diff options
Diffstat (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java')
| -rw-r--r-- | OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java | 82 |
1 files changed, 25 insertions, 57 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java index ef19e3fa1..0b22df790 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java @@ -40,10 +40,13 @@ import org.sufficientlysecure.keychain.operations.BaseOperation; import org.sufficientlysecure.keychain.operations.results.OperationResult.LogType; import org.sufficientlysecure.keychain.operations.results.OperationResult.OperationLog; import org.sufficientlysecure.keychain.operations.results.PgpSignEncryptResult; +import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey.SecretKeyType; import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException; import org.sufficientlysecure.keychain.pgp.exception.PgpKeyNotFoundException; import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings; import org.sufficientlysecure.keychain.provider.ProviderHelper; +import org.sufficientlysecure.keychain.service.input.CryptoInputParcel; +import org.sufficientlysecure.keychain.service.input.RequiredInputParcel; import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils; import org.sufficientlysecure.keychain.util.InputData; import org.sufficientlysecure.keychain.util.Log; @@ -99,7 +102,7 @@ public class PgpSignEncryptOperation extends BaseOperation { /** * Signs and/or encrypts data based on parameters of class */ - public PgpSignEncryptResult execute(PgpSignEncryptInputParcel input, + public PgpSignEncryptResult execute(PgpSignEncryptInputParcel input, CryptoInputParcel cryptoInput, InputData inputData, OutputStream outputStream) { int indent = 0; @@ -145,62 +148,39 @@ public class PgpSignEncryptOperation extends BaseOperation { CanonicalizedSecretKey signingKey = null; if (enableSignature) { + updateProgress(R.string.progress_extracting_signature_key, 0, 100); + try { // fetch the indicated master key id (the one whose name we sign in) CanonicalizedSecretKeyRing signingKeyRing = mProviderHelper.getCanonicalizedSecretKeyRing(input.getSignatureMasterKeyId()); - long signKeyId; - // use specified signing subkey, or find the one to use - if (input.getSignatureSubKeyId() == null) { - signKeyId = signingKeyRing.getSecretSignId(); - } else { - signKeyId = input.getSignatureSubKeyId(); - } - // fetch the specific subkey to sign with, or just use the master key if none specified - signingKey = signingKeyRing.getSecretKey(signKeyId); - - } catch (ProviderHelper.NotFoundException | PgpGeneralException e) { - log.add(LogType.MSG_PSE_ERROR_SIGN_KEY, indent); - return new PgpSignEncryptResult(PgpSignEncryptResult.RESULT_ERROR, log); - } - - // Make sure we are allowed to sign here! - if (!signingKey.canSign()) { - log.add(LogType.MSG_PSE_ERROR_KEY_SIGN, indent); - return new PgpSignEncryptResult(PgpSignEncryptResult.RESULT_ERROR, log); - } + signingKey = signingKeyRing.getSecretKey(input.getSignatureSubKeyId()); - // if no passphrase was explicitly set try to get it from the cache service - if (input.getSignaturePassphrase() == null) { - try { - // returns "" if key has no passphrase - input.setSignaturePassphrase(getCachedPassphrase(signingKey.getKeyId())); - // TODO -// log.add(LogType.MSG_DC_PASS_CACHED, indent + 1); - } catch (PassphraseCacheInterface.NoSecretKeyException e) { - // TODO -// log.add(LogType.MSG_DC_ERROR_NO_KEY, indent + 1); + // Make sure we are allowed to sign here! + if (!signingKey.canSign()) { + log.add(LogType.MSG_PSE_ERROR_KEY_SIGN, indent); return new PgpSignEncryptResult(PgpSignEncryptResult.RESULT_ERROR, log); } - // if passphrase was not cached, return here indicating that a passphrase is missing! - if (input.getSignaturePassphrase() == null) { - log.add(LogType.MSG_PSE_PENDING_PASSPHRASE, indent + 1); - PgpSignEncryptResult result = new PgpSignEncryptResult(PgpSignEncryptResult.RESULT_PENDING_PASSPHRASE, log); - result.setKeyIdPassphraseNeeded(signingKey.getKeyId()); - return result; + if (signingKey.getSecretKeyType() != SecretKeyType.DIVERT_TO_CARD) { + if (cryptoInput.getPassphrase() == null) { + log.add(LogType.MSG_PSE_PENDING_PASSPHRASE, indent + 1); + return new PgpSignEncryptResult(log, RequiredInputParcel.createRequiredPassphrase( + signingKeyRing.getMasterKeyId(), signingKey.getKeyId(), + cryptoInput.getSignatureTime())); + } } - } - updateProgress(R.string.progress_extracting_signature_key, 0, 100); - - try { - if (!signingKey.unlock(input.getSignaturePassphrase())) { + if (!signingKey.unlock(cryptoInput.getPassphrase())) { log.add(LogType.MSG_PSE_ERROR_BAD_PASSPHRASE, indent); return new PgpSignEncryptResult(PgpSignEncryptResult.RESULT_ERROR, log); } + + } catch (ProviderHelper.NotFoundException e) { + log.add(LogType.MSG_PSE_ERROR_SIGN_KEY, indent); + return new PgpSignEncryptResult(PgpSignEncryptResult.RESULT_ERROR, log); } catch (PgpGeneralException e) { log.add(LogType.MSG_PSE_ERROR_UNLOCK, indent); return new PgpSignEncryptResult(PgpSignEncryptResult.RESULT_ERROR, log); @@ -283,7 +263,7 @@ public class PgpSignEncryptOperation extends BaseOperation { boolean cleartext = input.isCleartextSignature() && input.isEnableAsciiArmorOutput() && !enableEncryption; signatureGenerator = signingKey.getDataSignatureGenerator( input.getSignatureHashAlgorithm(), cleartext, - input.getCryptoData(), input.getSignatureTime()); + cryptoInput.getCryptoData(), cryptoInput.getSignatureTime()); } catch (PgpGeneralException e) { log.add(LogType.MSG_PSE_ERROR_NFC, indent); return new PgpSignEncryptResult(PgpSignEncryptResult.RESULT_ERROR, log); @@ -486,20 +466,8 @@ public class PgpSignEncryptOperation extends BaseOperation { } catch (NfcSyncPGPContentSignerBuilder.NfcInteractionNeeded e) { // this secret key diverts to a OpenPGP card, throw exception with hash that will be signed log.add(LogType.MSG_PSE_PENDING_NFC, indent); - PgpSignEncryptResult result = - new PgpSignEncryptResult(PgpSignEncryptResult.RESULT_PENDING_NFC, log); - - // SignatureSubKeyId can be null. - if (input.getSignatureSubKeyId() == null) { - return new PgpSignEncryptResult(PgpSignEncryptResult.RESULT_ERROR, log); - } - - // Note that the checked key here is the master key, not the signing key - // (although these are always the same on Yubikeys) - result.setNfcData(signingKey.getKeyId(), e.hashToSign, e.hashAlgo, - input.getSignaturePassphrase()); - Log.d(Constants.TAG, "e.hashToSign" + Hex.toHexString(e.hashToSign)); - return result; + return new PgpSignEncryptResult(log, RequiredInputParcel.createNfcSignOperation( + e.hashToSign, e.hashAlgo, cryptoInput.getSignatureTime())); } } |