cthrace/open-keychain
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #2274 from open-keychain/ubuntu-keyserver

Browse Source 
Use keyserver.ubuntu.com as new default
This commit is contained in:
Dominik Schürmann
2018-02-20 16:59:23 +01:00
committed by GitHub
parent 37a58a620b 7eaabdaac1
commit 884ef8f84f
4 changed files with 96 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
OpenKeychain/src/main/assets/DigiCertGlobalRootCA.cer Normal file
View File

@@ -0,0 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB
CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97
nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt
43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P
T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4
gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO
BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR
TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw
DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr
hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg
06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF
PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls
YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk
CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=
-----END CERTIFICATE-----

4
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/Constants.java
View File

@@ -174,8 +174,8 @@ public final class Constants {
} }
public static final class Defaults { public static final class Defaults {
public static final String KEY_SERVERS = "hkps://hkps.pool.sks-keyservers.net, hkps://pgp.mit.edu"; public static final String KEY_SERVERS = "hkps://keyserver.ubuntu.com,hkps://hkps.pool.sks-keyservers.net;hkp://jirk5u4osbsr34t5.onion,hkps://pgp.mit.edu";
public static final int PREF_CURRENT_VERSION = 8; public static final int PREF_CURRENT_VERSION = 9;
} }
public static final class key { public static final class key {

1
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/KeychainApplication.java
View File

@@ -113,6 +113,7 @@ public class KeychainApplication extends Application {
TlsCertificatePinning.addPinnedCertificate("hkps.pool.sks-keyservers.net", getAssets(), "hkps.pool.sks-keyservers.net.CA.cer"); TlsCertificatePinning.addPinnedCertificate("hkps.pool.sks-keyservers.net", getAssets(), "hkps.pool.sks-keyservers.net.CA.cer");
TlsCertificatePinning.addPinnedCertificate("pgp.mit.edu", getAssets(), "pgp.mit.edu.cer"); TlsCertificatePinning.addPinnedCertificate("pgp.mit.edu", getAssets(), "pgp.mit.edu.cer");
TlsCertificatePinning.addPinnedCertificate("api.keybase.io", getAssets(), "api.keybase.io.CA.cer"); TlsCertificatePinning.addPinnedCertificate("api.keybase.io", getAssets(), "api.keybase.io.CA.cer");
TlsCertificatePinning.addPinnedCertificate("keyserver.ubuntu.com", getAssets(), "DigiCertGlobalRootCA.cer");
TemporaryFileProvider.cleanUp(this); TemporaryFileProvider.cleanUp(this);
} }

64
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/util/Preferences.java
View File

@@ -37,6 +37,7 @@ import org.sufficientlysecure.keychain.Constants.Pref;
import org.sufficientlysecure.keychain.KeychainApplication; import org.sufficientlysecure.keychain.KeychainApplication;
import org.sufficientlysecure.keychain.keyimport.HkpKeyserverAddress; import org.sufficientlysecure.keychain.keyimport.HkpKeyserverAddress;
import org.sufficientlysecure.keychain.service.KeyserverSyncAdapterService; import org.sufficientlysecure.keychain.service.KeyserverSyncAdapterService;
import timber.log.Timber; import timber.log.Timber;
@@ -424,18 +425,41 @@ public class Preferences {
} }
public void upgradePreferences(Context context) { public void upgradePreferences(Context context) {
Timber.d("Upgrading preferences…");
int oldVersion = mSharedPreferences.getInt(Constants.Pref.PREF_VERSION, 0); int oldVersion = mSharedPreferences.getInt(Constants.Pref.PREF_VERSION, 0);
boolean requiresUpgrade = oldVersion < Constants.Defaults.PREF_CURRENT_VERSION; boolean requiresUpgrade = oldVersion < Constants.Defaults.PREF_CURRENT_VERSION;
if (requiresUpgrade) { if (requiresUpgrade) {
Timber.d("Upgrading preferences from %s to %s…", oldVersion, Constants.Defaults.PREF_CURRENT_VERSION);
switch (oldVersion) { switch (oldVersion) {
case 1: case 1:
// fall through
case 2: case 2:
// fall through
case 3: { case 3: {
// migrate keyserver to hkps migrateToHkps();
}
case 4: {
setTheme(Constants.Pref.Theme.DEFAULT);
}
case 5: {
KeyserverSyncAdapterService.enableKeyserverSync(context);
}
case 6:
case 7: {
addOnionToSks();
}
case 8: {
replaceDefaultKeyserverWithUbuntu();
}
}
// write new preference version
mSharedPreferences.edit()
.putInt(Constants.Pref.PREF_VERSION, Constants.Defaults.PREF_CURRENT_VERSION)
.commit();
}
}
private void migrateToHkps() {
ArrayList<HkpKeyserverAddress> servers = getKeyServers(); ArrayList<HkpKeyserverAddress> servers = getKeyServers();
ListIterator<HkpKeyserverAddress> it = servers.listIterator(); ListIterator<HkpKeyserverAddress> it = servers.listIterator();
while (it.hasNext()) { while (it.hasNext()) {
@@ -464,20 +488,8 @@ public class Preferences {
} }
setKeyServers(servers); setKeyServers(servers);
} }
// fall through
case 4: { private void addOnionToSks() {
setTheme(Constants.Pref.Theme.DEFAULT);
}
// fall through
case 5: {
KeyserverSyncAdapterService.enableKeyserverSync(context);
}
// fall through
case 6: {
}
// fall through
case 7: {
// add onion address to sks-keyservers.net
ArrayList<HkpKeyserverAddress> servers = getKeyServers(); ArrayList<HkpKeyserverAddress> servers = getKeyServers();
ListIterator<HkpKeyserverAddress> it = servers.listIterator(); ListIterator<HkpKeyserverAddress> it = servers.listIterator();
while (it.hasNext()) { while (it.hasNext()) {
@@ -494,13 +506,19 @@ public class Preferences {
} }
setKeyServers(servers); setKeyServers(servers);
} }
}
// write new preference version private void replaceDefaultKeyserverWithUbuntu() {
mSharedPreferences.edit() ArrayList<HkpKeyserverAddress> servers = getKeyServers();
.putInt(Constants.Pref.PREF_VERSION, Constants.Defaults.PREF_CURRENT_VERSION) boolean oldDefaults = "hkps://hkps.pool.sks-keyservers.net".equalsIgnoreCase(servers.get(0).getUrl()) ||
.commit(); "hkps://pgp.mit.edu".equalsIgnoreCase(servers.get(0).getUrl());
HkpKeyserverAddress ubuntuKeyserver = HkpKeyserverAddress.createFromUri("hkps://keyserver.ubuntu.com");
if (oldDefaults) {
servers.add(0, ubuntuKeyserver);
} else if (!servers.contains(ubuntuKeyserver)) {
servers.add(ubuntuKeyserver);
} }
setKeyServers(servers);
} }
public void clear() { public void clear() {