From e14a61dbf622e44dcd8c3a54304fab98a5efa8b2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20Sch=C3=A4ttgen?= <michael@schattgen.me>
Date: Sun, 16 Aug 2020 22:45:02 +0200
Subject: [PATCH] Add panic trigger which deletes vault

Add guardianproject fdroid signing key and minor review improvements

Add minor review fixes

Add panic trigger which deletes vault

Add guardianproject fdroid signing key and minor review improvements
---
 app/build.gradle                              |  1 +
 app/src/main/AndroidManifest.xml              | 12 +++++
 .../beemdevelopment/aegis/Preferences.java    |  4 ++
 .../pins/GuardianProjectFDroidRSA2048.java    | 14 ++++++
 .../pins/GuardianProjectFDroidRSA4096.java    | 14 ++++++
 .../aegis/ui/ExitActivity.java                | 26 ++++++++++
 .../aegis/ui/PanicResponderActivity.java      | 47 +++++++++++++++++++
 .../aegis/vault/VaultManager.java             |  6 +++
 app/src/main/res/values/strings.xml           |  4 ++
 app/src/main/res/xml/preferences.xml          |  6 +++
 10 files changed, 134 insertions(+)
 create mode 100644 app/src/main/java/com/beemdevelopment/aegis/crypto/pins/GuardianProjectFDroidRSA2048.java
 create mode 100644 app/src/main/java/com/beemdevelopment/aegis/crypto/pins/GuardianProjectFDroidRSA4096.java
 create mode 100644 app/src/main/java/com/beemdevelopment/aegis/ui/ExitActivity.java
 create mode 100644 app/src/main/java/com/beemdevelopment/aegis/ui/PanicResponderActivity.java

diff --git a/app/build.gradle b/app/build.gradle
index b7606d30..47d71338 100644
--- a/app/build.gradle
+++ b/app/build.gradle
@@ -139,6 +139,7 @@ dependencies {
     implementation 'de.hdodenhof:circleimageview:3.1.0'
     implementation 'de.psdev.licensesdialog:licensesdialog:2.1.0'
     implementation 'net.lingala.zip4j:zip4j:2.6.4'
+    implementation 'info.guardianproject.trustedintents:trustedintents:0.2'
     implementation 'org.bouncycastle:bcprov-jdk15on:1.65'
 
     androidTestImplementation 'androidx.test:core:1.3.0'
diff --git a/app/src/main/AndroidManifest.xml b/app/src/main/AndroidManifest.xml
index a93309fa..56357fcc 100644
--- a/app/src/main/AndroidManifest.xml
+++ b/app/src/main/AndroidManifest.xml
@@ -71,8 +71,20 @@
         <activity
             android:name=".ui.GroupManagerActivity"
             android:label="@string/title_activity_manage_groups" />
+        <activity android:name=".ui.ExitActivity" />
 
         <service android:name=".services.NotificationService" />
+
+        <activity
+            android:name=".ui.PanicResponderActivity"
+            android:launchMode="singleInstance"
+            android:noHistory="true"
+            android:theme="@android:style/Theme.NoDisplay">
+            <intent-filter>
+                <action android:name="info.guardianproject.panic.action.TRIGGER" />
+                <category android:name="android.intent.category.DEFAULT" />
+            </intent-filter>
+        </activity>
     </application>
 
 </manifest>
\ No newline at end of file
diff --git a/app/src/main/java/com/beemdevelopment/aegis/Preferences.java b/app/src/main/java/com/beemdevelopment/aegis/Preferences.java
index dc520b10..13282cdb 100644
--- a/app/src/main/java/com/beemdevelopment/aegis/Preferences.java
+++ b/app/src/main/java/com/beemdevelopment/aegis/Preferences.java
@@ -45,6 +45,10 @@ public class Preferences {
         return _prefs.getBoolean("pref_highlight_entry", false);
     }
 
+    public boolean isPanicTriggerEnabled() {
+        return _prefs.getBoolean("pref_panic_trigger", false);
+    }
+
     public boolean isSecureScreenEnabled() {
         // screen security should be enabled by default, but not for debug builds
         return _prefs.getBoolean("pref_secure_screen", !BuildConfig.DEBUG);
diff --git a/app/src/main/java/com/beemdevelopment/aegis/crypto/pins/GuardianProjectFDroidRSA2048.java b/app/src/main/java/com/beemdevelopment/aegis/crypto/pins/GuardianProjectFDroidRSA2048.java
new file mode 100644
index 00000000..0f82b565
--- /dev/null
+++ b/app/src/main/java/com/beemdevelopment/aegis/crypto/pins/GuardianProjectFDroidRSA2048.java
@@ -0,0 +1,14 @@
+package com.beemdevelopment.aegis.crypto.pins;
+
+import info.guardianproject.trustedintents.ApkSignaturePin;
+
+public final class GuardianProjectFDroidRSA2048 extends ApkSignaturePin {
+
+    public GuardianProjectFDroidRSA2048() {
+        fingerprints = new String[]{
+                "927f7e38b6acbecd84e02dace33efa9a7a2f0979750f28f585688ee38b3a4e28",
+        };
+        certificates = new byte[][]{
+                {48, -126, 3, 95, 48, -126, 2, 71, -96, 3, 2, 1, 2, 2, 4, 28, -30, 107, -102, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 11, 5, 0, 48, 96, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 75, 49, 12, 48, 10, 6, 3, 85, 4, 8, 19, 3, 79, 82, 71, 49, 12, 48, 10, 6, 3, 85, 4, 7, 19, 3, 79, 82, 71, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 102, 100, 114, 111, 105, 100, 46, 111, 114, 103, 49, 15, 48, 13, 6, 3, 85, 4, 11, 19, 6, 70, 68, 114, 111, 105, 100, 49, 15, 48, 13, 6, 3, 85, 4, 3, 19, 6, 70, 68, 114, 111, 105, 100, 48, 30, 23, 13, 49, 55, 49, 50, 48, 55, 49, 55, 51, 48, 52, 50, 90, 23, 13, 52, 53, 48, 52, 50, 52, 49, 55, 51, 48, 52, 50, 90, 48, 96, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 75, 49, 12, 48, 10, 6, 3, 85, 4, 8, 19, 3, 79, 82, 71, 49, 12, 48, 10, 6, 3, 85, 4, 7, 19, 3, 79, 82, 71, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 102, 100, 114, 111, 105, 100, 46, 111, 114, 103, 49, 15, 48, 13, 6, 3, 85, 4, 11, 19, 6, 70, 68, 114, 111, 105, 100, 49, 15, 48, 13, 6, 3, 85, 4, 3, 19, 6, 70, 68, 114, 111, 105, 100, 48, -126, 1, 34, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 1, 5, 0, 3, -126, 1, 15, 0, 48, -126, 1, 10, 2, -126, 1, 1, 0, -107, -115, -106, 1, -26, 72, -105, -99, 62, 3, -55, 34, 99, -112, -68, -20, -115, 31, 34, 118, -50, 12, -32, -59, 74, -58, -37, -87, 21, 105, 36, -82, 13, -51, 66, 4, 55, -111, 13, -46, -7, -69, -15, 36, 118, -7, 101, -86, 123, -83, -103, 110, 116, -54, 112, 46, 12, 96, -76, -48, -70, -33, -81, 52, 59, 73, 107, -126, -72, -25, 32, 93, 29, -20, 5, -41, -27, 123, -9, 104, -31, -59, -1, -83, -93, 99, 85, -116, -62, -55, 18, -63, 6, -51, -110, 33, 9, 7, -49, 102, -20, -122, -124, -68, 93, -102, 31, 48, 86, 96, -99, 105, -52, 95, 12, 57, 99, 12, -24, 70, 40, -99, -20, -21, -85, -70, -105, 95, 117, -31, 126, -126, -39, 46, -62, 59, -23, -74, 108, -12, -56, -40, -96, 79, -37, -82, 1, 99, -104, 48, -60, 92, 14, 109, 127, -22, 31, 115, -27, 108, 9, 92, 118, -45, 103, 117, 57, -50, -82, 114, -113, 68, -82, 87, 96, 111, 72, 65, -63, 12, 31, -34, -31, -55, -101, 101, 101, 59, 73, -119, -122, 82, 28, 47, -108, -85, 59, 46, 89, -93, -1, 9, -11, -51, 63, -44, 109, -76, -103, -26, -49, -80, 6, 52, -27, 73, -104, 40, 2, -101, -124, 60, -52, -105, -70, -24, -62, 88, 38, 53, -99, -92, 31, 119, 26, 79, 60, -124, 25, -115, -89, -115, -109, 0, 6, 122, -78, 116, 82, 3, 39, -67, 45, -43, 17, -39, 2, 3, 1, 0, 1, -93, 33, 48, 31, 48, 29, 6, 3, 85, 29, 14, 4, 22, 4, 20, 63, 109, -42, -109, 25, 22, 7, -37, -22, -41, -38, 58, -56, 2, -68, -38, -22, 65, -28, -60, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 11, 5, 0, 3, -126, 1, 1, 0, 94, 17, 31, 36, 85, -11, 85, 44, 19, -80, -20, -92, -118, 93, 40, 45, 96, 31, -3, -37, -110, -96, 102, 81, 61, -74, -125, -117, -112, 58, -47, 17, 78, -18, 111, -116, 26, -91, 73, 100, 84, -99, 21, 87, 73, -106, 108, -51, -125, -21, 119, -88, -78, 2, 82, -109, -64, -9, -86, -112, -115, 66, -86, 46, 71, 107, -65, 96, -102, 47, 35, -45, -126, 33, 34, 121, -25, -85, -121, -56, -42, 22, -1, -95, -86, 81, 100, -70, 113, 104, -73, 22, -19, 79, -19, 52, 62, 42, 76, -112, 94, -34, 42, -57, -75, -90, -58, 118, 127, -106, -39, 108, -56, -79, 103, -33, 22, 3, 47, 103, -76, -81, 53, -22, -44, -26, -102, 63, -99, 39, 38, -108, 75, 33, 10, 25, -110, -125, -115, 114, -69, 73, -112, 36, 74, 77, -82, -44, 29, -123, -8, -117, 71, -105, 15, -109, 51, 22, 4, 80, 1, 43, 118, 121, -113, -70, 83, -56, 82, -110, 4, -63, 16, -57, 126, -70, 81, 73, 61, 2, -61, 24, -14, -10, 4, -21, 90, 24, 66, 41, -57, -60, -113, -18, -54, -1, 103, -75, 32, -64, 67, 103, 109, -79, -12, -113, -27, 114, 89, 116, 115, -13, -123, -70, 61, -41, -46, -118, 29, -105, -97, -75, 39, -51, 60, 88, 125, 55, -46, -95, 52, 57, 52, -115, 80, 44, 109, 119, -116, -62, -77, -74, -88, 41, 57, -65, -71, -115, -67, 23, 66, -21, 56, 51, -91, 109},};
+    }
+}
\ No newline at end of file
diff --git a/app/src/main/java/com/beemdevelopment/aegis/crypto/pins/GuardianProjectFDroidRSA4096.java b/app/src/main/java/com/beemdevelopment/aegis/crypto/pins/GuardianProjectFDroidRSA4096.java
new file mode 100644
index 00000000..eb4a8629
--- /dev/null
+++ b/app/src/main/java/com/beemdevelopment/aegis/crypto/pins/GuardianProjectFDroidRSA4096.java
@@ -0,0 +1,14 @@
+package com.beemdevelopment.aegis.crypto.pins;
+
+import info.guardianproject.trustedintents.ApkSignaturePin;
+
+public final class GuardianProjectFDroidRSA4096 extends ApkSignaturePin {
+
+    public GuardianProjectFDroidRSA4096() {
+        fingerprints = new String[]{
+                "927f7e38b6acbecd84e02dace33efa9a7a2f0979750f28f585688ee38b3a4e28",
+        };
+        certificates = new byte[][]{
+                {48, -126, 3, 95, 48, -126, 2, 71, -96, 3, 2, 1, 2, 2, 4, 28, -30, 107, -102, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 11, 5, 0, 48, 96, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 75, 49, 12, 48, 10, 6, 3, 85, 4, 8, 19, 3, 79, 82, 71, 49, 12, 48, 10, 6, 3, 85, 4, 7, 19, 3, 79, 82, 71, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 102, 100, 114, 111, 105, 100, 46, 111, 114, 103, 49, 15, 48, 13, 6, 3, 85, 4, 11, 19, 6, 70, 68, 114, 111, 105, 100, 49, 15, 48, 13, 6, 3, 85, 4, 3, 19, 6, 70, 68, 114, 111, 105, 100, 48, 30, 23, 13, 49, 55, 49, 50, 48, 55, 49, 55, 51, 48, 52, 50, 90, 23, 13, 52, 53, 48, 52, 50, 52, 49, 55, 51, 48, 52, 50, 90, 48, 96, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 75, 49, 12, 48, 10, 6, 3, 85, 4, 8, 19, 3, 79, 82, 71, 49, 12, 48, 10, 6, 3, 85, 4, 7, 19, 3, 79, 82, 71, 49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 102, 100, 114, 111, 105, 100, 46, 111, 114, 103, 49, 15, 48, 13, 6, 3, 85, 4, 11, 19, 6, 70, 68, 114, 111, 105, 100, 49, 15, 48, 13, 6, 3, 85, 4, 3, 19, 6, 70, 68, 114, 111, 105, 100, 48, -126, 1, 34, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 1, 5, 0, 3, -126, 1, 15, 0, 48, -126, 1, 10, 2, -126, 1, 1, 0, -107, -115, -106, 1, -26, 72, -105, -99, 62, 3, -55, 34, 99, -112, -68, -20, -115, 31, 34, 118, -50, 12, -32, -59, 74, -58, -37, -87, 21, 105, 36, -82, 13, -51, 66, 4, 55, -111, 13, -46, -7, -69, -15, 36, 118, -7, 101, -86, 123, -83, -103, 110, 116, -54, 112, 46, 12, 96, -76, -48, -70, -33, -81, 52, 59, 73, 107, -126, -72, -25, 32, 93, 29, -20, 5, -41, -27, 123, -9, 104, -31, -59, -1, -83, -93, 99, 85, -116, -62, -55, 18, -63, 6, -51, -110, 33, 9, 7, -49, 102, -20, -122, -124, -68, 93, -102, 31, 48, 86, 96, -99, 105, -52, 95, 12, 57, 99, 12, -24, 70, 40, -99, -20, -21, -85, -70, -105, 95, 117, -31, 126, -126, -39, 46, -62, 59, -23, -74, 108, -12, -56, -40, -96, 79, -37, -82, 1, 99, -104, 48, -60, 92, 14, 109, 127, -22, 31, 115, -27, 108, 9, 92, 118, -45, 103, 117, 57, -50, -82, 114, -113, 68, -82, 87, 96, 111, 72, 65, -63, 12, 31, -34, -31, -55, -101, 101, 101, 59, 73, -119, -122, 82, 28, 47, -108, -85, 59, 46, 89, -93, -1, 9, -11, -51, 63, -44, 109, -76, -103, -26, -49, -80, 6, 52, -27, 73, -104, 40, 2, -101, -124, 60, -52, -105, -70, -24, -62, 88, 38, 53, -99, -92, 31, 119, 26, 79, 60, -124, 25, -115, -89, -115, -109, 0, 6, 122, -78, 116, 82, 3, 39, -67, 45, -43, 17, -39, 2, 3, 1, 0, 1, -93, 33, 48, 31, 48, 29, 6, 3, 85, 29, 14, 4, 22, 4, 20, 63, 109, -42, -109, 25, 22, 7, -37, -22, -41, -38, 58, -56, 2, -68, -38, -22, 65, -28, -60, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 11, 5, 0, 3, -126, 1, 1, 0, 94, 17, 31, 36, 85, -11, 85, 44, 19, -80, -20, -92, -118, 93, 40, 45, 96, 31, -3, -37, -110, -96, 102, 81, 61, -74, -125, -117, -112, 58, -47, 17, 78, -18, 111, -116, 26, -91, 73, 100, 84, -99, 21, 87, 73, -106, 108, -51, -125, -21, 119, -88, -78, 2, 82, -109, -64, -9, -86, -112, -115, 66, -86, 46, 71, 107, -65, 96, -102, 47, 35, -45, -126, 33, 34, 121, -25, -85, -121, -56, -42, 22, -1, -95, -86, 81, 100, -70, 113, 104, -73, 22, -19, 79, -19, 52, 62, 42, 76, -112, 94, -34, 42, -57, -75, -90, -58, 118, 127, -106, -39, 108, -56, -79, 103, -33, 22, 3, 47, 103, -76, -81, 53, -22, -44, -26, -102, 63, -99, 39, 38, -108, 75, 33, 10, 25, -110, -125, -115, 114, -69, 73, -112, 36, 74, 77, -82, -44, 29, -123, -8, -117, 71, -105, 15, -109, 51, 22, 4, 80, 1, 43, 118, 121, -113, -70, 83, -56, 82, -110, 4, -63, 16, -57, 126, -70, 81, 73, 61, 2, -61, 24, -14, -10, 4, -21, 90, 24, 66, 41, -57, -60, -113, -18, -54, -1, 103, -75, 32, -64, 67, 103, 109, -79, -12, -113, -27, 114, 89, 116, 115, -13, -123, -70, 61, -41, -46, -118, 29, -105, -97, -75, 39, -51, 60, 88, 125, 55, -46, -95, 52, 57, 52, -115, 80, 44, 109, 119, -116, -62, -77, -74, -88, 41, 57, -65, -71, -115, -67, 23, 66, -21, 56, 51, -91, 109},};
+    }
+}
\ No newline at end of file
diff --git a/app/src/main/java/com/beemdevelopment/aegis/ui/ExitActivity.java b/app/src/main/java/com/beemdevelopment/aegis/ui/ExitActivity.java
new file mode 100644
index 00000000..b5b37329
--- /dev/null
+++ b/app/src/main/java/com/beemdevelopment/aegis/ui/ExitActivity.java
@@ -0,0 +1,26 @@
+package com.beemdevelopment.aegis.ui;
+
+import android.app.Activity;
+import android.content.Context;
+import android.content.Intent;
+import android.os.Bundle;
+
+public class ExitActivity extends Activity {
+
+    @Override
+    protected void onCreate(Bundle savedInstanceState) {
+        super.onCreate(savedInstanceState);
+
+        finishAndRemoveTask();
+    }
+
+    public static void exitAppAndRemoveFromRecents(Context context) {
+        Intent intent = new Intent(context, ExitActivity.class);
+        intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK |
+                Intent.FLAG_ACTIVITY_CLEAR_TASK |
+                Intent.FLAG_ACTIVITY_NO_ANIMATION |
+                Intent.FLAG_ACTIVITY_EXCLUDE_FROM_RECENTS);
+
+        context.startActivity(intent);
+    }
+}
diff --git a/app/src/main/java/com/beemdevelopment/aegis/ui/PanicResponderActivity.java b/app/src/main/java/com/beemdevelopment/aegis/ui/PanicResponderActivity.java
new file mode 100644
index 00000000..abb7d879
--- /dev/null
+++ b/app/src/main/java/com/beemdevelopment/aegis/ui/PanicResponderActivity.java
@@ -0,0 +1,47 @@
+package com.beemdevelopment.aegis.ui;
+
+import android.content.Intent;
+import android.os.Bundle;
+import android.widget.Toast;
+
+import com.beemdevelopment.aegis.Preferences;
+import com.beemdevelopment.aegis.R;
+import com.beemdevelopment.aegis.crypto.pins.GuardianProjectFDroidRSA2048;
+import com.beemdevelopment.aegis.vault.VaultManager;
+
+import info.guardianproject.GuardianProjectRSA4096;
+import info.guardianproject.trustedintents.TrustedIntents;
+
+public class PanicResponderActivity extends AegisActivity {
+    public static final String PANIC_TRIGGER_ACTION = "info.guardianproject.panic.action.TRIGGER";
+
+    @Override
+    protected void onCreate(Bundle savedInstanceState) {
+        super.onCreate(savedInstanceState);
+        Preferences prefs = getPreferences();
+
+        if(!prefs.isPanicTriggerEnabled()) {
+            Toast.makeText(this, R.string.panic_trigger_ignore_toast, Toast.LENGTH_SHORT).show();
+            finish();
+        }
+
+        TrustedIntents trustedIntents = TrustedIntents.get(this);
+        trustedIntents.addTrustedSigner(GuardianProjectRSA4096.class);
+        trustedIntents.addTrustedSigner(GuardianProjectFDroidRSA2048.class);
+
+        Intent intent = trustedIntents.getIntentFromTrustedSender(this);
+        if (intent != null && PANIC_TRIGGER_ACTION.equals(intent.getAction())) {
+            getApp().lock(false);
+            VaultManager.deleteFile(this);
+            finishApp();
+        }
+
+        finish();
+    }
+
+    private void finishApp() {
+        ExitActivity.exitAppAndRemoveFromRecents(this);
+
+        finishAndRemoveTask();
+    }
+}
diff --git a/app/src/main/java/com/beemdevelopment/aegis/vault/VaultManager.java b/app/src/main/java/com/beemdevelopment/aegis/vault/VaultManager.java
index f5f470cb..f0b34317 100644
--- a/app/src/main/java/com/beemdevelopment/aegis/vault/VaultManager.java
+++ b/app/src/main/java/com/beemdevelopment/aegis/vault/VaultManager.java
@@ -46,6 +46,12 @@ public class VaultManager {
         return file.exists() && file.isFile();
     }
 
+    public static void deleteFile(Context context) {
+        AtomicFile file = new AtomicFile(new File(context.getFilesDir(), FILENAME));
+
+        file.delete();
+    }
+
     public static VaultFile readFile(Context context) throws VaultManagerException {
         AtomicFile file = new AtomicFile(new File(context.getFilesDir(), FILENAME));
 
diff --git a/app/src/main/res/values/strings.xml b/app/src/main/res/values/strings.xml
index 136d20fb..4372155d 100644
--- a/app/src/main/res/values/strings.xml
+++ b/app/src/main/res/values/strings.xml
@@ -325,4 +325,8 @@
     <string name="dialog_wipe_entries_title">Wipe entries</string>
     <string name="dialog_wipe_entries_message">Your vault already contains entries. Do you want to remove these entries before importing this file?\n\n<b>In doing so, you will permanently lose access to the existing entries in the vault.</b></string>
     <string name="dialog_wipe_entries_checkbox">Wipe vault contents</string>
+
+    <string name="panic_trigger_ignore_toast">Aegis received panic trigger but setting is disabled, ignoring</string>
+    <string name="pref_panic_trigger_title">Delete vault on panic trigger</string>
+    <string name="pref_panic_trigger_summary">Delete vault when a panic trigger is received from Ripple</string>
 </resources>
diff --git a/app/src/main/res/xml/preferences.xml b/app/src/main/res/xml/preferences.xml
index 4e5b840d..c38b8aea 100644
--- a/app/src/main/res/xml/preferences.xml
+++ b/app/src/main/res/xml/preferences.xml
@@ -70,6 +70,12 @@
             android:title="@string/pref_highlight_entry_title"
             android:summary="@string/pref_highlight_entry_summary"
             app:iconSpaceReserved="false"/>
+        <androidx.preference.SwitchPreferenceCompat
+            android:defaultValue="false"
+            android:key="pref_panic_trigger"
+            android:title="@string/pref_panic_trigger_title"
+            android:summary="@string/pref_panic_trigger_summary"
+            app:iconSpaceReserved="false"/>
     </PreferenceCategory>
 
     <PreferenceCategory