From b7abd561f561af451ec717746e198a8686d10868 Mon Sep 17 00:00:00 2001 From: Aditya Wasan Date: Tue, 17 Aug 2021 04:14:43 +0530 Subject: [PATCH] Add `KeyPair` and `KeyManager` to manage keys in the app (#1487) Co-authored-by: Harsh Shandilya --- .github/workflows/pull_request.yml | 86 ++++++++- buildSrc/src/main/java/BaseProjectConfig.kt | 3 + buildSrc/src/main/java/SlimTests.kt | 6 +- crypto-common/api/crypto-common.api | 57 ++++++ crypto-common/build.gradle.kts | 2 + .../aps/data/crypto/CryptoException.kt | 19 ++ .../msfjarvis/aps/data/crypto/KeyManager.kt | 19 ++ .../dev/msfjarvis/aps/data/crypto/KeyPair.kt | 14 ++ crypto-pgp/api/crypto-pgp.api | 18 ++ crypto-pgp/build.gradle.kts | 14 ++ .../msfjarvis/aps/crypto/GPGKeyManagerTest.kt | 165 ++++++++++++++++++ .../msfjarvis/aps/crypto/GPGKeyPairTest.kt | 52 ++++++ .../aps/crypto/utils/CryptoConstants.kt | 14 ++ .../src/androidTest/res/raw/private_key | 18 ++ .../aps/data/crypto/GPGKeyManager.kt | 95 ++++++++++ .../msfjarvis/aps/data/crypto/GPGKeyPair.kt | 28 +++ scripts/boot-emulator.sh | 29 +++ scripts/setup-environment.sh | 42 +++++ 18 files changed, 673 insertions(+), 8 deletions(-) create mode 100644 crypto-common/src/main/kotlin/dev/msfjarvis/aps/data/crypto/CryptoException.kt create mode 100644 crypto-common/src/main/kotlin/dev/msfjarvis/aps/data/crypto/KeyManager.kt create mode 100644 crypto-common/src/main/kotlin/dev/msfjarvis/aps/data/crypto/KeyPair.kt create mode 100644 crypto-pgp/src/androidTest/kotlin/dev/msfjarvis/aps/crypto/GPGKeyManagerTest.kt create mode 100644 crypto-pgp/src/androidTest/kotlin/dev/msfjarvis/aps/crypto/GPGKeyPairTest.kt create mode 100644 crypto-pgp/src/androidTest/kotlin/dev/msfjarvis/aps/crypto/utils/CryptoConstants.kt create mode 100644 crypto-pgp/src/androidTest/res/raw/private_key create mode 100644 crypto-pgp/src/main/kotlin/dev/msfjarvis/aps/data/crypto/GPGKeyManager.kt create mode 100644 crypto-pgp/src/main/kotlin/dev/msfjarvis/aps/data/crypto/GPGKeyPair.kt create mode 100755 scripts/boot-emulator.sh create mode 100755 scripts/setup-environment.sh diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 994a5ca0..ffe8acae 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -2,13 +2,9 @@ on: [pull_request] name: Check pull request jobs: - test-pr: + unit-tests: runs-on: ubuntu-latest steps: - - #- name: Auto-cancel redundant workflow run - # uses: technote-space/auto-cancel-redundant-workflow@f9dfa1c127a520e4d71b92892850f861fb861206 - - name: Check if relevant files have changed uses: actions/github-script@a3e7071a34d7e1f219a8a4de9a5e0a34d1ee1293 id: service-changed @@ -43,8 +39,6 @@ jobs: uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f with: fetch-depth: 0 - #with: - # ref: refs/pull/${{ github.event.pull_request.number }}/merge - name: Copy CI gradle.properties if: ${{ steps.service-changed.outputs.result == 'true' }} @@ -62,3 +56,81 @@ jobs: with: name: Test report path: app/build/reports + + run-screenshot-tests: + runs-on: macOS-latest + steps: + - name: Check if relevant files have changed + uses: actions/github-script@a3e7071a34d7e1f219a8a4de9a5e0a34d1ee1293 + id: service-changed + with: + result-encoding: string + script: | + const result = await github.pulls.listFiles({ + owner: context.payload.repository.owner.login, + repo: context.payload.repository.name, + pull_number: context.payload.number, + per_page: 100 + }) + const files = result.data.filter(file => + // We wanna run this if the PR workflow is modified + (file.filename.endsWith(".yml") && !file.filename.endsWith("pull_request.yml")) || + // Changes in Markdown files don't need tests + file.filename.endsWith(".md") || + // Changes to fastlane metadata aren't covered by tests + file.filename.startsWith("fastlane/") + ) + // If filtered file count and source file count is equal, it means all files + // in this PR are skip-worthy. + return files.length != result.data.length + + - uses: actions/cache@c64c572235d810460d0d6876e9c705ad5002b353 + if: ${{ steps.service-changed.outputs.result == 'true' }} + id: avd-cache + with: + path: | + ~/.android/avd/* + ~/.android/adb* + key: avd-23 + + - uses: actions/setup-java@d202f5dbf7256730fb690ec59f6381650114feb2 + if: ${{ steps.service-changed.outputs.result == 'true' }} + with: + java-version: '11' + + - name: Checkout repository + if: ${{ steps.service-changed.outputs.result == 'true' }} + uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f + with: + fetch-depth: 0 + + - name: Copy CI gradle.properties + if: ${{ steps.service-changed.outputs.result == 'true' }} + run: mkdir -p ~/.gradle ; cp .github/ci-gradle.properties ~/.gradle/gradle.properties + + - name: Create AVD and generate snapshot for caching + uses: reactivecircus/android-emulator-runner@5de26e4bd23bf523e8a4b7f077df8bfb8e52b50e + if: ${{ steps.avd-cache.outputs.cache-hit != 'true' }} + with: + api-level: 23 + force-avd-creation: false + emulator-options: -no-window -gpu swiftshader_indirect -noaudio -no-boot-anim -camera-back none + disable-animations: false + script: echo "Generated AVD snapshot for caching" + + - name: Run screenshot tests + uses: reactivecircus/android-emulator-runner@5de26e4bd23bf523e8a4b7f077df8bfb8e52b50e + if: ${{ steps.service-changed.outputs.result == 'true' }} + with: + api-level: 23 + force-avd-creation: false + emulator-options: -no-snapshot-save -no-window -gpu swiftshader_indirect -noaudio -no-boot-anim -camera-back none + disable-animations: true + script: ./gradlew connectedCheck -PslimTests + + - name: (Fail-only) upload test report + if: failure() + uses: actions/upload-artifact@27121b0bdffd731efa15d66772be8dc71245d074 + with: + name: Test report + path: app/build/reports diff --git a/buildSrc/src/main/java/BaseProjectConfig.kt b/buildSrc/src/main/java/BaseProjectConfig.kt index f3a33713..f9687c3c 100644 --- a/buildSrc/src/main/java/BaseProjectConfig.kt +++ b/buildSrc/src/main/java/BaseProjectConfig.kt @@ -121,6 +121,7 @@ internal fun TestedExtension.configureCommonAndroidOptions() { sourceSets { named("main") { java.srcDirs("src/main/kotlin") } named("test") { java.srcDirs("src/test/kotlin") } + named("androidTest") { java.srcDirs("src/androidTest/kotlin") } } packagingOptions { @@ -128,6 +129,8 @@ internal fun TestedExtension.configureCommonAndroidOptions() { resources.excludes.add("**/*.txt") resources.excludes.add("**/*.kotlin_module") resources.excludes.add("**/plugin.properties") + resources.excludes.add("**/META-INF/AL2.0") + resources.excludes.add("**/META-INF/LGPL2.1") } compileOptions { diff --git a/buildSrc/src/main/java/SlimTests.kt b/buildSrc/src/main/java/SlimTests.kt index e06c7c8c..4057032b 100644 --- a/buildSrc/src/main/java/SlimTests.kt +++ b/buildSrc/src/main/java/SlimTests.kt @@ -21,7 +21,10 @@ internal fun Project.configureSlimTests() { if (providers.gradleProperty(SLIM_TESTS_PROPERTY).forUseAtConfigurationTime().isPresent) { // disable unit test tasks on the release build type for Android Library projects extensions.findByType()?.run { - beforeVariants(selector().withBuildType(BuildType.RELEASE.name)) { it.enableUnitTest = false } + beforeVariants(selector().withBuildType(BuildType.RELEASE.name)) { + it.enableUnitTest = false + it.enableAndroidTest = false + } } // disable unit test tasks on the release build type and free flavor for Android Application @@ -30,6 +33,7 @@ internal fun Project.configureSlimTests() { beforeVariants(selector().withBuildType(BuildType.RELEASE.name)) { it.enableUnitTest = false } beforeVariants(selector().withFlavor(FlavorDimensions.FREE to ProductFlavors.NON_FREE)) { it.enableUnitTest = false + it.enableAndroidTest = false } } } diff --git a/crypto-common/api/crypto-common.api b/crypto-common/api/crypto-common.api index 7493379c..6468ea9b 100644 --- a/crypto-common/api/crypto-common.api +++ b/crypto-common/api/crypto-common.api @@ -1,6 +1,63 @@ +public abstract class dev/msfjarvis/aps/data/crypto/CryptoException : java/lang/Exception { + public synthetic fun (Ljava/lang/String;ILkotlin/jvm/internal/DefaultConstructorMarker;)V + public synthetic fun (Ljava/lang/String;Lkotlin/jvm/internal/DefaultConstructorMarker;)V +} + public abstract interface class dev/msfjarvis/aps/data/crypto/CryptoHandler { public abstract fun canHandle (Ljava/lang/String;)Z public abstract fun decrypt (Ljava/lang/String;[B[B)[B public abstract fun encrypt (Ljava/lang/String;[B)[B } +public abstract interface class dev/msfjarvis/aps/data/crypto/KeyManager { + public abstract fun addKey (Ldev/msfjarvis/aps/data/crypto/KeyPair;ZLkotlin/coroutines/Continuation;)Ljava/lang/Object; + public abstract fun canHandle (Ljava/lang/String;)Z + public abstract fun getAllKeys (Lkotlin/coroutines/Continuation;)Ljava/lang/Object; + public abstract fun getKeyById (Ljava/lang/String;Lkotlin/coroutines/Continuation;)Ljava/lang/Object; + public abstract fun removeKey (Ldev/msfjarvis/aps/data/crypto/KeyPair;Lkotlin/coroutines/Continuation;)Ljava/lang/Object; +} + +public final class dev/msfjarvis/aps/data/crypto/KeyManager$DefaultImpls { + public static synthetic fun addKey$default (Ldev/msfjarvis/aps/data/crypto/KeyManager;Ldev/msfjarvis/aps/data/crypto/KeyPair;ZLkotlin/coroutines/Continuation;ILjava/lang/Object;)Ljava/lang/Object; +} + +public abstract class dev/msfjarvis/aps/data/crypto/KeyManagerException : dev/msfjarvis/aps/data/crypto/CryptoException { + public synthetic fun (Ljava/lang/String;ILkotlin/jvm/internal/DefaultConstructorMarker;)V + public synthetic fun (Ljava/lang/String;Lkotlin/jvm/internal/DefaultConstructorMarker;)V +} + +public final class dev/msfjarvis/aps/data/crypto/KeyManagerException$KeyAlreadyExistsException : dev/msfjarvis/aps/data/crypto/KeyManagerException { + public fun (Ljava/lang/String;)V +} + +public final class dev/msfjarvis/aps/data/crypto/KeyManagerException$KeyDeletionFailedException : dev/msfjarvis/aps/data/crypto/KeyManagerException { + public static final field INSTANCE Ldev/msfjarvis/aps/data/crypto/KeyManagerException$KeyDeletionFailedException; +} + +public final class dev/msfjarvis/aps/data/crypto/KeyManagerException$KeyDirectoryUnavailableException : dev/msfjarvis/aps/data/crypto/KeyManagerException { + public static final field INSTANCE Ldev/msfjarvis/aps/data/crypto/KeyManagerException$KeyDirectoryUnavailableException; +} + +public final class dev/msfjarvis/aps/data/crypto/KeyManagerException$KeyNotFoundException : dev/msfjarvis/aps/data/crypto/KeyManagerException { + public fun (Ljava/lang/String;)V +} + +public final class dev/msfjarvis/aps/data/crypto/KeyManagerException$NoKeysAvailableException : dev/msfjarvis/aps/data/crypto/KeyManagerException { + public static final field INSTANCE Ldev/msfjarvis/aps/data/crypto/KeyManagerException$NoKeysAvailableException; +} + +public abstract interface class dev/msfjarvis/aps/data/crypto/KeyPair { + public abstract fun getKeyId ()Ljava/lang/String; + public abstract fun getPrivateKey ()[B + public abstract fun getPublicKey ()[B +} + +public abstract class dev/msfjarvis/aps/data/crypto/KeyPairException : dev/msfjarvis/aps/data/crypto/CryptoException { + public synthetic fun (Ljava/lang/String;ILkotlin/jvm/internal/DefaultConstructorMarker;)V + public synthetic fun (Ljava/lang/String;Lkotlin/jvm/internal/DefaultConstructorMarker;)V +} + +public final class dev/msfjarvis/aps/data/crypto/KeyPairException$PrivateKeyUnavailableException : dev/msfjarvis/aps/data/crypto/KeyPairException { + public static final field INSTANCE Ldev/msfjarvis/aps/data/crypto/KeyPairException$PrivateKeyUnavailableException; +} + diff --git a/crypto-common/build.gradle.kts b/crypto-common/build.gradle.kts index c1f3eef8..44323900 100644 --- a/crypto-common/build.gradle.kts +++ b/crypto-common/build.gradle.kts @@ -6,3 +6,5 @@ plugins { kotlin("jvm") `aps-plugin` } + +dependencies { implementation(libs.thirdparty.kotlinResult) } diff --git a/crypto-common/src/main/kotlin/dev/msfjarvis/aps/data/crypto/CryptoException.kt b/crypto-common/src/main/kotlin/dev/msfjarvis/aps/data/crypto/CryptoException.kt new file mode 100644 index 00000000..6a73d381 --- /dev/null +++ b/crypto-common/src/main/kotlin/dev/msfjarvis/aps/data/crypto/CryptoException.kt @@ -0,0 +1,19 @@ +package dev.msfjarvis.aps.data.crypto + +public sealed class CryptoException(message: String? = null) : Exception(message) + +public sealed class KeyPairException(message: String? = null) : CryptoException(message) { + public object PrivateKeyUnavailableException : + KeyPairException("Key object does not have a private sub-key") +} + +public sealed class KeyManagerException(message: String? = null) : CryptoException(message) { + public object NoKeysAvailableException : KeyManagerException("No keys were found") + public object KeyDirectoryUnavailableException : + KeyManagerException("Key directory does not exist") + public object KeyDeletionFailedException : KeyManagerException("Couldn't delete the key file") + public class KeyNotFoundException(keyId: String) : + KeyManagerException("No key found with id: $keyId") + public class KeyAlreadyExistsException(keyId: String) : + KeyManagerException("Pre-existing key was found for $keyId but 'replace' is set to false") +} diff --git a/crypto-common/src/main/kotlin/dev/msfjarvis/aps/data/crypto/KeyManager.kt b/crypto-common/src/main/kotlin/dev/msfjarvis/aps/data/crypto/KeyManager.kt new file mode 100644 index 00000000..b5ba881e --- /dev/null +++ b/crypto-common/src/main/kotlin/dev/msfjarvis/aps/data/crypto/KeyManager.kt @@ -0,0 +1,19 @@ +/* + * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved. + * SPDX-License-Identifier: GPL-3.0-only + */ + +package dev.msfjarvis.aps.data.crypto + +import com.github.michaelbull.result.Result + +public interface KeyManager { + + public suspend fun addKey(key: T, replace: Boolean = false): Result + public suspend fun removeKey(key: T): Result + public suspend fun getKeyById(id: String): Result + public suspend fun getAllKeys(): Result, Throwable> + + /** Given a [fileName], return whether this instance can handle it. */ + public fun canHandle(fileName: String): Boolean +} diff --git a/crypto-common/src/main/kotlin/dev/msfjarvis/aps/data/crypto/KeyPair.kt b/crypto-common/src/main/kotlin/dev/msfjarvis/aps/data/crypto/KeyPair.kt new file mode 100644 index 00000000..e2362612 --- /dev/null +++ b/crypto-common/src/main/kotlin/dev/msfjarvis/aps/data/crypto/KeyPair.kt @@ -0,0 +1,14 @@ +/* + * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved. + * SPDX-License-Identifier: GPL-3.0-only + */ + +package dev.msfjarvis.aps.data.crypto + +/** Defines expectations for a keypair used in public key cryptography. */ +public interface KeyPair { + + public fun getPrivateKey(): ByteArray + public fun getPublicKey(): ByteArray + public fun getKeyId(): String +} diff --git a/crypto-pgp/api/crypto-pgp.api b/crypto-pgp/api/crypto-pgp.api index 2164360c..c9b2dde7 100644 --- a/crypto-pgp/api/crypto-pgp.api +++ b/crypto-pgp/api/crypto-pgp.api @@ -1,3 +1,21 @@ +public final class dev/msfjarvis/aps/data/crypto/GPGKeyManager : dev/msfjarvis/aps/data/crypto/KeyManager { + public fun (Ljava/lang/String;Lkotlinx/coroutines/CoroutineDispatcher;)V + public fun addKey (Ldev/msfjarvis/aps/data/crypto/GPGKeyPair;ZLkotlin/coroutines/Continuation;)Ljava/lang/Object; + public synthetic fun addKey (Ldev/msfjarvis/aps/data/crypto/KeyPair;ZLkotlin/coroutines/Continuation;)Ljava/lang/Object; + public fun canHandle (Ljava/lang/String;)Z + public fun getAllKeys (Lkotlin/coroutines/Continuation;)Ljava/lang/Object; + public fun getKeyById (Ljava/lang/String;Lkotlin/coroutines/Continuation;)Ljava/lang/Object; + public fun removeKey (Ldev/msfjarvis/aps/data/crypto/GPGKeyPair;Lkotlin/coroutines/Continuation;)Ljava/lang/Object; + public synthetic fun removeKey (Ldev/msfjarvis/aps/data/crypto/KeyPair;Lkotlin/coroutines/Continuation;)Ljava/lang/Object; +} + +public final class dev/msfjarvis/aps/data/crypto/GPGKeyPair : dev/msfjarvis/aps/data/crypto/KeyPair { + public fun (Lcom/proton/Gopenpgp/crypto/Key;)V + public fun getKeyId ()Ljava/lang/String; + public fun getPrivateKey ()[B + public fun getPublicKey ()[B +} + public final class dev/msfjarvis/aps/data/crypto/GopenpgpCryptoHandler : dev/msfjarvis/aps/data/crypto/CryptoHandler { public fun ()V public fun canHandle (Ljava/lang/String;)Z diff --git a/crypto-pgp/build.gradle.kts b/crypto-pgp/build.gradle.kts index 493062b6..95542b1c 100644 --- a/crypto-pgp/build.gradle.kts +++ b/crypto-pgp/build.gradle.kts @@ -2,14 +2,28 @@ * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved. * SPDX-License-Identifier: GPL-3.0-only */ + plugins { id("com.android.library") kotlin("android") `aps-plugin` } +android { + defaultConfig { + testApplicationId = "dev.msfjarvis.aps.cryptopgp.test" + testInstrumentationRunner = "androidx.test.runner.AndroidJUnitRunner" + } +} + dependencies { api(projects.cryptoCommon) + implementation(libs.androidx.annotation) implementation(libs.aps.gopenpgp) implementation(libs.dagger.hilt.core) + implementation(libs.kotlin.coroutines.core) + implementation(libs.thirdparty.kotlinResult) + androidTestImplementation(libs.bundles.testDependencies) + androidTestImplementation(libs.kotlin.coroutines.test) + androidTestImplementation(libs.bundles.androidTestDependencies) } diff --git a/crypto-pgp/src/androidTest/kotlin/dev/msfjarvis/aps/crypto/GPGKeyManagerTest.kt b/crypto-pgp/src/androidTest/kotlin/dev/msfjarvis/aps/crypto/GPGKeyManagerTest.kt new file mode 100644 index 00000000..80a13eb5 --- /dev/null +++ b/crypto-pgp/src/androidTest/kotlin/dev/msfjarvis/aps/crypto/GPGKeyManagerTest.kt @@ -0,0 +1,165 @@ +package dev.msfjarvis.aps.crypto + +import androidx.test.platform.app.InstrumentationRegistry +import com.github.michaelbull.result.unwrap +import com.github.michaelbull.result.unwrapError +import com.proton.Gopenpgp.crypto.Key +import dev.msfjarvis.aps.crypto.utils.CryptoConstants +import dev.msfjarvis.aps.cryptopgp.test.R +import dev.msfjarvis.aps.data.crypto.GPGKeyManager +import dev.msfjarvis.aps.data.crypto.GPGKeyPair +import dev.msfjarvis.aps.data.crypto.KeyManagerException +import java.io.File +import kotlin.test.assertEquals +import kotlin.test.assertIs +import kotlinx.coroutines.ExperimentalCoroutinesApi +import kotlinx.coroutines.test.TestCoroutineDispatcher +import kotlinx.coroutines.test.runBlockingTest +import org.junit.After +import org.junit.Before +import org.junit.Test + +@OptIn(ExperimentalCoroutinesApi::class) +public class GPGKeyManagerTest { + + private val testCoroutineDispatcher = TestCoroutineDispatcher() + private lateinit var gpgKeyManager: GPGKeyManager + private lateinit var key: GPGKeyPair + + @Before + public fun setup() { + gpgKeyManager = GPGKeyManager(getFilesDir().absolutePath, testCoroutineDispatcher) + key = GPGKeyPair(Key(getKey())) + } + + @After + public fun tearDown() { + val filesDir = getFilesDir() + val keysDir = File(filesDir, GPGKeyManager.KEY_DIR_NAME) + + keysDir.deleteRecursively() + } + + @Test + public fun testAddingKey() { + runBlockingTest { + // Check if the key id returned is correct + val keyId = gpgKeyManager.addKey(key).unwrap().getKeyId() + assertEquals(CryptoConstants.KEY_ID, keyId) + + // Check if the keys directory have one file + val keysDir = File(getFilesDir(), GPGKeyManager.KEY_DIR_NAME) + assertEquals(1, keysDir.list()?.size) + + // Check if the file name is correct + val keyFile = keysDir.listFiles()?.first() + assertEquals(keyFile?.name, "$keyId.${GPGKeyManager.KEY_EXTENSION}") + } + } + + @Test + public fun testAddingKeyWithoutReplaceFlag() { + runBlockingTest { + // Check adding the keys twice + gpgKeyManager.addKey(key, false).unwrap() + val error = gpgKeyManager.addKey(key, false).unwrapError() + + assertIs(error) + } + } + + @Test + public fun testAddingKeyWithReplaceFlag() { + runBlockingTest { + // Check adding the keys twice + gpgKeyManager.addKey(key, true).unwrap() + val keyId = gpgKeyManager.addKey(key, true).unwrap().getKeyId() + + assertEquals(CryptoConstants.KEY_ID, keyId) + } + } + + @Test + public fun testRemovingKey() { + runBlockingTest { + // Add key using KeyManager + gpgKeyManager.addKey(key).unwrap() + + // Check if the key id returned is correct + val keyId = gpgKeyManager.removeKey(key).unwrap().getKeyId() + assertEquals(CryptoConstants.KEY_ID, keyId) + + // Check if the keys directory have 0 files + val keysDir = File(getFilesDir(), GPGKeyManager.KEY_DIR_NAME) + assertEquals(0, keysDir.list()?.size) + } + } + + @Test + public fun testGetExistingKey() { + runBlockingTest { + // Add key using KeyManager + gpgKeyManager.addKey(key).unwrap() + + // Check returned key id matches the expected id and the created key id + val returnedKeyPair = gpgKeyManager.getKeyById(key.getKeyId()).unwrap() + assertEquals(CryptoConstants.KEY_ID, key.getKeyId()) + assertEquals(key.getKeyId(), returnedKeyPair.getKeyId()) + } + } + + @Test + public fun testGetNonExistentKey() { + runBlockingTest { + // Add key using KeyManager + gpgKeyManager.addKey(key).unwrap() + + val randomKeyId = "0x123456789" + + // Check returned key + val error = gpgKeyManager.getKeyById(randomKeyId).unwrapError() + assertIs(error) + assertEquals("No key found with id: $randomKeyId", error.message) + } + } + + @Test + public fun testFindKeysWithoutAdding() { + runBlockingTest { + // Check returned key + val error = gpgKeyManager.getKeyById("0x123456789").unwrapError() + assertIs(error) + assertEquals("No keys were found", error.message) + } + } + + @Test + public fun testGettingAllKeys() { + runBlockingTest { + // TODO: Should we check for more than 1 keys? + // Check if KeyManager returns no key + val noKeyList = gpgKeyManager.getAllKeys().unwrap() + assertEquals(0, noKeyList.size) + + // Add key using KeyManager + gpgKeyManager.addKey(key).unwrap() + + // Check if KeyManager returns one key + val singleKeyList = gpgKeyManager.getAllKeys().unwrap() + assertEquals(1, singleKeyList.size) + } + } + + private companion object { + + fun getFilesDir(): File = InstrumentationRegistry.getInstrumentation().context.filesDir + + fun getKey(): String = + InstrumentationRegistry.getInstrumentation() + .context + .resources + .openRawResource(R.raw.private_key) + .readBytes() + .decodeToString() + } +} diff --git a/crypto-pgp/src/androidTest/kotlin/dev/msfjarvis/aps/crypto/GPGKeyPairTest.kt b/crypto-pgp/src/androidTest/kotlin/dev/msfjarvis/aps/crypto/GPGKeyPairTest.kt new file mode 100644 index 00000000..2340d9a5 --- /dev/null +++ b/crypto-pgp/src/androidTest/kotlin/dev/msfjarvis/aps/crypto/GPGKeyPairTest.kt @@ -0,0 +1,52 @@ +/* + * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved. + * SPDX-License-Identifier: GPL-3.0-only + */ + +package dev.msfjarvis.aps.crypto + +import androidx.test.platform.app.InstrumentationRegistry +import com.proton.Gopenpgp.crypto.Key +import dev.msfjarvis.aps.crypto.utils.CryptoConstants +import dev.msfjarvis.aps.cryptopgp.test.R +import dev.msfjarvis.aps.data.crypto.GPGKeyPair +import dev.msfjarvis.aps.data.crypto.KeyPairException +import kotlin.test.assertEquals +import kotlin.test.assertFailsWith +import org.junit.Test + +public class GPGKeyPairTest { + + @Test + public fun testIfKeyIdIsCorrect() { + val gpgKey = Key(getKey()) + val keyPair = GPGKeyPair(gpgKey) + + assertEquals(CryptoConstants.KEY_ID, keyPair.getKeyId()) + } + + @Test + public fun testBuildingKeyPairWithoutPrivateKey() { + assertFailsWith( + "GPGKeyPair does not have a private sub key" + ) { + // Get public key object from private key + val gpgKey = Key(getKey()).toPublic() + // Try creating a KeyPair from public key + val keyPair = GPGKeyPair(gpgKey) + + keyPair.getPrivateKey() + } + } + + private companion object { + + fun getKey(): String = + InstrumentationRegistry.getInstrumentation() + .context + .resources + .openRawResource(R.raw.private_key) + .readBytes() + .decodeToString() + } +} diff --git a/crypto-pgp/src/androidTest/kotlin/dev/msfjarvis/aps/crypto/utils/CryptoConstants.kt b/crypto-pgp/src/androidTest/kotlin/dev/msfjarvis/aps/crypto/utils/CryptoConstants.kt new file mode 100644 index 00000000..873f7105 --- /dev/null +++ b/crypto-pgp/src/androidTest/kotlin/dev/msfjarvis/aps/crypto/utils/CryptoConstants.kt @@ -0,0 +1,14 @@ +/* + * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved. + * SPDX-License-Identifier: GPL-3.0-only + */ + +package dev.msfjarvis.aps.crypto.utils + +internal object CryptoConstants { + internal const val KEY_PASSPHRASE = "hunter2" + internal const val PLAIN_TEXT = "encryption worthy content" + internal const val KEY_NAME = "John Doe" + internal const val KEY_EMAIL = "john.doe@example.com" + internal const val KEY_ID = "04ace699d5b15b7e" +} diff --git a/crypto-pgp/src/androidTest/res/raw/private_key b/crypto-pgp/src/androidTest/res/raw/private_key new file mode 100644 index 00000000..5a4f436c --- /dev/null +++ b/crypto-pgp/src/androidTest/res/raw/private_key @@ -0,0 +1,18 @@ +-----BEGIN PGP PRIVATE KEY BLOCK----- +Version: GopenPGP 2.1.9 +Comment: https://gopenpgp.org + +xYYEYN+EThYJKwYBBAHaRw8BAQdAh0d9GdVyJV6KbFynPz3sHkdi5RDnKYs+l0x0 +rEOEthX+CQMIfg7BTvTTe7pgvNERA1vLXRjSxXyi7tfSV13JRnrapp7YtNUSHLVS +PqbaLBd6+EXx7dJ9mUSUSWVga5mdtLZ/k6e+6dsygeHiJuwxfGbHnc0fSm9obiBE +b2UgPGpvaG4uZG9lQGV4YW1wbGUuY29tPsKIBBMWCAA6BQJg34ROCRAErOaZ1bFb +fhYhBJQ0DPsSHC5XfslyQwSs5pnVsVt+AhsDAh4BAhkBAwsJBwIVCAIiAQAAtgwB +AOa3rnipQPsxgxvOP1V+2kD6ssiwt6BZRWwPcyfeX1h4AP9ozBYr+PSmNbam9bnq +wgXwuQhPJeWTSgILMaiasugGCMeLBGDfhE4SCisGAQQBl1UBBQEBB0ClFQJX/L2G +EX9ucC5mvwj3X/7aDXDFAmIpQeWYSS1negMBCgn+CQMIF1uko+Ym3thgoDWUgM5e +MNmDG3rYkTa7h6mlhhrsYtE/GN78EJHP1ygFzOczU/YdbxSRTZCu697uPCZLWURV +1+b66KLTMNHNaAkoFb2JC8J4BBgWCAAqBQJg34ROCRAErOaZ1bFbfhYhBJQ0DPsS +HC5XfslyQwSs5pnVsVt+AhsMAAB1CgEApNcEivCSp0f8CnV4UCoSRRRekIbP1Ub2 +GJx6iRJR8xwA/jicDxdnl/Umfd3mWjGk04R47whiDOXdwjBmC1KVBaMH +=Sfsa +-----END PGP PRIVATE KEY BLOCK----- \ No newline at end of file diff --git a/crypto-pgp/src/main/kotlin/dev/msfjarvis/aps/data/crypto/GPGKeyManager.kt b/crypto-pgp/src/main/kotlin/dev/msfjarvis/aps/data/crypto/GPGKeyManager.kt new file mode 100644 index 00000000..478d2700 --- /dev/null +++ b/crypto-pgp/src/main/kotlin/dev/msfjarvis/aps/data/crypto/GPGKeyManager.kt @@ -0,0 +1,95 @@ +/* + * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved. + * SPDX-License-Identifier: GPL-3.0-only + */ + +package dev.msfjarvis.aps.data.crypto + +import androidx.annotation.VisibleForTesting +import com.github.michaelbull.result.Result +import com.github.michaelbull.result.runCatching +import com.proton.Gopenpgp.crypto.Crypto +import java.io.File +import kotlinx.coroutines.CoroutineDispatcher +import kotlinx.coroutines.withContext + +public class GPGKeyManager(filesDir: String, private val dispatcher: CoroutineDispatcher) : + KeyManager { + + private val keyDir = File(filesDir, KEY_DIR_NAME) + + override suspend fun addKey(key: GPGKeyPair, replace: Boolean): Result = + withContext(dispatcher) { + runCatching { + if (!keyDirExists()) throw KeyManagerException.KeyDirectoryUnavailableException + val keyFile = File(keyDir, "${key.getKeyId()}.$KEY_EXTENSION") + if (keyFile.exists()) { + // Check for replace flag first and if it is false, throw an error + if (!replace) throw KeyManagerException.KeyAlreadyExistsException(key.getKeyId()) + if (!keyFile.delete()) throw KeyManagerException.KeyDeletionFailedException + } + + keyFile.writeBytes(key.getPrivateKey()) + + key + } + } + + override suspend fun removeKey(key: GPGKeyPair): Result = + withContext(dispatcher) { + runCatching { + if (!keyDirExists()) throw KeyManagerException.KeyDirectoryUnavailableException + val keyFile = File(keyDir, "${key.getKeyId()}.$KEY_EXTENSION") + if (keyFile.exists()) { + if (!keyFile.delete()) throw KeyManagerException.KeyDeletionFailedException + } + + key + } + } + + override suspend fun getKeyById(id: String): Result = + withContext(dispatcher) { + runCatching { + if (!keyDirExists()) throw KeyManagerException.KeyDirectoryUnavailableException + val keys = keyDir.listFiles() + if (keys.isNullOrEmpty()) throw KeyManagerException.NoKeysAvailableException + + for (keyFile in keys) { + val keyPair = GPGKeyPair(Crypto.newKeyFromArmored(keyFile.readText())) + if (keyPair.getKeyId() == id) return@runCatching keyPair + } + + throw KeyManagerException.KeyNotFoundException(id) + } + } + + override suspend fun getAllKeys(): Result, Throwable> = + withContext(dispatcher) { + runCatching { + if (!keyDirExists()) throw KeyManagerException.KeyDirectoryUnavailableException + val keys = keyDir.listFiles() + if (keys.isNullOrEmpty()) return@runCatching listOf() + + keys.map { GPGKeyPair(Crypto.newKeyFromArmored(it.readText())) }.toList() + } + } + + override fun canHandle(fileName: String): Boolean { + // TODO: This is a temp hack for now and in future it should check that the GPGKeyManager can + // decrypt the file + return fileName.endsWith(KEY_EXTENSION) + } + + private fun keyDirExists(): Boolean { + return keyDir.exists() || keyDir.mkdirs() + } + + internal companion object { + + @VisibleForTesting(otherwise = VisibleForTesting.PRIVATE) + internal const val KEY_DIR_NAME: String = "keys" + @VisibleForTesting(otherwise = VisibleForTesting.PRIVATE) + internal const val KEY_EXTENSION: String = "key" + } +} diff --git a/crypto-pgp/src/main/kotlin/dev/msfjarvis/aps/data/crypto/GPGKeyPair.kt b/crypto-pgp/src/main/kotlin/dev/msfjarvis/aps/data/crypto/GPGKeyPair.kt new file mode 100644 index 00000000..2dbe8689 --- /dev/null +++ b/crypto-pgp/src/main/kotlin/dev/msfjarvis/aps/data/crypto/GPGKeyPair.kt @@ -0,0 +1,28 @@ +/* + * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved. + * SPDX-License-Identifier: GPL-3.0-only + */ + +package dev.msfjarvis.aps.data.crypto + +import com.proton.Gopenpgp.crypto.Key + +/** Wraps a Gopenpgp [Key] to implement [KeyPair]. */ +public class GPGKeyPair(private val key: Key) : KeyPair { + + init { + if (!key.isPrivate) throw KeyPairException.PrivateKeyUnavailableException + } + + override fun getPrivateKey(): ByteArray { + return key.armor().encodeToByteArray() + } + + override fun getPublicKey(): ByteArray { + return key.armoredPublicKey.encodeToByteArray() + } + + override fun getKeyId(): String { + return key.hexKeyID + } +} diff --git a/scripts/boot-emulator.sh b/scripts/boot-emulator.sh new file mode 100755 index 00000000..abd73efa --- /dev/null +++ b/scripts/boot-emulator.sh @@ -0,0 +1,29 @@ +#!/usr/bin/env bash + +# Boots an emulator that exactly matches the one in our CI. It is recommended +# to use this as the target device for android tests. + +set -euo pipefail + +[ -n "${ANDROID_SDK_ROOT:-}" ] || { + echo "ANDROID_SDK_ROOT must be set to use this script" + exit + 1 +} +[ -n "${ANDROID_API_LEVEL:-}" ] || { echo "ANDROID_API_LEVEL not defined; defaulting to 30"; } + +API_LEVEL="${ANDROID_API_LEVEL:-30}" + +echo no | "${ANDROID_SDK_ROOT}"/cmdline-tools/latest/bin/avdmanager create avd \ + --force \ + -n "Pixel_XL_API_${API_LEVEL}" \ + --abi 'google_apis/x86' \ + --package "system-images;android-${API_LEVEL};google_apis;x86" \ + --device 'pixel_xl' + +"${ANDROID_SDK_ROOT}"/emulator/emulator \ + -avd "Pixel_XL_API_${API_LEVEL}" \ + -no-window \ + -gpu swiftshader_indirect \ + -noaudio \ + -no-boot-anim diff --git a/scripts/setup-environment.sh b/scripts/setup-environment.sh new file mode 100755 index 00000000..30dd0c19 --- /dev/null +++ b/scripts/setup-environment.sh @@ -0,0 +1,42 @@ +#!/usr/bin/env bash + +# Installs the latest command line tools and sets up the necessary packages for an Android emulator +# for API level $ANDROID_API_LEVEL, or API 30 if unspecified. + +set -euo pipefail + +CMDLINE_TOOLS_URL_MAC="https://dl.google.com/android/repository/commandlinetools-mac-7583922_latest.zip" +CMDLINE_TOOLS_URL_LINUX="https://dl.google.com/android/repository/commandlinetools-linux-7583922_latest.zip" + +[ -n "${ANDROID_SDK_ROOT:-}" ] || { + echo "ANDROID_SDK_ROOT must be set to use this script" + exit + 1 +} + +if [ "$(uname)" == "Linux" ]; then + wget "${CMDLINE_TOOLS_URL_LINUX}" -O /tmp/tools.zip -o /dev/null +elif [ "$(uname)" == "Darwin" ]; then + wget "${CMDLINE_TOOLS_URL_MAC}" -O /tmp/tools.zip -o /dev/null +else + echo "This script only works on Linux and Mac" + exit 1 +fi + +[ -n "${ANDROID_API_LEVEL:-}" ] || { echo "ANDROID_API_LEVEL not defined; defaulting to 30"; } + +API_LEVEL="${ANDROID_API_LEVEL:-30}" + +unzip -qo /tmp/tools.zip -d "${ANDROID_SDK_ROOT}/latest" +mkdir -p "${ANDROID_SDK_ROOT}/cmdline-tools" +if [ -d "${ANDROID_SDK_ROOT}/cmdline-tools" ]; then + rm -rf "${ANDROID_SDK_ROOT}/cmdline-tools" +fi +mkdir -p "${ANDROID_SDK_ROOT}/cmdline-tools" +mv -v "${ANDROID_SDK_ROOT}/latest/cmdline-tools" "${ANDROID_SDK_ROOT}/cmdline-tools/latest" + +export PATH="${ANDROID_SDK_ROOT}/cmdline-tools/latest/bin:${PATH}" + +sdkmanager --install 'build-tools;30.0.3' platform-tools "platforms;android-${API_LEVEL}" +sdkmanager --install emulator +sdkmanager --install "system-images;android-${API_LEVEL};google_apis;x86"