diff options
| author | Vincent Breitmoser <valodim@mugenguild.com> | 2015-09-11 01:57:17 +0200 | 
|---|---|---|
| committer | Vincent Breitmoser <valodim@mugenguild.com> | 2015-09-11 01:57:17 +0200 | 
| commit | 9d97d37c06f22354c124bd6cedd989d9ca4ff53e (patch) | |
| tree | 5090cf0d0a18dcbb28a319ac559b224af0c6bf80 /OpenKeychain/src/main/java/org | |
| parent | 950409ce55f2df1aecdb61a7fecfc599b541d89c (diff) | |
| download | open-keychain-9d97d37c06f22354c124bd6cedd989d9ca4ff53e.tar.gz open-keychain-9d97d37c06f22354c124bd6cedd989d9ca4ff53e.tar.bz2 open-keychain-9d97d37c06f22354c124bd6cedd989d9ca4ff53e.zip | |
perform fingerprint check after canonicalization (OKC-01-009)
Diffstat (limited to 'OpenKeychain/src/main/java/org')
5 files changed, 28 insertions, 27 deletions
| diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/ImportOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/ImportOperation.java index 7b224fe8e..29264b5a2 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/ImportOperation.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/ImportOperation.java @@ -254,17 +254,6 @@ public class ImportOperation extends BaseOperation<ImportKeyringParcel> {                      continue;                  } -                // If we have an expected fingerprint, make sure it matches -                if (entry.mExpectedFingerprint != null) { -                    if (!key.containsSubkey(entry.mExpectedFingerprint)) { -                        log.add(LogType.MSG_IMPORT_FINGERPRINT_ERROR, 2); -                        badKeys += 1; -                        continue; -                    } else { -                        log.add(LogType.MSG_IMPORT_FINGERPRINT_OK, 2); -                    } -                } -                  // Another check if we have been cancelled                  if (checkCancelled()) {                      cancelled = true; @@ -283,7 +272,7 @@ public class ImportOperation extends BaseOperation<ImportKeyringParcel> {                      } else {                          result = mProviderHelper.savePublicKeyRing(key,                                  new ProgressScaler(progressable, (int) (position * progSteps), -                                        (int) ((position + 1) * progSteps), 100)); +                                        (int) ((position + 1) * progSteps), 100), entry.mExpectedFingerprint);                      }                  }                  if (!result.success()) { diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java index 46852d783..4e528f73e 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java @@ -289,6 +289,8 @@ public abstract class OperationResult implements Parcelable {          MSG_IP_ERROR_IO_EXC (LogLevel.ERROR, R.string.msg_ip_error_io_exc),          MSG_IP_ERROR_OP_EXC (LogLevel.ERROR, R.string.msg_ip_error_op_exc),          MSG_IP_ERROR_REMOTE_EX (LogLevel.ERROR, R.string.msg_ip_error_remote_ex), +        MSG_IP_FINGERPRINT_ERROR (LogLevel.ERROR, R.string.msg_ip_fingerprint_error), +        MSG_IP_FINGERPRINT_OK (LogLevel.INFO, R.string.msg_ip_fingerprint_ok),          MSG_IP_INSERT_KEYRING (LogLevel.DEBUG, R.string.msg_ip_insert_keyring),          MSG_IP_INSERT_SUBKEYS (LogLevel.DEBUG, R.string.msg_ip_insert_keys),          MSG_IP_PREPARE (LogLevel.DEBUG, R.string.msg_ip_prepare), @@ -712,8 +714,6 @@ public abstract class OperationResult implements Parcelable {          MSG_IMPORT_KEYSERVER (LogLevel.DEBUG, R.string.msg_import_keyserver),          MSG_IMPORT_MERGE (LogLevel.DEBUG, R.string.msg_import_merge),          MSG_IMPORT_MERGE_ERROR (LogLevel.ERROR, R.string.msg_import_merge_error), -        MSG_IMPORT_FINGERPRINT_ERROR (LogLevel.ERROR, R.string.msg_import_fingerprint_error), -        MSG_IMPORT_FINGERPRINT_OK (LogLevel.DEBUG, R.string.msg_import_fingerprint_ok),          MSG_IMPORT_ERROR (LogLevel.ERROR, R.string.msg_import_error),          MSG_IMPORT_ERROR_IO (LogLevel.ERROR, R.string.msg_import_error_io),          MSG_IMPORT_PARTIAL (LogLevel.ERROR, R.string.msg_import_partial), diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedKeyRing.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedKeyRing.java index 770e8de91..18a27dd96 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedKeyRing.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedKeyRing.java @@ -21,6 +21,7 @@ package org.sufficientlysecure.keychain.pgp;  import org.spongycastle.openpgp.PGPKeyRing;  import org.spongycastle.openpgp.PGPPublicKey;  import org.sufficientlysecure.keychain.pgp.exception.PgpKeyNotFoundException; +import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;  import org.sufficientlysecure.keychain.util.IterableIterator;  import java.io.IOException; @@ -28,6 +29,7 @@ import java.io.OutputStream;  import java.util.ArrayList;  import java.util.Date;  import java.util.HashSet; +import java.util.Iterator;  import java.util.Set; @@ -152,4 +154,14 @@ public abstract class CanonicalizedKeyRing extends KeyRing {          return getRing().getEncoded();      } +    public boolean containsSubkey(String expectedFingerprint) { +        for (CanonicalizedPublicKey key : publicKeyIterator()) { +            if (KeyFormattingUtils.convertFingerprintToHex( +                    key.getFingerprint()).equalsIgnoreCase(expectedFingerprint)) { +                return true; +            } +        } +        return false; +    } +  } diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java index a7baddf8b..ca98882d8 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java @@ -216,17 +216,6 @@ public class UncachedKeyRing implements Serializable {      } -    public boolean containsSubkey(String expectedFingerprint) { -        Iterator<PGPPublicKey> it = mRing.getPublicKeys(); -        while (it.hasNext()) { -            if (KeyFormattingUtils.convertFingerprintToHex( -                    it.next().getFingerprint()).equalsIgnoreCase(expectedFingerprint)) { -                return true; -            } -        } -        return false; -    } -      public interface IteratorWithIOThrow<E> {          public boolean hasNext() throws IOException;          public E next() throws IOException; diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java index d9ef4f3c8..6f452bfd1 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java @@ -878,7 +878,7 @@ public class ProviderHelper {      }      public SaveKeyringResult savePublicKeyRing(UncachedKeyRing keyRing) { -        return savePublicKeyRing(keyRing, new ProgressScaler()); +        return savePublicKeyRing(keyRing, new ProgressScaler(), null);      }      /** @@ -887,7 +887,7 @@ public class ProviderHelper {       * This is a high level method, which takes care of merging all new information into the old and       * keep public and secret keyrings in sync.       */ -    public SaveKeyringResult savePublicKeyRing(UncachedKeyRing publicRing, Progressable progress) { +    public SaveKeyringResult savePublicKeyRing(UncachedKeyRing publicRing, Progressable progress, String expectedFingerprint) {          try {              long masterKeyId = publicRing.getMasterKeyId(); @@ -960,6 +960,17 @@ public class ProviderHelper {                  canSecretRing = null;              } + +            // If we have an expected fingerprint, make sure it matches +            if (expectedFingerprint != null) { +                if (!canPublicRing.containsSubkey(expectedFingerprint)) { +                    log(LogType.MSG_IP_FINGERPRINT_ERROR); +                    return new SaveKeyringResult(SaveKeyringResult.RESULT_ERROR, mLog, null); +                } else { +                    log(LogType.MSG_IP_FINGERPRINT_OK); +                } +            } +              int result = saveCanonicalizedPublicKeyRing(canPublicRing, progress, canSecretRing != null);              // Save the saved keyring (if any) | 
