diff options
Diffstat (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java')
-rw-r--r-- | OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java index 566ffd44b..62809ca6b 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java @@ -410,6 +410,10 @@ public class PgpKeyOperation { return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null); } + // Ensure we don't have multiple keys for the same slot. + boolean hasSign = false; + boolean hasEncrypt = false; + boolean hasAuth = false; for(SaveKeyringParcel.SubkeyChange change : saveParcel.mChangeSubKeys) { if (change.mMoveKeyToCard) { // If this is a keytocard operation, see if it was completed: look for a hash @@ -424,6 +428,38 @@ public class PgpKeyOperation { change.mDummyDivert = serialNumber; } } + + if (change.mMoveKeyToCard) { + // Pending keytocard operation. Need to make sure that we don't have multiple + // subkeys pending for the same slot. + CanonicalizedSecretKey wsK = wsKR.getSecretKey(change.mKeyId); + + if ((wsK.canSign() || wsK.canCertify())) { + if (hasSign) { + log.add(LogType.MSG_MF_ERROR_DUPLICATE_KEYTOCARD_FOR_SLOT, indent + 1); + return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null); + } else { + hasSign = true; + } + } else if ((wsK.canEncrypt())) { + if (hasEncrypt) { + log.add(LogType.MSG_MF_ERROR_DUPLICATE_KEYTOCARD_FOR_SLOT, indent + 1); + return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null); + } else { + hasEncrypt = true; + } + } else if ((wsK.canAuthenticate())) { + if (hasAuth) { + log.add(LogType.MSG_MF_ERROR_DUPLICATE_KEYTOCARD_FOR_SLOT, indent + 1); + return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null); + } else { + hasAuth = true; + } + } else { + log.add(LogType.MSG_MF_ERROR_INVALID_FLAGS_FOR_KEYTOCARD, indent + 1); + return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null); + } + } } if (isDummy(masterSecretKey) || saveParcel.isRestrictedOnly()) { |