perform fingerprint check after canonicalization (OKC-01-009)

author: Vincent Breitmoser <valodim@mugenguild.com> 2015-09-11 01:57:17 +0200
committer: Vincent Breitmoser <valodim@mugenguild.com> 2015-09-11 01:57:17 +0200
commit: 9d97d37c06f22354c124bd6cedd989d9ca4ff53e (patch)
tree: 5090cf0d0a18dcbb28a319ac559b224af0c6bf80 /OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider
parent: 950409ce55f2df1aecdb61a7fecfc599b541d89c (diff)
download: open-keychain-9d97d37c06f22354c124bd6cedd989d9ca4ff53e.tar.gz
open-keychain-9d97d37c06f22354c124bd6cedd989d9ca4ff53e.tar.bz2
open-keychain-9d97d37c06f22354c124bd6cedd989d9ca4ff53e.zip
1 files changed, 13 insertions, 2 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java
index d9ef4f3c8..6f452bfd1 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java
@@ -878,7 +878,7 @@ public class ProviderHelper {
     }
 
     public SaveKeyringResult savePublicKeyRing(UncachedKeyRing keyRing) {
-        return savePublicKeyRing(keyRing, new ProgressScaler());
+        return savePublicKeyRing(keyRing, new ProgressScaler(), null);
     }
 
     /**
@@ -887,7 +887,7 @@ public class ProviderHelper {
      * This is a high level method, which takes care of merging all new information into the old and
      * keep public and secret keyrings in sync.
      */
-    public SaveKeyringResult savePublicKeyRing(UncachedKeyRing publicRing, Progressable progress) {
+    public SaveKeyringResult savePublicKeyRing(UncachedKeyRing publicRing, Progressable progress, String expectedFingerprint) {
 
         try {
             long masterKeyId = publicRing.getMasterKeyId();
@@ -960,6 +960,17 @@ public class ProviderHelper {
                 canSecretRing = null;
             }
 
+
+            // If we have an expected fingerprint, make sure it matches
+            if (expectedFingerprint != null) {
+                if (!canPublicRing.containsSubkey(expectedFingerprint)) {
+                    log(LogType.MSG_IP_FINGERPRINT_ERROR);
+                    return new SaveKeyringResult(SaveKeyringResult.RESULT_ERROR, mLog, null);
+                } else {
+                    log(LogType.MSG_IP_FINGERPRINT_OK);
+                }
+            }
+
             int result = saveCanonicalizedPublicKeyRing(canPublicRing, progress, canSecretRing != null);
 
             // Save the saved keyring (if any)
author	Vincent Breitmoser <valodim@mugenguild.com>	2015-09-11 01:57:17 +0200
committer	Vincent Breitmoser <valodim@mugenguild.com>	2015-09-11 01:57:17 +0200
commit	9d97d37c06f22354c124bd6cedd989d9ca4ff53e (patch)
tree	5090cf0d0a18dcbb28a319ac559b224af0c6bf80 /OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider
parent	950409ce55f2df1aecdb61a7fecfc599b541d89c (diff)
download	open-keychain-9d97d37c06f22354c124bd6cedd989d9ca4ff53e.tar.gz open-keychain-9d97d37c06f22354c124bd6cedd989d9ca4ff53e.tar.bz2 open-keychain-9d97d37c06f22354c124bd6cedd989d9ca4ff53e.zip