorithm, signatureForceV3, signaturePassphrase);
|
|
|
|
output.close();
|
|
|
|
// if (isBlob) {
|
|
// ContentResolver cr = getContentResolver();
|
|
// try {
|
|
// OutputStream outStream = cr.openOutputStream(Uri.parse(pArgs.getString(arg.BLOB
|
|
// .name())));
|
|
// writeToOutputStream(new ByteArrayInputStream(out.toString().getBytes()), outStream);
|
|
// outStream.close();
|
|
// } catch (Exception e) {
|
|
// Log.e(TAG, "... exception on writing blob", e);
|
|
// }
|
|
// } else {
|
|
// pReturn.putString(ret.RESULT.name(), out.toString());
|
|
// }
|
|
|
|
byte[] outputBytes = ((ByteArrayOutputStream) output).toByteArray();
|
|
|
|
// return over handler on client side
|
|
handler.onSuccess(outputBytes, null);
|
|
} catch (Exception e) {
|
|
Log.e(Constants.TAG, "KeychainService, Exception!", e);
|
|
|
|
try {
|
|
handler.onException(getExceptionId(e), e.getMessage());
|
|
} catch (Exception t) {
|
|
Log.e(Constants.TAG, "Error returning exception to client", t);
|
|
}
|
|
}
|
|
}
|
|
|
|
private synchronized void decryptAndVerifySafe(byte[] inputBytes, String inputUri,
|
|
String passphrase, boolean assumeSymmetric, IKeychainDecryptHandler handler)
|
|
throws RemoteException {
|
|
|
|
try {
|
|
// build InputData and write into OutputStream
|
|
InputStream inputStream = new ByteArrayInputStream(inputBytes);
|
|
long inputLength = inputBytes.length;
|
|
InputData inputData = new InputData(inputStream, inputLength);
|
|
|
|
OutputStream outputStream = new ByteArrayOutputStream();
|
|
|
|
Bundle outputBundle = PgpMain.decryptAndVerify(mContext, null, inputData, outputStream,
|
|
passphrase, assumeSymmetric);
|
|
|
|
outputStream.close();
|
|
|
|
byte[] outputBytes = ((ByteArrayOutputStream) outputStream).toByteArray();
|
|
|
|
// get signature informations from bundle
|
|
boolean signature = outputBundle.getBoolean(KeychainIntentService.RESULT_SIGNATURE);
|
|
long signatureKeyId = outputBundle
|
|
.getLong(KeychainIntentService.RESULT_SIGNATURE_KEY_ID);
|
|
String signatureUserId = outputBundle
|
|
.getString(KeychainIntentService.RESULT_SIGNATURE_USER_ID);
|
|
boolean signatureSuccess = outputBundle
|
|
.getBoolean(KeychainIntentService.RESULT_SIGNATURE_SUCCESS);
|
|
boolean signatureUnknown = outputBundle
|
|
.getBoolean(KeychainIntentService.RESULT_SIGNATURE_UNKNOWN);
|
|
|
|
// return over handler on client side
|
|
handler.onSuccess(outputBytes, null, signature, signatureKeyId, signatureUserId,
|
|
signatureSuccess, signatureUnknown);
|
|
} catch (Exception e) {
|
|
Log.e(Constants.TAG, "KeychainService, Exception!", e);
|
|
|
|
try {
|
|
handler.onException(getExceptionId(e), e.getMessage());
|
|
} catch (Exception t) {
|
|
Log.e(Constants.TAG, "Error returning exception to client", t);
|
|
}
|
|
}
|
|
}
|
|
|
|
private synchronized void getDecryptionKeySafe(byte[] inputBytes, String inputUri,
|
|
IKeychainGetDecryptionKeyIdHandler handler) {
|
|
|
|
// TODO: implement inputUri
|
|
|
|
try {
|
|
InputStream inputStream = new ByteArrayInputStream(inputBytes);
|
|
|
|
long secretKeyId = Id.key.none;
|
|
boolean symmetric;
|
|
|
|
try {
|
|
secretKeyId = PgpMain.getDecryptionKeyId(KeychainApiService.this, inputStream);
|
|
if (secretKeyId == Id.key.none) {
|
|
throw new PgpGeneralException(getString(R.string.error_noSecretKeyFound));
|
|
}
|
|
symmetric = false;
|
|
} catch (PgpMain.NoAsymmetricEncryptionException e) {
|
|
secretKeyId = Id.key.symmetric;
|
|
if (!PgpMain.hasSymmetricEncryption(KeychainApiService.this, inputStream)) {
|
|
throw new PgpGeneralException(getString(R.string.error_noKnownEncryptionFound));
|
|
}
|
|
symmetric = true;
|
|
}
|
|
|
|
handler.onSuccess(secretKeyId, symmetric);
|
|
|
|
} catch (Exception e) {
|
|
Log.e(Constants.TAG, "KeychainService, Exception!", e);
|
|
|
|
try {
|
|
handler.onException(getExceptionId(e), e.getMessage());
|
|
} catch (Exception t) {
|
|
Log.e(Constants.TAG, "Error returning exception to client", t);
|
|
}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* This is the implementation of the interface IKeychainService. All methods are oneway, meaning
|
|
* asynchronous and return to the client using IKeychainHandler.
|
|
*
|
|
* The real PGP code is located in PGPMain.
|
|
*/
|
|
private final IKeychainApiService.Stub mBinder = new IKeychainApiService.Stub() {
|
|
|
|
@Override
|
|
public void encryptAsymmetric(byte[] inputBytes, String inputUri, boolean useAsciiArmor,
|
|
int compression, long[] encryptionKeyIds, int symmetricEncryptionAlgorithm,
|
|
IKeychainEncryptHandler handler) throws RemoteException {
|
|
|
|
encryptAndSignSafe(inputBytes, inputUri, useAsciiArmor, compression, encryptionKeyIds,
|
|
null, symmetricEncryptionAlgorithm, Id.key.none, 0, false, null, handler);
|
|
}
|
|
|
|
@Override
|
|
public void encryptSymmetric(byte[] inputBytes, String inputUri, boolean useAsciiArmor,
|
|
int compression, String encryptionPassphrase, int symmetricEncryptionAlgorithm,
|
|
IKeychainEncryptHandler handler) throws RemoteException {
|
|
|
|
encryptAndSignSafe(inputBytes, inputUri, useAsciiArmor, compression, null,
|
|
encryptionPassphrase, symmetricEncryptionAlgorithm, Id.key.none, 0, false,
|
|
null, handler);
|
|
}
|
|
|
|
@Override
|
|
public void encryptAndSignAsymmetric(byte[] inputBytes, String inputUri,
|
|
boolean useAsciiArmor, int compression, long[] encryptionKeyIds,
|
|
int symmetricEncryptionAlgorithm, long signatureKeyId, int signatureHashAlgorithm,
|
|
boolean signatureForceV3, String signaturePassphrase,
|
|
IKeychainEncryptHandler handler) throws RemoteException {
|
|
|
|
encryptAndSignSafe(inputBytes, inputUri, useAsciiArmor, compression, encryptionKeyIds,
|
|
null, symmetricEncryptionAlgorithm, signatureKeyId, signatureHashAlgorithm,
|
|
signatureForceV3, signaturePassphrase, handler);
|
|
}
|
|
|
|
@Override
|
|
public void encryptAndSignSymmetric(byte[] inputBytes, String inputUri,
|
|
boolean useAsciiArmor, int compression, String encryptionPassphrase,
|
|
int symmetricEncryptionAlgorithm, long signatureKeyId, int signatureHashAlgorithm,
|
|
boolean signatureForceV3, String signaturePassphrase,
|
|
IKeychainEncryptHandler handler) throws RemoteException {
|
|
|
|
encryptAndSignSafe(inputBytes, inputUri, useAsciiArmor, compression, null,
|
|
encryptionPassphrase, symmetricEncryptionAlgorithm, signatureKeyId,
|
|
signatureHashAlgorithm, signatureForceV3, signaturePassphrase, handler);
|
|
}
|
|
|
|
@Override
|
|
public void decryptAndVerifyAsymmetric(byte[] inputBytes, String inputUri,
|
|
String keyPassphrase, IKeychainDecryptHandler handler) throws RemoteException {
|
|
|
|
decryptAndVerifySafe(inputBytes, inputUri, keyPassphrase, false, handler);
|
|
}
|
|
|
|
@Override
|
|
public void decryptAndVerifySymmetric(byte[] inputBytes, String inputUri,
|
|
String encryptionPassphrase, IKeychainDecryptHandler handler)
|
|
throws RemoteException {
|
|
|
|
decryptAndVerifySafe(inputBytes, inputUri, encryptionPassphrase, true, handler);
|
|
}
|
|
|
|
@Override
|
|
public void getDecryptionKeyId(byte[] inputBytes, String inputUri,
|
|
IKeychainGetDecryptionKeyIdHandler handler) throws RemoteException {
|
|
|
|
getDecryptionKeySafe(inputBytes, inputUri, handler);
|
|
}
|
|
|
|
};
|
|
|
|
/**
|
|
* As we can not throw an exception through Android RPC, we assign identifiers to the exception
|
|
* types.
|
|
*
|
|
* @param e
|
|
* @return
|
|
*/
|
|
private int getExceptionId(Exception e) {
|
|
if (e instanceof NoSuchProviderException) {
|
|
return 0;
|
|
} else if (e instanceof NoSuchAlgorithmException) {
|
|
return 1;
|
|
} else if (e instanceof SignatureException) {
|
|
return 2;
|
|
} else if (e instanceof IOException) {
|
|
return 3;
|
|
} else if (e instanceof PgpGeneralException) {
|
|
return 4;
|
|
} else if (e instanceof PGPException) {
|
|
return 5;
|
|
} else {
|
|
return -1;
|
|
}
|
|
}
|
|
|
|
}
|