luckyimnotanigger/Aegis
1
0
Fork 0
mirror of https://github.com/beemdevelopment/Aegis.git synced 2025-05-14 14:02:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Always copy VaultFileCredentials when accessing it

Browse source 
This makes sure that mutations to the credentails can only ever be persisted
intentionally.
This commit is contained in:
Alexander Bakker 2022-10-05 19:28:53 +02:00
parent 8ae8130b71
commit adc9179364
3 changed files with 14 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

4
app/src/main/java/com/beemdevelopment/aegis/ui/fragments/preferences/SecurityPreferencesFragment.java
View file

@ -241,10 +241,12 @@ public class SecurityPreferencesFragment extends PreferencesFragment {
if (!isBackupPasswordSet()) { if (!isBackupPasswordSet()) {
Dialogs.showSetPasswordDialog(requireActivity(), new SetBackupPasswordListener()); Dialogs.showSetPasswordDialog(requireActivity(), new SetBackupPasswordListener());
} else { } else {
SlotList slots = _vaultManager.getVault().getCredentials().getSlots(); VaultFileCredentials creds = _vaultManager.getVault().getCredentials();
SlotList slots = creds.getSlots();
for (Slot slot : slots.findBackupPasswordSlots()) { for (Slot slot : slots.findBackupPasswordSlots()) {
slots.remove(slot); slots.remove(slot);
} }
_vaultManager.getVault().setCredentials(creds);
saveAndBackupVault(); saveAndBackupVault();
updateEncryptionPreferences(); updateEncryptionPreferences();

9
app/src/main/java/com/beemdevelopment/aegis/vault/VaultFileCredentials.java
View file

@ -1,9 +1,12 @@
package com.beemdevelopment.aegis.vault; package com.beemdevelopment.aegis.vault;
import androidx.annotation.NonNull;
import com.beemdevelopment.aegis.crypto.CryptParameters; import com.beemdevelopment.aegis.crypto.CryptParameters;
import com.beemdevelopment.aegis.crypto.CryptResult; import com.beemdevelopment.aegis.crypto.CryptResult;
import com.beemdevelopment.aegis.crypto.MasterKey; import com.beemdevelopment.aegis.crypto.MasterKey;
import com.beemdevelopment.aegis.crypto.MasterKeyException; import com.beemdevelopment.aegis.crypto.MasterKeyException;
import com.beemdevelopment.aegis.util.Cloner;
import com.beemdevelopment.aegis.vault.slots.SlotList; import com.beemdevelopment.aegis.vault.slots.SlotList;
import java.io.Serializable; import java.io.Serializable;
@ -45,4 +48,10 @@ public class VaultFileCredentials implements Serializable {
public VaultFileCredentials exportable() { public VaultFileCredentials exportable() {
return new VaultFileCredentials(_key, _slots.exportable()); return new VaultFileCredentials(_key, _slots.exportable());
} }
@NonNull
@Override
public VaultFileCredentials clone() {
return Cloner.clone(this);
}
} }

4
app/src/main/java/com/beemdevelopment/aegis/vault/VaultRepository.java
View file

@ -220,11 +220,11 @@ public class VaultRepository {
} }
public VaultFileCredentials getCredentials() { public VaultFileCredentials getCredentials() {
return _creds; return _creds == null ? null : _creds.clone();
} }
public void setCredentials(VaultFileCredentials creds) { public void setCredentials(VaultFileCredentials creds) {
_creds = creds; _creds = creds == null ? null : creds.clone();
} }
public boolean isEncryptionEnabled() { public boolean isEncryptionEnabled() {