Merge branch 'development' of github.com:open-keychain/open-keychain into development
This commit is contained in:
Dominik Schürmann
@@ -21,6 +21,7 @@ import android.content.Context;
|
||||
import android.os.Parcel;
|
||||
import android.os.Parcelable;
|
||||
|
||||
import org.sufficientlysecure.keychain.R;
|
||||
import org.sufficientlysecure.keychain.pgp.KeyRing;
|
||||
import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
|
||||
import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
|
||||
@@ -287,7 +288,7 @@ public class ImportKeysListEntry implements Serializable, Parcelable {
|
||||
|
||||
// if there was no user id flagged as primary, use the first one
|
||||
if (mPrimaryUserId == null) {
|
||||
mPrimaryUserId = mUserIds.get(0);
|
||||
mPrimaryUserId = context.getString(R.string.user_id_none);
|
||||
}
|
||||
|
||||
mKeyId = key.getKeyId();
|
||||
|
||||
@@ -50,9 +50,6 @@ public class CertifyOperation extends BaseOperation {
|
||||
CanonicalizedSecretKey certificationKey;
|
||||
try {
|
||||
|
||||
// certification is always with the master key id, so use that one
|
||||
String passphrase = getCachedPassphrase(parcel.mMasterKeyId, parcel.mMasterKeyId);
|
||||
|
||||
log.add(LogType.MSG_CRT_MASTER_FETCH, 1);
|
||||
CanonicalizedSecretKeyRing secretKeyRing =
|
||||
mProviderHelper.getCanonicalizedSecretKeyRing(parcel.mMasterKeyId);
|
||||
@@ -62,6 +59,10 @@ public class CertifyOperation extends BaseOperation {
|
||||
log.add(LogType.MSG_CRT_ERROR_DIVERT, 2);
|
||||
return new CertifyResult(CertifyResult.RESULT_ERROR, log);
|
||||
}
|
||||
|
||||
// certification is always with the master key id, so use that one
|
||||
String passphrase = getCachedPassphrase(parcel.mMasterKeyId, parcel.mMasterKeyId);
|
||||
|
||||
if (!certificationKey.unlock(passphrase)) {
|
||||
log.add(LogType.MSG_CRT_ERROR_UNLOCK, 2);
|
||||
return new CertifyResult(CertifyResult.RESULT_ERROR, log);
|
||||
@@ -94,6 +95,12 @@ public class CertifyOperation extends BaseOperation {
|
||||
|
||||
try {
|
||||
|
||||
if (action.mMasterKeyId == parcel.mMasterKeyId) {
|
||||
log.add(LogType.MSG_CRT_ERROR_SELF, 2);
|
||||
certifyError += 1;
|
||||
continue;
|
||||
}
|
||||
|
||||
if (action.mUserIds == null) {
|
||||
log.add(LogType.MSG_CRT_CERTIFY_ALL, 2,
|
||||
KeyFormattingUtils.convertKeyIdToHex(action.mMasterKeyId));
|
||||
|
||||
@@ -0,0 +1,132 @@
|
||||
package org.sufficientlysecure.keychain.operations;
|
||||
|
||||
import android.content.Context;
|
||||
|
||||
import org.sufficientlysecure.keychain.R;
|
||||
import org.sufficientlysecure.keychain.operations.results.EditKeyResult;
|
||||
import org.sufficientlysecure.keychain.operations.results.PgpEditKeyResult;
|
||||
import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKeyRing;
|
||||
import org.sufficientlysecure.keychain.pgp.PgpKeyOperation;
|
||||
import org.sufficientlysecure.keychain.pgp.Progressable;
|
||||
import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
|
||||
import org.sufficientlysecure.keychain.provider.ProviderHelper;
|
||||
import org.sufficientlysecure.keychain.provider.ProviderHelper.NotFoundException;
|
||||
import org.sufficientlysecure.keychain.service.CertifyActionsParcel;
|
||||
import org.sufficientlysecure.keychain.operations.results.OperationResult.LogType;
|
||||
import org.sufficientlysecure.keychain.operations.results.OperationResult.OperationLog;
|
||||
import org.sufficientlysecure.keychain.operations.results.SaveKeyringResult;
|
||||
import org.sufficientlysecure.keychain.service.ContactSyncAdapterService;
|
||||
import org.sufficientlysecure.keychain.service.PassphraseCacheService;
|
||||
import org.sufficientlysecure.keychain.service.SaveKeyringParcel;
|
||||
import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
|
||||
import org.sufficientlysecure.keychain.util.ProgressScaler;
|
||||
|
||||
import java.util.concurrent.atomic.AtomicBoolean;
|
||||
|
||||
/** An operation which implements a high level key edit operation.
|
||||
*
|
||||
* This operation provides a higher level interface to the edit and
|
||||
* create key operations in PgpKeyOperation. It takes care of fetching
|
||||
* and saving the key before and after the operation.
|
||||
*
|
||||
* @see CertifyActionsParcel
|
||||
*
|
||||
*/
|
||||
public class EditKeyOperation extends BaseOperation {
|
||||
|
||||
public EditKeyOperation(Context context, ProviderHelper providerHelper,
|
||||
Progressable progressable, AtomicBoolean cancelled) {
|
||||
super(context, providerHelper, progressable, cancelled);
|
||||
}
|
||||
|
||||
public EditKeyResult execute(SaveKeyringParcel saveParcel, String passphrase) {
|
||||
|
||||
OperationLog log = new OperationLog();
|
||||
log.add(LogType.MSG_ED, 0);
|
||||
|
||||
if (saveParcel == null) {
|
||||
log.add(LogType.MSG_ED_ERROR_NO_PARCEL, 1);
|
||||
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
|
||||
}
|
||||
|
||||
// Perform actual modification (or creation)
|
||||
PgpEditKeyResult modifyResult;
|
||||
{
|
||||
PgpKeyOperation keyOperations =
|
||||
new PgpKeyOperation(new ProgressScaler(mProgressable, 10, 60, 100), mCancelled);
|
||||
|
||||
// If a key id is specified, fetch and edit
|
||||
if (saveParcel.mMasterKeyId != null) {
|
||||
try {
|
||||
|
||||
log.add(LogType.MSG_ED_FETCHING, 1,
|
||||
KeyFormattingUtils.convertKeyIdToHex(saveParcel.mMasterKeyId));
|
||||
CanonicalizedSecretKeyRing secRing =
|
||||
mProviderHelper.getCanonicalizedSecretKeyRing(saveParcel.mMasterKeyId);
|
||||
|
||||
modifyResult = keyOperations.modifySecretKeyRing(secRing, saveParcel, passphrase);
|
||||
|
||||
} catch (NotFoundException e) {
|
||||
log.add(LogType.MSG_ED_ERROR_KEY_NOT_FOUND, 2);
|
||||
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
|
||||
}
|
||||
} else {
|
||||
// otherwise, create new one
|
||||
modifyResult = keyOperations.createSecretKeyRing(saveParcel);
|
||||
}
|
||||
}
|
||||
|
||||
// Add the result to the log
|
||||
log.add(modifyResult, 1);
|
||||
|
||||
// Check if the action was cancelled
|
||||
if (checkCancelled()) {
|
||||
log.add(LogType.MSG_OPERATION_CANCELLED, 0);
|
||||
return new EditKeyResult(PgpEditKeyResult.RESULT_CANCELLED, log, null);
|
||||
}
|
||||
|
||||
// If the edit operation didn't succeed, exit here
|
||||
if (!modifyResult.success()) {
|
||||
// error is already logged by modification
|
||||
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
|
||||
}
|
||||
|
||||
// Cannot cancel from here on out!
|
||||
mProgressable.setPreventCancel();
|
||||
|
||||
// It's a success, so this must be non-null now
|
||||
UncachedKeyRing ring = modifyResult.getRing();
|
||||
|
||||
// Save the new keyring.
|
||||
SaveKeyringResult saveResult = mProviderHelper
|
||||
.saveSecretKeyRing(ring, new ProgressScaler(mProgressable, 60, 95, 100));
|
||||
log.add(saveResult, 1);
|
||||
|
||||
// If the save operation didn't succeed, exit here
|
||||
if (!saveResult.success()) {
|
||||
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
|
||||
}
|
||||
|
||||
// There is a new passphrase - cache it
|
||||
if (saveParcel.mNewUnlock != null) {
|
||||
log.add(LogType.MSG_ED_CACHING_NEW, 1);
|
||||
PassphraseCacheService.addCachedPassphrase(mContext,
|
||||
ring.getMasterKeyId(),
|
||||
ring.getMasterKeyId(),
|
||||
saveParcel.mNewUnlock.mNewPassphrase != null
|
||||
? saveParcel.mNewUnlock.mNewPassphrase
|
||||
: saveParcel.mNewUnlock.mNewPin,
|
||||
ring.getPublicKey().getPrimaryUserIdWithFallback());
|
||||
}
|
||||
|
||||
updateProgress(R.string.progress_done, 100, 100);
|
||||
|
||||
// make sure new data is synced into contacts
|
||||
ContactSyncAdapterService.requestSync();
|
||||
|
||||
log.add(LogType.MSG_ED_SUCCESS, 0);
|
||||
return new EditKeyResult(EditKeyResult.RESULT_OK, log, ring.getMasterKeyId());
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
@@ -31,6 +31,7 @@ import org.sufficientlysecure.keychain.keyimport.Keyserver;
|
||||
import org.sufficientlysecure.keychain.keyimport.Keyserver.AddKeyException;
|
||||
import org.sufficientlysecure.keychain.keyimport.ParcelableKeyRing;
|
||||
import org.sufficientlysecure.keychain.operations.results.ExportResult;
|
||||
import org.sufficientlysecure.keychain.pgp.CanonicalizedKeyRing;
|
||||
import org.sufficientlysecure.keychain.pgp.CanonicalizedPublicKeyRing;
|
||||
import org.sufficientlysecure.keychain.pgp.PgpHelper;
|
||||
import org.sufficientlysecure.keychain.pgp.Progressable;
|
||||
@@ -399,7 +400,7 @@ public class ImportExportOperation extends BaseOperation {
|
||||
|
||||
}
|
||||
|
||||
private ExportResult exportKeyRings(OperationLog log, long[] masterKeyIds, boolean exportSecret,
|
||||
ExportResult exportKeyRings(OperationLog log, long[] masterKeyIds, boolean exportSecret,
|
||||
OutputStream outStream) {
|
||||
|
||||
/* TODO isn't this checked above, with the isStorageMounted call?
|
||||
@@ -469,12 +470,16 @@ public class ImportExportOperation extends BaseOperation {
|
||||
|
||||
log.add(LogType.MSG_EXPORT_PUBLIC, 1, KeyFormattingUtils.beautifyKeyId(keyId));
|
||||
|
||||
{ // export public key part
|
||||
byte[] data = cursor.getBlob(1);
|
||||
arOutStream.write(data);
|
||||
byte[] data = cursor.getBlob(1);
|
||||
CanonicalizedKeyRing ring =
|
||||
UncachedKeyRing.decodeFromData(data).canonicalize(log, 2, true);
|
||||
ring.encode(arOutStream);
|
||||
|
||||
okPublic += 1;
|
||||
}
|
||||
okPublic += 1;
|
||||
} catch (PgpGeneralException e) {
|
||||
log.add(LogType.MSG_EXPORT_ERROR_KEY, 2);
|
||||
updateProgress(progress++, numKeys);
|
||||
continue;
|
||||
} finally {
|
||||
// make sure this is closed
|
||||
if (arOutStream != null) {
|
||||
@@ -491,12 +496,18 @@ public class ImportExportOperation extends BaseOperation {
|
||||
arOutStream.setHeader("Version", version);
|
||||
}
|
||||
|
||||
// export secret key part
|
||||
// export secret key part
|
||||
log.add(LogType.MSG_EXPORT_SECRET, 2, KeyFormattingUtils.beautifyKeyId(keyId));
|
||||
byte[] data = cursor.getBlob(2);
|
||||
arOutStream.write(data);
|
||||
CanonicalizedKeyRing ring =
|
||||
UncachedKeyRing.decodeFromData(data).canonicalize(log, 2, true);
|
||||
ring.encode(arOutStream);
|
||||
|
||||
okSecret += 1;
|
||||
} catch (PgpGeneralException e) {
|
||||
log.add(LogType.MSG_EXPORT_ERROR_KEY, 2);
|
||||
updateProgress(progress++, numKeys);
|
||||
continue;
|
||||
} finally {
|
||||
// make sure this is closed
|
||||
if (arOutStream != null) {
|
||||
|
||||
@@ -20,34 +20,24 @@ package org.sufficientlysecure.keychain.operations.results;
|
||||
|
||||
import android.os.Parcel;
|
||||
|
||||
import org.sufficientlysecure.keychain.Constants;
|
||||
import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
|
||||
|
||||
public class EditKeyResult extends OperationResult {
|
||||
|
||||
private transient UncachedKeyRing mRing;
|
||||
public final long mRingMasterKeyId;
|
||||
public final Long mMasterKeyId;
|
||||
|
||||
public EditKeyResult(int result, OperationLog log,
|
||||
UncachedKeyRing ring) {
|
||||
public EditKeyResult(int result, OperationLog log, Long masterKeyId) {
|
||||
super(result, log);
|
||||
mRing = ring;
|
||||
mRingMasterKeyId = ring != null ? ring.getMasterKeyId() : Constants.key.none;
|
||||
}
|
||||
|
||||
public UncachedKeyRing getRing() {
|
||||
return mRing;
|
||||
mMasterKeyId = masterKeyId;
|
||||
}
|
||||
|
||||
public EditKeyResult(Parcel source) {
|
||||
super(source);
|
||||
mRingMasterKeyId = source.readLong();
|
||||
mMasterKeyId = source.readLong();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void writeToParcel(Parcel dest, int flags) {
|
||||
super.writeToParcel(dest, flags);
|
||||
dest.writeLong(mRingMasterKeyId);
|
||||
dest.writeLong(mMasterKeyId);
|
||||
}
|
||||
|
||||
public static Creator<EditKeyResult> CREATOR = new Creator<EditKeyResult>() {
|
||||
|
||||
@@ -359,6 +359,7 @@ public abstract class OperationResult implements Parcelable {
|
||||
MSG_IS_SUBKEY_STRIPPED (LogLevel.DEBUG, R.string.msg_is_subkey_stripped),
|
||||
MSG_IS_SUBKEY_DIVERT (LogLevel.DEBUG, R.string.msg_is_subkey_divert),
|
||||
MSG_IS_SUBKEY_EMPTY (LogLevel.DEBUG, R.string.msg_is_subkey_empty),
|
||||
MSG_IS_SUBKEY_PIN (LogLevel.DEBUG, R.string.msg_is_subkey_pin),
|
||||
MSG_IS_SUCCESS_IDENTICAL (LogLevel.OK, R.string.msg_is_success_identical),
|
||||
MSG_IS_SUCCESS (LogLevel.OK, R.string.msg_is_success),
|
||||
|
||||
@@ -370,13 +371,16 @@ public abstract class OperationResult implements Parcelable {
|
||||
MSG_KC_ERROR_MASTER_ALGO (LogLevel.ERROR, R.string.msg_kc_error_master_algo),
|
||||
MSG_KC_ERROR_DUP_KEY (LogLevel.ERROR, R.string.msg_kc_error_dup_key),
|
||||
MSG_KC_MASTER (LogLevel.DEBUG, R.string.msg_kc_master),
|
||||
MSG_KC_REVOKE_BAD_ERR (LogLevel.WARN, R.string.msg_kc_revoke_bad_err),
|
||||
MSG_KC_REVOKE_BAD_LOCAL (LogLevel.WARN, R.string.msg_kc_revoke_bad_local),
|
||||
MSG_KC_REVOKE_BAD_TIME (LogLevel.WARN, R.string.msg_kc_revoke_bad_time),
|
||||
MSG_KC_REVOKE_BAD_TYPE (LogLevel.WARN, R.string.msg_kc_revoke_bad_type),
|
||||
MSG_KC_REVOKE_BAD_TYPE_UID (LogLevel.WARN, R.string.msg_kc_revoke_bad_type_uid),
|
||||
MSG_KC_REVOKE_BAD (LogLevel.WARN, R.string.msg_kc_revoke_bad),
|
||||
MSG_KC_MASTER_BAD_TYPE(LogLevel.WARN, R.string.msg_kc_master_bad_type),
|
||||
MSG_KC_MASTER_BAD_LOCAL(LogLevel.WARN, R.string.msg_kc_master_bad_local),
|
||||
MSG_KC_MASTER_BAD_ERR(LogLevel.WARN, R.string.msg_kc_master_bad_err),
|
||||
MSG_KC_MASTER_BAD_TIME(LogLevel.WARN, R.string.msg_kc_master_bad_time),
|
||||
MSG_KC_MASTER_BAD_TYPE_UID(LogLevel.WARN, R.string.msg_kc_master_bad_type_uid),
|
||||
MSG_KC_MASTER_BAD(LogLevel.WARN, R.string.msg_kc_master_bad),
|
||||
MSG_KC_MASTER_LOCAL(LogLevel.WARN, R.string.msg_kc_master_local),
|
||||
MSG_KC_REVOKE_DUP (LogLevel.DEBUG, R.string.msg_kc_revoke_dup),
|
||||
MSG_KC_NOTATION_DUP (LogLevel.DEBUG, R.string.msg_kc_notation_dup),
|
||||
MSG_KC_NOTATION_EMPTY (LogLevel.DEBUG, R.string.msg_kc_notation_empty),
|
||||
MSG_KC_SUB (LogLevel.DEBUG, R.string.msg_kc_sub),
|
||||
MSG_KC_SUB_BAD(LogLevel.WARN, R.string.msg_kc_sub_bad),
|
||||
MSG_KC_SUB_BAD_ERR(LogLevel.WARN, R.string.msg_kc_sub_bad_err),
|
||||
@@ -458,6 +462,8 @@ public abstract class OperationResult implements Parcelable {
|
||||
MSG_MF_ERROR_SIG (LogLevel.ERROR, R.string.msg_mf_error_sig),
|
||||
MSG_MF_ERROR_SUBKEY_MISSING(LogLevel.ERROR, R.string.msg_mf_error_subkey_missing),
|
||||
MSG_MF_MASTER (LogLevel.DEBUG, R.string.msg_mf_master),
|
||||
MSG_MF_NOTATION_PIN (LogLevel.DEBUG, R.string.msg_mf_notation_pin),
|
||||
MSG_MF_NOTATION_EMPTY (LogLevel.DEBUG, R.string.msg_mf_notation_empty),
|
||||
MSG_MF_PASSPHRASE (LogLevel.INFO, R.string.msg_mf_passphrase),
|
||||
MSG_MF_PASSPHRASE_KEY (LogLevel.DEBUG, R.string.msg_mf_passphrase_key),
|
||||
MSG_MF_PASSPHRASE_EMPTY_RETRY (LogLevel.DEBUG, R.string.msg_mf_passphrase_empty_retry),
|
||||
@@ -502,6 +508,14 @@ public abstract class OperationResult implements Parcelable {
|
||||
MSG_CON_WARN_DELETE_PUBLIC (LogLevel.WARN, R.string.msg_con_warn_delete_public),
|
||||
MSG_CON_WARN_DELETE_SECRET (LogLevel.WARN, R.string.msg_con_warn_delete_secret),
|
||||
|
||||
// edit key (higher level operation than modify)
|
||||
MSG_ED (LogLevel.START, R.string.msg_ed),
|
||||
MSG_ED_CACHING_NEW (LogLevel.DEBUG, R.string.msg_ed_caching_new),
|
||||
MSG_ED_ERROR_NO_PARCEL (LogLevel.ERROR, R.string.msg_ed_error_no_parcel),
|
||||
MSG_ED_ERROR_KEY_NOT_FOUND (LogLevel.ERROR, R.string.msg_ed_error_key_not_found),
|
||||
MSG_ED_FETCHING (LogLevel.DEBUG, R.string.msg_ed_fetching),
|
||||
MSG_ED_SUCCESS (LogLevel.OK, R.string.msg_ed_success),
|
||||
|
||||
// messages used in UI code
|
||||
MSG_EK_ERROR_DIVERT (LogLevel.ERROR, R.string.msg_ek_error_divert),
|
||||
MSG_EK_ERROR_DUMMY (LogLevel.ERROR, R.string.msg_ek_error_dummy),
|
||||
@@ -525,6 +539,7 @@ public abstract class OperationResult implements Parcelable {
|
||||
MSG_DC_ERROR_BAD_PASSPHRASE (LogLevel.ERROR, R.string.msg_dc_error_bad_passphrase),
|
||||
MSG_DC_ERROR_EXTRACT_KEY (LogLevel.ERROR, R.string.msg_dc_error_extract_key),
|
||||
MSG_DC_ERROR_INTEGRITY_CHECK (LogLevel.ERROR, R.string.msg_dc_error_integrity_check),
|
||||
MSG_DC_ERROR_INTEGRITY_MISSING (LogLevel.ERROR, R.string.msg_dc_error_integrity_missing),
|
||||
MSG_DC_ERROR_INVALID_SIGLIST(LogLevel.ERROR, R.string.msg_dc_error_invalid_siglist),
|
||||
MSG_DC_ERROR_IO (LogLevel.ERROR, R.string.msg_dc_error_io),
|
||||
MSG_DC_ERROR_NO_DATA (LogLevel.ERROR, R.string.msg_dc_error_no_data),
|
||||
@@ -572,6 +587,7 @@ public abstract class OperationResult implements Parcelable {
|
||||
MSG_CRT_CERTIFYING (LogLevel.DEBUG, R.string.msg_crt_certifying),
|
||||
MSG_CRT_CERTIFY_ALL (LogLevel.DEBUG, R.string.msg_crt_certify_all),
|
||||
MSG_CRT_CERTIFY_SOME (LogLevel.DEBUG, R.plurals.msg_crt_certify_some),
|
||||
MSG_CRT_ERROR_SELF (LogLevel.ERROR, R.string.msg_crt_error_self),
|
||||
MSG_CRT_ERROR_MASTER_NOT_FOUND (LogLevel.ERROR, R.string.msg_crt_error_master_not_found),
|
||||
MSG_CRT_ERROR_NOTHING (LogLevel.ERROR, R.string.msg_crt_error_nothing),
|
||||
MSG_CRT_ERROR_UNLOCK (LogLevel.ERROR, R.string.msg_crt_error_unlock),
|
||||
@@ -613,6 +629,7 @@ public abstract class OperationResult implements Parcelable {
|
||||
MSG_EXPORT_ERROR_STORAGE (LogLevel.ERROR, R.string.msg_export_error_storage),
|
||||
MSG_EXPORT_ERROR_DB (LogLevel.ERROR, R.string.msg_export_error_db),
|
||||
MSG_EXPORT_ERROR_IO (LogLevel.ERROR, R.string.msg_export_error_io),
|
||||
MSG_EXPORT_ERROR_KEY (LogLevel.ERROR, R.string.msg_export_error_key),
|
||||
MSG_EXPORT_SUCCESS (LogLevel.OK, R.string.msg_export_success),
|
||||
|
||||
MSG_CRT_UPLOAD_SUCCESS (LogLevel.OK, R.string.msg_crt_upload_success),
|
||||
|
||||
@@ -0,0 +1,63 @@
|
||||
/*
|
||||
* Copyright (C) 2014 Dominik Schürmann <dominik@dominikschuermann.de>
|
||||
* Copyright (C) 2014 Vincent Breitmoser <v.breitmoser@mugenguild.com>
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
package org.sufficientlysecure.keychain.operations.results;
|
||||
|
||||
import android.os.Parcel;
|
||||
|
||||
import org.sufficientlysecure.keychain.Constants;
|
||||
import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
|
||||
|
||||
public class PgpEditKeyResult extends OperationResult {
|
||||
|
||||
private transient UncachedKeyRing mRing;
|
||||
public final long mRingMasterKeyId;
|
||||
|
||||
public PgpEditKeyResult(int result, OperationLog log,
|
||||
UncachedKeyRing ring) {
|
||||
super(result, log);
|
||||
mRing = ring;
|
||||
mRingMasterKeyId = ring != null ? ring.getMasterKeyId() : Constants.key.none;
|
||||
}
|
||||
|
||||
public UncachedKeyRing getRing() {
|
||||
return mRing;
|
||||
}
|
||||
|
||||
public PgpEditKeyResult(Parcel source) {
|
||||
super(source);
|
||||
mRingMasterKeyId = source.readLong();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void writeToParcel(Parcel dest, int flags) {
|
||||
super.writeToParcel(dest, flags);
|
||||
dest.writeLong(mRingMasterKeyId);
|
||||
}
|
||||
|
||||
public static Creator<PgpEditKeyResult> CREATOR = new Creator<PgpEditKeyResult>() {
|
||||
public PgpEditKeyResult createFromParcel(final Parcel source) {
|
||||
return new PgpEditKeyResult(source);
|
||||
}
|
||||
|
||||
public PgpEditKeyResult[] newArray(final int size) {
|
||||
return new PgpEditKeyResult[size];
|
||||
}
|
||||
};
|
||||
|
||||
}
|
||||
@@ -49,6 +49,7 @@ import java.security.NoSuchAlgorithmException;
|
||||
import java.security.NoSuchProviderException;
|
||||
import java.security.SignatureException;
|
||||
import java.util.Date;
|
||||
import java.util.HashMap;
|
||||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
|
||||
@@ -141,6 +142,11 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
|
||||
// It means the passphrase is empty
|
||||
return SecretKeyType.PASSPHRASE_EMPTY;
|
||||
} catch (PGPException e) {
|
||||
HashMap<String,String> notation = getRing().getLocalNotationData();
|
||||
if (notation.containsKey("unlock.pin@sufficientlysecure.org")
|
||||
&& "1".equals(notation.get("unlock.pin@sufficientlysecure.org"))) {
|
||||
return SecretKeyType.PIN;
|
||||
}
|
||||
// Otherwise, it's just a regular ol' passphrase
|
||||
return SecretKeyType.PASSPHRASE;
|
||||
}
|
||||
@@ -295,6 +301,12 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
|
||||
if (mPrivateKeyState == PRIVATE_KEY_STATE_LOCKED) {
|
||||
throw new PrivateKeyNotUnlockedException();
|
||||
}
|
||||
if (!isMasterKey()) {
|
||||
throw new AssertionError("tried to certify with non-master key, this is a programming error!");
|
||||
}
|
||||
if (publicKeyRing.getMasterKeyId() == getKeyId()) {
|
||||
throw new AssertionError("key tried to self-certify, this is a programming error!");
|
||||
}
|
||||
|
||||
// create a signatureGenerator from the supplied masterKeyId and passphrase
|
||||
PGPSignatureGenerator signatureGenerator;
|
||||
|
||||
@@ -26,6 +26,7 @@ import org.spongycastle.openpgp.PGPPrivateKey;
|
||||
import org.spongycastle.openpgp.PGPPublicKey;
|
||||
import org.spongycastle.openpgp.PGPSecretKey;
|
||||
import org.spongycastle.openpgp.PGPSecretKeyRing;
|
||||
import org.spongycastle.openpgp.PGPSignature;
|
||||
import org.spongycastle.openpgp.operator.PBESecretKeyDecryptor;
|
||||
import org.spongycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder;
|
||||
import org.sufficientlysecure.keychain.Constants;
|
||||
@@ -36,6 +37,7 @@ import org.sufficientlysecure.keychain.util.IterableIterator;
|
||||
import org.sufficientlysecure.keychain.util.Log;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.Iterator;
|
||||
|
||||
@@ -130,4 +132,16 @@ public class CanonicalizedSecretKeyRing extends CanonicalizedKeyRing {
|
||||
});
|
||||
}
|
||||
|
||||
public HashMap<String,String> getLocalNotationData() {
|
||||
HashMap<String,String> result = new HashMap<String,String>();
|
||||
Iterator<PGPSignature> it = getRing().getPublicKey().getKeySignatures();
|
||||
while (it.hasNext()) {
|
||||
WrappedSignature sig = new WrappedSignature(it.next());
|
||||
if (sig.isLocal()) {
|
||||
result.putAll(sig.getNotation());
|
||||
}
|
||||
}
|
||||
return result;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -84,7 +84,7 @@ public class PgpDecryptVerify extends BaseOperation {
|
||||
private boolean mDecryptMetadataOnly;
|
||||
private byte[] mDecryptedSessionKey;
|
||||
|
||||
private PgpDecryptVerify(Builder builder) {
|
||||
protected PgpDecryptVerify(Builder builder) {
|
||||
super(builder.mContext, builder.mProviderHelper, builder.mProgressable);
|
||||
|
||||
// private Constructor can only be called from Builder
|
||||
@@ -633,7 +633,7 @@ public class PgpDecryptVerify extends BaseOperation {
|
||||
// Handle missing integrity protection like failed integrity protection!
|
||||
// The MDC packet can be stripped by an attacker!
|
||||
if (!signatureResultBuilder.isValidSignature()) {
|
||||
log.add(LogType.MSG_DC_ERROR_INTEGRITY_CHECK, indent);
|
||||
log.add(LogType.MSG_DC_ERROR_INTEGRITY_MISSING, indent);
|
||||
return new DecryptVerifyResult(DecryptVerifyResult.RESULT_ERROR, log);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -49,7 +49,7 @@ import org.sufficientlysecure.keychain.R;
|
||||
import org.sufficientlysecure.keychain.operations.results.OperationResult;
|
||||
import org.sufficientlysecure.keychain.operations.results.OperationResult.LogType;
|
||||
import org.sufficientlysecure.keychain.operations.results.OperationResult.OperationLog;
|
||||
import org.sufficientlysecure.keychain.operations.results.EditKeyResult;
|
||||
import org.sufficientlysecure.keychain.operations.results.PgpEditKeyResult;
|
||||
import org.sufficientlysecure.keychain.service.SaveKeyringParcel;
|
||||
import org.sufficientlysecure.keychain.service.SaveKeyringParcel.Algorithm;
|
||||
import org.sufficientlysecure.keychain.service.SaveKeyringParcel.ChangeUnlockParcel;
|
||||
@@ -301,7 +301,7 @@ public class PgpKeyOperation {
|
||||
}
|
||||
}
|
||||
|
||||
public EditKeyResult createSecretKeyRing(SaveKeyringParcel saveParcel) {
|
||||
public PgpEditKeyResult createSecretKeyRing(SaveKeyringParcel saveParcel) {
|
||||
|
||||
OperationLog log = new OperationLog();
|
||||
int indent = 0;
|
||||
@@ -314,23 +314,23 @@ public class PgpKeyOperation {
|
||||
|
||||
if (saveParcel.mAddSubKeys.isEmpty()) {
|
||||
log.add(LogType.MSG_CR_ERROR_NO_MASTER, indent);
|
||||
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
|
||||
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
|
||||
}
|
||||
|
||||
if (saveParcel.mAddUserIds.isEmpty()) {
|
||||
log.add(LogType.MSG_CR_ERROR_NO_USER_ID, indent);
|
||||
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
|
||||
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
|
||||
}
|
||||
|
||||
SubkeyAdd add = saveParcel.mAddSubKeys.remove(0);
|
||||
if ((add.mFlags & KeyFlags.CERTIFY_OTHER) != KeyFlags.CERTIFY_OTHER) {
|
||||
log.add(LogType.MSG_CR_ERROR_NO_CERTIFY, indent);
|
||||
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
|
||||
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
|
||||
}
|
||||
|
||||
if (add.mExpiry == null) {
|
||||
log.add(LogType.MSG_CR_ERROR_NULL_EXPIRY, indent);
|
||||
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
|
||||
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
|
||||
}
|
||||
|
||||
subProgressPush(10, 30);
|
||||
@@ -339,7 +339,7 @@ public class PgpKeyOperation {
|
||||
|
||||
// return null if this failed (an error will already have been logged by createKey)
|
||||
if (keyPair == null) {
|
||||
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
|
||||
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
|
||||
}
|
||||
|
||||
progress(R.string.progress_building_master_key, 40);
|
||||
@@ -366,10 +366,10 @@ public class PgpKeyOperation {
|
||||
} catch (PGPException e) {
|
||||
log.add(LogType.MSG_CR_ERROR_INTERNAL_PGP, indent);
|
||||
Log.e(Constants.TAG, "pgp error encoding key", e);
|
||||
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
|
||||
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
|
||||
} catch (IOException e) {
|
||||
Log.e(Constants.TAG, "io error encoding key", e);
|
||||
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
|
||||
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -389,7 +389,7 @@ public class PgpKeyOperation {
|
||||
* handling of errors should be done in UI code!
|
||||
*
|
||||
*/
|
||||
public EditKeyResult modifySecretKeyRing(CanonicalizedSecretKeyRing wsKR, SaveKeyringParcel saveParcel,
|
||||
public PgpEditKeyResult modifySecretKeyRing(CanonicalizedSecretKeyRing wsKR, SaveKeyringParcel saveParcel,
|
||||
String passphrase) {
|
||||
|
||||
OperationLog log = new OperationLog();
|
||||
@@ -414,7 +414,7 @@ public class PgpKeyOperation {
|
||||
// Make sure this is called with a proper SaveKeyringParcel
|
||||
if (saveParcel.mMasterKeyId == null || saveParcel.mMasterKeyId != wsKR.getMasterKeyId()) {
|
||||
log.add(LogType.MSG_MF_ERROR_KEYID, indent);
|
||||
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
|
||||
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
|
||||
}
|
||||
|
||||
// We work on bouncycastle object level here
|
||||
@@ -425,7 +425,7 @@ public class PgpKeyOperation {
|
||||
if (saveParcel.mFingerprint == null || !Arrays.equals(saveParcel.mFingerprint,
|
||||
masterSecretKey.getPublicKey().getFingerprint())) {
|
||||
log.add(LogType.MSG_MF_ERROR_FINGERPRINT, indent);
|
||||
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
|
||||
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
|
||||
}
|
||||
|
||||
// read masterKeyFlags, and use the same as before.
|
||||
@@ -439,7 +439,7 @@ public class PgpKeyOperation {
|
||||
|
||||
}
|
||||
|
||||
private EditKeyResult internal(PGPSecretKeyRing sKR, PGPSecretKey masterSecretKey,
|
||||
private PgpEditKeyResult internal(PGPSecretKeyRing sKR, PGPSecretKey masterSecretKey,
|
||||
int masterKeyFlags, long masterKeyExpiry,
|
||||
SaveKeyringParcel saveParcel, String passphrase,
|
||||
OperationLog log) {
|
||||
@@ -461,7 +461,7 @@ public class PgpKeyOperation {
|
||||
masterPrivateKey = masterSecretKey.extractPrivateKey(keyDecryptor);
|
||||
} catch (PGPException e) {
|
||||
log.add(LogType.MSG_MF_UNLOCK_ERROR, indent + 1);
|
||||
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
|
||||
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -470,7 +470,7 @@ public class PgpKeyOperation {
|
||||
// Check if we were cancelled
|
||||
if (checkCancelled()) {
|
||||
log.add(LogType.MSG_OPERATION_CANCELLED, indent);
|
||||
return new EditKeyResult(EditKeyResult.RESULT_CANCELLED, log, null);
|
||||
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_CANCELLED, log, null);
|
||||
}
|
||||
|
||||
{ // work on master secret key
|
||||
@@ -487,7 +487,7 @@ public class PgpKeyOperation {
|
||||
|
||||
if (userId.equals("")) {
|
||||
log.add(LogType.MSG_MF_UID_ERROR_EMPTY, indent + 1);
|
||||
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
|
||||
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
|
||||
}
|
||||
|
||||
// this operation supersedes all previous binding and revocation certificates,
|
||||
@@ -499,7 +499,7 @@ public class PgpKeyOperation {
|
||||
if (cert.getKeyID() != masterPublicKey.getKeyID()) {
|
||||
// foreign certificate?! error error error
|
||||
log.add(LogType.MSG_MF_ERROR_INTEGRITY, indent);
|
||||
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
|
||||
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
|
||||
}
|
||||
if (cert.getSignatureType() == PGPSignature.CERTIFICATION_REVOCATION
|
||||
|| cert.getSignatureType() == PGPSignature.NO_CERTIFICATION
|
||||
@@ -541,7 +541,7 @@ public class PgpKeyOperation {
|
||||
}
|
||||
if (!exists) {
|
||||
log.add(LogType.MSG_MF_ERROR_NOEXIST_REVOKE, indent);
|
||||
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
|
||||
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
|
||||
}
|
||||
|
||||
// a duplicate revocation will be removed during canonicalization, so no need to
|
||||
@@ -572,7 +572,7 @@ public class PgpKeyOperation {
|
||||
if (cert.getKeyID() != masterPublicKey.getKeyID()) {
|
||||
// foreign certificate?! error error error
|
||||
log.add(LogType.MSG_MF_ERROR_INTEGRITY, indent);
|
||||
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
|
||||
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
|
||||
}
|
||||
// we know from canonicalization that if there is any revocation here, it
|
||||
// is valid and not superseded by a newer certification.
|
||||
@@ -593,7 +593,7 @@ public class PgpKeyOperation {
|
||||
if (currentCert == null) {
|
||||
// no certificate found?! error error error
|
||||
log.add(LogType.MSG_MF_ERROR_INTEGRITY, indent);
|
||||
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
|
||||
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
|
||||
}
|
||||
|
||||
// we definitely should not update certifications of revoked keys, so just leave it.
|
||||
@@ -601,7 +601,7 @@ public class PgpKeyOperation {
|
||||
// revoked user ids cannot be primary!
|
||||
if (userId.equals(saveParcel.mChangePrimaryUserId)) {
|
||||
log.add(LogType.MSG_MF_ERROR_REVOKED_PRIMARY, indent);
|
||||
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
|
||||
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
|
||||
}
|
||||
continue;
|
||||
}
|
||||
@@ -650,7 +650,7 @@ public class PgpKeyOperation {
|
||||
|
||||
if (!ok) {
|
||||
log.add(LogType.MSG_MF_ERROR_NOEXIST_PRIMARY, indent);
|
||||
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
|
||||
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -666,7 +666,7 @@ public class PgpKeyOperation {
|
||||
// Check if we were cancelled - again
|
||||
if (checkCancelled()) {
|
||||
log.add(LogType.MSG_OPERATION_CANCELLED, indent);
|
||||
return new EditKeyResult(EditKeyResult.RESULT_CANCELLED, log, null);
|
||||
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_CANCELLED, log, null);
|
||||
}
|
||||
|
||||
// 4a. For each subkey change, generate new subkey binding certificate
|
||||
@@ -682,7 +682,7 @@ public class PgpKeyOperation {
|
||||
if (sKey == null) {
|
||||
log.add(LogType.MSG_MF_ERROR_SUBKEY_MISSING,
|
||||
indent + 1, KeyFormattingUtils.convertKeyIdToHex(change.mKeyId));
|
||||
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
|
||||
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
|
||||
}
|
||||
|
||||
// expiry must not be in the past
|
||||
@@ -690,7 +690,7 @@ public class PgpKeyOperation {
|
||||
new Date(change.mExpiry*1000).before(new Date())) {
|
||||
log.add(LogType.MSG_MF_ERROR_PAST_EXPIRY,
|
||||
indent + 1, KeyFormattingUtils.convertKeyIdToHex(change.mKeyId));
|
||||
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
|
||||
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
|
||||
}
|
||||
|
||||
// if this is the master key, update uid certificates instead
|
||||
@@ -700,7 +700,7 @@ public class PgpKeyOperation {
|
||||
|
||||
if ((flags & KeyFlags.CERTIFY_OTHER) != KeyFlags.CERTIFY_OTHER) {
|
||||
log.add(LogType.MSG_MF_ERROR_NO_CERTIFY, indent + 1);
|
||||
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
|
||||
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
|
||||
}
|
||||
|
||||
PGPPublicKey pKey =
|
||||
@@ -708,7 +708,7 @@ public class PgpKeyOperation {
|
||||
flags, expiry, indent, log);
|
||||
if (pKey == null) {
|
||||
// error log entry has already been added by updateMasterCertificates itself
|
||||
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
|
||||
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
|
||||
}
|
||||
masterSecretKey = PGPSecretKey.replacePublicKey(sKey, pKey);
|
||||
masterPublicKey = pKey;
|
||||
@@ -763,7 +763,7 @@ public class PgpKeyOperation {
|
||||
if (sKey == null) {
|
||||
log.add(LogType.MSG_MF_ERROR_SUBKEY_MISSING,
|
||||
indent+1, KeyFormattingUtils.convertKeyIdToHex(revocation));
|
||||
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
|
||||
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
|
||||
}
|
||||
PGPPublicKey pKey = sKey.getPublicKey();
|
||||
|
||||
@@ -788,7 +788,7 @@ public class PgpKeyOperation {
|
||||
if (sKey == null) {
|
||||
log.add(LogType.MSG_MF_ERROR_SUBKEY_MISSING,
|
||||
indent+1, KeyFormattingUtils.convertKeyIdToHex(strip));
|
||||
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
|
||||
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
|
||||
}
|
||||
|
||||
// IT'S DANGEROUS~
|
||||
@@ -806,7 +806,7 @@ public class PgpKeyOperation {
|
||||
// Check if we were cancelled - again. This operation is expensive so we do it each loop.
|
||||
if (checkCancelled()) {
|
||||
log.add(LogType.MSG_OPERATION_CANCELLED, indent);
|
||||
return new EditKeyResult(EditKeyResult.RESULT_CANCELLED, log, null);
|
||||
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_CANCELLED, log, null);
|
||||
}
|
||||
|
||||
progress(R.string.progress_modify_subkeyadd, (i-1) * (100 / saveParcel.mAddSubKeys.size()));
|
||||
@@ -816,12 +816,12 @@ public class PgpKeyOperation {
|
||||
|
||||
if (add.mExpiry == null) {
|
||||
log.add(LogType.MSG_MF_ERROR_NULL_EXPIRY, indent +1);
|
||||
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
|
||||
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
|
||||
}
|
||||
|
||||
if (add.mExpiry > 0L && new Date(add.mExpiry*1000).before(new Date())) {
|
||||
log.add(LogType.MSG_MF_ERROR_PAST_EXPIRY, indent +1);
|
||||
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
|
||||
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
|
||||
}
|
||||
|
||||
// generate a new secret key (privkey only for now)
|
||||
@@ -833,7 +833,7 @@ public class PgpKeyOperation {
|
||||
subProgressPop();
|
||||
if (keyPair == null) {
|
||||
log.add(LogType.MSG_MF_ERROR_PGP, indent +1);
|
||||
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
|
||||
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
|
||||
}
|
||||
|
||||
// add subkey binding signature (making this a sub rather than master key)
|
||||
@@ -868,7 +868,7 @@ public class PgpKeyOperation {
|
||||
// Check if we were cancelled - again. This operation is expensive so we do it each loop.
|
||||
if (checkCancelled()) {
|
||||
log.add(LogType.MSG_OPERATION_CANCELLED, indent);
|
||||
return new EditKeyResult(EditKeyResult.RESULT_CANCELLED, log, null);
|
||||
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_CANCELLED, log, null);
|
||||
}
|
||||
|
||||
// 6. If requested, change passphrase
|
||||
@@ -877,10 +877,11 @@ public class PgpKeyOperation {
|
||||
log.add(LogType.MSG_MF_PASSPHRASE, indent);
|
||||
indent += 1;
|
||||
|
||||
sKR = applyNewUnlock(sKR, masterPublicKey, passphrase, saveParcel.mNewUnlock, log, indent);
|
||||
sKR = applyNewUnlock(sKR, masterPublicKey, masterPrivateKey,
|
||||
passphrase, saveParcel.mNewUnlock, log, indent);
|
||||
if (sKR == null) {
|
||||
// The error has been logged above, just return a bad state
|
||||
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
|
||||
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
|
||||
}
|
||||
|
||||
indent -= 1;
|
||||
@@ -889,38 +890,105 @@ public class PgpKeyOperation {
|
||||
} catch (IOException e) {
|
||||
Log.e(Constants.TAG, "encountered IOException while modifying key", e);
|
||||
log.add(LogType.MSG_MF_ERROR_ENCODE, indent+1);
|
||||
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
|
||||
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
|
||||
} catch (PGPException e) {
|
||||
Log.e(Constants.TAG, "encountered pgp error while modifying key", e);
|
||||
log.add(LogType.MSG_MF_ERROR_PGP, indent+1);
|
||||
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
|
||||
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
|
||||
} catch (SignatureException e) {
|
||||
Log.e(Constants.TAG, "encountered SignatureException while modifying key", e);
|
||||
log.add(LogType.MSG_MF_ERROR_SIG, indent+1);
|
||||
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
|
||||
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
|
||||
}
|
||||
|
||||
progress(R.string.progress_done, 100);
|
||||
log.add(LogType.MSG_MF_SUCCESS, indent);
|
||||
return new EditKeyResult(OperationResult.RESULT_OK, log, new UncachedKeyRing(sKR));
|
||||
return new PgpEditKeyResult(OperationResult.RESULT_OK, log, new UncachedKeyRing(sKR));
|
||||
|
||||
}
|
||||
|
||||
private static PGPSecretKeyRing applyNewUnlock(
|
||||
PGPSecretKeyRing sKR,
|
||||
PGPPublicKey masterPublicKey,
|
||||
PGPPrivateKey masterPrivateKey,
|
||||
String passphrase,
|
||||
ChangeUnlockParcel newUnlock,
|
||||
OperationLog log, int indent) throws PGPException {
|
||||
|
||||
if (newUnlock.mNewPassphrase != null) {
|
||||
return applyNewPassphrase(sKR, masterPublicKey, passphrase, newUnlock.mNewPassphrase, log, indent);
|
||||
sKR = applyNewPassphrase(sKR, masterPublicKey, passphrase, newUnlock.mNewPassphrase, log, indent);
|
||||
|
||||
// if there is any old packet with notation data
|
||||
if (hasNotationData(sKR)) {
|
||||
|
||||
log.add(LogType.MSG_MF_NOTATION_EMPTY, indent);
|
||||
|
||||
// add packet with EMPTY notation data (updates old one, but will be stripped later)
|
||||
PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(
|
||||
masterPrivateKey.getPublicKeyPacket().getAlgorithm(), HashAlgorithmTags.SHA512)
|
||||
.setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
|
||||
PGPSignatureGenerator sGen = new PGPSignatureGenerator(signerBuilder);
|
||||
{ // set subpackets
|
||||
PGPSignatureSubpacketGenerator hashedPacketsGen = new PGPSignatureSubpacketGenerator();
|
||||
hashedPacketsGen.setExportable(false, false);
|
||||
sGen.setHashedSubpackets(hashedPacketsGen.generate());
|
||||
}
|
||||
sGen.init(PGPSignature.DIRECT_KEY, masterPrivateKey);
|
||||
PGPSignature emptySig = sGen.generateCertification(masterPublicKey);
|
||||
|
||||
masterPublicKey = PGPPublicKey.addCertification(masterPublicKey, emptySig);
|
||||
sKR = PGPSecretKeyRing.insertSecretKey(sKR,
|
||||
PGPSecretKey.replacePublicKey(sKR.getSecretKey(), masterPublicKey));
|
||||
}
|
||||
|
||||
return sKR;
|
||||
}
|
||||
|
||||
if (newUnlock.mNewPin != null) {
|
||||
sKR = applyNewPassphrase(sKR, masterPublicKey, passphrase, newUnlock.mNewPin, log, indent);
|
||||
|
||||
log.add(LogType.MSG_MF_NOTATION_PIN, indent);
|
||||
|
||||
// add packet with "pin" notation data
|
||||
PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(
|
||||
masterPrivateKey.getPublicKeyPacket().getAlgorithm(), HashAlgorithmTags.SHA512)
|
||||
.setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
|
||||
PGPSignatureGenerator sGen = new PGPSignatureGenerator(signerBuilder);
|
||||
{ // set subpackets
|
||||
PGPSignatureSubpacketGenerator hashedPacketsGen = new PGPSignatureSubpacketGenerator();
|
||||
hashedPacketsGen.setExportable(false, false);
|
||||
hashedPacketsGen.setNotationData(false, true, "unlock.pin@sufficientlysecure.org", "1");
|
||||
sGen.setHashedSubpackets(hashedPacketsGen.generate());
|
||||
}
|
||||
sGen.init(PGPSignature.DIRECT_KEY, masterPrivateKey);
|
||||
PGPSignature emptySig = sGen.generateCertification(masterPublicKey);
|
||||
|
||||
masterPublicKey = PGPPublicKey.addCertification(masterPublicKey, emptySig);
|
||||
sKR = PGPSecretKeyRing.insertSecretKey(sKR,
|
||||
PGPSecretKey.replacePublicKey(sKR.getSecretKey(), masterPublicKey));
|
||||
|
||||
return sKR;
|
||||
}
|
||||
|
||||
throw new UnsupportedOperationException("PIN passphrases not yet implemented!");
|
||||
|
||||
}
|
||||
|
||||
/** This method returns true iff the provided keyring has a local direct key signature
|
||||
* with notation data.
|
||||
*/
|
||||
private static boolean hasNotationData(PGPSecretKeyRing sKR) {
|
||||
// noinspection unchecked
|
||||
Iterator<PGPSignature> sigs = sKR.getPublicKey().getKeySignatures();
|
||||
while (sigs.hasNext()) {
|
||||
WrappedSignature sig = new WrappedSignature(sigs.next());
|
||||
if (sig.getSignatureType() == PGPSignature.DIRECT_KEY
|
||||
&& sig.isLocal() && !sig.getNotation().isEmpty()) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
private static PGPSecretKeyRing applyNewPassphrase(
|
||||
PGPSecretKeyRing sKR,
|
||||
|
||||
@@ -95,7 +95,7 @@ public class PgpSignEncrypt extends BaseOperation {
|
||||
}
|
||||
}
|
||||
|
||||
private PgpSignEncrypt(Builder builder) {
|
||||
protected PgpSignEncrypt(Builder builder) {
|
||||
super(builder.mContext, builder.mProviderHelper, builder.mProgressable);
|
||||
|
||||
// private Constructor can only be called from Builder
|
||||
|
||||
@@ -41,7 +41,6 @@ import org.sufficientlysecure.keychain.util.IterableIterator;
|
||||
import org.sufficientlysecure.keychain.util.Log;
|
||||
import org.sufficientlysecure.keychain.util.Utf8Util;
|
||||
|
||||
import java.io.BufferedInputStream;
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.io.ByteArrayOutputStream;
|
||||
import java.io.IOException;
|
||||
@@ -138,7 +137,7 @@ public class UncachedKeyRing {
|
||||
public static UncachedKeyRing decodeFromData(byte[] data)
|
||||
throws PgpGeneralException, IOException {
|
||||
|
||||
Iterator<UncachedKeyRing> parsed = fromStream(new ByteArrayInputStream(data));
|
||||
IteratorWithIOThrow<UncachedKeyRing> parsed = fromStream(new ByteArrayInputStream(data));
|
||||
|
||||
if ( ! parsed.hasNext()) {
|
||||
throw new PgpGeneralException("Object not recognized as PGPKeyRing!");
|
||||
@@ -154,14 +153,14 @@ public class UncachedKeyRing {
|
||||
|
||||
}
|
||||
|
||||
public static Iterator<UncachedKeyRing> fromStream(final InputStream stream) throws IOException {
|
||||
public static IteratorWithIOThrow<UncachedKeyRing> fromStream(final InputStream stream) {
|
||||
|
||||
return new Iterator<UncachedKeyRing>() {
|
||||
return new IteratorWithIOThrow<UncachedKeyRing>() {
|
||||
|
||||
UncachedKeyRing mNext = null;
|
||||
PGPObjectFactory mObjectFactory = null;
|
||||
|
||||
private void cacheNext() {
|
||||
private void cacheNext() throws IOException {
|
||||
if (mNext != null) {
|
||||
return;
|
||||
}
|
||||
@@ -190,21 +189,19 @@ public class UncachedKeyRing {
|
||||
// if we are past the while loop, that means the objectFactory had no next
|
||||
mObjectFactory = null;
|
||||
}
|
||||
} catch (IOException e) {
|
||||
Log.e(Constants.TAG, "IOException while processing stream. ArmoredInputStream CRC check failed?", e);
|
||||
} catch (ArrayIndexOutOfBoundsException e) {
|
||||
Log.e(Constants.TAG, "ArmoredInputStream decode failed, symbol is not in decodingTable!", e);
|
||||
throw new IOException(e);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean hasNext() {
|
||||
public boolean hasNext() throws IOException {
|
||||
cacheNext();
|
||||
return mNext != null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public UncachedKeyRing next() {
|
||||
public UncachedKeyRing next() throws IOException {
|
||||
try {
|
||||
cacheNext();
|
||||
return mNext;
|
||||
@@ -212,15 +209,15 @@ public class UncachedKeyRing {
|
||||
mNext = null;
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public void remove() {
|
||||
throw new UnsupportedOperationException();
|
||||
}
|
||||
};
|
||||
|
||||
}
|
||||
|
||||
public interface IteratorWithIOThrow<E> {
|
||||
public boolean hasNext() throws IOException;
|
||||
public E next() throws IOException;
|
||||
}
|
||||
|
||||
public void encodeArmored(OutputStream out, String version) throws IOException {
|
||||
ArmoredOutputStream aos = new ArmoredOutputStream(out);
|
||||
if (version != null) {
|
||||
@@ -267,6 +264,35 @@ public class UncachedKeyRing {
|
||||
*/
|
||||
@SuppressWarnings("ConstantConditions")
|
||||
public CanonicalizedKeyRing canonicalize(OperationLog log, int indent) {
|
||||
return canonicalize(log, indent, false);
|
||||
}
|
||||
|
||||
|
||||
/** "Canonicalizes" a public key, removing inconsistencies in the process.
|
||||
*
|
||||
* More specifically:
|
||||
* - Remove all non-verifying self-certificates
|
||||
* - Remove all "future" self-certificates
|
||||
* - Remove all certificates flagged as "local"
|
||||
* - Remove all certificates which are superseded by a newer one on the same target,
|
||||
* including revocations with later re-certifications.
|
||||
* - Remove all certificates in other positions if not of known type:
|
||||
* - key revocation signatures on the master key
|
||||
* - subkey binding signatures for subkeys
|
||||
* - certifications and certification revocations for user ids
|
||||
* - If a subkey retains no valid subkey binding certificate, remove it
|
||||
* - If a user id retains no valid self certificate, remove it
|
||||
* - If the key is a secret key, remove all certificates by foreign keys
|
||||
* - If no valid user id remains, log an error and return null
|
||||
*
|
||||
* This operation writes an OperationLog which can be used as part of an OperationResultParcel.
|
||||
*
|
||||
* @param forExport if this is true, non-exportable signatures will be removed
|
||||
* @return A canonicalized key, or null on fatal error (log will include a message in this case)
|
||||
*
|
||||
*/
|
||||
@SuppressWarnings("ConstantConditions")
|
||||
public CanonicalizedKeyRing canonicalize(OperationLog log, int indent, boolean forExport) {
|
||||
|
||||
log.add(isSecret() ? LogType.MSG_KC_SECRET : LogType.MSG_KC_PUBLIC,
|
||||
indent, KeyFormattingUtils.convertKeyIdToHex(getMasterKeyId()));
|
||||
@@ -302,6 +328,7 @@ public class UncachedKeyRing {
|
||||
|
||||
PGPPublicKey modified = masterKey;
|
||||
PGPSignature revocation = null;
|
||||
PGPSignature notation = null;
|
||||
for (PGPSignature zert : new IterableIterator<PGPSignature>(masterKey.getKeySignatures())) {
|
||||
int type = zert.getSignatureType();
|
||||
|
||||
@@ -311,16 +338,16 @@ public class UncachedKeyRing {
|
||||
|| type == PGPSignature.CASUAL_CERTIFICATION
|
||||
|| type == PGPSignature.POSITIVE_CERTIFICATION
|
||||
|| type == PGPSignature.CERTIFICATION_REVOCATION) {
|
||||
log.add(LogType.MSG_KC_REVOKE_BAD_TYPE_UID, indent);
|
||||
log.add(LogType.MSG_KC_MASTER_BAD_TYPE_UID, indent);
|
||||
modified = PGPPublicKey.removeCertification(modified, zert);
|
||||
badCerts += 1;
|
||||
continue;
|
||||
}
|
||||
WrappedSignature cert = new WrappedSignature(zert);
|
||||
|
||||
if (type != PGPSignature.KEY_REVOCATION) {
|
||||
if (type != PGPSignature.KEY_REVOCATION && type != PGPSignature.DIRECT_KEY) {
|
||||
// Unknown type, just remove
|
||||
log.add(LogType.MSG_KC_REVOKE_BAD_TYPE, indent, "0x" + Integer.toString(type, 16));
|
||||
log.add(LogType.MSG_KC_MASTER_BAD_TYPE, indent, "0x" + Integer.toString(type, 16));
|
||||
modified = PGPPublicKey.removeCertification(modified, zert);
|
||||
badCerts += 1;
|
||||
continue;
|
||||
@@ -328,15 +355,7 @@ public class UncachedKeyRing {
|
||||
|
||||
if (cert.getCreationTime().after(nowPlusOneDay)) {
|
||||
// Creation date in the future? No way!
|
||||
log.add(LogType.MSG_KC_REVOKE_BAD_TIME, indent);
|
||||
modified = PGPPublicKey.removeCertification(modified, zert);
|
||||
badCerts += 1;
|
||||
continue;
|
||||
}
|
||||
|
||||
if (cert.isLocal()) {
|
||||
// Remove revocation certs with "local" flag
|
||||
log.add(LogType.MSG_KC_REVOKE_BAD_LOCAL, indent);
|
||||
log.add(LogType.MSG_KC_MASTER_BAD_TIME, indent);
|
||||
modified = PGPPublicKey.removeCertification(modified, zert);
|
||||
badCerts += 1;
|
||||
continue;
|
||||
@@ -345,13 +364,54 @@ public class UncachedKeyRing {
|
||||
try {
|
||||
cert.init(masterKey);
|
||||
if (!cert.verifySignature(masterKey)) {
|
||||
log.add(LogType.MSG_KC_REVOKE_BAD, indent);
|
||||
log.add(LogType.MSG_KC_MASTER_BAD, indent);
|
||||
modified = PGPPublicKey.removeCertification(modified, zert);
|
||||
badCerts += 1;
|
||||
continue;
|
||||
}
|
||||
} catch (PgpGeneralException e) {
|
||||
log.add(LogType.MSG_KC_REVOKE_BAD_ERR, indent);
|
||||
log.add(LogType.MSG_KC_MASTER_BAD_ERR, indent);
|
||||
modified = PGPPublicKey.removeCertification(modified, zert);
|
||||
badCerts += 1;
|
||||
continue;
|
||||
}
|
||||
|
||||
// if this is for export, we always remove any non-exportable certs
|
||||
if (forExport && cert.isLocal()) {
|
||||
// Remove revocation certs with "local" flag
|
||||
log.add(LogType.MSG_KC_MASTER_LOCAL, indent);
|
||||
modified = PGPPublicKey.removeCertification(modified, zert);
|
||||
continue;
|
||||
}
|
||||
|
||||
// special case: non-exportable, direct key signatures for notations!
|
||||
if (cert.getSignatureType() == PGPSignature.DIRECT_KEY) {
|
||||
// must be local, otherwise strip!
|
||||
if (!cert.isLocal()) {
|
||||
log.add(LogType.MSG_KC_MASTER_BAD_TYPE, indent);
|
||||
modified = PGPPublicKey.removeCertification(modified, zert);
|
||||
badCerts += 1;
|
||||
continue;
|
||||
}
|
||||
|
||||
// first notation? fine then.
|
||||
if (notation == null) {
|
||||
notation = zert;
|
||||
// more notations? at least one is superfluous, then.
|
||||
} else if (notation.getCreationTime().before(zert.getCreationTime())) {
|
||||
log.add(LogType.MSG_KC_NOTATION_DUP, indent);
|
||||
modified = PGPPublicKey.removeCertification(modified, notation);
|
||||
redundantCerts += 1;
|
||||
notation = zert;
|
||||
} else {
|
||||
log.add(LogType.MSG_KC_NOTATION_DUP, indent);
|
||||
modified = PGPPublicKey.removeCertification(modified, zert);
|
||||
redundantCerts += 1;
|
||||
}
|
||||
continue;
|
||||
} else if (cert.isLocal()) {
|
||||
// Remove revocation certs with "local" flag
|
||||
log.add(LogType.MSG_KC_MASTER_BAD_LOCAL, indent);
|
||||
modified = PGPPublicKey.removeCertification(modified, zert);
|
||||
badCerts += 1;
|
||||
continue;
|
||||
@@ -373,6 +433,16 @@ public class UncachedKeyRing {
|
||||
}
|
||||
}
|
||||
|
||||
// If we have a notation packet, check if there is even any data in it?
|
||||
if (notation != null) {
|
||||
// If there isn't, might as well strip it
|
||||
if (new WrappedSignature(notation).getNotation().isEmpty()) {
|
||||
log.add(LogType.MSG_KC_NOTATION_EMPTY, indent);
|
||||
modified = PGPPublicKey.removeCertification(modified, notation);
|
||||
redundantCerts += 1;
|
||||
}
|
||||
}
|
||||
|
||||
ArrayList<String> processedUserIds = new ArrayList<String>();
|
||||
for (byte[] rawUserId : new IterableIterator<byte[]>(masterKey.getRawUserIDs())) {
|
||||
String userId = Utf8Util.fromUTF8ByteArrayReplaceBadEncoding(rawUserId);
|
||||
|
||||
@@ -186,12 +186,14 @@ public class UncachedPublicKey {
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns primary user id if existing. If not, return first encountered user id.
|
||||
* Returns primary user id if existing. If not, return first encountered user id. If there
|
||||
* is no user id, return null (this can only happen for not yet canonicalized keys during import)
|
||||
*/
|
||||
public String getPrimaryUserIdWithFallback() {
|
||||
String userId = getPrimaryUserId();
|
||||
if (userId == null) {
|
||||
userId = (String) mPublicKey.getUserIDs().next();
|
||||
Iterator<String> it = mPublicKey.getUserIDs();
|
||||
userId = it.hasNext() ? it.next() : null;
|
||||
}
|
||||
return userId;
|
||||
}
|
||||
|
||||
@@ -21,6 +21,7 @@ package org.sufficientlysecure.keychain.pgp;
|
||||
import org.spongycastle.bcpg.SignatureSubpacket;
|
||||
import org.spongycastle.bcpg.SignatureSubpacketTags;
|
||||
import org.spongycastle.bcpg.sig.Exportable;
|
||||
import org.spongycastle.bcpg.sig.NotationData;
|
||||
import org.spongycastle.bcpg.sig.Revocable;
|
||||
import org.spongycastle.bcpg.sig.RevocationReason;
|
||||
import org.spongycastle.openpgp.PGPException;
|
||||
@@ -37,6 +38,7 @@ import java.io.IOException;
|
||||
import java.security.SignatureException;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Date;
|
||||
import java.util.HashMap;
|
||||
|
||||
/** OpenKeychain wrapper around PGPSignature objects.
|
||||
*
|
||||
@@ -239,4 +241,20 @@ public class WrappedSignature {
|
||||
SignatureSubpacket p = mSig.getHashedSubPackets().getSubpacket(SignatureSubpacketTags.EXPORTABLE);
|
||||
return ! ((Exportable) p).isExportable();
|
||||
}
|
||||
|
||||
public HashMap<String,String> getNotation() {
|
||||
HashMap<String,String> result = new HashMap<String,String>();
|
||||
|
||||
// If there is any notation data
|
||||
if (mSig.getHashedSubPackets() != null
|
||||
&& mSig.getHashedSubPackets().hasSubpacket(SignatureSubpacketTags.NOTATION_DATA)) {
|
||||
// Iterate over notation data
|
||||
for (NotationData data : mSig.getHashedSubPackets().getNotationDataOccurrences()) {
|
||||
result.put(data.getNotationName(), data.getNotationValue());
|
||||
}
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -307,6 +307,7 @@ public class KeychainContract {
|
||||
public static final String USER_ID = UserIdsColumns.USER_ID;
|
||||
public static final String SIGNER_UID = "signer_user_id";
|
||||
|
||||
public static final int UNVERIFIED = 0;
|
||||
public static final int VERIFIED_SECRET = 1;
|
||||
public static final int VERIFIED_SELF = 2;
|
||||
|
||||
|
||||
@@ -192,6 +192,9 @@ public class ProviderHelper {
|
||||
}
|
||||
pos += 1;
|
||||
}
|
||||
} else {
|
||||
// If no data was found, throw an appropriate exception
|
||||
throw new NotFoundException();
|
||||
}
|
||||
|
||||
return result;
|
||||
@@ -540,6 +543,7 @@ public class ProviderHelper {
|
||||
UserIdItem item = uids.get(userIdRank);
|
||||
operations.add(buildUserIdOperations(masterKeyId, item, userIdRank));
|
||||
if (item.selfCert != null) {
|
||||
// TODO get rid of "self verified" status? this cannot even happen anymore!
|
||||
operations.add(buildCertOperations(masterKeyId, userIdRank, item.selfCert,
|
||||
selfCertsAreTrusted ? Certs.VERIFIED_SECRET : Certs.VERIFIED_SELF));
|
||||
}
|
||||
@@ -682,6 +686,11 @@ public class ProviderHelper {
|
||||
KeyFormattingUtils.convertKeyIdToHex(id)
|
||||
);
|
||||
break;
|
||||
case PIN:
|
||||
log(LogType.MSG_IS_SUBKEY_PIN,
|
||||
KeyFormattingUtils.convertKeyIdToHex(id)
|
||||
);
|
||||
break;
|
||||
case GNU_DUMMY:
|
||||
log(LogType.MSG_IS_SUBKEY_STRIPPED,
|
||||
KeyFormattingUtils.convertKeyIdToHex(id)
|
||||
|
||||
@@ -27,11 +27,13 @@ import android.os.Messenger;
|
||||
import android.os.RemoteException;
|
||||
|
||||
import org.sufficientlysecure.keychain.Constants;
|
||||
import org.sufficientlysecure.keychain.R;
|
||||
import org.sufficientlysecure.keychain.operations.CertifyOperation;
|
||||
import org.sufficientlysecure.keychain.operations.DeleteOperation;
|
||||
import org.sufficientlysecure.keychain.operations.EditKeyOperation;
|
||||
import org.sufficientlysecure.keychain.operations.results.DeleteResult;
|
||||
import org.sufficientlysecure.keychain.operations.results.EditKeyResult;
|
||||
import org.sufficientlysecure.keychain.operations.results.ExportResult;
|
||||
import org.sufficientlysecure.keychain.operations.results.PgpEditKeyResult;
|
||||
import org.sufficientlysecure.keychain.pgp.exception.PgpKeyNotFoundException;
|
||||
import org.sufficientlysecure.keychain.operations.results.CertifyResult;
|
||||
import org.sufficientlysecure.keychain.util.FileHelper;
|
||||
@@ -41,31 +43,23 @@ import org.sufficientlysecure.keychain.keyimport.HkpKeyserver;
|
||||
import org.sufficientlysecure.keychain.keyimport.Keyserver;
|
||||
import org.sufficientlysecure.keychain.keyimport.ParcelableKeyRing;
|
||||
import org.sufficientlysecure.keychain.pgp.CanonicalizedPublicKeyRing;
|
||||
import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKeyRing;
|
||||
import org.sufficientlysecure.keychain.pgp.PgpDecryptVerify;
|
||||
import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult;
|
||||
import org.sufficientlysecure.keychain.pgp.PgpHelper;
|
||||
import org.sufficientlysecure.keychain.operations.ImportExportOperation;
|
||||
import org.sufficientlysecure.keychain.pgp.PgpKeyOperation;
|
||||
import org.sufficientlysecure.keychain.pgp.PgpSignEncrypt;
|
||||
import org.sufficientlysecure.keychain.pgp.Progressable;
|
||||
import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
|
||||
import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
|
||||
import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralMsgIdException;
|
||||
import org.sufficientlysecure.keychain.provider.CachedPublicKeyRing;
|
||||
import org.sufficientlysecure.keychain.provider.ProviderHelper;
|
||||
import org.sufficientlysecure.keychain.operations.results.OperationResult;
|
||||
import org.sufficientlysecure.keychain.operations.results.OperationResult.LogType;
|
||||
import org.sufficientlysecure.keychain.operations.results.OperationResult.OperationLog;
|
||||
import org.sufficientlysecure.keychain.operations.results.ConsolidateResult;
|
||||
import org.sufficientlysecure.keychain.operations.results.EditKeyResult;
|
||||
import org.sufficientlysecure.keychain.operations.results.ImportKeyResult;
|
||||
import org.sufficientlysecure.keychain.operations.results.SaveKeyringResult;
|
||||
import org.sufficientlysecure.keychain.operations.results.SignEncryptResult;
|
||||
import org.sufficientlysecure.keychain.util.ParcelableFileCache;
|
||||
import org.sufficientlysecure.keychain.util.InputData;
|
||||
import org.sufficientlysecure.keychain.util.Log;
|
||||
import org.sufficientlysecure.keychain.util.ProgressScaler;
|
||||
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.io.ByteArrayOutputStream;
|
||||
@@ -342,83 +336,16 @@ public class KeychainIntentService extends IntentService implements Progressable
|
||||
|
||||
} else if (ACTION_EDIT_KEYRING.equals(action)) {
|
||||
|
||||
try {
|
||||
/* Input */
|
||||
SaveKeyringParcel saveParcel = data.getParcelable(EDIT_KEYRING_PARCEL);
|
||||
if (saveParcel == null) {
|
||||
Log.e(Constants.TAG, "bug: missing save_keyring_parcel in data!");
|
||||
return;
|
||||
}
|
||||
// Input
|
||||
SaveKeyringParcel saveParcel = data.getParcelable(EDIT_KEYRING_PARCEL);
|
||||
String passphrase = data.getString(EDIT_KEYRING_PASSPHRASE);
|
||||
|
||||
/* Operation */
|
||||
PgpKeyOperation keyOperations =
|
||||
new PgpKeyOperation(new ProgressScaler(this, 10, 60, 100), mActionCanceled);
|
||||
EditKeyResult modifyResult;
|
||||
// Operation
|
||||
EditKeyOperation op = new EditKeyOperation(this, providerHelper, this, mActionCanceled);
|
||||
EditKeyResult result = op.execute(saveParcel, passphrase);
|
||||
|
||||
if (saveParcel.mMasterKeyId != null) {
|
||||
String passphrase = data.getString(EDIT_KEYRING_PASSPHRASE);
|
||||
CanonicalizedSecretKeyRing secRing =
|
||||
new ProviderHelper(this).getCanonicalizedSecretKeyRing(saveParcel.mMasterKeyId);
|
||||
|
||||
modifyResult = keyOperations.modifySecretKeyRing(secRing, saveParcel, passphrase);
|
||||
} else {
|
||||
modifyResult = keyOperations.createSecretKeyRing(saveParcel);
|
||||
}
|
||||
|
||||
// If the edit operation didn't succeed, exit here
|
||||
if (!modifyResult.success()) {
|
||||
// always return SaveKeyringResult, so create one out of the EditKeyResult
|
||||
sendMessageToHandler(KeychainIntentServiceHandler.MESSAGE_OKAY, modifyResult);
|
||||
return;
|
||||
}
|
||||
|
||||
UncachedKeyRing ring = modifyResult.getRing();
|
||||
|
||||
// Check if the action was cancelled
|
||||
if (mActionCanceled.get()) {
|
||||
OperationLog log = modifyResult.getLog();
|
||||
// If it wasn't added before, add log entry
|
||||
if (!modifyResult.cancelled()) {
|
||||
log.add(LogType.MSG_OPERATION_CANCELLED, 0);
|
||||
}
|
||||
// If so, just stop without saving
|
||||
modifyResult = new EditKeyResult(
|
||||
EditKeyResult.RESULT_CANCELLED, log, null);
|
||||
sendMessageToHandler(KeychainIntentServiceHandler.MESSAGE_OKAY, modifyResult);
|
||||
return;
|
||||
}
|
||||
|
||||
// Save the keyring. The ProviderHelper is initialized with the previous log
|
||||
SaveKeyringResult saveResult = new ProviderHelper(this, modifyResult.getLog())
|
||||
.saveSecretKeyRing(ring, new ProgressScaler(this, 60, 95, 100));
|
||||
|
||||
// If the edit operation didn't succeed, exit here
|
||||
if (!saveResult.success()) {
|
||||
sendMessageToHandler(KeychainIntentServiceHandler.MESSAGE_OKAY, saveResult);
|
||||
return;
|
||||
}
|
||||
|
||||
// cache new passphrase
|
||||
if (saveParcel.mNewUnlock != null) {
|
||||
PassphraseCacheService.addCachedPassphrase(this,
|
||||
ring.getMasterKeyId(),
|
||||
ring.getMasterKeyId(),
|
||||
saveParcel.mNewUnlock.mNewPassphrase != null
|
||||
? saveParcel.mNewUnlock.mNewPassphrase
|
||||
: saveParcel.mNewUnlock.mNewPin,
|
||||
ring.getPublicKey().getPrimaryUserIdWithFallback());
|
||||
}
|
||||
|
||||
setProgress(R.string.progress_done, 100, 100);
|
||||
|
||||
// make sure new data is synced into contacts
|
||||
ContactSyncAdapterService.requestSync();
|
||||
|
||||
/* Output */
|
||||
sendMessageToHandler(KeychainIntentServiceHandler.MESSAGE_OKAY, saveResult);
|
||||
} catch (Exception e) {
|
||||
sendErrorToHandler(e);
|
||||
}
|
||||
// Result
|
||||
sendMessageToHandler(KeychainIntentServiceHandler.MESSAGE_OKAY, result);
|
||||
|
||||
} else if (ACTION_EXPORT_KEYRING.equals(action)) {
|
||||
|
||||
@@ -430,7 +357,6 @@ public class KeychainIntentService extends IntentService implements Progressable
|
||||
boolean exportAll = data.getBoolean(EXPORT_ALL);
|
||||
long[] masterKeyIds = exportAll ? null : data.getLongArray(EXPORT_KEY_RING_MASTER_KEY_ID);
|
||||
|
||||
|
||||
// Operation
|
||||
ImportExportOperation importExportOperation = new ImportExportOperation(this, new ProviderHelper(this), this);
|
||||
ExportResult result;
|
||||
|
||||
@@ -254,6 +254,9 @@ public class SaveKeyringParcel implements Parcelable {
|
||||
// A new pin to use. Must only contain [0-9]+
|
||||
public final String mNewPin;
|
||||
|
||||
public ChangeUnlockParcel(String newPassphrase) {
|
||||
this(newPassphrase, null);
|
||||
}
|
||||
public ChangeUnlockParcel(String newPassphrase, String newPin) {
|
||||
if (newPassphrase == null && newPin == null) {
|
||||
throw new RuntimeException("Cannot set both passphrase and pin. THIS IS A BUG!");
|
||||
|
||||
@@ -34,6 +34,7 @@ import android.widget.TextView;
|
||||
import org.spongycastle.bcpg.sig.KeyFlags;
|
||||
import org.sufficientlysecure.keychain.Constants;
|
||||
import org.sufficientlysecure.keychain.R;
|
||||
import org.sufficientlysecure.keychain.operations.results.EditKeyResult;
|
||||
import org.sufficientlysecure.keychain.service.SaveKeyringParcel.ChangeUnlockParcel;
|
||||
import org.sufficientlysecure.keychain.util.Preferences;
|
||||
import org.sufficientlysecure.keychain.pgp.KeyRing;
|
||||
@@ -190,14 +191,14 @@ public class CreateKeyFinalFragment extends Fragment {
|
||||
if (returnData == null) {
|
||||
return;
|
||||
}
|
||||
final SaveKeyringResult result =
|
||||
final EditKeyResult result =
|
||||
returnData.getParcelable(OperationResult.EXTRA_RESULT);
|
||||
if (result == null) {
|
||||
Log.e(Constants.TAG, "result == null");
|
||||
return;
|
||||
}
|
||||
|
||||
if (mUploadCheckbox.isChecked()) {
|
||||
if (result.mMasterKeyId != null && mUploadCheckbox.isChecked()) {
|
||||
// result will be displayed after upload
|
||||
uploadKey(result);
|
||||
} else {
|
||||
@@ -227,7 +228,8 @@ public class CreateKeyFinalFragment extends Fragment {
|
||||
getActivity().startService(intent);
|
||||
}
|
||||
|
||||
private void uploadKey(final SaveKeyringResult saveKeyResult) {
|
||||
// TODO move into EditKeyOperation
|
||||
private void uploadKey(final EditKeyResult saveKeyResult) {
|
||||
// Send all information needed to service to upload key in other thread
|
||||
final Intent intent = new Intent(getActivity(), KeychainIntentService.class);
|
||||
|
||||
@@ -235,7 +237,7 @@ public class CreateKeyFinalFragment extends Fragment {
|
||||
|
||||
// set data uri as path to keyring
|
||||
Uri blobUri = KeychainContract.KeyRings.buildUnifiedKeyRingUri(
|
||||
saveKeyResult.mRingMasterKeyId);
|
||||
saveKeyResult.mMasterKeyId);
|
||||
intent.setData(blobUri);
|
||||
|
||||
// fill values for this action
|
||||
|
||||
@@ -208,12 +208,12 @@ public class PassphraseDialogActivity extends FragmentActivity {
|
||||
case PASSPHRASE:
|
||||
message = getString(R.string.passphrase_for, userId);
|
||||
break;
|
||||
case DIVERT_TO_CARD:
|
||||
message = getString(R.string.yubikey_pin_for, userId);
|
||||
break;
|
||||
case PIN:
|
||||
message = getString(R.string.pin_for, userId);
|
||||
break;
|
||||
case DIVERT_TO_CARD:
|
||||
message = getString(R.string.yubikey_pin_for, userId);
|
||||
break;
|
||||
default:
|
||||
message = "This should not happen!";
|
||||
break;
|
||||
|
||||
@@ -27,6 +27,7 @@ import org.sufficientlysecure.keychain.keyimport.ParcelableKeyRing;
|
||||
import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
|
||||
import org.sufficientlysecure.keychain.operations.results.GetKeyResult;
|
||||
import org.sufficientlysecure.keychain.operations.results.OperationResult;
|
||||
import org.sufficientlysecure.keychain.pgp.UncachedKeyRing.IteratorWithIOThrow;
|
||||
import org.sufficientlysecure.keychain.util.InputData;
|
||||
import org.sufficientlysecure.keychain.util.Log;
|
||||
import org.sufficientlysecure.keychain.util.PositionAwareInputStream;
|
||||
@@ -127,7 +128,7 @@ public class ImportKeysListLoader
|
||||
BufferedInputStream bufferedInput = new BufferedInputStream(progressIn);
|
||||
try {
|
||||
// parse all keyrings
|
||||
Iterator<UncachedKeyRing> it = UncachedKeyRing.fromStream(bufferedInput);
|
||||
IteratorWithIOThrow<UncachedKeyRing> it = UncachedKeyRing.fromStream(bufferedInput);
|
||||
while (it.hasNext()) {
|
||||
UncachedKeyRing ring = it.next();
|
||||
ImportKeysListEntry item = new ImportKeysListEntry(getContext(), ring);
|
||||
|
||||
Reference in New Issue
Block a user