4 files changed, 28 insertions, 5 deletions

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainContract.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainContract.java
index 9722ae5a2..33f51cbf9 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainContract.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainContract.java
@@ -43,6 +43,7 @@ public class KeychainContract {
         String CAN_SIGN = "can_sign";
         String CAN_ENCRYPT = "can_encrypt";
         String CAN_CERTIFY = "can_certify";
+        String CAN_AUTHENTICATE = "can_authenticate";
         String IS_REVOKED = "is_revoked";
         String HAS_SECRET = "has_secret";
 
@@ -114,6 +115,7 @@ public class KeychainContract {
         public static final String HAS_ENCRYPT = "has_encrypt";
         public static final String HAS_SIGN = "has_sign";
         public static final String HAS_CERTIFY = "has_certify";
+        public static final String HAS_AUTHENTICATE = "has_authenticate";
         public static final String PUBKEY_DATA = "pubkey_data";
         public static final String PRIVKEY_DATA = "privkey_data";
 
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainDatabase.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainDatabase.java
index 4d62f67a9..3da288c86 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainDatabase.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainDatabase.java
@@ -54,7 +54,7 @@ import java.io.IOException;
  */
 public class KeychainDatabase extends SQLiteOpenHelper {
     private static final String DATABASE_NAME = "openkeychain.db";
-    private static final int DATABASE_VERSION = 4;
+    private static final int DATABASE_VERSION = 5;
     static Boolean apgHack = false;
     private Context mContext;
 
@@ -96,6 +96,7 @@ public class KeychainDatabase extends SQLiteOpenHelper {
                 + KeysColumns.CAN_CERTIFY + " BOOLEAN, "
                 + KeysColumns.CAN_SIGN + " BOOLEAN, "
                 + KeysColumns.CAN_ENCRYPT + " BOOLEAN, "
+                + KeysColumns.CAN_AUTHENTICATE + " BOOLEAN, "
                 + KeysColumns.IS_REVOKED + " BOOLEAN, "
                 + KeysColumns.HAS_SECRET + " BOOLEAN, "
 
@@ -214,21 +215,28 @@ public class KeychainDatabase extends SQLiteOpenHelper {
                 // add has_secret for all who are upgrading from a beta version
                 try {
                     db.execSQL("ALTER TABLE keys ADD COLUMN has_secret BOOLEAN");
-                } catch(Exception e){
+                } catch (Exception e){
                     // never mind, the column probably already existed
                 }
                 // fall through
             case 2:
                 // ECC support
                 try {
-                    db.execSQL("ALTER TABLE keys ADD COLUMN " + KeysColumns.KEY_CURVE_OID + " TEXT");
-                } catch(Exception e){
+                    db.execSQL("ALTER TABLE keys ADD COLUMN key_curve_oid TEXT");
+                } catch (Exception e){
                     // never mind, the column probably already existed
                 }
                 // fall through
             case 3:
                 // better s2k detection, we need consolidate
                 // fall through
+            case 4:
+                try {
+                    db.execSQL("ALTER TABLE keys ADD COLUMN can_authenticate BOOLEAN");
+                } catch (Exception e){
+                    // never mind, the column probably already existed
+                }
+                // fall through
         }
 
         // always do consolidate after upgrade
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainProvider.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainProvider.java
index 3cd70df7f..4e63656ec 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainProvider.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainProvider.java
@@ -251,6 +251,7 @@ public class KeychainProvider extends ContentProvider {
                 projectionMap.put(KeyRings.CAN_CERTIFY, Tables.KEYS + "." + Keys.CAN_CERTIFY);
                 projectionMap.put(KeyRings.CAN_ENCRYPT, Tables.KEYS + "." + Keys.CAN_ENCRYPT);
                 projectionMap.put(KeyRings.CAN_SIGN, Tables.KEYS + "." + Keys.CAN_SIGN);
+                projectionMap.put(KeyRings.CAN_AUTHENTICATE, Tables.KEYS + "." + Keys.CAN_AUTHENTICATE);
                 projectionMap.put(KeyRings.CREATION, Tables.KEYS + "." + Keys.CREATION);
                 projectionMap.put(KeyRings.EXPIRY, Tables.KEYS + "." + Keys.EXPIRY);
                 projectionMap.put(KeyRings.ALGORITHM, Tables.KEYS + "." + Keys.ALGORITHM);
@@ -333,6 +334,16 @@ public class KeychainProvider extends ContentProvider {
                                 + " AND ( kS." + Keys.EXPIRY + " IS NULL OR kS." + Keys.EXPIRY
                                     + " >= " + new Date().getTime() / 1000 + " )"
                             + ")" : "")
+                        + (plist.contains(KeyRings.HAS_AUTHENTICATE) ?
+                            " LEFT JOIN " + Tables.KEYS + " AS kS ON ("
+                                    +"kS." + Keys.MASTER_KEY_ID
+                                    + " = " + Tables.KEYS + "." + Keys.MASTER_KEY_ID
+                                    + " AND kS." + Keys.IS_REVOKED + " = 0"
+                                    + " AND kS." + Keys.CAN_AUTHENTICATE + " = 1"
+                                    + " AND kS." + Keys.HAS_SECRET + " > 1"
+                                    + " AND ( kS." + Keys.EXPIRY + " IS NULL OR kS." + Keys.EXPIRY
+                                    + " >= " + new Date().getTime() / 1000 + " )"
+                                    + ")" : "")
                         + (plist.contains(KeyRings.HAS_CERTIFY) ?
                             " LEFT JOIN " + Tables.KEYS + " AS kC ON ("
                                 +"kC." + Keys.MASTER_KEY_ID
@@ -424,6 +435,7 @@ public class KeychainProvider extends ContentProvider {
                 projectionMap.put(Keys.CAN_CERTIFY, Keys.CAN_CERTIFY);
                 projectionMap.put(Keys.CAN_ENCRYPT, Keys.CAN_ENCRYPT);
                 projectionMap.put(Keys.CAN_SIGN, Keys.CAN_SIGN);
+                projectionMap.put(Keys.CAN_AUTHENTICATE, Keys.CAN_AUTHENTICATE);
                 projectionMap.put(Keys.HAS_SECRET, Keys.HAS_SECRET);
                 projectionMap.put(Keys.CREATION, Keys.CREATION);
                 projectionMap.put(Keys.EXPIRY, Keys.EXPIRY);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java
index 8d790110d..3da685ff6 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java
@@ -356,10 +356,11 @@ public class ProviderHelper {
                     values.put(Keys.ALGORITHM, key.getAlgorithm());
                     values.put(Keys.FINGERPRINT, key.getFingerprint());
 
-                    boolean c = key.canCertify(), e = key.canEncrypt(), s = key.canSign();
+                    boolean c = key.canCertify(), e = key.canEncrypt(), s = key.canSign(), a = key.canAuthenticate();
                     values.put(Keys.CAN_CERTIFY, c);
                     values.put(Keys.CAN_ENCRYPT, e);
                     values.put(Keys.CAN_SIGN, s);
+                    values.put(Keys.CAN_AUTHENTICATE, a);
                     values.put(Keys.IS_REVOKED, key.isRevoked());
                     if (masterKeyId == keyId) {
                         if (c) {