save certificate when verifying with x509

This commit is contained in:
Daniel Gultsch 2015-12-23 17:41:26 +01:00
parent 1867571368
commit d0bad09f13
3 changed files with 39 additions and 4 deletions

View File

@ -597,8 +597,10 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded {
if (verifier.verify(verification.second)) { if (verifier.verify(verification.second)) {
try { try {
mXmppConnectionService.getMemorizingTrustManager().getNonInteractive().checkClientTrusted(verification.first, "RSA"); mXmppConnectionService.getMemorizingTrustManager().getNonInteractive().checkClientTrusted(verification.first, "RSA");
Log.d(Config.LOGTAG, "verified session with x.509 signature. fingerprint was: "+session.getFingerprint()); String fingerprint = session.getFingerprint();
setFingerprintTrust(session.getFingerprint(), XmppAxolotlSession.Trust.TRUSTED_X509); Log.d(Config.LOGTAG, "verified session with x.509 signature. fingerprint was: "+fingerprint);
setFingerprintTrust(fingerprint, XmppAxolotlSession.Trust.TRUSTED_X509);
axolotlStore.setFingerprintCertificate(fingerprint, verification.first[0]);
fetchStatusMap.put(address, FetchStatus.SUCCESS_VERIFIED); fetchStatusMap.put(address, FetchStatus.SUCCESS_VERIFIED);
finishBuildingSessionsFromPEP(address); finishBuildingSessionsFromPEP(address);
return; return;

View File

@ -15,6 +15,7 @@ import org.whispersystems.libaxolotl.state.SessionRecord;
import org.whispersystems.libaxolotl.state.SignedPreKeyRecord; import org.whispersystems.libaxolotl.state.SignedPreKeyRecord;
import org.whispersystems.libaxolotl.util.KeyHelper; import org.whispersystems.libaxolotl.util.KeyHelper;
import java.security.cert.X509Certificate;
import java.util.List; import java.util.List;
import java.util.Set; import java.util.Set;
@ -36,6 +37,7 @@ public class SQLiteAxolotlStore implements AxolotlStore {
public static final String NAME = "name"; public static final String NAME = "name";
public static final String TRUSTED = "trusted"; public static final String TRUSTED = "trusted";
public static final String OWN = "ownkey"; public static final String OWN = "ownkey";
public static final String CERTIFICATE = "certificate";
public static final String JSONKEY_REGISTRATION_ID = "axolotl_reg_id"; public static final String JSONKEY_REGISTRATION_ID = "axolotl_reg_id";
public static final String JSONKEY_CURRENT_PREKEY_ID = "axolotl_cur_prekey_id"; public static final String JSONKEY_CURRENT_PREKEY_ID = "axolotl_cur_prekey_id";
@ -213,6 +215,10 @@ public class SQLiteAxolotlStore implements AxolotlStore {
trustCache.remove(fingerprint); trustCache.remove(fingerprint);
} }
public void setFingerprintCertificate(String fingerprint, X509Certificate x509Certificate) {
mXmppConnectionService.databaseBackend.setIdentityKeyCertificate(account, fingerprint, x509Certificate);
}
public Set<IdentityKey> getContactKeysWithTrust(String bareJid, XmppAxolotlSession.Trust trust) { public Set<IdentityKey> getContactKeysWithTrust(String bareJid, XmppAxolotlSession.Trust trust) {
return mXmppConnectionService.databaseBackend.loadIdentityKeys(account, bareJid, trust); return mXmppConnectionService.databaseBackend.loadIdentityKeys(account, bareJid, trust);
} }

View File

@ -15,11 +15,14 @@ import org.whispersystems.libaxolotl.AxolotlAddress;
import org.whispersystems.libaxolotl.IdentityKey; import org.whispersystems.libaxolotl.IdentityKey;
import org.whispersystems.libaxolotl.IdentityKeyPair; import org.whispersystems.libaxolotl.IdentityKeyPair;
import org.whispersystems.libaxolotl.InvalidKeyException; import org.whispersystems.libaxolotl.InvalidKeyException;
import org.whispersystems.libaxolotl.state.AxolotlStore;
import org.whispersystems.libaxolotl.state.PreKeyRecord; import org.whispersystems.libaxolotl.state.PreKeyRecord;
import org.whispersystems.libaxolotl.state.SessionRecord; import org.whispersystems.libaxolotl.state.SessionRecord;
import org.whispersystems.libaxolotl.state.SignedPreKeyRecord; import org.whispersystems.libaxolotl.state.SignedPreKeyRecord;
import java.io.IOException; import java.io.IOException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.HashSet; import java.util.HashSet;
import java.util.Iterator; import java.util.Iterator;
@ -44,7 +47,7 @@ public class DatabaseBackend extends SQLiteOpenHelper {
private static DatabaseBackend instance = null; private static DatabaseBackend instance = null;
private static final String DATABASE_NAME = "history"; private static final String DATABASE_NAME = "history";
private static final int DATABASE_VERSION = 21; private static final int DATABASE_VERSION = 22;
private static String CREATE_CONTATCS_STATEMENT = "create table " private static String CREATE_CONTATCS_STATEMENT = "create table "
+ Contact.TABLENAME + "(" + Contact.ACCOUNT + " TEXT, " + Contact.TABLENAME + "(" + Contact.ACCOUNT + " TEXT, "
@ -102,6 +105,7 @@ public class DatabaseBackend extends SQLiteOpenHelper {
+ SQLiteAxolotlStore.NAME + " TEXT, " + SQLiteAxolotlStore.NAME + " TEXT, "
+ SQLiteAxolotlStore.OWN + " INTEGER, " + SQLiteAxolotlStore.OWN + " INTEGER, "
+ SQLiteAxolotlStore.FINGERPRINT + " TEXT, " + SQLiteAxolotlStore.FINGERPRINT + " TEXT, "
+ SQLiteAxolotlStore.CERTIFICATE + " BLOB, "
+ SQLiteAxolotlStore.TRUSTED + " INTEGER, " + SQLiteAxolotlStore.TRUSTED + " INTEGER, "
+ SQLiteAxolotlStore.KEY + " TEXT, FOREIGN KEY(" + SQLiteAxolotlStore.KEY + " TEXT, FOREIGN KEY("
+ SQLiteAxolotlStore.ACCOUNT + SQLiteAxolotlStore.ACCOUNT
@ -345,6 +349,10 @@ public class DatabaseBackend extends SQLiteOpenHelper {
+ "=?", new String[]{account.getUuid()}); + "=?", new String[]{account.getUuid()});
} }
} }
if (oldVersion < 22 && newVersion >= 22) {
db.execSQL("ALTER TABLE " + SQLiteAxolotlStore.IDENTITIES_TABLENAME + " ADD COLUMN " + SQLiteAxolotlStore.CERTIFICATE);
}
} }
public static synchronized DatabaseBackend getInstance(Context context) { public static synchronized DatabaseBackend getInstance(Context context) {
@ -596,7 +604,7 @@ public class DatabaseBackend extends SQLiteOpenHelper {
SQLiteDatabase db = this.getReadableDatabase(); SQLiteDatabase db = this.getReadableDatabase();
String sql = "select messages.timeSent,messages.serverMsgId from accounts join conversations on accounts.uuid=conversations.accountUuid join messages on conversations.uuid=messages.conversationUuid where accounts.uuid=? and (messages.status=0 or messages.carbon=1 or messages.serverMsgId not null) order by messages.timesent desc limit 1"; String sql = "select messages.timeSent,messages.serverMsgId from accounts join conversations on accounts.uuid=conversations.accountUuid join messages on conversations.uuid=messages.conversationUuid where accounts.uuid=? and (messages.status=0 or messages.carbon=1 or messages.serverMsgId not null) order by messages.timesent desc limit 1";
String[] args = {account.getUuid()}; String[] args = {account.getUuid()};
Cursor cursor = db.rawQuery(sql,args); Cursor cursor = db.rawQuery(sql, args);
if (cursor.getCount() ==0) { if (cursor.getCount() ==0) {
return null; return null;
} else { } else {
@ -1050,6 +1058,25 @@ public class DatabaseBackend extends SQLiteOpenHelper {
return rows == 1; return rows == 1;
} }
public boolean setIdentityKeyCertificate(Account account, String fingerprint, X509Certificate x509Certificate) {
SQLiteDatabase db = this.getWritableDatabase();
String[] selectionArgs = {
account.getUuid(),
fingerprint
};
try {
ContentValues values = new ContentValues();
values.put(SQLiteAxolotlStore.CERTIFICATE, x509Certificate.getEncoded());
return db.update(SQLiteAxolotlStore.IDENTITIES_TABLENAME, values,
SQLiteAxolotlStore.ACCOUNT + " = ? AND "
+ SQLiteAxolotlStore.FINGERPRINT + " = ? ",
selectionArgs) == 1;
} catch (CertificateEncodingException e) {
Log.d(Config.LOGTAG,"could not encode certificate");
return false;
}
}
public void storeIdentityKey(Account account, String name, IdentityKey identityKey) { public void storeIdentityKey(Account account, String name, IdentityKey identityKey) {
storeIdentityKey(account, name, false, identityKey.getFingerprint().replaceAll("\\s", ""), Base64.encodeToString(identityKey.serialize(), Base64.DEFAULT)); storeIdentityKey(account, name, false, identityKey.getFingerprint().replaceAll("\\s", ""), Base64.encodeToString(identityKey.serialize(), Base64.DEFAULT));
} }