add empty notation data packet only if necessary

author: Vincent Breitmoser <valodim@mugenguild.com> 2015-01-01 20:46:39 +0100
committer: Vincent Breitmoser <valodim@mugenguild.com> 2015-01-01 20:46:39 +0100
commit: 2d38079574381ddafc47bd1f31dc6e35a2d67b6a (patch)
tree: d4815b285669e32b705443299d30b652076b1adc /OpenKeychain
parent: 9f7b2472cfdfbd48072dbcc122656945fc319650 (diff)
download: open-keychain-2d38079574381ddafc47bd1f31dc6e35a2d67b6a.tar.gz
open-keychain-2d38079574381ddafc47bd1f31dc6e35a2d67b6a.tar.bz2
open-keychain-2d38079574381ddafc47bd1f31dc6e35a2d67b6a.zip
1 files changed, 35 insertions, 16 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
index c8ce349f8..e39bde6b0 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
@@ -919,22 +919,25 @@ public class PgpKeyOperation {
         if (newUnlock.mNewPassphrase != null) {
             sKR = applyNewPassphrase(sKR, masterPublicKey, passphrase, newUnlock.mNewPassphrase, log, indent);
 
-            // add packet with EMPTY notation data (updates old one, but will be stripped later)
-            PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(
-                    masterPrivateKey.getPublicKeyPacket().getAlgorithm(), HashAlgorithmTags.SHA512)
-                    .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
-            PGPSignatureGenerator sGen = new PGPSignatureGenerator(signerBuilder);
-            { // set subpackets
-                PGPSignatureSubpacketGenerator hashedPacketsGen = new PGPSignatureSubpacketGenerator();
-                hashedPacketsGen.setExportable(false, false);
-                sGen.setHashedSubpackets(hashedPacketsGen.generate());
-            }
-            sGen.init(PGPSignature.DIRECT_KEY, masterPrivateKey);
-            PGPSignature emptySig = sGen.generateCertification(masterPublicKey);
+            // if there is any old packet with notation data
+            if (hasNotationData(sKR)) {
+                // add packet with EMPTY notation data (updates old one, but will be stripped later)
+                PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(
+                        masterPrivateKey.getPublicKeyPacket().getAlgorithm(), HashAlgorithmTags.SHA512)
+                        .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
+                PGPSignatureGenerator sGen = new PGPSignatureGenerator(signerBuilder);
+                { // set subpackets
+                    PGPSignatureSubpacketGenerator hashedPacketsGen = new PGPSignatureSubpacketGenerator();
+                    hashedPacketsGen.setExportable(false, false);
+                    sGen.setHashedSubpackets(hashedPacketsGen.generate());
+                }
+                sGen.init(PGPSignature.DIRECT_KEY, masterPrivateKey);
+                PGPSignature emptySig = sGen.generateCertification(masterPublicKey);
 
-            masterPublicKey = PGPPublicKey.addCertification(masterPublicKey, emptySig);
-            sKR = PGPSecretKeyRing.insertSecretKey(sKR,
-                    PGPSecretKey.replacePublicKey(sKR.getSecretKey(), masterPublicKey));
+                masterPublicKey = PGPPublicKey.addCertification(masterPublicKey, emptySig);
+                sKR = PGPSecretKeyRing.insertSecretKey(sKR,
+                        PGPSecretKey.replacePublicKey(sKR.getSecretKey(), masterPublicKey));
+            }
 
             return sKR;
         }
@@ -942,7 +945,7 @@ public class PgpKeyOperation {
         if (newUnlock.mNewPin != null) {
             sKR = applyNewPassphrase(sKR, masterPublicKey, passphrase, newUnlock.mNewPin, log, indent);
 
-            // add packet with EMPTY notation data (updates old one, but will be stripped later)
+            // add packet with "pin" notation data
             PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(
                     masterPrivateKey.getPublicKeyPacket().getAlgorithm(), HashAlgorithmTags.SHA512)
                     .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
@@ -967,6 +970,22 @@ public class PgpKeyOperation {
 
     }
 
+    /** This method returns true iff the provided keyring has a local direct key signature
+     * with notation data.
+     */
+    private static boolean hasNotationData(PGPSecretKeyRing sKR) {
+        // noinspection unchecked
+        Iterator<PGPSignature> sigs = sKR.getPublicKey().getKeySignatures();
+        while (sigs.hasNext()) {
+            WrappedSignature sig = new WrappedSignature(sigs.next());
+            if (sig.getSignatureType() == PGPSignature.DIRECT_KEY
+                    && sig.isLocal() && !sig.getNotation().isEmpty()) {
+                return true;
+            }
+        }
+        return false;
+    }
+
     private static PGPSecretKeyRing applyNewPassphrase(
             PGPSecretKeyRing sKR,
             PGPPublicKey masterPublicKey,
author	Vincent Breitmoser <valodim@mugenguild.com>	2015-01-01 20:46:39 +0100
committer	Vincent Breitmoser <valodim@mugenguild.com>	2015-01-01 20:46:39 +0100
commit	2d38079574381ddafc47bd1f31dc6e35a2d67b6a (patch)
tree	d4815b285669e32b705443299d30b652076b1adc /OpenKeychain
parent	9f7b2472cfdfbd48072dbcc122656945fc319650 (diff)
download	open-keychain-2d38079574381ddafc47bd1f31dc6e35a2d67b6a.tar.gz open-keychain-2d38079574381ddafc47bd1f31dc6e35a2d67b6a.tar.bz2 open-keychain-2d38079574381ddafc47bd1f31dc6e35a2d67b6a.zip