add empty notation data packet only if necessary

This commit is contained in:
Vincent Breitmoser 2015-01-01 20:46:39 +01:00
parent 9f7b2472cf
commit 2d38079574

View File

@ -919,6 +919,8 @@ public class PgpKeyOperation {
if (newUnlock.mNewPassphrase != null) { if (newUnlock.mNewPassphrase != null) {
sKR = applyNewPassphrase(sKR, masterPublicKey, passphrase, newUnlock.mNewPassphrase, log, indent); sKR = applyNewPassphrase(sKR, masterPublicKey, passphrase, newUnlock.mNewPassphrase, log, indent);
// if there is any old packet with notation data
if (hasNotationData(sKR)) {
// add packet with EMPTY notation data (updates old one, but will be stripped later) // add packet with EMPTY notation data (updates old one, but will be stripped later)
PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder( PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(
masterPrivateKey.getPublicKeyPacket().getAlgorithm(), HashAlgorithmTags.SHA512) masterPrivateKey.getPublicKeyPacket().getAlgorithm(), HashAlgorithmTags.SHA512)
@ -935,6 +937,7 @@ public class PgpKeyOperation {
masterPublicKey = PGPPublicKey.addCertification(masterPublicKey, emptySig); masterPublicKey = PGPPublicKey.addCertification(masterPublicKey, emptySig);
sKR = PGPSecretKeyRing.insertSecretKey(sKR, sKR = PGPSecretKeyRing.insertSecretKey(sKR,
PGPSecretKey.replacePublicKey(sKR.getSecretKey(), masterPublicKey)); PGPSecretKey.replacePublicKey(sKR.getSecretKey(), masterPublicKey));
}
return sKR; return sKR;
} }
@ -942,7 +945,7 @@ public class PgpKeyOperation {
if (newUnlock.mNewPin != null) { if (newUnlock.mNewPin != null) {
sKR = applyNewPassphrase(sKR, masterPublicKey, passphrase, newUnlock.mNewPin, log, indent); sKR = applyNewPassphrase(sKR, masterPublicKey, passphrase, newUnlock.mNewPin, log, indent);
// add packet with EMPTY notation data (updates old one, but will be stripped later) // add packet with "pin" notation data
PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder( PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(
masterPrivateKey.getPublicKeyPacket().getAlgorithm(), HashAlgorithmTags.SHA512) masterPrivateKey.getPublicKeyPacket().getAlgorithm(), HashAlgorithmTags.SHA512)
.setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME); .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
@ -967,6 +970,22 @@ public class PgpKeyOperation {
} }
/** This method returns true iff the provided keyring has a local direct key signature
* with notation data.
*/
private static boolean hasNotationData(PGPSecretKeyRing sKR) {
// noinspection unchecked
Iterator<PGPSignature> sigs = sKR.getPublicKey().getKeySignatures();
while (sigs.hasNext()) {
WrappedSignature sig = new WrappedSignature(sigs.next());
if (sig.getSignatureType() == PGPSignature.DIRECT_KEY
&& sig.isLocal() && !sig.getNotation().isEmpty()) {
return true;
}
}
return false;
}
private static PGPSecretKeyRing applyNewPassphrase( private static PGPSecretKeyRing applyNewPassphrase(
PGPSecretKeyRing sKR, PGPSecretKeyRing sKR,
PGPPublicKey masterPublicKey, PGPPublicKey masterPublicKey,