From 52b1016baa54f823dfeb5825b0f56558116f96ce Mon Sep 17 00:00:00 2001 From: Vincent Breitmoser Date: Thu, 17 Nov 2016 00:04:20 +0100 Subject: [PATCH 1/2] update OpenPgpSignatureResult to use enums --- .../pgp/OpenPgpSignatureResultBuilder.java | 16 +++++++------- .../keychain/remote/OpenPgpService.java | 8 +++---- .../keychain/ui/DecryptFragment.java | 2 +- .../keychain/ui/util/KeyFormattingUtils.java | 6 +++--- .../keychain/pgp/PgpEncryptDecryptTest.java | 21 +++++++++---------- .../keychain/provider/InteropTest.java | 4 ++-- extern/openpgp-api-lib | 2 +- 7 files changed, 28 insertions(+), 31 deletions(-) diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/OpenPgpSignatureResultBuilder.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/OpenPgpSignatureResultBuilder.java index ecd7a0ccc..fcd8a4b1e 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/OpenPgpSignatureResultBuilder.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/OpenPgpSignatureResultBuilder.java @@ -21,6 +21,7 @@ package org.sufficientlysecure.keychain.pgp; import java.util.ArrayList; import org.openintents.openpgp.OpenPgpSignatureResult; +import org.openintents.openpgp.OpenPgpSignatureResult.SenderStatusResult; import org.openintents.openpgp.util.OpenPgpUtils; import org.openintents.openpgp.util.OpenPgpUtils.UserId; import org.sufficientlysecure.keychain.Constants; @@ -42,7 +43,7 @@ public class OpenPgpSignatureResultBuilder { private ArrayList mUserIds = new ArrayList<>(); private ArrayList mConfirmedUserIds; private long mKeyId; - private int mSenderStatus; + private SenderStatusResult mSenderStatusResult; // builder private boolean mSignatureAvailable = false; @@ -125,14 +126,14 @@ public class OpenPgpSignatureResultBuilder { if (mSenderAddress != null) { if (userIdListContainsAddress(mSenderAddress, confirmedUserIds)) { - setSenderStatus(OpenPgpSignatureResult.SENDER_RESULT_UID_CONFIRMED); + mSenderStatusResult = SenderStatusResult.USER_ID_CONFIRMED; } else if (userIdListContainsAddress(mSenderAddress, allUserIds)) { - setSenderStatus(OpenPgpSignatureResult.SENDER_RESULT_UID_UNCONFIRMED); + mSenderStatusResult = SenderStatusResult.USER_ID_UNCONFIRMED; } else { - setSenderStatus(OpenPgpSignatureResult.SENDER_RESULT_UID_MISSING); + mSenderStatusResult = SenderStatusResult.USER_ID_MISSING; } } else { - setSenderStatus(OpenPgpSignatureResult.SENDER_RESULT_NO_SENDER); + mSenderStatusResult = SenderStatusResult.UNKNOWN; } } catch (NotFoundException e) { @@ -189,14 +190,11 @@ public class OpenPgpSignatureResultBuilder { } return OpenPgpSignatureResult.createWithValidSignature( - signatureStatus, mPrimaryUserId, mKeyId, mUserIds, mConfirmedUserIds, mSenderStatus); + signatureStatus, mPrimaryUserId, mKeyId, mUserIds, mConfirmedUserIds, mSenderStatusResult); } public void setSenderAddress(String senderAddress) { mSenderAddress = senderAddress; } - public void setSenderStatus(int senderStatus) { - mSenderStatus = senderStatus; - } } diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java index 622e9469b..3f34e2fc6 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java @@ -519,11 +519,11 @@ public class OpenPgpService extends Service { signatureResult.getKeyId())); break; } - case OpenPgpSignatureResult.RESULT_VALID_CONFIRMED: - case OpenPgpSignatureResult.RESULT_VALID_UNCONFIRMED: + case OpenPgpSignatureResult.RESULT_VALID_KEY_CONFIRMED: + case OpenPgpSignatureResult.RESULT_VALID_KEY_UNCONFIRMED: case OpenPgpSignatureResult.RESULT_INVALID_KEY_REVOKED: case OpenPgpSignatureResult.RESULT_INVALID_KEY_EXPIRED: - case OpenPgpSignatureResult.RESULT_INVALID_INSECURE: { + case OpenPgpSignatureResult.RESULT_INVALID_KEY_INSECURE: { // If signature key is known, return PendingIntent to show key result.putExtra(OpenPgpApi.RESULT_INTENT, piFactory.createShowKeyPendingIntent(data, signatureResult.getKeyId())); @@ -546,7 +546,7 @@ public class OpenPgpService extends Service { if (data.getIntExtra(OpenPgpApi.EXTRA_API_VERSION, -1) < 8) { // RESULT_INVALID_INSECURE has been added in version 8, fallback to RESULT_INVALID_SIGNATURE - if (signatureResult.getResult() == OpenPgpSignatureResult.RESULT_INVALID_INSECURE) { + if (signatureResult.getResult() == OpenPgpSignatureResult.RESULT_INVALID_KEY_INSECURE) { signatureResult = OpenPgpSignatureResult.createWithInvalidSignature(); } diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFragment.java index 4521ae659..f9257ba24 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFragment.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFragment.java @@ -327,7 +327,7 @@ public abstract class DecryptFragment extends Fragment implements LoaderManager. // revoked/expired subkeys boolean isRevoked = mSignatureResult.getResult() == OpenPgpSignatureResult.RESULT_INVALID_KEY_REVOKED; boolean isExpired = mSignatureResult.getResult() == OpenPgpSignatureResult.RESULT_INVALID_KEY_EXPIRED; - boolean isInsecure = mSignatureResult.getResult() == OpenPgpSignatureResult.RESULT_INVALID_INSECURE; + boolean isInsecure = mSignatureResult.getResult() == OpenPgpSignatureResult.RESULT_INVALID_KEY_INSECURE; boolean isVerified = data.getInt(INDEX_VERIFIED) > 0; boolean isYours = data.getInt(INDEX_HAS_ANY_SECRET) != 0; diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/util/KeyFormattingUtils.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/util/KeyFormattingUtils.java index 64a960d7b..8074c5a35 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/util/KeyFormattingUtils.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/util/KeyFormattingUtils.java @@ -507,7 +507,7 @@ public class KeyFormattingUtils { break; } - case OpenPgpSignatureResult.RESULT_VALID_CONFIRMED: { + case OpenPgpSignatureResult.RESULT_VALID_KEY_CONFIRMED: { sigText = R.string.decrypt_result_signature_certified; sigIcon = R.drawable.status_signature_verified_cutout_24dp; sigColor = R.color.key_flag_green; @@ -516,7 +516,7 @@ public class KeyFormattingUtils { break; } - case OpenPgpSignatureResult.RESULT_VALID_UNCONFIRMED: { + case OpenPgpSignatureResult.RESULT_VALID_KEY_UNCONFIRMED: { sigText = R.string.decrypt_result_signature_uncertified; sigIcon = R.drawable.status_signature_unverified_cutout_24dp; sigColor = R.color.key_flag_orange; @@ -552,7 +552,7 @@ public class KeyFormattingUtils { break; } - case OpenPgpSignatureResult.RESULT_INVALID_INSECURE: { + case OpenPgpSignatureResult.RESULT_INVALID_KEY_INSECURE: { sigText = R.string.decrypt_result_insecure_cryptography; sigIcon = R.drawable.status_signature_invalid_cutout_24dp; sigColor = R.color.key_flag_red; diff --git a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java index 083c02426..c22e1f6b0 100644 --- a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java +++ b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java @@ -28,6 +28,12 @@ import java.util.HashSet; import java.util.Iterator; import org.apache.tools.ant.util.StringUtils; +import org.bouncycastle.bcpg.BCPGInputStream; +import org.bouncycastle.bcpg.Packet; +import org.bouncycastle.bcpg.PacketTags; +import org.bouncycastle.bcpg.PublicKeyEncSessionPacket; +import org.bouncycastle.bcpg.sig.KeyFlags; +import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.junit.Assert; import org.junit.Before; import org.junit.BeforeClass; @@ -40,13 +46,6 @@ import org.robolectric.RobolectricGradleTestRunner; import org.robolectric.RuntimeEnvironment; import org.robolectric.annotation.Config; import org.robolectric.shadows.ShadowLog; -import org.bouncycastle.bcpg.BCPGInputStream; -import org.bouncycastle.bcpg.Packet; -import org.bouncycastle.bcpg.PacketTags; -import org.bouncycastle.bcpg.PublicKeyEncSessionPacket; -import org.bouncycastle.bcpg.sig.KeyFlags; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.openpgp.PGPKeyFlags; import org.sufficientlysecure.keychain.WorkaroundBuildConfig; import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult; import org.sufficientlysecure.keychain.operations.results.OperationResult.LogType; @@ -336,7 +335,7 @@ public class PgpEncryptDecryptTest { Assert.assertEquals("decryptionResult should be RESULT_NOT_ENCRYPTED", OpenPgpDecryptionResult.RESULT_NOT_ENCRYPTED, result.getDecryptionResult().getResult()); Assert.assertEquals("signatureResult should be RESULT_VALID_CONFIRMED", - OpenPgpSignatureResult.RESULT_VALID_CONFIRMED, result.getSignatureResult().getResult()); + OpenPgpSignatureResult.RESULT_VALID_KEY_CONFIRMED, result.getSignatureResult().getResult()); OpenPgpMetadata metadata = result.getDecryptionMetadata(); Assert.assertEquals("filesize must be correct", @@ -398,7 +397,7 @@ public class PgpEncryptDecryptTest { Assert.assertEquals("decryptionResult should be RESULT_NOT_ENCRYPTED", OpenPgpDecryptionResult.RESULT_NOT_ENCRYPTED, result.getDecryptionResult().getResult()); Assert.assertEquals("signatureResult should be RESULT_VALID_CONFIRMED", - OpenPgpSignatureResult.RESULT_VALID_CONFIRMED, result.getSignatureResult().getResult()); + OpenPgpSignatureResult.RESULT_VALID_KEY_CONFIRMED, result.getSignatureResult().getResult()); OpenPgpMetadata metadata = result.getDecryptionMetadata(); Assert.assertEquals("filesize must be correct", @@ -454,7 +453,7 @@ public class PgpEncryptDecryptTest { Assert.assertEquals("decryptionResult should be RESULT_NOT_ENCRYPTED", OpenPgpDecryptionResult.RESULT_NOT_ENCRYPTED, result.getDecryptionResult().getResult()); Assert.assertEquals("signatureResult should be RESULT_VALID_CONFIRMED", - OpenPgpSignatureResult.RESULT_VALID_CONFIRMED, result.getSignatureResult().getResult()); + OpenPgpSignatureResult.RESULT_VALID_KEY_CONFIRMED, result.getSignatureResult().getResult()); // TODO should detached verify return any metadata? // OpenPgpMetadata metadata = result.getDecryptionMetadata(); @@ -901,7 +900,7 @@ public class PgpEncryptDecryptTest { Assert.assertArrayEquals("decrypted ciphertext with cached passphrase should equal plaintext", out.toByteArray(), plaintext.getBytes()); Assert.assertEquals("signature should be verified and certified", - OpenPgpSignatureResult.RESULT_VALID_CONFIRMED, result.getSignatureResult().getResult()); + OpenPgpSignatureResult.RESULT_VALID_KEY_CONFIRMED, result.getSignatureResult().getResult()); OpenPgpMetadata metadata = result.getDecryptionMetadata(); Assert.assertEquals("filesize must be correct", diff --git a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/provider/InteropTest.java b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/provider/InteropTest.java index dc2da6fa7..114501d83 100644 --- a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/provider/InteropTest.java +++ b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/provider/InteropTest.java @@ -158,8 +158,8 @@ public class InteropTest { // Certain keys are too short, so we check appropriately. int code = result.getSignatureResult().getResult(); Assert.assertTrue(base + ": should have a signature", - (code == OpenPgpSignatureResult.RESULT_INVALID_INSECURE) || - (code == OpenPgpSignatureResult.RESULT_VALID_UNCONFIRMED)); + (code == OpenPgpSignatureResult.RESULT_INVALID_KEY_INSECURE) || + (code == OpenPgpSignatureResult.RESULT_VALID_KEY_UNCONFIRMED)); } OpenPgpMetadata metadata = result.getDecryptionMetadata(); Assert.assertEquals(base + ": filesize must be correct", diff --git a/extern/openpgp-api-lib b/extern/openpgp-api-lib index 16409bfab..9fac21e1b 160000 --- a/extern/openpgp-api-lib +++ b/extern/openpgp-api-lib @@ -1 +1 @@ -Subproject commit 16409bfab3a6ee8ec85aee1d0f1bca70c22286a6 +Subproject commit 9fac21e1b5fca88f2a394029ee2892d286028c02 From 8092896f412e16877eab45c96946ef2f91575a93 Mon Sep 17 00:00:00 2001 From: Vincent Breitmoser Date: Thu, 17 Nov 2016 10:46:05 +0100 Subject: [PATCH 2/2] update OpenPgpSignatureResult to version 4, support signatureTimestamp --- .../keychain/pgp/OpenPgpSignatureResultBuilder.java | 10 ++++++++-- .../keychain/pgp/PgpSignatureChecker.java | 2 ++ extern/openpgp-api-lib | 2 +- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/OpenPgpSignatureResultBuilder.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/OpenPgpSignatureResultBuilder.java index fcd8a4b1e..e74879e43 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/OpenPgpSignatureResultBuilder.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/OpenPgpSignatureResultBuilder.java @@ -19,6 +19,7 @@ package org.sufficientlysecure.keychain.pgp; import java.util.ArrayList; +import java.util.Date; import org.openintents.openpgp.OpenPgpSignatureResult; import org.openintents.openpgp.OpenPgpSignatureResult.SenderStatusResult; @@ -54,6 +55,7 @@ public class OpenPgpSignatureResultBuilder { private boolean mIsKeyExpired = false; private boolean mInsecure = false; private String mSenderAddress; + private Date mSignatureTimestamp; public OpenPgpSignatureResultBuilder(ProviderHelper providerHelper) { this.mProviderHelper = providerHelper; @@ -67,6 +69,10 @@ public class OpenPgpSignatureResultBuilder { this.mKeyId = keyId; } + public void setSignatureTimestamp(Date signatureTimestamp) { + mSignatureTimestamp = signatureTimestamp; + } + public void setKnownKey(boolean knownKey) { this.mKnownKey = knownKey; } @@ -163,7 +169,7 @@ public class OpenPgpSignatureResultBuilder { if (!mKnownKey) { Log.d(Constants.TAG, "RESULT_KEY_MISSING"); - return OpenPgpSignatureResult.createWithKeyMissing(mKeyId); + return OpenPgpSignatureResult.createWithKeyMissing(mKeyId, mSignatureTimestamp); } if (!mValidSignature) { @@ -190,7 +196,7 @@ public class OpenPgpSignatureResultBuilder { } return OpenPgpSignatureResult.createWithValidSignature( - signatureStatus, mPrimaryUserId, mKeyId, mUserIds, mConfirmedUserIds, mSenderStatusResult); + signatureStatus, mPrimaryUserId, mKeyId, mUserIds, mConfirmedUserIds, mSenderStatusResult, mSignatureTimestamp); } public void setSenderAddress(String senderAddress) { diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignatureChecker.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignatureChecker.java index 9e63a71a3..ed0350a15 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignatureChecker.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignatureChecker.java @@ -237,6 +237,7 @@ class PgpSignatureChecker { signatureResultBuilder.setInsecure(true); } + signatureResultBuilder.setSignatureTimestamp(signature.getCreationTime()); signatureResultBuilder.setValidSignature(validSignature); } @@ -271,6 +272,7 @@ class PgpSignatureChecker { signatureResultBuilder.setInsecure(true); } + signatureResultBuilder.setSignatureTimestamp(messageSignature.getCreationTime()); signatureResultBuilder.setValidSignature(validSignature); return true; diff --git a/extern/openpgp-api-lib b/extern/openpgp-api-lib index 9fac21e1b..d0af1b5ba 160000 --- a/extern/openpgp-api-lib +++ b/extern/openpgp-api-lib @@ -1 +1 @@ -Subproject commit 9fac21e1b5fca88f2a394029ee2892d286028c02 +Subproject commit d0af1b5bae77664ca7126a113f9833a8ec2cd045