update libProofMode to remove static DEFAULT passphrase

n8fr8 · n8fr8 · commit 87783ba7d76b · 2023-05-08T14:29:29.000-04:00
- the responsibility should be on the app for managing the passphrase and/or eventually the key - relates to #24 and #40
diff --git a/android-libproofmode/src/androidTest/java/ProofmodeGenerationTests.java b/android-libproofmode/src/androidTest/java/ProofmodeGenerationTests.java
@@ -16,6 +16,7 @@
 import org.junit.runners.MethodSorters;
 import org.witness.proofmode.ProofMode;
 import org.witness.proofmode.crypto.HashUtils;
+import org.witness.proofmode.crypto.pgp.PgpUtils;
 
 import java.io.BufferedInputStream;
 import java.io.BufferedOutputStream;
@@ -114,7 +115,7 @@ public void proofModeGenerator_VerifySignature_ReturnsTrue ()
             assertNotNull(files);
 
             File fileZip = new File (fileDirProof.getParent(),fileDirProof.getName() + ".zip");
-            zipProof(files, fileZip,ProofMode.getPublicKeyString(context));
+            zipProof(files, fileZip,ProofMode.getPublicKeyString(context, PgpUtils.DEFAULT_PASSWORD));
             assertTrue(fileZip.exists());
 
             //verify specific file and hash
diff --git a/android-libproofmode/src/main/java/org/witness/proofmode/ProofMode.java b/android-libproofmode/src/main/java/org/witness/proofmode/ProofMode.java
@@ -194,17 +194,15 @@ public static void addNotarizationProvider (Context context, NotarizationProvide
         MediaWatcher.getInstance(context).addNotarizationProvider(provider);
     }
 
-    public static PGPPublicKey getPublicKey (Context context) throws PGPException, IOException {
-        SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(context);
-        PgpUtils pu = PgpUtils.getInstance(context,prefs.getString("password",PgpUtils.DEFAULT_PASSWORD));
+    public static PGPPublicKey getPublicKey (Context context, String passphrase) throws PGPException, IOException {
+        PgpUtils pu = PgpUtils.getInstance(context,passphrase);
         PGPPublicKey pubKey = null;
         return pubKey = pu.getPublicKey();
 
     }
 
-    public static String getPublicKeyString (Context context) throws IOException, PGPException {
-        SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(context);
-        PgpUtils pu = PgpUtils.getInstance(context,prefs.getString("password",PgpUtils.DEFAULT_PASSWORD));
+    public static String getPublicKeyString (Context context, String passphrase) throws IOException, PGPException {
+        PgpUtils pu = PgpUtils.getInstance(context,passphrase);
         String pubKey = pu.getPublicKeyString();
 
         return pubKey;
@@ -398,14 +396,13 @@ private static InputStream copyStream (InputStream is) throws IOException {
 
 
     public static boolean verifySignature (Context context, InputStream fileStream, InputStream sigStream, PGPPublicKey publicKey) throws Exception {
-
         //PgpUtils.getInstance(context).
         SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(context);
-        PgpUtils pu = PgpUtils.getInstance(context,prefs.getString("password",PgpUtils.DEFAULT_PASSWORD));
+        PgpUtils pu = PgpUtils.getInstance(context, null);
         return pu.verifyDetachedSignature(fileStream, sigStream, publicKey);
     }
 
-    public static void generateProofZip(Context context, String proofHash) throws IOException, PGPException {
+    public static void generateProofZip(Context context, String proofHash, String passphrase) throws IOException, PGPException {
 
         File fileDirProof = ProofMode.getProofDir(context, proofHash);
         File[] files = fileDirProof.listFiles();
@@ -442,22 +439,22 @@ public static void generateProofZip(Context context, String proofHash) throws IO
         //add public key
         ZipEntry entry = new ZipEntry(PUBKEY_FILE);
         out.putNextEntry(entry);
-        out.write(getPublicKeyString(context).getBytes());
+        out.write(getPublicKeyString(context, passphrase).getBytes());
 
         Timber.d("Zip complete");
 
         out.close();
 
     }
 
-    public static void checkAndGeneratePublicKeyAsync (Context context)
+    public static void checkAndGeneratePublicKeyAsync (Context context, String passphrase)
     {
         Executors.newSingleThreadExecutor().execute(() -> {
             //Background work here
             String pubKey = null;
 
             try {
-                pubKey = PgpUtils.getInstance(context).getPublicKeyFingerprint();
+                pubKey = PgpUtils.getInstance(context, passphrase).getPublicKeyFingerprint();
             } catch (PGPException e) {
                 Timber.e(e,"error getting public key");
             } catch (IOException e) {
diff --git a/android-libproofmode/src/main/java/org/witness/proofmode/ProofModeConstants.java b/android-libproofmode/src/main/java/org/witness/proofmode/ProofModeConstants.java
@@ -2,5 +2,8 @@
 
 public interface ProofModeConstants {
 
+        public static final String PREFS_KEY_PASSPHRASE = "pgpkp";
+        public static final String PREFS_KEY_PASSPHRASE_DEFAULT = "password";
+
 
 }
diff --git a/android-libproofmode/src/main/java/org/witness/proofmode/crypto/pgp/PgpUtils.java b/android-libproofmode/src/main/java/org/witness/proofmode/crypto/pgp/PgpUtils.java
@@ -90,7 +90,7 @@ public class PgpUtils {
     private final static String FILE_SECRET_KEY_RING = "pkr.asc";
     private final static String FILE_PUBLIC_KEY_RING = "pub.asc";
 
-    public final static String DEFAULT_PASSWORD = "password"; //static string for local keystore
+    //public final static String DEFAULT_PASSWORD = "password"; //static string for local keystore
     private final static String URL_POST_KEY_ENDPOINT = "https://keys.openpgp.org/vks/v1/upload";
 
     public final static String URL_LOOKUP_ENDPOINT = "https://keys.openpgp.org/search?q=0x";
@@ -100,9 +100,11 @@ private PgpUtils ()
 
     }
 
+    /**
     public static synchronized PgpUtils getInstance (Context context) throws PGPException, IOException {
         return getInstance(context, DEFAULT_PASSWORD);
     }
+    **/
 
     public static synchronized PgpUtils getInstance (Context context, String password) throws PGPException, IOException {
         if (mInstance == null)
@@ -312,10 +314,13 @@ public synchronized void initCrypto (Context context, String password) throws IO
                     sin.close();
                 }
                 else {
+
+                    if (password.isEmpty())
+                        throw new IOException("Empty PGP Key password not allowed for key generation");
+
                     final PGPKeyRingGenerator krgen = generateKeyRingGenerator(keyId, password.toCharArray());
                     skr = krgen.generateSecretKeyRing();
 
-
                     ArmoredOutputStream sout = new ArmoredOutputStream((new FileOutputStream(fileSecKeyRing)));
                     skr.encode(sout);
                     sout.close();
diff --git a/android-libproofmode/src/main/java/org/witness/proofmode/service/MediaWatcher.java b/android-libproofmode/src/main/java/org/witness/proofmode/service/MediaWatcher.java
@@ -4,6 +4,8 @@
 import static org.witness.proofmode.ProofMode.PREFS_DOPROOF;
 import static org.witness.proofmode.ProofMode.PROOF_FILE_JSON_TAG;
 import static org.witness.proofmode.ProofMode.PROOF_FILE_TAG;
+import static org.witness.proofmode.ProofModeConstants.PREFS_KEY_PASSPHRASE;
+import static org.witness.proofmode.ProofModeConstants.PREFS_KEY_PASSPHRASE_DEFAULT;
 
 import android.Manifest;
 import android.content.BroadcastReceiver;
@@ -77,17 +79,21 @@ public class MediaWatcher extends BroadcastReceiver implements ProofModeV1Consta
 
     private Context mContext = null;
 
+    private String mPassphrase = null;
+
     private ArrayList<NotarizationProvider> mProviders = new ArrayList<>();
 
     private MediaWatcher (Context context) {
         if (mPrefs == null)
             mPrefs = PreferenceManager.getDefaultSharedPreferences(context);
 
         mContext = context;
+        mPassphrase = mPrefs.getString(PREFS_KEY_PASSPHRASE,PREFS_KEY_PASSPHRASE_DEFAULT);
 
         startFileSystemMonitor();
     }
 
+
     public static synchronized MediaWatcher getInstance (Context context)
     {
         if (mInstance == null)
@@ -520,20 +526,22 @@ private void writeProof (Context context, Uri uriMedia, InputStream is, String m
             JSONObject jProof = new JSONObject(hmProof);
             writeTextToFile(context, fileMediaProofJson, jProof.toString());
 
+            PgpUtils pu = PgpUtils.getInstance(context, null);
+
             if (fileMediaProof.exists()) {
                 //sign the proof file again
-                PgpUtils.getInstance(context).createDetachedSignature(fileMediaProof, new File(fileFolder, mediaHash + PROOF_FILE_TAG + OPENPGP_FILE_TAG), PgpUtils.DEFAULT_PASSWORD, usePgpArmor);
+                pu.createDetachedSignature(fileMediaProof, new File(fileFolder, mediaHash + PROOF_FILE_TAG + OPENPGP_FILE_TAG), mPassphrase, usePgpArmor);
             }
 
             if (fileMediaProofJson.exists()) {
                 //sign the proof file again
-                PgpUtils.getInstance(context).createDetachedSignature(fileMediaProofJson, new File(fileFolder, mediaHash + PROOF_FILE_JSON_TAG + OPENPGP_FILE_TAG), PgpUtils.DEFAULT_PASSWORD, usePgpArmor);
+               pu.createDetachedSignature(fileMediaProofJson, new File(fileFolder, mediaHash + PROOF_FILE_JSON_TAG + OPENPGP_FILE_TAG), mPassphrase, usePgpArmor);
             }
 
             //sign the media file
             File fileMediaSig = new File(fileFolder, mediaHash + OPENPGP_FILE_TAG);
            if ((!fileMediaSig.exists()) || fileMediaSig.length() == 0)
-              PgpUtils.getInstance(context).createDetachedSignature(is, new FileOutputStream(fileMediaSig), PgpUtils.DEFAULT_PASSWORD, usePgpArmor);
+              pu.createDetachedSignature(is, new FileOutputStream(fileMediaSig), mPassphrase, usePgpArmor);
 
             Timber.d("Proof written/updated for uri %s and hash %s", uriMedia, mediaHash);
 
diff --git a/app/src/main/java/org/witness/proofmode/MainActivity.kt b/app/src/main/java/org/witness/proofmode/MainActivity.kt
@@ -20,6 +20,8 @@ import androidx.drawerlayout.widget.DrawerLayout
 import androidx.preference.PreferenceManager
 import com.google.android.material.navigation.NavigationView
 import gun0912.tedimagepicker.builder.TedImagePicker
+import org.witness.proofmode.ProofModeConstants.PREFS_KEY_PASSPHRASE
+import org.witness.proofmode.ProofModeConstants.PREFS_KEY_PASSPHRASE_DEFAULT
 import org.witness.proofmode.camera.CameraActivity
 import org.witness.proofmode.crypto.pgp.PgpUtils
 import org.witness.proofmode.databinding.ActivityMainBinding
@@ -285,7 +287,7 @@ class MainActivity : AppCompatActivity(), NavigationView.OnNavigationItemSelecte
         try {
             if (mPgpUtils == null) mPgpUtils = PgpUtils.getInstance(
                 this,
-                mPrefs.getString("password", PgpUtils.DEFAULT_PASSWORD)
+                mPrefs.getString(PREFS_KEY_PASSPHRASE, PREFS_KEY_PASSPHRASE_DEFAULT)
             )
             mPgpUtils?.publishPublicKey()
             Toast.makeText(
@@ -308,7 +310,7 @@ class MainActivity : AppCompatActivity(), NavigationView.OnNavigationItemSelecte
         try {
             if (mPgpUtils == null) mPgpUtils = PgpUtils.getInstance(
                 this,
-                mPrefs.getString("password", PgpUtils.DEFAULT_PASSWORD)
+                mPrefs.getString(PREFS_KEY_PASSPHRASE, PREFS_KEY_PASSPHRASE_DEFAULT)
             )
             mPgpUtils?.publishPublicKey()
             val pubKey = mPgpUtils?.publicKeyString
diff --git a/app/src/main/java/org/witness/proofmode/ProofModeApp.kt b/app/src/main/java/org/witness/proofmode/ProofModeApp.kt
@@ -15,6 +15,8 @@ import android.os.Build
 import android.os.Handler
 import android.preference.PreferenceManager
 import android.util.Log
+import org.witness.proofmode.ProofModeConstants.PREFS_KEY_PASSPHRASE
+import org.witness.proofmode.ProofModeConstants.PREFS_KEY_PASSPHRASE_DEFAULT
 import org.witness.proofmode.notaries.SafetyNetCheck
 import org.witness.proofmode.notaries.GoogleSafetyNetNotarizationProvider
 import org.witness.proofmode.notarization.NotarizationProvider
@@ -38,8 +40,10 @@ class ProofModeApp : MultiDexApplication() {
             //Background work here
             var pubKey: String? = null
             try {
-                pubKey = PgpUtils.getInstance(applicationContext).publicKeyFingerprint
-           //     showToastMessage(getString(R.string.pub_key_id) + " " + pubKey)
+                val prefs = PreferenceManager.getDefaultSharedPreferences(this)
+                pubKey = PgpUtils.getInstance(applicationContext,prefs.getString(PREFS_KEY_PASSPHRASE,
+                    PREFS_KEY_PASSPHRASE_DEFAULT)).publicKeyFingerprint
+
             } catch (e: PGPException) {
                 Timber.e(e, "error getting public key")
                 showToastMessage(getString(R.string.pub_key_gen_error))
diff --git a/app/src/main/java/org/witness/proofmode/ShareProofActivity.kt b/app/src/main/java/org/witness/proofmode/ShareProofActivity.kt
@@ -31,6 +31,8 @@ import androidx.core.content.FileProvider
 import androidx.documentfile.provider.DocumentFile
 import org.bouncycastle.openpgp.PGPException
 import org.witness.proofmode.PermissionActivity.Companion.hasPermissions
+import org.witness.proofmode.ProofModeConstants.PREFS_KEY_PASSPHRASE
+import org.witness.proofmode.ProofModeConstants.PREFS_KEY_PASSPHRASE_DEFAULT
 import org.witness.proofmode.crypto.HashUtils
 import org.witness.proofmode.crypto.pgp.PgpUtils
 import org.witness.proofmode.databinding.ActivityShareBinding
@@ -48,9 +50,13 @@ class ShareProofActivity : AppCompatActivity() {
     private var sendMedia = true
 
     private val hashCache = HashMap<String, String?>()
+
+    private lateinit var pgpUtils : PgpUtils
     override fun onCreate(savedInstanceState: Bundle?) {
         super.onCreate(savedInstanceState)
         binding = ActivityShareBinding.inflate(layoutInflater)
+        val prefs = PreferenceManager.getDefaultSharedPreferences(this)
+        pgpUtils = PgpUtils.getInstance(this, prefs.getString(PREFS_KEY_PASSPHRASE,PREFS_KEY_PASSPHRASE_DEFAULT))
         setContentView(binding.root)
     }
 
@@ -274,9 +280,7 @@ class ShareProofActivity : AppCompatActivity() {
     private fun generateProofZipName() {
         val sdf = SimpleDateFormat(ZIP_FILE_DATETIME_FORMAT)
         val dateString = sdf.format(Date())
-        val prefs = PreferenceManager.getDefaultSharedPreferences(this)
-        val pu = PgpUtils.getInstance(this, prefs.getString("password", PgpUtils.DEFAULT_PASSWORD))
-        val userId = pu.publicKeyFingerprint
+        val userId = pgpUtils.publicKeyFingerprint
         proofZipName = "proofmode-$userId-$dateString.zip"
     }
 
@@ -360,7 +364,7 @@ class ShareProofActivity : AppCompatActivity() {
                     if (encryptZip) {
                         val fileZipEnc = File(fileCacheFolder, "$proofZipName.gpg")
                         try {
-                            PgpUtils.getInstance(this).encrypt(
+                            pgpUtils.encrypt(
                                 FileInputStream(fileZip),
                                 fileZip.length(),
                                 FileOutputStream(fileZipEnc)
@@ -515,12 +519,7 @@ class ShareProofActivity : AppCompatActivity() {
                 fileCacheFolder.mkdir()
                 val sdf = SimpleDateFormat(ZIP_FILE_DATETIME_FORMAT)
                 val dateString = sdf.format(Date())
-                val prefs = PreferenceManager.getDefaultSharedPreferences(this)
-                val pu = PgpUtils.getInstance(
-                    this,
-                    prefs.getString("password", PgpUtils.DEFAULT_PASSWORD)
-                )
-                val userId = pu.publicKeyFingerprint
+                val userId = pgpUtils.publicKeyFingerprint
                 val fileZip = File(fileCacheFolder, "proofmode-$userId-$dateString.zip")
                 Timber.d("Preparing proof bundle zip: " + fileZip.absolutePath)
                 try {
@@ -536,7 +535,7 @@ class ShareProofActivity : AppCompatActivity() {
                         val fileZipEnc =
                             File(fileCacheFolder, "proofmode-$userId-$dateString.zip.gpg")
                         try {
-                            PgpUtils.getInstance(this).encrypt(
+                            pgpUtils.encrypt(
                                 FileInputStream(fileZip),
                                 fileZip.length(),
                                 FileOutputStream(fileZipEnc)
@@ -934,7 +933,7 @@ class ShareProofActivity : AppCompatActivity() {
         isFirstProof: Boolean
     ) {
         val sdf = SimpleDateFormat.getDateTimeInstance()
-        val fingerprint = PgpUtils.getInstance(this).publicKeyFingerprint
+        val fingerprint = pgpUtils.publicKeyFingerprint
         if (fileMedia != null) {
             sb.append(fileMedia.name).append(' ')
             sb.append(getString(R.string.last_modified)).append(' ')
@@ -1224,7 +1223,7 @@ class ShareProofActivity : AppCompatActivity() {
         }
         Timber.d("Adding public key")
         //add public key
-        val pubKey = ProofMode.getPublicKeyString(this)
+        val pubKey = ProofMode.getPublicKeyString(this, "")
         var entry: ZipEntry? = ZipEntry("pubkey.asc")
         out.putNextEntry(entry)
         out.write(pubKey.toByteArray())

Original file line number	Diff line number	Diff line change
`@@ -2,5 +2,8 @@`
`2`	`2`
`3`	`3`	`public interface ProofModeConstants {`
`4`	`4`
	`5`	`+ public static final String PREFS_KEY_PASSPHRASE = "pgpkp";`
	`6`	`+ public static final String PREFS_KEY_PASSPHRASE_DEFAULT = "password";`
	`7`	`+`
`5`	`8`
`6`	`9`	`}`