From ba7613dc3462cc9ce5ff2454b6ab086c44bc22a1 Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <valodim@mugenguild.com>
Date: Tue, 11 Mar 2014 00:13:03 +0100
Subject: experimental cert import

---
 .../keychain/provider/ProviderHelper.java          | 49 ++++++++++++++++++----
 1 file changed, 42 insertions(+), 7 deletions(-)

diff --git a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java
index 4d1fc7d81..981235030 100644
--- a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java
+++ b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java
@@ -19,6 +19,7 @@ package org.sufficientlysecure.keychain.provider;
 
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
+import java.security.SignatureException;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.Map;
@@ -27,12 +28,14 @@ import java.util.Date;
 import org.spongycastle.bcpg.ArmoredOutputStream;
 import org.spongycastle.bcpg.UserAttributePacket;
 import org.spongycastle.bcpg.UserAttributeSubpacket;
+import org.spongycastle.openpgp.PGPException;
 import org.spongycastle.openpgp.PGPKeyRing;
 import org.spongycastle.openpgp.PGPPublicKey;
 import org.spongycastle.openpgp.PGPPublicKeyRing;
 import org.spongycastle.openpgp.PGPSecretKey;
 import org.spongycastle.openpgp.PGPSecretKeyRing;
 import org.spongycastle.openpgp.PGPSignature;
+import org.spongycastle.openpgp.operator.jcajce.JcaPGPContentVerifierBuilderProvider;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.pgp.PgpConversionHelper;
 import org.sufficientlysecure.keychain.pgp.PgpHelper;
@@ -41,6 +44,7 @@ import org.sufficientlysecure.keychain.provider.KeychainContract.ApiApps;
 import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
 import org.sufficientlysecure.keychain.provider.KeychainContract.Keys;
 import org.sufficientlysecure.keychain.provider.KeychainContract.UserIds;
+import org.sufficientlysecure.keychain.provider.KeychainContract.Certs;
 import org.sufficientlysecure.keychain.provider.KeychainDatabase.Tables;
 import org.sufficientlysecure.keychain.service.remote.AppSettings;
 import org.sufficientlysecure.keychain.util.IterableIterator;
@@ -214,18 +218,49 @@ public class ProviderHelper {
             ++rank;
         }
 
+        // get a list of owned secret keys, for verification filtering
+        Map<Long, PGPKeyRing> allKeyRings = getPGPKeyRings(context, KeyRings.buildPublicKeyRingsUri());
+
         int userIdRank = 0;
         for (String userId : new IterableIterator<String>(masterKey.getUserIDs())) {
             operations.add(buildPublicUserIdOperations(context, keyRingRowId, userId, userIdRank));
-            ++userIdRank;
-        }
 
-        for (PGPSignature certification : new IterableIterator<PGPSignature>(masterKey.getSignaturesOfType(PGPSignature.POSITIVE_CERTIFICATION))) {
-            //TODO: how to do this?? we need to verify the signatures again and again when they are displayed...
-//            if (certification.verify
-//            operations.add(buildPublicKeyOperations(context, keyRingRowId, key, rank));
-        }
+            // look through signatures for this specific key
+            for (PGPSignature cert : new IterableIterator<PGPSignature>(
+                    masterKey.getSignaturesForID(userId))) {
+                long certId = cert.getKeyID();
+                boolean verified = false;
+                // only care for signatures from our own private keys
+                if(allKeyRings.containsKey(certId)) try {
+                    // mark them as verified
+                    cert.init(new JcaPGPContentVerifierBuilderProvider().setProvider("SC"), allKeyRings.get(certId).getPublicKey());
+                    verified = cert.verifyCertification(userId,  masterKey);
+                    // TODO: at this point, we only save signatures from available secret keys.
+                    // should we save all? those are quite a lot of rows for info we don't really
+                    // use. I left it out for now - it is available from key servers, so we can
+                    // always get it later.
+                    Log.d(Constants.TAG, "sig for " + userId + " " + verified + " from "
+                            + PgpKeyHelper.convertKeyIdToHex(cert.getKeyID())
+                    );
+                    operations.add(buildPublicCertOperations(
+                            context, keyRingRowId, userIdRank, masterKey.getKeyID(), cert, verified));
+                } catch(SignatureException e) {
+                    Log.e(Constants.TAG, "Signature verification failed.", e);
+                } catch(PGPException e) {
+                    Log.e(Constants.TAG, "Signature verification failed.", e);
+                } else {
+                    Log.d(Constants.TAG, "ignored sig for "
+                            + PgpKeyHelper.convertKeyIdToHex(masterKey.getKeyID())
+                            + " from "
+                            + PgpKeyHelper.convertKeyIdToHex(cert.getKeyID())
+                    );
+                }
+                // if we wanted to save all, not just our own verifications
+                // buildPublicCertOperations(context, keyRingRowId, rank, cert, verified);
+            }
 
+            ++userIdRank;
+        }
 
         try {
             context.getContentResolver().applyBatch(KeychainContract.CONTENT_AUTHORITY, operations);
-- 
cgit v1.2.3