diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/OpenPgpSignatureResultBuilder.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/OpenPgpSignatureResultBuilder.java index 9c04c5394..80c2176c7 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/OpenPgpSignatureResultBuilder.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/OpenPgpSignatureResultBuilder.java @@ -125,32 +125,37 @@ public class OpenPgpSignatureResultBuilder { } setSignatureKeyCertified(signingRing.getVerified() > 0); + ArrayList allUserIds = signingRing.getUnorderedUserIds(); + ArrayList confirmedUserIds; try { - ArrayList allUserIds = signingRing.getUnorderedUserIds(); - ArrayList confirmedUserIds = mKeyRepository.getConfirmedUserIds(signingRing.getMasterKeyId()); - setUserIds(allUserIds, confirmedUserIds); - - if (mSenderAddress != null) { - if (userIdListContainsAddress(mSenderAddress, confirmedUserIds)) { - mSenderStatusResult = SenderStatusResult.USER_ID_CONFIRMED; - } else if (userIdListContainsAddress(mSenderAddress, allUserIds)) { - mSenderStatusResult = SenderStatusResult.USER_ID_UNCONFIRMED; - } else { - mSenderStatusResult = SenderStatusResult.USER_ID_MISSING; - } - } else { - mSenderStatusResult = SenderStatusResult.UNKNOWN; - } - + confirmedUserIds = mKeyRepository.getConfirmedUserIds(signingRing.getMasterKeyId()); } catch (NotFoundException e) { throw new IllegalStateException("Key didn't exist anymore for user id query!", e); } + setUserIds(allUserIds, confirmedUserIds); + + mSenderStatusResult = processSenderStatusResult(allUserIds, confirmedUserIds); // either master key is expired/revoked or this specific subkey is expired/revoked setKeyExpired(signingRing.isExpired() || signingKey.isExpired()); setKeyRevoked(signingRing.isRevoked() || signingKey.isRevoked()); } + private SenderStatusResult processSenderStatusResult( + ArrayList allUserIds, ArrayList confirmedUserIds) { + if (mSenderAddress == null) { + return SenderStatusResult.UNKNOWN; + } + + if (userIdListContainsAddress(mSenderAddress, confirmedUserIds)) { + return SenderStatusResult.USER_ID_CONFIRMED; + } else if (userIdListContainsAddress(mSenderAddress, allUserIds)) { + return SenderStatusResult.USER_ID_UNCONFIRMED; + } else { + return SenderStatusResult.USER_ID_MISSING; + } + } + private static boolean userIdListContainsAddress(String senderAddress, ArrayList confirmedUserIds) { for (String rawUserId : confirmedUserIds) { UserId userId = OpenPgpUtils.splitUserId(rawUserId); diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java index 193964007..667dbdc7d 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java @@ -65,6 +65,7 @@ import org.sufficientlysecure.keychain.pgp.PgpSignEncryptOperation; import org.sufficientlysecure.keychain.pgp.Progressable; import org.sufficientlysecure.keychain.pgp.SecurityProblem; import org.sufficientlysecure.keychain.pgp.UncachedKeyRing; +import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException; import org.sufficientlysecure.keychain.pgp.exception.PgpKeyNotFoundException; import org.sufficientlysecure.keychain.provider.ApiDataAccessObject; import org.sufficientlysecure.keychain.provider.KeyRepository; @@ -366,35 +367,9 @@ public class OpenPgpService extends Service { byte[] detachedSignature = data.getByteArrayExtra(OpenPgpApi.EXTRA_DETACHED_SIGNATURE); String senderAddress = data.getStringExtra(OpenPgpApi.EXTRA_SENDER_ADDRESS); - String trustId = data.getStringExtra(OpenPgpApi.EXTRA_TRUST_IDENTITY); - OpenPgpInlineKeyUpdate inlineKeyUpdate = data.getParcelableExtra(OpenPgpApi.EXTRA_INLINE_KEY_DATA); - - UncachedKeyRing uncachedKeyRing = UncachedKeyRing.decodeFromData(inlineKeyUpdate.getKeyData()); - long inlineMasterKeyId = uncachedKeyRing.getMasterKeyId(); - // this will merge if the key already exists - no worries! - KeyWritableRepository.createDatabaseReadWriteInteractor(this).savePublicKeyRing(uncachedKeyRing); - - TrustIdentityDataAccessObject trustIdentityDao = new TrustIdentityDataAccessObject(getBaseContext(), - mApiPermissionHelper.getCurrentCallingPackage()); - - Date lastUpdate = trustIdentityDao.getLastUpdateForTrustId(trustId); - - Date updateTimestamp = inlineKeyUpdate.getTimestamp(); - boolean updateIsNewerThanLastUpdate = lastUpdate == null || lastUpdate.before(updateTimestamp); - if (updateIsNewerThanLastUpdate) { - Log.d(Constants.TAG, "Key for trust id is newer"); - - Long trustedMasterKeyId = trustIdentityDao.getMasterKeyIdForTrustId(trustId); - if (trustedMasterKeyId == null) { - Log.d(Constants.TAG, "No binding for trust id, pinning key"); - trustIdentityDao.setMasterKeyIdForTrustId(trustId, inlineMasterKeyId, updateTimestamp); - } else if (inlineMasterKeyId == trustedMasterKeyId) { - Log.d(Constants.TAG, "Key id is the same - doing nothing"); - } else { - // TODO danger in result intent! - trustIdentityDao.setMasterKeyIdForTrustId(trustId, inlineMasterKeyId, updateTimestamp); - } - } + TrustIdentityDataAccessObject trustIdentityDao = new TrustIdentityDataAccessObject( + getBaseContext(), mApiPermissionHelper.getCurrentCallingPackage()); + String senderTrustId = updateTrustIdStateFromIntent(data, trustIdentityDao); PgpDecryptVerifyOperation op = new PgpDecryptVerifyOperation(this, mKeyRepository, progressable); @@ -471,7 +446,7 @@ public class OpenPgpService extends Service { if (prioritySecurityProblem.isIdentifiable()) { String identifier = prioritySecurityProblem.getIdentifier(); boolean isOverridden = OverriddenWarningsRepository.createOverriddenWarningsRepository(this) - .isWarningOverridden(identifier); + .isWarningOverridden(identifier); result.putExtra(OpenPgpApi.RESULT_OVERRIDE_CRYPTO_WARNING, isOverridden); } } @@ -481,6 +456,43 @@ public class OpenPgpService extends Service { mApiPendingIntentFactory.createSecurityProblemIntent(packageName, securityProblem, supportOverride)); } + private String updateTrustIdStateFromIntent(Intent data, TrustIdentityDataAccessObject trustIdentityDao) + throws PgpGeneralException, IOException { + String trustId = data.getStringExtra(OpenPgpApi.EXTRA_TRUST_IDENTITY); + OpenPgpInlineKeyUpdate inlineKeyUpdate = data.getParcelableExtra(OpenPgpApi.EXTRA_INLINE_KEY_DATA); + if (inlineKeyUpdate == null) { + return null; + } + + UncachedKeyRing uncachedKeyRing = UncachedKeyRing.decodeFromData(inlineKeyUpdate.getKeyData()); + if (uncachedKeyRing.isSecret()) { + Log.e(Constants.TAG, "Found secret key in trust id! - Ignoring"); + return null; + } + // this will merge if the key already exists - no worries! + KeyWritableRepository.createDatabaseReadWriteInteractor(this).savePublicKeyRing(uncachedKeyRing); + long inlineMasterKeyId = uncachedKeyRing.getMasterKeyId(); + + Date lastUpdate = trustIdentityDao.getLastUpdateForTrustId(trustId); + Date updateTimestamp = inlineKeyUpdate.getTimestamp(); + Long trustedMasterKeyId = trustIdentityDao.getMasterKeyIdForTrustId(trustId); + + if (lastUpdate != null && lastUpdate.after(updateTimestamp)) { + Log.d(Constants.TAG, "Key for trust id is newer, ignoring other"); + return trustId; + } else if (trustedMasterKeyId == null) { + Log.d(Constants.TAG, "No binding for trust id, pinning key"); + trustIdentityDao.setMasterKeyIdForTrustId(trustId, inlineMasterKeyId, updateTimestamp); + } else if (inlineMasterKeyId == trustedMasterKeyId) { + Log.d(Constants.TAG, "Key id is the same - doing nothing"); + } else { + // TODO danger in result intent! + trustIdentityDao.setMasterKeyIdForTrustId(trustId, inlineMasterKeyId, updateTimestamp); + } + + return trustId; + } + private void processDecryptionResultForResultIntent(int targetApiVersion, Intent result, OpenPgpDecryptionResult decryptionResult) { if (targetApiVersion < API_VERSION_WITH_DECRYPTION_RESULT) {