VirgilSecurity
diff --git a/‎build.gradle‎
Lines changed: 1 addition & 1 deletion b/‎build.gradle‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎ethree-common/src/androidTest/java/com/virgilsecurity/android/common/worker/GroupTests.kt‎
Lines changed: 42 additions & 5 deletions b/‎ethree-common/src/androidTest/java/com/virgilsecurity/android/common/worker/GroupTests.kt‎
Lines changed: 42 additions & 5 deletions
diff --git a/‎ethree-common/src/main/java/com/virgilsecurity/android/common/EThreeCore.kt‎
Lines changed: 55 additions & 4 deletions b/‎ethree-common/src/main/java/com/virgilsecurity/android/common/EThreeCore.kt‎
Lines changed: 55 additions & 4 deletions
diff --git a/‎ethree-common/src/main/java/com/virgilsecurity/android/common/storage/cloud/CloudKeyManager.kt‎
Lines changed: 36 additions & 4 deletions b/‎ethree-common/src/main/java/com/virgilsecurity/android/common/storage/cloud/CloudKeyManager.kt‎
Lines changed: 36 additions & 4 deletions
diff --git a/‎ethree-common/src/main/java/com/virgilsecurity/android/common/worker/AuthEncryptWorker.kt‎
Lines changed: 10 additions & 0 deletions b/‎ethree-common/src/main/java/com/virgilsecurity/android/common/worker/AuthEncryptWorker.kt‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎ethree-common/src/main/java/com/virgilsecurity/android/common/worker/AuthorizationWorker.kt‎
Lines changed: 11 additions & 1 deletion b/‎ethree-common/src/main/java/com/virgilsecurity/android/common/worker/AuthorizationWorker.kt‎
Lines changed: 11 additions & 1 deletion
@@ -141,7 +141,7 @@ def getGradleOrSystemProperty(String name, Project project) {
 final String BASE_VIRGIL_PACKAGE = 'com.virgilsecurity'
 
 // Packages versions
-final String SDK_VERSION = '2.0.8'
+final String SDK_VERSION = '2.0.9'
 
 subprojects {
     group BASE_VIRGIL_PACKAGE
 
@@ -751,16 +751,53 @@ class GroupTests {
         }
     }
 
-    private fun createEThree(): EThree {
-        val identity = UUID.randomUUID().toString()
+    @Test fun restored_ethree_encryption() {
+        val ethree2 = createEThree()
+
+        val identities = listOf(ethree2.identity)
+
+        val card1 = ethree2.findUser(this.ethree.identity).get()
+
+        // User1 creates group, encrypts
+        val lookup = this.ethree.findUsers(identities).get()
+        val group1 = this.ethree.createGroup(this.groupId, lookup).get()
+
+        val message1 = UUID.randomUUID().toString()
+        val encrypted1 = group1.encrypt(message1)
+        val selfDecrypted1 = group1.decrypt(encrypted1, card1)
+        assertEquals(message1, selfDecrypted1)
+
+        // User2 updates group, decrypts
+        val group2 = ethree2.loadGroup(this.groupId, card1).get()
+        val decrypted1 = group2.decrypt(encrypted1, card1)
+        assertEquals(message1, decrypted1)
+
+        val message2 = UUID.randomUUID().toString()
+        val encrypted2 = group2.encrypt(message2)
+
+        // User1 restarts ethree, decrypts
+        val ethreeRestored = createEThree(this.ethree.identity)
+        val restoredGroup1 = ethreeRestored.getGroup(this.groupId)
+        val restoredDecrypted1 = restoredGroup1?.decrypt(encrypted1, card1)
+        assertEquals(message1, restoredDecrypted1)
+
+        val card2 = ethreeRestored.findUser(ethree2.identity).get()
+        val decrypted2 = restoredGroup1?.decrypt(encrypted2, card2)
+        assertEquals(message2, decrypted2)
+    }
+
+    private fun createEThree(identity: String? = null): EThree {
+        val ethreeIdentity = identity ?: UUID.randomUUID().toString()
         val tokenCallback = object : OnGetTokenCallback {
             override fun onGetToken(): String {
-                return TestUtils.generateTokenString(identity)
+                return TestUtils.generateTokenString(ethreeIdentity)
             }
         }
 
-        val ethree = EThree(identity, tokenCallback, TestConfig.context)
-        ethree.register().execute()
+        val ethree = EThree(ethreeIdentity, tokenCallback, TestConfig.context)
+        if (identity == null) {
+            ethree.register().execute()
+        }
         return ethree
     }
 }
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2020, Virgil Security, Inc.
+ * Copyright (c) 2015-2021, Virgil Security, Inc.
  *
  * Lead Maintainer: Virgil Security Inc. <support@virgilsecurity.com>
  *
@@ -134,6 +134,7 @@ abstract class EThreeCore {
                           enableRatchet: Boolean,
                           keyRotationInterval: TimeSpan,
                           context: Context) {
+        logger.fine("Create new EThree instance for $identity")
 
         this.identity = identity
 
@@ -169,6 +170,8 @@ abstract class EThreeCore {
      * is available only after child object of `EThreeCore` is constructed.
      */
     protected fun initializeCore() {
+        logger.finer("Initialize EThree core")
+
         this.localKeyStorage = LocalKeyStorage(identity, keyStorage, crypto)
         this.cloudRatchetStorage = CloudRatchetStorage(accessTokenProvider, localKeyStorage)
 
@@ -401,7 +404,30 @@ abstract class EThreeCore {
      * user's identity is already present in Virgil cloud.
      */
     fun backupPrivateKey(password: String): Completable =
-            backupWorker.backupPrivateKey(password)
+            backupWorker.backupPrivateKey(null, password)
+
+    /**
+     * Encrypts the user's private key using the user's [password] and backs up the encrypted
+     * private key to Virgil's cloud. This enables users to log in from other devices and have
+     * access to their private key to decrypt data.
+     *
+     * Encrypts loaded from private keys local storage user's *Private key* using *Public key*
+     * that is generated based on provided [password] after that backs up encrypted user's
+     * *Private key* to the Virgil's cloud storage.
+     *
+     * Can be called only if private key is on the device otherwise
+     * [EThreeException.Description.MISSING_PRIVATE_KEY] exception will be thrown.
+     *
+     * To start execution of the current function, please see [Completable] description.
+     *
+     * @param keyName Is a name that would be used to store backup in the cloud.
+     *
+     * @throws EThreeException.Description.MISSING_PRIVATE_KEY
+     * @throws EThreeException.Description.PRIVATE_KEY_BACKUP_EXISTS If private key with current
+     * user's identity is already present in Virgil cloud.
+     */
+    fun backupPrivateKey(keyName: String, password: String): Completable =
+            backupWorker.backupPrivateKey(keyName, password)
 
     /**
      * Pulls user's private key from the Virgil's cloud, decrypts it with *Private key* that
@@ -417,7 +443,25 @@ abstract class EThreeCore {
      * already present on the device locally.
      */
     fun restorePrivateKey(password: String): Completable =
-            backupWorker.restorePrivateKey(password)
+            backupWorker.restorePrivateKey(null, password)
+
+    /**
+     * Pulls user's private key from the Virgil's cloud, decrypts it with *Private key* that
+     * is generated based on provided [password] and saves it to the current private keys
+     * local storage.
+     *
+     * To start execution of the current function, please see [Completable] description.
+     *
+     * @param keyName Is a name that been used to store backup in the cloud.
+     *
+     * @throws EThreeException.Description.NO_PRIVATE_KEY_BACKUP If private key backup was not
+     * found.
+     * @throws EThreeException(EThreeException.Description.WRONG_PASSWORD) If [password] is wrong.
+     * @throws EThreeException(EThreeException.Description.PRIVATE_KEY_EXISTS) If private key
+     * already present on the device locally.
+     */
+    fun restorePrivateKey(keyName: String, password: String): Completable =
+            backupWorker.restorePrivateKey(keyName, password)
 
     /**
      * Changes the password on a backed-up private key.
@@ -1273,7 +1317,9 @@ abstract class EThreeCore {
     data class PrivateKeyChangedParams(val card: Card, val isNew: Boolean)
 
     internal fun privateKeyChanged(params: PrivateKeyChangedParams? = null) {
+        logger.finer("Private key changed")
         if (params != null) {
+            logger.finest("Store card in card storage")
             lookupManager.cardStorage.storeCard(params.card)
         }
 
@@ -1288,6 +1334,7 @@ abstract class EThreeCore {
     }
 
     internal fun privateKeyDeleted() {
+        logger.finer("Private key deleted")
         lookupManager.cardStorage.reset()
         groupManager?.localGroupStorage?.reset()
         tempChannelManager?.localStorage?.reset()
@@ -1366,9 +1413,11 @@ abstract class EThreeCore {
     }
 
     private fun setupRatchet(params: PrivateKeyChangedParams? = null, keyPair: VirgilKeyPair) {
+        logger.fine("Setup Ratchet")
         if (!enableRatchet) throw EThreeRatchetException(EThreeRatchetException.Description.RATCHET_IS_DISABLED)
 
         if (params != null) {
+            logger.finer("Setup Ratchet with params. isNew = ${params.isNew}")
             val chat = setupSecureChat(keyPair, params.card)
 
             if (params.isNew) {
@@ -1394,6 +1443,7 @@ abstract class EThreeCore {
 
             scheduleKeysRotation(chat, false)
         } else {
+            logger.finer("Setup Ratchet without params")
             val card = findCachedUser(this.identity).get() ?: throw EThreeRatchetException(
                 EThreeRatchetException.Description.NO_SELF_CARD_LOCALLY
             )
@@ -1419,11 +1469,12 @@ abstract class EThreeCore {
     }
 
     private fun scheduleKeysRotation(chat: SecureChat, startFromNow: Boolean) {
+        logger.finer("Schedule keys rotation. Start from now = $startFromNow")
         val secureChat = getSecureChat()
 
         this.timer = RepeatingTimer(this.keyRotationInterval, startFromNow, object : TimerTask() {
             override fun run() {
-                logger.info("\"Key rotation started\"")
+                logger.info("Key rotation started")
 
                 try {
                     val logs = secureChat.rotateKeys().get()
 
@@ -40,18 +40,27 @@ import com.virgilsecurity.android.common.util.Const.VIRGIL_BASE_URL
 import com.virgilsecurity.keyknox.KeyknoxManager
 import com.virgilsecurity.keyknox.client.HttpClient
 import com.virgilsecurity.keyknox.client.KeyknoxClient
+import com.virgilsecurity.keyknox.client.KeyknoxPullParams
+import com.virgilsecurity.keyknox.client.KeyknoxPushParams
+import com.virgilsecurity.keyknox.cloud.CloudEntrySerializer
 import com.virgilsecurity.keyknox.cloud.CloudKeyStorage
 import com.virgilsecurity.keyknox.exception.DecryptionFailedException
+import com.virgilsecurity.keyknox.exception.EntrySavingException
 import com.virgilsecurity.keyknox.exception.KeyknoxCryptoException
+import com.virgilsecurity.keyknox.model.CloudEntries
 import com.virgilsecurity.keyknox.model.CloudEntry
+import com.virgilsecurity.keyknox.utils.Serializer
 import com.virgilsecurity.pythia.brainkey.BrainKey
 import com.virgilsecurity.pythia.brainkey.BrainKeyContext
 import com.virgilsecurity.pythia.client.VirgilPythiaClient
 import com.virgilsecurity.pythia.crypto.VirgilPythiaCrypto
 import com.virgilsecurity.sdk.crypto.VirgilCrypto
 import com.virgilsecurity.sdk.crypto.VirgilPrivateKey
 import com.virgilsecurity.sdk.jwt.contract.AccessTokenProvider
+import com.virgilsecurity.sdk.storage.JsonKeyEntry
+import com.virgilsecurity.sdk.utils.ConvertionUtils
 import java.net.URL
+import java.util.*
 
 /**
  * CloudKeyManager
@@ -85,13 +94,36 @@ internal class CloudKeyManager internal constructor(
 
     internal fun exists(password: String) = setupCloudKeyStorage(password).exists(identity)
 
-    internal fun store(key: VirgilPrivateKey, password: String) {
+    internal fun store(key: VirgilPrivateKey, keyName: String?, password: String) {
         val exportedIdentityKey = this.crypto.exportPrivateKey(key)
-        setupCloudKeyStorage(password).store(this.identity, exportedIdentityKey)
+        if (keyName == null) {
+            // Store key in keyknox v1
+            setupCloudKeyStorage(password).store(this.identity, exportedIdentityKey)
+        } else {
+            // Store key in keyknox v2
+            val brainKeyPair = this.brainKey.generateKeyPair(password)
+            val pullParams = KeyknoxPullParams(this.identity, "e3kit", "backup", keyName)
+            val keyknoxValue = this.keyknoxManager.pullValue(pullParams, listOf(brainKeyPair.publicKey), brainKeyPair.privateKey)
+
+            val params = KeyknoxPushParams(listOf(this.identity), "e3kit", "backup", keyName)
+            val now = Date()
+            val entry = CloudEntry(this.identity, exportedIdentityKey, now, now, mapOf())
+            this.keyknoxManager.pushValue(params, ConvertionUtils.toBytes(Serializer.gson.toJson(entry)), keyknoxValue.keyknoxHash, listOf(brainKeyPair.publicKey), brainKeyPair.privateKey)
+        }
     }
 
-    internal fun retrieve(password: String): CloudEntry {
-        return setupCloudKeyStorage(password).retrieve(identity)
+    internal fun retrieve(keyName: String?, password: String): CloudEntry {
+        if (keyName == null) {
+            // Retrieve key from keyknox v1
+            return setupCloudKeyStorage(password).retrieve(keyName ?: this.identity)
+        } else {
+            // Retrieve key from keyknox v2
+            val brainKeyPair = this.brainKey.generateKeyPair(password)
+            val pullParams = KeyknoxPullParams(this.identity, "e3kit", "backup", keyName)
+            val keyknoxValue = this.keyknoxManager.pullValue(pullParams, listOf(brainKeyPair.publicKey), brainKeyPair.privateKey)
+            val entry = Serializer.gson.fromJson<CloudEntry>(ConvertionUtils.toString(keyknoxValue.value), CloudEntry::class.java)
+            return entry
+        }
     }
 
     internal fun delete(password: String) {
 
@@ -38,12 +38,14 @@ import com.virgilsecurity.android.common.model.FindUsersResult
 import com.virgilsecurity.android.common.storage.local.LocalKeyStorage
 import com.virgilsecurity.common.extension.toData
 import com.virgilsecurity.common.model.Data
+import com.virgilsecurity.keyknox.utils.unwrapCompanionClass
 import com.virgilsecurity.sdk.cards.Card
 import com.virgilsecurity.sdk.crypto.VirgilCrypto
 import com.virgilsecurity.sdk.crypto.VirgilPublicKey
 import com.virgilsecurity.sdk.crypto.exceptions.VerificationException
 import java.nio.charset.StandardCharsets
 import java.util.*
+import java.util.logging.Logger
 
 /**
  * AuthEncryptWorker
@@ -63,6 +65,7 @@ internal class AuthEncryptWorker internal constructor(
             decryptInternal(data, user?.publicKey)
 
     internal fun authDecrypt(data: Data, user: Card, date: Date): Data {
+        logger.fine("Auth decrypt data with card ${user.identifier}")
         var card = user
 
         while (card.previousCard != null) {
@@ -77,6 +80,7 @@ internal class AuthEncryptWorker internal constructor(
     }
 
     @JvmOverloads internal fun authDecrypt(text: String, user: Card? = null): String {
+        logger.fine("Auth decrypt text with card ${user?.identifier}")
         val data = try {
             Data.fromBase64String(text)
         } catch (exception: IllegalArgumentException) {
@@ -89,6 +93,7 @@ internal class AuthEncryptWorker internal constructor(
     }
 
     internal fun authDecrypt(text: String, user: Card, date: Date): String {
+        logger.fine("Auth decrypt text with card ${user.identifier}")
         val data = try {
             Data.fromBase64String(text)
         } catch (exception: IllegalArgumentException) {
@@ -101,6 +106,7 @@ internal class AuthEncryptWorker internal constructor(
     }
 
     @JvmOverloads internal fun authEncrypt(text: String, users: FindUsersResult? = null): String {
+        logger.fine("Auth encrypt text")
         if (users != null) require(users.isNotEmpty()) { "Passed empty FindUsersResult" }
 
         val data = try {
@@ -143,4 +149,8 @@ internal class AuthEncryptWorker internal constructor(
             }
         }
     }
+
+    companion object {
+        private val logger = Logger.getLogger(unwrapCompanionClass(this::class.java).name)
+    }
 }
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2020, Virgil Security, Inc.
+ * Copyright (c) 2015-2021, Virgil Security, Inc.
  *
  * Lead Maintainer: Virgil Security Inc. <support@virgilsecurity.com>
  *
@@ -36,8 +36,10 @@ package com.virgilsecurity.android.common.worker
 import com.virgilsecurity.android.common.exception.EThreeException
 import com.virgilsecurity.android.common.storage.local.LocalKeyStorage
 import com.virgilsecurity.common.model.Completable
+import com.virgilsecurity.keyknox.utils.unwrapCompanionClass
 import com.virgilsecurity.sdk.cards.CardManager
 import com.virgilsecurity.sdk.crypto.VirgilKeyPair
+import java.util.logging.Logger
 
 /**
  * AuthorizationWorker
@@ -54,6 +56,7 @@ internal class AuthorizationWorker internal constructor(
     @JvmOverloads
     internal fun register(keyPair: VirgilKeyPair? = null) = object : Completable {
         override fun execute() {
+            logger.fine("Register new key pair")
             if (localKeyStorage.exists())
                 throw EThreeException(EThreeException.Description.PRIVATE_KEY_EXISTS)
 
@@ -70,6 +73,7 @@ internal class AuthorizationWorker internal constructor(
 
     @Synchronized internal fun unregister() = object : Completable {
         override fun execute() {
+            logger.fine("Unregister key pair")
             val cards = cardManager.searchCards(this@AuthorizationWorker.identity)
             if (cards.isEmpty()) {
                 throw EThreeException(EThreeException.Description.USER_IS_NOT_REGISTERED)
@@ -85,6 +89,7 @@ internal class AuthorizationWorker internal constructor(
 
     @Synchronized internal fun rotatePrivateKey() = object : Completable {
         override fun execute() {
+            logger.fine("Rotate private key")
             if (localKeyStorage.exists())
                 throw EThreeException(EThreeException.Description.PRIVATE_KEY_EXISTS)
 
@@ -99,7 +104,12 @@ internal class AuthorizationWorker internal constructor(
     internal fun hasLocalPrivateKey() = localKeyStorage.exists()
 
     internal fun cleanup() {
+        logger.fine("Cleanup")
         localKeyStorage.delete()
         privateKeyDeleted()
     }
+
+    companion object {
+        private val logger = Logger.getLogger(unwrapCompanionClass(this::class.java).name)
+    }
 }