Store backup passphrase insecurely for now

This is being done to implement automatic background updates
and not supposed to be part of a release.

The backup key will later be generated and shown to the user instead of
allowing them to choose their own.
This commit is contained in:
Torsten Grote 2019-06-05 16:45:04 -03:00
parent 6da59c8192
commit 8a0fe3c513
No known key found for this signature in database
GPG key ID: 3E5F77D92CF891FF
4 changed files with 50 additions and 8 deletions

View file

@ -6,6 +6,7 @@ import android.os.Bundle;
import android.view.Menu;
import android.view.MenuInflater;
import android.view.View;
import com.stevesoltys.backup.R;
import com.stevesoltys.backup.activity.PackageListActivity;
@ -22,7 +23,7 @@ public class CreateBackupActivity extends PackageListActivity implements View.On
int viewId = view.getId();
if (viewId == R.id.create_confirm_button) {
controller.showEnterPasswordAlert(selectedPackageList, contentUri, this);
controller.onCreateBackupButtonClicked(selectedPackageList, contentUri, this);
}
}

View file

@ -7,12 +7,19 @@ import android.os.RemoteException;
import android.text.InputType;
import android.util.Log;
import android.view.View;
import android.widget.*;
import android.widget.ArrayAdapter;
import android.widget.EditText;
import android.widget.ListView;
import android.widget.PopupWindow;
import android.widget.TextView;
import android.widget.Toast;
import com.google.android.collect.Sets;
import com.stevesoltys.backup.R;
import com.stevesoltys.backup.activity.PopupWindowUtil;
import com.stevesoltys.backup.service.PackageService;
import com.stevesoltys.backup.service.backup.BackupService;
import com.stevesoltys.backup.settings.SettingsManager;
import java.util.LinkedList;
import java.util.List;
@ -68,7 +75,16 @@ class CreateBackupActivityController {
});
}
void showEnterPasswordAlert(Set<String> selectedPackages, Uri contentUri, Activity parent) {
void onCreateBackupButtonClicked(Set<String> selectedPackages, Uri contentUri, Activity parent) {
String password = SettingsManager.getBackupPassword(parent);
if (password == null) {
showEnterPasswordAlert(selectedPackages, contentUri, parent);
} else {
backupService.backupPackageData(selectedPackages, contentUri, parent, password);
}
}
private void showEnterPasswordAlert(Set<String> selectedPackages, Uri contentUri, Activity parent) {
final EditText passwordTextView = new EditText(parent);
passwordTextView.setInputType(InputType.TYPE_CLASS_TEXT | InputType.TYPE_TEXT_VARIATION_PASSWORD);
@ -77,9 +93,16 @@ class CreateBackupActivityController {
.setMessage("You'll need this to restore your backup, so write it down!")
.setView(passwordTextView)
.setPositiveButton("Set password", (dialog, button) ->
.setPositiveButton("Set password", (dialog, button) -> {
if (passwordTextView.getText().length() == 0) {
Toast.makeText(parent, "Please enter a password", Toast.LENGTH_SHORT).show();
dialog.cancel();
showEnterPasswordAlert(selectedPackages, contentUri, parent);
} else {
showConfirmPasswordAlert(selectedPackages, contentUri, parent,
passwordTextView.getText().toString()))
passwordTextView.getText().toString());
}
})
.setNegativeButton("Cancel", (dialog, button) -> dialog.cancel())
.show();
@ -98,6 +121,7 @@ class CreateBackupActivityController {
String password = passwordTextView.getText().toString();
if (originalPassword.equals(password)) {
SettingsManager.setBackupPassword(parent, password);
backupService.backupPackageData(selectedPackages, contentUri, parent, password);
} else {

View file

@ -9,6 +9,7 @@ import static android.preference.PreferenceManager.getDefaultSharedPreferences;
public class SettingsManager {
private static final String PREF_KEY_BACKUP_URI = "backupUri";
private static final String PREF_KEY_BACKUP_PASSWORD = "backupLegacyPassword";
public static void setBackupFolderUri(Context context, Uri uri) {
getDefaultSharedPreferences(context)
@ -24,4 +25,20 @@ public class SettingsManager {
return Uri.parse(uriStr);
}
/**
* This is insecure and not supposed to be part of a release,
* but rather an intermediate step towards a generated passphrase.
*/
public static void setBackupPassword(Context context, String password) {
getDefaultSharedPreferences(context)
.edit()
.putString(PREF_KEY_BACKUP_PASSWORD, password)
.apply();
}
@Nullable
public static String getBackupPassword(Context context) {
return getDefaultSharedPreferences(context).getString(PREF_KEY_BACKUP_PASSWORD, null);
}
}

View file

@ -23,6 +23,7 @@ import java.util.zip.ZipEntry;
import java.util.zip.ZipOutputStream;
import static android.app.backup.BackupTransport.*;
import static java.util.Objects.requireNonNull;
/**
* @author Steve Soltys
@ -245,9 +246,8 @@ public class ContentProviderBackupComponent implements BackupComponent {
backupState.getOutputStream().write(backupState.getSalt());
backupState.getOutputStream().closeEntry();
if (configuration.getPassword() != null && !configuration.getPassword().isEmpty()) {
backupState.setSecretKey(KeyGenerator.generate(configuration.getPassword(), backupState.getSalt()));
}
String password = requireNonNull(configuration.getPassword());
backupState.setSecretKey(KeyGenerator.generate(password, backupState.getSalt()));
}
}