mirror of
https://github.com/moparisthebest/open-keychain
synced 2024-11-14 21:05:09 -05:00
verify downloaded key by comparing fingerprints
This commit is contained in:
Dominik Schürmann
parent
77365202e0
commit
0510e0e217
@ -25,6 +25,7 @@ import android.os.Bundle;
|
|||||||
import android.os.Message;
|
import android.os.Message;
|
||||||
import android.os.Messenger;
|
import android.os.Messenger;
|
||||||
import android.os.RemoteException;
|
import android.os.RemoteException;
|
||||||
|
|
||||||
import org.spongycastle.openpgp.*;
|
import org.spongycastle.openpgp.*;
|
||||||
import org.sufficientlysecure.keychain.Constants;
|
import org.sufficientlysecure.keychain.Constants;
|
||||||
import org.sufficientlysecure.keychain.Id;
|
import org.sufficientlysecure.keychain.Id;
|
||||||
@ -745,49 +746,58 @@ public class KeychainIntentService extends IntentService
|
|||||||
ArrayList<ImportKeysListEntry> entries = data.getParcelableArrayList(DOWNLOAD_KEY_LIST);
|
ArrayList<ImportKeysListEntry> entries = data.getParcelableArrayList(DOWNLOAD_KEY_LIST);
|
||||||
String keyServer = data.getString(DOWNLOAD_KEY_SERVER);
|
String keyServer = data.getString(DOWNLOAD_KEY_SERVER);
|
||||||
|
|
||||||
|
// TODO: add extra which requires fingerprint suport and force verification!
|
||||||
|
// only supported by newer sks keyserver versions
|
||||||
|
|
||||||
// this downloads the keys and places them into the ImportKeysListEntry entries
|
// this downloads the keys and places them into the ImportKeysListEntry entries
|
||||||
HkpKeyServer server = new HkpKeyServer(keyServer);
|
HkpKeyServer server = new HkpKeyServer(keyServer);
|
||||||
|
|
||||||
for (ImportKeysListEntry entry : entries) {
|
for (ImportKeysListEntry entry : entries) {
|
||||||
byte[] downloadedKey = server.get(entry.getKeyIdHex()).getBytes();
|
// if available use complete fingerprint for get request
|
||||||
|
byte[] downloadedKeyBytes;
|
||||||
|
if (entry.getFingerPrintHex() != null) {
|
||||||
|
downloadedKeyBytes = server.get(entry.getFingerPrintHex()).getBytes();
|
||||||
|
} else {
|
||||||
|
downloadedKeyBytes = server.get(entry.getKeyIdHex()).getBytes();
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
// create PGPKeyRing object based on downloaded armored key
|
||||||
* TODO: copied from ImportKeysListLoader
|
PGPKeyRing downloadedKey = null;
|
||||||
*
|
|
||||||
*
|
|
||||||
* this parses the downloaded key
|
|
||||||
*/
|
|
||||||
// need to have access to the bufferedInput, so we can reuse it for the possible
|
|
||||||
// PGPObject chunks after the first one, e.g. files with several consecutive ASCII
|
|
||||||
// armor blocks
|
|
||||||
BufferedInputStream bufferedInput =
|
BufferedInputStream bufferedInput =
|
||||||
new BufferedInputStream(new ByteArrayInputStream(downloadedKey));
|
new BufferedInputStream(new ByteArrayInputStream(downloadedKeyBytes));
|
||||||
try {
|
if (bufferedInput.available() > 0) {
|
||||||
|
|
||||||
// read all available blocks... (asc files can contain many blocks with BEGIN END)
|
|
||||||
while (bufferedInput.available() > 0) {
|
|
||||||
InputStream in = PGPUtil.getDecoderStream(bufferedInput);
|
InputStream in = PGPUtil.getDecoderStream(bufferedInput);
|
||||||
PGPObjectFactory objectFactory = new PGPObjectFactory(in);
|
PGPObjectFactory objectFactory = new PGPObjectFactory(in);
|
||||||
|
|
||||||
// go through all objects in this block
|
// get first object in block
|
||||||
Object obj;
|
Object obj;
|
||||||
while ((obj = objectFactory.nextObject()) != null) {
|
if ((obj = objectFactory.nextObject()) != null) {
|
||||||
Log.d(Constants.TAG, "Found class: " + obj.getClass());
|
Log.d(Constants.TAG, "Found class: " + obj.getClass());
|
||||||
|
|
||||||
if (obj instanceof PGPKeyRing) {
|
if (obj instanceof PGPKeyRing) {
|
||||||
PGPKeyRing newKeyring = (PGPKeyRing) obj;
|
downloadedKey = (PGPKeyRing) obj;
|
||||||
|
|
||||||
entry.setBytes(newKeyring.getEncoded());
|
|
||||||
} else {
|
} else {
|
||||||
Log.e(Constants.TAG, "Object not recognized as PGPKeyRing!");
|
throw new PgpGeneralException("Object not recognized as PGPKeyRing!");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} catch (Exception e) {
|
|
||||||
Log.e(Constants.TAG, "Exception on parsing key file!", e);
|
// verify downloaded key by comparing fingerprints
|
||||||
|
if (entry.getFingerPrintHex() != null) {
|
||||||
|
String downloadedKeyFp = PgpKeyHelper.convertFingerprintToHex(downloadedKey.getPublicKey().getFingerprint(), false);
|
||||||
|
if (downloadedKeyFp.equals(entry.getFingerPrintHex())) {
|
||||||
|
Log.d(Constants.TAG, "fingerprint of downloaded key is the same as the requested fingerprint!");
|
||||||
|
} else {
|
||||||
|
throw new PgpGeneralException("fingerprint of downloaded key is NOT the same as the requested fingerprint!");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// save key bytes in entry object for doing the
|
||||||
|
// actual import afterwards
|
||||||
|
entry.setBytes(downloadedKey.getEncoded());
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
Intent importIntent = new Intent(this, KeychainIntentService.class);
|
Intent importIntent = new Intent(this, KeychainIntentService.class);
|
||||||
importIntent.setAction(ACTION_IMPORT_KEYRING);
|
importIntent.setAction(ACTION_IMPORT_KEYRING);
|
||||||
Bundle importData = new Bundle();
|
Bundle importData = new Bundle();
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user