/*
- * Copyright © 2018 Soren Stoutner <soren@stoutner.com>.
+ * Copyright © 2018-2021 Soren Stoutner <soren@stoutner.com>.
*
* This file is part of Privacy Browser <https://www.stoutner.com/privacy-browser>.
*
package com.stoutner.privacybrowser.activities;
-import android.Manifest;
import android.app.Activity;
-import android.app.DialogFragment;
import android.content.Intent;
+import android.content.SharedPreferences;
import android.content.pm.PackageManager;
import android.net.Uri;
-import android.os.Build;
import android.os.Bundle;
-import android.os.Environment;
-import android.provider.DocumentsContract;
-import android.support.annotation.NonNull;
-import android.support.design.widget.Snackbar;
-import android.support.v4.app.ActivityCompat;
-import android.support.v4.content.ContextCompat;
-import android.support.v7.app.ActionBar;
-import android.support.v7.app.AppCompatActivity;
-import android.support.v7.widget.Toolbar;
+import android.os.Handler;
+import android.preference.PreferenceManager;
import android.text.Editable;
import android.text.TextWatcher;
import android.view.View;
import android.view.WindowManager;
+import android.widget.AdapterView;
+import android.widget.ArrayAdapter;
import android.widget.Button;
import android.widget.EditText;
+import android.widget.LinearLayout;
+import android.widget.RadioButton;
+import android.widget.Spinner;
import android.widget.TextView;
+import androidx.annotation.NonNull;
+import androidx.appcompat.app.ActionBar;
+import androidx.appcompat.app.AppCompatActivity;
+import androidx.appcompat.widget.Toolbar;
+import androidx.cardview.widget.CardView;
+import androidx.core.content.FileProvider;
+
+import com.google.android.material.snackbar.Snackbar;
+import com.google.android.material.textfield.TextInputLayout;
+
+import com.stoutner.privacybrowser.BuildConfig;
import com.stoutner.privacybrowser.R;
-import com.stoutner.privacybrowser.dialogs.ImportExportStoragePermissionDialog;
import com.stoutner.privacybrowser.helpers.ImportExportDatabaseHelper;
import java.io.File;
-
-public class ImportExportActivity extends AppCompatActivity implements ImportExportStoragePermissionDialog.ImportExportStoragePermissionDialogListener {
- private final static int EXPORT_FILE_PICKER_REQUEST_CODE = 1;
- private final static int IMPORT_FILE_PICKER_REQUEST_CODE = 2;
- private final static int EXPORT_REQUEST_CODE = 3;
- private final static int IMPORT_REQUEST_CODE = 4;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.nio.charset.StandardCharsets;
+import java.security.MessageDigest;
+import java.security.SecureRandom;
+import java.util.Arrays;
+
+import javax.crypto.Cipher;
+import javax.crypto.CipherInputStream;
+import javax.crypto.CipherOutputStream;
+import javax.crypto.spec.GCMParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+
+public class ImportExportActivity extends AppCompatActivity {
+ // Define the encryption constants.
+ private final int NO_ENCRYPTION = 0;
+ private final int PASSWORD_ENCRYPTION = 1;
+ private final int OPENPGP_ENCRYPTION = 2;
+
+ // Define the activity result constants.
+ private final int BROWSE_RESULT_CODE = 0;
+ private final int OPENPGP_IMPORT_RESULT_CODE = 1;
+ private final int OPENPGP_EXPORT_RESULT_CODE = 2;
+
+ // Define the saved instance state constants.
+ private final String ENCRYPTION_PASSWORD_TEXTINPUTLAYOUT_VISIBILITY = "encryption_password_textinputlayout_visibility";
+ private final String KITKAT_PASSWORD_ENCRYPTED_TEXTVIEW_VISIBILITY = "kitkat_password_encrypted_textview_visibility";
+ private final String OPEN_KEYCHAIN_REQUIRED_TEXTVIEW_VISIBILITY = "open_keychain_required_textview_visibility";
+ private final String FILE_LOCATION_CARD_VIEW = "file_location_card_view";
+ private final String FILE_NAME_LINEARLAYOUT_VISIBILITY = "file_name_linearlayout_visibility";
+ private final String OPEN_KEYCHAIN_IMPORT_INSTRUCTIONS_TEXTVIEW_VISIBILITY = "open_keychain_import_instructions_textview_visibility";
+ private final String IMPORT_EXPORT_BUTTON_VISIBILITY = "import_export_button_visibility";
+ private final String FILE_NAME_TEXT = "file_name_text";
+ private final String IMPORT_EXPORT_BUTTON_TEXT = "import_export_button_text";
+
+ // Define the class views.
+ Spinner encryptionSpinner;
+ TextInputLayout encryptionPasswordTextInputLayout;
+ EditText encryptionPasswordEditText;
+ TextView kitKatPasswordEncryptionTextView;
+ TextView openKeychainRequiredTextView;
+ CardView fileLocationCardView;
+ RadioButton importRadioButton;
+ LinearLayout fileNameLinearLayout;
+ EditText fileNameEditText;
+ TextView openKeychainImportInstructionsTextView;
+ Button importExportButton;
+
+ // Define the class variables.
+ private boolean openKeychainInstalled;
+ private File temporaryPgpEncryptedImportFile;
+ private File temporaryPreEncryptedExportFile;
@Override
public void onCreate(Bundle savedInstanceState) {
+ // Get a handle for the shared preferences.
+ SharedPreferences sharedPreferences = PreferenceManager.getDefaultSharedPreferences(this);
+
+ // Get the preferences.
+ boolean allowScreenshots = sharedPreferences.getBoolean(getString(R.string.allow_screenshots_key), false);
+ boolean bottomAppBar = sharedPreferences.getBoolean(getString(R.string.bottom_app_bar_key), false);
+
// Disable screenshots if not allowed.
- if (!MainWebViewActivity.allowScreenshots) {
+ if (!allowScreenshots) {
getWindow().addFlags(WindowManager.LayoutParams.FLAG_SECURE);
}
- // Set the activity theme.
- if (MainWebViewActivity.darkTheme) {
- setTheme(R.style.PrivacyBrowserDark_SecondaryActivity);
- } else {
- setTheme(R.style.PrivacyBrowserLight_SecondaryActivity);
- }
+ // Set the theme.
+ setTheme(R.style.PrivacyBrowser);
// Run the default commands.
super.onCreate(savedInstanceState);
// Set the content view.
- setContentView(R.layout.import_export_coordinatorlayout);
+ if (bottomAppBar) {
+ setContentView(R.layout.import_export_bottom_appbar);
+ } else {
+ setContentView(R.layout.import_export_top_appbar);
+ }
+
+ // Get a handle for the toolbar.
+ Toolbar toolbar = findViewById(R.id.import_export_toolbar);
+
+ // Set the support action bar.
+ setSupportActionBar(toolbar);
- // Use the `SupportActionBar` from `android.support.v7.app.ActionBar` until the minimum API is >= 21.
- Toolbar importExportAppBar = findViewById(R.id.import_export_toolbar);
- setSupportActionBar(importExportAppBar);
+ // Get a handle for the action bar.
+ ActionBar actionBar = getSupportActionBar();
+
+ // Remove the incorrect lint warning that the action bar might be null.
+ assert actionBar != null;
// Display the home arrow on the support action bar.
- ActionBar appBar = getSupportActionBar();
- assert appBar != null;// This assert removes the incorrect warning in Android Studio on the following line that `appBar` might be null.
- appBar.setDisplayHomeAsUpEnabled(true);
+ actionBar.setDisplayHomeAsUpEnabled(true);
+
+ // Find out if OpenKeychain is installed.
+ try {
+ openKeychainInstalled = !getPackageManager().getPackageInfo("org.sufficientlysecure.keychain", 0).versionName.isEmpty();
+ } catch (PackageManager.NameNotFoundException exception) {
+ openKeychainInstalled = false;
+ }
// Get handles for the views that need to be modified.
- EditText exportFileEditText = findViewById(R.id.export_file_edittext);
- Button exportButton = findViewById(R.id.export_button);
- EditText importFileEditText = findViewById(R.id.import_file_edittext);
- Button importButton = findViewById(R.id.import_button);
- TextView storagePermissionTextView = findViewById(R.id.import_export_storage_permission_textview);
-
- // Initially disable the buttons.
- exportButton.setEnabled(false);
- importButton.setEnabled(false);
-
- // Enable the export button when the export file EditText isn't empty.
- exportFileEditText.addTextChangedListener(new TextWatcher() {
+ encryptionSpinner = findViewById(R.id.encryption_spinner);
+ encryptionPasswordTextInputLayout = findViewById(R.id.encryption_password_textinputlayout);
+ encryptionPasswordEditText = findViewById(R.id.encryption_password_edittext);
+ openKeychainRequiredTextView = findViewById(R.id.openkeychain_required_textview);
+ fileLocationCardView = findViewById(R.id.file_location_cardview);
+ importRadioButton = findViewById(R.id.import_radiobutton);
+ RadioButton exportRadioButton = findViewById(R.id.export_radiobutton);
+ fileNameLinearLayout = findViewById(R.id.file_name_linearlayout);
+ fileNameEditText = findViewById(R.id.file_name_edittext);
+ openKeychainImportInstructionsTextView = findViewById(R.id.openkeychain_import_instructions_textview);
+ importExportButton = findViewById(R.id.import_export_button);
+
+ // Create an array adapter for the spinner.
+ ArrayAdapter<CharSequence> encryptionArrayAdapter = ArrayAdapter.createFromResource(this, R.array.encryption_type, R.layout.spinner_item);
+
+ // Set the drop down view resource on the spinner.
+ encryptionArrayAdapter.setDropDownViewResource(R.layout.spinner_dropdown_items);
+
+ // Set the array adapter for the spinner.
+ encryptionSpinner.setAdapter(encryptionArrayAdapter);
+
+ // Update the UI when the spinner changes.
+ encryptionSpinner.setOnItemSelectedListener(new AdapterView.OnItemSelectedListener() {
+ @Override
+ public void onItemSelected(AdapterView<?> parent, View view, int position, long id) {
+ switch (position) {
+ case NO_ENCRYPTION:
+ // Hide the unneeded layout items.
+ encryptionPasswordTextInputLayout.setVisibility(View.GONE);
+ kitKatPasswordEncryptionTextView.setVisibility(View.GONE);
+ openKeychainRequiredTextView.setVisibility(View.GONE);
+ openKeychainImportInstructionsTextView.setVisibility(View.GONE);
+
+ // Show the file location card.
+ fileLocationCardView.setVisibility(View.VISIBLE);
+
+ // Show the file name linear layout if either import or export is checked.
+ if (importRadioButton.isChecked() || exportRadioButton.isChecked()) {
+ fileNameLinearLayout.setVisibility(View.VISIBLE);
+ }
+
+ // Reset the text of the import button, which may have been changed to `Decrypt`.
+ if (importRadioButton.isChecked()) {
+ importExportButton.setText(R.string.import_button);
+ }
+
+ // Enable the import/export button if the file name is populated.
+ importExportButton.setEnabled(!fileNameEditText.getText().toString().isEmpty());
+ break;
+
+ case PASSWORD_ENCRYPTION:
+ // Hide the OpenPGP layout items.
+ openKeychainRequiredTextView.setVisibility(View.GONE);
+ openKeychainImportInstructionsTextView.setVisibility(View.GONE);
+
+ // Show the password encryption layout items.
+ encryptionPasswordTextInputLayout.setVisibility(View.VISIBLE);
+
+ // Show the file location card.
+ fileLocationCardView.setVisibility(View.VISIBLE);
+
+ // Show the file name linear layout if either import or export is checked.
+ if (importRadioButton.isChecked() || exportRadioButton.isChecked()) {
+ fileNameLinearLayout.setVisibility(View.VISIBLE);
+ }
+
+ // Reset the text of the import button, which may have been changed to `Decrypt`.
+ if (importRadioButton.isChecked()) {
+ importExportButton.setText(R.string.import_button);
+ }
+
+ // Enable the import/button if both the password and the file name are populated.
+ importExportButton.setEnabled(!fileNameEditText.getText().toString().isEmpty() && !encryptionPasswordEditText.getText().toString().isEmpty());
+ break;
+
+ case OPENPGP_ENCRYPTION:
+ // Hide the password encryption layout items.
+ encryptionPasswordTextInputLayout.setVisibility(View.GONE);
+ kitKatPasswordEncryptionTextView.setVisibility(View.GONE);
+
+ // Updated items based on the installation status of OpenKeychain.
+ if (openKeychainInstalled) { // OpenKeychain is installed.
+ // Show the file location card.
+ fileLocationCardView.setVisibility(View.VISIBLE);
+
+ if (importRadioButton.isChecked()) {
+ // Show the file name linear layout and the OpenKeychain import instructions.
+ fileNameLinearLayout.setVisibility(View.VISIBLE);
+ openKeychainImportInstructionsTextView.setVisibility(View.VISIBLE);
+
+ // Set the text of the import button to be `Decrypt`.
+ importExportButton.setText(R.string.decrypt);
+
+ // Enable the import button if the file name is populated.
+ importExportButton.setEnabled(!fileNameEditText.getText().toString().isEmpty());
+ } else if (exportRadioButton.isChecked()) {
+ // Hide the file name linear layout and the OpenKeychain import instructions.
+ fileNameLinearLayout.setVisibility(View.GONE);
+ openKeychainImportInstructionsTextView.setVisibility(View.GONE);
+
+ // Enable the export button.
+ importExportButton.setEnabled(true);
+ }
+ } else { // OpenKeychain is not installed.
+ // Show the OpenPGP required layout item.
+ openKeychainRequiredTextView.setVisibility(View.VISIBLE);
+
+ // Hide the file location card.
+ fileLocationCardView.setVisibility(View.GONE);
+ }
+ break;
+ }
+ }
+
+ @Override
+ public void onNothingSelected(AdapterView<?> parent) {
+
+ }
+ });
+
+ // Update the status of the import/export button when the password changes.
+ encryptionPasswordEditText.addTextChangedListener(new TextWatcher() {
@Override
public void beforeTextChanged(CharSequence s, int start, int count, int after) {
// Do nothing.
@Override
public void afterTextChanged(Editable s) {
- exportButton.setEnabled(!exportFileEditText.getText().toString().isEmpty());
+ // Enable the import/export button if both the file string and the password are populated.
+ importExportButton.setEnabled(!fileNameEditText.getText().toString().isEmpty() && !encryptionPasswordEditText.getText().toString().isEmpty());
}
});
- // Enable the import button when the export file EditText isn't empty.
- importFileEditText.addTextChangedListener(new TextWatcher() {
+ // Update the UI when the file name EditText changes.
+ fileNameEditText.addTextChangedListener(new TextWatcher() {
@Override
public void beforeTextChanged(CharSequence s, int start, int count, int after) {
// Do nothing.
@Override
public void afterTextChanged(Editable s) {
- importButton.setEnabled(!importFileEditText.getText().toString().isEmpty());
+ // Adjust the UI according to the encryption spinner position.
+ if (encryptionSpinner.getSelectedItemPosition() == PASSWORD_ENCRYPTION) {
+ // Enable the import/export button if both the file name and the password are populated.
+ importExportButton.setEnabled(!fileNameEditText.getText().toString().isEmpty() && !encryptionPasswordEditText.getText().toString().isEmpty());
+ } else {
+ // Enable the export button if the file name is populated.
+ importExportButton.setEnabled(!fileNameEditText.getText().toString().isEmpty());
+ }
}
});
- // Set the default download file path if the storage permission has not been granted.
- if (ContextCompat.checkSelfPermission(this, Manifest.permission.WRITE_EXTERNAL_STORAGE) == PackageManager.PERMISSION_DENIED) {
- // Create a string for the external private path.
- String EXTERNAL_PRIVATE_PATH = getApplicationContext().getExternalFilesDir(Environment.DIRECTORY_DOCUMENTS) + "/Privacy Browser Backup";
-
- // Set the default path.
- exportFileEditText.setText(EXTERNAL_PRIVATE_PATH);
- importFileEditText.setText(EXTERNAL_PRIVATE_PATH);
- }
-
- // Hide the storage permissions TextView on API < 23 as permissions on older devices are automatically granted.
- if (Build.VERSION.SDK_INT < 23) {
- storagePermissionTextView.setVisibility(View.GONE);
+ // Check to see if the activity has been restarted.
+ if (savedInstanceState == null) { // The app has not been restarted.
+ // Initially hide the unneeded views.
+ encryptionPasswordTextInputLayout.setVisibility(View.GONE);
+ kitKatPasswordEncryptionTextView.setVisibility(View.GONE);
+ openKeychainRequiredTextView.setVisibility(View.GONE);
+ fileNameLinearLayout.setVisibility(View.GONE);
+ openKeychainImportInstructionsTextView.setVisibility(View.GONE);
+ importExportButton.setVisibility(View.GONE);
+ } else { // The app has been restarted.
+ // Restore the visibility of the views.
+ encryptionPasswordTextInputLayout.setVisibility(savedInstanceState.getInt(ENCRYPTION_PASSWORD_TEXTINPUTLAYOUT_VISIBILITY));
+ kitKatPasswordEncryptionTextView.setVisibility(savedInstanceState.getInt(KITKAT_PASSWORD_ENCRYPTED_TEXTVIEW_VISIBILITY));
+ openKeychainRequiredTextView.setVisibility(savedInstanceState.getInt(OPEN_KEYCHAIN_REQUIRED_TEXTVIEW_VISIBILITY));
+ fileLocationCardView.setVisibility(savedInstanceState.getInt(FILE_LOCATION_CARD_VIEW));
+ fileNameLinearLayout.setVisibility(savedInstanceState.getInt(FILE_NAME_LINEARLAYOUT_VISIBILITY));
+ openKeychainImportInstructionsTextView.setVisibility(savedInstanceState.getInt(OPEN_KEYCHAIN_IMPORT_INSTRUCTIONS_TEXTVIEW_VISIBILITY));
+ importExportButton.setVisibility(savedInstanceState.getInt(IMPORT_EXPORT_BUTTON_VISIBILITY));
+
+ // Restore the text.
+ fileNameEditText.post(() -> fileNameEditText.setText(savedInstanceState.getString(FILE_NAME_TEXT)));
+ importExportButton.setText(savedInstanceState.getString(IMPORT_EXPORT_BUTTON_TEXT));
}
}
- public void exportBrowse(View view) {
- // Create the file picker intent.
- Intent intent = new Intent(Intent.ACTION_CREATE_DOCUMENT);
+ @Override
+ public void onSaveInstanceState (@NonNull Bundle savedInstanceState) {
+ // Run the default commands.
+ super.onSaveInstanceState(savedInstanceState);
+
+ // Save the visibility of the views.
+ savedInstanceState.putInt(ENCRYPTION_PASSWORD_TEXTINPUTLAYOUT_VISIBILITY, encryptionPasswordTextInputLayout.getVisibility());
+ savedInstanceState.putInt(KITKAT_PASSWORD_ENCRYPTED_TEXTVIEW_VISIBILITY, kitKatPasswordEncryptionTextView.getVisibility());
+ savedInstanceState.putInt(OPEN_KEYCHAIN_REQUIRED_TEXTVIEW_VISIBILITY, openKeychainRequiredTextView.getVisibility());
+ savedInstanceState.putInt(FILE_LOCATION_CARD_VIEW, fileLocationCardView.getVisibility());
+ savedInstanceState.putInt(FILE_NAME_LINEARLAYOUT_VISIBILITY, fileNameLinearLayout.getVisibility());
+ savedInstanceState.putInt(OPEN_KEYCHAIN_IMPORT_INSTRUCTIONS_TEXTVIEW_VISIBILITY, openKeychainImportInstructionsTextView.getVisibility());
+ savedInstanceState.putInt(IMPORT_EXPORT_BUTTON_VISIBILITY, importExportButton.getVisibility());
+
+ // Save the text.
+ savedInstanceState.putString(FILE_NAME_TEXT, fileNameEditText.getText().toString());
+ savedInstanceState.putString(IMPORT_EXPORT_BUTTON_TEXT, importExportButton.getText().toString());
+ }
- // Set the intent MIME type to include all files.
- intent.setType("*/*");
+ public void onClickRadioButton(View view) {
+ // Get the current file name.
+ String fileNameString = fileNameEditText.getText().toString();
- // Set the initial export file name.
- intent.putExtra(Intent.EXTRA_TITLE, getString(R.string.privacy_browser_backup));
+ // Convert the file name string to a file.
+ File file = new File(fileNameString);
- // Set the initial directory if API >= 26.
- if (Build.VERSION.SDK_INT >= 26) {
- intent.putExtra(DocumentsContract.EXTRA_INITIAL_URI, Environment.getExternalStorageDirectory());
- }
+ // Check to see if import or export was selected.
+ if (view.getId() == R.id.import_radiobutton) { // The import radio button is selected.
+ // Check to see if OpenPGP encryption is selected.
+ if (encryptionSpinner.getSelectedItemPosition() == OPENPGP_ENCRYPTION) { // OpenPGP encryption selected.
+ // Show the OpenKeychain import instructions.
+ openKeychainImportInstructionsTextView.setVisibility(View.VISIBLE);
- // Specify that a file that can be opened is requested.
- intent.addCategory(Intent.CATEGORY_OPENABLE);
+ // Set the text on the import/export button to be `Decrypt`.
+ importExportButton.setText(R.string.decrypt);
+ } else { // OpenPGP encryption not selected.
+ // Hide the OpenKeychain import instructions.
+ openKeychainImportInstructionsTextView.setVisibility(View.GONE);
- // Launch the file picker.
- startActivityForResult(intent, EXPORT_FILE_PICKER_REQUEST_CODE);
- }
+ // Set the text on the import/export button to be `Import`.
+ importExportButton.setText(R.string.import_button);
+ }
- public void onClickExport(View view) {
- // Check to see if the storage permission has been granted.
- if (ContextCompat.checkSelfPermission(this, Manifest.permission.WRITE_EXTERNAL_STORAGE) == PackageManager.PERMISSION_GRANTED) { // Storage permission granted.
- // Export the settings.
- exportSettings();
- } else { // Storage permission not granted.
- // Get a handle for the export file EditText.
- EditText exportFileEditText = findViewById(R.id.export_file_edittext);
-
- // Get the export file string.
- String exportFileString = exportFileEditText.getText().toString();
-
- // Get the external private directory `File`.
- File externalPrivateDirectoryFile = getApplicationContext().getExternalFilesDir(null);
-
- // Remove the lint error below that the `File` might be null.
- assert externalPrivateDirectoryFile != null;
-
- // Get the external private directory string.
- String externalPrivateDirectory = externalPrivateDirectoryFile.toString();
-
- // Check to see if the export file path is in the external private directory.
- if (exportFileString.startsWith(externalPrivateDirectory)) { // The export path is in the external private directory.
- // Export the settings.
- exportSettings();
- } else { // The export path is in a public directory.
- // Check if the user has previously denied the storage permission.
- if (ActivityCompat.shouldShowRequestPermissionRationale(this, Manifest.permission.WRITE_EXTERNAL_STORAGE)) { // Show a dialog explaining the request first.
- // Instantiate the storage permission alert dialog and set the type to EXPORT_SETTINGS.
- DialogFragment importExportStoragePermissionDialogFragment = ImportExportStoragePermissionDialog.type(ImportExportStoragePermissionDialog.EXPORT_SETTINGS);
-
- // Show the storage permission alert dialog. The permission will be requested when the dialog is closed.
- importExportStoragePermissionDialogFragment.show(getFragmentManager(), getString(R.string.storage_permission));
- } else { // Show the permission request directly.
- // Request the storage permission. The export will be run when it finishes.
- ActivityCompat.requestPermissions(this, new String[] {Manifest.permission.WRITE_EXTERNAL_STORAGE}, EXPORT_REQUEST_CODE);
+ // Display the file name views.
+ fileNameLinearLayout.setVisibility(View.VISIBLE);
+ importExportButton.setVisibility(View.VISIBLE);
+
+ // Check to see if the file exists.
+ if (file.exists()) { // The file exists.
+ // Check to see if password encryption is selected.
+ if (encryptionSpinner.getSelectedItemPosition() == PASSWORD_ENCRYPTION) { // Password encryption is selected.
+ // Enable the import button if the encryption password is populated.
+ importExportButton.setEnabled(!encryptionPasswordEditText.getText().toString().isEmpty());
+ } else { // Password encryption is not selected.
+ // Enable the import/decrypt button.
+ importExportButton.setEnabled(true);
+ }
+ } else { // The file does not exist.
+ // Disable the import/decrypt button.
+ importExportButton.setEnabled(false);
+ }
+ } else { // The export radio button is selected.
+ // Hide the OpenKeychain import instructions.
+ openKeychainImportInstructionsTextView.setVisibility(View.GONE);
+
+ // Set the text on the import/export button to be `Export`.
+ importExportButton.setText(R.string.export);
+
+ // Show the import/export button.
+ importExportButton.setVisibility(View.VISIBLE);
+
+ // Check to see if OpenPGP encryption is selected.
+ if (encryptionSpinner.getSelectedItemPosition() == OPENPGP_ENCRYPTION) { // OpenPGP encryption is selected.
+ // Hide the file name views.
+ fileNameLinearLayout.setVisibility(View.GONE);
+
+ // Enable the export button.
+ importExportButton.setEnabled(true);
+ } else { // OpenPGP encryption is not selected.
+ // Show the file name view.
+ fileNameLinearLayout.setVisibility(View.VISIBLE);
+
+ // Check the encryption type.
+ if (encryptionSpinner.getSelectedItemPosition() == NO_ENCRYPTION) { // No encryption is selected.
+ // Enable the export button if the file name is populated.
+ importExportButton.setEnabled(!fileNameString.isEmpty());
+ } else { // Password encryption is selected.
+ // Enable the export button if the file name and the password are populated.
+ importExportButton.setEnabled(!fileNameString.isEmpty() && !encryptionPasswordEditText.getText().toString().isEmpty());
}
}
}
}
- public void importBrowse(View view) {
- // Create the file picker intent.
- Intent intent = new Intent(Intent.ACTION_OPEN_DOCUMENT);
+ public void browse(View view) {
+ // Check to see if import or export is selected.
+ if (importRadioButton.isChecked()) { // Import is selected.
+ // Create the file picker intent.
+ Intent importBrowseIntent = new Intent(Intent.ACTION_OPEN_DOCUMENT);
- // Set the intent MIME type to include all files.
- intent.setType("*/*");
+ // Set the intent MIME type to include all files so that everything is visible.
+ importBrowseIntent.setType("*/*");
- // Set the initial directory if API >= 26.
- if (Build.VERSION.SDK_INT >= 26) {
- intent.putExtra(DocumentsContract.EXTRA_INITIAL_URI, Environment.getExternalStorageDirectory());
- }
+ // Request a file that can be opened.
+ importBrowseIntent.addCategory(Intent.CATEGORY_OPENABLE);
- // Specify that a file that can be opened is requested.
- intent.addCategory(Intent.CATEGORY_OPENABLE);
+ // Launch the file picker.
+ startActivityForResult(importBrowseIntent, BROWSE_RESULT_CODE);
+ } else { // Export is selected
+ // Create the file picker intent.
+ Intent exportBrowseIntent = new Intent(Intent.ACTION_CREATE_DOCUMENT);
- // Launch the file picker.
- startActivityForResult(intent, IMPORT_FILE_PICKER_REQUEST_CODE);
- }
+ // Set the intent MIME type to include all files so that everything is visible.
+ exportBrowseIntent.setType("*/*");
- public void onClickImport(View view) {
- // Check to see if the storage permission has been granted.
- if (ContextCompat.checkSelfPermission(this, Manifest.permission.READ_EXTERNAL_STORAGE) == PackageManager.PERMISSION_GRANTED) { // Storage permission granted.
- // Import the settings.
- importSettings();
- } else { // Storage permission not granted.
- // Get a handle for the import file EditText.
- EditText importFileEditText = findViewById(R.id.import_file_edittext);
-
- // Get the import file string.
- String importFileString = importFileEditText.getText().toString();
-
- // Get the external private directory `File`.
- File externalPrivateDirectoryFile = getApplicationContext().getExternalFilesDir(null);
-
- // Remove the lint error below that `File` might be null.
- assert externalPrivateDirectoryFile != null;
-
- // Get the external private directory string.
- String externalPrivateDirectory = externalPrivateDirectoryFile.toString();
-
- // Check to see if the import file path is in the external private directory.
- if (importFileString.startsWith(externalPrivateDirectory)) { // The import path is in the external private directory.
- // Import the settings.
- importSettings();
- } else { // The import path is in a public directory.
- // Check if the user has previously denied the storage permission.
- if (ActivityCompat.shouldShowRequestPermissionRationale(this, Manifest.permission.READ_EXTERNAL_STORAGE)) { // Show a dialog explaining the request first.
- // Instantiate the storage permission alert dialog and set the type to IMPORT_SETTINGS.
- DialogFragment importExportStoragePermissionDialogFragment = ImportExportStoragePermissionDialog.type(ImportExportStoragePermissionDialog.IMPORT_SETTINGS);
-
- // Show the storage permission alert dialog. The permission will be requested when the dialog is closed.
- importExportStoragePermissionDialogFragment.show(getFragmentManager(), getString(R.string.storage_permission));
- } else { // Show the permission request directly.
- // Request the storage permission. The export will be run when it finishes.
- ActivityCompat.requestPermissions(this, new String[] {Manifest.permission.READ_EXTERNAL_STORAGE}, IMPORT_REQUEST_CODE);
- }
+ // Set the initial export file name according to the encryption type.
+ if (encryptionSpinner.getSelectedItemPosition() == NO_ENCRYPTION) { // No encryption is selected.
+ exportBrowseIntent.putExtra(Intent.EXTRA_TITLE, getString(R.string.settings) + " " + BuildConfig.VERSION_NAME + ".pbs");
+ } else { // Password encryption is selected.
+ exportBrowseIntent.putExtra(Intent.EXTRA_TITLE, getString(R.string.settings) + " " + BuildConfig.VERSION_NAME + ".pbs.aes");
}
+
+ // Request a file that can be opened.
+ exportBrowseIntent.addCategory(Intent.CATEGORY_OPENABLE);
+
+ // Launch the file picker.
+ startActivityForResult(exportBrowseIntent, BROWSE_RESULT_CODE);
}
}
@Override
- public void onActivityResult(int requestCode, int resultCode, Intent data) {
- // Don't do anything if the user pressed back from the file picker.
- if (resultCode == Activity.RESULT_OK) {
- // Run the commands for the specific request code.
- switch (requestCode) {
- case EXPORT_FILE_PICKER_REQUEST_CODE:
- // Get a handle for the export file EditText.
- EditText exportFileEditText = findViewById(R.id.export_file_edittext);
-
- // Get the selected export file.
- Uri exportUri = data.getData();
-
- // Remove the lint warning that the export URI might be null.
- assert exportUri != null;
-
- // Get the raw export path.
- String rawExportPath = exportUri.getPath();
-
- // Remove the warning that the raw export path might be null.
- assert rawExportPath != null;
-
- // Check to see if the rawExportPath includes a valid storage location.
- if (rawExportPath.contains(":")) { // The path is valid.
- // Split the path into the initial content uri and the path information.
- String exportContentPath = rawExportPath.substring(0, rawExportPath.indexOf(":"));
- String exportFilePath = rawExportPath.substring(rawExportPath.indexOf(":") + 1);
-
- // Create the export path string.
- String exportPath;
-
- // Construct the export path.
- switch (exportContentPath) {
- // The documents home has a special content path.
- case "/document/home":
- exportPath = Environment.getExternalStoragePublicDirectory(Environment.DIRECTORY_DOCUMENTS) + "/" + exportFilePath;
- break;
-
- // Everything else for the primary user should be in `/document/primary`.
- case "/document/primary":
- exportPath = Environment.getExternalStorageDirectory() + "/" + exportFilePath;
- break;
-
- // Just in case, catch everything else and place it in the external storage directory.
- default:
- exportPath = Environment.getExternalStorageDirectory() + "/" + exportFilePath;
- break;
- }
+ public void onActivityResult(int requestCode, int resultCode, Intent returnedIntent) {
+ // Run the default commands.
+ super.onActivityResult(requestCode, resultCode, returnedIntent);
+
+ switch (requestCode) {
+ case (BROWSE_RESULT_CODE):
+ // Only do something if the user didn't press back from the file picker.
+ if (resultCode == Activity.RESULT_OK) {
+ // Get the file path URI from the intent.
+ Uri fileNameUri = returnedIntent.getData();
+
+ // Get the file name string from the URI.
+ String fileNameString = fileNameUri.toString();
+
+ // Set the file name name text.
+ fileNameEditText.setText(fileNameString);
+
+ // Move the cursor to the end of the file name edit text.
+ fileNameEditText.setSelection(fileNameString.length());
+ }
+ break;
+
+ case OPENPGP_IMPORT_RESULT_CODE:
+ // Delete the temporary PGP encrypted import file.
+ if (temporaryPgpEncryptedImportFile.exists()) {
+ //noinspection ResultOfMethodCallIgnored
+ temporaryPgpEncryptedImportFile.delete();
+ }
+ break;
+
+ case OPENPGP_EXPORT_RESULT_CODE:
+ // Delete the temporary pre-encrypted export file if it exists.
+ if (temporaryPreEncryptedExportFile.exists()) {
+ //noinspection ResultOfMethodCallIgnored
+ temporaryPreEncryptedExportFile.delete();
+ }
+ break;
+ }
+ }
- // Set the export file URI as the text for the export file EditText.
- exportFileEditText.setText(exportPath);
- } else { // The path is invalid.
- Snackbar.make(exportFileEditText, rawExportPath + " + " + getString(R.string.invalid_location), Snackbar.LENGTH_INDEFINITE).show();
+ public void importExport(View view) {
+ // Instantiate the import export database helper.
+ ImportExportDatabaseHelper importExportDatabaseHelper = new ImportExportDatabaseHelper();
+
+ // Check to see if import or export is selected.
+ if (importRadioButton.isChecked()) { // Import is selected.
+ // Initialize the import status string
+ String importStatus = "";
+
+ // Get the file name string.
+ String fileNameString = fileNameEditText.getText().toString();
+
+ // Import according to the encryption type.
+ switch (encryptionSpinner.getSelectedItemPosition()) {
+ case NO_ENCRYPTION:
+ try {
+ // Get an input stream for the file name.
+ InputStream inputStream = getContentResolver().openInputStream(Uri.parse(fileNameString));
+
+ // Import the unencrypted file.
+ importStatus = importExportDatabaseHelper.importUnencrypted(inputStream, this);
+ } catch (FileNotFoundException exception) {
+ // Update the import status.
+ importStatus = exception.toString();
+ }
+
+ // Restart Privacy Browser if successful.
+ if (importStatus.equals(ImportExportDatabaseHelper.IMPORT_SUCCESSFUL)) {
+ restartPrivacyBrowser();
}
break;
- case IMPORT_FILE_PICKER_REQUEST_CODE:
- // Get a handle for the import file EditText.
- EditText importFileEditText = findViewById(R.id.import_file_edittext);
+ case PASSWORD_ENCRYPTION:
+ try {
+ // Get the encryption password.
+ String encryptionPasswordString = encryptionPasswordEditText.getText().toString();
+
+ // Get an input stream for the file name.
+ InputStream inputStream = getContentResolver().openInputStream(Uri.parse(fileNameString));
+
+ // Get the salt from the beginning of the import file.
+ byte[] saltByteArray = new byte[32];
+ //noinspection ResultOfMethodCallIgnored
+ inputStream.read(saltByteArray);
- // Get the selected import file.
- Uri importUri = data.getData();
+ // Get the initialization vector from the import file.
+ byte[] initializationVector = new byte[12];
+ //noinspection ResultOfMethodCallIgnored
+ inputStream.read(initializationVector);
- // Remove the lint warning that the import URI might be null.
- assert importUri != null;
+ // Convert the encryption password to a byte array.
+ byte[] encryptionPasswordByteArray = encryptionPasswordString.getBytes(StandardCharsets.UTF_8);
- // Get the raw import path.
- String rawImportPath = importUri.getPath();
+ // Append the salt to the encryption password byte array. This protects against rainbow table attacks.
+ byte[] encryptionPasswordWithSaltByteArray = new byte[encryptionPasswordByteArray.length + saltByteArray.length];
+ System.arraycopy(encryptionPasswordByteArray, 0, encryptionPasswordWithSaltByteArray, 0, encryptionPasswordByteArray.length);
+ System.arraycopy(saltByteArray, 0, encryptionPasswordWithSaltByteArray, encryptionPasswordByteArray.length, saltByteArray.length);
- // Remove the warning that the raw import path might be null.
- assert rawImportPath != null;
+ // Get a SHA-512 message digest.
+ MessageDigest messageDigest = MessageDigest.getInstance("SHA-512");
- // Check to see if the rawExportPath includes a valid storage location.
- if (rawImportPath.contains(":")) { // The path is valid.
- // Split the path into the initial content uri and the path information.
- String importContentPath = rawImportPath.substring(0, rawImportPath.indexOf(":"));
- String importFilePath = rawImportPath.substring(rawImportPath.indexOf(":") + 1);
+ // Hash the salted encryption password. Otherwise, any characters after the 32nd character in the password are ignored.
+ byte[] hashedEncryptionPasswordWithSaltByteArray = messageDigest.digest(encryptionPasswordWithSaltByteArray);
- // Create the export path string.
- String importPath;
+ // Truncate the encryption password byte array to 256 bits (32 bytes).
+ byte[] truncatedHashedEncryptionPasswordWithSaltByteArray = Arrays.copyOf(hashedEncryptionPasswordWithSaltByteArray, 32);
- // Construct the export path.
- switch (importContentPath) {
- // The documents folder has a special content path.
- case "/document/home":
- importPath = Environment.getExternalStoragePublicDirectory(Environment.DIRECTORY_DOCUMENTS) + "/" + importFilePath;
- break;
+ // Create an AES secret key from the encryption password byte array.
+ SecretKeySpec secretKey = new SecretKeySpec(truncatedHashedEncryptionPasswordWithSaltByteArray, "AES");
- // Everything else for the primary user should be in `/document/primary`.
- case "/document/primary":
- importPath = Environment.getExternalStorageDirectory() + "/" + importFilePath;
- break;
+ // Get a Advanced Encryption Standard, Galois/Counter Mode, No Padding cipher instance. Galois/Counter mode protects against modification of the ciphertext. It doesn't use padding.
+ Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
- // Just in case, catch everything else and place it in the external storage directory.
- default:
- importPath = Environment.getExternalStorageDirectory() + "/" + importFilePath;
- break;
+ // Set the GCM tag length to be 128 bits (the maximum) and apply the initialization vector.
+ GCMParameterSpec gcmParameterSpec = new GCMParameterSpec(128, initializationVector);
+
+ // Initialize the cipher.
+ cipher.init(Cipher.DECRYPT_MODE, secretKey, gcmParameterSpec);
+
+ // Create a cipher input stream.
+ CipherInputStream cipherInputStream = new CipherInputStream(inputStream, cipher);
+
+ // Initialize variables to store data as it is moved from the cipher input stream to the unencrypted import file output stream. Move 128 bits (16 bytes) at a time.
+ int numberOfBytesRead;
+ byte[] decryptedBytes = new byte[16];
+
+
+ // Create a private temporary unencrypted import file.
+ File temporaryUnencryptedImportFile = File.createTempFile("temporary_unencrypted_import_file", null, getApplicationContext().getCacheDir());
+
+ // Create an temporary unencrypted import file output stream.
+ FileOutputStream temporaryUnencryptedImportFileOutputStream = new FileOutputStream(temporaryUnencryptedImportFile);
+
+
+ // Read up to 128 bits (16 bytes) of data from the cipher input stream. `-1` will be returned when the end fo the file is reached.
+ while ((numberOfBytesRead = cipherInputStream.read(decryptedBytes)) != -1) {
+ // Write the data to the temporary unencrypted import file output stream.
+ temporaryUnencryptedImportFileOutputStream.write(decryptedBytes, 0, numberOfBytesRead);
}
- // Set the export file URI as the text for the export file EditText.
- importFileEditText.setText(importPath);
- } else { // The path is invalid.
- Snackbar.make(importFileEditText, rawImportPath + " + " + getString(R.string.invalid_location), Snackbar.LENGTH_INDEFINITE).show();
+
+ // Flush the temporary unencrypted import file output stream.
+ temporaryUnencryptedImportFileOutputStream.flush();
+
+ // Close the streams.
+ temporaryUnencryptedImportFileOutputStream.close();
+ cipherInputStream.close();
+ inputStream.close();
+
+ // Wipe the encryption data from memory.
+ //noinspection UnusedAssignment
+ encryptionPasswordString = "";
+ Arrays.fill(saltByteArray, (byte) 0);
+ Arrays.fill(initializationVector, (byte) 0);
+ Arrays.fill(encryptionPasswordByteArray, (byte) 0);
+ Arrays.fill(encryptionPasswordWithSaltByteArray, (byte) 0);
+ Arrays.fill(hashedEncryptionPasswordWithSaltByteArray, (byte) 0);
+ Arrays.fill(truncatedHashedEncryptionPasswordWithSaltByteArray, (byte) 0);
+ Arrays.fill(decryptedBytes, (byte) 0);
+
+ // Create a temporary unencrypted import file input stream.
+ FileInputStream temporaryUnencryptedImportFileInputStream = new FileInputStream(temporaryUnencryptedImportFile);
+
+ // Import the temporary unencrypted import file.
+ importStatus = importExportDatabaseHelper.importUnencrypted(temporaryUnencryptedImportFileInputStream, this);
+
+ // Close the temporary unencrypted import file input stream.
+ temporaryUnencryptedImportFileInputStream.close();
+
+ // Delete the temporary unencrypted import file.
+ //noinspection ResultOfMethodCallIgnored
+ temporaryUnencryptedImportFile.delete();
+
+ // Restart Privacy Browser if successful.
+ if (importStatus.equals(ImportExportDatabaseHelper.IMPORT_SUCCESSFUL)) {
+ restartPrivacyBrowser();
+ }
+ } catch (Exception exception) {
+ // Update the import status.
+ importStatus = exception.toString();
+ }
+ break;
+
+ case OPENPGP_ENCRYPTION:
+ try {
+ // Set the temporary PGP encrypted import file.
+ temporaryPgpEncryptedImportFile = File.createTempFile("temporary_pgp_encrypted_import_file", null, getApplicationContext().getCacheDir());
+
+ // Create a temporary PGP encrypted import file output stream.
+ FileOutputStream temporaryPgpEncryptedImportFileOutputStream = new FileOutputStream(temporaryPgpEncryptedImportFile);
+
+ // Get an input stream for the file name.
+ InputStream inputStream = getContentResolver().openInputStream(Uri.parse(fileNameString));
+
+ // Create a transfer byte array.
+ byte[] transferByteArray = new byte[1024];
+
+ // Create an integer to track the number of bytes read.
+ int bytesRead;
+
+ // Copy the input stream to the temporary PGP encrypted import file.
+ while ((bytesRead = inputStream.read(transferByteArray)) > 0) {
+ temporaryPgpEncryptedImportFileOutputStream.write(transferByteArray, 0, bytesRead);
+ }
+
+ // Flush the temporary PGP encrypted import file output stream.
+ temporaryPgpEncryptedImportFileOutputStream.flush();
+
+ // Close the streams.
+ inputStream.close();
+ temporaryPgpEncryptedImportFileOutputStream.close();
+
+ // Create an decryption intent for OpenKeychain.
+ Intent openKeychainDecryptIntent = new Intent("org.sufficientlysecure.keychain.action.DECRYPT_DATA");
+
+ // Include the URI to be decrypted.
+ openKeychainDecryptIntent.setData(FileProvider.getUriForFile(this, getString(R.string.file_provider), temporaryPgpEncryptedImportFile));
+
+ // Allow OpenKeychain to read the file URI.
+ openKeychainDecryptIntent.setFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION);
+
+ // Send the intent to the OpenKeychain package.
+ openKeychainDecryptIntent.setPackage("org.sufficientlysecure.keychain");
+
+ // Make it so.
+ startActivityForResult(openKeychainDecryptIntent, OPENPGP_IMPORT_RESULT_CODE);
+
+ // Update the import status.
+ importStatus = ImportExportDatabaseHelper.IMPORT_SUCCESSFUL;
+ } catch (Exception exception) {
+ // Update the import status.
+ importStatus = exception.toString();
}
break;
}
- }
- }
- @Override
- public void onCloseImportExportStoragePermissionDialog(int type) {
- // Request the storage permission based on the button that was pressed.
- switch (type) {
- case ImportExportStoragePermissionDialog.EXPORT_SETTINGS:
- // Request the storage permission. The export will be run when it finishes.
- ActivityCompat.requestPermissions(this, new String[] {Manifest.permission.WRITE_EXTERNAL_STORAGE}, EXPORT_REQUEST_CODE);
- break;
+ // Respond to the import status.
+ if (!importStatus.equals(ImportExportDatabaseHelper.IMPORT_SUCCESSFUL)) {
+ // Display a snack bar with the import error.
+ Snackbar.make(fileNameEditText, getString(R.string.import_failed) + " " + importStatus, Snackbar.LENGTH_INDEFINITE).show();
+ }
+ } else { // Export is selected.
+ // Export according to the encryption type.
+ switch (encryptionSpinner.getSelectedItemPosition()) {
+ case NO_ENCRYPTION:
+ // Get the file name string.
+ String noEncryptionFileNameString = fileNameEditText.getText().toString();
+
+ try {
+ // Get the export file output stream.
+ OutputStream exportFileOutputStream = getContentResolver().openOutputStream(Uri.parse(noEncryptionFileNameString));
+
+ // Export the unencrypted file.
+ String noEncryptionExportStatus = importExportDatabaseHelper.exportUnencrypted(exportFileOutputStream, this);
+
+ // Display an export disposition snackbar.
+ if (noEncryptionExportStatus.equals(ImportExportDatabaseHelper.EXPORT_SUCCESSFUL)) {
+ Snackbar.make(fileNameEditText, getString(R.string.export_successful), Snackbar.LENGTH_SHORT).show();
+ } else {
+ Snackbar.make(fileNameEditText, getString(R.string.export_failed) + " " + noEncryptionExportStatus, Snackbar.LENGTH_INDEFINITE).show();
+ }
+ } catch (FileNotFoundException fileNotFoundException) {
+ // Display a snackbar with the exception.
+ Snackbar.make(fileNameEditText, getString(R.string.export_failed) + " " + fileNotFoundException, Snackbar.LENGTH_INDEFINITE).show();
+ }
+ break;
- case ImportExportStoragePermissionDialog.IMPORT_SETTINGS:
- // Request the storage permission. The import will be run when it finishes.
- ActivityCompat.requestPermissions(this, new String[] {Manifest.permission.READ_EXTERNAL_STORAGE}, IMPORT_REQUEST_CODE);
- break;
- }
- }
+ case PASSWORD_ENCRYPTION:
+ try {
+ // Create a temporary unencrypted export file.
+ File temporaryUnencryptedExportFile = File.createTempFile("temporary_unencrypted_export_file", null, getApplicationContext().getCacheDir());
- @Override
- public void onRequestPermissionsResult(int requestCode, @NonNull String[] permissions, @NonNull int[] grantResults) {
- switch (requestCode) {
- case EXPORT_REQUEST_CODE:
- // Check to see if the storage permission was granted. If the dialog was canceled the grant results will be empty.
- if ((grantResults.length > 0) && (grantResults[0] == PackageManager.PERMISSION_GRANTED)) { // The storage permission was granted.
- // Export the settings.
- exportSettings();
- } else { // The storage permission was not granted.
- // Get a handle for the export file EditText.
- EditText exportFileEditText = findViewById(R.id.export_file_edittext);
-
- // Display an error snackbar.
- Snackbar.make(exportFileEditText, getString(R.string.cannot_export), Snackbar.LENGTH_LONG).show();
- }
- break;
+ // Create a temporary unencrypted export output stream.
+ FileOutputStream temporaryUnencryptedExportOutputStream = new FileOutputStream(temporaryUnencryptedExportFile);
- case IMPORT_REQUEST_CODE:
- // Check to see if the storage permission was granted. If the dialog was canceled the grant results will be empty.
- if ((grantResults.length > 0) && (grantResults[0] == PackageManager.PERMISSION_GRANTED)) { // The storage permission was granted.
- // Import the settings.
- importSettings();
- } else { // The storage permission was not granted.
- // Get a handle for the import file EditText.
- EditText importFileEditText = findViewById(R.id.import_file_edittext);
-
- // Display an error snackbar.
- Snackbar.make(importFileEditText, getString(R.string.cannot_import), Snackbar.LENGTH_LONG).show();
- }
- break;
- }
- }
+ // Populate the temporary unencrypted export.
+ String passwordEncryptionExportStatus = importExportDatabaseHelper.exportUnencrypted(temporaryUnencryptedExportOutputStream, this);
- private void exportSettings() {
- // Get a handle for the export file EditText.
- EditText exportFileEditText = findViewById(R.id.export_file_edittext);
+ // Close the temporary unencrypted export output stream.
+ temporaryUnencryptedExportOutputStream.close();
- // Get the export file string.
- String exportFileString = exportFileEditText.getText().toString();
+ // Create an unencrypted export file input stream.
+ FileInputStream unencryptedExportFileInputStream = new FileInputStream(temporaryUnencryptedExportFile);
- // Set the export file.
- File exportFile = new File(exportFileString);
+ // Get the encryption password.
+ String encryptionPasswordString = encryptionPasswordEditText.getText().toString();
- // Instantiate the import export database helper.
- ImportExportDatabaseHelper importExportDatabaseHelper = new ImportExportDatabaseHelper();
+ // Initialize a secure random number generator.
+ SecureRandom secureRandom = new SecureRandom();
- // Export the unencrypted file.
- String exportStatus = importExportDatabaseHelper.exportUnencrypted(exportFile, getApplicationContext());
+ // Get a 256 bit (32 byte) random salt.
+ byte[] saltByteArray = new byte[32];
+ secureRandom.nextBytes(saltByteArray);
- // Show a disposition snackbar.
- if (exportStatus.equals(ImportExportDatabaseHelper.EXPORT_SUCCESSFUL)) {
- Snackbar.make(exportFileEditText, getString(R.string.export_successful), Snackbar.LENGTH_SHORT).show();
- } else {
- Snackbar.make(exportFileEditText, getString(R.string.export_failed) + " " + exportStatus, Snackbar.LENGTH_INDEFINITE).show();
- }
- }
+ // Convert the encryption password to a byte array.
+ byte[] encryptionPasswordByteArray = encryptionPasswordString.getBytes(StandardCharsets.UTF_8);
- private void importSettings() {
- // Get a handle for the import file EditText.
- EditText importFileEditText = findViewById(R.id.import_file_edittext);
+ // Append the salt to the encryption password byte array. This protects against rainbow table attacks.
+ byte[] encryptionPasswordWithSaltByteArray = new byte[encryptionPasswordByteArray.length + saltByteArray.length];
+ System.arraycopy(encryptionPasswordByteArray, 0, encryptionPasswordWithSaltByteArray, 0, encryptionPasswordByteArray.length);
+ System.arraycopy(saltByteArray, 0, encryptionPasswordWithSaltByteArray, encryptionPasswordByteArray.length, saltByteArray.length);
- // Get the import file string.
- String importFileString = importFileEditText.getText().toString();
+ // Get a SHA-512 message digest.
+ MessageDigest messageDigest = MessageDigest.getInstance("SHA-512");
- // Set the import file.
- File importFile = new File(importFileString);
+ // Hash the salted encryption password. Otherwise, any characters after the 32nd character in the password are ignored.
+ byte[] hashedEncryptionPasswordWithSaltByteArray = messageDigest.digest(encryptionPasswordWithSaltByteArray);
- // Instantiate the import export database helper.
- ImportExportDatabaseHelper importExportDatabaseHelper = new ImportExportDatabaseHelper();
+ // Truncate the encryption password byte array to 256 bits (32 bytes).
+ byte[] truncatedHashedEncryptionPasswordWithSaltByteArray = Arrays.copyOf(hashedEncryptionPasswordWithSaltByteArray, 32);
- // Import the unencrypted file.
- String importStatus = importExportDatabaseHelper.importUnencrypted(importFile, getApplicationContext());
+ // Create an AES secret key from the encryption password byte array.
+ SecretKeySpec secretKey = new SecretKeySpec(truncatedHashedEncryptionPasswordWithSaltByteArray, "AES");
- // Respond to the import disposition.
- if (importStatus.equals(ImportExportDatabaseHelper.IMPORT_SUCCESSFUL)) { // The import was successful.
- // Create an intent to restart Privacy Browser.
- Intent restartIntent = getParentActivityIntent();
+ // Generate a random 12 byte initialization vector. According to NIST, a 12 byte initialization vector is more secure than a 16 byte one.
+ byte[] initializationVector = new byte[12];
+ secureRandom.nextBytes(initializationVector);
- // Assert that the intent is not null to remove the lint error below.
- assert restartIntent != null;
+ // Get a Advanced Encryption Standard, Galois/Counter Mode, No Padding cipher instance. Galois/Counter mode protects against modification of the ciphertext. It doesn't use padding.
+ Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
- // `Intent.FLAG_ACTIVITY_CLEAR_TASK` removes all activities from the stack. It requires `Intent.FLAG_ACTIVITY_NEW_TASK`.
- restartIntent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK | Intent.FLAG_ACTIVITY_CLEAR_TASK);
+ // Set the GCM tag length to be 128 bits (the maximum) and apply the initialization vector.
+ GCMParameterSpec gcmParameterSpec = new GCMParameterSpec(128, initializationVector);
- // Make it so.
- startActivity(restartIntent);
- } else { // The import was not successful.
- // Display a snack bar with the import error.
- Snackbar.make(importFileEditText, getString(R.string.import_failed) + " " + importStatus, Snackbar.LENGTH_INDEFINITE).show();
+ // Initialize the cipher.
+ cipher.init(Cipher.ENCRYPT_MODE, secretKey, gcmParameterSpec);
+
+ // Get the file name string.
+ String passwordEncryptionFileNameString = fileNameEditText.getText().toString();
+
+ // Get the export file output stream.
+ OutputStream exportFileOutputStream = getContentResolver().openOutputStream(Uri.parse(passwordEncryptionFileNameString));
+
+ // Add the salt and the initialization vector to the export file output stream.
+ exportFileOutputStream.write(saltByteArray);
+ exportFileOutputStream.write(initializationVector);
+
+ // Create a cipher output stream.
+ CipherOutputStream cipherOutputStream = new CipherOutputStream(exportFileOutputStream, cipher);
+
+ // Initialize variables to store data as it is moved from the unencrypted export file input stream to the cipher output stream. Move 128 bits (16 bytes) at a time.
+ int numberOfBytesRead;
+ byte[] encryptedBytes = new byte[16];
+
+ // Read up to 128 bits (16 bytes) of data from the unencrypted export file stream. `-1` will be returned when the end of the file is reached.
+ while ((numberOfBytesRead = unencryptedExportFileInputStream.read(encryptedBytes)) != -1) {
+ // Write the data to the cipher output stream.
+ cipherOutputStream.write(encryptedBytes, 0, numberOfBytesRead);
+ }
+
+ // Close the streams.
+ cipherOutputStream.flush();
+ cipherOutputStream.close();
+ exportFileOutputStream.close();
+ unencryptedExportFileInputStream.close();
+
+ // Wipe the encryption data from memory.
+ //noinspection UnusedAssignment
+ encryptionPasswordString = "";
+ Arrays.fill(saltByteArray, (byte) 0);
+ Arrays.fill(encryptionPasswordByteArray, (byte) 0);
+ Arrays.fill(encryptionPasswordWithSaltByteArray, (byte) 0);
+ Arrays.fill(hashedEncryptionPasswordWithSaltByteArray, (byte) 0);
+ Arrays.fill(truncatedHashedEncryptionPasswordWithSaltByteArray, (byte) 0);
+ Arrays.fill(initializationVector, (byte) 0);
+ Arrays.fill(encryptedBytes, (byte) 0);
+
+ // Delete the temporary unencrypted export file.
+ //noinspection ResultOfMethodCallIgnored
+ temporaryUnencryptedExportFile.delete();
+
+ // Display an export disposition snackbar.
+ if (passwordEncryptionExportStatus.equals(ImportExportDatabaseHelper.EXPORT_SUCCESSFUL)) {
+ Snackbar.make(fileNameEditText, getString(R.string.export_successful), Snackbar.LENGTH_SHORT).show();
+ } else {
+ Snackbar.make(fileNameEditText, getString(R.string.export_failed) + " " + passwordEncryptionExportStatus, Snackbar.LENGTH_INDEFINITE).show();
+ }
+ } catch (Exception exception) {
+ // Display a snackbar with the exception.
+ Snackbar.make(fileNameEditText, getString(R.string.export_failed) + " " + exception, Snackbar.LENGTH_INDEFINITE).show();
+ }
+ break;
+
+ case OPENPGP_ENCRYPTION:
+ try {
+ // Set the temporary pre-encrypted export file.
+ temporaryPreEncryptedExportFile = new File(getApplicationContext().getCacheDir() + "/" + getString(R.string.settings) + " " + BuildConfig.VERSION_NAME + ".pbs");
+
+ // Delete the temporary pre-encrypted export file if it already exists.
+ if (temporaryPreEncryptedExportFile.exists()) {
+ //noinspection ResultOfMethodCallIgnored
+ temporaryPreEncryptedExportFile.delete();
+ }
+
+ // Create a temporary pre-encrypted export output stream.
+ FileOutputStream temporaryPreEncryptedExportOutputStream = new FileOutputStream(temporaryPreEncryptedExportFile);
+
+ // Populate the temporary pre-encrypted export file.
+ String openpgpEncryptionExportStatus = importExportDatabaseHelper.exportUnencrypted(temporaryPreEncryptedExportOutputStream, this);
+
+ // Flush the temporary pre-encryption export output stream.
+ temporaryPreEncryptedExportOutputStream.flush();
+
+ // Close the temporary pre-encryption export output stream.
+ temporaryPreEncryptedExportOutputStream.close();
+
+ // Display an export error snackbar if the temporary pre-encrypted export failed.
+ if (!openpgpEncryptionExportStatus.equals(ImportExportDatabaseHelper.EXPORT_SUCCESSFUL)) {
+ Snackbar.make(fileNameEditText, getString(R.string.export_failed) + " " + openpgpEncryptionExportStatus, Snackbar.LENGTH_INDEFINITE).show();
+ }
+
+ // Create an encryption intent for OpenKeychain.
+ Intent openKeychainEncryptIntent = new Intent("org.sufficientlysecure.keychain.action.ENCRYPT_DATA");
+
+ // Include the temporary unencrypted export file URI.
+ openKeychainEncryptIntent.setData(FileProvider.getUriForFile(this, getString(R.string.file_provider), temporaryPreEncryptedExportFile));
+
+ // Allow OpenKeychain to read the file URI.
+ openKeychainEncryptIntent.setFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION);
+
+ // Send the intent to the OpenKeychain package.
+ openKeychainEncryptIntent.setPackage("org.sufficientlysecure.keychain");
+
+ // Make it so.
+ startActivityForResult(openKeychainEncryptIntent, OPENPGP_EXPORT_RESULT_CODE);
+ } catch (Exception exception) {
+ // Display a snackbar with the exception.
+ Snackbar.make(fileNameEditText, getString(R.string.export_failed) + " " + exception, Snackbar.LENGTH_INDEFINITE).show();
+ }
+ break;
+ }
}
}
+
+ private void restartPrivacyBrowser() {
+ // Create an intent to restart Privacy Browser.
+ Intent restartIntent = getParentActivityIntent();
+
+ // Assert that the intent is not null to remove the lint error below.
+ assert restartIntent != null;
+
+ // `Intent.FLAG_ACTIVITY_CLEAR_TASK` removes all activities from the stack. It requires `Intent.FLAG_ACTIVITY_NEW_TASK`.
+ restartIntent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK | Intent.FLAG_ACTIVITY_CLEAR_TASK);
+
+ // Create a restart handler.
+ Handler restartHandler = new Handler();
+
+ // Create a restart runnable.
+ Runnable restartRunnable = () -> {
+ // Restart Privacy Browser.
+ startActivity(restartIntent);
+
+ // Kill this instance of Privacy Browser. Otherwise, the app exhibits sporadic behavior after the restart.
+ System.exit(0);
+ };
+
+ // Restart Privacy Browser after 150 milliseconds to allow enough time for the preferences to be saved.
+ restartHandler.postDelayed(restartRunnable, 150);
+ }
}
\ No newline at end of file
projects / PrivacyBrowserAndroid.git / blobdiff