Use SSHJ for SSH public key authentication

android-password-store · May 27, 2020 · 6745b62 · 6745b62
1 parent 1566524
commit 6745b62
Show file tree

Hide file tree

Showing 17 changed files with 402 additions and 350 deletions.
diff --git a/app/build.gradle b/app/build.gradle
@@ -101,6 +101,8 @@ dependencies {
         exclude group: 'org.apache.httpcomponents', module: 'httpclient'
     }
     implementation deps.third_party.jsch
+    implementation deps.third_party.sshj
+    implementation deps.third_party.bouncycastle
     implementation deps.third_party.openpgp_ktx
     implementation deps.third_party.ssh_auth
     implementation deps.third_party.timber

diff --git a/app/lint.xml b/app/lint.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?><!--
+  ~ Copyright © 2014-2020 The Android Password Store Authors. All Rights Reserved.
+  ~ SPDX-License-Identifier: GPL-3.0-only
+  -->
+<lint>
+    <issue id="InvalidPackage">
+        <ignore regexp="X509LDAPCertStoreSpi" />
+    </issue>
+</lint>
diff --git a/app/proguard-rules.pro b/app/proguard-rules.pro
@@ -24,3 +24,6 @@
 -dontobfuscate
 -keep class com.jcraft.jsch.**
 -keep class org.eclipse.jgit.internal.JGitText { *; }
+-keep class org.bouncycastle.jcajce.provider.** { *; }
+-keep class org.bouncycastle.jce.provider.** { *; }
+-keep class !org.bouncycastle.jce.provider.X509LDAPCertStoreSpi { *; }
diff --git a/app/src/main/java/com/zeapo/pwdstore/git/BaseGitActivity.kt b/app/src/main/java/com/zeapo/pwdstore/git/BaseGitActivity.kt
@@ -146,10 +146,11 @@ abstract class BaseGitActivity : AppCompatActivity() {
         }
         if (PasswordRepository.isInitialized)
             PasswordRepository.addRemote("origin", newUrl, true)
-        // HTTPS authentication sends the password to the server, so we must wipe the password when
-        // the server is changed.
-        if (previousUrl.isNotEmpty() && newUrl != previousUrl && protocol == Protocol.Https)
+        // When the server changes, remote password and host key file should be deleted.
+        if (previousUrl.isNotEmpty() && newUrl != previousUrl) {
             encryptedSettings.edit { remove("https_password") }
+            File("$filesDir/.host_key").delete()
+        }
         url = newUrl
         return GitUpdateUrlResult.Ok
     }
@@ -201,8 +202,7 @@ abstract class BaseGitActivity : AppCompatActivity() {
                     return
                 }
             }
-            op.executeAfterAuthentication(connectionMode, serverUser,
-                File("$filesDir/.ssh_key"), identity)
+            op.executeAfterAuthentication(connectionMode, serverUser, identity)
         } catch (e: Exception) {
             e.printStackTrace()
             MaterialAlertDialogBuilder(this).setMessage(e.message).show()

diff --git a/app/src/main/java/com/zeapo/pwdstore/git/BreakOutOfDetached.kt b/app/src/main/java/com/zeapo/pwdstore/git/BreakOutOfDetached.kt
@@ -62,10 +62,10 @@ class BreakOutOfDetached(fileDir: File, callingActivity: Activity) : GitOperatio
             .execute(*this.commands.toTypedArray())
     }
 
-    override fun onError(errorMessage: String) {
+    override fun onError(err: Exception) {
         MaterialAlertDialogBuilder(callingActivity)
             .setTitle(callingActivity.resources.getString(R.string.jgit_error_dialog_title))
-            .setMessage("Error occurred when checking out another branch operation $errorMessage")
+            .setMessage("Error occurred when checking out another branch operation ${err.message}")
             .setPositiveButton(callingActivity.resources.getString(R.string.dialog_ok)) { _, _ ->
                 callingActivity.finish()
             }.show()

diff --git a/app/src/main/java/com/zeapo/pwdstore/git/CloneOperation.kt b/app/src/main/java/com/zeapo/pwdstore/git/CloneOperation.kt
@@ -34,43 +34,18 @@ class CloneOperation(fileDir: File, callingActivity: Activity) : GitOperation(fi
         return this
     }
 
-    /**
-     * sets the authentication for user/pwd scheme
-     *
-     * @param username the username
-     * @param password the password
-     * @return the current object
-     */
-    public override fun setAuthentication(username: String, password: String): CloneOperation {
-        super.setAuthentication(username, password)
-        return this
-    }
-
-    /**
-     * sets the authentication for the ssh-key scheme
-     *
-     * @param sshKey the ssh-key file
-     * @param username the username
-     * @param passphrase the passphrase
-     * @return the current object
-     */
-    public override fun setAuthentication(sshKey: File, username: String, passphrase: String): CloneOperation {
-        super.setAuthentication(sshKey, username, passphrase)
-        return this
-    }
-
     override fun execute() {
         (this.command as? CloneCommand)?.setCredentialsProvider(this.provider)
         GitAsyncTask(callingActivity, false, this, Intent()).execute(this.command)
     }
 
-    override fun onError(errorMessage: String) {
-        super.onError(errorMessage)
+    override fun onError(err: Exception) {
+        super.onError(err)
         MaterialAlertDialogBuilder(callingActivity)
             .setTitle(callingActivity.resources.getString(R.string.jgit_error_dialog_title))
             .setMessage("Error occurred during the clone operation, " +
                 callingActivity.resources.getString(R.string.jgit_error_dialog_text) +
-                errorMessage +
+                err.message +
                 "\nPlease check the FAQ for possible reasons why this error might occur.")
             .setPositiveButton(callingActivity.resources.getString(R.string.dialog_ok)) { _, _ -> }
             .show()

diff --git a/app/src/main/java/com/zeapo/pwdstore/git/GitAsyncTask.java b/app/src/main/java/com/zeapo/pwdstore/git/GitAsyncTask.java