From: peli0101 Date: Sun, 26 Apr 2009 17:43:10 +0000 (+0000) Subject: OI Safe: Introduce session key for content provider. X-Git-Url: https://hydra-www.ietfng.org/gitweb/?a=commitdiff_plain;h=eca2875e4f3dc0c09767fdd1139a0d02742d50c3;p=android-vcpass-oisafe OI Safe: Introduce session key for content provider. git-svn-id: http://openintents.googlecode.com/svn/trunk/Safe@2050 72b678ce-9140-0410-bee8-679b907dd61a --- diff --git a/src/org/openintents/intents/CryptoIntents.java b/src/org/openintents/intents/CryptoIntents.java index f2d02e8..228ead8 100644 --- a/src/org/openintents/intents/CryptoIntents.java +++ b/src/org/openintents/intents/CryptoIntents.java @@ -112,6 +112,17 @@ public class CryptoIntents { */ public static final String EXTRA_TEXT_ARRAY = "org.openintents.extra.TEXT_ARRAY"; + /** + * A session key for encryption or decryption through a content provider. + * + * Include this extra with non-empty value to the ENCRYPT or DECRYPT action, + * and the resulting intent will contain the current session key, valid until + * OI Safe logs out. + * + *

Constant Value: "org.openintents.extra.SESSION_KEY"

+ */ + public static final String EXTRA_SESSION_KEY = "org.openintents.extra.SESSION_KEY"; + /** * Required input parameter to GET_PASSWORD and SET_PASSWORD. Corresponds to the "description" * field in passwordsafe. Should be a unique name for the password you're using, diff --git a/src/org/openintents/safe/CryptoContentProvider.java b/src/org/openintents/safe/CryptoContentProvider.java index 96a30fa..10ffdcd 100644 --- a/src/org/openintents/safe/CryptoContentProvider.java +++ b/src/org/openintents/safe/CryptoContentProvider.java @@ -138,6 +138,16 @@ public class CryptoContentProvider extends ContentProvider { // Decrypt file CryptoHelper ch = ServiceDispatchImpl.ch; // Use the global crypto helper that is connected to the single service we have. + if (ch == null) { + if (debug) Log.d(TAG, "OI Safe currently logged out."); + return null; + } + + if (!sessionKey.equals(ch.getCurrentSessionKey())) { + if (debug) Log.d(TAG, "Session keys do not match! " + sessionKey + " != " + ch.getCurrentSessionKey()); + return null; + } + Log.d(TAG, "Original file path: " + originalFile); if (CategoryList.isSignedIn()==false) { Intent frontdoor = new Intent(getContext(), FrontDoor.class); diff --git a/src/org/openintents/safe/CryptoHelper.java b/src/org/openintents/safe/CryptoHelper.java index cdb3064..3f64c88 100644 --- a/src/org/openintents/safe/CryptoHelper.java +++ b/src/org/openintents/safe/CryptoHelper.java @@ -86,6 +86,12 @@ public class CryptoHelper { private static byte[] salt = null; private static final int count = 20; + + /** + * Session key for content provider. + */ + private String sessionKey = null; + /** * Constructor which defaults to a medium encryption level. @@ -270,6 +276,9 @@ public class CryptoHelper { } catch (NoSuchPaddingException e) { Log.e(TAG,"setPassword(): "+e.toString()); } + + // Every time we set a new password, also the session key changes: + sessionKey = createNewSessionKey(); } private void setSalt(String saltIn) throws CryptoHelperException { @@ -286,6 +295,33 @@ public class CryptoHelper { salt=byteSaltIn; if (debug) Log.d(TAG,"setSalt: salt="+toHexString(salt)); } + + /** + * Returns the current session key, which is only valid until the + * user logs out of OI Safe. + * + * The session key is used when encrypting or decrypting files + * through the content provider. + * + * @return current session key. + */ + public String getCurrentSessionKey() { + return sessionKey; + } + + /** + * Creates a new random session key + * @return + */ + private String createNewSessionKey() { + try { + // simply create a new salt: + return generateSalt(); + } catch (NoSuchAlgorithmException e) { + return "12345"; // better than nothing... :-/ + } + } + /** * encrypt a string * diff --git a/src/org/openintents/safe/IntentHandler.java b/src/org/openintents/safe/IntentHandler.java index 1f1caf4..9e559c3 100644 --- a/src/org/openintents/safe/IntentHandler.java +++ b/src/org/openintents/safe/IntentHandler.java @@ -270,6 +270,11 @@ public class IntentHandler extends Activity { } callbackIntent.putExtra(CryptoIntents.EXTRA_TEXT_ARRAY, out); } + + if (thisIntent.hasExtra(CryptoIntents.EXTRA_SESSION_KEY)) { + String sessionkey = ch.getCurrentSessionKey(); + callbackIntent.putExtra(CryptoIntents.EXTRA_SESSION_KEY, sessionkey); + } if (thisIntent.getData() != null) { // Encrypt file from file URI