diff options
| author | Vincent Breitmoser <valodim@mugenguild.com> | 2014-04-06 04:27:55 +0200 |
|---|---|---|
| committer | Vincent Breitmoser <valodim@mugenguild.com> | 2014-04-06 04:27:55 +0200 |
| commit | 456a634149d0eecb00f6d7e0053a71f1b19538b6 (patch) | |
| tree | 7823b457fe11b5d2101d4faf13b774be06649bd7 /OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/provider | |
| parent | f01a96f56ed5cc13b7557a2805e51227312e0c2b (diff) | |
| download | open-keychain-456a634149d0eecb00f6d7e0053a71f1b19538b6.tar.gz open-keychain-456a634149d0eecb00f6d7e0053a71f1b19538b6.tar.bz2 open-keychain-456a634149d0eecb00f6d7e0053a71f1b19538b6.zip | |
certs: ditch expiry, re-add data blob, improve ViewCertActivity
GnuPG doesn't support expiry of user id certifications. The number
of rings with an expiration subpacket in a cert out there is likely
negligible.
ViewCertActivity now verifies the key and displays a status. For
revocation certs, the revocation reason is also shown.
Diffstat (limited to 'OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/provider')
4 files changed, 8 insertions, 14 deletions
diff --git a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainContract.java b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainContract.java index 0eff929f3..a029da478 100644 --- a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainContract.java +++ b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainContract.java @@ -62,7 +62,7 @@ public class KeychainContract { String TYPE = "type"; String VERIFIED = "verified"; String CREATION = "creation"; - String EXPIRY = "expiry"; + String DATA = "data"; } interface ApiAppsColumns { diff --git a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainDatabase.java b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainDatabase.java index 2bd1c13a0..7fbfe1d60 100644 --- a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainDatabase.java +++ b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainDatabase.java @@ -114,7 +114,8 @@ public class KeychainDatabase extends SQLiteOpenHelper { + CertsColumns.TYPE + " INTEGER, " + CertsColumns.VERIFIED + " INTEGER, " + CertsColumns.CREATION + " INTEGER, " - + CertsColumns.EXPIRY + " INTEGER, " + + + CertsColumns.DATA + " BLOB, " + "PRIMARY KEY(" + CertsColumns.MASTER_KEY_ID + ", " + CertsColumns.RANK + ", " + CertsColumns.KEY_ID_CERTIFIER + "), " diff --git a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainProvider.java b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainProvider.java index f684006b0..72cb53e76 100644 --- a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainProvider.java +++ b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainProvider.java @@ -448,8 +448,8 @@ public class KeychainProvider extends ContentProvider { projectionMap.put(Certs.VERIFIED, Tables.CERTS + "." + Certs.VERIFIED); projectionMap.put(Certs.TYPE, Tables.CERTS + "." + Certs.TYPE); projectionMap.put(Certs.CREATION, Tables.CERTS + "." + Certs.CREATION); - projectionMap.put(Certs.EXPIRY, Tables.CERTS + "." + Certs.EXPIRY); projectionMap.put(Certs.KEY_ID_CERTIFIER, Tables.CERTS + "." + Certs.KEY_ID_CERTIFIER); + projectionMap.put(Certs.DATA, Tables.CERTS + "." + Certs.DATA); projectionMap.put(Certs.USER_ID, Tables.USER_IDS + "." + UserIds.USER_ID); projectionMap.put(Certs.SIGNER_UID, "signer." + UserIds.USER_ID + " AS " + Certs.SIGNER_UID); qb.setProjectionMap(projectionMap); diff --git a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java index 78d61a521..bcea66498 100644 --- a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java +++ b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java @@ -246,10 +246,8 @@ public class ProviderHelper { try { // self signature if(certId == masterKeyId) { - cert.init( - new JcaPGPContentVerifierBuilderProvider().setProvider( - Constants.BOUNCY_CASTLE_PROVIDER_NAME), - masterKey); + cert.init(new JcaPGPContentVerifierBuilderProvider().setProvider( + Constants.BOUNCY_CASTLE_PROVIDER_NAME), masterKey); if(!cert.verifyCertification(userId, masterKey)) { // not verified?! dang! TODO notify user? this is kinda serious... Log.e(Constants.TAG, "Could not verify self signature for " + userId + "!"); @@ -267,8 +265,7 @@ public class ProviderHelper { // verify signatures from known private keys if(allKeyRings.containsKey(certId)) { // mark them as verified - cert.init( - new JcaPGPContentVerifierBuilderProvider().setProvider( + cert.init(new JcaPGPContentVerifierBuilderProvider().setProvider( Constants.BOUNCY_CASTLE_PROVIDER_NAME), allKeyRings.get(certId).getPublicKey()); if(cert.verifyCertification(userId, masterKey)) { @@ -423,12 +420,8 @@ public class ProviderHelper { values.put(Certs.KEY_ID_CERTIFIER, cert.getKeyID()); values.put(Certs.TYPE, cert.getSignatureType()); values.put(Certs.CREATION, cert.getCreationTime().getTime() / 1000); - if(cert.getHashedSubPackets().hasSubpacket(SignatureSubpacketTags.EXPIRE_TIME)) { - long ext = ((SignatureExpirationTime) cert.getHashedSubPackets().getSubpacket( - SignatureSubpacketTags.EXPIRE_TIME)).getTime(); - values.put(Certs.EXPIRY, cert.getCreationTime().getTime() / 1000 + ext); - } values.put(Certs.VERIFIED, verified); + values.put(Certs.DATA, cert.getEncoded()); Uri uri = Certs.buildCertsUri(Long.toString(masterKeyId)); |