cthrace/open-keychain
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

full-on autocrypt!

Browse Source
This commit is contained in:
Vincent Breitmoser
2017-06-16 18:29:01 +02:00
parent 1e620e01aa
commit 019e63f681
11 changed files with 297 additions and 125 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/AutocryptPeerDataAccessObject.java
View File

@@ -85,13 +85,30 @@ public class AutocryptPeerDataAccessObject {
return null;
}
public Date getLastUpdateForAutocryptPeer(String autocryptId) {
public Date getLastSeen(String autocryptId) {
Cursor cursor = mQueryInterface.query(ApiAutocryptPeer.buildByPackageNameAndAutocryptId(packageName, autocryptId),
null, null, null, null);
try {
if (cursor != null && cursor.moveToFirst()) {
long lastUpdated = cursor.getColumnIndex(ApiAutocryptPeer.LAST_UPDATED);
long lastUpdated = cursor.getColumnIndex(ApiAutocryptPeer.LAST_SEEN);
return new Date(lastUpdated);
}
} finally {
if (cursor != null) {
cursor.close();
}
}
return null;
}
public Date getLastSeenKey(String autocryptId) {
Cursor cursor = mQueryInterface.query(ApiAutocryptPeer.buildByPackageNameAndAutocryptId(packageName, autocryptId),
null, null, null, null);
try {
if (cursor != null && cursor.moveToFirst()) {
long lastUpdated = cursor.getColumnIndex(ApiAutocryptPeer.LAST_SEEN_KEY);
return new Date(lastUpdated);
}
} finally {
@@ -103,14 +120,36 @@ public class AutocryptPeerDataAccessObject {
}
public void setMasterKeyIdForAutocryptPeer(String autocryptId, long masterKeyId, Date date) {
Date lastUpdated = getLastUpdateForAutocryptPeer(autocryptId);
Date lastUpdated = getLastSeen(autocryptId);
if (lastUpdated != null && lastUpdated.after(date)) {
throw new IllegalArgumentException("Database entry was newer than the one to be inserted! Cannot backdate");
}
ContentValues cv = new ContentValues();
cv.put(ApiAutocryptPeer.MASTER_KEY_ID, masterKeyId);
cv.put(ApiAutocryptPeer.LAST_UPDATED, date.getTime());
cv.put(ApiAutocryptPeer.LAST_SEEN_KEY, date.getTime());
mQueryInterface.update(ApiAutocryptPeer.buildByPackageNameAndAutocryptId(packageName, autocryptId), cv, null, null);
}
public void updateToResetState(String autocryptId, Date effectiveDate) {
updateAutocryptState(autocryptId, effectiveDate, ApiAutocryptPeer.RESET);
}
public void updateToMutualState(String autocryptId, Date effectiveDate, long masterKeyId) {
setMasterKeyIdForAutocryptPeer(autocryptId, masterKeyId, effectiveDate);
updateAutocryptState(autocryptId, effectiveDate, ApiAutocryptPeer.MUTUAL);
}
public void updateToAvailableState(String autocryptId, Date effectiveDate, long masterKeyId) {
setMasterKeyIdForAutocryptPeer(autocryptId, masterKeyId, effectiveDate);
updateAutocryptState(autocryptId, effectiveDate, ApiAutocryptPeer.AVAILABLE);
}
private void updateAutocryptState(String autocryptId, Date date, int status) {
ContentValues cv = new ContentValues();
cv.put(ApiAutocryptPeer.MASTER_KEY_ID, (Integer) null);
cv.put(ApiAutocryptPeer.LAST_SEEN, date.getTime());
cv.put(ApiAutocryptPeer.STATUS, status);
mQueryInterface.update(ApiAutocryptPeer.buildByPackageNameAndAutocryptId(packageName, autocryptId), cv, null, null);
}
}

9
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainContract.java
View File

@@ -98,7 +98,9 @@ public class KeychainContract {
interface ApiAutocryptPeerColumns {
String PACKAGE_NAME = "package_name";
String IDENTIFIER = "identifier";
String LAST_UPDATED = "last_updated";
String LAST_SEEN = "last_updated";
String LAST_SEEN_KEY = "last_seen_key";
String STATUS = "status";
String MASTER_KEY_ID = "master_key_id";
}
@@ -349,6 +351,11 @@ public class KeychainContract {
public static final Uri CONTENT_URI = BASE_CONTENT_URI_INTERNAL.buildUpon()
.appendPath(BASE_AUTOCRYPT_PEERS).build();
public static final int RESET = 0;
public static final int GOSSIP = 1;
public static final int AVAILABLE = 2;
public static final int MUTUAL = 3;
public static Uri buildByKeyUri(Uri uri) {
return CONTENT_URI.buildUpon().appendPath(PATH_BY_KEY_ID).appendPath(uri.getPathSegments().get(1)).build();
}

6
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainDatabase.java
View File

@@ -162,8 +162,10 @@ public class KeychainDatabase extends SQLiteOpenHelper {
"CREATE TABLE IF NOT EXISTS " + Tables.API_AUTOCRYPT_PEERS + " ("
+ ApiAutocryptPeerColumns.PACKAGE_NAME + " TEXT NOT NULL, "
+ ApiAutocryptPeerColumns.IDENTIFIER + " TEXT NOT NULL, "
+ ApiAutocryptPeerColumns.LAST_UPDATED + " INTEGER NOT NULL, "
+ ApiAutocryptPeerColumns.MASTER_KEY_ID + " INTEGER NOT NULL, "
+ ApiAutocryptPeerColumns.LAST_SEEN + " INTEGER NOT NULL, "
+ ApiAutocryptPeerColumns.LAST_SEEN_KEY + " INTEGER NOT NULL, "
+ ApiAutocryptPeerColumns.STATUS + " INTEGER NOT NULL, "
+ ApiAutocryptPeerColumns.MASTER_KEY_ID + " INTEGER NULL, "
+ "PRIMARY KEY(" + ApiAutocryptPeerColumns.PACKAGE_NAME + ", "
+ ApiAutocryptPeerColumns.IDENTIFIER + "), "
+ "FOREIGN KEY(" + ApiAutocryptPeerColumns.PACKAGE_NAME + ") REFERENCES "

17
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainExternalContract.java
View File

@@ -26,6 +26,7 @@ import org.sufficientlysecure.keychain.provider.KeychainContract.ApiAutocryptPee
public class KeychainExternalContract {
public static final int KEY_STATUS_UNAVAILABLE = 0;
public static final int KEY_STATUS_UNVERIFIED = 1;
public static final int KEY_STATUS_VERIFIED = 2;
@@ -35,6 +36,7 @@ public class KeychainExternalContract {
private static final Uri BASE_CONTENT_URI_EXTERNAL = Uri
.parse("content://" + CONTENT_AUTHORITY_EXTERNAL);
public static final String BASE_EMAIL_STATUS = "email_status";
public static final String BASE_AUTOCRYPT_PEER_STATUS = "autocrypt_status";
public static final String BASE_AUTOCRYPT_PEERS = "autocrypt_peers";
@@ -43,8 +45,6 @@ public class KeychainExternalContract {
public static final String USER_ID = "user_id";
public static final String USER_ID_STATUS = "email_status";
public static final String MASTER_KEY_ID = "master_key_id";
public static final String AUTOCRYPT_PEER_LAST_SEEN = "autocrypt_peer_last_seen";
public static final String AUTOCRYPT_PEER_STATE = "autocrypt_peer_state";
public static final Uri CONTENT_URI = BASE_CONTENT_URI_EXTERNAL.buildUpon()
.appendPath(BASE_EMAIL_STATUS).build();
@@ -53,6 +53,19 @@ public class KeychainExternalContract {
"vnd.android.cursor.dir/vnd.org.sufficientlysecure.keychain.provider.email_status";
}
public static class AutocryptPeerStatus implements BaseColumns {
public static final String EMAIL_ADDRESS = "email_address";
public static final String MASTER_KEY_ID = "master_key_id";
public static final String AUTOCRYPT_PEER_LAST_SEEN = "autocrypt_peer_last_seen";
public static final String AUTOCRYPT_PEER_STATUS = "autocrypt_peer_state";
public static final Uri CONTENT_URI = BASE_CONTENT_URI_EXTERNAL.buildUpon()
.appendPath(BASE_EMAIL_STATUS).build();
public static final String CONTENT_TYPE =
"vnd.android.cursor.dir/vnd.org.sufficientlysecure.keychain.provider.autocrypt_status";
}
public static class ApiAutocryptPeer implements ApiAutocryptPeerColumns, BaseColumns {
public static final Uri CONTENT_URI = BASE_CONTENT_URI_EXTERNAL.buildUpon()
.appendPath(BASE_AUTOCRYPT_PEERS).build();

6
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainProvider.java
View File

@@ -676,7 +676,7 @@ public class KeychainProvider extends ContentProvider {
projectionMap.put(ApiAutocryptPeer.PACKAGE_NAME, ApiAutocryptPeer.PACKAGE_NAME);
projectionMap.put(ApiAutocryptPeer.IDENTIFIER, ApiAutocryptPeer.IDENTIFIER);
projectionMap.put(ApiAutocryptPeer.MASTER_KEY_ID, ApiAutocryptPeer.MASTER_KEY_ID);
projectionMap.put(ApiAutocryptPeer.LAST_UPDATED, ApiAutocryptPeer.LAST_UPDATED);
projectionMap.put(ApiAutocryptPeer.LAST_SEEN, ApiAutocryptPeer.LAST_SEEN);
qb.setProjectionMap(projectionMap);
qb.setTables(Tables.API_AUTOCRYPT_PEERS);
@@ -999,7 +999,7 @@ public class KeychainProvider extends ContentProvider {
}
case TRUST_IDS_BY_PACKAGE_NAME_AND_TRUST_ID: {
Long masterKeyId = values.getAsLong(ApiAutocryptPeer.MASTER_KEY_ID);
long updateTime = values.getAsLong(ApiAutocryptPeer.LAST_UPDATED);
long updateTime = values.getAsLong(ApiAutocryptPeer.LAST_SEEN);
if (masterKeyId == null) {
throw new IllegalArgumentException("master_key_id must be a non-null value!");
}
@@ -1009,7 +1009,7 @@ public class KeychainProvider extends ContentProvider {
actualValues.put(ApiAutocryptPeer.PACKAGE_NAME, packageName);
actualValues.put(ApiAutocryptPeer.IDENTIFIER, uri.getLastPathSegment());
actualValues.put(ApiAutocryptPeer.MASTER_KEY_ID, masterKeyId);
actualValues.put(ApiAutocryptPeer.LAST_UPDATED, updateTime);
actualValues.put(ApiAutocryptPeer.LAST_SEEN, updateTime);
try {
db.replace(Tables.API_AUTOCRYPT_PEERS, null, actualValues);

86
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/KeychainExternalProvider.java
View File

@@ -48,6 +48,7 @@ import org.sufficientlysecure.keychain.provider.KeychainDatabase;
import org.sufficientlysecure.keychain.provider.KeychainDatabase.Tables;
import org.sufficientlysecure.keychain.provider.KeychainExternalContract;
import org.sufficientlysecure.keychain.provider.KeychainExternalContract.ApiAutocryptPeer;
import org.sufficientlysecure.keychain.provider.KeychainExternalContract.AutocryptPeerStatus;
import org.sufficientlysecure.keychain.provider.KeychainExternalContract.EmailStatus;
import org.sufficientlysecure.keychain.provider.SimpleContentResolverInterface;
import org.sufficientlysecure.keychain.util.Log;
@@ -58,6 +59,8 @@ public class KeychainExternalProvider extends ContentProvider implements SimpleC
private static final int AUTOCRYPT_PEER = 201;
private static final int API_APPS = 301;
private static final int API_APPS_BY_PACKAGE_NAME = 302;
private static final int AUTOCRYPT_PEER_STATUS = 401;
private static final int AUTOCRYPT_PEER_STATUS_INTERNAL = 402;
public static final String TEMP_TABLE_QUERIED_ADDRESSES = "queried_addresses";
public static final String TEMP_TABLE_COLUMN_ADDRES = "address";
@@ -88,6 +91,9 @@ public class KeychainExternalProvider extends ContentProvider implements SimpleC
matcher.addURI(authority, KeychainExternalContract.BASE_AUTOCRYPT_PEERS + "/*", AUTOCRYPT_PEER);
matcher.addURI(authority, KeychainExternalContract.BASE_AUTOCRYPT_PEER_STATUS, AUTOCRYPT_PEER_STATUS);
matcher.addURI(authority, KeychainExternalContract.BASE_AUTOCRYPT_PEER_STATUS + "/*", AUTOCRYPT_PEER_STATUS_INTERNAL);
// can only query status of calling app - for internal use only!
matcher.addURI(KeychainContract.CONTENT_AUTHORITY, KeychainContract.BASE_API_APPS + "/*", API_APPS_BY_PACKAGE_NAME);
@@ -114,6 +120,9 @@ public class KeychainExternalProvider extends ContentProvider implements SimpleC
final int match = mUriMatcher.match(uri);
switch (match) {
case EMAIL_STATUS:
case EMAIL_STATUS_INTERNAL:
case AUTOCRYPT_PEER_STATUS:
case AUTOCRYPT_PEER_STATUS_INTERNAL:
return EmailStatus.CONTENT_TYPE;
case API_APPS:
@@ -180,18 +189,10 @@ public class KeychainExternalProvider extends ContentProvider implements SimpleC
+ " WHEN " + Certs.VERIFIED_SECRET + " THEN " + KeychainExternalContract.KEY_STATUS_VERIFIED
+ " WHEN NULL THEN NULL"
+ " END AS " + EmailStatus.USER_ID_STATUS);
projectionMap.put(EmailStatus.AUTOCRYPT_PEER_STATE, "CASE ( MIN (certs_autocrypt_peer." + Certs.VERIFIED + " ) ) "
// remap to keep this provider contract independent from our internal representation
+ " WHEN " + Certs.VERIFIED_SELF + " THEN " + KeychainExternalContract.KEY_STATUS_UNVERIFIED
+ " WHEN " + Certs.VERIFIED_SECRET + " THEN " + KeychainExternalContract.KEY_STATUS_VERIFIED
+ " WHEN NULL THEN NULL"
+ " END AS " + EmailStatus.AUTOCRYPT_PEER_STATE);
projectionMap.put(EmailStatus.MASTER_KEY_ID,
Tables.USER_PACKETS + "." + UserPackets.MASTER_KEY_ID + " AS " + EmailStatus.MASTER_KEY_ID);
projectionMap.put(EmailStatus.USER_ID,
Tables.USER_PACKETS + "." + UserPackets.USER_ID + " AS " + EmailStatus.USER_ID);
projectionMap.put(EmailStatus.AUTOCRYPT_PEER_LAST_SEEN, Tables.API_AUTOCRYPT_PEERS + "." +
ApiAutocryptPeer.LAST_UPDATED + " AS " + EmailStatus.AUTOCRYPT_PEER_LAST_SEEN);
qb.setProjectionMap(projectionMap);
if (projection == null) {
@@ -208,6 +209,66 @@ public class KeychainExternalProvider extends ContentProvider implements SimpleC
+ Tables.USER_PACKETS + "." + UserPackets.MASTER_KEY_ID + " = certs_user_id." + Certs.MASTER_KEY_ID
+ " AND " + Tables.USER_PACKETS + "." + UserPackets.RANK + " = certs_user_id." + Certs.RANK
+ ")"
);
// in case there are multiple verifying certificates
groupBy = TEMP_TABLE_QUERIED_ADDRESSES + "." + TEMP_TABLE_COLUMN_ADDRES;
List<String> plist = Arrays.asList(projection);
if (plist.contains(EmailStatus.USER_ID)) {
groupBy += ", " + Tables.USER_PACKETS + "." + UserPackets.USER_ID;
}
if (TextUtils.isEmpty(sortOrder)) {
sortOrder = EmailStatus.EMAIL_ADDRESS;
}
// uri to watch is all /key_rings/
uri = KeyRings.CONTENT_URI;
break;
}
case AUTOCRYPT_PEER_STATUS_INTERNAL:
if (!BuildConfig.APPLICATION_ID.equals(callingPackageName)) {
throw new AccessControlException("This URI can only be called internally!");
}
// override package name to use any external
// callingPackageName = uri.getLastPathSegment();
case AUTOCRYPT_PEER_STATUS: {
boolean callerIsAllowed = (match == AUTOCRYPT_PEER_STATUS_INTERNAL) || mApiPermissionHelper.isAllowedIgnoreErrors();
if (!callerIsAllowed) {
throw new AccessControlException("An application must register before use of KeychainExternalProvider!");
}
db.execSQL("CREATE TEMPORARY TABLE " + TEMP_TABLE_QUERIED_ADDRESSES + " (" + TEMP_TABLE_COLUMN_ADDRES + " TEXT);");
ContentValues cv = new ContentValues();
for (String address : selectionArgs) {
cv.put(TEMP_TABLE_COLUMN_ADDRES, address);
db.insert(TEMP_TABLE_QUERIED_ADDRESSES, null, cv);
}
HashMap<String, String> projectionMap = new HashMap<>();
projectionMap.put(AutocryptPeerStatus._ID, "email AS _id");
projectionMap.put(AutocryptPeerStatus.EMAIL_ADDRESS, // this is actually the queried address
TEMP_TABLE_QUERIED_ADDRESSES + "." + TEMP_TABLE_COLUMN_ADDRES + " AS " + AutocryptPeerStatus.EMAIL_ADDRESS);
projectionMap.put(AutocryptPeerStatus.AUTOCRYPT_PEER_STATUS, "CASE ( MIN (certs_autocrypt_peer." + Certs.VERIFIED + " ) ) "
// remap to keep this provider contract independent from our internal representation
+ " WHEN " + Certs.VERIFIED_SELF + " THEN " + KeychainExternalContract.KEY_STATUS_UNVERIFIED
+ " WHEN " + Certs.VERIFIED_SECRET + " THEN " + KeychainExternalContract.KEY_STATUS_VERIFIED
+ " WHEN NULL THEN NULL"
+ " END AS " + AutocryptPeerStatus.AUTOCRYPT_PEER_STATUS);
projectionMap.put(AutocryptPeerStatus.MASTER_KEY_ID,
Tables.USER_PACKETS + "." + UserPackets.MASTER_KEY_ID + " AS " + AutocryptPeerStatus.MASTER_KEY_ID);
projectionMap.put(AutocryptPeerStatus.AUTOCRYPT_PEER_LAST_SEEN, Tables.API_AUTOCRYPT_PEERS + "." +
ApiAutocryptPeer.LAST_SEEN + " AS " + AutocryptPeerStatus.AUTOCRYPT_PEER_LAST_SEEN);
qb.setProjectionMap(projectionMap);
if (projection == null) {
throw new IllegalArgumentException("Please provide a projection!");
}
qb.setTables(
TEMP_TABLE_QUERIED_ADDRESSES
+ " LEFT JOIN " + Tables.API_AUTOCRYPT_PEERS + " ON ("
+ Tables.API_AUTOCRYPT_PEERS + "." + ApiAutocryptPeer.IDENTIFIER + " LIKE queried_addresses.address"
+ " AND " + Tables.API_AUTOCRYPT_PEERS + "." + ApiAutocryptPeer.PACKAGE_NAME + " = \"" + callingPackageName + "\""
@@ -219,12 +280,9 @@ public class KeychainExternalProvider extends ContentProvider implements SimpleC
// in case there are multiple verifying certificates
groupBy = TEMP_TABLE_QUERIED_ADDRESSES + "." + TEMP_TABLE_COLUMN_ADDRES;
List<String> plist = Arrays.asList(projection);
if (plist.contains(EmailStatus.USER_ID)) {
groupBy += ", " + Tables.USER_PACKETS + "." + UserPackets.USER_ID;
}
if (TextUtils.isEmpty(sortOrder)) {
sortOrder = EmailStatus.EMAIL_ADDRESS;
sortOrder = TEMP_TABLE_QUERIED_ADDRESSES + "." + TEMP_TABLE_COLUMN_ADDRES;
}
// uri to watch is all /key_rings/
@@ -246,7 +304,7 @@ public class KeychainExternalProvider extends ContentProvider implements SimpleC
projectionMap.put(ApiAutocryptPeer._ID, "oid AS " + ApiAutocryptPeer._ID);
projectionMap.put(ApiAutocryptPeer.IDENTIFIER, ApiAutocryptPeer.IDENTIFIER);
projectionMap.put(ApiAutocryptPeer.MASTER_KEY_ID, ApiAutocryptPeer.MASTER_KEY_ID);
projectionMap.put(ApiAutocryptPeer.LAST_UPDATED, ApiAutocryptPeer.LAST_UPDATED);
projectionMap.put(ApiAutocryptPeer.LAST_SEEN, ApiAutocryptPeer.LAST_SEEN);
qb.setProjectionMap(projectionMap);
qb.setTables(Tables.API_AUTOCRYPT_PEERS);
@@ -343,7 +401,7 @@ public class KeychainExternalProvider extends ContentProvider implements SimpleC
actualValues.put(ApiAutocryptPeer.PACKAGE_NAME, mApiPermissionHelper.getCurrentCallingPackage());
actualValues.put(ApiAutocryptPeer.IDENTIFIER, uri.getLastPathSegment());
actualValues.put(ApiAutocryptPeer.MASTER_KEY_ID, masterKeyId);
actualValues.put(ApiAutocryptPeer.LAST_UPDATED, new Date().getTime() / 1000);
actualValues.put(ApiAutocryptPeer.LAST_SEEN, new Date().getTime() / 1000);
SQLiteDatabase db = getDb().getWritableDatabase();
try {

142
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
View File

@@ -41,10 +41,11 @@ import android.support.annotation.NonNull;
import android.support.annotation.Nullable;
import org.bouncycastle.bcpg.ArmoredOutputStream;
import org.openintents.openpgp.AutocryptPeerUpdate;
import org.openintents.openpgp.AutocryptPeerUpdate.PreferEncrypt;
import org.openintents.openpgp.IOpenPgpService;
import org.openintents.openpgp.OpenPgpDecryptionResult;
import org.openintents.openpgp.OpenPgpError;
import org.openintents.openpgp.AutocryptPeerUpdate;
import org.openintents.openpgp.OpenPgpMetadata;
import org.openintents.openpgp.OpenPgpSignatureResult;
import org.openintents.openpgp.OpenPgpSignatureResult.AutocryptPeerResult;
@@ -68,12 +69,12 @@ import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
import org.sufficientlysecure.keychain.pgp.exception.PgpKeyNotFoundException;
import org.sufficientlysecure.keychain.provider.ApiDataAccessObject;
import org.sufficientlysecure.keychain.provider.AutocryptPeerDataAccessObject;
import org.sufficientlysecure.keychain.provider.KeyRepository;
import org.sufficientlysecure.keychain.provider.KeyWritableRepository;
import org.sufficientlysecure.keychain.provider.KeychainContract;
import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
import org.sufficientlysecure.keychain.provider.OverriddenWarningsRepository;
import org.sufficientlysecure.keychain.provider.AutocryptPeerDataAccessObject;
import org.sufficientlysecure.keychain.remote.OpenPgpServiceKeyIdExtractor.KeyIdResult;
import org.sufficientlysecure.keychain.remote.OpenPgpServiceKeyIdExtractor.KeyIdResultStatus;
import org.sufficientlysecure.keychain.service.BackupKeyringParcel;
@@ -198,7 +199,7 @@ public class OpenPgpService extends Service {
}
private Intent encryptAndSignImpl(Intent data, InputStream inputStream,
OutputStream outputStream, boolean sign) {
OutputStream outputStream, boolean sign, boolean isQueryAutocryptStatus) {
try {
boolean asciiArmor = data.getBooleanExtra(OpenPgpApi.EXTRA_REQUEST_ASCII_ARMOR, true);
String originalFilename = data.getStringExtra(OpenPgpApi.EXTRA_ORIGINAL_FILENAME);
@@ -237,11 +238,10 @@ public class OpenPgpService extends Service {
KeyIdResult keyIdResult = mKeyIdExtractor.returnKeyIdsFromIntent(data, false,
mApiPermissionHelper.getCurrentCallingPackage());
boolean isDryRun = data.getBooleanExtra(OpenPgpApi.EXTRA_DRY_RUN, false);
boolean isOpportunistic = data.getBooleanExtra(OpenPgpApi.EXTRA_OPPORTUNISTIC_ENCRYPTION, false);
KeyIdResultStatus keyIdResultStatus = keyIdResult.getStatus();
if (isDryRun) {
return getDryRunStatusResult(keyIdResult);
if (isQueryAutocryptStatus) {
return getAutocryptStatusResult(keyIdResult);
}
if (keyIdResult.hasKeySelectionPendingIntent()) {
@@ -302,32 +302,34 @@ public class OpenPgpService extends Service {
}
@NonNull
private Intent getDryRunStatusResult(KeyIdResult keyIdResult) {
private Intent getAutocryptStatusResult(KeyIdResult keyIdResult) {
Intent result = new Intent();
result.putExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_SUCCESS);
switch (keyIdResult.getStatus()) {
case MISSING: {
return createErrorResultIntent(OpenPgpError.OPPORTUNISTIC_MISSING_KEYS,
"missing keys in opportunistic mode");
result.putExtra(OpenPgpApi.RESULT_AUTOCRYPT_STATUS, OpenPgpApi.AUTOCRYPT_STATUS_UNAVAILABLE);
break;
}
case NO_KEYS:
case NO_KEYS_ERROR: {
return createErrorResultIntent(OpenPgpError.NO_USER_IDS, "empty recipient list");
result.putExtra(OpenPgpApi.RESULT_AUTOCRYPT_STATUS, OpenPgpApi.AUTOCRYPT_STATUS_UNAVAILABLE);
break;
}
case DUPLICATE: {
Intent result = new Intent();
result.putExtra(OpenPgpApi.RESULT_KEYS_CONFIRMED, false);
result.putExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_SUCCESS);
return result;
result.putExtra(OpenPgpApi.RESULT_AUTOCRYPT_STATUS, OpenPgpApi.AUTOCRYPT_STATUS_DISCOURAGE);
break;
}
case OK: {
Intent result = new Intent();
result.putExtra(OpenPgpApi.RESULT_KEYS_CONFIRMED, keyIdResult.isAllKeysConfirmed());
result.putExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_SUCCESS);
return result;
result.putExtra(OpenPgpApi.RESULT_AUTOCRYPT_STATUS, OpenPgpApi.AUTOCRYPT_STATUS_AVAILABLE);
break;
}
default: {
throw new IllegalStateException("unhandled case!");
}
}
return result;
}
private Intent decryptAndVerifyImpl(Intent data, InputStream inputStream, OutputStream outputStream,
@@ -452,35 +454,45 @@ public class OpenPgpService extends Service {
private String updateAutocryptPeerStateFromIntent(Intent data, AutocryptPeerDataAccessObject autocryptPeerDao)
throws PgpGeneralException, IOException {
String autocryptPeerId = data.getStringExtra(OpenPgpApi.EXTRA_AUTOCRYPT_PEER_ID);
AutocryptPeerUpdate inlineKeyUpdate = data.getParcelableExtra(OpenPgpApi.EXTRA_INLINE_KEY_DATA);
if (inlineKeyUpdate == null) {
AutocryptPeerUpdate autocryptPeerUpdate = data.getParcelableExtra(OpenPgpApi.EXTRA_AUTOCRYPT_PEER_UPDATE);
if (autocryptPeerUpdate == null) {
return null;
}
UncachedKeyRing uncachedKeyRing = UncachedKeyRing.decodeFromData(inlineKeyUpdate.getKeyData());
if (uncachedKeyRing.isSecret()) {
Log.e(Constants.TAG, "Found secret key in autocrypt id! - Ignoring");
return null;
}
// this will merge if the key already exists - no worries!
KeyWritableRepository.createDatabaseReadWriteInteractor(this).savePublicKeyRing(uncachedKeyRing);
long inlineMasterKeyId = uncachedKeyRing.getMasterKeyId();
Date lastUpdate = autocryptPeerDao.getLastUpdateForAutocryptPeer(autocryptPeerId);
Date updateTimestamp = inlineKeyUpdate.getTimestamp();
Long autocryptMasterKeyId = autocryptPeerDao.getMasterKeyIdForAutocryptPeer(autocryptPeerId);
if (lastUpdate != null && lastUpdate.after(updateTimestamp)) {
Log.d(Constants.TAG, "Key for autocrypt peer is newer, ignoring other");
return autocryptPeerId;
} else if (autocryptMasterKeyId == null) {
Log.d(Constants.TAG, "No binding for autocrypt peer, pinning key");
autocryptPeerDao.setMasterKeyIdForAutocryptPeer(autocryptPeerId, inlineMasterKeyId, updateTimestamp);
} else if (inlineMasterKeyId == autocryptMasterKeyId) {
Log.d(Constants.TAG, "Key id is the same - doing nothing");
Long newMasterKeyId;
if (autocryptPeerUpdate.hasKeyData()) {
UncachedKeyRing uncachedKeyRing = UncachedKeyRing.decodeFromData(autocryptPeerUpdate.getKeyData());
if (uncachedKeyRing.isSecret()) {
Log.e(Constants.TAG, "Found secret key in autocrypt id! - Ignoring");
return null;
}
// this will merge if the key already exists - no worries!
KeyWritableRepository.createDatabaseReadWriteInteractor(this).savePublicKeyRing(uncachedKeyRing);
newMasterKeyId = uncachedKeyRing.getMasterKeyId();
} else {
// TODO danger in result intent!
autocryptPeerDao.setMasterKeyIdForAutocryptPeer(autocryptPeerId, inlineMasterKeyId, updateTimestamp);
newMasterKeyId = null;
}
Date lastSeen = autocryptPeerDao.getLastSeen(autocryptPeerId);
Date effectiveDate = autocryptPeerUpdate.getEffectiveDate();
if (newMasterKeyId == null) {
if (effectiveDate.after(lastSeen)) {
autocryptPeerDao.updateToResetState(autocryptPeerId, effectiveDate);
}
return autocryptPeerId;
}
Date lastSeenKey = autocryptPeerDao.getLastSeenKey(autocryptPeerId);
if (lastSeenKey != null && effectiveDate.before(lastSeenKey)) {
return autocryptPeerId;
}
if (lastSeen == null || effectiveDate.after(lastSeen)) {
if (autocryptPeerUpdate.getPreferEncrypt() == PreferEncrypt.MUTUAL) {
autocryptPeerDao.updateToMutualState(autocryptPeerId, effectiveDate, newMasterKeyId);
} else {
autocryptPeerDao.updateToAvailableState(autocryptPeerId, effectiveDate, newMasterKeyId);
}
}
return autocryptPeerId;
@@ -748,43 +760,17 @@ public class OpenPgpService extends Service {
private Intent updateAutocryptPeerImpl(Intent data) {
try {
Intent result = new Intent();
String autocryptPeer = data.getStringExtra(OpenPgpApi.EXTRA_AUTOCRYPT_PEER_ID);
AutocryptPeerUpdate inlineKeyUpdate = data.getParcelableExtra(OpenPgpApi.EXTRA_INLINE_KEY_DATA);
if (inlineKeyUpdate == null || autocryptPeer == null) {
throw new IllegalArgumentException("need to specify both autocrypt_peer_id and inline_key_data!");
if (!data.hasExtra(OpenPgpApi.EXTRA_AUTOCRYPT_PEER_ID) ||
!data.hasExtra(OpenPgpApi.EXTRA_AUTOCRYPT_PEER_UPDATE)) {
throw new IllegalArgumentException("need to specify both autocrypt_peer_id and autocrypt_peer_update!");
}
UncachedKeyRing uncachedKeyRing = UncachedKeyRing.decodeFromData(inlineKeyUpdate.getKeyData());
long inlineMasterKeyId = uncachedKeyRing.getMasterKeyId();
// this will merge if the key already exists - no worries!
KeyWritableRepository.createDatabaseReadWriteInteractor(this).savePublicKeyRing(uncachedKeyRing);
AutocryptPeerDataAccessObject autocryptPeerentityDao = new AutocryptPeerDataAccessObject(getBaseContext(),
mApiPermissionHelper.getCurrentCallingPackage());
Date lastUpdate = autocryptPeerentityDao.getLastUpdateForAutocryptPeer(autocryptPeer);
Date updateTimestamp = inlineKeyUpdate.getTimestamp();
boolean updateIsNewerThanLastUpdate = lastUpdate == null || lastUpdate.before(updateTimestamp);
if (!updateIsNewerThanLastUpdate) {
result.putExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_SUCCESS);
return result;
}
Log.d(Constants.TAG, "Key for autocrypt peer is newer");
Long autocryptPeerMasterKeyId = autocryptPeerentityDao.getMasterKeyIdForAutocryptPeer(autocryptPeer);
if (autocryptPeerMasterKeyId == null) {
Log.d(Constants.TAG, "No binding for autocrypt peer, pinning key");
autocryptPeerentityDao.setMasterKeyIdForAutocryptPeer(autocryptPeer, inlineMasterKeyId, updateTimestamp);
} else if (inlineMasterKeyId == autocryptPeerMasterKeyId) {
Log.d(Constants.TAG, "Key id is the same - doing nothing");
} else {
// TODO danger in result intent!
autocryptPeerentityDao.setMasterKeyIdForAutocryptPeer(autocryptPeer, inlineMasterKeyId, updateTimestamp);
}
updateAutocryptPeerStateFromIntent(data, autocryptPeerentityDao);
Intent result = new Intent();
result.putExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_SUCCESS);
return result;
} catch (Exception e) {
@@ -940,11 +926,13 @@ public class OpenPgpService extends Service {
case OpenPgpApi.ACTION_DETACHED_SIGN: {
return signImpl(data, inputStream, outputStream, false);
}
case OpenPgpApi.ACTION_ENCRYPT: {
return encryptAndSignImpl(data, inputStream, outputStream, false);
case OpenPgpApi.ACTION_QUERY_AUTOCRYPT_STATUS: {
return encryptAndSignImpl(data, inputStream, outputStream, false, true);
}
case OpenPgpApi.ACTION_ENCRYPT:
case OpenPgpApi.ACTION_SIGN_AND_ENCRYPT: {
return encryptAndSignImpl(data, inputStream, outputStream, true);
boolean enableSign = action.equals(OpenPgpApi.ACTION_SIGN_AND_ENCRYPT);
return encryptAndSignImpl(data, inputStream, outputStream, enableSign, false);
}
case OpenPgpApi.ACTION_DECRYPT_VERIFY: {
return decryptAndVerifyImpl(data, inputStream, outputStream, false, progressable);

99
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpServiceKeyIdExtractor.java
View File

@@ -17,6 +17,7 @@ import android.support.annotation.VisibleForTesting;
import org.openintents.openpgp.util.OpenPgpApi;
import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.provider.KeychainExternalContract;
import org.sufficientlysecure.keychain.provider.KeychainExternalContract.AutocryptPeerStatus;
import org.sufficientlysecure.keychain.provider.KeychainExternalContract.EmailStatus;
import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
import org.sufficientlysecure.keychain.util.Log;
@@ -24,14 +25,23 @@ import org.sufficientlysecure.keychain.util.Log;
class OpenPgpServiceKeyIdExtractor {
@VisibleForTesting
static final String[] PROJECTION_KEY_SEARCH = {
"email_address",
"master_key_id",
"email_status",
static final String[] PROJECTION_MAIL_STATUS = {
EmailStatus.EMAIL_ADDRESS,
EmailStatus.MASTER_KEY_ID,
EmailStatus.USER_ID_STATUS,
};
private static final int INDEX_EMAIL_ADDRESS = 0;
private static final int INDEX_MASTER_KEY_ID = 1;
private static final int INDEX_EMAIL_STATUS = 2;
private static final int INDEX_USER_ID_STATUS = 2;
static final String[] PROJECTION_AUTOCRYPT = {
AutocryptPeerStatus.EMAIL_ADDRESS,
AutocryptPeerStatus.MASTER_KEY_ID,
AutocryptPeerStatus.AUTOCRYPT_PEER_STATUS,
};
private static final int INDEX_AUTOCRYPT_ADDRESS = 0;
private static final int INDEX_AUTOCRYPT_MASTER_KEY_ID = 1;
private static final int INDEX_AUTOCRYPT_STATUS = 2;
private final ApiPendingIntentFactory apiPendingIntentFactory;
@@ -88,6 +98,8 @@ class OpenPgpServiceKeyIdExtractor {
if (hasAddresses) {
HashMap<String, UserIdStatus> keyRows = getStatusMapForQueriedAddresses(encryptionAddresses, callingPackageName);
HashMap<String, AutocryptRecommendation> autocryptRows = getAutocryptRecommendationsForQueriedAddresses(
encryptionAddresses, callingPackageName);
boolean anyKeyNotVerified = false;
for (Entry<String, UserIdStatus> entry : keyRows.entrySet()) {
@@ -105,7 +117,8 @@ class OpenPgpServiceKeyIdExtractor {
duplicateEmails.add(queriedAddress);
}
if (!userIdStatus.verified) {
if (userIdStatus.userIdVerified != KeychainExternalContract.KEY_STATUS_VERIFIED &&
userIdStatus.autocryptPeerVerified != KeychainExternalContract.KEY_STATUS_VERIFIED) {
anyKeyNotVerified = true;
}
}
@@ -141,7 +154,7 @@ class OpenPgpServiceKeyIdExtractor {
private HashMap<String, UserIdStatus> getStatusMapForQueriedAddresses(String[] encryptionUserIds, String callingPackageName) {
HashMap<String,UserIdStatus> keyRows = new HashMap<>();
Uri queryUri = EmailStatus.CONTENT_URI.buildUpon().appendPath(callingPackageName).build();
Cursor cursor = contentResolver.query(queryUri, PROJECTION_KEY_SEARCH, null, encryptionUserIds, null);
Cursor cursor = contentResolver.query(queryUri, PROJECTION_MAIL_STATUS, null, encryptionUserIds, null);
if (cursor == null) {
throw new IllegalStateException("Internal error, received null cursor!");
}
@@ -150,21 +163,33 @@ class OpenPgpServiceKeyIdExtractor {
while (cursor.moveToNext()) {
String queryAddress = cursor.getString(INDEX_EMAIL_ADDRESS);
Long masterKeyId = cursor.isNull(INDEX_MASTER_KEY_ID) ? null : cursor.getLong(INDEX_MASTER_KEY_ID);
boolean isVerified = cursor.getInt(INDEX_EMAIL_STATUS) == KeychainExternalContract.KEY_STATUS_VERIFIED;
UserIdStatus userIdStatus = new UserIdStatus(masterKeyId, isVerified);
int userIdStatus = cursor.getInt(INDEX_USER_ID_STATUS);
AutocryptRecommendation autocryptRecommendation;
if (cursor.getInt(INDEX_AUTOCRYPT_PEER_STATUS) == KeychainExternalContract.KEY_STATUS_UNAVAILABLE) {
autocryptRecommendation = AutocryptRecommendation.UNAVAILABLE;
} else {
// TODO encourage/discourage, based on gossip/ state
autocryptRecommendation = AutocryptRecommendation.AVAILABLE;
}
UserIdStatus status = new UserIdStatus(masterKeyId, userIdStatus, autocryptRecommendation);
boolean seenBefore = keyRows.containsKey(queryAddress);
if (!seenBefore) {
keyRows.put(queryAddress, userIdStatus);
keyRows.put(queryAddress, status);
continue;
}
UserIdStatus previousUserIdStatus = keyRows.get(queryAddress);
if (previousUserIdStatus.autocryptPeerVerified != KeychainExternalContract.KEY_STATUS_UNAVAILABLE) {
continue;
}
if (previousUserIdStatus.masterKeyId == null) {
keyRows.put(queryAddress, userIdStatus);
} else if (!previousUserIdStatus.verified && userIdStatus.verified) {
keyRows.put(queryAddress, userIdStatus);
} else if (previousUserIdStatus.verified == userIdStatus.verified) {
keyRows.put(queryAddress, status);
} else if (previousUserIdStatus.userIdVerified < status.userIdVerified) {
keyRows.put(queryAddress, status);
} else if (previousUserIdStatus.userIdVerified == status.userIdVerified) {
previousUserIdStatus.hasDuplicate = true;
}
}
@@ -174,14 +199,50 @@ class OpenPgpServiceKeyIdExtractor {
return keyRows;
}
/** This method queries the KeychainExternalProvider for all addresses given in encryptionUserIds.
* It returns a map with one UserIdStatus per queried address. If multiple key candidates exist,
* the one with the highest verification status is selected. If two candidates with the same
* verification status exist, the first one is returned and marked as having a duplicate.
*/
@NonNull
private HashMap<String, AutocryptRecommendation> getAutocryptRecommendationsForQueriedAddresses(
String[] encryptionUserIds, String callingPackageName) {
Uri queryUri = AutocryptPeerStatus.CONTENT_URI.buildUpon().appendPath(callingPackageName).build();
Cursor cursor = contentResolver.query(queryUri, PROJECTION_AUTOCRYPT, null, encryptionUserIds, null);
if (cursor == null) {
throw new IllegalStateException("Internal error, received null cursor!");
}
try {
HashMap<String,UserIdStatus> keyRows = new HashMap<>();
while (cursor.moveToNext()) {
String queryAddress = cursor.getString(INDEX_AUTOCRYPT_ADDRESS);
Long masterKeyId = cursor.isNull(INDEX_AUTOCRYPT_MASTER_KEY_ID) ?
null : cursor.getLong(INDEX_AUTOCRYPT_MASTER_KEY_ID);
int autocryptStatus = cursor.getInt(INDEX_AUTOCRYPT_STATUS);
AutocryptRecommendation autocryptRecommendation;
if (cursor.getInt(INDEX_AUTOCRYPT_STATUS) == KeychainExternalContract.KEY_STATUS_UNAVAILABLE) {
autocryptRecommendation = AutocryptRecommendation.UNAVAILABLE;
} else {
// TODO encourage/discourage, based on gossip/ state
autocryptRecommendation = AutocryptRecommendation.AVAILABLE;
}
}
} finally {
cursor.close();
}
return keyRows;
}
private static class UserIdStatus {
private final Long masterKeyId;
private final boolean verified;
private final int userIdVerified;
private boolean hasDuplicate;
UserIdStatus(Long masterKeyId, boolean verified) {
UserIdStatus(Long masterKeyId, int userIdVerified) {
this.masterKeyId = masterKeyId;
this.verified = verified;
this.userIdVerified = userIdVerified;
}
}
@@ -256,6 +317,10 @@ class OpenPgpServiceKeyIdExtractor {
}
}
enum AutocryptRecommendation {
UNAVAILABLE, DISCOURAGE, AVAILABLE, MUTUAL
}
enum KeyIdResultStatus {
OK, MISSING, DUPLICATE, NO_KEYS, NO_KEYS_ERROR
}