Moved from WebView to Spannables, some proof cleanup too

author: Tim Bray <timbray@gmail.com> 2014-11-07 12:28:27 -0800
committer: Tim Bray <timbray@gmail.com> 2014-11-07 12:28:27 -0800
commit: c05441667e151dceb6f5874b290d70a53258061b (patch)
tree: 789d951f241001e3e20d64f1e83e1d0c8a61d892 /OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java
parent: a798d95411e9e62c783675d09005ff4908c74a42 (diff)
download: open-keychain-c05441667e151dceb6f5874b290d70a53258061b.tar.gz
open-keychain-c05441667e151dceb6f5874b290d70a53258061b.tar.bz2
open-keychain-c05441667e151dceb6f5874b290d70a53258061b.zip
1 files changed, 113 insertions, 20 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java
index a2988f2b2..42e0c7cc9 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java
@@ -26,55 +26,62 @@ import android.os.Message;
 import android.os.Messenger;
 import android.os.RemoteException;
 
+import com.textuality.keybase.lib.Proof;
+import com.textuality.keybase.lib.prover.Prover;
+
+import org.json.JSONObject;
+import org.spongycastle.openpgp.PGPUtil;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
+import org.sufficientlysecure.keychain.keyimport.HkpKeyserver;
+import org.sufficientlysecure.keychain.keyimport.Keyserver;
+import org.sufficientlysecure.keychain.keyimport.ParcelableKeyRing;
 import org.sufficientlysecure.keychain.operations.CertifyOperation;
 import org.sufficientlysecure.keychain.operations.DeleteOperation;
+import org.sufficientlysecure.keychain.operations.ImportExportOperation;
+import org.sufficientlysecure.keychain.operations.results.CertifyResult;
+import org.sufficientlysecure.keychain.operations.results.ConsolidateResult;
+import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult;
 import org.sufficientlysecure.keychain.operations.results.DeleteResult;
+import org.sufficientlysecure.keychain.operations.results.EditKeyResult;
 import org.sufficientlysecure.keychain.operations.results.ExportResult;
-import org.sufficientlysecure.keychain.pgp.exception.PgpKeyNotFoundException;
-import org.sufficientlysecure.keychain.operations.results.CertifyResult;
-import org.sufficientlysecure.keychain.util.FileHelper;
-import org.sufficientlysecure.keychain.util.ParcelableFileCache.IteratorWithSize;
-import org.sufficientlysecure.keychain.util.Preferences;
-import org.sufficientlysecure.keychain.keyimport.HkpKeyserver;
-import org.sufficientlysecure.keychain.keyimport.Keyserver;
-import org.sufficientlysecure.keychain.keyimport.ParcelableKeyRing;
+import org.sufficientlysecure.keychain.operations.results.ImportKeyResult;
+import org.sufficientlysecure.keychain.operations.results.OperationResult;
+import org.sufficientlysecure.keychain.operations.results.OperationResult.LogType;
+import org.sufficientlysecure.keychain.operations.results.OperationResult.OperationLog;
+import org.sufficientlysecure.keychain.operations.results.SaveKeyringResult;
+import org.sufficientlysecure.keychain.operations.results.SignEncryptResult;
 import org.sufficientlysecure.keychain.pgp.CanonicalizedPublicKeyRing;
 import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKeyRing;
 import org.sufficientlysecure.keychain.pgp.PgpDecryptVerify;
-import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult;
 import org.sufficientlysecure.keychain.pgp.PgpHelper;
-import org.sufficientlysecure.keychain.operations.ImportExportOperation;
 import org.sufficientlysecure.keychain.pgp.PgpKeyOperation;
 import org.sufficientlysecure.keychain.pgp.PgpSignEncrypt;
 import org.sufficientlysecure.keychain.pgp.Progressable;
 import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
 import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
 import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralMsgIdException;
+import org.sufficientlysecure.keychain.pgp.exception.PgpKeyNotFoundException;
 import org.sufficientlysecure.keychain.provider.CachedPublicKeyRing;
 import org.sufficientlysecure.keychain.provider.ProviderHelper;
-import org.sufficientlysecure.keychain.operations.results.OperationResult;
-import org.sufficientlysecure.keychain.operations.results.OperationResult.LogType;
-import org.sufficientlysecure.keychain.operations.results.OperationResult.OperationLog;
-import org.sufficientlysecure.keychain.operations.results.ConsolidateResult;
-import org.sufficientlysecure.keychain.operations.results.EditKeyResult;
-import org.sufficientlysecure.keychain.operations.results.ImportKeyResult;
-import org.sufficientlysecure.keychain.operations.results.SaveKeyringResult;
-import org.sufficientlysecure.keychain.operations.results.SignEncryptResult;
-import org.sufficientlysecure.keychain.util.ParcelableFileCache;
+import org.sufficientlysecure.keychain.util.FileHelper;
 import org.sufficientlysecure.keychain.util.InputData;
 import org.sufficientlysecure.keychain.util.Log;
+import org.sufficientlysecure.keychain.util.ParcelableFileCache;
+import org.sufficientlysecure.keychain.util.ParcelableFileCache.IteratorWithSize;
+import org.sufficientlysecure.keychain.util.Preferences;
 import org.sufficientlysecure.keychain.util.ProgressScaler;
 
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.FileNotFoundException;
 import java.io.IOException;
+import java.io.InputStream;
 import java.io.OutputStream;
 import java.util.ArrayList;
 import java.util.Date;
 import java.util.Iterator;
+import java.util.List;
 import java.util.concurrent.atomic.AtomicBoolean;
 
 /**
@@ -93,6 +100,8 @@ public class KeychainIntentService extends IntentService implements Progressable
 
     public static final String ACTION_DECRYPT_VERIFY = Constants.INTENT_PREFIX + "DECRYPT_VERIFY";
 
+    public static final String ACTION_VERIFY_KEYBASE_PROOF = Constants.INTENT_PREFIX + "VERIFY_KEYBASE_PROOF";
+
     public static final String ACTION_DECRYPT_METADATA = Constants.INTENT_PREFIX + "DECRYPT_METADATA";
 
     public static final String ACTION_EDIT_KEYRING = Constants.INTENT_PREFIX + "EDIT_KEYRING";
@@ -142,6 +151,10 @@ public class KeychainIntentService extends IntentService implements Progressable
     public static final String DECRYPT_PASSPHRASE = "passphrase";
     public static final String DECRYPT_NFC_DECRYPTED_SESSION_KEY = "nfc_decrypted_session_key";
 
+    // keybase proof
+    public static final String KEYBASE_REQUIRED_FINGERPRINT = "keybase_required_fingerprint";
+    public static final String KEYBASE_PROOF = "keybase_proof";
+
     // save keyring
     public static final String EDIT_KEYRING_PARCEL = "save_parcel";
     public static final String EDIT_KEYRING_PASSPHRASE = "passphrase";
@@ -291,6 +304,72 @@ public class KeychainIntentService extends IntentService implements Progressable
                 sendErrorToHandler(e);
             }
 
+        } else if (ACTION_VERIFY_KEYBASE_PROOF.equals(action)) {
+            try {
+                Proof proof = new Proof(new JSONObject(data.getString(KEYBASE_PROOF)));
+                setProgress(R.string.keybase_message_fetching_data, 0, 100);
+
+                Prover prover = Prover.findProverFor(proof);
+
+                if (prover == null) {
+                    sendProofError(getString(R.string.keybase_no_prover_found) + ": " + proof.getPrettyName());
+                    return;
+                }
+
+                if (!prover.fetchProofData()) {
+                    sendProofError(prover.getLog(), getString(R.string.keybase_problem_fetching_evidence));
+                    return;
+                }
+
+                byte[] messageBytes = prover.getPgpMessage().getBytes();
+                if (prover.rawMessageCheckRequired()) {
+                    InputStream messageByteStream = PGPUtil.getDecoderStream(new ByteArrayInputStream(messageBytes));
+                    String problem = prover.checkRawMessageBytes(messageByteStream);
+                    if (problem != null) {
+                        sendProofError(prover.getLog(), problem);
+                        return;
+                    }
+                }
+
+                // kind of awkward, but this whole class wants to pull bytes out of “data”
+                data.putInt(KeychainIntentService.TARGET, KeychainIntentService.IO_BYTES);
+                data.putByteArray(KeychainIntentService.DECRYPT_CIPHERTEXT_BYTES, messageBytes);
+
+                InputData inputData = createDecryptInputData(data);
+                OutputStream outStream = createCryptOutputStream(data);
+                String fingerprint = data.getString(KEYBASE_REQUIRED_FINGERPRINT);
+
+                PgpDecryptVerify.Builder builder = new PgpDecryptVerify.Builder(
+                        this, new ProviderHelper(this), this,
+                        inputData, outStream
+                );
+                builder.setSignedLiteralData(true).setRequiredSignerFingerprint(fingerprint);
+
+                DecryptVerifyResult decryptVerifyResult = builder.build().execute();
+                outStream.close();
+
+                if (!decryptVerifyResult.success()) {
+                    OperationLog log = decryptVerifyResult.getLog();
+                    OperationResult.LogEntryParcel lastEntry = null;
+                    for (OperationResult.LogEntryParcel entry : log) {
+                        lastEntry = entry;
+                    }
+                    sendProofError(getString(lastEntry.mType.getMsgId()));
+                    return;
+                }
+
+                if (!prover.validate(outStream.toString())) {
+                    sendProofError(getString(R.string.keybase_message_payload_mismatch));
+                    return;
+                }
+
+                Bundle resultData = new Bundle();
+                resultData.putString(KeychainIntentServiceHandler.DATA_MESSAGE, "OK");
+                sendMessageToHandler(KeychainIntentServiceHandler.MESSAGE_OKAY, resultData);
+            } catch (Exception e) {
+                sendErrorToHandler(e);
+            }
+
         } else if (ACTION_DECRYPT_VERIFY.equals(action)) {
 
             try {
@@ -597,6 +676,21 @@ public class KeychainIntentService extends IntentService implements Progressable
 
     }
 
+    private void sendProofError(List<String> log, String label) {
+        String msg = null;
+        for (String m : log) {
+            Log.e(Constants.TAG, label + ": " + m);
+            msg = m;
+        }
+        sendProofError(label + ": " + msg);
+    }
+
+    private void sendProofError(String msg) {
+        Bundle bundle = new Bundle();
+        bundle.putString(KeychainIntentServiceHandler.DATA_ERROR, msg);
+        sendMessageToHandler(KeychainIntentServiceHandler.MESSAGE_OKAY, bundle);
+    }
+
     private void sendErrorToHandler(Exception e) {
         // TODO: Implement a better exception handling here
         // contextualize the exception, if necessary
@@ -607,7 +701,6 @@ public class KeychainIntentService extends IntentService implements Progressable
         } else {
             message = e.getMessage();
         }
-
         Log.d(Constants.TAG, "KeychainIntentService Exception: ", e);
 
         Bundle data = new Bundle();
author	Tim Bray <timbray@gmail.com>	2014-11-07 12:28:27 -0800
committer	Tim Bray <timbray@gmail.com>	2014-11-07 12:28:27 -0800
commit	c05441667e151dceb6f5874b290d70a53258061b (patch)
tree	789d951f241001e3e20d64f1e83e1d0c8a61d892 /OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java
parent	a798d95411e9e62c783675d09005ff4908c74a42 (diff)
download	open-keychain-c05441667e151dceb6f5874b290d70a53258061b.tar.gz open-keychain-c05441667e151dceb6f5874b290d70a53258061b.tar.bz2 open-keychain-c05441667e151dceb6f5874b290d70a53258061b.zip