From 3700432bd2863deacb97615201fa732a572364f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= Date: Tue, 20 Feb 2018 15:45:19 +0100 Subject: [PATCH 1/2] Use keyserver.ubuntu.com as new default --- .../src/main/assets/DigiCertGlobalRootCA.cer | 22 +++++++++++++++++++ .../keychain/Constants.java | 4 ++-- .../keychain/KeychainApplication.java | 1 + .../keychain/util/Preferences.java | 21 +++++++++++++++++- 4 files changed, 45 insertions(+), 3 deletions(-) create mode 100644 OpenKeychain/src/main/assets/DigiCertGlobalRootCA.cer diff --git a/OpenKeychain/src/main/assets/DigiCertGlobalRootCA.cer b/OpenKeychain/src/main/assets/DigiCertGlobalRootCA.cer new file mode 100644 index 000000000..342ecfe41 --- /dev/null +++ b/OpenKeychain/src/main/assets/DigiCertGlobalRootCA.cer @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD +QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT +MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j +b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB +CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97 +nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt +43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P +T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4 +gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO +BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR +TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw +DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr +hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg +06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF +PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls +YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk +CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4= +-----END CERTIFICATE----- diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/Constants.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/Constants.java index 9e59b4373..745543924 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/Constants.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/Constants.java @@ -174,8 +174,8 @@ public final class Constants { } public static final class Defaults { - public static final String KEY_SERVERS = "hkps://hkps.pool.sks-keyservers.net, hkps://pgp.mit.edu"; - public static final int PREF_CURRENT_VERSION = 8; + public static final String KEY_SERVERS = "hkps://keyserver.ubuntu.com,hkps://hkps.pool.sks-keyservers.net;hkp://jirk5u4osbsr34t5.onion,hkps://pgp.mit.edu"; + public static final int PREF_CURRENT_VERSION = 9; } public static final class key { diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/KeychainApplication.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/KeychainApplication.java index 8327ec0a5..4480449e6 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/KeychainApplication.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/KeychainApplication.java @@ -113,6 +113,7 @@ public class KeychainApplication extends Application { TlsCertificatePinning.addPinnedCertificate("hkps.pool.sks-keyservers.net", getAssets(), "hkps.pool.sks-keyservers.net.CA.cer"); TlsCertificatePinning.addPinnedCertificate("pgp.mit.edu", getAssets(), "pgp.mit.edu.cer"); TlsCertificatePinning.addPinnedCertificate("api.keybase.io", getAssets(), "api.keybase.io.CA.cer"); + TlsCertificatePinning.addPinnedCertificate("keyserver.ubuntu.com", getAssets(), "DigiCertGlobalRootCA.cer"); TemporaryFileProvider.cleanUp(this); } diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/Preferences.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/Preferences.java index d435864c5..e8da39920 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/Preferences.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/Preferences.java @@ -37,6 +37,7 @@ import org.sufficientlysecure.keychain.Constants.Pref; import org.sufficientlysecure.keychain.KeychainApplication; import org.sufficientlysecure.keychain.keyimport.HkpKeyserverAddress; import org.sufficientlysecure.keychain.service.KeyserverSyncAdapterService; + import timber.log.Timber; @@ -424,11 +425,12 @@ public class Preferences { } public void upgradePreferences(Context context) { - Timber.d("Upgrading preferences…"); int oldVersion = mSharedPreferences.getInt(Constants.Pref.PREF_VERSION, 0); boolean requiresUpgrade = oldVersion < Constants.Defaults.PREF_CURRENT_VERSION; if (requiresUpgrade) { + Timber.d("Upgrading preferences from %s to %s…", oldVersion, Constants.Defaults.PREF_CURRENT_VERSION); + switch (oldVersion) { case 1: // fall through @@ -494,6 +496,9 @@ public class Preferences { } setKeyServers(servers); } + case 8: { + replaceDefaultKeyserverWithUbuntu(); + } } // write new preference version @@ -503,6 +508,20 @@ public class Preferences { } } + private void replaceDefaultKeyserverWithUbuntu() { + ArrayList servers = getKeyServers(); + boolean oldDefaults = "hkps://hkps.pool.sks-keyservers.net".equalsIgnoreCase(servers.get(0).getUrl()) || + "hkps://pgp.mit.edu".equalsIgnoreCase(servers.get(0).getUrl()); + + HkpKeyserverAddress ubuntuKeyserver = HkpKeyserverAddress.createFromUri("hkps://keyserver.ubuntu.com"); + if (oldDefaults) { + servers.add(0, ubuntuKeyserver); + } else if (!servers.contains(ubuntuKeyserver)){ + servers.add(ubuntuKeyserver); + } + setKeyServers(servers); + } + public void clear() { mSharedPreferences.edit().clear().commit(); } From 7eaabdaac115cc555064f6bb61749df54ca0ced5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= Date: Tue, 20 Feb 2018 16:43:11 +0100 Subject: [PATCH 2/2] Refactor preference upgrade --- .../keychain/util/Preferences.java | 105 +++++++++--------- 1 file changed, 52 insertions(+), 53 deletions(-) diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/Preferences.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/Preferences.java index e8da39920..c5ad1ba26 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/Preferences.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/Preferences.java @@ -433,68 +433,19 @@ public class Preferences { switch (oldVersion) { case 1: - // fall through case 2: - // fall through case 3: { - // migrate keyserver to hkps - ArrayList servers = getKeyServers(); - ListIterator it = servers.listIterator(); - while (it.hasNext()) { - HkpKeyserverAddress server = it.next(); - if (server == null) { - continue; - } - switch (server.getUrl()) { - case "pool.sks-keyservers.net": { - // use HKPS! - it.set(HkpKeyserverAddress.createFromUri("hkps://hkps.pool.sks-keyservers.net")); - break; - } - case "pgp.mit.edu": { - // use HKPS! - it.set(HkpKeyserverAddress.createFromUri("hkps://pgp.mit.edu")); - break; - } - case "subkeys.pgp.net": { - // remove, because often down and no HKPS! - it.remove(); - break; - } - } - - } - setKeyServers(servers); + migrateToHkps(); } - // fall through case 4: { setTheme(Constants.Pref.Theme.DEFAULT); } - // fall through case 5: { KeyserverSyncAdapterService.enableKeyserverSync(context); } - // fall through - case 6: { - } - // fall through + case 6: case 7: { - // add onion address to sks-keyservers.net - ArrayList servers = getKeyServers(); - ListIterator it = servers.listIterator(); - while (it.hasNext()) { - HkpKeyserverAddress server = it.next(); - if (server == null) { - continue; - } - if ("hkps://hkps.pool.sks-keyservers.net".equals(server.getUrl())) { - it.set(HkpKeyserverAddress.createWithOnionProxy( - "hkps://hkps.pool.sks-keyservers.net", - "hkp://jirk5u4osbsr34t5.onion")); - } - - } - setKeyServers(servers); + addOnionToSks(); } case 8: { replaceDefaultKeyserverWithUbuntu(); @@ -508,6 +459,54 @@ public class Preferences { } } + private void migrateToHkps() { + ArrayList servers = getKeyServers(); + ListIterator it = servers.listIterator(); + while (it.hasNext()) { + HkpKeyserverAddress server = it.next(); + if (server == null) { + continue; + } + switch (server.getUrl()) { + case "pool.sks-keyservers.net": { + // use HKPS! + it.set(HkpKeyserverAddress.createFromUri("hkps://hkps.pool.sks-keyservers.net")); + break; + } + case "pgp.mit.edu": { + // use HKPS! + it.set(HkpKeyserverAddress.createFromUri("hkps://pgp.mit.edu")); + break; + } + case "subkeys.pgp.net": { + // remove, because often down and no HKPS! + it.remove(); + break; + } + } + + } + setKeyServers(servers); + } + + private void addOnionToSks() { + ArrayList servers = getKeyServers(); + ListIterator it = servers.listIterator(); + while (it.hasNext()) { + HkpKeyserverAddress server = it.next(); + if (server == null) { + continue; + } + if ("hkps://hkps.pool.sks-keyservers.net".equals(server.getUrl())) { + it.set(HkpKeyserverAddress.createWithOnionProxy( + "hkps://hkps.pool.sks-keyservers.net", + "hkp://jirk5u4osbsr34t5.onion")); + } + + } + setKeyServers(servers); + } + private void replaceDefaultKeyserverWithUbuntu() { ArrayList servers = getKeyServers(); boolean oldDefaults = "hkps://hkps.pool.sks-keyservers.net".equalsIgnoreCase(servers.get(0).getUrl()) || @@ -516,7 +515,7 @@ public class Preferences { HkpKeyserverAddress ubuntuKeyserver = HkpKeyserverAddress.createFromUri("hkps://keyserver.ubuntu.com"); if (oldDefaults) { servers.add(0, ubuntuKeyserver); - } else if (!servers.contains(ubuntuKeyserver)){ + } else if (!servers.contains(ubuntuKeyserver)) { servers.add(ubuntuKeyserver); } setKeyServers(servers);