canonicalize: first step(s)

3 files changed, 66 insertions, 3 deletions

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/ImportKeysListEntry.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/ImportKeysListEntry.java
index c43f72235..7a7475603 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/ImportKeysListEntry.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/ImportKeysListEntry.java
@@ -229,7 +229,7 @@ public class ImportKeysListEntry implements Serializable, Parcelable {
         this.keyId = key.getKeyId();
         this.keyIdHex = PgpKeyHelper.convertKeyIdToHex(keyId);
 
-        this.revoked = key.maybeRevoked();
+        this.revoked = key.isRevoked();
         this.fingerprintHex = PgpKeyHelper.convertFingerprintToHex(key.getFingerprint());
         this.bitStrength = key.getBitStrength();
         final int algorithm = key.getAlgorithm();
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java
index 1264c8c36..624b7d068 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java
@@ -7,9 +7,14 @@ import org.spongycastle.openpgp.PGPObjectFactory;
 import org.spongycastle.openpgp.PGPPublicKey;
 import org.spongycastle.openpgp.PGPSecretKey;
 import org.spongycastle.openpgp.PGPSecretKeyRing;
+import org.spongycastle.openpgp.PGPSignature;
 import org.spongycastle.openpgp.PGPUtil;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
+import org.sufficientlysecure.keychain.service.OperationResultParcel;
+import org.sufficientlysecure.keychain.service.OperationResultParcel.OperationLog;
+import org.sufficientlysecure.keychain.service.OperationResultParcel.LogLevel;
+import org.sufficientlysecure.keychain.service.OperationResultParcel.LogType;
 import org.sufficientlysecure.keychain.util.IterableIterator;
 import org.sufficientlysecure.keychain.util.Log;
 
@@ -169,4 +174,54 @@ public class UncachedKeyRing {
         return result;
     }
 
+    /** "Canonicalizes" a key, removing inconsistencies in the process. This operation can be
+     * applied to public keyrings only.
+     *
+     * More specifically:
+     *  - Remove all non-verifying self-certificates
+     *  - Remove all expired self-certificates
+     *  - Remove all certificates flagged as "local"
+     *  - Remove all certificates which are superseded by a newer one on the same target
+     *
+     * After this cleaning, a number of checks are done:
+     *  - See if each subkey retains a valid self certificate
+     *  - See if each user id retains a valid self certificate
+     *
+     * This operation writes an OperationLog which can be used as part of a OperationResultParcel.
+     *
+     * If any of these checks fail, the operation as a whole fails and the keyring is declared
+     * unusable. (TODO: allow forcing of import?)
+     *
+     * TODO implement
+     *
+     * @return A canonicalized key
+     *
+     */
+    public UncachedKeyRing canonicalize(OperationLog log) {
+        if(isSecret()) {
+            throw new RuntimeException("Tried to canonicalize non-secret keyring. " +
+                    "This is a programming error and should never happen!");
+        }
+
+        // dummy
+        log.add(LogLevel.INFO, LogType.MSG_IP_BAD_TYPE_SECRET, null, 0);
+
+        /*
+        // Remove all non-verifying self certificates
+        for (PGPPublicKey key : new IterableIterator<PGPPublicKey>(mRing.getPublicKeys())) {
+
+            for (PGPSignature sig : new IterableIterator<PGPSignature>(
+                    key.getSignaturesOfType(isMasterKey() ? PGPSignature.KEY_REVOCATION
+                            : PGPSignature.SUBKEY_REVOCATION))) {
+                return true;
+            }
+
+        }*/
+
+        return this;
+
+
+    }
+
+
 }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedPublicKey.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedPublicKey.java
index 108c8c8c3..33db7771b 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedPublicKey.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedPublicKey.java
@@ -2,6 +2,7 @@ package org.sufficientlysecure.keychain.pgp;
 
 import org.spongycastle.bcpg.SignatureSubpacketTags;
 import org.spongycastle.bcpg.sig.KeyFlags;
+import org.spongycastle.openpgp.PGPException;
 import org.spongycastle.openpgp.PGPPublicKey;
 import org.spongycastle.openpgp.PGPSignature;
 import org.spongycastle.openpgp.PGPSignatureSubpacketVector;
@@ -9,6 +10,7 @@ import org.spongycastle.openpgp.operator.jcajce.JcaPGPContentVerifierBuilderProv
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.util.IterableIterator;
 
+import java.security.SignatureException;
 import java.util.ArrayList;
 import java.util.Calendar;
 import java.util.Date;
@@ -28,8 +30,13 @@ public class UncachedPublicKey {
     }
 
     /** The revocation signature is NOT checked here, so this may be false! */
-    public boolean maybeRevoked() {
-        return mPublicKey.isRevoked();
+    public boolean isRevoked() {
+        for (PGPSignature sig : new IterableIterator<PGPSignature>(
+                mPublicKey.getSignaturesOfType(isMasterKey() ? PGPSignature.KEY_REVOCATION
+                                                             : PGPSignature.SUBKEY_REVOCATION))) {
+            return true;
+        }
+        return false;
     }
 
     public Date getCreationTime() {
@@ -193,4 +200,5 @@ public class UncachedPublicKey {
             }
         };
     }
+
 }