make certify routines more robust (#1016)

2024-08-13 15:53:53 -04:00 · 2015-01-03 22:14:12 +01:00 · 2015-01-03 22:14:12 +01:00 · 47ace7cea3
commit 47ace7cea3
parent 2192a6badd
4 changed files with 14 additions and 0 deletions
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/CertifyOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/CertifyOperation.java
@ -94,6 +94,12 @@ public class CertifyOperation extends BaseOperation {

            try {

+                if (action.mMasterKeyId == parcel.mMasterKeyId) {
+                    log.add(LogType.MSG_CRT_ERROR_SELF, 2);
+                    certifyError += 1;
+                    continue;
+                }
+
                if (action.mUserIds == null) {
                    log.add(LogType.MSG_CRT_CERTIFY_ALL, 2,
                            KeyFormattingUtils.convertKeyIdToHex(action.mMasterKeyId));
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java
@ -587,6 +587,7 @@ public abstract class OperationResult implements Parcelable {
        MSG_CRT_CERTIFYING (LogLevel.DEBUG, R.string.msg_crt_certifying),
        MSG_CRT_CERTIFY_ALL (LogLevel.DEBUG, R.string.msg_crt_certify_all),
        MSG_CRT_CERTIFY_SOME (LogLevel.DEBUG, R.plurals.msg_crt_certify_some),
+        MSG_CRT_ERROR_SELF (LogLevel.ERROR, R.string.msg_crt_error_self),
        MSG_CRT_ERROR_MASTER_NOT_FOUND (LogLevel.ERROR, R.string.msg_crt_error_master_not_found),
        MSG_CRT_ERROR_NOTHING (LogLevel.ERROR, R.string.msg_crt_error_nothing),
        MSG_CRT_ERROR_UNLOCK (LogLevel.ERROR, R.string.msg_crt_error_unlock),
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
@ -300,6 +300,12 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
        if (mPrivateKeyState == PRIVATE_KEY_STATE_LOCKED) {
            throw new PrivateKeyNotUnlockedException();
        }
+        if (!isMasterKey()) {
+            throw new AssertionError("tried to certify with non-master key, this is a programming error!");
+        }
+        if (publicKeyRing.getMasterKeyId() == getKeyId()) {
+            throw new AssertionError("key tried to self-certify, this is a programming error!");
+        }

        // create a signatureGenerator from the supplied masterKeyId and passphrase
        PGPSignatureGenerator signatureGenerator;
--- a/OpenKeychain/src/main/res/values/strings.xml
+++ b/OpenKeychain/src/main/res/values/strings.xml
@ -942,6 +942,7 @@
        <item quantity="one">"Certifying one user ID for key %2$s"</item>
        <item quantity="other">"Certifying %1$d user IDs for key %2$s"</item>
    </plurals>
+    <string name="msg_crt_error_self">"Cannot issue self-certificate like this!"</string>
    <string name="msg_crt_error_master_not_found">"Master key not found!"</string>
    <string name="msg_crt_error_nothing">"No keys certified!"</string>
    <string name="msg_crt_error_unlock">"Error unlocking master key!"</string>