From b76aa7fe11f953d10688fbc01daa65676448c78a Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <valodim@mugenguild.com>
Date: Fri, 11 Sep 2015 02:05:17 +0200
Subject: never import secret keys from keyserver (OKC-01-001)

---
 .../keychain/operations/ImportOperation.java                  | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/ImportOperation.java')

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/ImportOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/ImportOperation.java
index 29264b5a2..89575338f 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/ImportOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/ImportOperation.java
@@ -211,7 +211,7 @@ public class ImportOperation extends BaseOperation<ImportKeyringParcel> {
                             }
                         } catch (Keyserver.QueryFailedException e) {
                             Log.d(Constants.TAG, "query failed", e);
-                            log.add(LogType.MSG_IMPORT_FETCH_KEYSERVER_ERROR, 3, e.getMessage());
+                            log.add(LogType.MSG_IMPORT_FETCH_ERROR_KEYSERVER, 3, e.getMessage());
                         }
                     }
 
@@ -243,7 +243,7 @@ public class ImportOperation extends BaseOperation<ImportKeyringParcel> {
                         } catch (Keyserver.QueryFailedException e) {
                             // download failed, too bad. just proceed
                             Log.e(Constants.TAG, "query failed", e);
-                            log.add(LogType.MSG_IMPORT_FETCH_KEYSERVER_ERROR, 3, e.getMessage());
+                            log.add(LogType.MSG_IMPORT_FETCH_ERROR_KEYSERVER, 3, e.getMessage());
                         }
                     }
                 }
@@ -254,6 +254,13 @@ public class ImportOperation extends BaseOperation<ImportKeyringParcel> {
                     continue;
                 }
 
+                // never import secret keys from keyserver!
+                if (entry.mBytes == null && key.isSecret()) {
+                    log.add(LogType.MSG_IMPORT_FETCH_ERROR_KEYSERVER_SECRET, 2);
+                    badKeys += 1;
+                    continue;
+                }
+
                 // Another check if we have been cancelled
                 if (checkCancelled()) {
                     cancelled = true;
-- 
cgit v1.2.3