From 8a0fe3c513aaa04b5e7bc3d7e87b61ed27a4cac3 Mon Sep 17 00:00:00 2001
From: Torsten Grote <t@grobox.de>
Date: Wed, 5 Jun 2019 16:45:04 -0300
Subject: [PATCH] Store backup passphrase insecurely for now

This is being done to implement automatic background updates
and not supposed to be part of a release.

The backup key will later be generated and shown to the user instead of
allowing them to choose their own.
---
 .../activity/backup/CreateBackupActivity.java |  3 +-
 .../CreateBackupActivityController.java       | 32 ++++++++++++++++---
 .../backup/settings/SettingsManager.java      | 17 ++++++++++
 .../ContentProviderBackupComponent.java       |  6 ++--
 4 files changed, 50 insertions(+), 8 deletions(-)

diff --git a/app/src/main/java/com/stevesoltys/backup/activity/backup/CreateBackupActivity.java b/app/src/main/java/com/stevesoltys/backup/activity/backup/CreateBackupActivity.java
index c3c1bb0a..7ac6e255 100644
--- a/app/src/main/java/com/stevesoltys/backup/activity/backup/CreateBackupActivity.java
+++ b/app/src/main/java/com/stevesoltys/backup/activity/backup/CreateBackupActivity.java
@@ -6,6 +6,7 @@ import android.os.Bundle;
 import android.view.Menu;
 import android.view.MenuInflater;
 import android.view.View;
+
 import com.stevesoltys.backup.R;
 import com.stevesoltys.backup.activity.PackageListActivity;
 
@@ -22,7 +23,7 @@ public class CreateBackupActivity extends PackageListActivity implements View.On
         int viewId = view.getId();
 
         if (viewId == R.id.create_confirm_button) {
-            controller.showEnterPasswordAlert(selectedPackageList, contentUri, this);
+            controller.onCreateBackupButtonClicked(selectedPackageList, contentUri, this);
         }
     }
 
diff --git a/app/src/main/java/com/stevesoltys/backup/activity/backup/CreateBackupActivityController.java b/app/src/main/java/com/stevesoltys/backup/activity/backup/CreateBackupActivityController.java
index 682807d8..67d2c156 100644
--- a/app/src/main/java/com/stevesoltys/backup/activity/backup/CreateBackupActivityController.java
+++ b/app/src/main/java/com/stevesoltys/backup/activity/backup/CreateBackupActivityController.java
@@ -7,12 +7,19 @@ import android.os.RemoteException;
 import android.text.InputType;
 import android.util.Log;
 import android.view.View;
-import android.widget.*;
+import android.widget.ArrayAdapter;
+import android.widget.EditText;
+import android.widget.ListView;
+import android.widget.PopupWindow;
+import android.widget.TextView;
+import android.widget.Toast;
+
 import com.google.android.collect.Sets;
 import com.stevesoltys.backup.R;
 import com.stevesoltys.backup.activity.PopupWindowUtil;
 import com.stevesoltys.backup.service.PackageService;
 import com.stevesoltys.backup.service.backup.BackupService;
+import com.stevesoltys.backup.settings.SettingsManager;
 
 import java.util.LinkedList;
 import java.util.List;
@@ -68,7 +75,16 @@ class CreateBackupActivityController {
         });
     }
 
-    void showEnterPasswordAlert(Set<String> selectedPackages, Uri contentUri, Activity parent) {
+    void onCreateBackupButtonClicked(Set<String> selectedPackages, Uri contentUri, Activity parent) {
+        String password = SettingsManager.getBackupPassword(parent);
+        if (password == null) {
+            showEnterPasswordAlert(selectedPackages, contentUri, parent);
+        } else {
+            backupService.backupPackageData(selectedPackages, contentUri, parent, password);
+        }
+    }
+
+    private void showEnterPasswordAlert(Set<String> selectedPackages, Uri contentUri, Activity parent) {
         final EditText passwordTextView = new EditText(parent);
         passwordTextView.setInputType(InputType.TYPE_CLASS_TEXT | InputType.TYPE_TEXT_VARIATION_PASSWORD);
 
@@ -77,9 +93,16 @@ class CreateBackupActivityController {
                 .setMessage("You'll need this to restore your backup, so write it down!")
                 .setView(passwordTextView)
 
-                .setPositiveButton("Set password", (dialog, button) ->
+                .setPositiveButton("Set password", (dialog, button) -> {
+                    if (passwordTextView.getText().length() == 0) {
+                        Toast.makeText(parent, "Please enter a password", Toast.LENGTH_SHORT).show();
+                        dialog.cancel();
+                        showEnterPasswordAlert(selectedPackages, contentUri, parent);
+                    } else {
                         showConfirmPasswordAlert(selectedPackages, contentUri, parent,
-                                passwordTextView.getText().toString()))
+                                passwordTextView.getText().toString());
+                    }
+                })
 
                 .setNegativeButton("Cancel", (dialog, button) -> dialog.cancel())
                 .show();
@@ -98,6 +121,7 @@ class CreateBackupActivityController {
                     String password = passwordTextView.getText().toString();
 
                     if (originalPassword.equals(password)) {
+                        SettingsManager.setBackupPassword(parent, password);
                         backupService.backupPackageData(selectedPackages, contentUri, parent, password);
 
                     } else {
diff --git a/app/src/main/java/com/stevesoltys/backup/settings/SettingsManager.java b/app/src/main/java/com/stevesoltys/backup/settings/SettingsManager.java
index 11624464..d493765d 100644
--- a/app/src/main/java/com/stevesoltys/backup/settings/SettingsManager.java
+++ b/app/src/main/java/com/stevesoltys/backup/settings/SettingsManager.java
@@ -9,6 +9,7 @@ import static android.preference.PreferenceManager.getDefaultSharedPreferences;
 public class SettingsManager {
 
     private static final String PREF_KEY_BACKUP_URI = "backupUri";
+    private static final String PREF_KEY_BACKUP_PASSWORD = "backupLegacyPassword";
 
     public static void setBackupFolderUri(Context context, Uri uri) {
         getDefaultSharedPreferences(context)
@@ -24,4 +25,20 @@ public class SettingsManager {
         return Uri.parse(uriStr);
     }
 
+    /**
+     * This is insecure and not supposed to be part of a release,
+     * but rather an intermediate step towards a generated passphrase.
+     */
+    public static void setBackupPassword(Context context, String password) {
+        getDefaultSharedPreferences(context)
+                .edit()
+                .putString(PREF_KEY_BACKUP_PASSWORD, password)
+                .apply();
+    }
+
+    @Nullable
+    public static String getBackupPassword(Context context) {
+        return getDefaultSharedPreferences(context).getString(PREF_KEY_BACKUP_PASSWORD, null);
+    }
+
 }
diff --git a/app/src/main/java/com/stevesoltys/backup/transport/component/provider/ContentProviderBackupComponent.java b/app/src/main/java/com/stevesoltys/backup/transport/component/provider/ContentProviderBackupComponent.java
index 51e1e12f..1100c59e 100644
--- a/app/src/main/java/com/stevesoltys/backup/transport/component/provider/ContentProviderBackupComponent.java
+++ b/app/src/main/java/com/stevesoltys/backup/transport/component/provider/ContentProviderBackupComponent.java
@@ -23,6 +23,7 @@ import java.util.zip.ZipEntry;
 import java.util.zip.ZipOutputStream;
 
 import static android.app.backup.BackupTransport.*;
+import static java.util.Objects.requireNonNull;
 
 /**
  * @author Steve Soltys
@@ -245,9 +246,8 @@ public class ContentProviderBackupComponent implements BackupComponent {
             backupState.getOutputStream().write(backupState.getSalt());
             backupState.getOutputStream().closeEntry();
 
-            if (configuration.getPassword() != null && !configuration.getPassword().isEmpty()) {
-                backupState.setSecretKey(KeyGenerator.generate(configuration.getPassword(), backupState.getSalt()));
-            }
+            String password = requireNonNull(configuration.getPassword());
+            backupState.setSecretKey(KeyGenerator.generate(password, backupState.getSalt()));
         }
     }