mirror of
https://github.com/moparisthebest/open-keychain
synced 2024-12-25 08:28:50 -05:00
wrapped-key-ring: UncachedKeyRing wraps only one ring of dynamic type
This commit is contained in:
parent
cd0aba9d43
commit
10ad7be46b
@ -21,15 +21,10 @@ import android.content.Context;
|
||||
import android.os.Parcel;
|
||||
import android.os.Parcelable;
|
||||
|
||||
import org.spongycastle.bcpg.SignatureSubpacketTags;
|
||||
import org.spongycastle.openpgp.PGPKeyRing;
|
||||
import org.spongycastle.openpgp.PGPPublicKey;
|
||||
import org.spongycastle.openpgp.PGPSecretKeyRing;
|
||||
import org.spongycastle.openpgp.PGPSignature;
|
||||
import org.spongycastle.openpgp.operator.jcajce.JcaPGPContentVerifierBuilderProvider;
|
||||
import org.sufficientlysecure.keychain.Constants;
|
||||
import org.sufficientlysecure.keychain.pgp.PgpKeyHelper;
|
||||
import org.sufficientlysecure.keychain.util.IterableIterator;
|
||||
import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
|
||||
import org.sufficientlysecure.keychain.pgp.UncachedPublicKey;
|
||||
import org.sufficientlysecure.keychain.util.Log;
|
||||
|
||||
import java.io.IOException;
|
||||
@ -233,10 +228,12 @@ public class ImportKeysListEntry implements Serializable, Parcelable {
|
||||
* Constructor based on key object, used for import from NFC, QR Codes, files
|
||||
*/
|
||||
@SuppressWarnings("unchecked")
|
||||
public ImportKeysListEntry(Context context, PGPKeyRing pgpKeyRing) {
|
||||
public ImportKeysListEntry(Context context, UncachedKeyRing ring) {
|
||||
// TODO less bouncy castle objects!
|
||||
|
||||
// save actual key object into entry, used to import it later
|
||||
try {
|
||||
this.mBytes = pgpKeyRing.getEncoded();
|
||||
this.mBytes = ring.getEncoded();
|
||||
} catch (IOException e) {
|
||||
Log.e(Constants.TAG, "IOException on pgpKeyRing.getEncoded()", e);
|
||||
}
|
||||
@ -244,42 +241,20 @@ public class ImportKeysListEntry implements Serializable, Parcelable {
|
||||
// selected is default
|
||||
this.mSelected = true;
|
||||
|
||||
if (pgpKeyRing instanceof PGPSecretKeyRing) {
|
||||
secretKey = true;
|
||||
} else {
|
||||
secretKey = false;
|
||||
}
|
||||
PGPPublicKey key = pgpKeyRing.getPublicKey();
|
||||
secretKey = ring.isSecret();
|
||||
UncachedPublicKey key = ring.getPublicKey();
|
||||
|
||||
userIds = new ArrayList<String>();
|
||||
for (String userId : new IterableIterator<String>(key.getUserIDs())) {
|
||||
userIds.add(userId);
|
||||
for (PGPSignature sig : new IterableIterator<PGPSignature>(key.getSignaturesForID(userId))) {
|
||||
if (sig.getHashedSubPackets() != null
|
||||
&& sig.getHashedSubPackets().hasSubpacket(SignatureSubpacketTags.PRIMARY_USER_ID)) {
|
||||
try {
|
||||
// make sure it's actually valid
|
||||
sig.init(new JcaPGPContentVerifierBuilderProvider().setProvider(
|
||||
Constants.BOUNCY_CASTLE_PROVIDER_NAME), key);
|
||||
if (sig.verifyCertification(userId, key)) {
|
||||
mPrimaryUserId = userId;
|
||||
}
|
||||
} catch (Exception e) {
|
||||
// nothing bad happens, the key is just not considered the primary key id
|
||||
}
|
||||
}
|
||||
mPrimaryUserId = key.getPrimaryUserId();
|
||||
|
||||
}
|
||||
}
|
||||
// if there was no user id flagged as primary, use the first one
|
||||
if (mPrimaryUserId == null) {
|
||||
mPrimaryUserId = userIds.get(0);
|
||||
}
|
||||
|
||||
this.keyId = key.getKeyID();
|
||||
this.keyId = key.getKeyId();
|
||||
this.keyIdHex = PgpKeyHelper.convertKeyIdToHex(keyId);
|
||||
|
||||
this.revoked = key.isRevoked();
|
||||
this.revoked = key.maybeRevoked();
|
||||
this.fingerprintHex = PgpKeyHelper.convertFingerprintToHex(key.getFingerprint());
|
||||
this.bitStrength = key.getBitStrength();
|
||||
final int algorithm = key.getAlgorithm();
|
||||
|
@ -165,7 +165,8 @@ public class PgpImportExport {
|
||||
}
|
||||
newPubRing = PGPPublicKeyRing.insertPublicKey(newPubRing, key);
|
||||
}
|
||||
status = storeKeyRingInCache(new UncachedKeyRing(newPubRing ,secretKeyRing));
|
||||
status = storeKeyRingInCache(new UncachedKeyRing(newPubRing),
|
||||
new UncachedKeyRing(secretKeyRing));
|
||||
} else {
|
||||
status = storeKeyRingInCache(new UncachedKeyRing((PGPPublicKeyRing) keyring));
|
||||
}
|
||||
@ -278,15 +279,23 @@ public class PgpImportExport {
|
||||
return returnData;
|
||||
}
|
||||
|
||||
public int storeKeyRingInCache(UncachedKeyRing ring) {
|
||||
return storeKeyRingInCache(ring, null);
|
||||
}
|
||||
|
||||
@SuppressWarnings("unchecked")
|
||||
public int storeKeyRingInCache(UncachedKeyRing keyring) {
|
||||
public int storeKeyRingInCache(UncachedKeyRing ring, UncachedKeyRing secretRing) {
|
||||
int status;
|
||||
try {
|
||||
PGPSecretKeyRing secretKeyRing = keyring.getSecretRing();
|
||||
PGPPublicKeyRing publicKeyRing = keyring.getPublicRing();
|
||||
// TODO make sure these are correctly typed!
|
||||
PGPPublicKeyRing publicKeyRing = (PGPPublicKeyRing) ring.getRing();
|
||||
PGPSecretKeyRing secretKeyRing = null;
|
||||
if(secretRing != null) {
|
||||
secretKeyRing = (PGPSecretKeyRing) secretRing.getRing();
|
||||
}
|
||||
// see what type we have. we can either have a secret + public keyring, or just public
|
||||
if (secretKeyRing != null) {
|
||||
mProviderHelper.saveKeyRing(publicKeyRing, secretKeyRing);
|
||||
mProviderHelper.saveKeyRing(ring, secretRing);
|
||||
status = RETURN_OK;
|
||||
} else {
|
||||
mProviderHelper.saveKeyRing(publicKeyRing);
|
||||
|
@ -331,13 +331,12 @@ public class PgpKeyOperation {
|
||||
}
|
||||
|
||||
PGPSecretKeyRing secretKeyRing = keyGen.generateSecretKeyRing();
|
||||
PGPPublicKeyRing publicKeyRing = keyGen.generatePublicKeyRing();
|
||||
|
||||
return new UncachedKeyRing(publicKeyRing, secretKeyRing);
|
||||
return new UncachedKeyRing(secretKeyRing);
|
||||
|
||||
}
|
||||
|
||||
public UncachedKeyRing buildSecretKey(WrappedSecretKeyRing wmKR,
|
||||
public Pair<UncachedKeyRing, UncachedKeyRing> buildSecretKey(WrappedSecretKeyRing wmKR,
|
||||
WrappedPublicKeyRing wpKR,
|
||||
SaveKeyringParcel saveParcel)
|
||||
throws PgpGeneralMsgIdException, PGPException, SignatureException, IOException {
|
||||
@ -664,7 +663,8 @@ public class PgpKeyOperation {
|
||||
|
||||
*/
|
||||
|
||||
return new UncachedKeyRing(pKR, mKR);
|
||||
return new Pair<UncachedKeyRing,UncachedKeyRing>(new UncachedKeyRing(pKR),
|
||||
new UncachedKeyRing(mKR));
|
||||
|
||||
}
|
||||
|
||||
|
@ -1,40 +1,51 @@
|
||||
package org.sufficientlysecure.keychain.pgp;
|
||||
|
||||
import org.spongycastle.openpgp.PGPKeyRing;
|
||||
import org.spongycastle.openpgp.PGPObjectFactory;
|
||||
import org.spongycastle.openpgp.PGPPublicKeyRing;
|
||||
import org.spongycastle.openpgp.PGPSecretKeyRing;
|
||||
import org.spongycastle.openpgp.PGPUtil;
|
||||
import org.sufficientlysecure.keychain.Constants;
|
||||
import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
|
||||
import org.sufficientlysecure.keychain.util.Log;
|
||||
|
||||
import java.io.BufferedInputStream;
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.util.List;
|
||||
import java.util.Vector;
|
||||
|
||||
public class UncachedKeyRing {
|
||||
|
||||
final PGPPublicKeyRing mPublicRing;
|
||||
final PGPSecretKeyRing mSecretRing;
|
||||
final PGPKeyRing mRing;
|
||||
final boolean mIsSecret;
|
||||
|
||||
UncachedKeyRing(PGPPublicKeyRing publicRing, PGPSecretKeyRing secretRing) {
|
||||
mPublicRing = publicRing;
|
||||
mSecretRing = secretRing;
|
||||
UncachedKeyRing(PGPKeyRing ring) {
|
||||
mRing = ring;
|
||||
mIsSecret = ring instanceof PGPSecretKeyRing;
|
||||
}
|
||||
|
||||
UncachedKeyRing(PGPPublicKeyRing publicRing) {
|
||||
this(publicRing, null);
|
||||
/* TODO don't use this */
|
||||
@Deprecated
|
||||
public PGPKeyRing getRing() {
|
||||
return mRing;
|
||||
}
|
||||
|
||||
public PGPPublicKeyRing getPublicRing() {
|
||||
return mPublicRing;
|
||||
public UncachedPublicKey getPublicKey() {
|
||||
return new UncachedPublicKey(mRing.getPublicKey());
|
||||
}
|
||||
|
||||
public PGPSecretKeyRing getSecretRing() {
|
||||
return mSecretRing;
|
||||
public boolean isSecret() {
|
||||
return mIsSecret;
|
||||
}
|
||||
|
||||
public byte[] getEncoded() throws IOException {
|
||||
return mRing.getEncoded();
|
||||
}
|
||||
|
||||
public byte[] getFingerprint() {
|
||||
return mPublicRing.getPublicKey().getFingerprint();
|
||||
return mRing.getPublicKey().getFingerprint();
|
||||
}
|
||||
|
||||
public static UncachedKeyRing decodePubkeyFromData(byte[] data)
|
||||
@ -57,4 +68,25 @@ public class UncachedKeyRing {
|
||||
}
|
||||
}
|
||||
|
||||
public static List<UncachedKeyRing> fromStream(InputStream stream)
|
||||
throws PgpGeneralException, IOException {
|
||||
|
||||
PGPObjectFactory objectFactory = new PGPObjectFactory(PGPUtil.getDecoderStream(stream));
|
||||
|
||||
List<UncachedKeyRing> result = new Vector<UncachedKeyRing>();
|
||||
|
||||
// go through all objects in this block
|
||||
Object obj;
|
||||
while ((obj = objectFactory.nextObject()) != null) {
|
||||
Log.d(Constants.TAG, "Found class: " + obj.getClass());
|
||||
|
||||
if (obj instanceof PGPKeyRing) {
|
||||
result.add(new UncachedKeyRing((PGPKeyRing) obj));
|
||||
} else {
|
||||
Log.e(Constants.TAG, "Object not recognized as PGPKeyRing!");
|
||||
}
|
||||
}
|
||||
return result;
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -1,14 +1,19 @@
|
||||
package org.sufficientlysecure.keychain.pgp;
|
||||
|
||||
import org.spongycastle.bcpg.SignatureSubpacketTags;
|
||||
import org.spongycastle.bcpg.sig.KeyFlags;
|
||||
import org.spongycastle.openpgp.PGPPublicKey;
|
||||
import org.spongycastle.openpgp.PGPSignature;
|
||||
import org.spongycastle.openpgp.PGPSignatureSubpacketVector;
|
||||
import org.spongycastle.openpgp.operator.jcajce.JcaPGPContentVerifierBuilderProvider;
|
||||
import org.sufficientlysecure.keychain.Constants;
|
||||
import org.sufficientlysecure.keychain.util.IterableIterator;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Calendar;
|
||||
import java.util.Date;
|
||||
import java.util.GregorianCalendar;
|
||||
import java.util.List;
|
||||
|
||||
public class UncachedPublicKey {
|
||||
protected final PGPPublicKey mPublicKey;
|
||||
@ -22,7 +27,8 @@ public class UncachedPublicKey {
|
||||
return mPublicKey.getKeyID();
|
||||
}
|
||||
|
||||
public boolean isRevoked() {
|
||||
/** The revocation signature is NOT checked here, so this may be false! */
|
||||
public boolean maybeRevoked() {
|
||||
return mPublicKey.isRevoked();
|
||||
}
|
||||
|
||||
@ -60,6 +66,34 @@ public class UncachedPublicKey {
|
||||
return mPublicKey.getAlgorithm();
|
||||
}
|
||||
|
||||
public int getBitStrength() {
|
||||
return mPublicKey.getBitStrength();
|
||||
}
|
||||
|
||||
public String getPrimaryUserId() {
|
||||
List<String> userIds = new ArrayList<String>();
|
||||
for (String userId : new IterableIterator<String>(mPublicKey.getUserIDs())) {
|
||||
userIds.add(userId);
|
||||
for (PGPSignature sig : new IterableIterator<PGPSignature>(mPublicKey.getSignaturesForID(userId))) {
|
||||
if (sig.getHashedSubPackets() != null
|
||||
&& sig.getHashedSubPackets().hasSubpacket(SignatureSubpacketTags.PRIMARY_USER_ID)) {
|
||||
try {
|
||||
// make sure it's actually valid
|
||||
sig.init(new JcaPGPContentVerifierBuilderProvider().setProvider(
|
||||
Constants.BOUNCY_CASTLE_PROVIDER_NAME), mPublicKey);
|
||||
if (sig.verifyCertification(userId, mPublicKey)) {
|
||||
return userId;
|
||||
}
|
||||
} catch (Exception e) {
|
||||
// nothing bad happens, the key is just not considered the primary key id
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
public boolean isElGamalEncrypt() {
|
||||
return getAlgorithm() == PGPPublicKey.ELGAMAL_ENCRYPT;
|
||||
}
|
||||
|
@ -33,30 +33,4 @@ public class WrappedPublicKey extends UncachedPublicKey {
|
||||
return new JcePublicKeyKeyEncryptionMethodGenerator(mPublicKey);
|
||||
}
|
||||
|
||||
public void initSignature(PGPSignature sig) throws PGPException {
|
||||
JcaPGPContentVerifierBuilderProvider contentVerifierBuilderProvider =
|
||||
new JcaPGPContentVerifierBuilderProvider()
|
||||
.setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
|
||||
sig.init(contentVerifierBuilderProvider, mPublicKey);
|
||||
}
|
||||
|
||||
public void initSignature(PGPOnePassSignature sig) throws PGPException {
|
||||
JcaPGPContentVerifierBuilderProvider contentVerifierBuilderProvider =
|
||||
new JcaPGPContentVerifierBuilderProvider()
|
||||
.setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
|
||||
sig.init(contentVerifierBuilderProvider, mPublicKey);
|
||||
}
|
||||
|
||||
/** Verify a signature for this pubkey, after it has been initialized by the signer using
|
||||
* initSignature(). This method should probably move into a wrapped PGPSignature class
|
||||
* at some point.
|
||||
*/
|
||||
public boolean verifySignature(PGPSignature sig, String uid) throws PGPException {
|
||||
try {
|
||||
return sig.verifyCertification(uid, mPublicKey);
|
||||
} catch (SignatureException e) {
|
||||
throw new PGPException("Error!", e);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -449,24 +449,23 @@ public class ProviderHelper {
|
||||
|
||||
}
|
||||
|
||||
public void saveKeyRing(UncachedKeyRing wrappedRing) throws IOException {
|
||||
PGPPublicKeyRing pubRing = wrappedRing.getPublicRing();
|
||||
PGPSecretKeyRing secRing = wrappedRing.getSecretRing();
|
||||
saveKeyRing(pubRing, secRing);
|
||||
public void saveKeyRing(UncachedKeyRing ring) throws IOException {
|
||||
PGPPublicKeyRing pubRing = (PGPPublicKeyRing) ring.getRing();
|
||||
saveKeyRing(pubRing);
|
||||
}
|
||||
|
||||
/**
|
||||
* Saves (or updates) a pair of public and secret KeyRings in the database
|
||||
*/
|
||||
public void saveKeyRing(PGPPublicKeyRing pubRing, PGPSecretKeyRing privRing) throws IOException {
|
||||
long masterKeyId = pubRing.getPublicKey().getKeyID();
|
||||
public void saveKeyRing(UncachedKeyRing pubRing, UncachedKeyRing secRing) throws IOException {
|
||||
long masterKeyId = pubRing.getPublicKey().getKeyId();
|
||||
|
||||
// delete secret keyring (so it isn't unnecessarily saved by public-saveKeyRing below)
|
||||
mContentResolver.delete(KeyRingData.buildSecretKeyRingUri(Long.toString(masterKeyId)), null, null);
|
||||
|
||||
// save public keyring
|
||||
saveKeyRing(pubRing);
|
||||
saveKeyRing(privRing);
|
||||
saveKeyRing((PGPPublicKeyRing) pubRing.getRing());
|
||||
saveKeyRing((PGPSecretKeyRing) secRing.getRing());
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -524,19 +524,21 @@ public class KeychainIntentService extends IntentService
|
||||
setProgress(R.string.progress_done, 100, 100);
|
||||
} else {
|
||||
PgpKeyOperation keyOperations = new PgpKeyOperation(new ProgressScaler(this, 0, 90, 100));
|
||||
UncachedKeyRing pair;
|
||||
try {
|
||||
WrappedSecretKeyRing privkey = providerHelper.getWrappedSecretKeyRing(masterKeyId);
|
||||
WrappedPublicKeyRing pubkey = providerHelper.getWrappedPublicKeyRing(masterKeyId);
|
||||
|
||||
pair = keyOperations.buildSecretKey(privkey, pubkey, saveParcel); // edit existing
|
||||
PgpKeyOperation.Pair<UncachedKeyRing,UncachedKeyRing> pair =
|
||||
keyOperations.buildSecretKey(privkey, pubkey, saveParcel); // edit existing
|
||||
setProgress(R.string.progress_saving_key_ring, 90, 100);
|
||||
providerHelper.saveKeyRing(pair.first, pair.second);
|
||||
} catch (ProviderHelper.NotFoundException e) {
|
||||
pair = keyOperations.buildNewSecretKey(saveParcel); //new Keyring
|
||||
UncachedKeyRing ring = keyOperations.buildNewSecretKey(saveParcel); //new Keyring
|
||||
// save the pair
|
||||
setProgress(R.string.progress_saving_key_ring, 90, 100);
|
||||
providerHelper.saveKeyRing(ring);
|
||||
}
|
||||
|
||||
setProgress(R.string.progress_saving_key_ring, 90, 100);
|
||||
// save the pair
|
||||
providerHelper.saveKeyRing(pair);
|
||||
setProgress(R.string.progress_done, 100, 100);
|
||||
}
|
||||
PassphraseCacheService.addCachedPassphrase(this, masterKeyId, newPassphrase);
|
||||
|
Loading…
Reference in New Issue
Block a user