Store backup passphrase insecurely for now
This is being done to implement automatic background updates and not supposed to be part of a release. The backup key will later be generated and shown to the user instead of allowing them to choose their own.
This commit is contained in:
parent
6da59c8192
commit
8a0fe3c513
4 changed files with 50 additions and 8 deletions
|
@ -6,6 +6,7 @@ import android.os.Bundle;
|
|||
import android.view.Menu;
|
||||
import android.view.MenuInflater;
|
||||
import android.view.View;
|
||||
|
||||
import com.stevesoltys.backup.R;
|
||||
import com.stevesoltys.backup.activity.PackageListActivity;
|
||||
|
||||
|
@ -22,7 +23,7 @@ public class CreateBackupActivity extends PackageListActivity implements View.On
|
|||
int viewId = view.getId();
|
||||
|
||||
if (viewId == R.id.create_confirm_button) {
|
||||
controller.showEnterPasswordAlert(selectedPackageList, contentUri, this);
|
||||
controller.onCreateBackupButtonClicked(selectedPackageList, contentUri, this);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -7,12 +7,19 @@ import android.os.RemoteException;
|
|||
import android.text.InputType;
|
||||
import android.util.Log;
|
||||
import android.view.View;
|
||||
import android.widget.*;
|
||||
import android.widget.ArrayAdapter;
|
||||
import android.widget.EditText;
|
||||
import android.widget.ListView;
|
||||
import android.widget.PopupWindow;
|
||||
import android.widget.TextView;
|
||||
import android.widget.Toast;
|
||||
|
||||
import com.google.android.collect.Sets;
|
||||
import com.stevesoltys.backup.R;
|
||||
import com.stevesoltys.backup.activity.PopupWindowUtil;
|
||||
import com.stevesoltys.backup.service.PackageService;
|
||||
import com.stevesoltys.backup.service.backup.BackupService;
|
||||
import com.stevesoltys.backup.settings.SettingsManager;
|
||||
|
||||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
|
@ -68,7 +75,16 @@ class CreateBackupActivityController {
|
|||
});
|
||||
}
|
||||
|
||||
void showEnterPasswordAlert(Set<String> selectedPackages, Uri contentUri, Activity parent) {
|
||||
void onCreateBackupButtonClicked(Set<String> selectedPackages, Uri contentUri, Activity parent) {
|
||||
String password = SettingsManager.getBackupPassword(parent);
|
||||
if (password == null) {
|
||||
showEnterPasswordAlert(selectedPackages, contentUri, parent);
|
||||
} else {
|
||||
backupService.backupPackageData(selectedPackages, contentUri, parent, password);
|
||||
}
|
||||
}
|
||||
|
||||
private void showEnterPasswordAlert(Set<String> selectedPackages, Uri contentUri, Activity parent) {
|
||||
final EditText passwordTextView = new EditText(parent);
|
||||
passwordTextView.setInputType(InputType.TYPE_CLASS_TEXT | InputType.TYPE_TEXT_VARIATION_PASSWORD);
|
||||
|
||||
|
@ -77,9 +93,16 @@ class CreateBackupActivityController {
|
|||
.setMessage("You'll need this to restore your backup, so write it down!")
|
||||
.setView(passwordTextView)
|
||||
|
||||
.setPositiveButton("Set password", (dialog, button) ->
|
||||
.setPositiveButton("Set password", (dialog, button) -> {
|
||||
if (passwordTextView.getText().length() == 0) {
|
||||
Toast.makeText(parent, "Please enter a password", Toast.LENGTH_SHORT).show();
|
||||
dialog.cancel();
|
||||
showEnterPasswordAlert(selectedPackages, contentUri, parent);
|
||||
} else {
|
||||
showConfirmPasswordAlert(selectedPackages, contentUri, parent,
|
||||
passwordTextView.getText().toString()))
|
||||
passwordTextView.getText().toString());
|
||||
}
|
||||
})
|
||||
|
||||
.setNegativeButton("Cancel", (dialog, button) -> dialog.cancel())
|
||||
.show();
|
||||
|
@ -98,6 +121,7 @@ class CreateBackupActivityController {
|
|||
String password = passwordTextView.getText().toString();
|
||||
|
||||
if (originalPassword.equals(password)) {
|
||||
SettingsManager.setBackupPassword(parent, password);
|
||||
backupService.backupPackageData(selectedPackages, contentUri, parent, password);
|
||||
|
||||
} else {
|
||||
|
|
|
@ -9,6 +9,7 @@ import static android.preference.PreferenceManager.getDefaultSharedPreferences;
|
|||
public class SettingsManager {
|
||||
|
||||
private static final String PREF_KEY_BACKUP_URI = "backupUri";
|
||||
private static final String PREF_KEY_BACKUP_PASSWORD = "backupLegacyPassword";
|
||||
|
||||
public static void setBackupFolderUri(Context context, Uri uri) {
|
||||
getDefaultSharedPreferences(context)
|
||||
|
@ -24,4 +25,20 @@ public class SettingsManager {
|
|||
return Uri.parse(uriStr);
|
||||
}
|
||||
|
||||
/**
|
||||
* This is insecure and not supposed to be part of a release,
|
||||
* but rather an intermediate step towards a generated passphrase.
|
||||
*/
|
||||
public static void setBackupPassword(Context context, String password) {
|
||||
getDefaultSharedPreferences(context)
|
||||
.edit()
|
||||
.putString(PREF_KEY_BACKUP_PASSWORD, password)
|
||||
.apply();
|
||||
}
|
||||
|
||||
@Nullable
|
||||
public static String getBackupPassword(Context context) {
|
||||
return getDefaultSharedPreferences(context).getString(PREF_KEY_BACKUP_PASSWORD, null);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -23,6 +23,7 @@ import java.util.zip.ZipEntry;
|
|||
import java.util.zip.ZipOutputStream;
|
||||
|
||||
import static android.app.backup.BackupTransport.*;
|
||||
import static java.util.Objects.requireNonNull;
|
||||
|
||||
/**
|
||||
* @author Steve Soltys
|
||||
|
@ -245,9 +246,8 @@ public class ContentProviderBackupComponent implements BackupComponent {
|
|||
backupState.getOutputStream().write(backupState.getSalt());
|
||||
backupState.getOutputStream().closeEntry();
|
||||
|
||||
if (configuration.getPassword() != null && !configuration.getPassword().isEmpty()) {
|
||||
backupState.setSecretKey(KeyGenerator.generate(configuration.getPassword(), backupState.getSalt()));
|
||||
}
|
||||
String password = requireNonNull(configuration.getPassword());
|
||||
backupState.setSecretKey(KeyGenerator.generate(password, backupState.getSalt()));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue