Simplify some methods in the Settings helper

This commit is contained in:
Jakob Nixdorf 2018-01-03 07:04:36 +01:00
parent 293fa70994
commit 15f221f4b3
No known key found for this signature in database
GPG key ID: BE99BF86574A7DBC
3 changed files with 41 additions and 104 deletions

View file

@ -94,15 +94,14 @@ public class AuthenticateActivity extends ThemedActivity
passwordLabel.setText(labelMsg); passwordLabel.setText(labelMsg);
authMethod = settings.getAuthMethod(); authMethod = settings.getAuthMethod();
password = settings.getAuthCredentials(authMethod);
if (password.isEmpty()) {
password = settings.getOldCredentials(authMethod);
oldPassword = true;
}
if (authMethod == AuthMethod.PASSWORD) { if (authMethod == AuthMethod.PASSWORD) {
password = settings.getAuthPasswordPBKDF2();
if (password.isEmpty()) {
password = settings.getAuthPasswordHash();
oldPassword = true;
}
if (password.isEmpty()) { if (password.isEmpty()) {
Toast.makeText(this, R.string.auth_toast_password_missing, Toast.LENGTH_LONG).show(); Toast.makeText(this, R.string.auth_toast_password_missing, Toast.LENGTH_LONG).show();
finishWithResult(true, null); finishWithResult(true, null);
@ -111,13 +110,6 @@ public class AuthenticateActivity extends ThemedActivity
passwordInput.setInputType(InputType.TYPE_CLASS_TEXT | InputType.TYPE_TEXT_VARIATION_PASSWORD); passwordInput.setInputType(InputType.TYPE_CLASS_TEXT | InputType.TYPE_TEXT_VARIATION_PASSWORD);
} }
} else if (authMethod == AuthMethod.PIN) { } else if (authMethod == AuthMethod.PIN) {
password = settings.getAuthPINPBKDF2();
if (password.isEmpty()) {
password = settings.getAuthPINHash();
oldPassword = true;
}
if (password.isEmpty()) { if (password.isEmpty()) {
Toast.makeText(this, R.string.auth_toast_pin_missing, Toast.LENGTH_LONG).show(); Toast.makeText(this, R.string.auth_toast_pin_missing, Toast.LENGTH_LONG).show();
finishWithResult(true, null); finishWithResult(true, null);
@ -157,25 +149,10 @@ public class AuthenticateActivity extends ThemedActivity
String hashedPassword = new String(Hex.encodeHex(DigestUtils.sha256(plainPassword))); String hashedPassword = new String(Hex.encodeHex(DigestUtils.sha256(plainPassword)));
if (hashedPassword.equals(password)) { if (hashedPassword.equals(password)) {
byte[] key = null; byte[] key = settings.setAuthCredentials(authMethod, password);
try { if (key == null)
int iter = EncryptionHelper.generateRandomIterations();
EncryptionHelper.PBKDF2Credentials credentials = EncryptionHelper.generatePBKDF2Credentials(plainPassword, settings.getSalt(), iter);
String base64 = Base64.encodeToString(credentials.password, Base64.URL_SAFE);
if (authMethod == AuthMethod.PASSWORD)
settings.setAuthPasswordPBKDF2(base64);
else if (authMethod == AuthMethod.PIN)
settings.setAuthPINPBKDF2(base64);
settings.setIterations(authMethod, iter);
key = credentials.key;
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
Toast.makeText(this, R.string.settings_toast_auth_upgrade_failed, Toast.LENGTH_LONG).show(); Toast.makeText(this, R.string.settings_toast_auth_upgrade_failed, Toast.LENGTH_LONG).show();
e.printStackTrace();
}
if (authMethod == AuthMethod.PASSWORD) if (authMethod == AuthMethod.PASSWORD)
settings.removeAuthPasswordHash(); settings.removeAuthPasswordHash();

View file

@ -39,6 +39,7 @@ import org.openintents.openpgp.util.OpenPgpKeyPreference;
import org.shadowice.flocke.andotp.Preferences.CredentialsPreference; import org.shadowice.flocke.andotp.Preferences.CredentialsPreference;
import org.shadowice.flocke.andotp.R; import org.shadowice.flocke.andotp.R;
import org.shadowice.flocke.andotp.Utilities.KeyStoreHelper; import org.shadowice.flocke.andotp.Utilities.KeyStoreHelper;
import org.shadowice.flocke.andotp.Utilities.Settings;
import static org.shadowice.flocke.andotp.Utilities.Constants.AuthMethod; import static org.shadowice.flocke.andotp.Utilities.Constants.AuthMethod;
import static org.shadowice.flocke.andotp.Utilities.Constants.EncryptionType; import static org.shadowice.flocke.andotp.Utilities.Constants.EncryptionType;
@ -117,6 +118,7 @@ public class SettingsActivity extends BaseActivity
public static class SettingsFragment extends PreferenceFragment { public static class SettingsFragment extends PreferenceFragment {
PreferenceCategory catSecurity; PreferenceCategory catSecurity;
Settings settings;
ListPreference encryption; ListPreference encryption;
OpenPgpAppPreference pgpProvider; OpenPgpAppPreference pgpProvider;
@ -126,6 +128,8 @@ public class SettingsActivity extends BaseActivity
public void onCreate(Bundle savedInstanceState) { public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState); super.onCreate(savedInstanceState);
settings = new Settings(getActivity());
final SharedPreferences sharedPref = PreferenceManager.getDefaultSharedPreferences(getActivity().getBaseContext()); final SharedPreferences sharedPref = PreferenceManager.getDefaultSharedPreferences(getActivity().getBaseContext());
addPreferencesFromResource(R.xml.preferences); addPreferencesFromResource(R.xml.preferences);
@ -145,22 +149,15 @@ public class SettingsActivity extends BaseActivity
@Override @Override
public boolean onPreferenceChange(final Preference preference, Object o) { public boolean onPreferenceChange(final Preference preference, Object o) {
String newEncryption = (String) o; String newEncryption = (String) o;
String auth = sharedPref.getString(getString(R.string.settings_key_auth), CredentialsPreference.DEFAULT_VALUE.name().toLowerCase());
EncryptionType encryptionType = EncryptionType.valueOf(newEncryption.toUpperCase()); EncryptionType encryptionType = EncryptionType.valueOf(newEncryption.toUpperCase());
AuthMethod authMethod = AuthMethod.valueOf(auth.toUpperCase()); AuthMethod authMethod = settings.getAuthMethod();
if (encryptionType == EncryptionType.PASSWORD) { if (encryptionType == EncryptionType.PASSWORD) {
if (authMethod != AuthMethod.PASSWORD && authMethod != AuthMethod.PIN) { if (authMethod != AuthMethod.PASSWORD && authMethod != AuthMethod.PIN) {
Toast.makeText(getActivity(), R.string.settings_toast_encryption_invalid_with_auth, Toast.LENGTH_LONG).show(); Toast.makeText(getActivity(), R.string.settings_toast_encryption_invalid_with_auth, Toast.LENGTH_LONG).show();
return false; return false;
} else { } else {
String credentials = ""; if (settings.getAuthCredentials(authMethod).isEmpty()) {
if (authMethod == AuthMethod.PASSWORD)
credentials = sharedPref.getString(getString(R.string.settings_key_auth_password_pbkdf2), "");
else if (authMethod == AuthMethod.PIN)
credentials = sharedPref.getString(getString(R.string.settings_key_auth_pin_pbkdf2), "");
if (credentials.isEmpty()) {
Toast.makeText(getActivity(), R.string.settings_toast_encryption_invalid_without_credentials, Toast.LENGTH_LONG).show(); Toast.makeText(getActivity(), R.string.settings_toast_encryption_invalid_without_credentials, Toast.LENGTH_LONG).show();
return false; return false;
} else { } else {

View file

@ -74,34 +74,12 @@ public class Settings {
private void migrateDeprecatedSettings() { private void migrateDeprecatedSettings() {
if (settings.contains(getResString(R.string.settings_key_auth_password))) { if (settings.contains(getResString(R.string.settings_key_auth_password))) {
String plainPassword = getAuthPassword(); setAuthCredentials(AuthMethod.PASSWORD, getString(R.string.settings_key_auth_password, ""));
try {
int iter = EncryptionHelper.generateRandomIterations();
EncryptionHelper.PBKDF2Credentials credentials = EncryptionHelper.generatePBKDF2Credentials(plainPassword, getSalt(), iter);
setString(R.string.settings_key_auth_password_pbkdf2, Base64.encodeToString(credentials.password, Base64.URL_SAFE));
setInt(R.string.settings_key_auth_password_iter, iter);
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
Toast.makeText(context, R.string.settings_toast_auth_upgrade_failed, Toast.LENGTH_LONG).show();
e.printStackTrace();
}
remove(R.string.settings_key_auth_password); remove(R.string.settings_key_auth_password);
} }
if (settings.contains(getResString(R.string.settings_key_auth_pin))) { if (settings.contains(getResString(R.string.settings_key_auth_pin))) {
String plainPIN = getAuthPIN(); setAuthCredentials(AuthMethod.PIN, getString(R.string.settings_key_auth_pin, ""));
try {
int iter = EncryptionHelper.generateRandomIterations();
EncryptionHelper.PBKDF2Credentials credentials = EncryptionHelper.generatePBKDF2Credentials(plainPIN, getSalt(), iter);
setString(R.string.settings_key_auth_pin_pbkdf2, Base64.encodeToString(credentials.password, Base64.URL_SAFE));
setInt(R.string.settings_key_auth_pin_iter, iter);
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
Toast.makeText(context, R.string.settings_toast_auth_upgrade_failed, Toast.LENGTH_LONG).show();
e.printStackTrace();
}
remove(R.string.settings_key_auth_pin); remove(R.string.settings_key_auth_pin);
} }
@ -188,9 +166,8 @@ public class Settings {
} }
public void clear(boolean keep_auth) { public void clear(boolean keep_auth) {
String authMethod = getAuthMethod().toString().toLowerCase(); AuthMethod authMethod = getAuthMethod();
String authPassword = getAuthPasswordHash(); String authCredentials = getAuthCredentials(authMethod);
String authPIN = getAuthPINHash();
boolean warningShown = getFirstTimeWarningShown(); boolean warningShown = getFirstTimeWarningShown();
@ -200,13 +177,14 @@ public class Settings {
editor.putBoolean(getResString(R.string.settings_key_security_backup_warning), warningShown); editor.putBoolean(getResString(R.string.settings_key_security_backup_warning), warningShown);
if (keep_auth) { if (keep_auth) {
editor.putString(getResString(R.string.settings_key_auth), authMethod); editor.putString(getResString(R.string.settings_key_auth), authMethod.toString().toLowerCase());
if (!authPassword.isEmpty()) if (! authCredentials.isEmpty()) {
editor.putString(getResString(R.string.settings_key_auth_password_hash), authPassword); if (authMethod == AuthMethod.PASSWORD)
editor.putString(getResString(R.string.settings_key_auth_password_pbkdf2), authCredentials);
if (!authPIN.isEmpty()) else if (authMethod == AuthMethod.PIN)
editor.putString(getResString(R.string.settings_key_auth_pin_hash), authPIN); editor.putString(getResString(R.string.settings_key_auth_pin_pbkdf2), authCredentials);
}
} }
editor.commit(); editor.commit();
@ -235,44 +213,29 @@ public class Settings {
return AuthMethod.valueOf(authString.toUpperCase()); return AuthMethod.valueOf(authString.toUpperCase());
} }
private String getAuthPassword() {
return getString(R.string.settings_key_auth_password, "");
}
public String getAuthPasswordHash() {
return getString(R.string.settings_key_auth_password_hash, "");
}
public void removeAuthPasswordHash() { public void removeAuthPasswordHash() {
remove(R.string.settings_key_auth_password_hash); remove(R.string.settings_key_auth_password_hash);
} }
public String getAuthPasswordPBKDF2() {
return getString(R.string.settings_key_auth_password_pbkdf2, "");
}
public void setAuthPasswordPBKDF2(String password) {
setString(R.string.settings_key_auth_password_pbkdf2, password);
}
private String getAuthPIN() {
return getString(R.string.settings_key_auth_pin, "");
}
public String getAuthPINHash() {
return getString(R.string.settings_key_auth_pin_hash, "");
}
public void removeAuthPINHash() { public void removeAuthPINHash() {
remove(R.string.settings_key_auth_pin_hash); remove(R.string.settings_key_auth_pin_hash);
} }
public String getAuthPINPBKDF2() { public String getOldCredentials(AuthMethod method) {
return getString(R.string.settings_key_auth_pin_pbkdf2, ""); if (method == AuthMethod.PASSWORD)
return getString(R.string.settings_key_auth_password_hash, "");
else if (method == AuthMethod.PIN)
return getString(R.string.settings_key_auth_pin_hash, "");
else
return "";
} }
public void setAuthPINPBKDF2(String pin) { public String getAuthCredentials(AuthMethod method) {
setString(R.string.settings_key_auth_pin_pbkdf2, pin); if (method == AuthMethod.PASSWORD)
return getString(R.string.settings_key_auth_password_pbkdf2, "");
else if (method == AuthMethod.PIN)
return getString(R.string.settings_key_auth_pin_pbkdf2, "");
else
return "";
} }
public byte[] setAuthCredentials(AuthMethod method, String plainPassword) { public byte[] setAuthCredentials(AuthMethod method, String plainPassword) {
@ -286,9 +249,9 @@ public class Settings {
setIterations(method, iterations); setIterations(method, iterations);
if (method == AuthMethod.PASSWORD) if (method == AuthMethod.PASSWORD)
setAuthPasswordPBKDF2(password); setString(R.string.settings_key_auth_password_pbkdf2, password);
else if (method == AuthMethod.PIN) else if (method == AuthMethod.PIN)
setAuthPINPBKDF2(password); setString(R.string.settings_key_auth_pin_pbkdf2, password);
key = credentials.key; key = credentials.key;
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) { } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {