X-Git-Url: https://gitweb.stoutner.com/?p=PrivacyBrowserAndroid.git;a=blobdiff_plain;f=app%2Fsrc%2Fmain%2Fjava%2Fcom%2Fstoutner%2Fprivacybrowser%2Factivities%2FImportExportActivity.java;h=c1b3891d3fe248fdcbd951ed80b78f0cd0fad494;hp=26f2e1bc11bd4858cdc0c88bf88fd13eb294b093;hb=ab11ca2de00c56982e46627c8e7fc670462b0b3c;hpb=f7377fd19a601b61e45ce28cd2a72857a6f5ba84 diff --git a/app/src/main/java/com/stoutner/privacybrowser/activities/ImportExportActivity.java b/app/src/main/java/com/stoutner/privacybrowser/activities/ImportExportActivity.java index 26f2e1bc..c1b3891d 100644 --- a/app/src/main/java/com/stoutner/privacybrowser/activities/ImportExportActivity.java +++ b/app/src/main/java/com/stoutner/privacybrowser/activities/ImportExportActivity.java @@ -1,5 +1,5 @@ /* - * Copyright © 2018 Soren Stoutner . + * Copyright © 2018-2021 Soren Stoutner . * * This file is part of Privacy Browser . * @@ -19,85 +19,270 @@ package com.stoutner.privacybrowser.activities; -import android.Manifest; import android.app.Activity; -import android.app.DialogFragment; import android.content.Intent; +import android.content.SharedPreferences; import android.content.pm.PackageManager; import android.net.Uri; -import android.os.Build; import android.os.Bundle; -import android.os.Environment; -import android.provider.DocumentsContract; -import android.support.annotation.NonNull; -import android.support.design.widget.Snackbar; -import android.support.v4.app.ActivityCompat; -import android.support.v4.content.ContextCompat; -import android.support.v7.app.ActionBar; -import android.support.v7.app.AppCompatActivity; -import android.support.v7.widget.Toolbar; +import android.os.Handler; +import android.preference.PreferenceManager; import android.text.Editable; import android.text.TextWatcher; import android.view.View; import android.view.WindowManager; +import android.widget.AdapterView; +import android.widget.ArrayAdapter; import android.widget.Button; import android.widget.EditText; +import android.widget.LinearLayout; +import android.widget.RadioButton; +import android.widget.Spinner; import android.widget.TextView; +import androidx.annotation.NonNull; +import androidx.appcompat.app.ActionBar; +import androidx.appcompat.app.AppCompatActivity; +import androidx.appcompat.widget.Toolbar; +import androidx.cardview.widget.CardView; +import androidx.core.content.FileProvider; + +import com.google.android.material.snackbar.Snackbar; +import com.google.android.material.textfield.TextInputLayout; + +import com.stoutner.privacybrowser.BuildConfig; import com.stoutner.privacybrowser.R; -import com.stoutner.privacybrowser.dialogs.ImportExportStoragePermissionDialog; import com.stoutner.privacybrowser.helpers.ImportExportDatabaseHelper; import java.io.File; - -public class ImportExportActivity extends AppCompatActivity implements ImportExportStoragePermissionDialog.ImportExportStoragePermissionDialogListener { - private final static int EXPORT_FILE_PICKER_REQUEST_CODE = 1; - private final static int IMPORT_FILE_PICKER_REQUEST_CODE = 2; - private final static int EXPORT_REQUEST_CODE = 3; - private final static int IMPORT_REQUEST_CODE = 4; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.FileOutputStream; +import java.io.InputStream; +import java.io.OutputStream; +import java.nio.charset.StandardCharsets; +import java.security.MessageDigest; +import java.security.SecureRandom; +import java.util.Arrays; + +import javax.crypto.Cipher; +import javax.crypto.CipherInputStream; +import javax.crypto.CipherOutputStream; +import javax.crypto.spec.GCMParameterSpec; +import javax.crypto.spec.SecretKeySpec; + +public class ImportExportActivity extends AppCompatActivity { + // Define the encryption constants. + private final int NO_ENCRYPTION = 0; + private final int PASSWORD_ENCRYPTION = 1; + private final int OPENPGP_ENCRYPTION = 2; + + // Define the activity result constants. + private final int BROWSE_RESULT_CODE = 0; + private final int OPENPGP_IMPORT_RESULT_CODE = 1; + private final int OPENPGP_EXPORT_RESULT_CODE = 2; + + // Define the saved instance state constants. + private final String ENCRYPTION_PASSWORD_TEXTINPUTLAYOUT_VISIBILITY = "encryption_password_textinputlayout_visibility"; + private final String KITKAT_PASSWORD_ENCRYPTED_TEXTVIEW_VISIBILITY = "kitkat_password_encrypted_textview_visibility"; + private final String OPEN_KEYCHAIN_REQUIRED_TEXTVIEW_VISIBILITY = "open_keychain_required_textview_visibility"; + private final String FILE_LOCATION_CARD_VIEW = "file_location_card_view"; + private final String FILE_NAME_LINEARLAYOUT_VISIBILITY = "file_name_linearlayout_visibility"; + private final String OPEN_KEYCHAIN_IMPORT_INSTRUCTIONS_TEXTVIEW_VISIBILITY = "open_keychain_import_instructions_textview_visibility"; + private final String IMPORT_EXPORT_BUTTON_VISIBILITY = "import_export_button_visibility"; + private final String FILE_NAME_TEXT = "file_name_text"; + private final String IMPORT_EXPORT_BUTTON_TEXT = "import_export_button_text"; + + // Define the class views. + Spinner encryptionSpinner; + TextInputLayout encryptionPasswordTextInputLayout; + EditText encryptionPasswordEditText; + TextView kitKatPasswordEncryptionTextView; + TextView openKeychainRequiredTextView; + CardView fileLocationCardView; + RadioButton importRadioButton; + LinearLayout fileNameLinearLayout; + EditText fileNameEditText; + TextView openKeychainImportInstructionsTextView; + Button importExportButton; + + // Define the class variables. + private boolean openKeychainInstalled; + private File temporaryPgpEncryptedImportFile; + private File temporaryPreEncryptedExportFile; @Override public void onCreate(Bundle savedInstanceState) { + // Get a handle for the shared preferences. + SharedPreferences sharedPreferences = PreferenceManager.getDefaultSharedPreferences(this); + + // Get the preferences. + boolean allowScreenshots = sharedPreferences.getBoolean(getString(R.string.allow_screenshots_key), false); + boolean bottomAppBar = sharedPreferences.getBoolean(getString(R.string.bottom_app_bar_key), false); + // Disable screenshots if not allowed. - if (!MainWebViewActivity.allowScreenshots) { + if (!allowScreenshots) { getWindow().addFlags(WindowManager.LayoutParams.FLAG_SECURE); } - // Set the activity theme. - if (MainWebViewActivity.darkTheme) { - setTheme(R.style.PrivacyBrowserDark_SecondaryActivity); - } else { - setTheme(R.style.PrivacyBrowserLight_SecondaryActivity); - } + // Set the theme. + setTheme(R.style.PrivacyBrowser); // Run the default commands. super.onCreate(savedInstanceState); // Set the content view. - setContentView(R.layout.import_export_coordinatorlayout); + if (bottomAppBar) { + setContentView(R.layout.import_export_bottom_appbar); + } else { + setContentView(R.layout.import_export_top_appbar); + } + + // Get a handle for the toolbar. + Toolbar toolbar = findViewById(R.id.import_export_toolbar); + + // Set the support action bar. + setSupportActionBar(toolbar); - // Use the `SupportActionBar` from `android.support.v7.app.ActionBar` until the minimum API is >= 21. - Toolbar importExportAppBar = findViewById(R.id.import_export_toolbar); - setSupportActionBar(importExportAppBar); + // Get a handle for the action bar. + ActionBar actionBar = getSupportActionBar(); + + // Remove the incorrect lint warning that the action bar might be null. + assert actionBar != null; // Display the home arrow on the support action bar. - ActionBar appBar = getSupportActionBar(); - assert appBar != null;// This assert removes the incorrect warning in Android Studio on the following line that `appBar` might be null. - appBar.setDisplayHomeAsUpEnabled(true); + actionBar.setDisplayHomeAsUpEnabled(true); + + // Find out if OpenKeychain is installed. + try { + openKeychainInstalled = !getPackageManager().getPackageInfo("org.sufficientlysecure.keychain", 0).versionName.isEmpty(); + } catch (PackageManager.NameNotFoundException exception) { + openKeychainInstalled = false; + } // Get handles for the views that need to be modified. - EditText exportFileEditText = findViewById(R.id.export_file_edittext); - Button exportButton = findViewById(R.id.export_button); - EditText importFileEditText = findViewById(R.id.import_file_edittext); - Button importButton = findViewById(R.id.import_button); - TextView storagePermissionTextView = findViewById(R.id.import_export_storage_permission_textview); - - // Initially disable the buttons. - exportButton.setEnabled(false); - importButton.setEnabled(false); - - // Enable the export button when the export file EditText isn't empty. - exportFileEditText.addTextChangedListener(new TextWatcher() { + encryptionSpinner = findViewById(R.id.encryption_spinner); + encryptionPasswordTextInputLayout = findViewById(R.id.encryption_password_textinputlayout); + encryptionPasswordEditText = findViewById(R.id.encryption_password_edittext); + openKeychainRequiredTextView = findViewById(R.id.openkeychain_required_textview); + fileLocationCardView = findViewById(R.id.file_location_cardview); + importRadioButton = findViewById(R.id.import_radiobutton); + RadioButton exportRadioButton = findViewById(R.id.export_radiobutton); + fileNameLinearLayout = findViewById(R.id.file_name_linearlayout); + fileNameEditText = findViewById(R.id.file_name_edittext); + openKeychainImportInstructionsTextView = findViewById(R.id.openkeychain_import_instructions_textview); + importExportButton = findViewById(R.id.import_export_button); + + // Create an array adapter for the spinner. + ArrayAdapter encryptionArrayAdapter = ArrayAdapter.createFromResource(this, R.array.encryption_type, R.layout.spinner_item); + + // Set the drop down view resource on the spinner. + encryptionArrayAdapter.setDropDownViewResource(R.layout.spinner_dropdown_items); + + // Set the array adapter for the spinner. + encryptionSpinner.setAdapter(encryptionArrayAdapter); + + // Update the UI when the spinner changes. + encryptionSpinner.setOnItemSelectedListener(new AdapterView.OnItemSelectedListener() { + @Override + public void onItemSelected(AdapterView parent, View view, int position, long id) { + switch (position) { + case NO_ENCRYPTION: + // Hide the unneeded layout items. + encryptionPasswordTextInputLayout.setVisibility(View.GONE); + kitKatPasswordEncryptionTextView.setVisibility(View.GONE); + openKeychainRequiredTextView.setVisibility(View.GONE); + openKeychainImportInstructionsTextView.setVisibility(View.GONE); + + // Show the file location card. + fileLocationCardView.setVisibility(View.VISIBLE); + + // Show the file name linear layout if either import or export is checked. + if (importRadioButton.isChecked() || exportRadioButton.isChecked()) { + fileNameLinearLayout.setVisibility(View.VISIBLE); + } + + // Reset the text of the import button, which may have been changed to `Decrypt`. + if (importRadioButton.isChecked()) { + importExportButton.setText(R.string.import_button); + } + + // Enable the import/export button if the file name is populated. + importExportButton.setEnabled(!fileNameEditText.getText().toString().isEmpty()); + break; + + case PASSWORD_ENCRYPTION: + // Hide the OpenPGP layout items. + openKeychainRequiredTextView.setVisibility(View.GONE); + openKeychainImportInstructionsTextView.setVisibility(View.GONE); + + // Show the password encryption layout items. + encryptionPasswordTextInputLayout.setVisibility(View.VISIBLE); + + // Show the file location card. + fileLocationCardView.setVisibility(View.VISIBLE); + + // Show the file name linear layout if either import or export is checked. + if (importRadioButton.isChecked() || exportRadioButton.isChecked()) { + fileNameLinearLayout.setVisibility(View.VISIBLE); + } + + // Reset the text of the import button, which may have been changed to `Decrypt`. + if (importRadioButton.isChecked()) { + importExportButton.setText(R.string.import_button); + } + + // Enable the import/button if both the password and the file name are populated. + importExportButton.setEnabled(!fileNameEditText.getText().toString().isEmpty() && !encryptionPasswordEditText.getText().toString().isEmpty()); + break; + + case OPENPGP_ENCRYPTION: + // Hide the password encryption layout items. + encryptionPasswordTextInputLayout.setVisibility(View.GONE); + kitKatPasswordEncryptionTextView.setVisibility(View.GONE); + + // Updated items based on the installation status of OpenKeychain. + if (openKeychainInstalled) { // OpenKeychain is installed. + // Show the file location card. + fileLocationCardView.setVisibility(View.VISIBLE); + + if (importRadioButton.isChecked()) { + // Show the file name linear layout and the OpenKeychain import instructions. + fileNameLinearLayout.setVisibility(View.VISIBLE); + openKeychainImportInstructionsTextView.setVisibility(View.VISIBLE); + + // Set the text of the import button to be `Decrypt`. + importExportButton.setText(R.string.decrypt); + + // Enable the import button if the file name is populated. + importExportButton.setEnabled(!fileNameEditText.getText().toString().isEmpty()); + } else if (exportRadioButton.isChecked()) { + // Hide the file name linear layout and the OpenKeychain import instructions. + fileNameLinearLayout.setVisibility(View.GONE); + openKeychainImportInstructionsTextView.setVisibility(View.GONE); + + // Enable the export button. + importExportButton.setEnabled(true); + } + } else { // OpenKeychain is not installed. + // Show the OpenPGP required layout item. + openKeychainRequiredTextView.setVisibility(View.VISIBLE); + + // Hide the file location card. + fileLocationCardView.setVisibility(View.GONE); + } + break; + } + } + + @Override + public void onNothingSelected(AdapterView parent) { + + } + }); + + // Update the status of the import/export button when the password changes. + encryptionPasswordEditText.addTextChangedListener(new TextWatcher() { @Override public void beforeTextChanged(CharSequence s, int start, int count, int after) { // Do nothing. @@ -110,12 +295,13 @@ public class ImportExportActivity extends AppCompatActivity implements ImportExp @Override public void afterTextChanged(Editable s) { - exportButton.setEnabled(!exportFileEditText.getText().toString().isEmpty()); + // Enable the import/export button if both the file string and the password are populated. + importExportButton.setEnabled(!fileNameEditText.getText().toString().isEmpty() && !encryptionPasswordEditText.getText().toString().isEmpty()); } }); - // Enable the import button when the export file EditText isn't empty. - importFileEditText.addTextChangedListener(new TextWatcher() { + // Update the UI when the file name EditText changes. + fileNameEditText.addTextChangedListener(new TextWatcher() { @Override public void beforeTextChanged(CharSequence s, int start, int count, int after) { // Do nothing. @@ -128,370 +314,630 @@ public class ImportExportActivity extends AppCompatActivity implements ImportExp @Override public void afterTextChanged(Editable s) { - importButton.setEnabled(!importFileEditText.getText().toString().isEmpty()); + // Adjust the UI according to the encryption spinner position. + if (encryptionSpinner.getSelectedItemPosition() == PASSWORD_ENCRYPTION) { + // Enable the import/export button if both the file name and the password are populated. + importExportButton.setEnabled(!fileNameEditText.getText().toString().isEmpty() && !encryptionPasswordEditText.getText().toString().isEmpty()); + } else { + // Enable the export button if the file name is populated. + importExportButton.setEnabled(!fileNameEditText.getText().toString().isEmpty()); + } } }); - // Set the initial file paths. - if (ContextCompat.checkSelfPermission(this, Manifest.permission.WRITE_EXTERNAL_STORAGE) == PackageManager.PERMISSION_GRANTED) { // The storage permission has been granted. - // Create a string for the external public path. - String EXTERNAL_PUBLIC_PATH = Environment.getExternalStoragePublicDirectory(Environment.DIRECTORY_DOCUMENTS) + "/" + getString(R.string.privacy_browser_settings); - - // Set the default path. - exportFileEditText.setText(EXTERNAL_PUBLIC_PATH); - importFileEditText.setText(EXTERNAL_PUBLIC_PATH); - } else { // The storage permission has not been granted. - // Create a string for the external private path. - String EXTERNAL_PRIVATE_PATH = getApplicationContext().getExternalFilesDir(Environment.DIRECTORY_DOCUMENTS) + "/" + getString(R.string.privacy_browser_settings); - - // Set the default path. - exportFileEditText.setText(EXTERNAL_PRIVATE_PATH); - importFileEditText.setText(EXTERNAL_PRIVATE_PATH); - } - - // Hide the storage permissions TextView on API < 23 as permissions on older devices are automatically granted. - if (Build.VERSION.SDK_INT < 23) { - storagePermissionTextView.setVisibility(View.GONE); + // Check to see if the activity has been restarted. + if (savedInstanceState == null) { // The app has not been restarted. + // Initially hide the unneeded views. + encryptionPasswordTextInputLayout.setVisibility(View.GONE); + kitKatPasswordEncryptionTextView.setVisibility(View.GONE); + openKeychainRequiredTextView.setVisibility(View.GONE); + fileNameLinearLayout.setVisibility(View.GONE); + openKeychainImportInstructionsTextView.setVisibility(View.GONE); + importExportButton.setVisibility(View.GONE); + } else { // The app has been restarted. + // Restore the visibility of the views. + encryptionPasswordTextInputLayout.setVisibility(savedInstanceState.getInt(ENCRYPTION_PASSWORD_TEXTINPUTLAYOUT_VISIBILITY)); + kitKatPasswordEncryptionTextView.setVisibility(savedInstanceState.getInt(KITKAT_PASSWORD_ENCRYPTED_TEXTVIEW_VISIBILITY)); + openKeychainRequiredTextView.setVisibility(savedInstanceState.getInt(OPEN_KEYCHAIN_REQUIRED_TEXTVIEW_VISIBILITY)); + fileLocationCardView.setVisibility(savedInstanceState.getInt(FILE_LOCATION_CARD_VIEW)); + fileNameLinearLayout.setVisibility(savedInstanceState.getInt(FILE_NAME_LINEARLAYOUT_VISIBILITY)); + openKeychainImportInstructionsTextView.setVisibility(savedInstanceState.getInt(OPEN_KEYCHAIN_IMPORT_INSTRUCTIONS_TEXTVIEW_VISIBILITY)); + importExportButton.setVisibility(savedInstanceState.getInt(IMPORT_EXPORT_BUTTON_VISIBILITY)); + + // Restore the text. + fileNameEditText.post(() -> fileNameEditText.setText(savedInstanceState.getString(FILE_NAME_TEXT))); + importExportButton.setText(savedInstanceState.getString(IMPORT_EXPORT_BUTTON_TEXT)); } } - public void exportBrowse(View view) { - // Create the file picker intent. - Intent intent = new Intent(Intent.ACTION_CREATE_DOCUMENT); + @Override + public void onSaveInstanceState (@NonNull Bundle savedInstanceState) { + // Run the default commands. + super.onSaveInstanceState(savedInstanceState); + + // Save the visibility of the views. + savedInstanceState.putInt(ENCRYPTION_PASSWORD_TEXTINPUTLAYOUT_VISIBILITY, encryptionPasswordTextInputLayout.getVisibility()); + savedInstanceState.putInt(KITKAT_PASSWORD_ENCRYPTED_TEXTVIEW_VISIBILITY, kitKatPasswordEncryptionTextView.getVisibility()); + savedInstanceState.putInt(OPEN_KEYCHAIN_REQUIRED_TEXTVIEW_VISIBILITY, openKeychainRequiredTextView.getVisibility()); + savedInstanceState.putInt(FILE_LOCATION_CARD_VIEW, fileLocationCardView.getVisibility()); + savedInstanceState.putInt(FILE_NAME_LINEARLAYOUT_VISIBILITY, fileNameLinearLayout.getVisibility()); + savedInstanceState.putInt(OPEN_KEYCHAIN_IMPORT_INSTRUCTIONS_TEXTVIEW_VISIBILITY, openKeychainImportInstructionsTextView.getVisibility()); + savedInstanceState.putInt(IMPORT_EXPORT_BUTTON_VISIBILITY, importExportButton.getVisibility()); + + // Save the text. + savedInstanceState.putString(FILE_NAME_TEXT, fileNameEditText.getText().toString()); + savedInstanceState.putString(IMPORT_EXPORT_BUTTON_TEXT, importExportButton.getText().toString()); + } - // Set the intent MIME type to include all files. - intent.setType("*/*"); + public void onClickRadioButton(View view) { + // Get the current file name. + String fileNameString = fileNameEditText.getText().toString(); - // Set the initial export file name. - intent.putExtra(Intent.EXTRA_TITLE, getString(R.string.privacy_browser_settings)); + // Convert the file name string to a file. + File file = new File(fileNameString); - // Set the initial directory if API >= 26. - if (Build.VERSION.SDK_INT >= 26) { - intent.putExtra(DocumentsContract.EXTRA_INITIAL_URI, Environment.getExternalStorageDirectory()); - } + // Check to see if import or export was selected. + if (view.getId() == R.id.import_radiobutton) { // The import radio button is selected. + // Check to see if OpenPGP encryption is selected. + if (encryptionSpinner.getSelectedItemPosition() == OPENPGP_ENCRYPTION) { // OpenPGP encryption selected. + // Show the OpenKeychain import instructions. + openKeychainImportInstructionsTextView.setVisibility(View.VISIBLE); - // Specify that a file that can be opened is requested. - intent.addCategory(Intent.CATEGORY_OPENABLE); + // Set the text on the import/export button to be `Decrypt`. + importExportButton.setText(R.string.decrypt); + } else { // OpenPGP encryption not selected. + // Hide the OpenKeychain import instructions. + openKeychainImportInstructionsTextView.setVisibility(View.GONE); - // Launch the file picker. - startActivityForResult(intent, EXPORT_FILE_PICKER_REQUEST_CODE); - } + // Set the text on the import/export button to be `Import`. + importExportButton.setText(R.string.import_button); + } - public void onClickExport(View view) { - // Check to see if the storage permission has been granted. - if (ContextCompat.checkSelfPermission(this, Manifest.permission.WRITE_EXTERNAL_STORAGE) == PackageManager.PERMISSION_GRANTED) { // Storage permission granted. - // Export the settings. - exportSettings(); - } else { // Storage permission not granted. - // Get a handle for the export file EditText. - EditText exportFileEditText = findViewById(R.id.export_file_edittext); - - // Get the export file string. - String exportFileString = exportFileEditText.getText().toString(); - - // Get the external private directory `File`. - File externalPrivateDirectoryFile = getApplicationContext().getExternalFilesDir(null); - - // Remove the lint error below that the `File` might be null. - assert externalPrivateDirectoryFile != null; - - // Get the external private directory string. - String externalPrivateDirectory = externalPrivateDirectoryFile.toString(); - - // Check to see if the export file path is in the external private directory. - if (exportFileString.startsWith(externalPrivateDirectory)) { // The export path is in the external private directory. - // Export the settings. - exportSettings(); - } else { // The export path is in a public directory. - // Check if the user has previously denied the storage permission. - if (ActivityCompat.shouldShowRequestPermissionRationale(this, Manifest.permission.WRITE_EXTERNAL_STORAGE)) { // Show a dialog explaining the request first. - // Instantiate the storage permission alert dialog and set the type to EXPORT_SETTINGS. - DialogFragment importExportStoragePermissionDialogFragment = ImportExportStoragePermissionDialog.type(ImportExportStoragePermissionDialog.EXPORT_SETTINGS); - - // Show the storage permission alert dialog. The permission will be requested when the dialog is closed. - importExportStoragePermissionDialogFragment.show(getFragmentManager(), getString(R.string.storage_permission)); - } else { // Show the permission request directly. - // Request the storage permission. The export will be run when it finishes. - ActivityCompat.requestPermissions(this, new String[] {Manifest.permission.WRITE_EXTERNAL_STORAGE}, EXPORT_REQUEST_CODE); + // Display the file name views. + fileNameLinearLayout.setVisibility(View.VISIBLE); + importExportButton.setVisibility(View.VISIBLE); + + // Check to see if the file exists. + if (file.exists()) { // The file exists. + // Check to see if password encryption is selected. + if (encryptionSpinner.getSelectedItemPosition() == PASSWORD_ENCRYPTION) { // Password encryption is selected. + // Enable the import button if the encryption password is populated. + importExportButton.setEnabled(!encryptionPasswordEditText.getText().toString().isEmpty()); + } else { // Password encryption is not selected. + // Enable the import/decrypt button. + importExportButton.setEnabled(true); + } + } else { // The file does not exist. + // Disable the import/decrypt button. + importExportButton.setEnabled(false); + } + } else { // The export radio button is selected. + // Hide the OpenKeychain import instructions. + openKeychainImportInstructionsTextView.setVisibility(View.GONE); + + // Set the text on the import/export button to be `Export`. + importExportButton.setText(R.string.export); + + // Show the import/export button. + importExportButton.setVisibility(View.VISIBLE); + + // Check to see if OpenPGP encryption is selected. + if (encryptionSpinner.getSelectedItemPosition() == OPENPGP_ENCRYPTION) { // OpenPGP encryption is selected. + // Hide the file name views. + fileNameLinearLayout.setVisibility(View.GONE); + + // Enable the export button. + importExportButton.setEnabled(true); + } else { // OpenPGP encryption is not selected. + // Show the file name view. + fileNameLinearLayout.setVisibility(View.VISIBLE); + + // Check the encryption type. + if (encryptionSpinner.getSelectedItemPosition() == NO_ENCRYPTION) { // No encryption is selected. + // Enable the export button if the file name is populated. + importExportButton.setEnabled(!fileNameString.isEmpty()); + } else { // Password encryption is selected. + // Enable the export button if the file name and the password are populated. + importExportButton.setEnabled(!fileNameString.isEmpty() && !encryptionPasswordEditText.getText().toString().isEmpty()); } } } } - public void importBrowse(View view) { - // Create the file picker intent. - Intent intent = new Intent(Intent.ACTION_OPEN_DOCUMENT); + public void browse(View view) { + // Check to see if import or export is selected. + if (importRadioButton.isChecked()) { // Import is selected. + // Create the file picker intent. + Intent importBrowseIntent = new Intent(Intent.ACTION_OPEN_DOCUMENT); - // Set the intent MIME type to include all files. - intent.setType("*/*"); + // Set the intent MIME type to include all files so that everything is visible. + importBrowseIntent.setType("*/*"); - // Set the initial directory if API >= 26. - if (Build.VERSION.SDK_INT >= 26) { - intent.putExtra(DocumentsContract.EXTRA_INITIAL_URI, Environment.getExternalStorageDirectory()); - } + // Request a file that can be opened. + importBrowseIntent.addCategory(Intent.CATEGORY_OPENABLE); - // Specify that a file that can be opened is requested. - intent.addCategory(Intent.CATEGORY_OPENABLE); + // Launch the file picker. + startActivityForResult(importBrowseIntent, BROWSE_RESULT_CODE); + } else { // Export is selected + // Create the file picker intent. + Intent exportBrowseIntent = new Intent(Intent.ACTION_CREATE_DOCUMENT); - // Launch the file picker. - startActivityForResult(intent, IMPORT_FILE_PICKER_REQUEST_CODE); - } + // Set the intent MIME type to include all files so that everything is visible. + exportBrowseIntent.setType("*/*"); - public void onClickImport(View view) { - // Check to see if the storage permission has been granted. - if (ContextCompat.checkSelfPermission(this, Manifest.permission.READ_EXTERNAL_STORAGE) == PackageManager.PERMISSION_GRANTED) { // Storage permission granted. - // Import the settings. - importSettings(); - } else { // Storage permission not granted. - // Get a handle for the import file EditText. - EditText importFileEditText = findViewById(R.id.import_file_edittext); - - // Get the import file string. - String importFileString = importFileEditText.getText().toString(); - - // Get the external private directory `File`. - File externalPrivateDirectoryFile = getApplicationContext().getExternalFilesDir(null); - - // Remove the lint error below that `File` might be null. - assert externalPrivateDirectoryFile != null; - - // Get the external private directory string. - String externalPrivateDirectory = externalPrivateDirectoryFile.toString(); - - // Check to see if the import file path is in the external private directory. - if (importFileString.startsWith(externalPrivateDirectory)) { // The import path is in the external private directory. - // Import the settings. - importSettings(); - } else { // The import path is in a public directory. - // Check if the user has previously denied the storage permission. - if (ActivityCompat.shouldShowRequestPermissionRationale(this, Manifest.permission.READ_EXTERNAL_STORAGE)) { // Show a dialog explaining the request first. - // Instantiate the storage permission alert dialog and set the type to IMPORT_SETTINGS. - DialogFragment importExportStoragePermissionDialogFragment = ImportExportStoragePermissionDialog.type(ImportExportStoragePermissionDialog.IMPORT_SETTINGS); - - // Show the storage permission alert dialog. The permission will be requested when the dialog is closed. - importExportStoragePermissionDialogFragment.show(getFragmentManager(), getString(R.string.storage_permission)); - } else { // Show the permission request directly. - // Request the storage permission. The export will be run when it finishes. - ActivityCompat.requestPermissions(this, new String[] {Manifest.permission.READ_EXTERNAL_STORAGE}, IMPORT_REQUEST_CODE); - } + // Set the initial export file name according to the encryption type. + if (encryptionSpinner.getSelectedItemPosition() == NO_ENCRYPTION) { // No encryption is selected. + exportBrowseIntent.putExtra(Intent.EXTRA_TITLE, getString(R.string.settings) + " " + BuildConfig.VERSION_NAME + ".pbs"); + } else { // Password encryption is selected. + exportBrowseIntent.putExtra(Intent.EXTRA_TITLE, getString(R.string.settings) + " " + BuildConfig.VERSION_NAME + ".pbs.aes"); } + + // Request a file that can be opened. + exportBrowseIntent.addCategory(Intent.CATEGORY_OPENABLE); + + // Launch the file picker. + startActivityForResult(exportBrowseIntent, BROWSE_RESULT_CODE); } } @Override - public void onActivityResult(int requestCode, int resultCode, Intent data) { - // Don't do anything if the user pressed back from the file picker. - if (resultCode == Activity.RESULT_OK) { - // Run the commands for the specific request code. - switch (requestCode) { - case EXPORT_FILE_PICKER_REQUEST_CODE: - // Get a handle for the export file EditText. - EditText exportFileEditText = findViewById(R.id.export_file_edittext); - - // Get the selected export file. - Uri exportUri = data.getData(); - - // Remove the lint warning that the export URI might be null. - assert exportUri != null; - - // Get the raw export path. - String rawExportPath = exportUri.getPath(); - - // Remove the warning that the raw export path might be null. - assert rawExportPath != null; - - // Check to see if the rawExportPath includes a valid storage location. - if (rawExportPath.contains(":")) { // The path is valid. - // Split the path into the initial content uri and the path information. - String exportContentPath = rawExportPath.substring(0, rawExportPath.indexOf(":")); - String exportFilePath = rawExportPath.substring(rawExportPath.indexOf(":") + 1); - - // Create the export path string. - String exportPath; - - // Construct the export path. - switch (exportContentPath) { - // The documents home has a special content path. - case "/document/home": - exportPath = Environment.getExternalStoragePublicDirectory(Environment.DIRECTORY_DOCUMENTS) + "/" + exportFilePath; - break; - - // Everything else for the primary user should be in `/document/primary`. - case "/document/primary": - exportPath = Environment.getExternalStorageDirectory() + "/" + exportFilePath; - break; - - // Just in case, catch everything else and place it in the external storage directory. - default: - exportPath = Environment.getExternalStorageDirectory() + "/" + exportFilePath; - break; - } + public void onActivityResult(int requestCode, int resultCode, Intent returnedIntent) { + // Run the default commands. + super.onActivityResult(requestCode, resultCode, returnedIntent); + + switch (requestCode) { + case (BROWSE_RESULT_CODE): + // Only do something if the user didn't press back from the file picker. + if (resultCode == Activity.RESULT_OK) { + // Get the file path URI from the intent. + Uri fileNameUri = returnedIntent.getData(); + + // Get the file name string from the URI. + String fileNameString = fileNameUri.toString(); + + // Set the file name name text. + fileNameEditText.setText(fileNameString); + + // Move the cursor to the end of the file name edit text. + fileNameEditText.setSelection(fileNameString.length()); + } + break; - // Set the export file URI as the text for the export file EditText. - exportFileEditText.setText(exportPath); - } else { // The path is invalid. - Snackbar.make(exportFileEditText, rawExportPath + " + " + getString(R.string.invalid_location), Snackbar.LENGTH_INDEFINITE).show(); + case OPENPGP_IMPORT_RESULT_CODE: + // Delete the temporary PGP encrypted import file. + if (temporaryPgpEncryptedImportFile.exists()) { + //noinspection ResultOfMethodCallIgnored + temporaryPgpEncryptedImportFile.delete(); + } + break; + + case OPENPGP_EXPORT_RESULT_CODE: + // Delete the temporary pre-encrypted export file if it exists. + if (temporaryPreEncryptedExportFile.exists()) { + //noinspection ResultOfMethodCallIgnored + temporaryPreEncryptedExportFile.delete(); + } + break; + } + } + + public void importExport(View view) { + // Instantiate the import export database helper. + ImportExportDatabaseHelper importExportDatabaseHelper = new ImportExportDatabaseHelper(); + + // Check to see if import or export is selected. + if (importRadioButton.isChecked()) { // Import is selected. + // Initialize the import status string + String importStatus = ""; + + // Get the file name string. + String fileNameString = fileNameEditText.getText().toString(); + + // Import according to the encryption type. + switch (encryptionSpinner.getSelectedItemPosition()) { + case NO_ENCRYPTION: + try { + // Get an input stream for the file name. + InputStream inputStream = getContentResolver().openInputStream(Uri.parse(fileNameString)); + + // Import the unencrypted file. + importStatus = importExportDatabaseHelper.importUnencrypted(inputStream, this); + } catch (FileNotFoundException exception) { + // Update the import status. + importStatus = exception.toString(); + } + + // Restart Privacy Browser if successful. + if (importStatus.equals(ImportExportDatabaseHelper.IMPORT_SUCCESSFUL)) { + restartPrivacyBrowser(); } break; - case IMPORT_FILE_PICKER_REQUEST_CODE: - // Get a handle for the import file EditText. - EditText importFileEditText = findViewById(R.id.import_file_edittext); + case PASSWORD_ENCRYPTION: + try { + // Get the encryption password. + String encryptionPasswordString = encryptionPasswordEditText.getText().toString(); + + // Get an input stream for the file name. + InputStream inputStream = getContentResolver().openInputStream(Uri.parse(fileNameString)); + + // Get the salt from the beginning of the import file. + byte[] saltByteArray = new byte[32]; + //noinspection ResultOfMethodCallIgnored + inputStream.read(saltByteArray); + + // Get the initialization vector from the import file. + byte[] initializationVector = new byte[12]; + //noinspection ResultOfMethodCallIgnored + inputStream.read(initializationVector); + + // Convert the encryption password to a byte array. + byte[] encryptionPasswordByteArray = encryptionPasswordString.getBytes(StandardCharsets.UTF_8); + + // Append the salt to the encryption password byte array. This protects against rainbow table attacks. + byte[] encryptionPasswordWithSaltByteArray = new byte[encryptionPasswordByteArray.length + saltByteArray.length]; + System.arraycopy(encryptionPasswordByteArray, 0, encryptionPasswordWithSaltByteArray, 0, encryptionPasswordByteArray.length); + System.arraycopy(saltByteArray, 0, encryptionPasswordWithSaltByteArray, encryptionPasswordByteArray.length, saltByteArray.length); + + // Get a SHA-512 message digest. + MessageDigest messageDigest = MessageDigest.getInstance("SHA-512"); + + // Hash the salted encryption password. Otherwise, any characters after the 32nd character in the password are ignored. + byte[] hashedEncryptionPasswordWithSaltByteArray = messageDigest.digest(encryptionPasswordWithSaltByteArray); + + // Truncate the encryption password byte array to 256 bits (32 bytes). + byte[] truncatedHashedEncryptionPasswordWithSaltByteArray = Arrays.copyOf(hashedEncryptionPasswordWithSaltByteArray, 32); + + // Create an AES secret key from the encryption password byte array. + SecretKeySpec secretKey = new SecretKeySpec(truncatedHashedEncryptionPasswordWithSaltByteArray, "AES"); + + // Get a Advanced Encryption Standard, Galois/Counter Mode, No Padding cipher instance. Galois/Counter mode protects against modification of the ciphertext. It doesn't use padding. + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + + // Set the GCM tag length to be 128 bits (the maximum) and apply the initialization vector. + GCMParameterSpec gcmParameterSpec = new GCMParameterSpec(128, initializationVector); + + // Initialize the cipher. + cipher.init(Cipher.DECRYPT_MODE, secretKey, gcmParameterSpec); + + // Create a cipher input stream. + CipherInputStream cipherInputStream = new CipherInputStream(inputStream, cipher); - // Get the selected import file. - Uri importUri = data.getData(); + // Initialize variables to store data as it is moved from the cipher input stream to the unencrypted import file output stream. Move 128 bits (16 bytes) at a time. + int numberOfBytesRead; + byte[] decryptedBytes = new byte[16]; - // Remove the lint warning that the import URI might be null. - assert importUri != null; - // Get the raw import path. - String rawImportPath = importUri.getPath(); + // Create a private temporary unencrypted import file. + File temporaryUnencryptedImportFile = File.createTempFile("temporary_unencrypted_import_file", null, getApplicationContext().getCacheDir()); - // Remove the warning that the raw import path might be null. - assert rawImportPath != null; + // Create an temporary unencrypted import file output stream. + FileOutputStream temporaryUnencryptedImportFileOutputStream = new FileOutputStream(temporaryUnencryptedImportFile); - // Check to see if the rawExportPath includes a valid storage location. - if (rawImportPath.contains(":")) { // The path is valid. - // Split the path into the initial content uri and the path information. - String importContentPath = rawImportPath.substring(0, rawImportPath.indexOf(":")); - String importFilePath = rawImportPath.substring(rawImportPath.indexOf(":") + 1); - // Create the export path string. - String importPath; + // Read up to 128 bits (16 bytes) of data from the cipher input stream. `-1` will be returned when the end fo the file is reached. + while ((numberOfBytesRead = cipherInputStream.read(decryptedBytes)) != -1) { + // Write the data to the temporary unencrypted import file output stream. + temporaryUnencryptedImportFileOutputStream.write(decryptedBytes, 0, numberOfBytesRead); + } + + + // Flush the temporary unencrypted import file output stream. + temporaryUnencryptedImportFileOutputStream.flush(); + + // Close the streams. + temporaryUnencryptedImportFileOutputStream.close(); + cipherInputStream.close(); + inputStream.close(); + + // Wipe the encryption data from memory. + //noinspection UnusedAssignment + encryptionPasswordString = ""; + Arrays.fill(saltByteArray, (byte) 0); + Arrays.fill(initializationVector, (byte) 0); + Arrays.fill(encryptionPasswordByteArray, (byte) 0); + Arrays.fill(encryptionPasswordWithSaltByteArray, (byte) 0); + Arrays.fill(hashedEncryptionPasswordWithSaltByteArray, (byte) 0); + Arrays.fill(truncatedHashedEncryptionPasswordWithSaltByteArray, (byte) 0); + Arrays.fill(decryptedBytes, (byte) 0); + + // Create a temporary unencrypted import file input stream. + FileInputStream temporaryUnencryptedImportFileInputStream = new FileInputStream(temporaryUnencryptedImportFile); + + // Import the temporary unencrypted import file. + importStatus = importExportDatabaseHelper.importUnencrypted(temporaryUnencryptedImportFileInputStream, this); + + // Close the temporary unencrypted import file input stream. + temporaryUnencryptedImportFileInputStream.close(); + + // Delete the temporary unencrypted import file. + //noinspection ResultOfMethodCallIgnored + temporaryUnencryptedImportFile.delete(); + + // Restart Privacy Browser if successful. + if (importStatus.equals(ImportExportDatabaseHelper.IMPORT_SUCCESSFUL)) { + restartPrivacyBrowser(); + } + } catch (Exception exception) { + // Update the import status. + importStatus = exception.toString(); + } + break; + + case OPENPGP_ENCRYPTION: + try { + // Set the temporary PGP encrypted import file. + temporaryPgpEncryptedImportFile = File.createTempFile("temporary_pgp_encrypted_import_file", null, getApplicationContext().getCacheDir()); - // Construct the export path. - switch (importContentPath) { - // The documents folder has a special content path. - case "/document/home": - importPath = Environment.getExternalStoragePublicDirectory(Environment.DIRECTORY_DOCUMENTS) + "/" + importFilePath; - break; + // Create a temporary PGP encrypted import file output stream. + FileOutputStream temporaryPgpEncryptedImportFileOutputStream = new FileOutputStream(temporaryPgpEncryptedImportFile); - // Everything else for the primary user should be in `/document/primary`. - case "/document/primary": - importPath = Environment.getExternalStorageDirectory() + "/" + importFilePath; - break; + // Get an input stream for the file name. + InputStream inputStream = getContentResolver().openInputStream(Uri.parse(fileNameString)); - // Just in case, catch everything else and place it in the external storage directory. - default: - importPath = Environment.getExternalStorageDirectory() + "/" + importFilePath; - break; + // Create a transfer byte array. + byte[] transferByteArray = new byte[1024]; + + // Create an integer to track the number of bytes read. + int bytesRead; + + // Copy the input stream to the temporary PGP encrypted import file. + while ((bytesRead = inputStream.read(transferByteArray)) > 0) { + temporaryPgpEncryptedImportFileOutputStream.write(transferByteArray, 0, bytesRead); } - // Set the export file URI as the text for the export file EditText. - importFileEditText.setText(importPath); - } else { // The path is invalid. - Snackbar.make(importFileEditText, rawImportPath + " + " + getString(R.string.invalid_location), Snackbar.LENGTH_INDEFINITE).show(); + // Flush the temporary PGP encrypted import file output stream. + temporaryPgpEncryptedImportFileOutputStream.flush(); + + // Close the streams. + inputStream.close(); + temporaryPgpEncryptedImportFileOutputStream.close(); + + // Create an decryption intent for OpenKeychain. + Intent openKeychainDecryptIntent = new Intent("org.sufficientlysecure.keychain.action.DECRYPT_DATA"); + + // Include the URI to be decrypted. + openKeychainDecryptIntent.setData(FileProvider.getUriForFile(this, getString(R.string.file_provider), temporaryPgpEncryptedImportFile)); + + // Allow OpenKeychain to read the file URI. + openKeychainDecryptIntent.setFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION); + + // Send the intent to the OpenKeychain package. + openKeychainDecryptIntent.setPackage("org.sufficientlysecure.keychain"); + + // Make it so. + startActivityForResult(openKeychainDecryptIntent, OPENPGP_IMPORT_RESULT_CODE); + + // Update the import status. + importStatus = ImportExportDatabaseHelper.IMPORT_SUCCESSFUL; + } catch (Exception exception) { + // Update the import status. + importStatus = exception.toString(); } break; } - } - } - @Override - public void onCloseImportExportStoragePermissionDialog(int type) { - // Request the storage permission based on the button that was pressed. - switch (type) { - case ImportExportStoragePermissionDialog.EXPORT_SETTINGS: - // Request the storage permission. The export will be run when it finishes. - ActivityCompat.requestPermissions(this, new String[] {Manifest.permission.WRITE_EXTERNAL_STORAGE}, EXPORT_REQUEST_CODE); - break; + // Respond to the import status. + if (!importStatus.equals(ImportExportDatabaseHelper.IMPORT_SUCCESSFUL)) { + // Display a snack bar with the import error. + Snackbar.make(fileNameEditText, getString(R.string.import_failed) + " " + importStatus, Snackbar.LENGTH_INDEFINITE).show(); + } + } else { // Export is selected. + // Export according to the encryption type. + switch (encryptionSpinner.getSelectedItemPosition()) { + case NO_ENCRYPTION: + // Get the file name string. + String noEncryptionFileNameString = fileNameEditText.getText().toString(); + + try { + // Get the export file output stream. + OutputStream exportFileOutputStream = getContentResolver().openOutputStream(Uri.parse(noEncryptionFileNameString)); + + // Export the unencrypted file. + String noEncryptionExportStatus = importExportDatabaseHelper.exportUnencrypted(exportFileOutputStream, this); + + // Display an export disposition snackbar. + if (noEncryptionExportStatus.equals(ImportExportDatabaseHelper.EXPORT_SUCCESSFUL)) { + Snackbar.make(fileNameEditText, getString(R.string.export_successful), Snackbar.LENGTH_SHORT).show(); + } else { + Snackbar.make(fileNameEditText, getString(R.string.export_failed) + " " + noEncryptionExportStatus, Snackbar.LENGTH_INDEFINITE).show(); + } + } catch (FileNotFoundException fileNotFoundException) { + // Display a snackbar with the exception. + Snackbar.make(fileNameEditText, getString(R.string.export_failed) + " " + fileNotFoundException, Snackbar.LENGTH_INDEFINITE).show(); + } + break; - case ImportExportStoragePermissionDialog.IMPORT_SETTINGS: - // Request the storage permission. The import will be run when it finishes. - ActivityCompat.requestPermissions(this, new String[] {Manifest.permission.READ_EXTERNAL_STORAGE}, IMPORT_REQUEST_CODE); - break; - } - } + case PASSWORD_ENCRYPTION: + try { + // Create a temporary unencrypted export file. + File temporaryUnencryptedExportFile = File.createTempFile("temporary_unencrypted_export_file", null, getApplicationContext().getCacheDir()); - @Override - public void onRequestPermissionsResult(int requestCode, @NonNull String[] permissions, @NonNull int[] grantResults) { - switch (requestCode) { - case EXPORT_REQUEST_CODE: - // Check to see if the storage permission was granted. If the dialog was canceled the grant results will be empty. - if ((grantResults.length > 0) && (grantResults[0] == PackageManager.PERMISSION_GRANTED)) { // The storage permission was granted. - // Export the settings. - exportSettings(); - } else { // The storage permission was not granted. - // Get a handle for the export file EditText. - EditText exportFileEditText = findViewById(R.id.export_file_edittext); - - // Display an error snackbar. - Snackbar.make(exportFileEditText, getString(R.string.cannot_export), Snackbar.LENGTH_LONG).show(); - } - break; + // Create a temporary unencrypted export output stream. + FileOutputStream temporaryUnencryptedExportOutputStream = new FileOutputStream(temporaryUnencryptedExportFile); - case IMPORT_REQUEST_CODE: - // Check to see if the storage permission was granted. If the dialog was canceled the grant results will be empty. - if ((grantResults.length > 0) && (grantResults[0] == PackageManager.PERMISSION_GRANTED)) { // The storage permission was granted. - // Import the settings. - importSettings(); - } else { // The storage permission was not granted. - // Get a handle for the import file EditText. - EditText importFileEditText = findViewById(R.id.import_file_edittext); - - // Display an error snackbar. - Snackbar.make(importFileEditText, getString(R.string.cannot_import), Snackbar.LENGTH_LONG).show(); - } - break; - } - } + // Populate the temporary unencrypted export. + String passwordEncryptionExportStatus = importExportDatabaseHelper.exportUnencrypted(temporaryUnencryptedExportOutputStream, this); - private void exportSettings() { - // Get a handle for the export file EditText. - EditText exportFileEditText = findViewById(R.id.export_file_edittext); + // Close the temporary unencrypted export output stream. + temporaryUnencryptedExportOutputStream.close(); - // Get the export file string. - String exportFileString = exportFileEditText.getText().toString(); + // Create an unencrypted export file input stream. + FileInputStream unencryptedExportFileInputStream = new FileInputStream(temporaryUnencryptedExportFile); - // Set the export file. - File exportFile = new File(exportFileString); + // Get the encryption password. + String encryptionPasswordString = encryptionPasswordEditText.getText().toString(); - // Instantiate the import export database helper. - ImportExportDatabaseHelper importExportDatabaseHelper = new ImportExportDatabaseHelper(); + // Initialize a secure random number generator. + SecureRandom secureRandom = new SecureRandom(); - // Export the unencrypted file. - String exportStatus = importExportDatabaseHelper.exportUnencrypted(exportFile, getApplicationContext()); + // Get a 256 bit (32 byte) random salt. + byte[] saltByteArray = new byte[32]; + secureRandom.nextBytes(saltByteArray); - // Show a disposition snackbar. - if (exportStatus.equals(ImportExportDatabaseHelper.EXPORT_SUCCESSFUL)) { - Snackbar.make(exportFileEditText, getString(R.string.export_successful), Snackbar.LENGTH_SHORT).show(); - } else { - Snackbar.make(exportFileEditText, getString(R.string.export_failed) + " " + exportStatus, Snackbar.LENGTH_INDEFINITE).show(); - } - } + // Convert the encryption password to a byte array. + byte[] encryptionPasswordByteArray = encryptionPasswordString.getBytes(StandardCharsets.UTF_8); - private void importSettings() { - // Get a handle for the import file EditText. - EditText importFileEditText = findViewById(R.id.import_file_edittext); + // Append the salt to the encryption password byte array. This protects against rainbow table attacks. + byte[] encryptionPasswordWithSaltByteArray = new byte[encryptionPasswordByteArray.length + saltByteArray.length]; + System.arraycopy(encryptionPasswordByteArray, 0, encryptionPasswordWithSaltByteArray, 0, encryptionPasswordByteArray.length); + System.arraycopy(saltByteArray, 0, encryptionPasswordWithSaltByteArray, encryptionPasswordByteArray.length, saltByteArray.length); - // Get the import file string. - String importFileString = importFileEditText.getText().toString(); + // Get a SHA-512 message digest. + MessageDigest messageDigest = MessageDigest.getInstance("SHA-512"); - // Set the import file. - File importFile = new File(importFileString); + // Hash the salted encryption password. Otherwise, any characters after the 32nd character in the password are ignored. + byte[] hashedEncryptionPasswordWithSaltByteArray = messageDigest.digest(encryptionPasswordWithSaltByteArray); - // Instantiate the import export database helper. - ImportExportDatabaseHelper importExportDatabaseHelper = new ImportExportDatabaseHelper(); + // Truncate the encryption password byte array to 256 bits (32 bytes). + byte[] truncatedHashedEncryptionPasswordWithSaltByteArray = Arrays.copyOf(hashedEncryptionPasswordWithSaltByteArray, 32); - // Import the unencrypted file. - String importStatus = importExportDatabaseHelper.importUnencrypted(importFile, getApplicationContext()); + // Create an AES secret key from the encryption password byte array. + SecretKeySpec secretKey = new SecretKeySpec(truncatedHashedEncryptionPasswordWithSaltByteArray, "AES"); - // Respond to the import disposition. - if (importStatus.equals(ImportExportDatabaseHelper.IMPORT_SUCCESSFUL)) { // The import was successful. - // Create an intent to restart Privacy Browser. - Intent restartIntent = getParentActivityIntent(); + // Generate a random 12 byte initialization vector. According to NIST, a 12 byte initialization vector is more secure than a 16 byte one. + byte[] initializationVector = new byte[12]; + secureRandom.nextBytes(initializationVector); - // Assert that the intent is not null to remove the lint error below. - assert restartIntent != null; + // Get a Advanced Encryption Standard, Galois/Counter Mode, No Padding cipher instance. Galois/Counter mode protects against modification of the ciphertext. It doesn't use padding. + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); - // `Intent.FLAG_ACTIVITY_CLEAR_TASK` removes all activities from the stack. It requires `Intent.FLAG_ACTIVITY_NEW_TASK`. - restartIntent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK | Intent.FLAG_ACTIVITY_CLEAR_TASK); + // Set the GCM tag length to be 128 bits (the maximum) and apply the initialization vector. + GCMParameterSpec gcmParameterSpec = new GCMParameterSpec(128, initializationVector); - // Make it so. - startActivity(restartIntent); - } else { // The import was not successful. - // Display a snack bar with the import error. - Snackbar.make(importFileEditText, getString(R.string.import_failed) + " " + importStatus, Snackbar.LENGTH_INDEFINITE).show(); + // Initialize the cipher. + cipher.init(Cipher.ENCRYPT_MODE, secretKey, gcmParameterSpec); + + // Get the file name string. + String passwordEncryptionFileNameString = fileNameEditText.getText().toString(); + + // Get the export file output stream. + OutputStream exportFileOutputStream = getContentResolver().openOutputStream(Uri.parse(passwordEncryptionFileNameString)); + + // Add the salt and the initialization vector to the export file output stream. + exportFileOutputStream.write(saltByteArray); + exportFileOutputStream.write(initializationVector); + + // Create a cipher output stream. + CipherOutputStream cipherOutputStream = new CipherOutputStream(exportFileOutputStream, cipher); + + // Initialize variables to store data as it is moved from the unencrypted export file input stream to the cipher output stream. Move 128 bits (16 bytes) at a time. + int numberOfBytesRead; + byte[] encryptedBytes = new byte[16]; + + // Read up to 128 bits (16 bytes) of data from the unencrypted export file stream. `-1` will be returned when the end of the file is reached. + while ((numberOfBytesRead = unencryptedExportFileInputStream.read(encryptedBytes)) != -1) { + // Write the data to the cipher output stream. + cipherOutputStream.write(encryptedBytes, 0, numberOfBytesRead); + } + + // Close the streams. + cipherOutputStream.flush(); + cipherOutputStream.close(); + exportFileOutputStream.close(); + unencryptedExportFileInputStream.close(); + + // Wipe the encryption data from memory. + //noinspection UnusedAssignment + encryptionPasswordString = ""; + Arrays.fill(saltByteArray, (byte) 0); + Arrays.fill(encryptionPasswordByteArray, (byte) 0); + Arrays.fill(encryptionPasswordWithSaltByteArray, (byte) 0); + Arrays.fill(hashedEncryptionPasswordWithSaltByteArray, (byte) 0); + Arrays.fill(truncatedHashedEncryptionPasswordWithSaltByteArray, (byte) 0); + Arrays.fill(initializationVector, (byte) 0); + Arrays.fill(encryptedBytes, (byte) 0); + + // Delete the temporary unencrypted export file. + //noinspection ResultOfMethodCallIgnored + temporaryUnencryptedExportFile.delete(); + + // Display an export disposition snackbar. + if (passwordEncryptionExportStatus.equals(ImportExportDatabaseHelper.EXPORT_SUCCESSFUL)) { + Snackbar.make(fileNameEditText, getString(R.string.export_successful), Snackbar.LENGTH_SHORT).show(); + } else { + Snackbar.make(fileNameEditText, getString(R.string.export_failed) + " " + passwordEncryptionExportStatus, Snackbar.LENGTH_INDEFINITE).show(); + } + } catch (Exception exception) { + // Display a snackbar with the exception. + Snackbar.make(fileNameEditText, getString(R.string.export_failed) + " " + exception, Snackbar.LENGTH_INDEFINITE).show(); + } + break; + + case OPENPGP_ENCRYPTION: + try { + // Set the temporary pre-encrypted export file. + temporaryPreEncryptedExportFile = new File(getApplicationContext().getCacheDir() + "/" + getString(R.string.settings) + " " + BuildConfig.VERSION_NAME + ".pbs"); + + // Delete the temporary pre-encrypted export file if it already exists. + if (temporaryPreEncryptedExportFile.exists()) { + //noinspection ResultOfMethodCallIgnored + temporaryPreEncryptedExportFile.delete(); + } + + // Create a temporary pre-encrypted export output stream. + FileOutputStream temporaryPreEncryptedExportOutputStream = new FileOutputStream(temporaryPreEncryptedExportFile); + + // Populate the temporary pre-encrypted export file. + String openpgpEncryptionExportStatus = importExportDatabaseHelper.exportUnencrypted(temporaryPreEncryptedExportOutputStream, this); + + // Flush the temporary pre-encryption export output stream. + temporaryPreEncryptedExportOutputStream.flush(); + + // Close the temporary pre-encryption export output stream. + temporaryPreEncryptedExportOutputStream.close(); + + // Display an export error snackbar if the temporary pre-encrypted export failed. + if (!openpgpEncryptionExportStatus.equals(ImportExportDatabaseHelper.EXPORT_SUCCESSFUL)) { + Snackbar.make(fileNameEditText, getString(R.string.export_failed) + " " + openpgpEncryptionExportStatus, Snackbar.LENGTH_INDEFINITE).show(); + } + + // Create an encryption intent for OpenKeychain. + Intent openKeychainEncryptIntent = new Intent("org.sufficientlysecure.keychain.action.ENCRYPT_DATA"); + + // Include the temporary unencrypted export file URI. + openKeychainEncryptIntent.setData(FileProvider.getUriForFile(this, getString(R.string.file_provider), temporaryPreEncryptedExportFile)); + + // Allow OpenKeychain to read the file URI. + openKeychainEncryptIntent.setFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION); + + // Send the intent to the OpenKeychain package. + openKeychainEncryptIntent.setPackage("org.sufficientlysecure.keychain"); + + // Make it so. + startActivityForResult(openKeychainEncryptIntent, OPENPGP_EXPORT_RESULT_CODE); + } catch (Exception exception) { + // Display a snackbar with the exception. + Snackbar.make(fileNameEditText, getString(R.string.export_failed) + " " + exception, Snackbar.LENGTH_INDEFINITE).show(); + } + break; + } } } + + private void restartPrivacyBrowser() { + // Create an intent to restart Privacy Browser. + Intent restartIntent = getParentActivityIntent(); + + // Assert that the intent is not null to remove the lint error below. + assert restartIntent != null; + + // `Intent.FLAG_ACTIVITY_CLEAR_TASK` removes all activities from the stack. It requires `Intent.FLAG_ACTIVITY_NEW_TASK`. + restartIntent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK | Intent.FLAG_ACTIVITY_CLEAR_TASK); + + // Create a restart handler. + Handler restartHandler = new Handler(); + + // Create a restart runnable. + Runnable restartRunnable = () -> { + // Restart Privacy Browser. + startActivity(restartIntent); + + // Kill this instance of Privacy Browser. Otherwise, the app exhibits sporadic behavior after the restart. + System.exit(0); + }; + + // Restart Privacy Browser after 150 milliseconds to allow enough time for the preferences to be saved. + restartHandler.postDelayed(restartRunnable, 150); + } } \ No newline at end of file