Revert "Store passwords encrypted"

This reverts commit a3063c3da4.
2025-12-27 16:10:58 +01:00 · 2019-03-11 14:19:33 +00:00
parent 285340244e
commit cb78dddb4e
10 changed files with 27 additions and 1688 deletions
--- a/app/src/main/java/eu/faircode/email/Helper.java
+++ b/app/src/main/java/eu/faircode/email/Helper.java
@@ -42,10 +42,7 @@ import android.os.Build;
 import android.os.Bundle;
 import android.os.PowerManager;
 import android.preference.PreferenceManager;
-import android.security.keystore.KeyGenParameterSpec;
-import android.security.keystore.KeyProperties;
 import android.text.TextUtils;
-import android.util.Base64;
 import android.view.Menu;
 import android.view.View;
 import android.view.ViewGroup;
@@ -80,8 +77,6 @@ import java.io.UnsupportedEncodingException;
 import java.net.InetAddress;
 import java.net.URL;
 import java.net.UnknownHostException;
-import java.nio.charset.StandardCharsets;
-import java.security.KeyStore;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.text.DateFormat;
@@ -96,10 +91,6 @@ import java.util.Map;
 import java.util.Objects;
 import java.util.concurrent.ThreadFactory;

-import javax.crypto.Cipher;
-import javax.crypto.KeyGenerator;
-import javax.crypto.SecretKey;
-import javax.crypto.spec.GCMParameterSpec;
 import javax.mail.Address;
 import javax.mail.AuthenticationFailedException;
 import javax.mail.FolderClosedException;
@@ -109,7 +100,6 @@ import javax.mail.internet.InternetAddress;
 import javax.net.ssl.HttpsURLConnection;

 import androidx.annotation.NonNull;
-import androidx.annotation.RequiresApi;
 import androidx.browser.customtabs.CustomTabsIntent;
 import androidx.core.content.ContextCompat;
 import androidx.lifecycle.Lifecycle;
@@ -819,12 +809,12 @@ public class Helper {

    static void connect(Context context, IMAPStore istore, EntityAccount account) throws MessagingException {
        try {
-            istore.connect(account.host, account.port, account.user, account.getPassword());
+            istore.connect(account.host, account.port, account.user, account.password);
        } catch (AuthenticationFailedException ex) {
            if (account.auth_type == AUTH_TYPE_GMAIL) {
-                account.setPassword(refreshToken(context, "com.google", account.user, account.getPassword()));
+                account.password = refreshToken(context, "com.google", account.user, account.password);
                DB.getInstance(context).account().setAccountPassword(account.id, account.password);
-                istore.connect(account.host, account.port, account.user, account.getPassword());
+                istore.connect(account.host, account.port, account.user, account.password);
            } else
                throw ex;
        }
@@ -1053,56 +1043,4 @@ public class Helper {
            return organization;
        }
    }
-
-    @RequiresApi(api = Build.VERSION_CODES.M)
-    private static SecretKey getSecretKey() throws Throwable {
-        final String alias = BuildConfig.APPLICATION_ID + ".key";
-
-        KeyStore store = KeyStore.getInstance("AndroidKeyStore");
-        store.load(null);
-
-        KeyStore.SecretKeyEntry entry = (KeyStore.SecretKeyEntry) store.getEntry(alias, null);
-        if (entry != null)
-            return entry.getSecretKey();
-
-        KeyGenerator generator = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, "AndroidKeyStore");
-        KeyGenParameterSpec spec = new KeyGenParameterSpec.Builder(alias,
-                KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
-                .setBlockModes(KeyProperties.BLOCK_MODE_GCM)
-                .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
-                .build();
-        generator.init(spec);
-        return generator.generateKey();
-    }
-
-    @RequiresApi(api = Build.VERSION_CODES.M)
-    static String decryptPassword(String secret) {
-        try {
-            int slash = secret.indexOf('/');
-            byte[] iv = Base64.decode(secret.substring(0, slash), Base64.URL_SAFE);
-            byte[] encrypted = Base64.decode(secret.substring(slash + 1), Base64.URL_SAFE);
-            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
-            GCMParameterSpec spec = new GCMParameterSpec(128, iv);
-            cipher.init(Cipher.DECRYPT_MODE, getSecretKey(), spec);
-            byte[] decrypted = cipher.doFinal(encrypted);
-            return new String(decrypted, StandardCharsets.UTF_8);
-        } catch (Throwable ex) {
-            Log.e(ex);
-            return secret;
-        }
-    }
-
-    @RequiresApi(api = Build.VERSION_CODES.M)
-    static String encryptPassword(String plain) {
-        try {
-            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
-            cipher.init(Cipher.ENCRYPT_MODE, getSecretKey());
-            byte[] iv = cipher.getIV();
-            byte[] encrypted = cipher.doFinal(plain.getBytes(StandardCharsets.UTF_8));
-            return Base64.encodeToString(iv, Base64.URL_SAFE) + "/" + Base64.encodeToString(encrypted, Base64.URL_SAFE);
-        } catch (Throwable ex) {
-            Log.e(ex);
-            return plain;
-        }
-    }
 }