Example 1 with ReadTeamRequest
use of co.krypt.krypton.protocol.ReadTeamRequest in project krypton-android by kryptco.
the class Notifications method requestApprovalJob.
private static void requestApprovalJob(Context context, Pairing pairing, Request request) {
long temporaryApprovalSeconds = Policy.temporaryApprovalSeconds(context, request);
boolean temporaryApprovalEnabled = temporaryApprovalSeconds > 0;
String temporaryApprovalDuration = Policy.temporaryApprovalDuration(context, request);
Intent approveOnceIntent = new Intent(context, UnlockScreenDummyActivity.class);
approveOnceIntent.setAction(Policy.APPROVE_ONCE + "-" + request.requestID);
approveOnceIntent.addFlags(Intent.FLAG_ACTIVITY_CLEAR_TASK | Intent.FLAG_ACTIVITY_NEW_TASK);
approveOnceIntent.putExtra("action", Policy.APPROVE_ONCE);
approveOnceIntent.putExtra("requestID", request.requestID);
PendingIntent approveOncePendingIntent = PendingIntent.getActivity(context, (Policy.APPROVE_ONCE + "-" + request.requestID).hashCode(), approveOnceIntent, PendingIntent.FLAG_UPDATE_CURRENT);
NotificationCompat.Action.Builder approveOnceBuilder = new NotificationCompat.Action.Builder(R.drawable.ic_notification_checkmark, "Once", approveOncePendingIntent);
// Same as appoveOnceBuilder but shows text as "Approve"
NotificationCompat.Action.Builder approveOnceTextApproveBuilder = new NotificationCompat.Action.Builder(R.drawable.ic_notification_checkmark, "Approve", approveOncePendingIntent);
Intent approveTemporarilyIntent = new Intent(context, UnlockScreenDummyActivity.class);
approveTemporarilyIntent.setAction(Policy.APPROVE_THIS_TEMPORARILY + "-" + request.requestID);
approveTemporarilyIntent.addFlags(Intent.FLAG_ACTIVITY_CLEAR_TASK | Intent.FLAG_ACTIVITY_NEW_TASK);
approveTemporarilyIntent.putExtra("action", Policy.APPROVE_THIS_TEMPORARILY);
approveTemporarilyIntent.putExtra("requestID", request.requestID);
PendingIntent approveTemporarilyPendingIntent = PendingIntent.getActivity(context, (Policy.APPROVE_THIS_TEMPORARILY + "-" + request.requestID).hashCode(), approveTemporarilyIntent, PendingIntent.FLAG_UPDATE_CURRENT);
NotificationCompat.Action.Builder approveTemporarilyBuilder = new NotificationCompat.Action.Builder(R.drawable.ic_notification_stopwatch, "This host for " + temporaryApprovalDuration, approveTemporarilyPendingIntent);
Intent approveAllTemporarilyIntent = new Intent(context, UnlockScreenDummyActivity.class);
approveAllTemporarilyIntent.setAction(Policy.APPROVE_ALL_TEMPORARILY + "-" + request.requestID);
approveAllTemporarilyIntent.addFlags(Intent.FLAG_ACTIVITY_CLEAR_TASK | Intent.FLAG_ACTIVITY_NEW_TASK);
approveAllTemporarilyIntent.putExtra("action", Policy.APPROVE_ALL_TEMPORARILY);
approveAllTemporarilyIntent.putExtra("requestID", request.requestID);
PendingIntent approveAllTemporarilyPendingIntent = PendingIntent.getActivity(context, (Policy.APPROVE_ALL_TEMPORARILY + "-" + request.requestID).hashCode(), approveAllTemporarilyIntent, PendingIntent.FLAG_UPDATE_CURRENT);
NotificationCompat.Action.Builder approveAllTemporarilyBuilder = new NotificationCompat.Action.Builder(R.drawable.ic_notification_stopwatch, "All for " + temporaryApprovalDuration, approveAllTemporarilyPendingIntent);
Intent rejectIntent = new Intent(context, NoAuthReceiver.class);
rejectIntent.setAction(Policy.REJECT + "-" + request.requestID);
rejectIntent.addFlags(Intent.FLAG_ACTIVITY_CLEAR_TASK | Intent.FLAG_ACTIVITY_NEW_TASK);
rejectIntent.putExtra("action", Policy.REJECT);
rejectIntent.putExtra("requestID", request.requestID);
PendingIntent rejectPendingIntent = PendingIntent.getBroadcast(context, (Policy.REJECT + "-" + request.requestID).hashCode(), rejectIntent, PendingIntent.FLAG_UPDATE_CURRENT);
Intent clickIntent = new Intent(context, MainActivity.class);
if (new OnboardingProgress(context).inProgress()) {
clickIntent.setClass(context, OnboardingActivity.class);
}
clickIntent.setAction("CLICK-" + request.requestID);
clickIntent.addFlags(Intent.FLAG_ACTIVITY_CLEAR_TOP | Intent.FLAG_ACTIVITY_NEW_TASK);
clickIntent.putExtra("requestID", request.requestID);
PendingIntent clickPendingIntent = PendingIntent.getActivity(context, ("CLICK-" + request.requestID).hashCode(), clickIntent, PendingIntent.FLAG_UPDATE_CURRENT);
NotificationCompat.Builder mBuilder = buildNotification(context, ACTION_REQUIRED_CHANNEL_ID).setColor(ContextCompat.getColor(context, R.color.colorPrimary)).setPriority(NotificationCompat.PRIORITY_MAX).setCategory(NotificationCompat.CATEGORY_MESSAGE).setVisibility(NotificationCompat.VISIBILITY_PUBLIC).setDeleteIntent(rejectPendingIntent).setContentIntent(clickPendingIntent).setAutoCancel(true);
RemoteViews remoteViewsBig = new RemoteViews(context.getPackageName(), R.layout.request_remote);
remoteViewsBig.setTextViewText(R.id.workstationName, pairing.workstationName);
request.fillRemoteViews(remoteViewsBig, null, null);
remoteViewsBig.setOnClickPendingIntent(R.id.allowOnce, approveOncePendingIntent);
remoteViewsBig.setTextViewText(R.id.allowAllTemporarily, "All for " + temporaryApprovalDuration);
remoteViewsBig.setOnClickPendingIntent(R.id.allowAllTemporarily, approveAllTemporarilyPendingIntent);
if (!temporaryApprovalEnabled) {
remoteViewsBig.setViewVisibility(R.id.allowTemporarily, View.INVISIBLE);
remoteViewsBig.setViewVisibility(R.id.allowAllTemporarily, View.INVISIBLE);
}
request.body.visit(new RequestBody.Visitor<Void, RuntimeException>() {
@Override
public Void visit(MeRequest meRequest) throws RuntimeException {
return null;
}
@Override
public Void visit(SignRequest signRequest) throws RuntimeException {
mBuilder.setContentTitle("Allow SSH Login?").setContentText(pairing.workstationName + ": " + signRequest.display());
RemoteViews remoteViewsSmall = new RemoteViews(context.getPackageName(), R.layout.request_no_action_remote);
remoteViewsSmall.setTextViewText(R.id.workstationName, pairing.workstationName);
request.fillShortRemoteViews(remoteViewsSmall, null, null);
mBuilder.setContent(remoteViewsSmall);
remoteViewsBig.setOnClickPendingIntent(R.id.allowTemporarily, approveTemporarilyPendingIntent);
remoteViewsBig.setTextViewText(R.id.allowTemporarily, "This host for " + temporaryApprovalDuration);
mBuilder.setCustomBigContentView(remoteViewsBig);
mBuilder.addAction(approveOnceBuilder.build());
if (temporaryApprovalEnabled) {
mBuilder.addAction(approveTemporarilyBuilder.build()).addAction(approveAllTemporarilyBuilder.build());
}
return null;
}
@Override
public Void visit(GitSignRequest gitSignRequest) throws RuntimeException {
mBuilder.setContentTitle("Allow " + gitSignRequest.title() + "?").setContentText(pairing.workstationName + ": " + gitSignRequest.display());
RemoteViews remoteViewsSmall = new RemoteViews(context.getPackageName(), R.layout.request_no_action_remote);
remoteViewsSmall.setTextViewText(R.id.workstationName, pairing.workstationName);
gitSignRequest.fillShortRemoteViews(remoteViewsSmall, null, null);
mBuilder.setContent(remoteViewsSmall);
remoteViewsBig.setTextViewText(R.id.allowTemporarily, "");
mBuilder.setCustomBigContentView(remoteViewsBig);
mBuilder.addAction(approveOnceBuilder.build());
if (temporaryApprovalEnabled) {
mBuilder.addAction(approveAllTemporarilyBuilder.build());
}
return null;
}
@Override
public Void visit(UnpairRequest unpairRequest) throws RuntimeException {
return null;
}
@Override
public Void visit(HostsRequest hostsRequest) throws RuntimeException {
mBuilder.setContentTitle("Send user@hostname records?").setContentText(pairing.workstationName + " is requesting your SSH login records.");
mBuilder.addAction(approveOnceBuilder.build());
if (temporaryApprovalEnabled) {
mBuilder.addAction(approveAllTemporarilyBuilder.build());
}
return null;
}
@Override
public Void visit(ReadTeamRequest readTeamRequest) throws RuntimeException {
mBuilder.setContentTitle("Load team data?").setContentText(pairing.workstationName + " is requesting to load team data.");
mBuilder.addAction(approveAllTemporarilyBuilder.build());
return null;
}
@Override
public Void visit(LogDecryptionRequest logDecryptionRequest) throws RuntimeException {
mBuilder.setContentTitle("Decrypt team logs?").setContentText(pairing.workstationName + " is requesting to decrypt team logs.");
mBuilder.addAction(approveAllTemporarilyBuilder.build());
return null;
}
@Override
public Void visit(TeamOperationRequest teamOperationRequest) throws RuntimeException {
try {
Sigchain.NativeResult<Sigchain.FormattedRequestableOp> format = TeamDataProvider.formatRequestableOp(context, teamOperationRequest.operation);
if (format.success != null) {
mBuilder.setContentTitle(format.success.header).setContentText(format.success.body + "?");
mBuilder.addAction(approveOnceTextApproveBuilder.build());
} else {
mBuilder.setContentTitle("Invalid team operation request.");
}
} catch (Native.NotLinked notLinked) {
notLinked.printStackTrace();
mBuilder.setContentTitle("Teams not supported on this phone");
}
return null;
}
});
if (!new Settings(context).silenceNotifications()) {
mBuilder.setDefaults(Notification.DEFAULT_SOUND).setVibrate(new long[] { 0, 100, 100, 100 });
}
NotificationManagerCompat mNotifyMgr = NotificationManagerCompat.from(context);
mNotifyMgr.notify(request.requestID, 0, mBuilder.build());
}
Also used :
MeRequest(co.krypt.krypton.protocol.MeRequest)
TaskStackBuilder(android.support.v4.app.TaskStackBuilder)
TeamOperationRequest(co.krypt.krypton.protocol.TeamOperationRequest)
NotificationManagerCompat(android.support.v4.app.NotificationManagerCompat)
GitSignRequest(co.krypt.krypton.protocol.GitSignRequest)
NotificationCompat(android.support.v4.app.NotificationCompat)
OnboardingProgress(co.krypt.krypton.onboarding.OnboardingProgress)
Settings(co.krypt.krypton.settings.Settings)
RequestBody(co.krypt.krypton.protocol.RequestBody)
SignRequest(co.krypt.krypton.protocol.SignRequest)
GitSignRequest(co.krypt.krypton.protocol.GitSignRequest)
Sigchain(co.krypt.krypton.team.Sigchain)
Intent(android.content.Intent)
PendingIntent(android.app.PendingIntent)
HostsRequest(co.krypt.krypton.protocol.HostsRequest)
UnpairRequest(co.krypt.krypton.protocol.UnpairRequest)
ReadTeamRequest(co.krypt.krypton.protocol.ReadTeamRequest)
RemoteViews(android.widget.RemoteViews)
LogDecryptionRequest(co.krypt.krypton.protocol.LogDecryptionRequest)
PendingIntent(android.app.PendingIntent)
Example 2 with ReadTeamRequest
use of co.krypt.krypton.protocol.ReadTeamRequest in project krypton-android by kryptco.
the class Silo method respondToRequest.
public void respondToRequest(Pairing pairing, Request request, boolean requestAllowed) throws Unrecoverable {
// Fine-grained locking allows performing signatures in parallel
synchronized ((Silo.class.getName() + request.requestID).intern()) {
synchronized (Silo.class) {
if (sendCachedResponseIfPresent(pairing, request)) {
return;
}
}
Response response = Response.with(request);
Analytics analytics = new Analytics(context);
if (analytics.isDisabled()) {
response.trackingID = "disabled";
} else {
response.trackingID = analytics.getClientID();
}
request.body.visit(new RequestBody.Visitor<Void, Unrecoverable>() {
@Override
public Void visit(MeRequest meRequest) throws CryptoException {
response.meResponse = new MeResponse(meStorage.loadWithUserID(meRequest.userID()));
return null;
}
@Override
public Void visit(SignRequest signRequest) throws Unrecoverable {
signRequest.validate();
response.signResponse = new SignResponse();
if (requestAllowed) {
try {
SSHKeyPairI key = MeStorage.getOrLoadKeyPair(context);
if (MessageDigest.isEqual(signRequest.publicKeyFingerprint, key.publicKeyFingerprint())) {
if (signRequest.verifyHostName()) {
String hostName = signRequest.hostAuth.hostNames[0];
String hostKey = Base64.encodeAsString(signRequest.hostAuth.hostKey);
synchronized (databaseLock) {
List<KnownHost> matchingKnownHosts = dbHelper.getKnownHostDao().queryForEq("host_name", hostName);
try {
Sigchain.NativeResult<List<Sigchain.PinnedHost>> teamPinnedHosts = TeamDataProvider.getPinnedKeysByHost(context, hostName);
if (teamPinnedHosts.success != null) {
for (Sigchain.PinnedHost pinnedHost : teamPinnedHosts.success) {
matchingKnownHosts.add(new KnownHost(pinnedHost.host, co.krypt.krypton.crypto.Base64.encode(pinnedHost.publicKey), 0));
}
}
} catch (Native.NotLinked e) {
e.printStackTrace();
}
if (matchingKnownHosts.size() == 0) {
dbHelper.getKnownHostDao().create(new KnownHost(hostName, hostKey, System.currentTimeMillis() / 1000));
broadcastKnownHostsChanged();
} else {
boolean foundKnownHost = false;
List<String> pinnedPublicKeys = new ArrayList<>();
for (KnownHost pinnedHost : matchingKnownHosts) {
pinnedPublicKeys.add(pinnedHost.publicKey);
if (pinnedHost.publicKey.equals(hostKey)) {
foundKnownHost = true;
break;
}
}
if (!foundKnownHost) {
throw new MismatchedHostKeyException(pinnedPublicKeys, "Expected " + pinnedPublicKeys.toString() + " received " + hostKey);
}
}
}
}
String algo = signRequest.algo();
if ((key instanceof RSASSHKeyPair) && request.semVer().lessThan(Versions.KR_SUPPORTS_RSA_SHA256_512)) {
algo = "ssh-rsa";
}
response.signResponse.signature = key.signDigestAppendingPubkey(signRequest.data, algo);
SSHSignatureLog log = new SSHSignatureLog(signRequest.data, true, signRequest.command, signRequest.user(), signRequest.firstHostnameIfExists(), System.currentTimeMillis() / 1000, signRequest.verifyHostName(), JSON.toJson(signRequest.hostAuth), pairing.getUUIDString(), pairing.workstationName);
co.krypt.krypton.team.log.Log teamLog = co.krypt.krypton.team.log.Log.fromSSHRequest(pairing, request, signRequest, co.krypt.krypton.team.log.Log.Body.SSH.Result.signature(response.signResponse.signature));
EventBus.getDefault().post(new TeamService.EncryptLog(C.background(context), teamLog));
pairingStorage.appendToSSHLog(log);
Notifications.notifySuccess(context, pairing, request, log);
if (signRequest.verifiedHostNameOrDefault("unknown host").equals("me.krypt.co")) {
Intent sshMeIntent = new Intent(TestSSHFragment.SSH_ME_ACTION);
LocalBroadcastManager.getInstance(context).sendBroadcast(sshMeIntent);
}
if (signRequest.hostAuth == null) {
new Analytics(context).postEvent("host", "unknown", null, null, false);
} else if (!signRequest.verifyHostName()) {
new Analytics(context).postEvent("host", "unverified", null, null, false);
}
} else {
Log.e(TAG, Base64.encodeAsString(signRequest.publicKeyFingerprint) + " != " + Base64.encodeAsString(key.publicKeyFingerprint()));
response.signResponse.error = "unknown key fingerprint";
}
} catch (SQLException e) {
StringWriter sw = new StringWriter();
PrintWriter pw = new PrintWriter(sw);
e.printStackTrace(pw);
response.signResponse.error = "SQL error: " + e.getMessage() + "\n" + sw.toString();
e.printStackTrace();
} catch (MismatchedHostKeyException e) {
response.signResponse.error = "host public key mismatched";
if (signRequest.hostAuth.hostKey != null) {
co.krypt.krypton.team.log.Log teamLog = co.krypt.krypton.team.log.Log.fromSSHRequest(pairing, request, signRequest, co.krypt.krypton.team.log.Log.Body.SSH.Result.hostMismatch(e.pinnedPublicKeys.toArray(new String[] {})));
EventBus.getDefault().post(new TeamService.EncryptLog(C.background(context), teamLog));
}
Notifications.notifyReject(context, pairing, request, "Host public key mismatched.");
e.printStackTrace();
}
} else {
response.signResponse.error = "rejected";
co.krypt.krypton.team.log.Log teamLog = co.krypt.krypton.team.log.Log.fromSSHRequest(pairing, request, signRequest, co.krypt.krypton.team.log.Log.Body.SSH.Result.userRejected());
EventBus.getDefault().post(new TeamService.EncryptLog(C.background(context), teamLog));
pairingStorage.appendToSSHLog(new SSHSignatureLog(signRequest.data, false, signRequest.command, signRequest.user(), signRequest.firstHostnameIfExists(), System.currentTimeMillis() / 1000, signRequest.verifyHostName(), JSON.toJson(signRequest.hostAuth), pairing.getUUIDString(), pairing.workstationName));
}
return null;
}
@Override
public Void visit(GitSignRequest gitSignRequest) throws Unrecoverable {
if (requestAllowed) {
try {
SSHKeyPairI key = MeStorage.getOrLoadKeyPair(context);
new MeStorage(context).loadWithUserID(UserID.parse(gitSignRequest.userID));
co.krypt.krypton.team.log.Log.Body.GitSignatureResult gitSignatureResult = new co.krypt.krypton.team.log.Log.Body.GitSignatureResult();
co.krypt.krypton.log.Log log = gitSignRequest.body.visit(new GitSignRequestBody.Visitor<co.krypt.krypton.log.Log, Exception>() {
@Override
public co.krypt.krypton.log.Log visit(CommitInfo commit) throws Unrecoverable {
byte[] signature = SignableUtils.signBinaryDocument(commit, key, HashAlgorithm.SHA512);
response.gitSignResponse = new GitSignResponse(signature, null);
gitSignatureResult.signature = signature;
GitCommitSignatureLog commitLog = new GitCommitSignatureLog(pairing, commit, new AsciiArmor(AsciiArmor.HeaderLine.SIGNATURE, AsciiArmor.backwardsCompatibleHeaders(request.semVer()), signature).toString());
pairings().appendToCommitLogs(commitLog);
return commitLog;
}
@Override
public co.krypt.krypton.log.Log visit(TagInfo tag) throws Unrecoverable {
byte[] signature = SignableUtils.signBinaryDocument(tag, key, HashAlgorithm.SHA512);
response.gitSignResponse = new GitSignResponse(signature, null);
gitSignatureResult.signature = signature;
GitTagSignatureLog tagLog = new GitTagSignatureLog(pairing, tag, new AsciiArmor(AsciiArmor.HeaderLine.SIGNATURE, AsciiArmor.backwardsCompatibleHeaders(request.semVer()), signature).toString());
pairings().appendToTagLogs(tagLog);
return tagLog;
}
});
co.krypt.krypton.team.log.Log teamLog = co.krypt.krypton.team.log.Log.fromGitRequest(pairing, request, gitSignRequest, gitSignatureResult);
EventBus.getDefault().post(new TeamService.EncryptLog(C.background(context), teamLog));
Notifications.notifySuccess(context, pairing, request, log);
} catch (Exception e) {
e.printStackTrace();
response.gitSignResponse = new GitSignResponse(null, "unknown error");
}
} else {
response.gitSignResponse = new GitSignResponse(null, "rejected");
gitSignRequest.body.visit(new GitSignRequestBody.Visitor<Void, RuntimeException>() {
@Override
public Void visit(CommitInfo commit) throws RuntimeException {
pairings().appendToCommitLogs(new GitCommitSignatureLog(pairing, commit, null));
return null;
}
@Override
public Void visit(TagInfo tag) throws RuntimeException {
pairings().appendToTagLogs(new GitTagSignatureLog(pairing, tag, null));
return null;
}
});
co.krypt.krypton.team.log.Log teamLog = co.krypt.krypton.team.log.Log.fromGitRequest(pairing, request, gitSignRequest, co.krypt.krypton.team.log.Log.Body.GitSignatureResult.userRejected());
EventBus.getDefault().post(new TeamService.EncryptLog(C.background(context), teamLog));
}
return null;
}
@Override
public Void visit(UnpairRequest unpairRequest) throws Unrecoverable {
// Processed in handle()
return null;
}
@Override
public Void visit(HostsRequest hostsRequest) throws Unrecoverable {
HostsResponse hostsResponse = new HostsResponse();
synchronized (databaseLock) {
try {
List<SSHSignatureLog> sshLogs = dbHelper.getSSHSignatureLogDao().queryBuilder().groupByRaw("user, host_name").query();
List<UserAndHost> userAndHosts = new LinkedList<>();
for (SSHSignatureLog log : sshLogs) {
UserAndHost userAndHost = new UserAndHost();
userAndHost.user = log.user;
userAndHost.host = log.hostName;
userAndHosts.add(userAndHost);
}
HostInfo hostInfo = new HostInfo();
UserAndHost[] userAndHostsArray = new UserAndHost[userAndHosts.size()];
userAndHosts.toArray(userAndHostsArray);
hostInfo.hosts = userAndHostsArray;
List<UserID> userIDs = meStorage.getUserIDs();
List<String> userIDStrings = new LinkedList<>();
for (UserID userID : userIDs) {
userIDStrings.add(userID.toString());
}
String[] userIDArray = new String[userIDs.size()];
userIDStrings.toArray(userIDArray);
hostInfo.pgpUserIDs = userIDArray;
hostsResponse.hostInfo = hostInfo;
} catch (SQLException e1) {
hostsResponse.error = "sql exception";
}
}
response.hostsResponse = hostsResponse;
return null;
}
@Override
public Void visit(ReadTeamRequest readTeamRequest) throws Unrecoverable {
SuccessOrTaggedErrorResult<JsonObject> result = new SuccessOrTaggedErrorResult<>();
response.readTeamResponse = result;
if (requestAllowed) {
try {
Sigchain.NativeResult<JsonObject> readToken = TeamDataProvider.signReadToken(context, readTeamRequest.publicKey);
if (readToken.success != null) {
result.success = readToken.success;
} else {
result.error = readToken.error;
}
} catch (Native.NotLinked e) {
e.printStackTrace();
result.error = e.getMessage();
}
} else {
response.readTeamResponse.error = "rejected";
}
return null;
}
@Override
public Void visit(LogDecryptionRequest logDecryptionRequest) throws Unrecoverable {
SuccessOrTaggedErrorResult<JsonObject> result = new SuccessOrTaggedErrorResult<>();
response.logDecryptionResponse = result;
if (requestAllowed) {
try {
Sigchain.NativeResult<JsonObject> unwrappedKey = TeamDataProvider.unwrapKey(context, logDecryptionRequest.wrappedKey);
if (unwrappedKey.success != null) {
result.success = unwrappedKey.success;
} else {
result.error = unwrappedKey.error;
}
} catch (Native.NotLinked e) {
e.printStackTrace();
result.error = e.getMessage();
}
} else {
response.logDecryptionResponse.error = "rejected";
}
return null;
}
@Override
public Void visit(TeamOperationRequest teamOperationRequest) throws Unrecoverable {
SuccessOrTaggedErrorResult<Sigchain.TeamOperationResponse> result = new SuccessOrTaggedErrorResult<>();
response.teamOperationResponse = result;
if (requestAllowed) {
try {
Sigchain.NativeResult<Sigchain.TeamOperationResponse> nativeResult = TeamDataProvider.requestTeamOperation(context, teamOperationRequest.operation);
if (nativeResult.success != null) {
response.teamOperationResponse.success = nativeResult.success;
} else {
response.teamOperationResponse.error = nativeResult.error;
}
} catch (Native.NotLinked e) {
e.printStackTrace();
result.error = e.getMessage();
}
} else {
response.teamOperationResponse.error = "rejected";
}
return null;
}
});
response.snsEndpointARN = SNSTransport.getInstance(context).getEndpointARN();
synchronized (Silo.class) {
try {
if (responseDiskCacheByRequestID != null && !responseDiskCacheByRequestID.isClosed()) {
DiskLruCache.Editor cacheEditor = responseDiskCacheByRequestID.edit(request.requestIDCacheKey(pairing));
cacheEditor.set(0, JSON.toJson(response));
cacheEditor.commit();
responseDiskCacheByRequestID.flush();
}
} catch (IOException e) {
e.printStackTrace();
throw new Unrecoverable(e);
}
responseMemCacheByRequestID.put(request.requestIDCacheKey(pairing), response);
}
send(pairing, response);
}
}
Also used :
GitTagSignatureLog(co.krypt.krypton.log.GitTagSignatureLog)
TeamOperationRequest(co.krypt.krypton.protocol.TeamOperationRequest)
SSHKeyPairI(co.krypt.krypton.crypto.SSHKeyPairI)
KnownHost(co.krypt.krypton.knownhosts.KnownHost)
DiskLruCache(com.jakewharton.disklrucache.DiskLruCache)
TagInfo(co.krypt.krypton.git.TagInfo)
List(java.util.List)
ArrayList(java.util.ArrayList)
LinkedList(java.util.LinkedList)
GitTagSignatureLog(co.krypt.krypton.log.GitTagSignatureLog)
Log(android.util.Log)
GitCommitSignatureLog(co.krypt.krypton.log.GitCommitSignatureLog)
SSHSignatureLog(co.krypt.krypton.log.SSHSignatureLog)
HostsRequest(co.krypt.krypton.protocol.HostsRequest)
MeResponse(co.krypt.krypton.protocol.MeResponse)
LogDecryptionRequest(co.krypt.krypton.protocol.LogDecryptionRequest)
UserAndHost(co.krypt.krypton.protocol.UserAndHost)
TeamService(co.krypt.krypton.team.TeamService)
MismatchedHostKeyException(co.krypt.krypton.exception.MismatchedHostKeyException)
HostsResponse(co.krypt.krypton.protocol.HostsResponse)
MeRequest(co.krypt.krypton.protocol.MeRequest)
SQLException(java.sql.SQLException)
GitCommitSignatureLog(co.krypt.krypton.log.GitCommitSignatureLog)
Unrecoverable(co.krypt.krypton.exception.Unrecoverable)
AsciiArmor(co.krypt.krypton.pgp.asciiarmor.AsciiArmor)
StringWriter(java.io.StringWriter)
GitSignResponse(co.krypt.krypton.protocol.GitSignResponse)
SignResponse(co.krypt.krypton.protocol.SignResponse)
GitSignRequest(co.krypt.krypton.protocol.GitSignRequest)
UserID(co.krypt.krypton.pgp.UserID)
CommitInfo(co.krypt.krypton.git.CommitInfo)
RequestBody(co.krypt.krypton.protocol.RequestBody)
GitSignRequestBody(co.krypt.krypton.protocol.GitSignRequestBody)
RequestBody(co.krypt.krypton.protocol.RequestBody)
GitSignRequestBody(co.krypt.krypton.protocol.GitSignRequestBody)
PrintWriter(java.io.PrintWriter)
SuccessOrTaggedErrorResult(co.krypt.krypton.protocol.SuccessOrTaggedErrorResult)
RSASSHKeyPair(co.krypt.krypton.crypto.RSASSHKeyPair)
SignRequest(co.krypt.krypton.protocol.SignRequest)
GitSignRequest(co.krypt.krypton.protocol.GitSignRequest)
Sigchain(co.krypt.krypton.team.Sigchain)
Intent(android.content.Intent)
UnpairRequest(co.krypt.krypton.protocol.UnpairRequest)
IOException(java.io.IOException)
GitSignResponse(co.krypt.krypton.protocol.GitSignResponse)
Analytics(co.krypt.krypton.analytics.Analytics)
CryptoException(co.krypt.krypton.exception.CryptoException)
TransportException(co.krypt.krypton.exception.TransportException)
ProtocolException(co.krypt.krypton.exception.ProtocolException)
SQLException(java.sql.SQLException)
MismatchedHostKeyException(co.krypt.krypton.exception.MismatchedHostKeyException)
IOException(java.io.IOException)
HostsResponse(co.krypt.krypton.protocol.HostsResponse)
GitSignResponse(co.krypt.krypton.protocol.GitSignResponse)
MeResponse(co.krypt.krypton.protocol.MeResponse)
SignResponse(co.krypt.krypton.protocol.SignResponse)
UnpairResponse(co.krypt.krypton.protocol.UnpairResponse)
AckResponse(co.krypt.krypton.protocol.AckResponse)
Response(co.krypt.krypton.protocol.Response)
ReadTeamRequest(co.krypt.krypton.protocol.ReadTeamRequest)
SSHSignatureLog(co.krypt.krypton.log.SSHSignatureLog)
MeStorage(co.krypt.krypton.me.MeStorage)
CryptoException(co.krypt.krypton.exception.CryptoException)
HostInfo(co.krypt.krypton.protocol.HostInfo)
Example 3 with ReadTeamRequest
use of co.krypt.krypton.protocol.ReadTeamRequest in project krypton-android by kryptco.
the class Policy method onAction.
public static void onAction(final Context context, final String requestID, final String action) {
Log.i(TAG, action + " requestID " + requestID);
final Pair<Pairing, Request> pairingAndRequest;
// Lock manually to prevent deadlock from Silo
synchronized (Policy.class) {
pairingAndRequest = pendingRequestCache.remove(requestID);
}
if (pairingAndRequest == null) {
Log.e(TAG, "requestID " + requestID + " not pending");
return;
}
Silo silo = Silo.shared(context);
OpenDatabaseHelper db = silo.pairings().dbHelper;
Notifications.clearRequest(context, pairingAndRequest.second);
switch(action) {
case APPROVE_ONCE:
try {
silo.respondToRequest(pairingAndRequest.first, pairingAndRequest.second, true);
new Analytics(context).postEvent(pairingAndRequest.second.analyticsCategory(), "background approve", "once", null, false);
} catch (Exception e) {
e.printStackTrace();
}
break;
case APPROVE_ALL_TEMPORARILY:
try {
pairingAndRequest.second.body.visit(new RequestBody.Visitor<Void, Unrecoverable>() {
@Override
public Void visit(MeRequest meRequest) throws Unrecoverable {
return null;
}
@Override
public Void visit(SignRequest signRequest) throws Unrecoverable {
try {
Approval.approveSSHAnyHost(db, pairingAndRequest.first.uuid);
} catch (IOException | SQLException e) {
throw new Unrecoverable(e);
}
return null;
}
@Override
public Void visit(GitSignRequest gitSignRequest) throws Unrecoverable {
gitSignRequest.body.visit(new GitSignRequestBody.Visitor<Void, Unrecoverable>() {
@Override
public Void visit(CommitInfo commit) throws Unrecoverable {
try {
Approval.approveGitCommitSignatures(db, pairingAndRequest.first.uuid);
} catch (IOException | SQLException e) {
throw new Unrecoverable(e);
}
return null;
}
@Override
public Void visit(TagInfo tag) throws Unrecoverable {
try {
Approval.approveGitTagSignatures(db, pairingAndRequest.first.uuid);
} catch (IOException | SQLException e) {
throw new Unrecoverable(e);
}
return null;
}
});
return null;
}
@Override
public Void visit(UnpairRequest unpairRequest) throws Unrecoverable {
return null;
}
@Override
public Void visit(HostsRequest hostsRequest) throws Unrecoverable {
return null;
}
@Override
public Void visit(ReadTeamRequest readTeamRequest) throws Unrecoverable {
try {
Approval.approveReadTeamData(db, pairingAndRequest.first.uuid);
} catch (IOException | SQLException e) {
throw new Unrecoverable(e);
}
return null;
}
@Override
public Void visit(LogDecryptionRequest logDecryptionRequest) throws Unrecoverable {
try {
Approval.approveReadTeamData(db, pairingAndRequest.first.uuid);
} catch (IOException | SQLException e) {
throw new Unrecoverable(e);
}
return null;
}
@Override
public Void visit(TeamOperationRequest teamOperationRequest) throws Unrecoverable {
return null;
}
});
silo.respondToRequest(pairingAndRequest.first, pairingAndRequest.second, true);
new Analytics(context).postEvent(pairingAndRequest.second.analyticsCategory(), "background approve", "time", (int) temporaryApprovalSeconds(context, pairingAndRequest.second), false);
} catch (Exception e) {
e.printStackTrace();
}
break;
case APPROVE_THIS_TEMPORARILY:
try {
pairingAndRequest.second.body.visit(new RequestBody.Visitor<Void, Unrecoverable>() {
@Override
public Void visit(MeRequest meRequest) throws Unrecoverable {
return null;
}
@Override
public Void visit(SignRequest signRequest) throws Unrecoverable {
String user = signRequest.user();
if (signRequest.hostNameVerified && signRequest.hostAuth.hostNames.length > 0) {
try {
Approval.approveSSHUserHost(db, pairingAndRequest.first.uuid, user, signRequest.hostAuth.hostNames[0]);
} catch (IOException | SQLException e) {
throw new Unrecoverable(e);
}
}
return null;
}
@Override
public Void visit(GitSignRequest gitSignRequest) throws Unrecoverable {
return null;
}
@Override
public Void visit(UnpairRequest unpairRequest) throws Unrecoverable {
return null;
}
@Override
public Void visit(HostsRequest hostsRequest) throws Unrecoverable {
return null;
}
@Override
public Void visit(ReadTeamRequest readTeamRequest) throws Unrecoverable {
return null;
}
@Override
public Void visit(LogDecryptionRequest logDecryptionRequest) throws Unrecoverable {
return null;
}
@Override
public Void visit(TeamOperationRequest teamOperationRequest) throws Unrecoverable {
return null;
}
});
silo.respondToRequest(pairingAndRequest.first, pairingAndRequest.second, true);
new Analytics(context).postEvent(pairingAndRequest.second.analyticsCategory(), "background approve this", "time", (int) temporaryApprovalSeconds(context, pairingAndRequest.second), false);
} catch (Exception e) {
e.printStackTrace();
}
case REJECT:
try {
silo.respondToRequest(pairingAndRequest.first, pairingAndRequest.second, false);
new Analytics(context).postEvent(pairingAndRequest.second.analyticsCategory(), "background reject", null, null, false);
} catch (Unrecoverable e) {
e.printStackTrace();
}
break;
}
}
Also used :
MeRequest(co.krypt.krypton.protocol.MeRequest)
SQLException(java.sql.SQLException)
Unrecoverable(co.krypt.krypton.exception.Unrecoverable)
TeamOperationRequest(co.krypt.krypton.protocol.TeamOperationRequest)
OpenDatabaseHelper(co.krypt.krypton.db.OpenDatabaseHelper)
GitSignRequest(co.krypt.krypton.protocol.GitSignRequest)
TagInfo(co.krypt.krypton.git.TagInfo)
CommitInfo(co.krypt.krypton.git.CommitInfo)
Pairing(co.krypt.krypton.pairing.Pairing)
Silo(co.krypt.krypton.silo.Silo)
RequestBody(co.krypt.krypton.protocol.RequestBody)
GitSignRequestBody(co.krypt.krypton.protocol.GitSignRequestBody)
SignRequest(co.krypt.krypton.protocol.SignRequest)
GitSignRequest(co.krypt.krypton.protocol.GitSignRequest)
ReadTeamRequest(co.krypt.krypton.protocol.ReadTeamRequest)
UnpairRequest(co.krypt.krypton.protocol.UnpairRequest)
SignRequest(co.krypt.krypton.protocol.SignRequest)
MeRequest(co.krypt.krypton.protocol.MeRequest)
Request(co.krypt.krypton.protocol.Request)
LogDecryptionRequest(co.krypt.krypton.protocol.LogDecryptionRequest)
HostsRequest(co.krypt.krypton.protocol.HostsRequest)
GitSignRequest(co.krypt.krypton.protocol.GitSignRequest)
TeamOperationRequest(co.krypt.krypton.protocol.TeamOperationRequest)
HostsRequest(co.krypt.krypton.protocol.HostsRequest)
IOException(java.io.IOException)
UnpairRequest(co.krypt.krypton.protocol.UnpairRequest)
Analytics(co.krypt.krypton.analytics.Analytics)
SQLException(java.sql.SQLException)
IOException(java.io.IOException)
ReadTeamRequest(co.krypt.krypton.protocol.ReadTeamRequest)
LogDecryptionRequest(co.krypt.krypton.protocol.LogDecryptionRequest)
Example 4 with ReadTeamRequest
use of co.krypt.krypton.protocol.ReadTeamRequest in project krypton-android by kryptco.
the class Notifications method notifySuccessJob.
private static void notifySuccessJob(Context context, Pairing pairing, Request request, @Nullable Log log) {
if (!new Settings(context).approvedNotificationsEnabled()) {
return;
}
Intent resultIntent = new Intent(context, MainActivity.class);
NotificationCompat.Builder mBuilder = buildNotification(context, APPROVED_CHANNEL_ID).setColor(ContextCompat.getColor(context, R.color.colorPrimary)).setAutoCancel(true).setPriority(NotificationCompat.PRIORITY_MAX).setCategory(NotificationCompat.CATEGORY_MESSAGE).setVisibility(NotificationCompat.VISIBILITY_PUBLIC);
if (!new Settings(context).silenceNotifications()) {
mBuilder.setDefaults(Notification.DEFAULT_SOUND).setVibrate(new long[] { 0, 100 });
}
request.body.visit(new RequestBody.Visitor<Void, RuntimeException>() {
@Override
public Void visit(MeRequest meRequest) throws RuntimeException {
return null;
}
@Override
public Void visit(SignRequest signRequest) throws RuntimeException {
mBuilder.setContentTitle("SSH Login Approved").setContentText(pairing.workstationName + ": " + signRequest.display());
RemoteViews remoteViewsSmall = new RemoteViews(context.getPackageName(), R.layout.result_remote);
remoteViewsSmall.setTextViewText(R.id.workstationName, pairing.workstationName);
request.fillShortRemoteViews(remoteViewsSmall, true, log != null ? log.getSignature() : null);
mBuilder.setContent(remoteViewsSmall);
return null;
}
@Override
public Void visit(GitSignRequest gitSignRequest) throws RuntimeException {
mBuilder.setContentTitle(gitSignRequest.title() + " Approved").setContentText(pairing.workstationName + ": " + gitSignRequest.display());
RemoteViews remoteViewsSmall = new RemoteViews(context.getPackageName(), R.layout.result_remote);
remoteViewsSmall.setTextViewText(R.id.workstationName, pairing.workstationName);
gitSignRequest.fillShortRemoteViews(remoteViewsSmall, true, log != null ? log.getSignature() : null);
mBuilder.setContent(remoteViewsSmall);
RemoteViews remoteViewsBig = new RemoteViews(context.getPackageName(), R.layout.result_remote);
remoteViewsBig.setTextViewText(R.id.workstationName, pairing.workstationName);
gitSignRequest.fillRemoteViews(remoteViewsBig, true, log != null ? log.getSignature() : null);
mBuilder.setCustomBigContentView(remoteViewsBig);
return null;
}
@Override
public Void visit(UnpairRequest unpairRequest) throws RuntimeException {
return null;
}
@Override
public Void visit(HostsRequest hostsRequest) throws RuntimeException {
return null;
}
@Override
public Void visit(ReadTeamRequest readTeamRequest) throws RuntimeException {
return null;
}
@Override
public Void visit(LogDecryptionRequest logDecryptionRequest) throws RuntimeException {
return null;
}
@Override
public Void visit(TeamOperationRequest teamOperationRequest) throws RuntimeException {
return null;
}
});
// The stack builder object will contain an artificial back stack for the
// started Activity.
// This ensures that navigating backward from the Activity leads out of
// your application to the Home screen.
TaskStackBuilder stackBuilder = TaskStackBuilder.create(context);
// Adds the back stack for the Intent (but not the Intent itself)
stackBuilder.addParentStack(MainActivity.class);
// Adds the Intent that starts the Activity to the top of the stack
stackBuilder.addNextIntent(resultIntent);
PendingIntent resultPendingIntent = stackBuilder.getPendingIntent(0, PendingIntent.FLAG_UPDATE_CURRENT);
mBuilder.setContentIntent(resultPendingIntent);
NotificationManagerCompat mNotifyMgr = NotificationManagerCompat.from(context);
mNotifyMgr.cancel(0);
mNotifyMgr.notify(0, mBuilder.build());
}
Also used :
MeRequest(co.krypt.krypton.protocol.MeRequest)
SignRequest(co.krypt.krypton.protocol.SignRequest)
GitSignRequest(co.krypt.krypton.protocol.GitSignRequest)
TeamOperationRequest(co.krypt.krypton.protocol.TeamOperationRequest)
NotificationManagerCompat(android.support.v4.app.NotificationManagerCompat)
Intent(android.content.Intent)
PendingIntent(android.app.PendingIntent)
HostsRequest(co.krypt.krypton.protocol.HostsRequest)
UnpairRequest(co.krypt.krypton.protocol.UnpairRequest)
ReadTeamRequest(co.krypt.krypton.protocol.ReadTeamRequest)
RemoteViews(android.widget.RemoteViews)
LogDecryptionRequest(co.krypt.krypton.protocol.LogDecryptionRequest)
GitSignRequest(co.krypt.krypton.protocol.GitSignRequest)
NotificationCompat(android.support.v4.app.NotificationCompat)
PendingIntent(android.app.PendingIntent)
TaskStackBuilder(android.support.v4.app.TaskStackBuilder)
Settings(co.krypt.krypton.settings.Settings)
RequestBody(co.krypt.krypton.protocol.RequestBody)
Example 5 with ReadTeamRequest
use of co.krypt.krypton.protocol.ReadTeamRequest in project krypton-android by kryptco.
the class Notifications method notifyRejectJob.
private static void notifyRejectJob(Context context, Pairing pairing, Request request, String title) {
if (!new Settings(context).approvedNotificationsEnabled()) {
return;
}
Intent resultIntent = new Intent(context, MainActivity.class);
NotificationCompat.Builder mBuilder = buildNotification(context, APPROVED_CHANNEL_ID).setColor(Color.RED).setContentTitle(title).setAutoCancel(true).setPriority(NotificationCompat.PRIORITY_MAX).setCategory(NotificationCompat.CATEGORY_MESSAGE).setVisibility(NotificationCompat.VISIBILITY_PUBLIC);
if (!new Settings(context).silenceNotifications()) {
mBuilder.setDefaults(Notification.DEFAULT_SOUND).setVibrate(new long[] { 0, 100, 100, 100 });
}
request.body.visit(new RequestBody.Visitor<Void, RuntimeException>() {
@Override
public Void visit(MeRequest meRequest) throws RuntimeException {
return null;
}
@Override
public Void visit(SignRequest signRequest) throws RuntimeException {
mBuilder.setContentText(pairing.workstationName + ": " + signRequest.display());
return null;
}
@Override
public Void visit(GitSignRequest gitSignRequest) throws RuntimeException {
mBuilder.setContentTitle(gitSignRequest.title() + " Rejected").setContentText(pairing.workstationName + ": " + gitSignRequest.display());
RemoteViews remoteViewsSmall = new RemoteViews(context.getPackageName(), R.layout.result_remote);
remoteViewsSmall.setTextViewText(R.id.workstationName, pairing.workstationName);
remoteViewsSmall.setTextViewText(R.id.header, "Rejected Request From");
gitSignRequest.fillShortRemoteViews(remoteViewsSmall, false, null);
mBuilder.setCustomContentView(remoteViewsSmall);
RemoteViews remoteViewsBig = new RemoteViews(context.getPackageName(), R.layout.result_remote);
remoteViewsBig.setTextViewText(R.id.workstationName, pairing.workstationName);
remoteViewsBig.setTextViewText(R.id.header, "Rejected Request From");
gitSignRequest.fillRemoteViews(remoteViewsBig, false, null);
mBuilder.setCustomBigContentView(remoteViewsBig);
return null;
}
@Override
public Void visit(UnpairRequest unpairRequest) throws RuntimeException {
return null;
}
@Override
public Void visit(HostsRequest hostsRequest) throws RuntimeException {
return null;
}
@Override
public Void visit(ReadTeamRequest readTeamRequest) throws RuntimeException {
return null;
}
@Override
public Void visit(LogDecryptionRequest logDecryptionRequest) throws RuntimeException {
return null;
}
@Override
public Void visit(TeamOperationRequest teamOperationRequest) throws RuntimeException {
return null;
}
});
TaskStackBuilder stackBuilder = TaskStackBuilder.create(context);
stackBuilder.addParentStack(MainActivity.class);
stackBuilder.addNextIntent(resultIntent);
PendingIntent resultPendingIntent = stackBuilder.getPendingIntent(0, PendingIntent.FLAG_UPDATE_CURRENT);
mBuilder.setContentIntent(resultPendingIntent);
NotificationManagerCompat mNotifyMgr = NotificationManagerCompat.from(context);
mNotifyMgr.notify(0, mBuilder.build());
}
Also used :
MeRequest(co.krypt.krypton.protocol.MeRequest)
SignRequest(co.krypt.krypton.protocol.SignRequest)
GitSignRequest(co.krypt.krypton.protocol.GitSignRequest)
TeamOperationRequest(co.krypt.krypton.protocol.TeamOperationRequest)
NotificationManagerCompat(android.support.v4.app.NotificationManagerCompat)
Intent(android.content.Intent)
PendingIntent(android.app.PendingIntent)
HostsRequest(co.krypt.krypton.protocol.HostsRequest)
UnpairRequest(co.krypt.krypton.protocol.UnpairRequest)
ReadTeamRequest(co.krypt.krypton.protocol.ReadTeamRequest)
RemoteViews(android.widget.RemoteViews)
LogDecryptionRequest(co.krypt.krypton.protocol.LogDecryptionRequest)
GitSignRequest(co.krypt.krypton.protocol.GitSignRequest)
NotificationCompat(android.support.v4.app.NotificationCompat)
PendingIntent(android.app.PendingIntent)
TaskStackBuilder(android.support.v4.app.TaskStackBuilder)
Settings(co.krypt.krypton.settings.Settings)
RequestBody(co.krypt.krypton.protocol.RequestBody)
Aggregations
GitSignRequest (co.krypt.krypton.protocol.GitSignRequest)6
HostsRequest (co.krypt.krypton.protocol.HostsRequest)6
LogDecryptionRequest (co.krypt.krypton.protocol.LogDecryptionRequest)6
MeRequest (co.krypt.krypton.protocol.MeRequest)6
ReadTeamRequest (co.krypt.krypton.protocol.ReadTeamRequest)6
RequestBody (co.krypt.krypton.protocol.RequestBody)6
SignRequest (co.krypt.krypton.protocol.SignRequest)6
TeamOperationRequest (co.krypt.krypton.protocol.TeamOperationRequest)6
UnpairRequest (co.krypt.krypton.protocol.UnpairRequest)6
Intent (android.content.Intent)4
PendingIntent (android.app.PendingIntent)3
NotificationCompat (android.support.v4.app.NotificationCompat)3
NotificationManagerCompat (android.support.v4.app.NotificationManagerCompat)3
TaskStackBuilder (android.support.v4.app.TaskStackBuilder)3
RemoteViews (android.widget.RemoteViews)3
Log (android.util.Log)2
Analytics (co.krypt.krypton.analytics.Analytics)2
Unrecoverable (co.krypt.krypton.exception.Unrecoverable)2
CommitInfo (co.krypt.krypton.git.CommitInfo)2
TagInfo (co.krypt.krypton.git.TagInfo)2
