cthrace/open-keychain
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

extract trust id handling into method

Browse Source
This commit is contained in:
Vincent Breitmoser
2017-02-01 10:20:21 +01:00
parent 84d5ca7cd9
commit c7bb6a7bc0
2 changed files with 63 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/OpenPgpSignatureResultBuilder.java
View File

@@ -125,32 +125,37 @@ public class OpenPgpSignatureResultBuilder {
} }
setSignatureKeyCertified(signingRing.getVerified() > 0); setSignatureKeyCertified(signingRing.getVerified() > 0);
ArrayList<String> allUserIds = signingRing.getUnorderedUserIds();
ArrayList<String> confirmedUserIds;
try { try {
ArrayList<String> allUserIds = signingRing.getUnorderedUserIds(); confirmedUserIds = mKeyRepository.getConfirmedUserIds(signingRing.getMasterKeyId());
ArrayList<String> confirmedUserIds = mKeyRepository.getConfirmedUserIds(signingRing.getMasterKeyId());
setUserIds(allUserIds, confirmedUserIds);
if (mSenderAddress != null) {
if (userIdListContainsAddress(mSenderAddress, confirmedUserIds)) {
mSenderStatusResult = SenderStatusResult.USER_ID_CONFIRMED;
} else if (userIdListContainsAddress(mSenderAddress, allUserIds)) {
mSenderStatusResult = SenderStatusResult.USER_ID_UNCONFIRMED;
} else {
mSenderStatusResult = SenderStatusResult.USER_ID_MISSING;
}
} else {
mSenderStatusResult = SenderStatusResult.UNKNOWN;
}
} catch (NotFoundException e) { } catch (NotFoundException e) {
throw new IllegalStateException("Key didn't exist anymore for user id query!", e); throw new IllegalStateException("Key didn't exist anymore for user id query!", e);
} }
setUserIds(allUserIds, confirmedUserIds);
mSenderStatusResult = processSenderStatusResult(allUserIds, confirmedUserIds);
// either master key is expired/revoked or this specific subkey is expired/revoked // either master key is expired/revoked or this specific subkey is expired/revoked
setKeyExpired(signingRing.isExpired() || signingKey.isExpired()); setKeyExpired(signingRing.isExpired() || signingKey.isExpired());
setKeyRevoked(signingRing.isRevoked() || signingKey.isRevoked()); setKeyRevoked(signingRing.isRevoked() || signingKey.isRevoked());
} }
private SenderStatusResult processSenderStatusResult(
ArrayList<String> allUserIds, ArrayList<String> confirmedUserIds) {
if (mSenderAddress == null) {
return SenderStatusResult.UNKNOWN;
}
if (userIdListContainsAddress(mSenderAddress, confirmedUserIds)) {
return SenderStatusResult.USER_ID_CONFIRMED;
} else if (userIdListContainsAddress(mSenderAddress, allUserIds)) {
return SenderStatusResult.USER_ID_UNCONFIRMED;
} else {
return SenderStatusResult.USER_ID_MISSING;
}
}
private static boolean userIdListContainsAddress(String senderAddress, ArrayList<String> confirmedUserIds) { private static boolean userIdListContainsAddress(String senderAddress, ArrayList<String> confirmedUserIds) {
for (String rawUserId : confirmedUserIds) { for (String rawUserId : confirmedUserIds) {
UserId userId = OpenPgpUtils.splitUserId(rawUserId); UserId userId = OpenPgpUtils.splitUserId(rawUserId);

72
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
View File

@@ -65,6 +65,7 @@ import org.sufficientlysecure.keychain.pgp.PgpSignEncryptOperation;
import org.sufficientlysecure.keychain.pgp.Progressable; import org.sufficientlysecure.keychain.pgp.Progressable;
import org.sufficientlysecure.keychain.pgp.SecurityProblem; import org.sufficientlysecure.keychain.pgp.SecurityProblem;
import org.sufficientlysecure.keychain.pgp.UncachedKeyRing; import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
import org.sufficientlysecure.keychain.pgp.exception.PgpKeyNotFoundException; import org.sufficientlysecure.keychain.pgp.exception.PgpKeyNotFoundException;
import org.sufficientlysecure.keychain.provider.ApiDataAccessObject; import org.sufficientlysecure.keychain.provider.ApiDataAccessObject;
import org.sufficientlysecure.keychain.provider.KeyRepository; import org.sufficientlysecure.keychain.provider.KeyRepository;
@@ -366,35 +367,9 @@ public class OpenPgpService extends Service {
byte[] detachedSignature = data.getByteArrayExtra(OpenPgpApi.EXTRA_DETACHED_SIGNATURE); byte[] detachedSignature = data.getByteArrayExtra(OpenPgpApi.EXTRA_DETACHED_SIGNATURE);
String senderAddress = data.getStringExtra(OpenPgpApi.EXTRA_SENDER_ADDRESS); String senderAddress = data.getStringExtra(OpenPgpApi.EXTRA_SENDER_ADDRESS);
String trustId = data.getStringExtra(OpenPgpApi.EXTRA_TRUST_IDENTITY); TrustIdentityDataAccessObject trustIdentityDao = new TrustIdentityDataAccessObject(
OpenPgpInlineKeyUpdate inlineKeyUpdate = data.getParcelableExtra(OpenPgpApi.EXTRA_INLINE_KEY_DATA); getBaseContext(), mApiPermissionHelper.getCurrentCallingPackage());
String senderTrustId = updateTrustIdStateFromIntent(data, trustIdentityDao);
UncachedKeyRing uncachedKeyRing = UncachedKeyRing.decodeFromData(inlineKeyUpdate.getKeyData());
long inlineMasterKeyId = uncachedKeyRing.getMasterKeyId();
// this will merge if the key already exists - no worries!
KeyWritableRepository.createDatabaseReadWriteInteractor(this).savePublicKeyRing(uncachedKeyRing);
TrustIdentityDataAccessObject trustIdentityDao = new TrustIdentityDataAccessObject(getBaseContext(),
mApiPermissionHelper.getCurrentCallingPackage());
Date lastUpdate = trustIdentityDao.getLastUpdateForTrustId(trustId);
Date updateTimestamp = inlineKeyUpdate.getTimestamp();
boolean updateIsNewerThanLastUpdate = lastUpdate == null || lastUpdate.before(updateTimestamp);
if (updateIsNewerThanLastUpdate) {
Log.d(Constants.TAG, "Key for trust id is newer");
Long trustedMasterKeyId = trustIdentityDao.getMasterKeyIdForTrustId(trustId);
if (trustedMasterKeyId == null) {
Log.d(Constants.TAG, "No binding for trust id, pinning key");
trustIdentityDao.setMasterKeyIdForTrustId(trustId, inlineMasterKeyId, updateTimestamp);
} else if (inlineMasterKeyId == trustedMasterKeyId) {
Log.d(Constants.TAG, "Key id is the same - doing nothing");
} else {
// TODO danger in result intent!
trustIdentityDao.setMasterKeyIdForTrustId(trustId, inlineMasterKeyId, updateTimestamp);
}
}
PgpDecryptVerifyOperation op = new PgpDecryptVerifyOperation(this, mKeyRepository, progressable); PgpDecryptVerifyOperation op = new PgpDecryptVerifyOperation(this, mKeyRepository, progressable);
@@ -471,7 +446,7 @@ public class OpenPgpService extends Service {
if (prioritySecurityProblem.isIdentifiable()) { if (prioritySecurityProblem.isIdentifiable()) {
String identifier = prioritySecurityProblem.getIdentifier(); String identifier = prioritySecurityProblem.getIdentifier();
boolean isOverridden = OverriddenWarningsRepository.createOverriddenWarningsRepository(this) boolean isOverridden = OverriddenWarningsRepository.createOverriddenWarningsRepository(this)
.isWarningOverridden(identifier); .isWarningOverridden(identifier);
result.putExtra(OpenPgpApi.RESULT_OVERRIDE_CRYPTO_WARNING, isOverridden); result.putExtra(OpenPgpApi.RESULT_OVERRIDE_CRYPTO_WARNING, isOverridden);
} }
} }
@@ -481,6 +456,43 @@ public class OpenPgpService extends Service {
mApiPendingIntentFactory.createSecurityProblemIntent(packageName, securityProblem, supportOverride)); mApiPendingIntentFactory.createSecurityProblemIntent(packageName, securityProblem, supportOverride));
} }
private String updateTrustIdStateFromIntent(Intent data, TrustIdentityDataAccessObject trustIdentityDao)
throws PgpGeneralException, IOException {
String trustId = data.getStringExtra(OpenPgpApi.EXTRA_TRUST_IDENTITY);
OpenPgpInlineKeyUpdate inlineKeyUpdate = data.getParcelableExtra(OpenPgpApi.EXTRA_INLINE_KEY_DATA);
if (inlineKeyUpdate == null) {
return null;
}
UncachedKeyRing uncachedKeyRing = UncachedKeyRing.decodeFromData(inlineKeyUpdate.getKeyData());
if (uncachedKeyRing.isSecret()) {
Log.e(Constants.TAG, "Found secret key in trust id! - Ignoring");
return null;
}
// this will merge if the key already exists - no worries!
KeyWritableRepository.createDatabaseReadWriteInteractor(this).savePublicKeyRing(uncachedKeyRing);
long inlineMasterKeyId = uncachedKeyRing.getMasterKeyId();
Date lastUpdate = trustIdentityDao.getLastUpdateForTrustId(trustId);
Date updateTimestamp = inlineKeyUpdate.getTimestamp();
Long trustedMasterKeyId = trustIdentityDao.getMasterKeyIdForTrustId(trustId);
if (lastUpdate != null && lastUpdate.after(updateTimestamp)) {
Log.d(Constants.TAG, "Key for trust id is newer, ignoring other");
return trustId;
} else if (trustedMasterKeyId == null) {
Log.d(Constants.TAG, "No binding for trust id, pinning key");
trustIdentityDao.setMasterKeyIdForTrustId(trustId, inlineMasterKeyId, updateTimestamp);
} else if (inlineMasterKeyId == trustedMasterKeyId) {
Log.d(Constants.TAG, "Key id is the same - doing nothing");
} else {
// TODO danger in result intent!
trustIdentityDao.setMasterKeyIdForTrustId(trustId, inlineMasterKeyId, updateTimestamp);
}
return trustId;
}
private void processDecryptionResultForResultIntent(int targetApiVersion, Intent result, private void processDecryptionResultForResultIntent(int targetApiVersion, Intent result,
OpenPgpDecryptionResult decryptionResult) { OpenPgpDecryptionResult decryptionResult) {
if (targetApiVersion < API_VERSION_WITH_DECRYPTION_RESULT) { if (targetApiVersion < API_VERSION_WITH_DECRYPTION_RESULT) {