diff options
Diffstat (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp')
4 files changed, 117 insertions, 119 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CachedKeyRing.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CachedKeyRing.java index 334f676c4..def673469 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CachedKeyRing.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CachedKeyRing.java @@ -3,45 +3,66 @@ package org.sufficientlysecure.keychain.pgp; public abstract class CachedKeyRing { private final long mMasterKeyId; - private final boolean mCanCertify; - private final byte[] mFingerprint; private final String mUserId; + private final boolean mHasAnySecret; + private final boolean mIsRevoked; + private final boolean mCanCertify; + private final long mHasEncryptId; + private final long mHasSignId; private final int mVerified; - private final boolean mHasSecret; - protected CachedKeyRing(long masterKeyId, boolean canCertify, - byte[] fingerprint, String userId, int verified, boolean hasSecret) + protected CachedKeyRing(long masterKeyId, String userId, boolean hasAnySecret, + boolean isRevoked, boolean canCertify, long hasEncryptId, long hasSignId, + int verified) { mMasterKeyId = masterKeyId; - mCanCertify = canCertify; - mFingerprint = fingerprint; mUserId = userId; + mHasAnySecret = hasAnySecret; + mIsRevoked = isRevoked; + mCanCertify = canCertify; + mHasEncryptId = hasEncryptId; + mHasSignId = hasSignId; mVerified = verified; - mHasSecret = hasSecret; } - public byte[] getFingerprint() { - return mFingerprint; + public long getMasterKeyId() { + return mMasterKeyId; } public String getPrimaryUserId() { return mUserId; } - public long getMasterKeyId() { - return mMasterKeyId; + public boolean hasAnySecret() { + return mHasAnySecret; } - public int getVerified() { - return mVerified; + public boolean isRevoked() { + return mIsRevoked; } public boolean canCertify() { return mCanCertify; } - public boolean hasSecret() { - return mHasSecret; + public long getEncryptId() { + return mHasEncryptId; + } + + public boolean hasEncrypt() { + return mHasEncryptId != 0; + } + + public long getSignId() { + return mHasSignId; + } + + public boolean hasSign() { + return mHasSignId != 0; + } + + public int getVerified() { + return mVerified; } } diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CachedPublicKeyRing.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CachedPublicKeyRing.java index 8970d18ec..bbce42f86 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CachedPublicKeyRing.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CachedPublicKeyRing.java @@ -23,14 +23,14 @@ public class CachedPublicKeyRing extends CachedKeyRing { private PGPPublicKeyRing mRing; private final byte[] mPubKey; - public CachedPublicKeyRing(long masterKeyId, int keySize, boolean isRevoked, - boolean canCertify, long creation, long expiry, int algorithm, - byte[] fingerprint, String userId, int verified, boolean hasSecret, - byte[] pubkey) + public CachedPublicKeyRing(long masterKeyId, String userId, boolean hasAnySecret, + boolean isRevoked, boolean canCertify, long hasEncryptId, long hasSignId, + int verified, byte[] blob) { - super(masterKeyId, canCertify, fingerprint, userId, verified, hasSecret); + super(masterKeyId, userId, hasAnySecret, isRevoked, canCertify, + hasEncryptId, hasSignId, verified); - mPubKey = pubkey; + mPubKey = blob; } PGPPublicKeyRing getRing() { @@ -52,46 +52,18 @@ public class CachedPublicKeyRing extends CachedKeyRing { return new CachedPublicKey(this, getRing().getPublicKey(id)); } - public CachedPublicKey getFirstSignSubkey() throws PgpGeneralException { - // only return master key if no other signing key is available - CachedPublicKey masterKey = null; - for (PGPPublicKey k : new IterableIterator<PGPPublicKey>(getRing().getPublicKeys())) { - CachedPublicKey key = new CachedPublicKey(this, k); - if (key.isRevoked() || key.canSign() || key.isExpired()) { - continue; + /** Getter that returns the subkey that should be used for signing. */ + CachedPublicKey getEncryptionSubKey() throws PgpGeneralException { + PGPPublicKey key = getRing().getPublicKey(getEncryptId()); + if(key != null) { + CachedPublicKey cKey = new CachedPublicKey(this, key); + if(!cKey.canEncrypt()) { + throw new PgpGeneralException("key error"); } - if (key.isMasterKey()) { - masterKey = key; - } else { - return key; - } - } - if(masterKey == null) { - // TODO proper exception - throw new PgpGeneralException("key not found"); - } - return masterKey; - } - - public CachedPublicKey getFirstEncryptSubkey() throws PgpGeneralException { - // only return master key if no other encryption key is available - CachedPublicKey masterKey = null; - for (PGPPublicKey k : new IterableIterator<PGPPublicKey>(getRing().getPublicKeys())) { - CachedPublicKey key = new CachedPublicKey(this, k); - if (key.isRevoked() || key.canEncrypt() || key.isExpired()) { - continue; - } - if (key.isMasterKey()) { - masterKey = key; - } else { - return key; - } - } - if(masterKey == null) { - // TODO proper exception - throw new PgpGeneralException("key not found"); + return cKey; } - return masterKey; + // TODO handle with proper exception + throw new PgpGeneralException("no encryption key available"); } public boolean verifySubkeyBinding(CachedPublicKey cachedSubkey) { @@ -189,4 +161,24 @@ public class CachedPublicKeyRing extends CachedKeyRing { return validPrimaryKeyBinding; } + public IterableIterator<CachedPublicKey> iterator() { + final Iterator<PGPPublicKey> it = getRing().getPublicKeys(); + return new IterableIterator<CachedPublicKey>(new Iterator<CachedPublicKey>() { + @Override + public boolean hasNext() { + return it.hasNext(); + } + + @Override + public CachedPublicKey next() { + return new CachedPublicKey(CachedPublicKeyRing.this, it.next()); + } + + @Override + public void remove() { + it.remove(); + } + }); + } + }
\ No newline at end of file diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CachedSecretKeyRing.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CachedSecretKeyRing.java index 590a02b95..398092aeb 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CachedSecretKeyRing.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CachedSecretKeyRing.java @@ -1,18 +1,15 @@ package org.sufficientlysecure.keychain.pgp; -import org.spongycastle.bcpg.sig.KeyFlags; import org.spongycastle.openpgp.PGPException; import org.spongycastle.openpgp.PGPPrivateKey; -import org.spongycastle.openpgp.PGPPublicKey; import org.spongycastle.openpgp.PGPSecretKey; import org.spongycastle.openpgp.PGPSecretKeyRing; -import org.spongycastle.openpgp.PGPSignature; -import org.spongycastle.openpgp.PGPSignatureSubpacketVector; import org.spongycastle.openpgp.operator.PBESecretKeyDecryptor; import org.spongycastle.openpgp.operator.jcajce.JcaPGPDigestCalculatorProviderBuilder; import org.spongycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder; import org.spongycastle.openpgp.operator.jcajce.JcePBESecretKeyEncryptorBuilder; import org.sufficientlysecure.keychain.Constants; +import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException; import org.sufficientlysecure.keychain.util.IterableIterator; import java.io.IOException; @@ -23,12 +20,13 @@ public class CachedSecretKeyRing extends CachedKeyRing { private PGPSecretKeyRing mRing; - public CachedSecretKeyRing(long masterKeyId, int keySize, boolean isRevoked, - boolean canCertify, long creation, long expiry, int algorithm, - byte[] fingerprint, String userId, int verified, boolean hasSecret, - byte[] blob) + public CachedSecretKeyRing(long masterKeyId, String userId, boolean hasAnySecret, + boolean isRevoked, boolean canCertify, long hasEncryptId, long hasSignId, + int verified, byte[] blob) { - super(masterKeyId, canCertify, fingerprint, userId, verified, hasSecret); + super(masterKeyId, userId, hasAnySecret, + isRevoked, canCertify, hasEncryptId, hasSignId, + verified); mRing = (PGPSecretKeyRing) PgpConversionHelper.BytesToPGPKeyRing(blob); } @@ -45,8 +43,18 @@ public class CachedSecretKeyRing extends CachedKeyRing { return new CachedSecretKey(this, mRing.getSecretKey(id)); } - public IterableIterator<CachedSecretKey> iterator() { - return new IterableIterator<CachedSecretKey>(mRing.getSecretKeys()); + /** Getter that returns the subkey that should be used for signing. */ + CachedSecretKey getSigningSubKey() throws PgpGeneralException { + PGPSecretKey key = mRing.getSecretKey(getSignId()); + if(key != null) { + CachedSecretKey cKey = new CachedSecretKey(this, key); + if(!cKey.canSign()) { + throw new PgpGeneralException("key error"); + } + return cKey; + } + // TODO handle with proper exception + throw new PgpGeneralException("no signing key available"); } public boolean hasPassphrase() { @@ -74,50 +82,6 @@ public class CachedSecretKeyRing extends CachedKeyRing { } } - /** This returns the subkey that should be used for signing. - * At this point, this is simply the first suitable subkey. - */ - CachedSecretKey getSigningSubKey() { - for (PGPSecretKey key : new IterableIterator<PGPSecretKey>(mRing.getSecretKeys())) { - if (isSigningKey(key.getPublicKey())) { - return new CachedSecretKey(this, key); - } - } - // TODO exception - return null; - } - - @SuppressWarnings("unchecked") - public static boolean isSigningKey(PGPPublicKey key) { - if (key.getVersion() <= 3) { - return true; - } - - // special case - if (key.getAlgorithm() == PGPPublicKey.RSA_SIGN) { - return true; - } - - for (PGPSignature sig : new IterableIterator<PGPSignature>(key.getSignatures())) { - if (key.isMasterKey() && sig.getKeyID() != key.getKeyID()) { - continue; - } - PGPSignatureSubpacketVector hashed = sig.getHashedSubPackets(); - - if (hashed != null && (hashed.getKeyFlags() & KeyFlags.SIGN_DATA) != 0) { - return true; - } - - PGPSignatureSubpacketVector unhashed = sig.getUnhashedSubPackets(); - - if (unhashed != null && (unhashed.getKeyFlags() & KeyFlags.SIGN_DATA) != 0) { - return true; - } - } - - return false; - } - public UncachedSecretKeyRing changeSecretKeyPassphrase(String oldPassphrase, String newPassphrase) throws IOException, PGPException, NoSuchProviderException { @@ -141,4 +105,24 @@ public class CachedSecretKeyRing extends CachedKeyRing { } + public IterableIterator<CachedSecretKey> iterator() { + final Iterator<PGPSecretKey> it = mRing.getSecretKeys(); + return new IterableIterator<CachedSecretKey>(new Iterator<CachedSecretKey>() { + @Override + public boolean hasNext() { + return it.hasNext(); + } + + @Override + public CachedSecretKey next() { + return new CachedSecretKey(CachedSecretKeyRing.this, it.next()); + } + + @Override + public void remove() { + it.remove(); + } + }); + } + } diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncrypt.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncrypt.java index 48cc5d6da..ccbbb3719 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncrypt.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncrypt.java @@ -270,14 +270,15 @@ public class PgpSignEncrypt { /* Get keys for signature generation for later usage */ CachedSecretKey signingKey = null; if (enableSignature) { - CachedSecretKeyRing signingKeyRing = null; + CachedSecretKeyRing signingKeyRing; try { signingKeyRing = mProviderHelper.getCachedSecretKeyRing(mSignatureMasterKeyId); } catch (ProviderHelper.NotFoundException e) { throw new NoSigningKeyException(); } - signingKey = signingKeyRing.getSigningSubKey(); - if (signingKey == null) { + try { + signingKey = signingKeyRing.getSigningSubKey(); + } catch(PgpGeneralException e) { throw new NoSigningKeyException(); } @@ -319,7 +320,7 @@ public class PgpSignEncrypt { try { CachedPublicKeyRing keyRing = mProviderHelper.getCachedPublicKeyRing( KeyRings.buildUnifiedKeyRingUri(Long.toString(id))); - CachedPublicKey key = keyRing.getFirstEncryptSubkey(); + CachedPublicKey key = keyRing.getEncryptionSubKey(); cPk.addMethod(key.getPubKeyEncryptionGenerator()); } catch (PgpGeneralException e) { Log.e(Constants.TAG, "key not found!", e); |