diff --git a/app/src/main/java/org/shadowice/flocke/andotp/Activities/AuthenticateActivity.java b/app/src/main/java/org/shadowice/flocke/andotp/Activities/AuthenticateActivity.java index e4890f04..07bae0a5 100644 --- a/app/src/main/java/org/shadowice/flocke/andotp/Activities/AuthenticateActivity.java +++ b/app/src/main/java/org/shadowice/flocke/andotp/Activities/AuthenticateActivity.java @@ -94,15 +94,14 @@ public class AuthenticateActivity extends ThemedActivity passwordLabel.setText(labelMsg); authMethod = settings.getAuthMethod(); + password = settings.getAuthCredentials(authMethod); + + if (password.isEmpty()) { + password = settings.getOldCredentials(authMethod); + oldPassword = true; + } if (authMethod == AuthMethod.PASSWORD) { - password = settings.getAuthPasswordPBKDF2(); - - if (password.isEmpty()) { - password = settings.getAuthPasswordHash(); - oldPassword = true; - } - if (password.isEmpty()) { Toast.makeText(this, R.string.auth_toast_password_missing, Toast.LENGTH_LONG).show(); finishWithResult(true, null); @@ -111,13 +110,6 @@ public class AuthenticateActivity extends ThemedActivity passwordInput.setInputType(InputType.TYPE_CLASS_TEXT | InputType.TYPE_TEXT_VARIATION_PASSWORD); } } else if (authMethod == AuthMethod.PIN) { - password = settings.getAuthPINPBKDF2(); - - if (password.isEmpty()) { - password = settings.getAuthPINHash(); - oldPassword = true; - } - if (password.isEmpty()) { Toast.makeText(this, R.string.auth_toast_pin_missing, Toast.LENGTH_LONG).show(); finishWithResult(true, null); @@ -157,25 +149,10 @@ public class AuthenticateActivity extends ThemedActivity String hashedPassword = new String(Hex.encodeHex(DigestUtils.sha256(plainPassword))); if (hashedPassword.equals(password)) { - byte[] key = null; + byte[] key = settings.setAuthCredentials(authMethod, password); - try { - int iter = EncryptionHelper.generateRandomIterations(); - EncryptionHelper.PBKDF2Credentials credentials = EncryptionHelper.generatePBKDF2Credentials(plainPassword, settings.getSalt(), iter); - String base64 = Base64.encodeToString(credentials.password, Base64.URL_SAFE); - - if (authMethod == AuthMethod.PASSWORD) - settings.setAuthPasswordPBKDF2(base64); - else if (authMethod == AuthMethod.PIN) - settings.setAuthPINPBKDF2(base64); - - settings.setIterations(authMethod, iter); - - key = credentials.key; - } catch (NoSuchAlgorithmException | InvalidKeySpecException e) { + if (key == null) Toast.makeText(this, R.string.settings_toast_auth_upgrade_failed, Toast.LENGTH_LONG).show(); - e.printStackTrace(); - } if (authMethod == AuthMethod.PASSWORD) settings.removeAuthPasswordHash(); diff --git a/app/src/main/java/org/shadowice/flocke/andotp/Activities/SettingsActivity.java b/app/src/main/java/org/shadowice/flocke/andotp/Activities/SettingsActivity.java index 5766c0c5..09fb9439 100644 --- a/app/src/main/java/org/shadowice/flocke/andotp/Activities/SettingsActivity.java +++ b/app/src/main/java/org/shadowice/flocke/andotp/Activities/SettingsActivity.java @@ -39,6 +39,7 @@ import org.openintents.openpgp.util.OpenPgpKeyPreference; import org.shadowice.flocke.andotp.Preferences.CredentialsPreference; import org.shadowice.flocke.andotp.R; import org.shadowice.flocke.andotp.Utilities.KeyStoreHelper; +import org.shadowice.flocke.andotp.Utilities.Settings; import static org.shadowice.flocke.andotp.Utilities.Constants.AuthMethod; import static org.shadowice.flocke.andotp.Utilities.Constants.EncryptionType; @@ -117,6 +118,7 @@ public class SettingsActivity extends BaseActivity public static class SettingsFragment extends PreferenceFragment { PreferenceCategory catSecurity; + Settings settings; ListPreference encryption; OpenPgpAppPreference pgpProvider; @@ -126,6 +128,8 @@ public class SettingsActivity extends BaseActivity public void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); + settings = new Settings(getActivity()); + final SharedPreferences sharedPref = PreferenceManager.getDefaultSharedPreferences(getActivity().getBaseContext()); addPreferencesFromResource(R.xml.preferences); @@ -145,22 +149,15 @@ public class SettingsActivity extends BaseActivity @Override public boolean onPreferenceChange(final Preference preference, Object o) { String newEncryption = (String) o; - String auth = sharedPref.getString(getString(R.string.settings_key_auth), CredentialsPreference.DEFAULT_VALUE.name().toLowerCase()); EncryptionType encryptionType = EncryptionType.valueOf(newEncryption.toUpperCase()); - AuthMethod authMethod = AuthMethod.valueOf(auth.toUpperCase()); + AuthMethod authMethod = settings.getAuthMethod(); if (encryptionType == EncryptionType.PASSWORD) { if (authMethod != AuthMethod.PASSWORD && authMethod != AuthMethod.PIN) { Toast.makeText(getActivity(), R.string.settings_toast_encryption_invalid_with_auth, Toast.LENGTH_LONG).show(); return false; } else { - String credentials = ""; - if (authMethod == AuthMethod.PASSWORD) - credentials = sharedPref.getString(getString(R.string.settings_key_auth_password_pbkdf2), ""); - else if (authMethod == AuthMethod.PIN) - credentials = sharedPref.getString(getString(R.string.settings_key_auth_pin_pbkdf2), ""); - - if (credentials.isEmpty()) { + if (settings.getAuthCredentials(authMethod).isEmpty()) { Toast.makeText(getActivity(), R.string.settings_toast_encryption_invalid_without_credentials, Toast.LENGTH_LONG).show(); return false; } else { diff --git a/app/src/main/java/org/shadowice/flocke/andotp/Utilities/Settings.java b/app/src/main/java/org/shadowice/flocke/andotp/Utilities/Settings.java index 24d19e4d..057314c9 100644 --- a/app/src/main/java/org/shadowice/flocke/andotp/Utilities/Settings.java +++ b/app/src/main/java/org/shadowice/flocke/andotp/Utilities/Settings.java @@ -74,34 +74,12 @@ public class Settings { private void migrateDeprecatedSettings() { if (settings.contains(getResString(R.string.settings_key_auth_password))) { - String plainPassword = getAuthPassword(); - - try { - int iter = EncryptionHelper.generateRandomIterations(); - EncryptionHelper.PBKDF2Credentials credentials = EncryptionHelper.generatePBKDF2Credentials(plainPassword, getSalt(), iter); - setString(R.string.settings_key_auth_password_pbkdf2, Base64.encodeToString(credentials.password, Base64.URL_SAFE)); - setInt(R.string.settings_key_auth_password_iter, iter); - } catch (NoSuchAlgorithmException | InvalidKeySpecException e) { - Toast.makeText(context, R.string.settings_toast_auth_upgrade_failed, Toast.LENGTH_LONG).show(); - e.printStackTrace(); - } - + setAuthCredentials(AuthMethod.PASSWORD, getString(R.string.settings_key_auth_password, "")); remove(R.string.settings_key_auth_password); } if (settings.contains(getResString(R.string.settings_key_auth_pin))) { - String plainPIN = getAuthPIN(); - - try { - int iter = EncryptionHelper.generateRandomIterations(); - EncryptionHelper.PBKDF2Credentials credentials = EncryptionHelper.generatePBKDF2Credentials(plainPIN, getSalt(), iter); - setString(R.string.settings_key_auth_pin_pbkdf2, Base64.encodeToString(credentials.password, Base64.URL_SAFE)); - setInt(R.string.settings_key_auth_pin_iter, iter); - } catch (NoSuchAlgorithmException | InvalidKeySpecException e) { - Toast.makeText(context, R.string.settings_toast_auth_upgrade_failed, Toast.LENGTH_LONG).show(); - e.printStackTrace(); - } - + setAuthCredentials(AuthMethod.PIN, getString(R.string.settings_key_auth_pin, "")); remove(R.string.settings_key_auth_pin); } @@ -188,9 +166,8 @@ public class Settings { } public void clear(boolean keep_auth) { - String authMethod = getAuthMethod().toString().toLowerCase(); - String authPassword = getAuthPasswordHash(); - String authPIN = getAuthPINHash(); + AuthMethod authMethod = getAuthMethod(); + String authCredentials = getAuthCredentials(authMethod); boolean warningShown = getFirstTimeWarningShown(); @@ -200,13 +177,14 @@ public class Settings { editor.putBoolean(getResString(R.string.settings_key_security_backup_warning), warningShown); if (keep_auth) { - editor.putString(getResString(R.string.settings_key_auth), authMethod); + editor.putString(getResString(R.string.settings_key_auth), authMethod.toString().toLowerCase()); - if (!authPassword.isEmpty()) - editor.putString(getResString(R.string.settings_key_auth_password_hash), authPassword); - - if (!authPIN.isEmpty()) - editor.putString(getResString(R.string.settings_key_auth_pin_hash), authPIN); + if (! authCredentials.isEmpty()) { + if (authMethod == AuthMethod.PASSWORD) + editor.putString(getResString(R.string.settings_key_auth_password_pbkdf2), authCredentials); + else if (authMethod == AuthMethod.PIN) + editor.putString(getResString(R.string.settings_key_auth_pin_pbkdf2), authCredentials); + } } editor.commit(); @@ -235,44 +213,29 @@ public class Settings { return AuthMethod.valueOf(authString.toUpperCase()); } - private String getAuthPassword() { - return getString(R.string.settings_key_auth_password, ""); - } - - public String getAuthPasswordHash() { - return getString(R.string.settings_key_auth_password_hash, ""); - } - public void removeAuthPasswordHash() { remove(R.string.settings_key_auth_password_hash); } - - public String getAuthPasswordPBKDF2() { - return getString(R.string.settings_key_auth_password_pbkdf2, ""); - } - - public void setAuthPasswordPBKDF2(String password) { - setString(R.string.settings_key_auth_password_pbkdf2, password); - } - - private String getAuthPIN() { - return getString(R.string.settings_key_auth_pin, ""); - } - - public String getAuthPINHash() { - return getString(R.string.settings_key_auth_pin_hash, ""); - } - public void removeAuthPINHash() { remove(R.string.settings_key_auth_pin_hash); } - public String getAuthPINPBKDF2() { - return getString(R.string.settings_key_auth_pin_pbkdf2, ""); + public String getOldCredentials(AuthMethod method) { + if (method == AuthMethod.PASSWORD) + return getString(R.string.settings_key_auth_password_hash, ""); + else if (method == AuthMethod.PIN) + return getString(R.string.settings_key_auth_pin_hash, ""); + else + return ""; } - public void setAuthPINPBKDF2(String pin) { - setString(R.string.settings_key_auth_pin_pbkdf2, pin); + public String getAuthCredentials(AuthMethod method) { + if (method == AuthMethod.PASSWORD) + return getString(R.string.settings_key_auth_password_pbkdf2, ""); + else if (method == AuthMethod.PIN) + return getString(R.string.settings_key_auth_pin_pbkdf2, ""); + else + return ""; } public byte[] setAuthCredentials(AuthMethod method, String plainPassword) { @@ -286,9 +249,9 @@ public class Settings { setIterations(method, iterations); if (method == AuthMethod.PASSWORD) - setAuthPasswordPBKDF2(password); + setString(R.string.settings_key_auth_password_pbkdf2, password); else if (method == AuthMethod.PIN) - setAuthPINPBKDF2(password); + setString(R.string.settings_key_auth_pin_pbkdf2, password); key = credentials.key; } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {