use encrypted shared prefs for saving password

yausername · yausername · commit fa8618bc5b81 · 2020-03-09T23:20:21.000+05:30
diff --git a/app/build.gradle b/app/build.gradle
@@ -122,4 +122,6 @@ dependencies {
     implementation "net.lingala.zip4j:zip4j:${zip4j_version}"
 
     implementation "androidx.preference:preference:${preference_version}"
+
+    implementation 'com.github.yausername:EncryptedSharedPreferences:1.0.0-beta01'
 }
diff --git a/app/src/main/AndroidManifest.xml b/app/src/main/AndroidManifest.xml
@@ -14,6 +14,7 @@
     <application
         android:name=".App"
         android:allowBackup="true"
+        android:fullBackupContent="@xml/android_auto_backup_rules"
         android:icon="@mipmap/ic_launcher"
         android:label="@string/app_name"
         android:logo="@mipmap/ic_launcher"
diff --git a/app/src/main/java/org/schabi/newpipe/database/BackupRestoreHelper.java b/app/src/main/java/org/schabi/newpipe/database/BackupRestoreHelper.java
@@ -62,14 +62,9 @@ public void exportDatabase(String path, char[] password) throws Exception {
 
     private void saveSharedPreferencesToFile(File dst) {
         ObjectOutputStream output = null;
-        SharedPreferences pref = null;
-        String password = null;
         try {
             output = new ObjectOutputStream(new FileOutputStream(dst));
-            pref = PreferenceManager.getDefaultSharedPreferences(ctx);
-            // remove password from shared prefs before taking backup
-            password = pref.getString(ctx.getString(R.string.backup_password_key), null);
-            pref.edit().remove(ctx.getString(R.string.backup_password_key)).apply();
+            SharedPreferences pref = PreferenceManager.getDefaultSharedPreferences(ctx);
             output.writeObject(pref.getAll());
         } catch (FileNotFoundException e) {
             e.printStackTrace();
@@ -83,9 +78,6 @@ private void saveSharedPreferencesToFile(File dst) {
                 }
             } catch (IOException ex) {
                 ex.printStackTrace();
-            } finally {
-                // add password again after taking backup
-                if(pref != null) pref.edit().putString(ctx.getString(R.string.backup_password_key), password).apply();
             }
         }
     }
@@ -158,9 +150,7 @@ else if (v instanceof String)
             prefEdit.commit();
         } catch (FileNotFoundException e) {
             e.printStackTrace();
-        } catch (IOException e) {
-            e.printStackTrace();
-        } catch (ClassNotFoundException e) {
+        } catch (IOException | ClassNotFoundException e) {
             e.printStackTrace();
         } finally {
             try {
diff --git a/app/src/main/java/org/schabi/newpipe/settings/AutoBackupWorker.java b/app/src/main/java/org/schabi/newpipe/settings/AutoBackupWorker.java
@@ -1,11 +1,11 @@
 package org.schabi.newpipe.settings;
 
 import android.content.Context;
+import android.content.SharedPreferences;
 import android.os.Build;
 import android.text.TextUtils;
 
 import androidx.annotation.NonNull;
-import androidx.preference.PreferenceManager;
 import androidx.work.Worker;
 import androidx.work.WorkerParameters;
 
@@ -29,7 +29,8 @@ public Result doWork() {
         try {
             new File(autoBackupPath).mkdirs();
             String path = autoBackupPath + File.separator + "NewPipeData-" + Build.MODEL + ".zip";
-            String password = PreferenceManager.getDefaultSharedPreferences(ctx).getString(ctx.getString(R.string.backup_password_key), null);
+            SharedPreferences encryptedSharedPreferences = EncryptedSharedPreferencesHelper.create(ctx);
+            String password = (encryptedSharedPreferences != null) ? encryptedSharedPreferences.getString(ctx.getString(R.string.backup_password_key), null) : null;
             if(TextUtils.isEmpty(password)) return Result.failure();
             backupRestoreHelper.exportDatabase(path, password.toCharArray());
         } catch (Exception e) {
diff --git a/app/src/main/java/org/schabi/newpipe/settings/BackupSettingsFragment.java b/app/src/main/java/org/schabi/newpipe/settings/BackupSettingsFragment.java
@@ -6,6 +6,7 @@
 import android.content.Context;
 import android.content.DialogInterface;
 import android.content.Intent;
+import android.content.SharedPreferences;
 import android.net.Uri;
 import android.os.Bundle;
 import android.text.TextUtils;
@@ -123,6 +124,7 @@ public void onCreatePreferences(Bundle savedInstanceState, String rootKey) {
             if((Boolean) newValue) PermissionHelper.checkStoragePermissions(getActivity(), BACKUP_STORAGE_PERMISSION_REQUEST_CODE);
             return true;
         });
+
         Boolean autoBackup = defaultPreferences.getBoolean(getString(R.string.scheduled_backups_key), false);
         if(autoBackup) PermissionHelper.checkStoragePermissions(getActivity(), BACKUP_STORAGE_PERMISSION_REQUEST_CODE);
 
@@ -303,7 +305,8 @@ private void importDatabase(String filePath) {
     private void scheduleWork(String tag) {
         Boolean autoBackup = defaultPreferences.getBoolean(getString(R.string.scheduled_backups_key), false);
         if(autoBackup){
-            if(TextUtils.isEmpty(defaultPreferences.getString(ctx.getString(R.string.backup_password_key), null))){
+            SharedPreferences encryptedSharedPreferences = EncryptedSharedPreferencesHelper.create(requireContext());
+            if(encryptedSharedPreferences == null || TextUtils.isEmpty(encryptedSharedPreferences.getString(ctx.getString(R.string.backup_password_key), null))){
                 Toast.makeText(ctx, R.string.auto_backup_password_mandatory, Toast.LENGTH_LONG).show();
             }
             Integer interval = Integer.valueOf(defaultPreferences.getString(getString(R.string.backup_frequency_key), "24"));
@@ -317,6 +320,7 @@ private void scheduleWork(String tag) {
         }
     }
 
+
     @Override
     public void onPause() {
         scheduleWork(TAG_AUTO_BACKUP_WORK);
diff --git a/app/src/main/java/org/schabi/newpipe/settings/EncryptedSharedPreferencesHelper.java b/app/src/main/java/org/schabi/newpipe/settings/EncryptedSharedPreferencesHelper.java
@@ -0,0 +1,40 @@
+package org.schabi.newpipe.settings;
+
+import android.content.Context;
+import android.content.SharedPreferences;
+import android.os.Build;
+import android.util.Log;
+
+import androidx.annotation.NonNull;
+import androidx.annotation.Nullable;
+
+import org.schabi.newpipe.MainActivity;
+import org.yausername.encryptedsharedpreferences.EncryptedSharedPreferences;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+
+public class EncryptedSharedPreferencesHelper {
+
+    private static final String TAG = "EncSharedPrefHelper";
+    private static final boolean DEBUG = MainActivity.DEBUG;
+
+    private static final String FILE_NAME = "encryptedPrefs";
+    private static final String MASTER_KEY_ALIAS = "_newpipe_security_master_key_";
+
+    @Nullable
+    public static SharedPreferences create(@NonNull Context context){
+        try {
+            EncryptedSharedPreferences.PrefValueEncryptionScheme prefValueEncryptionScheme;
+            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
+                prefValueEncryptionScheme = EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM;
+            }else{
+                prefValueEncryptionScheme = EncryptedSharedPreferences.PrefValueEncryptionScheme.XCHACHA20_POLY1305;
+            }
+            return EncryptedSharedPreferences.create(FILE_NAME, MASTER_KEY_ALIAS, context, EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV, prefValueEncryptionScheme);
+        } catch (GeneralSecurityException | IOException e) {
+            if(DEBUG) Log.e(TAG, "failed to create encrypted preferences", e);
+            return null;
+        }
+    }
+}
diff --git a/app/src/main/java/org/schabi/newpipe/settings/PasswordPreference.java b/app/src/main/java/org/schabi/newpipe/settings/PasswordPreference.java
@@ -0,0 +1,83 @@
+package org.schabi.newpipe.settings;
+
+import android.content.Context;
+import android.content.SharedPreferences;
+import android.text.TextUtils;
+import android.util.AttributeSet;
+import android.widget.Toast;
+
+import androidx.preference.EditTextPreference;
+
+public class PasswordPreference extends EditTextPreference {
+
+    private final SharedPreferences encryptedSharedPreferences;
+
+    public PasswordPreference(Context context, AttributeSet attrs, int defStyleAttr, int defStyleRes) {
+        super(context, attrs, defStyleAttr, defStyleRes);
+        encryptedSharedPreferences = initEncryptedSharedPreferences();
+    }
+
+    public PasswordPreference(Context context, AttributeSet attrs, int defStyleAttr) {
+        super(context, attrs, defStyleAttr);
+        encryptedSharedPreferences = initEncryptedSharedPreferences();
+    }
+
+    public PasswordPreference(Context context, AttributeSet attrs) {
+        super(context, attrs);
+        encryptedSharedPreferences = initEncryptedSharedPreferences();
+    }
+
+    public PasswordPreference(Context context) {
+        super(context);
+        encryptedSharedPreferences = initEncryptedSharedPreferences();
+    }
+
+    private SharedPreferences initEncryptedSharedPreferences(){
+        return EncryptedSharedPreferencesHelper.create(getContext());
+    }
+
+    @Override
+    public void setText(String text) {
+        final boolean wasBlocking = shouldDisableDependents();
+
+        setPassword(text);
+
+        final boolean isBlocking = shouldDisableDependents();
+        if (isBlocking != wasBlocking) {
+            notifyDependencyChange(isBlocking);
+        }
+
+        notifyChanged();
+    }
+
+    @Override
+    public String getText() {
+        return getPassword();
+    }
+
+    @Override
+    protected void onSetInitialValue(Object defaultValue) {
+        String password = getPassword();
+        setText(password != null ? password : (String) defaultValue);
+    }
+
+    private String getPassword() {
+        if (encryptedSharedPreferences == null){
+            return null;
+        }
+        return encryptedSharedPreferences.getString(getKey(), null);
+    }
+
+    private void setPassword(String password){
+        if(encryptedSharedPreferences == null){
+            Toast.makeText(getContext(), "Failed to save password", Toast.LENGTH_SHORT).show();
+            return;
+        }
+        encryptedSharedPreferences.edit().putString(getKey(), password).apply();
+    }
+
+    @Override
+    public boolean shouldDisableDependents() {
+        return TextUtils.isEmpty(getText()) || !isEnabled();
+    }
+}
diff --git a/app/src/main/res/xml/android_auto_backup_rules.xml b/app/src/main/res/xml/android_auto_backup_rules.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="utf-8"?>
+<full-backup-content>
+    <exclude domain="sharedpref" path="encryptedPrefs.xml"/>
+</full-backup-content>
diff --git a/app/src/main/res/xml/backup_restore_settings.xml b/app/src/main/res/xml/backup_restore_settings.xml
@@ -25,8 +25,9 @@
         android:summary="%s"
         android:title="@string/auto_backup_frequency_title"/>
 
-    <EditTextPreference
+    <org.schabi.newpipe.settings.PasswordPreference
         app:iconSpaceReserved="false"
+        android:persistent="false"
         android:dialogLayout="@layout/dialog_password"
         android:dependency="@string/scheduled_backups_key"
         android:key="@string/backup_password_key"

Original file line number	Diff line number	Diff line change
`@@ -122,4 +122,6 @@ dependencies {`
`122`	`122`	`implementation "net.lingala.zip4j:zip4j:${zip4j_version}"`
`123`	`123`
`124`	`124`	`implementation "androidx.preference:preference:${preference_version}"`
	`125`	`+`
	`126`	`+ implementation 'com.github.yausername:EncryptedSharedPreferences:1.0.0-beta01'`
`125`	`127`	`}`