cthrace/open-keychain
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

trust id -> autocrypt peer

Browse Source
This commit is contained in:
Vincent Breitmoser
2017-06-13 18:33:21 +02:00
parent 4e4912bd6d
commit 1e620e01aa
11 changed files with 193 additions and 199 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/KeychainExternalProvider.java
View File

@@ -47,7 +47,7 @@ import org.sufficientlysecure.keychain.provider.KeychainContract.UserPackets;
import org.sufficientlysecure.keychain.provider.KeychainDatabase;
import org.sufficientlysecure.keychain.provider.KeychainDatabase.Tables;
import org.sufficientlysecure.keychain.provider.KeychainExternalContract;
import org.sufficientlysecure.keychain.provider.KeychainExternalContract.ApiTrustIdentity;
import org.sufficientlysecure.keychain.provider.KeychainExternalContract.ApiAutocryptPeer;
import org.sufficientlysecure.keychain.provider.KeychainExternalContract.EmailStatus;
import org.sufficientlysecure.keychain.provider.SimpleContentResolverInterface;
import org.sufficientlysecure.keychain.util.Log;
@@ -55,7 +55,7 @@ import org.sufficientlysecure.keychain.util.Log;
public class KeychainExternalProvider extends ContentProvider implements SimpleContentResolverInterface {
private static final int EMAIL_STATUS = 101;
private static final int EMAIL_STATUS_INTERNAL = 102;
private static final int TRUST_IDENTITY = 201;
private static final int AUTOCRYPT_PEER = 201;
private static final int API_APPS = 301;
private static final int API_APPS_BY_PACKAGE_NAME = 302;
@@ -86,7 +86,7 @@ public class KeychainExternalProvider extends ContentProvider implements SimpleC
matcher.addURI(authority, KeychainExternalContract.BASE_EMAIL_STATUS, EMAIL_STATUS);
matcher.addURI(authority, KeychainExternalContract.BASE_EMAIL_STATUS + "/*", EMAIL_STATUS_INTERNAL);
matcher.addURI(authority, KeychainExternalContract.BASE_TRUST_IDENTITIES + "/*", TRUST_IDENTITY);
matcher.addURI(authority, KeychainExternalContract.BASE_AUTOCRYPT_PEERS + "/*", AUTOCRYPT_PEER);
// can only query status of calling app - for internal use only!
matcher.addURI(KeychainContract.CONTENT_AUTHORITY, KeychainContract.BASE_API_APPS + "/*", API_APPS_BY_PACKAGE_NAME);
@@ -180,18 +180,18 @@ public class KeychainExternalProvider extends ContentProvider implements SimpleC
+ " WHEN " + Certs.VERIFIED_SECRET + " THEN " + KeychainExternalContract.KEY_STATUS_VERIFIED
+ " WHEN NULL THEN NULL"
+ " END AS " + EmailStatus.USER_ID_STATUS);
projectionMap.put(EmailStatus.TRUST_ID_STATUS, "CASE ( MIN (certs_trust_id." + Certs.VERIFIED + " ) ) "
projectionMap.put(EmailStatus.AUTOCRYPT_PEER_STATE, "CASE ( MIN (certs_autocrypt_peer." + Certs.VERIFIED + " ) ) "
// remap to keep this provider contract independent from our internal representation
+ " WHEN " + Certs.VERIFIED_SELF + " THEN " + KeychainExternalContract.KEY_STATUS_UNVERIFIED
+ " WHEN " + Certs.VERIFIED_SECRET + " THEN " + KeychainExternalContract.KEY_STATUS_VERIFIED
+ " WHEN NULL THEN NULL"
+ " END AS " + EmailStatus.TRUST_ID_STATUS);
+ " END AS " + EmailStatus.AUTOCRYPT_PEER_STATE);
projectionMap.put(EmailStatus.MASTER_KEY_ID,
Tables.USER_PACKETS + "." + UserPackets.MASTER_KEY_ID + " AS " + EmailStatus.MASTER_KEY_ID);
projectionMap.put(EmailStatus.USER_ID,
Tables.USER_PACKETS + "." + UserPackets.USER_ID + " AS " + EmailStatus.USER_ID);
projectionMap.put(EmailStatus.TRUST_ID_LAST_UPDATE, Tables.API_TRUST_IDENTITIES + "." +
ApiTrustIdentity.LAST_UPDATED + " AS " + EmailStatus.TRUST_ID_LAST_UPDATE);
projectionMap.put(EmailStatus.AUTOCRYPT_PEER_LAST_SEEN, Tables.API_AUTOCRYPT_PEERS + "." +
ApiAutocryptPeer.LAST_UPDATED + " AS " + EmailStatus.AUTOCRYPT_PEER_LAST_SEEN);
qb.setProjectionMap(projectionMap);
if (projection == null) {
@@ -208,12 +208,12 @@ public class KeychainExternalProvider extends ContentProvider implements SimpleC
+ Tables.USER_PACKETS + "." + UserPackets.MASTER_KEY_ID + " = certs_user_id." + Certs.MASTER_KEY_ID
+ " AND " + Tables.USER_PACKETS + "." + UserPackets.RANK + " = certs_user_id." + Certs.RANK
+ ")"
+ " LEFT JOIN " + Tables.API_TRUST_IDENTITIES + " ON ("
+ Tables.API_TRUST_IDENTITIES + "." + ApiTrustIdentity.IDENTIFIER + " LIKE queried_addresses.address"
+ " AND " + Tables.API_TRUST_IDENTITIES + "." + ApiTrustIdentity.PACKAGE_NAME + " = \"" + callingPackageName + "\""
+ " LEFT JOIN " + Tables.API_AUTOCRYPT_PEERS + " ON ("
+ Tables.API_AUTOCRYPT_PEERS + "." + ApiAutocryptPeer.IDENTIFIER + " LIKE queried_addresses.address"
+ " AND " + Tables.API_AUTOCRYPT_PEERS + "." + ApiAutocryptPeer.PACKAGE_NAME + " = \"" + callingPackageName + "\""
+ ")"
+ " LEFT JOIN " + Tables.CERTS + " AS certs_trust_id ON ("
+ Tables.API_TRUST_IDENTITIES + "." + ApiTrustIdentity.MASTER_KEY_ID + " = certs_trust_id." + Certs.MASTER_KEY_ID
+ " LEFT JOIN " + Tables.CERTS + " AS certs_autocrypt_peer ON ("
+ Tables.API_AUTOCRYPT_PEERS + "." + ApiAutocryptPeer.MASTER_KEY_ID + " = certs_autocrypt_peer." + Certs.MASTER_KEY_ID
+ ")"
);
// in case there are multiple verifying certificates
@@ -232,7 +232,7 @@ public class KeychainExternalProvider extends ContentProvider implements SimpleC
break;
}
case TRUST_IDENTITY: {
case AUTOCRYPT_PEER: {
boolean callerIsAllowed = mApiPermissionHelper.isAllowedIgnoreErrors();
if (!callerIsAllowed) {
throw new AccessControlException("An application must register before use of KeychainExternalProvider!");
@@ -243,19 +243,19 @@ public class KeychainExternalProvider extends ContentProvider implements SimpleC
}
HashMap<String, String> projectionMap = new HashMap<>();
projectionMap.put(ApiTrustIdentity._ID, "oid AS " + ApiTrustIdentity._ID);
projectionMap.put(ApiTrustIdentity.IDENTIFIER, ApiTrustIdentity.IDENTIFIER);
projectionMap.put(ApiTrustIdentity.MASTER_KEY_ID, ApiTrustIdentity.MASTER_KEY_ID);
projectionMap.put(ApiTrustIdentity.LAST_UPDATED, ApiTrustIdentity.LAST_UPDATED);
projectionMap.put(ApiAutocryptPeer._ID, "oid AS " + ApiAutocryptPeer._ID);
projectionMap.put(ApiAutocryptPeer.IDENTIFIER, ApiAutocryptPeer.IDENTIFIER);
projectionMap.put(ApiAutocryptPeer.MASTER_KEY_ID, ApiAutocryptPeer.MASTER_KEY_ID);
projectionMap.put(ApiAutocryptPeer.LAST_UPDATED, ApiAutocryptPeer.LAST_UPDATED);
qb.setProjectionMap(projectionMap);
qb.setTables(Tables.API_TRUST_IDENTITIES);
qb.setTables(Tables.API_AUTOCRYPT_PEERS);
// allow access to columns of the calling package exclusively!
qb.appendWhere(Tables.API_TRUST_IDENTITIES + "." + ApiTrustIdentity.PACKAGE_NAME +
qb.appendWhere(Tables.API_AUTOCRYPT_PEERS + "." + ApiAutocryptPeer.PACKAGE_NAME +
" = " + mApiPermissionHelper.getCurrentCallingPackage());
qb.appendWhere(Tables.API_TRUST_IDENTITIES + "." + ApiTrustIdentity.IDENTIFIER + " = ");
qb.appendWhere(Tables.API_AUTOCRYPT_PEERS + "." + ApiAutocryptPeer.IDENTIFIER + " = ");
qb.appendWhereEscapeString(uri.getLastPathSegment());
break;
@@ -325,7 +325,7 @@ public class KeychainExternalProvider extends ContentProvider implements SimpleC
Log.v(Constants.TAG, "insert(uri=" + uri + ")");
int match = mUriMatcher.match(uri);
if (match != TRUST_IDENTITY) {
if (match != AUTOCRYPT_PEER) {
throw new UnsupportedOperationException();
}
@@ -334,20 +334,20 @@ public class KeychainExternalProvider extends ContentProvider implements SimpleC
throw new AccessControlException("An application must register before use of KeychainExternalProvider!");
}
Long masterKeyId = values.getAsLong(ApiTrustIdentity.MASTER_KEY_ID);
Long masterKeyId = values.getAsLong(ApiAutocryptPeer.MASTER_KEY_ID);
if (masterKeyId == null) {
throw new IllegalArgumentException("master_key_id must be a non-null value!");
}
ContentValues actualValues = new ContentValues();
actualValues.put(ApiTrustIdentity.PACKAGE_NAME, mApiPermissionHelper.getCurrentCallingPackage());
actualValues.put(ApiTrustIdentity.IDENTIFIER, uri.getLastPathSegment());
actualValues.put(ApiTrustIdentity.MASTER_KEY_ID, masterKeyId);
actualValues.put(ApiTrustIdentity.LAST_UPDATED, new Date().getTime() / 1000);
actualValues.put(ApiAutocryptPeer.PACKAGE_NAME, mApiPermissionHelper.getCurrentCallingPackage());
actualValues.put(ApiAutocryptPeer.IDENTIFIER, uri.getLastPathSegment());
actualValues.put(ApiAutocryptPeer.MASTER_KEY_ID, masterKeyId);
actualValues.put(ApiAutocryptPeer.LAST_UPDATED, new Date().getTime() / 1000);
SQLiteDatabase db = getDb().getWritableDatabase();
try {
db.insert(Tables.API_TRUST_IDENTITIES, null, actualValues);
db.insert(Tables.API_AUTOCRYPT_PEERS, null, actualValues);
return uri;
} finally {
db.close();
@@ -359,7 +359,7 @@ public class KeychainExternalProvider extends ContentProvider implements SimpleC
Log.v(Constants.TAG, "delete(uri=" + uri + ")");
int match = mUriMatcher.match(uri);
if (match != TRUST_IDENTITY || selection != null || selectionArgs != null) {
if (match != AUTOCRYPT_PEER || selection != null || selectionArgs != null) {
throw new UnsupportedOperationException();
}
@@ -368,7 +368,7 @@ public class KeychainExternalProvider extends ContentProvider implements SimpleC
throw new AccessControlException("An application must register before use of KeychainExternalProvider!");
}
String actualSelection = ApiTrustIdentity.PACKAGE_NAME + " = ? AND " + ApiTrustIdentity.IDENTIFIER + " = ?";
String actualSelection = ApiAutocryptPeer.PACKAGE_NAME + " = ? AND " + ApiAutocryptPeer.IDENTIFIER + " = ?";
String[] actualSelectionArgs = new String[] {
mApiPermissionHelper.getCurrentCallingPackage(),
uri.getLastPathSegment()
@@ -376,7 +376,7 @@ public class KeychainExternalProvider extends ContentProvider implements SimpleC
SQLiteDatabase db = getDb().getWritableDatabase();
try {
return db.delete(Tables.API_TRUST_IDENTITIES, actualSelection, actualSelectionArgs);
return db.delete(Tables.API_AUTOCRYPT_PEERS, actualSelection, actualSelectionArgs);
} finally {
db.close();
}

104
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
View File

@@ -44,10 +44,10 @@ import org.bouncycastle.bcpg.ArmoredOutputStream;
import org.openintents.openpgp.IOpenPgpService;
import org.openintents.openpgp.OpenPgpDecryptionResult;
import org.openintents.openpgp.OpenPgpError;
import org.openintents.openpgp.OpenPgpInlineKeyUpdate;
import org.openintents.openpgp.AutocryptPeerUpdate;
import org.openintents.openpgp.OpenPgpMetadata;
import org.openintents.openpgp.OpenPgpSignatureResult;
import org.openintents.openpgp.OpenPgpSignatureResult.TrustIdentityResult;
import org.openintents.openpgp.OpenPgpSignatureResult.AutocryptPeerResult;
import org.openintents.openpgp.util.OpenPgpApi;
import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.operations.BackupOperation;
@@ -73,7 +73,7 @@ import org.sufficientlysecure.keychain.provider.KeyWritableRepository;
import org.sufficientlysecure.keychain.provider.KeychainContract;
import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
import org.sufficientlysecure.keychain.provider.OverriddenWarningsRepository;
import org.sufficientlysecure.keychain.provider.TrustIdentityDataAccessObject;
import org.sufficientlysecure.keychain.provider.AutocryptPeerDataAccessObject;
import org.sufficientlysecure.keychain.remote.OpenPgpServiceKeyIdExtractor.KeyIdResult;
import org.sufficientlysecure.keychain.remote.OpenPgpServiceKeyIdExtractor.KeyIdResultStatus;
import org.sufficientlysecure.keychain.service.BackupKeyringParcel;
@@ -88,7 +88,7 @@ public class OpenPgpService extends Service {
public static final int API_VERSION_WITHOUT_SIGNATURE_ONLY_FLAG = 8;
public static final int API_VERSION_WITH_DECRYPTION_RESULT = 8;
public static final int API_VERSION_WITH_RESULT_NO_SIGNATURE = 8;
public static final int API_VERSION_WITH_TRUST_IDENTITIES = 12;
public static final int API_VERSION_WITH_AUTOCRYPT = 12;
public static final List<Integer> SUPPORTED_VERSIONS =
Collections.unmodifiableList(Arrays.asList(7, 8, 9, 10, 11, 12));
@@ -360,9 +360,9 @@ public class OpenPgpService extends Service {
byte[] detachedSignature = data.getByteArrayExtra(OpenPgpApi.EXTRA_DETACHED_SIGNATURE);
String senderAddress = data.getStringExtra(OpenPgpApi.EXTRA_SENDER_ADDRESS);
TrustIdentityDataAccessObject trustIdentityDao = new TrustIdentityDataAccessObject(
AutocryptPeerDataAccessObject autocryptPeerentityDao = new AutocryptPeerDataAccessObject(
getBaseContext(), mApiPermissionHelper.getCurrentCallingPackage());
String senderTrustId = updateTrustIdStateFromIntent(data, trustIdentityDao);
updateAutocryptPeerStateFromIntent(data, autocryptPeerentityDao);
PgpDecryptVerifyOperation op = new PgpDecryptVerifyOperation(this, mKeyRepository, progressable);
@@ -449,41 +449,41 @@ public class OpenPgpService extends Service {
mApiPendingIntentFactory.createSecurityProblemIntent(packageName, securityProblem, supportOverride));
}
private String updateTrustIdStateFromIntent(Intent data, TrustIdentityDataAccessObject trustIdentityDao)
private String updateAutocryptPeerStateFromIntent(Intent data, AutocryptPeerDataAccessObject autocryptPeerDao)
throws PgpGeneralException, IOException {
String trustId = data.getStringExtra(OpenPgpApi.EXTRA_TRUST_IDENTITY);
OpenPgpInlineKeyUpdate inlineKeyUpdate = data.getParcelableExtra(OpenPgpApi.EXTRA_INLINE_KEY_DATA);
String autocryptPeerId = data.getStringExtra(OpenPgpApi.EXTRA_AUTOCRYPT_PEER_ID);
AutocryptPeerUpdate inlineKeyUpdate = data.getParcelableExtra(OpenPgpApi.EXTRA_INLINE_KEY_DATA);
if (inlineKeyUpdate == null) {
return null;
}
UncachedKeyRing uncachedKeyRing = UncachedKeyRing.decodeFromData(inlineKeyUpdate.getKeyData());
if (uncachedKeyRing.isSecret()) {
Log.e(Constants.TAG, "Found secret key in trust id! - Ignoring");
Log.e(Constants.TAG, "Found secret key in autocrypt id! - Ignoring");
return null;
}
// this will merge if the key already exists - no worries!
KeyWritableRepository.createDatabaseReadWriteInteractor(this).savePublicKeyRing(uncachedKeyRing);
long inlineMasterKeyId = uncachedKeyRing.getMasterKeyId();
Date lastUpdate = trustIdentityDao.getLastUpdateForTrustId(trustId);
Date lastUpdate = autocryptPeerDao.getLastUpdateForAutocryptPeer(autocryptPeerId);
Date updateTimestamp = inlineKeyUpdate.getTimestamp();
Long trustedMasterKeyId = trustIdentityDao.getMasterKeyIdForTrustId(trustId);
Long autocryptMasterKeyId = autocryptPeerDao.getMasterKeyIdForAutocryptPeer(autocryptPeerId);
if (lastUpdate != null && lastUpdate.after(updateTimestamp)) {
Log.d(Constants.TAG, "Key for trust id is newer, ignoring other");
return trustId;
} else if (trustedMasterKeyId == null) {
Log.d(Constants.TAG, "No binding for trust id, pinning key");
trustIdentityDao.setMasterKeyIdForTrustId(trustId, inlineMasterKeyId, updateTimestamp);
} else if (inlineMasterKeyId == trustedMasterKeyId) {
Log.d(Constants.TAG, "Key for autocrypt peer is newer, ignoring other");
return autocryptPeerId;
} else if (autocryptMasterKeyId == null) {
Log.d(Constants.TAG, "No binding for autocrypt peer, pinning key");
autocryptPeerDao.setMasterKeyIdForAutocryptPeer(autocryptPeerId, inlineMasterKeyId, updateTimestamp);
} else if (inlineMasterKeyId == autocryptMasterKeyId) {
Log.d(Constants.TAG, "Key id is the same - doing nothing");
} else {
// TODO danger in result intent!
trustIdentityDao.setMasterKeyIdForTrustId(trustId, inlineMasterKeyId, updateTimestamp);
autocryptPeerDao.setMasterKeyIdForAutocryptPeer(autocryptPeerId, inlineMasterKeyId, updateTimestamp);
}
return trustId;
return autocryptPeerId;
}
private void processDecryptionResultForResultIntent(int targetApiVersion, Intent result,
@@ -568,19 +568,19 @@ public class OpenPgpService extends Service {
}
}
String trustIdentity = data.getStringExtra(OpenPgpApi.EXTRA_TRUST_IDENTITY);
if (trustIdentity != null) {
if (targetApiVersion < API_VERSION_WITH_TRUST_IDENTITIES) {
throw new IllegalStateException("API version conflict, trust identities are supported v12 and up!");
String autocryptPeerentity = data.getStringExtra(OpenPgpApi.EXTRA_AUTOCRYPT_PEER_ID);
if (autocryptPeerentity != null) {
if (targetApiVersion < API_VERSION_WITH_AUTOCRYPT) {
throw new IllegalStateException("API version conflict, autocrypt is supported v12 and up!");
}
signatureResult = processTrustIdentityInfoToSignatureResult(signatureResult, trustIdentity);
signatureResult = processAutocryptPeerInfoToSignatureResult(signatureResult, autocryptPeerentity);
}
result.putExtra(OpenPgpApi.RESULT_SIGNATURE, signatureResult);
}
private OpenPgpSignatureResult processTrustIdentityInfoToSignatureResult(OpenPgpSignatureResult signatureResult,
String trustIdentity) {
private OpenPgpSignatureResult processAutocryptPeerInfoToSignatureResult(OpenPgpSignatureResult signatureResult,
String autocryptPeerentity) {
boolean hasValidSignature =
signatureResult.getResult() == OpenPgpSignatureResult.RESULT_VALID_KEY_CONFIRMED ||
signatureResult.getResult() == OpenPgpSignatureResult.RESULT_VALID_KEY_UNCONFIRMED;
@@ -588,18 +588,18 @@ public class OpenPgpService extends Service {
return signatureResult;
}
TrustIdentityDataAccessObject trustIdentityDao = new TrustIdentityDataAccessObject(getBaseContext(),
AutocryptPeerDataAccessObject autocryptPeerentityDao = new AutocryptPeerDataAccessObject(getBaseContext(),
mApiPermissionHelper.getCurrentCallingPackage());
Long tofuTrustedMasterKeyId = trustIdentityDao.getMasterKeyIdForTrustId(trustIdentity);
Long autocryptPeerMasterKeyId = autocryptPeerentityDao.getMasterKeyIdForAutocryptPeer(autocryptPeerentity);
long masterKeyId = signatureResult.getKeyId();
if (tofuTrustedMasterKeyId == null) {
trustIdentityDao.setMasterKeyIdForTrustId(trustIdentity, masterKeyId, new Date());
return signatureResult.withTrustIdentityResult(TrustIdentityResult.NEW);
} else if (masterKeyId == tofuTrustedMasterKeyId) {
return signatureResult.withTrustIdentityResult(TrustIdentityResult.OK);
if (autocryptPeerMasterKeyId == null) {
autocryptPeerentityDao.setMasterKeyIdForAutocryptPeer(autocryptPeerentity, masterKeyId, new Date());
return signatureResult.withAutocryptPeerResult(AutocryptPeerResult.NEW);
} else if (masterKeyId == autocryptPeerMasterKeyId) {
return signatureResult.withAutocryptPeerResult(AutocryptPeerResult.OK);
} else {
return signatureResult.withTrustIdentityResult(TrustIdentityResult.MISMATCH);
return signatureResult.withAutocryptPeerResult(AutocryptPeerResult.MISMATCH);
}
}
@@ -746,14 +746,14 @@ public class OpenPgpService extends Service {
}
}
private Intent updateTrustIdKeyImpl(Intent data) {
private Intent updateAutocryptPeerImpl(Intent data) {
try {
Intent result = new Intent();
String trustId = data.getStringExtra(OpenPgpApi.EXTRA_TRUST_IDENTITY);
OpenPgpInlineKeyUpdate inlineKeyUpdate = data.getParcelableExtra(OpenPgpApi.EXTRA_INLINE_KEY_DATA);
if (inlineKeyUpdate == null || trustId == null) {
throw new IllegalArgumentException("need to specify both trust_id and inline_key_data!");
String autocryptPeer = data.getStringExtra(OpenPgpApi.EXTRA_AUTOCRYPT_PEER_ID);
AutocryptPeerUpdate inlineKeyUpdate = data.getParcelableExtra(OpenPgpApi.EXTRA_INLINE_KEY_DATA);
if (inlineKeyUpdate == null || autocryptPeer == null) {
throw new IllegalArgumentException("need to specify both autocrypt_peer_id and inline_key_data!");
}
UncachedKeyRing uncachedKeyRing = UncachedKeyRing.decodeFromData(inlineKeyUpdate.getKeyData());
@@ -761,10 +761,10 @@ public class OpenPgpService extends Service {
// this will merge if the key already exists - no worries!
KeyWritableRepository.createDatabaseReadWriteInteractor(this).savePublicKeyRing(uncachedKeyRing);
TrustIdentityDataAccessObject trustIdentityDao = new TrustIdentityDataAccessObject(getBaseContext(),
AutocryptPeerDataAccessObject autocryptPeerentityDao = new AutocryptPeerDataAccessObject(getBaseContext(),
mApiPermissionHelper.getCurrentCallingPackage());
Date lastUpdate = trustIdentityDao.getLastUpdateForTrustId(trustId);
Date lastUpdate = autocryptPeerentityDao.getLastUpdateForAutocryptPeer(autocryptPeer);
Date updateTimestamp = inlineKeyUpdate.getTimestamp();
boolean updateIsNewerThanLastUpdate = lastUpdate == null || lastUpdate.before(updateTimestamp);
@@ -772,23 +772,23 @@ public class OpenPgpService extends Service {
result.putExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_SUCCESS);
return result;
}
Log.d(Constants.TAG, "Key for trust id is newer");
Log.d(Constants.TAG, "Key for autocrypt peer is newer");
Long trustedMasterKeyId = trustIdentityDao.getMasterKeyIdForTrustId(trustId);
if (trustedMasterKeyId == null) {
Log.d(Constants.TAG, "No binding for trust id, pinning key");
trustIdentityDao.setMasterKeyIdForTrustId(trustId, inlineMasterKeyId, updateTimestamp);
} else if (inlineMasterKeyId == trustedMasterKeyId) {
Long autocryptPeerMasterKeyId = autocryptPeerentityDao.getMasterKeyIdForAutocryptPeer(autocryptPeer);
if (autocryptPeerMasterKeyId == null) {
Log.d(Constants.TAG, "No binding for autocrypt peer, pinning key");
autocryptPeerentityDao.setMasterKeyIdForAutocryptPeer(autocryptPeer, inlineMasterKeyId, updateTimestamp);
} else if (inlineMasterKeyId == autocryptPeerMasterKeyId) {
Log.d(Constants.TAG, "Key id is the same - doing nothing");
} else {
// TODO danger in result intent!
trustIdentityDao.setMasterKeyIdForTrustId(trustId, inlineMasterKeyId, updateTimestamp);
autocryptPeerentityDao.setMasterKeyIdForAutocryptPeer(autocryptPeer, inlineMasterKeyId, updateTimestamp);
}
result.putExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_SUCCESS);
return result;
} catch (Exception e) {
Log.d(Constants.TAG, "exception in updateTrustIdKeyImpl", e);
Log.d(Constants.TAG, "exception in updateAutocryptPeerImpl", e);
return createErrorResultIntent(OpenPgpError.GENERIC_ERROR, e.getMessage());
}
}
@@ -964,8 +964,8 @@ public class OpenPgpService extends Service {
case OpenPgpApi.ACTION_BACKUP: {
return backupImpl(data, outputStream);
}
case OpenPgpApi.ACTION_UPDATE_TRUST_ID: {
return updateTrustIdKeyImpl(data);
case OpenPgpApi.ACTION_UPDATE_AUTOCRYPT_PEER: {
return updateAutocryptPeerImpl(data);
}
default: {
return null;