Fix #21 store GPG keys in Uber Keystore

app/src/main/java/info/knacki/pass/io/FileInterfaceFactory.java

@@ -11,6 +11,7 @@ import java.util.Map;
 import java.util.logging.Logger;
 
 import info.knacki.pass.R;
+import info.knacki.pass.io.pgp.GPGFileInterface;
 import info.knacki.pass.settings.SettingsManager;
 
 public class FileInterfaceFactory {

app/src/main/java/info/knacki/pass/io/FileUtils.java

@@ -1,8 +1,8 @@
 package info.knacki.pass.io;
 
-import java.io.BufferedReader;
+import java.io.ByteArrayOutputStream;
 import java.io.File;
-import java.io.FileReader;
+import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
@@ -22,18 +22,14 @@ public class FileUtils {
         }
     }
 
-    public static String ReadAllFile(File file) throws IOException {
-        BufferedReader buf = new BufferedReader(new FileReader(file));
-        StringBuilder result = new StringBuilder();
-        String tmp;
+    public static byte[] ReadAllStream(InputStream str) throws IOException {
+        ByteArrayOutputStream out = new ByteArrayOutputStream();
+        pipe(str, out);
+        return out.toByteArray();
+    }
 
-        while ((tmp = buf.readLine()) != null) {
-            if (result.length() > 0)
-                result.append("\n");
-            result.append(tmp);
-        }
-        buf.close();
-        return result.toString();
+    public static String ReadAllFile(File file) throws IOException {
+        return CharsetHelper.ByteArrayToString(ReadAllStream(new FileInputStream(file)));
     }
 
     public static void pipe(InputStream in, OutputStream out) throws IOException {

app/src/main/java/info/knacki/pass/io/PathUtils.java

@@ -7,6 +7,7 @@ public class PathUtils {
     @SuppressWarnings("SpellCheckingInspection")
     private static final String DATA_GIT_LOCAL = "gitfiles";
     private static final String DATA_FINGER_LOCAL = "fingerprint";
+    private static final String DATA_GPG_FILE = "gpgKey";
 
     private static String GetAppRootDir(Context ctx) {
         return ctx.getFilesDir().getAbsolutePath();
@@ -24,6 +25,8 @@ public class PathUtils {
         return GetAppRootDir(ctx) +"/" +DATA_FINGER_LOCAL;
     }
 
+    public static String GetGPGKeyFile(Context ctx) { return GetAppRootDir(ctx) +"/" +DATA_GPG_FILE; }
+
     public static final String TRASH_SUFFIX = ".trash";
 
     public static boolean IsHidden(String path) {

app/src/main/java/info/knacki/pass/io/GPGFileInterface.java → app/src/main/java/info/knacki/pass/io/pgp/GPGFileInterface.java

@@ -1,4 +1,4 @@
-package info.knacki.pass.io;
+package info.knacki.pass.io.pgp;
 
 import android.content.Context;
 import android.content.res.Resources;
@@ -9,14 +9,17 @@ import java.io.FileOutputStream;
 import java.io.IOException;
 
 import info.knacki.pass.R;
-import info.knacki.pass.settings.SettingsManager;
+import info.knacki.pass.io.CharsetHelper;
+import info.knacki.pass.io.FileInterfaceFactory;
+import info.knacki.pass.io.IFileInterface;
+import info.knacki.pass.io.OnResponseListener;
 
-class GPGFileInterface implements IFileInterface {
+public class GPGFileInterface implements IFileInterface {
     private final File fFile;
     private final FileInterfaceFactory.PasswordGetter fPasswordGetter;
     private final Context fContext;
 
-    GPGFileInterface(Context ctx, FileInterfaceFactory.PasswordGetter passwordGetter, File f) {
+    public GPGFileInterface(Context ctx, FileInterfaceFactory.PasswordGetter passwordGetter, File f) {
         fFile = f;
         fPasswordGetter = passwordGetter;
         fContext = ctx;
@@ -29,7 +32,7 @@ class GPGFileInterface implements IFileInterface {
             return;
         }
         try {
-            if (!SettingsManager.HasGPGKey(fContext))
+            if (!GPGStorage.HasGPGKey(fContext))
                 throw new FileNotFoundException("GPG key not set");
             GPGUtil.DecryptFile(fContext, fPasswordGetter, fFile, new OnResponseListener<byte[]>() {
                 @Override
@@ -50,7 +53,7 @@ class GPGFileInterface implements IFileInterface {
     @Override
     public void WriteFile(String content, OnResponseListener<Void> resp) {
         try {
-            if (!SettingsManager.HasGPGKey(fContext))
+            if (!GPGStorage.HasGPGKey(fContext))
                 throw new FileNotFoundException("GPG key not set");
             GPGUtil.CryptFile(fContext, new FileOutputStream(fFile), CharsetHelper.StringToByteArray(content), resp);
         }
@@ -63,7 +66,7 @@ class GPGFileInterface implements IFileInterface {
     public String GetMethodName() {
         Resources r = fContext.getResources();
         String details;
-        if (SettingsManager.HasGPGKey(fContext)) {
+        if (GPGStorage.HasGPGKey(fContext)) {
             try {
                 details = r.getString(GPGUtil.CheckIsPasswordProtected(fContext) ? R.string.protected_key : R.string.unprotected_key_short);
             } catch (IOException e) {

app/src/main/java/info/knacki/pass/io/pgp/GPGStorage.java

@@ -0,0 +1,161 @@
+package info.knacki.pass.io.pgp;
+
+import android.content.Context;
+import android.support.annotation.NonNull;
+
+import org.bouncycastle.openpgp.PGPException;
+import org.bouncycastle.openpgp.PGPSecretKey;
+import org.bouncycastle.openpgp.PGPSecretKeyRing;
+import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
+import org.bouncycastle.openpgp.PGPUtil;
+import org.bouncycastle.openpgp.operator.jcajce.JcaKeyFingerprintCalculator;
+
+import java.io.ByteArrayInputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+import java.util.Iterator;
+import java.util.NoSuchElementException;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+
+import info.knacki.pass.io.FileUtils;
+import info.knacki.pass.io.PathUtils;
+
+public class GPGStorage {
+    private static final Logger log = Logger.getLogger(GPGStorage.class.getName());
+    private GPGStorage(){}
+
+    private final static String KEY_NAME = GPGStorage.class.getName()+"_PGP_PRIVATE";
+    private final static String KEY_PASS = GPGStorage.class.getName()+"___PASSWORD";
+
+    static SecretKey FindSecretKey(@NonNull byte[] in) throws IOException {
+        final PGPSecretKeyRingCollection pgpSec;
+
+        try {
+            pgpSec = new PGPSecretKeyRingCollection(in, new JcaKeyFingerprintCalculator());
+        } catch (PGPException e) {
+            throw new GPGUtil.MalformedKeyException(e);
+        }
+        Iterator<PGPSecretKeyRing> rIt = pgpSec.getKeyRings();
+        if (rIt.hasNext()) {
+            PGPSecretKey bcSecKey = rIt.next().getSecretKey();
+            return new SecretKeySpec(bcSecKey.getEncoded(), "AES");
+        }
+        throw new NoSuchElementException("GPG key not found");
+    }
+
+    private static KeyStore GetKeystore(Context ctx, boolean read) {
+        KeyStore ks;
+
+        try {
+            ks = KeyStore.getInstance("UBER", "BC");
+            if (read) {
+                File gpgKeyFile = new File(PathUtils.GetGPGKeyFile(ctx));
+                if (!gpgKeyFile.exists())
+                    throw new FileNotFoundException(gpgKeyFile.getName());
+                ks.load(new FileInputStream(gpgKeyFile), KEY_PASS.toCharArray());
+            } else {
+                ks.load(null, null);
+            }
+        } catch (KeyStoreException | NoSuchProviderException | IOException | CertificateException | NoSuchAlgorithmException e) {
+            log.log(Level.SEVERE, "Cannot retreive KeyStore", e);
+            ks = null;
+        }
+        return ks;
+    }
+
+    private static void SaveKeystore(Context ctx, KeyStore ks) {
+        try {
+            File f = new File(PathUtils.GetGPGKeyFile(ctx));
+            if (!f.exists() && !f.createNewFile())
+                throw new FileNotFoundException(f.getName());
+            ks.store(new FileOutputStream(f), KEY_PASS.toCharArray());
+        }
+        catch (IOException | CertificateException | NoSuchAlgorithmException | KeyStoreException e) {
+            log.log(Level.SEVERE, "Cannot save keystore", e);
+        }
+    }
+
+    public static boolean HasGPGKey(Context ctx) {
+        try {
+            KeyStore ks = GetKeystore(ctx, true);
+            return ks != null && ks.containsAlias(KEY_NAME);
+        } catch (KeyStoreException e) {
+            log.log(Level.SEVERE, "KeyStore Exception: " +e.getMessage(), e);
+            return false;
+        }
+    }
+
+    public static boolean SetGPGKeyContent(Context ctx, InputStream content) {
+        KeyStore ks = GetKeystore(ctx, false);
+        if (ks == null)
+            return false;
+        try {
+            SecretKey secret = FindSecretKey(FileUtils.ReadAllStream(content));
+            KeyStore.Entry e = new KeyStore.SecretKeyEntry(secret);
+            ks.setEntry(KEY_NAME, e, new KeyStore.PasswordProtection(null));
+            SaveKeystore(ctx, ks);
+        } catch (KeyStoreException | IOException e) {
+            log.log(Level.SEVERE, "Cannot set GPG key content", e);
+            return false;
+        }
+        return true;
+    }
+
+    private static @NonNull InputStream GetGPGKeyContent(Context ctx) throws FileNotFoundException {
+        if (!HasGPGKey(ctx))
+            throw new FileNotFoundException("GPG key");
+        KeyStore ks = GetKeystore(ctx, true);
+        if (ks == null)
+            throw new FileNotFoundException("GPG key store");
+        try {
+            return new ByteArrayInputStream(ks.getKey(KEY_NAME, null).getEncoded());
+        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
+            log.log(Level.SEVERE, "KeyStore Exception: " +e.getMessage(), e);
+            throw new FileNotFoundException("GPG key store");
+        }
+    }
+
+    public static void ExportGPGKeyContent(Context ctx, OutputStream out) throws IOException {
+        FileUtils.pipe(GetGPGKeyContent(ctx), out);
+    }
+
+    public static @NonNull PGPSecretKeyRing GetGPGKeyRing(Context ctx) throws IOException {
+        final PGPSecretKeyRingCollection pgpSec;
+
+        try {
+            pgpSec = new PGPSecretKeyRingCollection(PGPUtil.getDecoderStream(GetGPGKeyContent(ctx)), new JcaKeyFingerprintCalculator());
+        } catch (PGPException e) {
+            throw new GPGUtil.MalformedKeyException(e);
+        }
+        Iterator<PGPSecretKeyRing> rIt = pgpSec.getKeyRings();
+        if (rIt.hasNext())
+            return rIt.next();
+        throw new NoSuchElementException("GPG key not found");
+    }
+
+    public static @NonNull PGPSecretKey GetGPGSecretKey(Context ctx) throws IOException {
+        return GetGPGKeyRing(ctx).getSecretKey();
+    }
+
+    public static void RemoveGpgKey(Context ctx) {
+        File f = new File(PathUtils.GetGPGKeyFile(ctx));
+        if (f.exists() && !f.delete()) {
+            log.severe("Cannot remove GPG file");
+        }
+    }
+}

app/src/main/java/info/knacki/pass/io/GPGUtil.java → app/src/main/java/info/knacki/pass/io/pgp/GPGUtil.java

@@ -1,4 +1,4 @@
-package info.knacki.pass.io;
+package info.knacki.pass.io.pgp;
 
 import android.content.Context;
 import android.support.annotation.NonNull;
@@ -49,7 +49,6 @@ import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.File;
 import java.io.FileInputStream;
-import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
@@ -62,11 +61,14 @@ import java.util.NoSuchElementException;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
-import info.knacki.pass.settings.SettingsManager;
+import info.knacki.pass.io.FileInterfaceFactory;
+import info.knacki.pass.io.OnResponseListener;
 
 public class GPGUtil {
     private final static Logger log = Logger.getLogger(GPGUtil.class.getName());
 
+    private GPGUtil(){}
+
     public static class MalformedKeyException extends IOException {
         final Throwable fCause;
 
@@ -184,34 +186,6 @@ public class GPGUtil {
         return null;
     }
 
-    private static @NonNull
-    InputStream getKeyInputStream(Context ctx) throws FileNotFoundException {
-        InputStream ss = SettingsManager.GetGPGKeyContent(ctx);
-        if (ss == null)
-            throw new FileNotFoundException("GPG key");
-        return ss;
-    }
-
-    private static @NonNull
-    PGPSecretKeyRing findSecretKeyring(@NonNull InputStream in) throws IOException {
-        final PGPSecretKeyRingCollection pgpSec;
-
-        try {
-            pgpSec = new PGPSecretKeyRingCollection(PGPUtil.getDecoderStream(in), new JcaKeyFingerprintCalculator());
-        } catch (PGPException e) {
-            throw new MalformedKeyException(e);
-        }
-        Iterator<PGPSecretKeyRing> rIt = pgpSec.getKeyRings();
-        if (rIt.hasNext())
-            return rIt.next();
-        throw new NoSuchElementException("GPG key not found");
-    }
-
-    private static @NonNull
-    PGPSecretKey findSecretKey(@NonNull InputStream in) throws IOException {
-        return findSecretKeyring(in).getSecretKey();
-    }
-
     private static void DoDecryptFile(PGPPrivateKeyAndPass sKey, InputStream dataStream, OnResponseListener<byte[]> resp) {
         byte[] output;
         try {
@@ -247,7 +221,7 @@ public class GPGUtil {
 
             FindPassword(
                     passwordGetter,
-                    findSecretKey(getKeyInputStream(ctx)),
+                    GPGStorage.GetGPGSecretKey(ctx),
                     new OnResponseListener<PGPPrivateKeyAndPass>() {
                         @Override
                         public void OnResponse(PGPPrivateKeyAndPass sKey) {
@@ -286,7 +260,7 @@ public class GPGUtil {
 
             final byte[] compressedData = compressedDataStream.toByteArray();
             final OutputStream out = new ArmoredOutputStream(fileOutStream);
-            final PGPSecretKey sKey = findSecretKey(getKeyInputStream(ctx));
+            final PGPSecretKey sKey = GPGStorage.GetGPGSecretKey(ctx);
 
             PGPEncryptedDataGenerator encGen = new PGPEncryptedDataGenerator(new JcePGPDataEncryptorBuilder(PGPEncryptedDataGenerator.AES_128).setWithIntegrityPacket(true).setSecureRandom(new SecureRandom()).setProvider("BC"));
             encGen.addMethod(new JcePublicKeyKeyEncryptionMethodGenerator(sKey.getPublicKey()).setProvider("BC"));
@@ -307,7 +281,7 @@ public class GPGUtil {
     }
 
     public static void ChangePassword(final Context ctx, final FileInterfaceFactory.ChangePasswordGetter passwordGetter, final OnResponseListener<Void> onDone) throws IOException {
-        final PGPSecretKeyRing secretKeyring = findSecretKeyring(getKeyInputStream(ctx));
+        final PGPSecretKeyRing secretKeyring = GPGStorage.GetGPGKeyRing(ctx);
         final PGPSecretKey signingKey = secretKeyring.getSecretKey();
 
         FindPassword(
@@ -325,7 +299,7 @@ public class GPGUtil {
                                         keyringCollection.add(DoChangePassword(secretKeyring, sKey.fPass, result));
                                         ByteArrayOutputStream stream = new ByteArrayOutputStream();
                                         new PGPSecretKeyRingCollection(keyringCollection).encode(stream);
-                                        SettingsManager.SetGPGKeyContent(ctx, new ByteArrayInputStream(stream.toByteArray()));
+                                        GPGStorage.SetGPGKeyContent(ctx, new ByteArrayInputStream(stream.toByteArray()));
                                         onDone.OnResponse(null);
                                         return true;
                                     } catch (PGPException | IOException e) {
@@ -350,7 +324,7 @@ public class GPGUtil {
 
     public static String GetGPGKeyName(Context ctx) {
         try {
-            PGPSecretKey key = findSecretKey(getKeyInputStream(ctx));
+            PGPSecretKey key = GPGStorage.GetGPGSecretKey(ctx);
             Iterator<String> users = key.getUserIDs();
             if (users.hasNext())
                 return users.next();
@@ -396,6 +370,6 @@ public class GPGUtil {
     }
 
     public static boolean CheckIsPasswordProtected(Context ctx) throws IOException {
-        return TryPassword(findSecretKey(getKeyInputStream(ctx)), "") == null;
+        return TryPassword(GPGStorage.GetGPGSecretKey(ctx), "") == null;
     }
 }

app/src/main/java/info/knacki/pass/settings/SettingsManager.java

@@ -2,14 +2,10 @@ package info.knacki.pass.settings;
 
 import android.content.Context;
 import android.content.SharedPreferences;
-import android.util.Base64;
 import android.util.JsonReader;
 import android.util.MalformedJsonException;
 
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
 import java.io.IOException;
-import java.io.InputStream;
 import java.io.StringReader;
 import java.util.logging.Level;
 import java.util.logging.Logger;
@@ -197,8 +193,6 @@ public class SettingsManager {
     private final static String SHARED_PREF_FILE = "pass_prefs";
     @SuppressWarnings("SpellCheckingInspection") private static final String ENCRYPTION_PASSWORD = "encPasswd";
     private static final String FINGERPRINT_ACTIVE = "FingerprintEnabled";
-    private static final String GPG_KEY_FILE = "GPGKeyFile";
-
 
     private static SharedPreferences GetPrefManager(Context c) {
         return c.getSharedPreferences(SHARED_PREF_FILE, Context.MODE_PRIVATE);
@@ -225,48 +219,6 @@ public class SettingsManager {
             prefs.remove(VCS.class.getSimpleName()).commit();
     }
 
-    private static void doSetGpgKeyContent(Context ctx, String content) {
-        GetPrefManager(ctx).edit().putString(GPG_KEY_FILE, content).apply();
-    }
-
-    public static void RemoveGpgKey(Context ctx) {
-        GetPrefManager(ctx).edit().remove(GPG_KEY_FILE).apply();
-    }
-
-    public static boolean SetGPGKeyContent(Context ctx, InputStream stream) {
-        if (stream == null) {
-            GetPrefManager(ctx).edit().remove(GPG_KEY_FILE).apply();
-            return false;
-        }
-        try {
-            ByteArrayOutputStream bytes = new ByteArrayOutputStream();
-            final int bufLen = 1024;
-            byte[] buffer = new byte[bufLen];
-            int len;
-            do {
-                len = stream.read(buffer);
-                bytes.write(buffer, 0, len);
-            } while (len == bufLen);
-            doSetGpgKeyContent(ctx, Base64.encodeToString(bytes.toByteArray(), 0));
-        } catch (IOException e) {
-            log.log(Level.SEVERE, "Cannot read file", e);
-            RemoveGpgKey(ctx);
-            return false;
-        }
-        return true;
-    }
-
-    public static InputStream GetGPGKeyContent(Context ctx) {
-        String content = GetPrefManager(ctx).getString(GPG_KEY_FILE, null);
-        if (content != null)
-            return new ByteArrayInputStream(Base64.decode(content, 0));
-        return null;
-    }
-
-    public static boolean HasGPGKey(Context ctx) {
-        return GetPrefManager(ctx).contains(GPG_KEY_FILE);
-    }
-
     public static boolean HasPassword(Context ctx) {
         return !("".equals(GetPassword(ctx)));
     }

app/src/main/java/info/knacki/pass/settings/ui/SettingsActivity.java

@@ -31,7 +31,6 @@ import java.io.File;
 import java.io.FileNotFoundException;
 import java.io.FileOutputStream;
 import java.io.IOException;
-import java.io.InputStream;
 import java.util.Collection;
 import java.util.List;
 import java.util.Map;
@@ -44,9 +43,9 @@ import info.knacki.pass.git.GitInterfaceFactory;
 import info.knacki.pass.git.entities.GitRef;
 import info.knacki.pass.io.FileInterfaceFactory;
 import info.knacki.pass.io.FileMigratoryUtils;
-import info.knacki.pass.io.FileUtils;
-import info.knacki.pass.io.GPGUtil;
 import info.knacki.pass.io.OnResponseListener;
+import info.knacki.pass.io.pgp.GPGStorage;
+import info.knacki.pass.io.pgp.GPGUtil;
 import info.knacki.pass.settings.SettingsManager;
 import info.knacki.pass.ui.GitPullActivity;
 import info.knacki.pass.ui.alertPrompt.AlertPromptGenerator;
@@ -495,7 +494,7 @@ public class SettingsActivity extends AppCompatPreferenceActivity {
                         .setTitle(R.string.pref_gpg_title_username_mail)
                         .setPositiveButton(R.string.ok, (dialogInterface, v) -> {
                             byte[] keyData = GPGUtil.Generate(((UsernameAndEmail) v).GetUserAndEmail());
-                            SettingsManager.SetGPGKeyContent(getActivity(), new ByteArrayInputStream(keyData));
+                            GPGStorage.SetGPGKeyContent(getActivity(), new ByteArrayInputStream(keyData));
                             updateGpgFileLabel();
                             GPGSetPassword();
                         })
@@ -552,9 +551,7 @@ public class SettingsActivity extends AppCompatPreferenceActivity {
             try {
                 outFile.createNewFile();
                 FileOutputStream fileOut = new FileOutputStream(outFile);
-                InputStream keyContent = SettingsManager.GetGPGKeyContent(getActivity());
-                if (keyContent != null)
-                    FileUtils.pipe(keyContent, fileOut);
+                GPGStorage.ExportGPGKeyContent(getActivity(), fileOut);
                 fileOut.close();
             } catch (IOException e) {
                 Toast.makeText(getActivity(), "Cannot prepare key for sharing: " + e.getMessage(), Toast.LENGTH_LONG).show();
@@ -581,20 +578,20 @@ public class SettingsActivity extends AppCompatPreferenceActivity {
                     final Uri intentData = data.getData();
                     boolean gpgImportStatus;
                     if (intentData != null)
-                        gpgImportStatus = SettingsManager.SetGPGKeyContent(getActivity(), getActivity().getContentResolver().openInputStream(intentData));
+                        gpgImportStatus = GPGStorage.SetGPGKeyContent(getActivity(), getActivity().getContentResolver().openInputStream(intentData));
                     else
                         gpgImportStatus = false;
                     Toast.makeText(getActivity(), getResources().getString(gpgImportStatus ? R.string.gpg_import_ok : R.string.gpg_import_ko), Toast.LENGTH_LONG).show();
                 } catch (FileNotFoundException e) {
                     Toast.makeText(getActivity(), getResources().getString(R.string.file_not_found), Toast.LENGTH_LONG).show();
-                    SettingsManager.RemoveGpgKey(getActivity());
+                    GPGStorage.RemoveGpgKey(getActivity());
                 }
                 updateGpgFileLabel();
             }
         }
 
         protected void updateGpgFileLabel() {
-            if (SettingsManager.HasGPGKey(getActivity())) {
+            if (GPGStorage.HasGPGKey(getActivity())) {
                 findPreference(getResources().getString(R.string.id_gpg_key_file)).setSummary(GPGUtil.GetGPGKeyName(getActivity()));
                 findPreference(getResources().getString(R.string.id_gpg_password)).setEnabled(true);
                 findPreference(getResources().getString(R.string.id_gpg_export)).setEnabled(true);