wrapped-key-ring: UncachedKeyRing wraps only one ring of dynamic type

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/ImportKeysListEntry.java

@@ -21,15 +21,10 @@ import android.content.Context;
 import android.os.Parcel;
 import android.os.Parcelable;
 
-import org.spongycastle.bcpg.SignatureSubpacketTags;
-import org.spongycastle.openpgp.PGPKeyRing;
-import org.spongycastle.openpgp.PGPPublicKey;
-import org.spongycastle.openpgp.PGPSecretKeyRing;
-import org.spongycastle.openpgp.PGPSignature;
-import org.spongycastle.openpgp.operator.jcajce.JcaPGPContentVerifierBuilderProvider;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.pgp.PgpKeyHelper;
-import org.sufficientlysecure.keychain.util.IterableIterator;
+import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
+import org.sufficientlysecure.keychain.pgp.UncachedPublicKey;
 import org.sufficientlysecure.keychain.util.Log;
 
 import java.io.IOException;
@@ -233,10 +228,12 @@ public class ImportKeysListEntry implements Serializable, Parcelable {
      * Constructor based on key object, used for import from NFC, QR Codes, files
      */
     @SuppressWarnings("unchecked")
-    public ImportKeysListEntry(Context context, PGPKeyRing pgpKeyRing) {
+    public ImportKeysListEntry(Context context, UncachedKeyRing ring) {
+        // TODO less bouncy castle objects!
+
         // save actual key object into entry, used to import it later
         try {
-            this.mBytes = pgpKeyRing.getEncoded();
+            this.mBytes = ring.getEncoded();
         } catch (IOException e) {
             Log.e(Constants.TAG, "IOException on pgpKeyRing.getEncoded()", e);
         }
@@ -244,42 +241,20 @@ public class ImportKeysListEntry implements Serializable, Parcelable {
         // selected is default
         this.mSelected = true;
 
-        if (pgpKeyRing instanceof PGPSecretKeyRing) {
+        secretKey = ring.isSecret();
-            secretKey = true;
+        UncachedPublicKey key = ring.getPublicKey();
-        } else {
-            secretKey = false;
-        }
-        PGPPublicKey key = pgpKeyRing.getPublicKey();
 
-        userIds = new ArrayList<String>();
+        mPrimaryUserId = key.getPrimaryUserId();
-        for (String userId : new IterableIterator<String>(key.getUserIDs())) {
-            userIds.add(userId);
-            for (PGPSignature sig : new IterableIterator<PGPSignature>(key.getSignaturesForID(userId))) {
-                if (sig.getHashedSubPackets() != null
-                        && sig.getHashedSubPackets().hasSubpacket(SignatureSubpacketTags.PRIMARY_USER_ID)) {
-                    try {
-                        // make sure it's actually valid
-                        sig.init(new JcaPGPContentVerifierBuilderProvider().setProvider(
-                                Constants.BOUNCY_CASTLE_PROVIDER_NAME), key);
-                        if (sig.verifyCertification(userId, key)) {
-                            mPrimaryUserId = userId;
-                        }
-                    } catch (Exception e) {
-                        // nothing bad happens, the key is just not considered the primary key id
-                    }
-                }
 
-            }
-        }
         // if there was no user id flagged as primary, use the first one
         if (mPrimaryUserId == null) {
             mPrimaryUserId = userIds.get(0);
         }
 
-        this.keyId = key.getKeyID();
+        this.keyId = key.getKeyId();
         this.keyIdHex = PgpKeyHelper.convertKeyIdToHex(keyId);
 
-        this.revoked = key.isRevoked();
+        this.revoked = key.maybeRevoked();
         this.fingerprintHex = PgpKeyHelper.convertFingerprintToHex(key.getFingerprint());
         this.bitStrength = key.getBitStrength();
         final int algorithm = key.getAlgorithm();

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpImportExport.java

@@ -165,7 +165,8 @@ public class PgpImportExport {
                             }
                             newPubRing = PGPPublicKeyRing.insertPublicKey(newPubRing, key);
                         }
-                        status = storeKeyRingInCache(new UncachedKeyRing(newPubRing ,secretKeyRing));
+                        status = storeKeyRingInCache(new UncachedKeyRing(newPubRing),
+                                                     new UncachedKeyRing(secretKeyRing));
                     } else {
                         status = storeKeyRingInCache(new UncachedKeyRing((PGPPublicKeyRing) keyring));
                     }
@@ -278,15 +279,23 @@ public class PgpImportExport {
         return returnData;
     }
 
+    public int storeKeyRingInCache(UncachedKeyRing ring) {
+        return storeKeyRingInCache(ring, null);
+    }
+
     @SuppressWarnings("unchecked")
-    public int storeKeyRingInCache(UncachedKeyRing keyring) {
+    public int storeKeyRingInCache(UncachedKeyRing ring, UncachedKeyRing secretRing) {
         int status;
         try {
-            PGPSecretKeyRing secretKeyRing = keyring.getSecretRing();
+            // TODO make sure these are correctly typed!
-            PGPPublicKeyRing publicKeyRing = keyring.getPublicRing();
+            PGPPublicKeyRing publicKeyRing = (PGPPublicKeyRing) ring.getRing();
+            PGPSecretKeyRing secretKeyRing = null;
+            if(secretRing != null) {
+                secretKeyRing = (PGPSecretKeyRing) secretRing.getRing();
+            }
             // see what type we have. we can either have a secret + public keyring, or just public
             if (secretKeyRing != null) {
-                mProviderHelper.saveKeyRing(publicKeyRing, secretKeyRing);
+                mProviderHelper.saveKeyRing(ring, secretRing);
                 status = RETURN_OK;
             } else {
                 mProviderHelper.saveKeyRing(publicKeyRing);

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java

@@ -331,13 +331,12 @@ public class PgpKeyOperation {
         }
 
         PGPSecretKeyRing secretKeyRing = keyGen.generateSecretKeyRing();
-        PGPPublicKeyRing publicKeyRing = keyGen.generatePublicKeyRing();
 
-        return new UncachedKeyRing(publicKeyRing, secretKeyRing);
+        return new UncachedKeyRing(secretKeyRing);
 
     }
 
-    public UncachedKeyRing buildSecretKey(WrappedSecretKeyRing wmKR,
+    public Pair<UncachedKeyRing, UncachedKeyRing> buildSecretKey(WrappedSecretKeyRing wmKR,
                                                                  WrappedPublicKeyRing wpKR,
                                                                  SaveKeyringParcel saveParcel)
             throws PgpGeneralMsgIdException, PGPException, SignatureException, IOException {
@@ -664,7 +663,8 @@ public class PgpKeyOperation {
 
         */
 
-        return new UncachedKeyRing(pKR, mKR);
+        return new Pair<UncachedKeyRing,UncachedKeyRing>(new UncachedKeyRing(pKR),
+                                                         new UncachedKeyRing(mKR));
 
     }
 

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java

@@ -1,40 +1,51 @@
 package org.sufficientlysecure.keychain.pgp;
 
+import org.spongycastle.openpgp.PGPKeyRing;
 import org.spongycastle.openpgp.PGPObjectFactory;
 import org.spongycastle.openpgp.PGPPublicKeyRing;
 import org.spongycastle.openpgp.PGPSecretKeyRing;
 import org.spongycastle.openpgp.PGPUtil;
+import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
+import org.sufficientlysecure.keychain.util.Log;
 
 import java.io.BufferedInputStream;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
+import java.util.List;
+import java.util.Vector;
 
 public class UncachedKeyRing {
 
-    final PGPPublicKeyRing mPublicRing;
+    final PGPKeyRing mRing;
-    final PGPSecretKeyRing mSecretRing;
+    final boolean mIsSecret;
 
-    UncachedKeyRing(PGPPublicKeyRing publicRing, PGPSecretKeyRing secretRing) {
+    UncachedKeyRing(PGPKeyRing ring) {
-        mPublicRing = publicRing;
+        mRing = ring;
-        mSecretRing = secretRing;
+        mIsSecret = ring instanceof PGPSecretKeyRing;
     }
 
-    UncachedKeyRing(PGPPublicKeyRing publicRing) {
+    /* TODO don't use this */
-        this(publicRing, null);
+    @Deprecated
+    public PGPKeyRing getRing() {
+        return mRing;
     }
 
-    public PGPPublicKeyRing getPublicRing() {
+    public UncachedPublicKey getPublicKey() {
-        return mPublicRing;
+        return new UncachedPublicKey(mRing.getPublicKey());
     }
 
-    public PGPSecretKeyRing getSecretRing() {
+    public boolean isSecret() {
-        return mSecretRing;
+        return mIsSecret;
+    }
+
+    public byte[] getEncoded() throws IOException {
+        return mRing.getEncoded();
     }
 
     public byte[] getFingerprint() {
-        return mPublicRing.getPublicKey().getFingerprint();
+        return mRing.getPublicKey().getFingerprint();
     }
 
     public static UncachedKeyRing decodePubkeyFromData(byte[] data)
@@ -57,4 +68,25 @@ public class UncachedKeyRing {
         }
     }
 
+    public static List<UncachedKeyRing> fromStream(InputStream stream)
+            throws PgpGeneralException, IOException {
+
+        PGPObjectFactory objectFactory = new PGPObjectFactory(PGPUtil.getDecoderStream(stream));
+
+        List<UncachedKeyRing> result = new Vector<UncachedKeyRing>();
+
+        // go through all objects in this block
+        Object obj;
+        while ((obj = objectFactory.nextObject()) != null) {
+            Log.d(Constants.TAG, "Found class: " + obj.getClass());
+
+            if (obj instanceof PGPKeyRing) {
+                result.add(new UncachedKeyRing((PGPKeyRing) obj));
+            } else {
+                Log.e(Constants.TAG, "Object not recognized as PGPKeyRing!");
+            }
+        }
+        return result;
+    }
+
 }

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedPublicKey.java

@@ -1,14 +1,19 @@
 package org.sufficientlysecure.keychain.pgp;
 
+import org.spongycastle.bcpg.SignatureSubpacketTags;
 import org.spongycastle.bcpg.sig.KeyFlags;
 import org.spongycastle.openpgp.PGPPublicKey;
 import org.spongycastle.openpgp.PGPSignature;
 import org.spongycastle.openpgp.PGPSignatureSubpacketVector;
+import org.spongycastle.openpgp.operator.jcajce.JcaPGPContentVerifierBuilderProvider;
+import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.util.IterableIterator;
 
+import java.util.ArrayList;
 import java.util.Calendar;
 import java.util.Date;
 import java.util.GregorianCalendar;
+import java.util.List;
 
 public class UncachedPublicKey {
     protected final PGPPublicKey mPublicKey;
@@ -22,7 +27,8 @@ public class UncachedPublicKey {
         return mPublicKey.getKeyID();
     }
 
-    public boolean isRevoked() {
+    /** The revocation signature is NOT checked here, so this may be false! */
+    public boolean maybeRevoked() {
         return mPublicKey.isRevoked();
     }
 
@@ -60,6 +66,34 @@ public class UncachedPublicKey {
         return mPublicKey.getAlgorithm();
     }
 
+    public int getBitStrength() {
+        return mPublicKey.getBitStrength();
+    }
+
+    public String getPrimaryUserId() {
+        List<String> userIds = new ArrayList<String>();
+        for (String userId : new IterableIterator<String>(mPublicKey.getUserIDs())) {
+            userIds.add(userId);
+            for (PGPSignature sig : new IterableIterator<PGPSignature>(mPublicKey.getSignaturesForID(userId))) {
+                if (sig.getHashedSubPackets() != null
+                        && sig.getHashedSubPackets().hasSubpacket(SignatureSubpacketTags.PRIMARY_USER_ID)) {
+                    try {
+                        // make sure it's actually valid
+                        sig.init(new JcaPGPContentVerifierBuilderProvider().setProvider(
+                                Constants.BOUNCY_CASTLE_PROVIDER_NAME), mPublicKey);
+                        if (sig.verifyCertification(userId, mPublicKey)) {
+                            return userId;
+                        }
+                    } catch (Exception e) {
+                        // nothing bad happens, the key is just not considered the primary key id
+                    }
+                }
+
+            }
+        }
+        return null;
+    }
+
     public boolean isElGamalEncrypt() {
         return getAlgorithm() == PGPPublicKey.ELGAMAL_ENCRYPT;
     }

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/WrappedPublicKey.java

@@ -33,30 +33,4 @@ public class WrappedPublicKey extends UncachedPublicKey {
         return  new JcePublicKeyKeyEncryptionMethodGenerator(mPublicKey);
     }
 
-    public void initSignature(PGPSignature sig) throws PGPException {
-        JcaPGPContentVerifierBuilderProvider contentVerifierBuilderProvider =
-                new JcaPGPContentVerifierBuilderProvider()
-                        .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
-        sig.init(contentVerifierBuilderProvider, mPublicKey);
-    }
-
-    public void initSignature(PGPOnePassSignature sig) throws PGPException {
-        JcaPGPContentVerifierBuilderProvider contentVerifierBuilderProvider =
-                new JcaPGPContentVerifierBuilderProvider()
-                        .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
-        sig.init(contentVerifierBuilderProvider, mPublicKey);
-    }
-
-    /** Verify a signature for this pubkey, after it has been initialized by the signer using
-     * initSignature(). This method should probably move into a wrapped PGPSignature class
-     * at some point.
-     */
-    public boolean verifySignature(PGPSignature sig, String uid) throws PGPException {
-        try {
-            return sig.verifyCertification(uid, mPublicKey);
-        } catch (SignatureException e) {
-            throw new PGPException("Error!", e);
-        }
-    }
-
 }

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java

@@ -449,24 +449,23 @@ public class ProviderHelper {
 
     }
 
-    public void saveKeyRing(UncachedKeyRing wrappedRing) throws IOException {
+    public void saveKeyRing(UncachedKeyRing ring) throws IOException {
-        PGPPublicKeyRing pubRing = wrappedRing.getPublicRing();
+        PGPPublicKeyRing pubRing = (PGPPublicKeyRing) ring.getRing();
-        PGPSecretKeyRing secRing = wrappedRing.getSecretRing();
+        saveKeyRing(pubRing);
-        saveKeyRing(pubRing, secRing);
     }
 
     /**
      * Saves (or updates) a pair of public and secret KeyRings in the database
      */
-    public void saveKeyRing(PGPPublicKeyRing pubRing, PGPSecretKeyRing privRing) throws IOException {
+    public void saveKeyRing(UncachedKeyRing pubRing, UncachedKeyRing secRing) throws IOException {
-        long masterKeyId = pubRing.getPublicKey().getKeyID();
+        long masterKeyId = pubRing.getPublicKey().getKeyId();
 
         // delete secret keyring (so it isn't unnecessarily saved by public-saveKeyRing below)
         mContentResolver.delete(KeyRingData.buildSecretKeyRingUri(Long.toString(masterKeyId)), null, null);
 
         // save public keyring
-        saveKeyRing(pubRing);
+        saveKeyRing((PGPPublicKeyRing) pubRing.getRing());
-        saveKeyRing(privRing);
+        saveKeyRing((PGPSecretKeyRing) secRing.getRing());
     }
 
     /**

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java

@@ -524,19 +524,21 @@ public class KeychainIntentService extends IntentService
                     setProgress(R.string.progress_done, 100, 100);
                 } else {
                     PgpKeyOperation keyOperations = new PgpKeyOperation(new ProgressScaler(this, 0, 90, 100));
-                    UncachedKeyRing pair;
                     try {
                         WrappedSecretKeyRing privkey = providerHelper.getWrappedSecretKeyRing(masterKeyId);
                         WrappedPublicKeyRing pubkey = providerHelper.getWrappedPublicKeyRing(masterKeyId);
 
-                        pair = keyOperations.buildSecretKey(privkey, pubkey, saveParcel); // edit existing
+                        PgpKeyOperation.Pair<UncachedKeyRing,UncachedKeyRing> pair =
+                                keyOperations.buildSecretKey(privkey, pubkey, saveParcel); // edit existing
+                        setProgress(R.string.progress_saving_key_ring, 90, 100);
+                        providerHelper.saveKeyRing(pair.first, pair.second);
                     } catch (ProviderHelper.NotFoundException e) {
-                        pair = keyOperations.buildNewSecretKey(saveParcel); //new Keyring
+                        UncachedKeyRing ring = keyOperations.buildNewSecretKey(saveParcel); //new Keyring
+                        // save the pair
+                        setProgress(R.string.progress_saving_key_ring, 90, 100);
+                        providerHelper.saveKeyRing(ring);
                     }
 
-                    setProgress(R.string.progress_saving_key_ring, 90, 100);
-                    // save the pair
-                    providerHelper.saveKeyRing(pair);
                     setProgress(R.string.progress_done, 100, 100);
                 }
                 PassphraseCacheService.addCachedPassphrase(this, masterKeyId, newPassphrase);