See file's metadata to validate SSH key (#709)

* See file's metadata to validate SSH key * See file's metadata to validate SSH key * change exception to throw and refactoring * catch IOException and IllegalArgumentException as equal * run ./gradlew spotlessApply * Apply suggestions from code review * validate BEGIN, END markers and size != 0 * Apply suggestions from code review * Update app/src/main/java/com/zeapo/pwdstore/UserPreference.kt * Don't throw on SSH key import failure * Style nits * Codestyle and copy nits Co-authored-by: Fabian Henneke <fabian@henneke.me> Co-authored-by: Harsh Shandilya <me@msfjarvis.dev>
author: Diogenes Molinares <amolinares19@gmail.com> 2020-04-16 13:51:24 +0200
committer: GitHub <noreply@github.com> 2020-04-16 17:21:24 +0530
commit: f269bc7d28f43743648a346288749f5b7f878402 (patch)
tree: 42ecd7dd898a4db87293b95009cd36a2c238d15b /app/src/main/java
parent: e4aa673537f198034755ed1113754fbbe05b0138 (diff)
1 files changed, 44 insertions, 8 deletions
diff --git a/app/src/main/java/com/zeapo/pwdstore/UserPreference.kt b/app/src/main/java/com/zeapo/pwdstore/UserPreference.kt
index 9dd8f418..4590e678 100644
--- a/app/src/main/java/com/zeapo/pwdstore/UserPreference.kt
+++ b/app/src/main/java/com/zeapo/pwdstore/UserPreference.kt
@@ -14,6 +14,7 @@ import android.os.Build
 import android.os.Bundle
 import android.os.Environment
 import android.provider.DocumentsContract
+import android.provider.OpenableColumns
 import android.provider.Settings
 import android.text.TextUtils
 import android.view.MenuItem
@@ -519,9 +520,32 @@ class UserPreference : AppCompatActivity() {
         startActivityForResult(intent, SET_CUSTOM_XKPWD_DICT)
     }
 
-    @Throws(IOException::class)
+    @Throws(IllegalArgumentException::class, IOException::class)
     private fun copySshKey(uri: Uri) {
-        // TODO: Check if valid SSH Key before import
+        // See metadata from document to validate SSH key
+        contentResolver.query(uri, null, null, null, null, null)?.use { cursor ->
+            val sizeIndex = cursor.getColumnIndex(OpenableColumns.SIZE)
+            // cursor returns only 1 row
+            cursor.moveToFirst()
+            // see file's metadata
+            val fileSize = cursor.getInt(sizeIndex)
+            // We assume that an SSH key's ideal size is > 0 bytes && < 100 kilobytes.
+            if (fileSize > 100000 || fileSize == 0) {
+                throw IllegalArgumentException("Wrong file type selected")
+            } else {
+                // Validate BEGIN and END markers
+                val lines = contentResolver.openInputStream(uri)?.bufferedReader()?.readLines()
+                // The file must have more than 2 lines, and the first and last line must have
+                // OpenSSH key markers.
+                if (lines != null &&
+                    lines.size > 2 &&
+                    !lines[0].contains("BEGIN OPENSSH PRIVATE KEY") &&
+                    !lines[lines.size - 1].contains("END OPENSSH PRIVATE KEY")) {
+                    throw IllegalArgumentException("Wrong file type selected")
+                }
+            }
+        }
+
         val sshKeyInputStream = contentResolver.openInputStream(uri)
         if (sshKeyInputStream != null) {
 
@@ -597,12 +621,24 @@ class UserPreference : AppCompatActivity() {
                         setResult(Activity.RESULT_OK)
 
                         finish()
-                    } catch (e: IOException) {
-                        MaterialAlertDialogBuilder(this)
-                                .setTitle(this.resources.getString(R.string.ssh_key_error_dialog_title))
-                                .setMessage(this.resources.getString(R.string.ssh_key_error_dialog_text) + e.message)
-                                .setPositiveButton(this.resources.getString(R.string.dialog_ok), null)
-                                .show()
+                    } catch (e: Exception) {
+                        when (e) {
+                            is IOException,
+                            is IllegalArgumentException -> {
+                                MaterialAlertDialogBuilder(this)
+                                        .setTitle(resources.getString(R.string.ssh_key_error_dialog_title))
+                                        .setMessage(getString(R.string.ssh_key_import_error_not_an_ssh_key_message))
+                                        .setPositiveButton(resources.getString(R.string.dialog_ok), null)
+                                        .show()
+                            }
+                            else -> {
+                                MaterialAlertDialogBuilder(this)
+                                        .setTitle(resources.getString(R.string.ssh_key_error_dialog_title))
+                                        .setMessage(resources.getString(R.string.ssh_key_error_dialog_text) + e.message)
+                                        .setPositiveButton(resources.getString(R.string.dialog_ok), null)
+                                        .show()
+                            }
+                        }
                     }
                 }
                 EDIT_GIT_INFO -> {
author	Diogenes Molinares <amolinares19@gmail.com>	2020-04-16 13:51:24 +0200
committer	GitHub <noreply@github.com>	2020-04-16 17:21:24 +0530
commit	f269bc7d28f43743648a346288749f5b7f878402 (patch)
tree	42ecd7dd898a4db87293b95009cd36a2c238d15b /app/src/main/java
parent	e4aa673537f198034755ed1113754fbbe05b0138 (diff)