X-Git-Url: https://gitweb.stoutner.com/?p=PrivacyBrowserAndroid.git;a=blobdiff_plain;f=app%2Fsrc%2Fmain%2Fjava%2Fcom%2Fstoutner%2Fprivacybrowser%2Factivities%2FImportExportActivity.java;h=c1b3891d3fe248fdcbd951ed80b78f0cd0fad494;hp=80a3a98f8e5b059b9b924ea969c1898499935cd7;hb=ab11ca2de00c56982e46627c8e7fc670462b0b3c;hpb=33bd447a83bd3d763ee26bbb3a3f4adb074776ed diff --git a/app/src/main/java/com/stoutner/privacybrowser/activities/ImportExportActivity.java b/app/src/main/java/com/stoutner/privacybrowser/activities/ImportExportActivity.java index 80a3a98f..c1b3891d 100644 --- a/app/src/main/java/com/stoutner/privacybrowser/activities/ImportExportActivity.java +++ b/app/src/main/java/com/stoutner/privacybrowser/activities/ImportExportActivity.java @@ -1,5 +1,5 @@ /* - * Copyright © 2018-2019 Soren Stoutner . + * Copyright © 2018-2021 Soren Stoutner . * * This file is part of Privacy Browser . * @@ -19,27 +19,14 @@ package com.stoutner.privacybrowser.activities; -import android.Manifest; import android.app.Activity; import android.content.Intent; +import android.content.SharedPreferences; import android.content.pm.PackageManager; -import android.media.MediaScannerConnection; import android.net.Uri; -import android.os.Build; import android.os.Bundle; -import android.os.Environment; -import android.provider.DocumentsContract; -import android.support.annotation.NonNull; -import android.support.design.widget.Snackbar; -import android.support.design.widget.TextInputLayout; -import android.support.v4.app.ActivityCompat; -import android.support.v4.app.DialogFragment; -import android.support.v4.content.ContextCompat; -import android.support.v4.content.FileProvider; -import android.support.v7.app.ActionBar; -import android.support.v7.app.AppCompatActivity; -import android.support.v7.widget.CardView; -import android.support.v7.widget.Toolbar; +import android.os.Handler; +import android.preference.PreferenceManager; import android.text.Editable; import android.text.TextWatcher; import android.view.View; @@ -53,13 +40,26 @@ import android.widget.RadioButton; import android.widget.Spinner; import android.widget.TextView; +import androidx.annotation.NonNull; +import androidx.appcompat.app.ActionBar; +import androidx.appcompat.app.AppCompatActivity; +import androidx.appcompat.widget.Toolbar; +import androidx.cardview.widget.CardView; +import androidx.core.content.FileProvider; + +import com.google.android.material.snackbar.Snackbar; +import com.google.android.material.textfield.TextInputLayout; + +import com.stoutner.privacybrowser.BuildConfig; import com.stoutner.privacybrowser.R; -import com.stoutner.privacybrowser.dialogs.StoragePermissionDialog; import com.stoutner.privacybrowser.helpers.ImportExportDatabaseHelper; import java.io.File; import java.io.FileInputStream; +import java.io.FileNotFoundException; import java.io.FileOutputStream; +import java.io.InputStream; +import java.io.OutputStream; import java.nio.charset.StandardCharsets; import java.security.MessageDigest; import java.security.SecureRandom; @@ -71,50 +71,87 @@ import javax.crypto.CipherOutputStream; import javax.crypto.spec.GCMParameterSpec; import javax.crypto.spec.SecretKeySpec; -public class ImportExportActivity extends AppCompatActivity implements StoragePermissionDialog.StoragePermissionDialogListener { - // Create the encryption constants. +public class ImportExportActivity extends AppCompatActivity { + // Define the encryption constants. private final int NO_ENCRYPTION = 0; private final int PASSWORD_ENCRYPTION = 1; private final int OPENPGP_ENCRYPTION = 2; - // Create the activity result constants. + // Define the activity result constants. private final int BROWSE_RESULT_CODE = 0; - private final int OPENPGP_EXPORT_RESULT_CODE = 1; - - // `openKeychainInstalled` is accessed from an inner class. + private final int OPENPGP_IMPORT_RESULT_CODE = 1; + private final int OPENPGP_EXPORT_RESULT_CODE = 2; + + // Define the saved instance state constants. + private final String ENCRYPTION_PASSWORD_TEXTINPUTLAYOUT_VISIBILITY = "encryption_password_textinputlayout_visibility"; + private final String KITKAT_PASSWORD_ENCRYPTED_TEXTVIEW_VISIBILITY = "kitkat_password_encrypted_textview_visibility"; + private final String OPEN_KEYCHAIN_REQUIRED_TEXTVIEW_VISIBILITY = "open_keychain_required_textview_visibility"; + private final String FILE_LOCATION_CARD_VIEW = "file_location_card_view"; + private final String FILE_NAME_LINEARLAYOUT_VISIBILITY = "file_name_linearlayout_visibility"; + private final String OPEN_KEYCHAIN_IMPORT_INSTRUCTIONS_TEXTVIEW_VISIBILITY = "open_keychain_import_instructions_textview_visibility"; + private final String IMPORT_EXPORT_BUTTON_VISIBILITY = "import_export_button_visibility"; + private final String FILE_NAME_TEXT = "file_name_text"; + private final String IMPORT_EXPORT_BUTTON_TEXT = "import_export_button_text"; + + // Define the class views. + Spinner encryptionSpinner; + TextInputLayout encryptionPasswordTextInputLayout; + EditText encryptionPasswordEditText; + TextView kitKatPasswordEncryptionTextView; + TextView openKeychainRequiredTextView; + CardView fileLocationCardView; + RadioButton importRadioButton; + LinearLayout fileNameLinearLayout; + EditText fileNameEditText; + TextView openKeychainImportInstructionsTextView; + Button importExportButton; + + // Define the class variables. private boolean openKeychainInstalled; + private File temporaryPgpEncryptedImportFile; + private File temporaryPreEncryptedExportFile; @Override public void onCreate(Bundle savedInstanceState) { + // Get a handle for the shared preferences. + SharedPreferences sharedPreferences = PreferenceManager.getDefaultSharedPreferences(this); + + // Get the preferences. + boolean allowScreenshots = sharedPreferences.getBoolean(getString(R.string.allow_screenshots_key), false); + boolean bottomAppBar = sharedPreferences.getBoolean(getString(R.string.bottom_app_bar_key), false); + // Disable screenshots if not allowed. - if (!MainWebViewActivity.allowScreenshots) { + if (!allowScreenshots) { getWindow().addFlags(WindowManager.LayoutParams.FLAG_SECURE); } - // Set the activity theme. - if (MainWebViewActivity.darkTheme) { - setTheme(R.style.PrivacyBrowserDark_SecondaryActivity); - } else { - setTheme(R.style.PrivacyBrowserLight_SecondaryActivity); - } + // Set the theme. + setTheme(R.style.PrivacyBrowser); // Run the default commands. super.onCreate(savedInstanceState); // Set the content view. - setContentView(R.layout.import_export_coordinatorlayout); + if (bottomAppBar) { + setContentView(R.layout.import_export_bottom_appbar); + } else { + setContentView(R.layout.import_export_top_appbar); + } - // Use the `SupportActionBar` from `android.support.v7.app.ActionBar` until the minimum API is >= 21. - Toolbar importExportAppBar = findViewById(R.id.import_export_toolbar); - setSupportActionBar(importExportAppBar); + // Get a handle for the toolbar. + Toolbar toolbar = findViewById(R.id.import_export_toolbar); - // Display the home arrow on the support action bar. - ActionBar appBar = getSupportActionBar(); - assert appBar != null;// This assert removes the incorrect warning in Android Studio on the following line that `appBar` might be null. - appBar.setDisplayHomeAsUpEnabled(true); + // Set the support action bar. + setSupportActionBar(toolbar); + + // Get a handle for the action bar. + ActionBar actionBar = getSupportActionBar(); + + // Remove the incorrect lint warning that the action bar might be null. + assert actionBar != null; - // Find out if we are running KitKat - boolean runningKitKat = (Build.VERSION.SDK_INT == 19); + // Display the home arrow on the support action bar. + actionBar.setDisplayHomeAsUpEnabled(true); // Find out if OpenKeychain is installed. try { @@ -124,19 +161,17 @@ public class ImportExportActivity extends AppCompatActivity implements StoragePe } // Get handles for the views that need to be modified. - Spinner encryptionSpinner = findViewById(R.id.encryption_spinner); - TextInputLayout passwordEncryptionTextInputLayout = findViewById(R.id.password_encryption_textinputlayout); - EditText encryptionPasswordEditText = findViewById(R.id.password_encryption_edittext); - TextView kitKatPasswordEncryptionTextView = findViewById(R.id.kitkat_password_encryption_textview); - TextView openKeychainRequiredTextView = findViewById(R.id.openkeychain_required_textview); - CardView fileLocationCardView = findViewById(R.id.file_location_cardview); - RadioButton importRadioButton = findViewById(R.id.import_radiobutton); + encryptionSpinner = findViewById(R.id.encryption_spinner); + encryptionPasswordTextInputLayout = findViewById(R.id.encryption_password_textinputlayout); + encryptionPasswordEditText = findViewById(R.id.encryption_password_edittext); + openKeychainRequiredTextView = findViewById(R.id.openkeychain_required_textview); + fileLocationCardView = findViewById(R.id.file_location_cardview); + importRadioButton = findViewById(R.id.import_radiobutton); RadioButton exportRadioButton = findViewById(R.id.export_radiobutton); - LinearLayout fileNameLinearLayout = findViewById(R.id.file_name_linearlayout); - EditText fileNameEditText = findViewById(R.id.file_name_edittext); - TextView openKeychainImportInstructionsTextView = findViewById(R.id.openkeychain_import_instructions_textview); - Button importExportButton = findViewById(R.id.import_export_button); - TextView storagePermissionTextView = findViewById(R.id.import_export_storage_permission_textview); + fileNameLinearLayout = findViewById(R.id.file_name_linearlayout); + fileNameEditText = findViewById(R.id.file_name_edittext); + openKeychainImportInstructionsTextView = findViewById(R.id.openkeychain_import_instructions_textview); + importExportButton = findViewById(R.id.import_export_button); // Create an array adapter for the spinner. ArrayAdapter encryptionArrayAdapter = ArrayAdapter.createFromResource(this, R.array.encryption_type, R.layout.spinner_item); @@ -147,40 +182,14 @@ public class ImportExportActivity extends AppCompatActivity implements StoragePe // Set the array adapter for the spinner. encryptionSpinner.setAdapter(encryptionArrayAdapter); - // Initially hide the unneeded views. - passwordEncryptionTextInputLayout.setVisibility(View.GONE); - kitKatPasswordEncryptionTextView.setVisibility(View.GONE); - openKeychainRequiredTextView.setVisibility(View.GONE); - fileNameLinearLayout.setVisibility(View.GONE); - openKeychainImportInstructionsTextView.setVisibility(View.GONE); - importExportButton.setVisibility(View.GONE); - - // Create strings for the default file paths. - String defaultFilePath; - String defaultPasswordEncryptionFilePath; - - // Set the default file paths according to the storage permission status. - if (ContextCompat.checkSelfPermission(this, Manifest.permission.WRITE_EXTERNAL_STORAGE) == PackageManager.PERMISSION_GRANTED) { // The storage permission has been granted. - // Set the default file paths to use the external public directory. - defaultFilePath = Environment.getExternalStorageDirectory() + "/" + getString(R.string.privacy_browser_settings_pbs); - defaultPasswordEncryptionFilePath = defaultFilePath + ".aes"; - } else { // The storage permission has not been granted. - // Set the default file paths to use the external private directory. - defaultFilePath = getApplicationContext().getExternalFilesDir(null) + "/" + getString(R.string.privacy_browser_settings_pbs); - defaultPasswordEncryptionFilePath = defaultFilePath + ".aes"; - } - - // Set the default file path. - fileNameEditText.setText(defaultFilePath); - - // Display the encryption information when the spinner changes. + // Update the UI when the spinner changes. encryptionSpinner.setOnItemSelectedListener(new AdapterView.OnItemSelectedListener() { @Override public void onItemSelected(AdapterView parent, View view, int position, long id) { switch (position) { case NO_ENCRYPTION: // Hide the unneeded layout items. - passwordEncryptionTextInputLayout.setVisibility(View.GONE); + encryptionPasswordTextInputLayout.setVisibility(View.GONE); kitKatPasswordEncryptionTextView.setVisibility(View.GONE); openKeychainRequiredTextView.setVisibility(View.GONE); openKeychainImportInstructionsTextView.setVisibility(View.GONE); @@ -198,60 +207,42 @@ public class ImportExportActivity extends AppCompatActivity implements StoragePe importExportButton.setText(R.string.import_button); } - // Reset the default file path. - fileNameEditText.setText(defaultFilePath); - - // Enable the import/export button if a file name exists. + // Enable the import/export button if the file name is populated. importExportButton.setEnabled(!fileNameEditText.getText().toString().isEmpty()); break; case PASSWORD_ENCRYPTION: - if (runningKitKat) { - // Show the KitKat password encryption message. - kitKatPasswordEncryptionTextView.setVisibility(View.VISIBLE); - - // Hide the OpenPGP required text view and the file location card. - openKeychainRequiredTextView.setVisibility(View.GONE); - fileLocationCardView.setVisibility(View.GONE); - } else { - // Hide the OpenPGP layout items. - openKeychainRequiredTextView.setVisibility(View.GONE); - openKeychainImportInstructionsTextView.setVisibility(View.GONE); - - // Show the password encryption layout items. - passwordEncryptionTextInputLayout.setVisibility(View.VISIBLE); - - // Show the file location card. - fileLocationCardView.setVisibility(View.VISIBLE); + // Hide the OpenPGP layout items. + openKeychainRequiredTextView.setVisibility(View.GONE); + openKeychainImportInstructionsTextView.setVisibility(View.GONE); - // Show the file name linear layout if either import or export is checked. - if (importRadioButton.isChecked() || exportRadioButton.isChecked()) { - fileNameLinearLayout.setVisibility(View.VISIBLE); - } + // Show the password encryption layout items. + encryptionPasswordTextInputLayout.setVisibility(View.VISIBLE); - // Reset the text of the import button, which may have been changed to `Decrypt`. - if (importRadioButton.isChecked()) { - importExportButton.setText(R.string.import_button); - } + // Show the file location card. + fileLocationCardView.setVisibility(View.VISIBLE); - // Update the default file path. - fileNameEditText.setText(defaultPasswordEncryptionFilePath); + // Show the file name linear layout if either import or export is checked. + if (importRadioButton.isChecked() || exportRadioButton.isChecked()) { + fileNameLinearLayout.setVisibility(View.VISIBLE); + } - // Enable the import/export button if a password exists. - importExportButton.setEnabled(!encryptionPasswordEditText.getText().toString().isEmpty()); + // Reset the text of the import button, which may have been changed to `Decrypt`. + if (importRadioButton.isChecked()) { + importExportButton.setText(R.string.import_button); } + + // Enable the import/button if both the password and the file name are populated. + importExportButton.setEnabled(!fileNameEditText.getText().toString().isEmpty() && !encryptionPasswordEditText.getText().toString().isEmpty()); break; case OPENPGP_ENCRYPTION: // Hide the password encryption layout items. - passwordEncryptionTextInputLayout.setVisibility(View.GONE); + encryptionPasswordTextInputLayout.setVisibility(View.GONE); kitKatPasswordEncryptionTextView.setVisibility(View.GONE); // Updated items based on the installation status of OpenKeychain. if (openKeychainInstalled) { // OpenKeychain is installed. - // Remove the default file path. - fileNameEditText.setText(""); - // Show the file location card. fileLocationCardView.setVisibility(View.VISIBLE); @@ -263,14 +254,14 @@ public class ImportExportActivity extends AppCompatActivity implements StoragePe // Set the text of the import button to be `Decrypt`. importExportButton.setText(R.string.decrypt); - // Disable the import/export button. The user needs to select a file to import first. - importExportButton.setEnabled(false); + // Enable the import button if the file name is populated. + importExportButton.setEnabled(!fileNameEditText.getText().toString().isEmpty()); } else if (exportRadioButton.isChecked()) { // Hide the file name linear layout and the OpenKeychain import instructions. fileNameLinearLayout.setVisibility(View.GONE); openKeychainImportInstructionsTextView.setVisibility(View.GONE); - // Enable the import/export button. + // Enable the export button. importExportButton.setEnabled(true); } } else { // OpenKeychain is not installed. @@ -304,12 +295,12 @@ public class ImportExportActivity extends AppCompatActivity implements StoragePe @Override public void afterTextChanged(Editable s) { - // Enable the import/export button if a file name and password exists. + // Enable the import/export button if both the file string and the password are populated. importExportButton.setEnabled(!fileNameEditText.getText().toString().isEmpty() && !encryptionPasswordEditText.getText().toString().isEmpty()); } }); - // Update the status of the import/export button when the file name EditText changes. + // Update the UI when the file name EditText changes. fileNameEditText.addTextChangedListener(new TextWatcher() { @Override public void beforeTextChanged(CharSequence s, int start, int count, int after) { @@ -323,95 +314,137 @@ public class ImportExportActivity extends AppCompatActivity implements StoragePe @Override public void afterTextChanged(Editable s) { - // Adjust the export button according to the encryption spinner position. - switch (encryptionSpinner.getSelectedItemPosition()) { - case NO_ENCRYPTION: - // Enable the import/export button if a file name exists. - importExportButton.setEnabled(!fileNameEditText.getText().toString().isEmpty()); - break; - - case PASSWORD_ENCRYPTION: - // Enable the import/export button if a file name and password exists. - importExportButton.setEnabled(!fileNameEditText.getText().toString().isEmpty() && !encryptionPasswordEditText.getText().toString().isEmpty()); - break; - - case OPENPGP_ENCRYPTION: - // Enable the import/export button if OpenKeychain is installed and a file name exists. - importExportButton.setEnabled(openKeychainInstalled && !fileNameEditText.getText().toString().isEmpty()); - break; + // Adjust the UI according to the encryption spinner position. + if (encryptionSpinner.getSelectedItemPosition() == PASSWORD_ENCRYPTION) { + // Enable the import/export button if both the file name and the password are populated. + importExportButton.setEnabled(!fileNameEditText.getText().toString().isEmpty() && !encryptionPasswordEditText.getText().toString().isEmpty()); + } else { + // Enable the export button if the file name is populated. + importExportButton.setEnabled(!fileNameEditText.getText().toString().isEmpty()); } } }); - // Hide the storage permissions text view on API < 23 as permissions on older devices are automatically granted. - if (Build.VERSION.SDK_INT < 23) { - storagePermissionTextView.setVisibility(View.GONE); + // Check to see if the activity has been restarted. + if (savedInstanceState == null) { // The app has not been restarted. + // Initially hide the unneeded views. + encryptionPasswordTextInputLayout.setVisibility(View.GONE); + kitKatPasswordEncryptionTextView.setVisibility(View.GONE); + openKeychainRequiredTextView.setVisibility(View.GONE); + fileNameLinearLayout.setVisibility(View.GONE); + openKeychainImportInstructionsTextView.setVisibility(View.GONE); + importExportButton.setVisibility(View.GONE); + } else { // The app has been restarted. + // Restore the visibility of the views. + encryptionPasswordTextInputLayout.setVisibility(savedInstanceState.getInt(ENCRYPTION_PASSWORD_TEXTINPUTLAYOUT_VISIBILITY)); + kitKatPasswordEncryptionTextView.setVisibility(savedInstanceState.getInt(KITKAT_PASSWORD_ENCRYPTED_TEXTVIEW_VISIBILITY)); + openKeychainRequiredTextView.setVisibility(savedInstanceState.getInt(OPEN_KEYCHAIN_REQUIRED_TEXTVIEW_VISIBILITY)); + fileLocationCardView.setVisibility(savedInstanceState.getInt(FILE_LOCATION_CARD_VIEW)); + fileNameLinearLayout.setVisibility(savedInstanceState.getInt(FILE_NAME_LINEARLAYOUT_VISIBILITY)); + openKeychainImportInstructionsTextView.setVisibility(savedInstanceState.getInt(OPEN_KEYCHAIN_IMPORT_INSTRUCTIONS_TEXTVIEW_VISIBILITY)); + importExportButton.setVisibility(savedInstanceState.getInt(IMPORT_EXPORT_BUTTON_VISIBILITY)); + + // Restore the text. + fileNameEditText.post(() -> fileNameEditText.setText(savedInstanceState.getString(FILE_NAME_TEXT))); + importExportButton.setText(savedInstanceState.getString(IMPORT_EXPORT_BUTTON_TEXT)); } } + @Override + public void onSaveInstanceState (@NonNull Bundle savedInstanceState) { + // Run the default commands. + super.onSaveInstanceState(savedInstanceState); + + // Save the visibility of the views. + savedInstanceState.putInt(ENCRYPTION_PASSWORD_TEXTINPUTLAYOUT_VISIBILITY, encryptionPasswordTextInputLayout.getVisibility()); + savedInstanceState.putInt(KITKAT_PASSWORD_ENCRYPTED_TEXTVIEW_VISIBILITY, kitKatPasswordEncryptionTextView.getVisibility()); + savedInstanceState.putInt(OPEN_KEYCHAIN_REQUIRED_TEXTVIEW_VISIBILITY, openKeychainRequiredTextView.getVisibility()); + savedInstanceState.putInt(FILE_LOCATION_CARD_VIEW, fileLocationCardView.getVisibility()); + savedInstanceState.putInt(FILE_NAME_LINEARLAYOUT_VISIBILITY, fileNameLinearLayout.getVisibility()); + savedInstanceState.putInt(OPEN_KEYCHAIN_IMPORT_INSTRUCTIONS_TEXTVIEW_VISIBILITY, openKeychainImportInstructionsTextView.getVisibility()); + savedInstanceState.putInt(IMPORT_EXPORT_BUTTON_VISIBILITY, importExportButton.getVisibility()); + + // Save the text. + savedInstanceState.putString(FILE_NAME_TEXT, fileNameEditText.getText().toString()); + savedInstanceState.putString(IMPORT_EXPORT_BUTTON_TEXT, importExportButton.getText().toString()); + } + public void onClickRadioButton(View view) { - // Get handles for the views. - Spinner encryptionSpinner = findViewById(R.id.encryption_spinner); - LinearLayout fileNameLinearLayout = findViewById(R.id.file_name_linearlayout); - EditText fileNameEditText = findViewById(R.id.file_name_edittext); - TextView openKeychainImportInstructionTextView = findViewById(R.id.openkeychain_import_instructions_textview); - Button importExportButton = findViewById(R.id.import_export_button); + // Get the current file name. + String fileNameString = fileNameEditText.getText().toString(); - // Check to see if import or export was selected. - switch (view.getId()) { - case R.id.import_radiobutton: - // Check to see if OpenPGP encryption is selected. - if (encryptionSpinner.getSelectedItemPosition() == OPENPGP_ENCRYPTION) { // OpenPGP encryption selected. - // Show the OpenKeychain import instructions. - openKeychainImportInstructionTextView.setVisibility(View.VISIBLE); + // Convert the file name string to a file. + File file = new File(fileNameString); - // Set the text on the import/export button to be `Decrypt`. - importExportButton.setText(R.string.decrypt); + // Check to see if import or export was selected. + if (view.getId() == R.id.import_radiobutton) { // The import radio button is selected. + // Check to see if OpenPGP encryption is selected. + if (encryptionSpinner.getSelectedItemPosition() == OPENPGP_ENCRYPTION) { // OpenPGP encryption selected. + // Show the OpenKeychain import instructions. + openKeychainImportInstructionsTextView.setVisibility(View.VISIBLE); + + // Set the text on the import/export button to be `Decrypt`. + importExportButton.setText(R.string.decrypt); + } else { // OpenPGP encryption not selected. + // Hide the OpenKeychain import instructions. + openKeychainImportInstructionsTextView.setVisibility(View.GONE); - // Enable the decrypt button if there is a file name. - importExportButton.setEnabled(!fileNameEditText.getText().toString().isEmpty()); - } else { // OpenPGP encryption not selected. - // Hide the OpenKeychain import instructions. - openKeychainImportInstructionTextView.setVisibility(View.GONE); + // Set the text on the import/export button to be `Import`. + importExportButton.setText(R.string.import_button); + } - // Set the text on the import/export button to be `Import`. - importExportButton.setText(R.string.import_button); + // Display the file name views. + fileNameLinearLayout.setVisibility(View.VISIBLE); + importExportButton.setVisibility(View.VISIBLE); + + // Check to see if the file exists. + if (file.exists()) { // The file exists. + // Check to see if password encryption is selected. + if (encryptionSpinner.getSelectedItemPosition() == PASSWORD_ENCRYPTION) { // Password encryption is selected. + // Enable the import button if the encryption password is populated. + importExportButton.setEnabled(!encryptionPasswordEditText.getText().toString().isEmpty()); + } else { // Password encryption is not selected. + // Enable the import/decrypt button. + importExportButton.setEnabled(true); } + } else { // The file does not exist. + // Disable the import/decrypt button. + importExportButton.setEnabled(false); + } + } else { // The export radio button is selected. + // Hide the OpenKeychain import instructions. + openKeychainImportInstructionsTextView.setVisibility(View.GONE); - // Display the file name views. - fileNameLinearLayout.setVisibility(View.VISIBLE); - importExportButton.setVisibility(View.VISIBLE); - break; - - case R.id.export_radiobutton: - // Hide the OpenKeychain import instructions. - openKeychainImportInstructionTextView.setVisibility(View.GONE); + // Set the text on the import/export button to be `Export`. + importExportButton.setText(R.string.export); - // Set the text on the import/export button to be `Export`. - importExportButton.setText(R.string.export); + // Show the import/export button. + importExportButton.setVisibility(View.VISIBLE); - // Show the import/export button. - importExportButton.setVisibility(View.VISIBLE); + // Check to see if OpenPGP encryption is selected. + if (encryptionSpinner.getSelectedItemPosition() == OPENPGP_ENCRYPTION) { // OpenPGP encryption is selected. + // Hide the file name views. + fileNameLinearLayout.setVisibility(View.GONE); - // Check to see if OpenPGP encryption is selected. - if (encryptionSpinner.getSelectedItemPosition() == OPENPGP_ENCRYPTION) { // OpenPGP encryption is selected. - // Hide the file name views. - fileNameLinearLayout.setVisibility(View.GONE); + // Enable the export button. + importExportButton.setEnabled(true); + } else { // OpenPGP encryption is not selected. + // Show the file name view. + fileNameLinearLayout.setVisibility(View.VISIBLE); - // Enable the export button. - importExportButton.setEnabled(true); - } else { // OpenPGP encryption is not selected. - // Show the file name views. - fileNameLinearLayout.setVisibility(View.VISIBLE); + // Check the encryption type. + if (encryptionSpinner.getSelectedItemPosition() == NO_ENCRYPTION) { // No encryption is selected. + // Enable the export button if the file name is populated. + importExportButton.setEnabled(!fileNameString.isEmpty()); + } else { // Password encryption is selected. + // Enable the export button if the file name and the password are populated. + importExportButton.setEnabled(!fileNameString.isEmpty() && !encryptionPasswordEditText.getText().toString().isEmpty()); } - break; + } } } public void browse(View view) { - // Get a handle for the import radiobutton. - RadioButton importRadioButton = findViewById(R.id.import_radiobutton); - // Check to see if import or export is selected. if (importRadioButton.isChecked()) { // Import is selected. // Create the file picker intent. @@ -420,11 +453,6 @@ public class ImportExportActivity extends AppCompatActivity implements StoragePe // Set the intent MIME type to include all files so that everything is visible. importBrowseIntent.setType("*/*"); - // Set the initial directory if the minimum API >= 26. - if (Build.VERSION.SDK_INT >= 26) { - importBrowseIntent.putExtra(DocumentsContract.EXTRA_INITIAL_URI, Environment.getExternalStorageDirectory()); - } - // Request a file that can be opened. importBrowseIntent.addCategory(Intent.CATEGORY_OPENABLE); @@ -437,12 +465,11 @@ public class ImportExportActivity extends AppCompatActivity implements StoragePe // Set the intent MIME type to include all files so that everything is visible. exportBrowseIntent.setType("*/*"); - // Set the initial export file name. - exportBrowseIntent.putExtra(Intent.EXTRA_TITLE, getString(R.string.privacy_browser_settings_pbs)); - - // Set the initial directory if the minimum API >= 26. - if (Build.VERSION.SDK_INT >= 26) { - exportBrowseIntent.putExtra(DocumentsContract.EXTRA_INITIAL_URI, Environment.getExternalStorageDirectory()); + // Set the initial export file name according to the encryption type. + if (encryptionSpinner.getSelectedItemPosition() == NO_ENCRYPTION) { // No encryption is selected. + exportBrowseIntent.putExtra(Intent.EXTRA_TITLE, getString(R.string.settings) + " " + BuildConfig.VERSION_NAME + ".pbs"); + } else { // Password encryption is selected. + exportBrowseIntent.putExtra(Intent.EXTRA_TITLE, getString(R.string.settings) + " " + BuildConfig.VERSION_NAME + ".pbs.aes"); } // Request a file that can be opened. @@ -453,495 +480,464 @@ public class ImportExportActivity extends AppCompatActivity implements StoragePe } } - public void importExport(View view) { - // Get a handle for the views. - Spinner encryptionSpinner = findViewById(R.id.encryption_spinner); - RadioButton importRadioButton = findViewById(R.id.import_radiobutton); - RadioButton exportRadioButton = findViewById(R.id.export_radiobutton); - - // Check to see if the storage permission is needed. - if ((encryptionSpinner.getSelectedItemPosition() == OPENPGP_ENCRYPTION) && exportRadioButton.isChecked()) { // Permission not needed to export via OpenKeychain. - // Export the settings. - exportSettings(); - } else if (ContextCompat.checkSelfPermission(this, Manifest.permission.WRITE_EXTERNAL_STORAGE) == PackageManager.PERMISSION_GRANTED) { // The storage permission has been granted. - // Check to see if import or export is selected. - if (importRadioButton.isChecked()) { // Import is selected. - // Import the settings. - importSettings(); - } else { // Export is selected. - // Export the settings. - exportSettings(); - } - } else { // The storage permission has not been granted. - // Get a handle for the file name EditText. - EditText fileNameEditText = findViewById(R.id.file_name_edittext); - - // Get the file name string. - String fileNameString = fileNameEditText.getText().toString(); - - // Get the external private directory `File`. - File externalPrivateDirectoryFile = getExternalFilesDir(null); - - // Remove the incorrect lint error below that the file might be null. - assert externalPrivateDirectoryFile != null; - - // Get the external private directory string. - String externalPrivateDirectory = externalPrivateDirectoryFile.toString(); - - // Check to see if the file path is in the external private directory. - if (fileNameString.startsWith(externalPrivateDirectory)) { // The file path is in the external private directory. - // Check to see if import or export is selected. - if (importRadioButton.isChecked()) { // Import is selected. - // Import the settings. - importSettings(); - } else { // Export is selected. - // Export the settings. - exportSettings(); - } - } else { // The file path is in a public directory. - // Check if the user has previously denied the storage permission. - if (ActivityCompat.shouldShowRequestPermissionRationale(this, Manifest.permission.WRITE_EXTERNAL_STORAGE)) { // Show a dialog explaining the request first. - // Instantiate the storage permission alert dialog. - DialogFragment storagePermissionDialogFragment = new StoragePermissionDialog(); - - // Show the storage permission alert dialog. The permission will be requested when the dialog is closed. - storagePermissionDialogFragment.show(getSupportFragmentManager(), getString(R.string.storage_permission)); - } else { // Show the permission request directly. - // Request the storage permission. The export will be run when it finishes. - ActivityCompat.requestPermissions(this, new String[] {Manifest.permission.WRITE_EXTERNAL_STORAGE}, 0); - } - } - } - } - @Override - public void onCloseStoragePermissionDialog() { - // Request the write external storage permission. The import/export will be run when it finishes. - ActivityCompat.requestPermissions(this, new String[] {Manifest.permission.WRITE_EXTERNAL_STORAGE}, 0); - } - - @Override - public void onRequestPermissionsResult(int requestCode, @NonNull String[] permissions, @NonNull int[] grantResults) { - // Get a handle for the import radiobutton. - RadioButton importRadioButton = findViewById(R.id.import_radiobutton); - - // Check to see if the storage permission was granted. If the dialog was canceled the grant results will be empty. - if ((grantResults.length > 0) && (grantResults[0] == PackageManager.PERMISSION_GRANTED)) { // The storage permission was granted. - // Run the import or export methods according to which radio button is selected. - if (importRadioButton.isChecked()) { // Import is selected. - // Import the settings. - importSettings(); - } else { // Export is selected. - // Export the settings. - exportSettings(); - } - } else { // The storage permission was not granted. - // Display an error snackbar. - Snackbar.make(importRadioButton, getString(R.string.cannot_use_location), Snackbar.LENGTH_LONG).show(); - } - } + public void onActivityResult(int requestCode, int resultCode, Intent returnedIntent) { + // Run the default commands. + super.onActivityResult(requestCode, resultCode, returnedIntent); - @Override - public void onActivityResult(int requestCode, int resultCode, Intent data) { switch (requestCode) { case (BROWSE_RESULT_CODE): - // Don't do anything if the user pressed back from the file picker. + // Only do something if the user didn't press back from the file picker. if (resultCode == Activity.RESULT_OK) { - // Get a handle for the file name edit text. - EditText fileNameEditText = findViewById(R.id.file_name_edittext); - - // Get the file name URI. - Uri fileNameUri = data.getData(); - - // Remove the lint warning that the file name URI might be null. - assert fileNameUri != null; - - // Get the raw file name path. - String rawFileNamePath = fileNameUri.getPath(); - - // Remove the incorrect lint warning that the file name path might be null. - assert rawFileNamePath != null; - - // Check to see if the file name Path includes a valid storage location. - if (rawFileNamePath.contains(":")) { // The path is valid. - // Split the path into the initial content uri and the final path information. - String fileNameContentPath = rawFileNamePath.substring(0, rawFileNamePath.indexOf(":")); - String fileNameFinalPath = rawFileNamePath.substring(rawFileNamePath.indexOf(":") + 1); - - // Create the file name path string. - String fileNamePath; - - // Construct the file name path. - switch (fileNameContentPath) { - // The documents home has a special content path. - case "/document/home": - fileNamePath = Environment.getExternalStoragePublicDirectory(Environment.DIRECTORY_DOCUMENTS) + "/" + fileNameFinalPath; - break; - - // Everything else for the primary user should be in `/document/primary`. - case "/document/primary": - fileNamePath = Environment.getExternalStorageDirectory() + "/" + fileNameFinalPath; - break; - - // Just in case, catch everything else and place it in the external storage directory. - default: - fileNamePath = Environment.getExternalStorageDirectory() + "/" + fileNameFinalPath; - break; - } + // Get the file path URI from the intent. + Uri fileNameUri = returnedIntent.getData(); - // Set the file name path as the text of the file name EditText. - fileNameEditText.setText(fileNamePath); - } else { // The path is invalid. - Snackbar.make(fileNameEditText, rawFileNamePath + " " + getString(R.string.invalid_location), Snackbar.LENGTH_INDEFINITE).show(); - } + // Get the file name string from the URI. + String fileNameString = fileNameUri.toString(); + + // Set the file name name text. + fileNameEditText.setText(fileNameString); + + // Move the cursor to the end of the file name edit text. + fileNameEditText.setSelection(fileNameString.length()); } break; - case OPENPGP_EXPORT_RESULT_CODE: - // Get the temporary unencrypted export file. - File temporaryUnencryptedExportFile = new File(getApplicationContext().getCacheDir() + "/" + getString(R.string.privacy_browser_settings_pbs)); + case OPENPGP_IMPORT_RESULT_CODE: + // Delete the temporary PGP encrypted import file. + if (temporaryPgpEncryptedImportFile.exists()) { + //noinspection ResultOfMethodCallIgnored + temporaryPgpEncryptedImportFile.delete(); + } + break; - // Delete the temporary unencrypted export file if it exists. - if (temporaryUnencryptedExportFile.exists()) { + case OPENPGP_EXPORT_RESULT_CODE: + // Delete the temporary pre-encrypted export file if it exists. + if (temporaryPreEncryptedExportFile.exists()) { //noinspection ResultOfMethodCallIgnored - temporaryUnencryptedExportFile.delete(); + temporaryPreEncryptedExportFile.delete(); } break; } } - private void exportSettings() { - // Get a handle for the views. - Spinner encryptionSpinner = findViewById(R.id.encryption_spinner); - EditText fileNameEditText = findViewById(R.id.file_name_edittext); - + public void importExport(View view) { // Instantiate the import export database helper. ImportExportDatabaseHelper importExportDatabaseHelper = new ImportExportDatabaseHelper(); - // Get the export file string. - String exportFileString = fileNameEditText.getText().toString(); + // Check to see if import or export is selected. + if (importRadioButton.isChecked()) { // Import is selected. + // Initialize the import status string + String importStatus = ""; - // Get the export and temporary unencrypted export files. - File exportFile = new File(exportFileString); - File temporaryUnencryptedExportFile = new File(getApplicationContext().getCacheDir() + "/" + getString(R.string.privacy_browser_settings_pbs)); + // Get the file name string. + String fileNameString = fileNameEditText.getText().toString(); - // Create an export status string. - String exportStatus; + // Import according to the encryption type. + switch (encryptionSpinner.getSelectedItemPosition()) { + case NO_ENCRYPTION: + try { + // Get an input stream for the file name. + InputStream inputStream = getContentResolver().openInputStream(Uri.parse(fileNameString)); + + // Import the unencrypted file. + importStatus = importExportDatabaseHelper.importUnencrypted(inputStream, this); + } catch (FileNotFoundException exception) { + // Update the import status. + importStatus = exception.toString(); + } - // Export according to the encryption type. - switch (encryptionSpinner.getSelectedItemPosition()) { - case NO_ENCRYPTION: - // Export the unencrypted file. - exportStatus = importExportDatabaseHelper.exportUnencrypted(exportFile, this); + // Restart Privacy Browser if successful. + if (importStatus.equals(ImportExportDatabaseHelper.IMPORT_SUCCESSFUL)) { + restartPrivacyBrowser(); + } + break; - // Show a disposition snackbar. - if (exportStatus.equals(ImportExportDatabaseHelper.EXPORT_SUCCESSFUL)) { - Snackbar.make(fileNameEditText, getString(R.string.export_successful), Snackbar.LENGTH_SHORT).show(); - } else { - Snackbar.make(fileNameEditText, getString(R.string.export_failed) + " " + exportStatus, Snackbar.LENGTH_INDEFINITE).show(); - } - break; + case PASSWORD_ENCRYPTION: + try { + // Get the encryption password. + String encryptionPasswordString = encryptionPasswordEditText.getText().toString(); - case PASSWORD_ENCRYPTION: - // Create an unencrypted export in a private directory. - exportStatus = importExportDatabaseHelper.exportUnencrypted(temporaryUnencryptedExportFile, this); + // Get an input stream for the file name. + InputStream inputStream = getContentResolver().openInputStream(Uri.parse(fileNameString)); - try { - // Create an unencrypted export file input stream. - FileInputStream unencryptedExportFileInputStream = new FileInputStream(temporaryUnencryptedExportFile); + // Get the salt from the beginning of the import file. + byte[] saltByteArray = new byte[32]; + //noinspection ResultOfMethodCallIgnored + inputStream.read(saltByteArray); - // Delete the encrypted export file if it exists. - if (exportFile.exists()) { + // Get the initialization vector from the import file. + byte[] initializationVector = new byte[12]; //noinspection ResultOfMethodCallIgnored - exportFile.delete(); - } + inputStream.read(initializationVector); - // Create an encrypted export file output stream. - FileOutputStream encryptedExportFileOutputStream = new FileOutputStream(exportFile); + // Convert the encryption password to a byte array. + byte[] encryptionPasswordByteArray = encryptionPasswordString.getBytes(StandardCharsets.UTF_8); - // Get a handle for the encryption password EditText. - EditText encryptionPasswordEditText = findViewById(R.id.password_encryption_edittext); + // Append the salt to the encryption password byte array. This protects against rainbow table attacks. + byte[] encryptionPasswordWithSaltByteArray = new byte[encryptionPasswordByteArray.length + saltByteArray.length]; + System.arraycopy(encryptionPasswordByteArray, 0, encryptionPasswordWithSaltByteArray, 0, encryptionPasswordByteArray.length); + System.arraycopy(saltByteArray, 0, encryptionPasswordWithSaltByteArray, encryptionPasswordByteArray.length, saltByteArray.length); - // Get the encryption password. - String encryptionPasswordString = encryptionPasswordEditText.getText().toString(); + // Get a SHA-512 message digest. + MessageDigest messageDigest = MessageDigest.getInstance("SHA-512"); - // Initialize a secure random number generator. - SecureRandom secureRandom = new SecureRandom(); + // Hash the salted encryption password. Otherwise, any characters after the 32nd character in the password are ignored. + byte[] hashedEncryptionPasswordWithSaltByteArray = messageDigest.digest(encryptionPasswordWithSaltByteArray); - // Get a 256 bit (32 byte) random salt. - byte[] saltByteArray = new byte[32]; - secureRandom.nextBytes(saltByteArray); + // Truncate the encryption password byte array to 256 bits (32 bytes). + byte[] truncatedHashedEncryptionPasswordWithSaltByteArray = Arrays.copyOf(hashedEncryptionPasswordWithSaltByteArray, 32); - // Convert the encryption password to a byte array. - byte[] encryptionPasswordByteArray = encryptionPasswordString.getBytes(StandardCharsets.UTF_8); + // Create an AES secret key from the encryption password byte array. + SecretKeySpec secretKey = new SecretKeySpec(truncatedHashedEncryptionPasswordWithSaltByteArray, "AES"); - // Append the salt to the encryption password byte array. This protects against rainbow table attacks. - byte[] encryptionPasswordWithSaltByteArray = new byte[encryptionPasswordByteArray.length + saltByteArray.length]; - System.arraycopy(encryptionPasswordByteArray, 0, encryptionPasswordWithSaltByteArray, 0, encryptionPasswordByteArray.length); - System.arraycopy(saltByteArray, 0, encryptionPasswordWithSaltByteArray, encryptionPasswordByteArray.length, saltByteArray.length); + // Get a Advanced Encryption Standard, Galois/Counter Mode, No Padding cipher instance. Galois/Counter mode protects against modification of the ciphertext. It doesn't use padding. + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); - // Get a SHA-512 message digest. - MessageDigest messageDigest = MessageDigest.getInstance("SHA-512"); + // Set the GCM tag length to be 128 bits (the maximum) and apply the initialization vector. + GCMParameterSpec gcmParameterSpec = new GCMParameterSpec(128, initializationVector); - // Hash the salted encryption password. Otherwise, any characters after the 32nd character in the password are ignored. - byte[] hashedEncryptionPasswordWithSaltByteArray = messageDigest.digest(encryptionPasswordWithSaltByteArray); + // Initialize the cipher. + cipher.init(Cipher.DECRYPT_MODE, secretKey, gcmParameterSpec); - // Truncate the encryption password byte array to 256 bits (32 bytes). - byte[] truncatedHashedEncryptionPasswordWithSaltByteArray = Arrays.copyOf(hashedEncryptionPasswordWithSaltByteArray, 32); + // Create a cipher input stream. + CipherInputStream cipherInputStream = new CipherInputStream(inputStream, cipher); - // Create an AES secret key from the encryption password byte array. - SecretKeySpec secretKey = new SecretKeySpec(truncatedHashedEncryptionPasswordWithSaltByteArray, "AES"); + // Initialize variables to store data as it is moved from the cipher input stream to the unencrypted import file output stream. Move 128 bits (16 bytes) at a time. + int numberOfBytesRead; + byte[] decryptedBytes = new byte[16]; - // Generate a random 12 byte initialization vector. According to NIST, a 12 byte initialization vector is more secure than a 16 byte one. - byte[] initializationVector = new byte[12]; - secureRandom.nextBytes(initializationVector); - // Get a Advanced Encryption Standard, Galois/Counter Mode, No Padding cipher instance. Galois/Counter mode protects against modification of the ciphertext. It doesn't use padding. - Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + // Create a private temporary unencrypted import file. + File temporaryUnencryptedImportFile = File.createTempFile("temporary_unencrypted_import_file", null, getApplicationContext().getCacheDir()); - // Set the GCM tag length to be 128 bits (the maximum) and apply the initialization vector. - GCMParameterSpec gcmParameterSpec = new GCMParameterSpec(128, initializationVector); + // Create an temporary unencrypted import file output stream. + FileOutputStream temporaryUnencryptedImportFileOutputStream = new FileOutputStream(temporaryUnencryptedImportFile); - // Initialize the cipher. - cipher.init(Cipher.ENCRYPT_MODE, secretKey, gcmParameterSpec); - // Add the salt and the initialization vector to the export file. - encryptedExportFileOutputStream.write(saltByteArray); - encryptedExportFileOutputStream.write(initializationVector); + // Read up to 128 bits (16 bytes) of data from the cipher input stream. `-1` will be returned when the end fo the file is reached. + while ((numberOfBytesRead = cipherInputStream.read(decryptedBytes)) != -1) { + // Write the data to the temporary unencrypted import file output stream. + temporaryUnencryptedImportFileOutputStream.write(decryptedBytes, 0, numberOfBytesRead); + } - // Create a cipher output stream. - CipherOutputStream cipherOutputStream = new CipherOutputStream(encryptedExportFileOutputStream, cipher); - // Initialize variables to store data as it is moved from the unencrypted export file input stream to the cipher output stream. Move 128 bits (16 bytes) at a time. - int numberOfBytesRead; - byte[] encryptedBytes = new byte[16]; + // Flush the temporary unencrypted import file output stream. + temporaryUnencryptedImportFileOutputStream.flush(); - // Read up to 128 bits (16 bytes) of data from the unencrypted export file stream. `-1` will be returned when the end of the file is reached. - while ((numberOfBytesRead = unencryptedExportFileInputStream.read(encryptedBytes)) != -1) { - // Write the data to the cipher output stream. - cipherOutputStream.write(encryptedBytes, 0, numberOfBytesRead); - } + // Close the streams. + temporaryUnencryptedImportFileOutputStream.close(); + cipherInputStream.close(); + inputStream.close(); - // Close the streams. - cipherOutputStream.flush(); - cipherOutputStream.close(); - encryptedExportFileOutputStream.close(); - unencryptedExportFileInputStream.close(); - - // Wipe the encryption data from memory. - //noinspection UnusedAssignment - encryptionPasswordString = ""; - Arrays.fill(saltByteArray, (byte) 0); - Arrays.fill(encryptionPasswordByteArray, (byte) 0); - Arrays.fill(encryptionPasswordWithSaltByteArray, (byte) 0); - Arrays.fill(hashedEncryptionPasswordWithSaltByteArray, (byte) 0); - Arrays.fill(truncatedHashedEncryptionPasswordWithSaltByteArray, (byte) 0); - Arrays.fill(initializationVector, (byte) 0); - Arrays.fill(encryptedBytes, (byte) 0); - - // Delete the temporary unencrypted export file. - //noinspection ResultOfMethodCallIgnored - temporaryUnencryptedExportFile.delete(); - } catch (Exception exception) { - exportStatus = exception.toString(); - } + // Wipe the encryption data from memory. + //noinspection UnusedAssignment + encryptionPasswordString = ""; + Arrays.fill(saltByteArray, (byte) 0); + Arrays.fill(initializationVector, (byte) 0); + Arrays.fill(encryptionPasswordByteArray, (byte) 0); + Arrays.fill(encryptionPasswordWithSaltByteArray, (byte) 0); + Arrays.fill(hashedEncryptionPasswordWithSaltByteArray, (byte) 0); + Arrays.fill(truncatedHashedEncryptionPasswordWithSaltByteArray, (byte) 0); + Arrays.fill(decryptedBytes, (byte) 0); - // Show a disposition snackbar. - if (exportStatus.equals(ImportExportDatabaseHelper.EXPORT_SUCCESSFUL)) { - Snackbar.make(fileNameEditText, getString(R.string.export_successful), Snackbar.LENGTH_SHORT).show(); - } else { - Snackbar.make(fileNameEditText, getString(R.string.export_failed) + " " + exportStatus, Snackbar.LENGTH_INDEFINITE).show(); - } - break; + // Create a temporary unencrypted import file input stream. + FileInputStream temporaryUnencryptedImportFileInputStream = new FileInputStream(temporaryUnencryptedImportFile); - case OPENPGP_ENCRYPTION: - // Create an unencrypted export in the private location. - importExportDatabaseHelper.exportUnencrypted(temporaryUnencryptedExportFile, this); + // Import the temporary unencrypted import file. + importStatus = importExportDatabaseHelper.importUnencrypted(temporaryUnencryptedImportFileInputStream, this); - // Create an encryption intent for OpenKeychain. - Intent openKeychainEncryptIntent = new Intent("org.sufficientlysecure.keychain.action.ENCRYPT_DATA"); + // Close the temporary unencrypted import file input stream. + temporaryUnencryptedImportFileInputStream.close(); - // Include the temporary unencrypted export file URI. - openKeychainEncryptIntent.setData(FileProvider.getUriForFile(this, getString(R.string.file_provider), temporaryUnencryptedExportFile)); + // Delete the temporary unencrypted import file. + //noinspection ResultOfMethodCallIgnored + temporaryUnencryptedImportFile.delete(); - // Allow OpenKeychain to read the file URI. - openKeychainEncryptIntent.setFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION); + // Restart Privacy Browser if successful. + if (importStatus.equals(ImportExportDatabaseHelper.IMPORT_SUCCESSFUL)) { + restartPrivacyBrowser(); + } + } catch (Exception exception) { + // Update the import status. + importStatus = exception.toString(); + } + break; - // Send the intent to the OpenKeychain package. - openKeychainEncryptIntent.setPackage("org.sufficientlysecure.keychain"); + case OPENPGP_ENCRYPTION: + try { + // Set the temporary PGP encrypted import file. + temporaryPgpEncryptedImportFile = File.createTempFile("temporary_pgp_encrypted_import_file", null, getApplicationContext().getCacheDir()); - // Make it so. - startActivityForResult(openKeychainEncryptIntent, OPENPGP_EXPORT_RESULT_CODE); - break; - } + // Create a temporary PGP encrypted import file output stream. + FileOutputStream temporaryPgpEncryptedImportFileOutputStream = new FileOutputStream(temporaryPgpEncryptedImportFile); - // Add the file to the list of recent files. This doesn't currently work, but maybe it will someday. - MediaScannerConnection.scanFile(this, new String[] {exportFileString}, new String[] {"application/x-sqlite3"}, null); - } + // Get an input stream for the file name. + InputStream inputStream = getContentResolver().openInputStream(Uri.parse(fileNameString)); - private void importSettings() { - // Get a handle for the views. - Spinner encryptionSpinner = findViewById(R.id.encryption_spinner); - EditText fileNameEditText = findViewById(R.id.file_name_edittext); + // Create a transfer byte array. + byte[] transferByteArray = new byte[1024]; - // Instantiate the import export database helper. - ImportExportDatabaseHelper importExportDatabaseHelper = new ImportExportDatabaseHelper(); + // Create an integer to track the number of bytes read. + int bytesRead; + + // Copy the input stream to the temporary PGP encrypted import file. + while ((bytesRead = inputStream.read(transferByteArray)) > 0) { + temporaryPgpEncryptedImportFileOutputStream.write(transferByteArray, 0, bytesRead); + } - // Get the import file. - File importFile = new File(fileNameEditText.getText().toString()); + // Flush the temporary PGP encrypted import file output stream. + temporaryPgpEncryptedImportFileOutputStream.flush(); - // Initialize the import status string - String importStatus = ""; + // Close the streams. + inputStream.close(); + temporaryPgpEncryptedImportFileOutputStream.close(); - // Import according to the encryption type. - switch (encryptionSpinner.getSelectedItemPosition()) { - case NO_ENCRYPTION: - // Import the unencrypted file. - importStatus = importExportDatabaseHelper.importUnencrypted(importFile, this); - break; + // Create an decryption intent for OpenKeychain. + Intent openKeychainDecryptIntent = new Intent("org.sufficientlysecure.keychain.action.DECRYPT_DATA"); - case PASSWORD_ENCRYPTION: - // Use a private temporary import location. - File temporaryUnencryptedImportFile = new File(getApplicationContext().getCacheDir() + "/" + getString(R.string.privacy_browser_settings_pbs)); + // Include the URI to be decrypted. + openKeychainDecryptIntent.setData(FileProvider.getUriForFile(this, getString(R.string.file_provider), temporaryPgpEncryptedImportFile)); - try { - // Create an encrypted import file input stream. - FileInputStream encryptedImportFileInputStream = new FileInputStream(importFile); + // Allow OpenKeychain to read the file URI. + openKeychainDecryptIntent.setFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION); - // Delete the temporary import file if it exists. - if (temporaryUnencryptedImportFile.exists()) { - //noinspection ResultOfMethodCallIgnored - temporaryUnencryptedImportFile.delete(); + // Send the intent to the OpenKeychain package. + openKeychainDecryptIntent.setPackage("org.sufficientlysecure.keychain"); + + // Make it so. + startActivityForResult(openKeychainDecryptIntent, OPENPGP_IMPORT_RESULT_CODE); + + // Update the import status. + importStatus = ImportExportDatabaseHelper.IMPORT_SUCCESSFUL; + } catch (Exception exception) { + // Update the import status. + importStatus = exception.toString(); } + break; + } - // Create an unencrypted import file output stream. - FileOutputStream unencryptedImportFileOutputStream = new FileOutputStream(temporaryUnencryptedImportFile); + // Respond to the import status. + if (!importStatus.equals(ImportExportDatabaseHelper.IMPORT_SUCCESSFUL)) { + // Display a snack bar with the import error. + Snackbar.make(fileNameEditText, getString(R.string.import_failed) + " " + importStatus, Snackbar.LENGTH_INDEFINITE).show(); + } + } else { // Export is selected. + // Export according to the encryption type. + switch (encryptionSpinner.getSelectedItemPosition()) { + case NO_ENCRYPTION: + // Get the file name string. + String noEncryptionFileNameString = fileNameEditText.getText().toString(); + + try { + // Get the export file output stream. + OutputStream exportFileOutputStream = getContentResolver().openOutputStream(Uri.parse(noEncryptionFileNameString)); + + // Export the unencrypted file. + String noEncryptionExportStatus = importExportDatabaseHelper.exportUnencrypted(exportFileOutputStream, this); + + // Display an export disposition snackbar. + if (noEncryptionExportStatus.equals(ImportExportDatabaseHelper.EXPORT_SUCCESSFUL)) { + Snackbar.make(fileNameEditText, getString(R.string.export_successful), Snackbar.LENGTH_SHORT).show(); + } else { + Snackbar.make(fileNameEditText, getString(R.string.export_failed) + " " + noEncryptionExportStatus, Snackbar.LENGTH_INDEFINITE).show(); + } + } catch (FileNotFoundException fileNotFoundException) { + // Display a snackbar with the exception. + Snackbar.make(fileNameEditText, getString(R.string.export_failed) + " " + fileNotFoundException, Snackbar.LENGTH_INDEFINITE).show(); + } + break; - // Get a handle for the encryption password EditText. - EditText encryptionPasswordEditText = findViewById(R.id.password_encryption_edittext); + case PASSWORD_ENCRYPTION: + try { + // Create a temporary unencrypted export file. + File temporaryUnencryptedExportFile = File.createTempFile("temporary_unencrypted_export_file", null, getApplicationContext().getCacheDir()); - // Get the encryption password. - String encryptionPasswordString = encryptionPasswordEditText.getText().toString(); + // Create a temporary unencrypted export output stream. + FileOutputStream temporaryUnencryptedExportOutputStream = new FileOutputStream(temporaryUnencryptedExportFile); - // Get the salt from the beginning of the import file. - byte[] saltByteArray = new byte[32]; - //noinspection ResultOfMethodCallIgnored - encryptedImportFileInputStream.read(saltByteArray); + // Populate the temporary unencrypted export. + String passwordEncryptionExportStatus = importExportDatabaseHelper.exportUnencrypted(temporaryUnencryptedExportOutputStream, this); - // Get the initialization vector from the import file. - byte[] initializationVector = new byte[12]; - //noinspection ResultOfMethodCallIgnored - encryptedImportFileInputStream.read(initializationVector); + // Close the temporary unencrypted export output stream. + temporaryUnencryptedExportOutputStream.close(); + + // Create an unencrypted export file input stream. + FileInputStream unencryptedExportFileInputStream = new FileInputStream(temporaryUnencryptedExportFile); + + // Get the encryption password. + String encryptionPasswordString = encryptionPasswordEditText.getText().toString(); + + // Initialize a secure random number generator. + SecureRandom secureRandom = new SecureRandom(); + + // Get a 256 bit (32 byte) random salt. + byte[] saltByteArray = new byte[32]; + secureRandom.nextBytes(saltByteArray); + + // Convert the encryption password to a byte array. + byte[] encryptionPasswordByteArray = encryptionPasswordString.getBytes(StandardCharsets.UTF_8); - // Convert the encryption password to a byte array. - byte[] encryptionPasswordByteArray = encryptionPasswordString.getBytes(StandardCharsets.UTF_8); + // Append the salt to the encryption password byte array. This protects against rainbow table attacks. + byte[] encryptionPasswordWithSaltByteArray = new byte[encryptionPasswordByteArray.length + saltByteArray.length]; + System.arraycopy(encryptionPasswordByteArray, 0, encryptionPasswordWithSaltByteArray, 0, encryptionPasswordByteArray.length); + System.arraycopy(saltByteArray, 0, encryptionPasswordWithSaltByteArray, encryptionPasswordByteArray.length, saltByteArray.length); - // Append the salt to the encryption password byte array. This protects against rainbow table attacks. - byte[] encryptionPasswordWithSaltByteArray = new byte[encryptionPasswordByteArray.length + saltByteArray.length]; - System.arraycopy(encryptionPasswordByteArray, 0, encryptionPasswordWithSaltByteArray, 0, encryptionPasswordByteArray.length); - System.arraycopy(saltByteArray, 0, encryptionPasswordWithSaltByteArray, encryptionPasswordByteArray.length, saltByteArray.length); + // Get a SHA-512 message digest. + MessageDigest messageDigest = MessageDigest.getInstance("SHA-512"); - // Get a SHA-512 message digest. - MessageDigest messageDigest = MessageDigest.getInstance("SHA-512"); + // Hash the salted encryption password. Otherwise, any characters after the 32nd character in the password are ignored. + byte[] hashedEncryptionPasswordWithSaltByteArray = messageDigest.digest(encryptionPasswordWithSaltByteArray); - // Hash the salted encryption password. Otherwise, any characters after the 32nd character in the password are ignored. - byte[] hashedEncryptionPasswordWithSaltByteArray = messageDigest.digest(encryptionPasswordWithSaltByteArray); + // Truncate the encryption password byte array to 256 bits (32 bytes). + byte[] truncatedHashedEncryptionPasswordWithSaltByteArray = Arrays.copyOf(hashedEncryptionPasswordWithSaltByteArray, 32); - // Truncate the encryption password byte array to 256 bits (32 bytes). - byte[] truncatedHashedEncryptionPasswordWithSaltByteArray = Arrays.copyOf(hashedEncryptionPasswordWithSaltByteArray, 32); + // Create an AES secret key from the encryption password byte array. + SecretKeySpec secretKey = new SecretKeySpec(truncatedHashedEncryptionPasswordWithSaltByteArray, "AES"); - // Create an AES secret key from the encryption password byte array. - SecretKeySpec secretKey = new SecretKeySpec(truncatedHashedEncryptionPasswordWithSaltByteArray, "AES"); + // Generate a random 12 byte initialization vector. According to NIST, a 12 byte initialization vector is more secure than a 16 byte one. + byte[] initializationVector = new byte[12]; + secureRandom.nextBytes(initializationVector); - // Get a Advanced Encryption Standard, Galois/Counter Mode, No Padding cipher instance. Galois/Counter mode protects against modification of the ciphertext. It doesn't use padding. - Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + // Get a Advanced Encryption Standard, Galois/Counter Mode, No Padding cipher instance. Galois/Counter mode protects against modification of the ciphertext. It doesn't use padding. + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); - // Set the GCM tag length to be 128 bits (the maximum) and apply the initialization vector. - GCMParameterSpec gcmParameterSpec = new GCMParameterSpec(128, initializationVector); + // Set the GCM tag length to be 128 bits (the maximum) and apply the initialization vector. + GCMParameterSpec gcmParameterSpec = new GCMParameterSpec(128, initializationVector); - // Initialize the cipher. - cipher.init(Cipher.DECRYPT_MODE, secretKey, gcmParameterSpec); + // Initialize the cipher. + cipher.init(Cipher.ENCRYPT_MODE, secretKey, gcmParameterSpec); - // Create a cipher input stream. - CipherInputStream cipherInputStream = new CipherInputStream(encryptedImportFileInputStream, cipher); + // Get the file name string. + String passwordEncryptionFileNameString = fileNameEditText.getText().toString(); - // Initialize variables to store data as it is moved from the cipher input stream to the unencrypted import file output stream. Move 128 bits (16 bytes) at a time. - int numberOfBytesRead; - byte[] decryptedBytes = new byte[16]; + // Get the export file output stream. + OutputStream exportFileOutputStream = getContentResolver().openOutputStream(Uri.parse(passwordEncryptionFileNameString)); - // Read up to 128 bits (16 bytes) of data from the cipher input stream. `-1` will be returned when the end fo the file is reached. - while ((numberOfBytesRead = cipherInputStream.read(decryptedBytes)) != -1) { - // Write the data to the unencrypted import file output stream. - unencryptedImportFileOutputStream.write(decryptedBytes, 0, numberOfBytesRead); + // Add the salt and the initialization vector to the export file output stream. + exportFileOutputStream.write(saltByteArray); + exportFileOutputStream.write(initializationVector); + + // Create a cipher output stream. + CipherOutputStream cipherOutputStream = new CipherOutputStream(exportFileOutputStream, cipher); + + // Initialize variables to store data as it is moved from the unencrypted export file input stream to the cipher output stream. Move 128 bits (16 bytes) at a time. + int numberOfBytesRead; + byte[] encryptedBytes = new byte[16]; + + // Read up to 128 bits (16 bytes) of data from the unencrypted export file stream. `-1` will be returned when the end of the file is reached. + while ((numberOfBytesRead = unencryptedExportFileInputStream.read(encryptedBytes)) != -1) { + // Write the data to the cipher output stream. + cipherOutputStream.write(encryptedBytes, 0, numberOfBytesRead); + } + + // Close the streams. + cipherOutputStream.flush(); + cipherOutputStream.close(); + exportFileOutputStream.close(); + unencryptedExportFileInputStream.close(); + + // Wipe the encryption data from memory. + //noinspection UnusedAssignment + encryptionPasswordString = ""; + Arrays.fill(saltByteArray, (byte) 0); + Arrays.fill(encryptionPasswordByteArray, (byte) 0); + Arrays.fill(encryptionPasswordWithSaltByteArray, (byte) 0); + Arrays.fill(hashedEncryptionPasswordWithSaltByteArray, (byte) 0); + Arrays.fill(truncatedHashedEncryptionPasswordWithSaltByteArray, (byte) 0); + Arrays.fill(initializationVector, (byte) 0); + Arrays.fill(encryptedBytes, (byte) 0); + + // Delete the temporary unencrypted export file. + //noinspection ResultOfMethodCallIgnored + temporaryUnencryptedExportFile.delete(); + + // Display an export disposition snackbar. + if (passwordEncryptionExportStatus.equals(ImportExportDatabaseHelper.EXPORT_SUCCESSFUL)) { + Snackbar.make(fileNameEditText, getString(R.string.export_successful), Snackbar.LENGTH_SHORT).show(); + } else { + Snackbar.make(fileNameEditText, getString(R.string.export_failed) + " " + passwordEncryptionExportStatus, Snackbar.LENGTH_INDEFINITE).show(); + } + } catch (Exception exception) { + // Display a snackbar with the exception. + Snackbar.make(fileNameEditText, getString(R.string.export_failed) + " " + exception, Snackbar.LENGTH_INDEFINITE).show(); } + break; - // Close the streams. - unencryptedImportFileOutputStream.flush(); - unencryptedImportFileOutputStream.close(); - cipherInputStream.close(); - encryptedImportFileInputStream.close(); - - // Wipe the encryption data from memory. - //noinspection UnusedAssignment - encryptionPasswordString = ""; - Arrays.fill(saltByteArray, (byte) 0); - Arrays.fill(initializationVector, (byte) 0); - Arrays.fill(encryptionPasswordByteArray, (byte) 0); - Arrays.fill(encryptionPasswordWithSaltByteArray, (byte) 0); - Arrays.fill(hashedEncryptionPasswordWithSaltByteArray, (byte) 0); - Arrays.fill(truncatedHashedEncryptionPasswordWithSaltByteArray, (byte) 0); - Arrays.fill(decryptedBytes, (byte) 0); - - // Import the unencrypted database from the private location. - importStatus = importExportDatabaseHelper.importUnencrypted(temporaryUnencryptedImportFile, this); - - // Delete the temporary unencrypted import file. - //noinspection ResultOfMethodCallIgnored - temporaryUnencryptedImportFile.delete(); - } catch (Exception exception) { - importStatus = exception.toString(); - } - break; + case OPENPGP_ENCRYPTION: + try { + // Set the temporary pre-encrypted export file. + temporaryPreEncryptedExportFile = new File(getApplicationContext().getCacheDir() + "/" + getString(R.string.settings) + " " + BuildConfig.VERSION_NAME + ".pbs"); - case OPENPGP_ENCRYPTION: - try { - // Create an decryption intent for OpenKeychain. - Intent openKeychainDecryptIntent = new Intent("org.sufficientlysecure.keychain.action.DECRYPT_DATA"); + // Delete the temporary pre-encrypted export file if it already exists. + if (temporaryPreEncryptedExportFile.exists()) { + //noinspection ResultOfMethodCallIgnored + temporaryPreEncryptedExportFile.delete(); + } - // Include the URI to be decrypted. - openKeychainDecryptIntent.setData(FileProvider.getUriForFile(this, getString(R.string.file_provider), importFile)); + // Create a temporary pre-encrypted export output stream. + FileOutputStream temporaryPreEncryptedExportOutputStream = new FileOutputStream(temporaryPreEncryptedExportFile); - // Allow OpenKeychain to read the file URI. - openKeychainDecryptIntent.setFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION); + // Populate the temporary pre-encrypted export file. + String openpgpEncryptionExportStatus = importExportDatabaseHelper.exportUnencrypted(temporaryPreEncryptedExportOutputStream, this); - // Send the intent to the OpenKeychain package. - openKeychainDecryptIntent.setPackage("org.sufficientlysecure.keychain"); + // Flush the temporary pre-encryption export output stream. + temporaryPreEncryptedExportOutputStream.flush(); - // Make it so. - startActivity(openKeychainDecryptIntent); - } catch (IllegalArgumentException exception) { // The file import location is not valid. - // Display a snack bar with the import error. - Snackbar.make(fileNameEditText, getString(R.string.import_failed) + " " + exception.toString(), Snackbar.LENGTH_INDEFINITE).show(); - } - break; + // Close the temporary pre-encryption export output stream. + temporaryPreEncryptedExportOutputStream.close(); + + // Display an export error snackbar if the temporary pre-encrypted export failed. + if (!openpgpEncryptionExportStatus.equals(ImportExportDatabaseHelper.EXPORT_SUCCESSFUL)) { + Snackbar.make(fileNameEditText, getString(R.string.export_failed) + " " + openpgpEncryptionExportStatus, Snackbar.LENGTH_INDEFINITE).show(); + } + + // Create an encryption intent for OpenKeychain. + Intent openKeychainEncryptIntent = new Intent("org.sufficientlysecure.keychain.action.ENCRYPT_DATA"); + + // Include the temporary unencrypted export file URI. + openKeychainEncryptIntent.setData(FileProvider.getUriForFile(this, getString(R.string.file_provider), temporaryPreEncryptedExportFile)); + + // Allow OpenKeychain to read the file URI. + openKeychainEncryptIntent.setFlags(Intent.FLAG_GRANT_READ_URI_PERMISSION); + + // Send the intent to the OpenKeychain package. + openKeychainEncryptIntent.setPackage("org.sufficientlysecure.keychain"); + + // Make it so. + startActivityForResult(openKeychainEncryptIntent, OPENPGP_EXPORT_RESULT_CODE); + } catch (Exception exception) { + // Display a snackbar with the exception. + Snackbar.make(fileNameEditText, getString(R.string.export_failed) + " " + exception, Snackbar.LENGTH_INDEFINITE).show(); + } + break; + } } + } + + private void restartPrivacyBrowser() { + // Create an intent to restart Privacy Browser. + Intent restartIntent = getParentActivityIntent(); - // Respond to the import disposition. - if (importStatus.equals(ImportExportDatabaseHelper.IMPORT_SUCCESSFUL)) { // The import was successful. - // Create an intent to restart Privacy Browser. - Intent restartIntent = getParentActivityIntent(); + // Assert that the intent is not null to remove the lint error below. + assert restartIntent != null; - // Assert that the intent is not null to remove the lint error below. - assert restartIntent != null; + // `Intent.FLAG_ACTIVITY_CLEAR_TASK` removes all activities from the stack. It requires `Intent.FLAG_ACTIVITY_NEW_TASK`. + restartIntent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK | Intent.FLAG_ACTIVITY_CLEAR_TASK); - // `Intent.FLAG_ACTIVITY_CLEAR_TASK` removes all activities from the stack. It requires `Intent.FLAG_ACTIVITY_NEW_TASK`. - restartIntent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK | Intent.FLAG_ACTIVITY_CLEAR_TASK); + // Create a restart handler. + Handler restartHandler = new Handler(); - // Make it so. + // Create a restart runnable. + Runnable restartRunnable = () -> { + // Restart Privacy Browser. startActivity(restartIntent); - } else if (!(encryptionSpinner.getSelectedItemPosition() == OPENPGP_ENCRYPTION)){ // The import was not successful. - // Display a snack bar with the import error. - Snackbar.make(fileNameEditText, getString(R.string.import_failed) + " " + importStatus, Snackbar.LENGTH_INDEFINITE).show(); - } + + // Kill this instance of Privacy Browser. Otherwise, the app exhibits sporadic behavior after the restart. + System.exit(0); + }; + + // Restart Privacy Browser after 150 milliseconds to allow enough time for the preferences to be saved. + restartHandler.postDelayed(restartRunnable, 150); } } \ No newline at end of file