From 0922a8cf0410fb7ea3e6cca131d834b71caaf22f Mon Sep 17 00:00:00 2001 From: Vincent Breitmoser Date: Sat, 15 Mar 2014 02:20:28 +0100 Subject: [PATCH 1/9] move fingerprint coloring into helper --- .../keychain/helper/OtherHelper.java | 62 +++++++++++++++++++ .../keychain/ui/CertifyKeyActivity.java | 1 + .../keychain/ui/ViewKeyMainFragment.java | 62 +------------------ 3 files changed, 64 insertions(+), 61 deletions(-) diff --git a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/helper/OtherHelper.java b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/helper/OtherHelper.java index eb46a52e5..736bff02d 100644 --- a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/helper/OtherHelper.java +++ b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/helper/OtherHelper.java @@ -17,7 +17,12 @@ package org.sufficientlysecure.keychain.helper; +import android.graphics.Color; import android.os.Bundle; +import android.text.Spannable; +import android.text.SpannableStringBuilder; +import android.text.style.ForegroundColorSpan; + import org.sufficientlysecure.keychain.Constants; import org.sufficientlysecure.keychain.util.Log; @@ -60,6 +65,63 @@ public class OtherHelper { } } + public static SpannableStringBuilder colorizeFingerprint(String fingerprint) { + SpannableStringBuilder sb = new SpannableStringBuilder(fingerprint); + try { + // for each 4 characters of the fingerprint + 1 space + for (int i = 0; i < fingerprint.length(); i += 5) { + int spanEnd = Math.min(i + 4, fingerprint.length()); + String fourChars = fingerprint.substring(i, spanEnd); + + int raw = Integer.parseInt(fourChars, 16); + byte[] bytes = {(byte) ((raw >> 8) & 0xff - 128), (byte) (raw & 0xff - 128)}; + int[] color = OtherHelper.getRgbForData(bytes); + int r = color[0]; + int g = color[1]; + int b = color[2]; + + // we cannot change black by multiplication, so adjust it to an almost-black grey, + // which will then be brightened to the minimal brightness level + if (r == 0 && g == 0 && b == 0) { + r = 1; + g = 1; + b = 1; + } + + // Convert rgb to brightness + double brightness = 0.2126 * r + 0.7152 * g + 0.0722 * b; + + // If a color is too dark to be seen on black, + // then brighten it up to a minimal brightness. + if (brightness < 80) { + double factor = 80.0 / brightness; + r = Math.min(255, (int) (r * factor)); + g = Math.min(255, (int) (g * factor)); + b = Math.min(255, (int) (b * factor)); + + // If it is too light, then darken it to a respective maximal brightness. + } else if (brightness > 180) { + double factor = 180.0 / brightness; + r = (int) (r * factor); + g = (int) (g * factor); + b = (int) (b * factor); + } + + // Create a foreground color with the 3 digest integers as RGB + // and then converting that int to hex to use as a color + sb.setSpan(new ForegroundColorSpan(Color.rgb(r, g, b)), + i, spanEnd, Spannable.SPAN_INCLUSIVE_INCLUSIVE); + } + } catch (Exception e) { + Log.e(Constants.TAG, "Colorization failed", e); + // if anything goes wrong, then just display the fingerprint without colour, + // instead of partially correct colour or wrong colours + return new SpannableStringBuilder(fingerprint); + } + + return sb; + } + /** * Converts the given bytes to a unique RGB color using SHA1 algorithm * diff --git a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyActivity.java b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyActivity.java index 9a9911c94..ecf8ff09e 100644 --- a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyActivity.java +++ b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyActivity.java @@ -35,6 +35,7 @@ import org.spongycastle.openpgp.PGPPublicKeyRing; import org.spongycastle.openpgp.PGPSignature; import org.sufficientlysecure.keychain.Constants; import org.sufficientlysecure.keychain.R; +import org.sufficientlysecure.keychain.helper.OtherHelper; import org.sufficientlysecure.keychain.helper.Preferences; import org.sufficientlysecure.keychain.pgp.PgpKeyHelper; import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException; diff --git a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyMainFragment.java b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyMainFragment.java index eeb17fea2..a361b24b6 100644 --- a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyMainFragment.java +++ b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyMainFragment.java @@ -26,10 +26,7 @@ import android.support.v4.app.Fragment; import android.support.v4.app.LoaderManager; import android.support.v4.content.CursorLoader; import android.support.v4.content.Loader; -import android.text.Spannable; -import android.text.SpannableStringBuilder; import android.text.format.DateFormat; -import android.text.style.ForegroundColorSpan; import android.view.LayoutInflater; import android.view.View; import android.view.ViewGroup; @@ -303,7 +300,7 @@ public class ViewKeyMainFragment extends Fragment implements } String fingerprint = PgpKeyHelper.convertFingerprintToHex(fingerprintBlob, true); - mFingerprint.setText(colorizeFingerprint(fingerprint)); + mFingerprint.setText(OtherHelper.colorizeFingerprint(fingerprint)); } mKeysAdapter.swapCursor(data); @@ -314,63 +311,6 @@ public class ViewKeyMainFragment extends Fragment implements } } - private SpannableStringBuilder colorizeFingerprint(String fingerprint) { - SpannableStringBuilder sb = new SpannableStringBuilder(fingerprint); - try { - // for each 4 characters of the fingerprint + 1 space - for (int i = 0; i < fingerprint.length(); i += 5) { - int spanEnd = Math.min(i + 4, fingerprint.length()); - String fourChars = fingerprint.substring(i, spanEnd); - - int raw = Integer.parseInt(fourChars, 16); - byte[] bytes = {(byte) ((raw >> 8) & 0xff - 128), (byte) (raw & 0xff - 128)}; - int[] color = OtherHelper.getRgbForData(bytes); - int r = color[0]; - int g = color[1]; - int b = color[2]; - - // we cannot change black by multiplication, so adjust it to an almost-black grey, - // which will then be brightened to the minimal brightness level - if (r == 0 && g == 0 && b == 0) { - r = 1; - g = 1; - b = 1; - } - - // Convert rgb to brightness - double brightness = 0.2126 * r + 0.7152 * g + 0.0722 * b; - - // If a color is too dark to be seen on black, - // then brighten it up to a minimal brightness. - if (brightness < 80) { - double factor = 80.0 / brightness; - r = Math.min(255, (int) (r * factor)); - g = Math.min(255, (int) (g * factor)); - b = Math.min(255, (int) (b * factor)); - - // If it is too light, then darken it to a respective maximal brightness. - } else if (brightness > 180) { - double factor = 180.0 / brightness; - r = (int) (r * factor); - g = (int) (g * factor); - b = (int) (b * factor); - } - - // Create a foreground color with the 3 digest integers as RGB - // and then converting that int to hex to use as a color - sb.setSpan(new ForegroundColorSpan(Color.rgb(r, g, b)), - i, spanEnd, Spannable.SPAN_INCLUSIVE_INCLUSIVE); - } - } catch (Exception e) { - Log.e(Constants.TAG, "Colorization failed", e); - // if anything goes wrong, then just display the fingerprint without colour, - // instead of partially correct colour or wrong colours - return new SpannableStringBuilder(fingerprint); - } - - return sb; - } - /** * This is called when the last Cursor provided to onLoadFinished() above is about to be closed. * We need to make sure we are no longer using it. From db25c56b6479a3679a8abe01e865ad5231be73ee Mon Sep 17 00:00:00 2001 From: Vincent Breitmoser Date: Wed, 12 Mar 2014 02:58:42 +0100 Subject: [PATCH 2/9] certify: add certify action button to viewkeymainfragment --- .../keychain/ui/ViewKeyMainFragment.java | 21 +++++++++++++++++++ .../res/layout/view_key_main_fragment.xml | 11 ++++++++++ 2 files changed, 32 insertions(+) diff --git a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyMainFragment.java b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyMainFragment.java index a361b24b6..0915fa2e2 100644 --- a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyMainFragment.java +++ b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyMainFragment.java @@ -62,6 +62,7 @@ public class ViewKeyMainFragment extends Fragment implements private TextView mSecretKey; private BootstrapButton mActionEdit; private BootstrapButton mActionEncrypt; + private BootstrapButton mActionCertify; private ListView mUserIds; private ListView mKeys; @@ -92,6 +93,7 @@ public class ViewKeyMainFragment extends Fragment implements mKeys = (ListView) view.findViewById(R.id.keys); mActionEdit = (BootstrapButton) view.findViewById(R.id.action_edit); mActionEncrypt = (BootstrapButton) view.findViewById(R.id.action_encrypt); + mActionCertify = (BootstrapButton) view.findViewById(R.id.action_certify); return view; } @@ -128,6 +130,11 @@ public class ViewKeyMainFragment extends Fragment implements mSecretKey.setTextColor(getResources().getColor(R.color.emphasis)); mSecretKey.setText(R.string.secret_key_yes); + // certify button + // TODO this button MIGHT be useful if the user wants to + // certify a private key with another... + // mActionCertify.setVisibility(View.GONE); + // edit button mActionEdit.setVisibility(View.VISIBLE); mActionEdit.setOnClickListener(new View.OnClickListener() { @@ -144,8 +151,22 @@ public class ViewKeyMainFragment extends Fragment implements } else { mSecretKey.setTextColor(Color.BLACK); mSecretKey.setText(getResources().getString(R.string.secret_key_no)); + + // certify button + mActionCertify.setVisibility(View.VISIBLE); + // edit button mActionEdit.setVisibility(View.GONE); } + + // TODO see todo note above, doing this here for now + mActionCertify.setOnClickListener(new View.OnClickListener() { + public void onClick(View view) { + certifyKey(KeychainContract.KeyRings.buildPublicKeyRingsByMasterKeyIdUri( + Long.toString(masterKeyId) + )); + } + }); + } mActionEncrypt.setOnClickListener(new View.OnClickListener() { diff --git a/OpenPGP-Keychain/src/main/res/layout/view_key_main_fragment.xml b/OpenPGP-Keychain/src/main/res/layout/view_key_main_fragment.xml index 3c8a4270b..6ef3f3072 100644 --- a/OpenPGP-Keychain/src/main/res/layout/view_key_main_fragment.xml +++ b/OpenPGP-Keychain/src/main/res/layout/view_key_main_fragment.xml @@ -251,6 +251,17 @@ bootstrapbutton:bb_icon_left="fa-lock" bootstrapbutton:bb_type="info" /> + + + \ No newline at end of file From 9920196f70a67301117770421526a6e5c4cc1332 Mon Sep 17 00:00:00 2001 From: Vincent Breitmoser Date: Sat, 15 Mar 2014 13:18:52 +0100 Subject: [PATCH 3/9] certify: selectsecretkeyfragment cosmetics --- .../ui/SelectSecretKeyLayoutFragment.java | 13 ++++++++++--- .../layout/select_secret_key_layout_fragment.xml | 15 ++++++++++++--- 2 files changed, 22 insertions(+), 6 deletions(-) diff --git a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/ui/SelectSecretKeyLayoutFragment.java b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/ui/SelectSecretKeyLayoutFragment.java index beff8385e..3d22ca9f6 100644 --- a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/ui/SelectSecretKeyLayoutFragment.java +++ b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/ui/SelectSecretKeyLayoutFragment.java @@ -39,6 +39,7 @@ public class SelectSecretKeyLayoutFragment extends Fragment { private TextView mKeyUserId; private TextView mKeyUserIdRest; private TextView mKeyMasterKeyIdHex; + private TextView mNoKeySelected; private BootstrapButton mSelectKeyButton; private Boolean mFilterCertify; @@ -60,10 +61,10 @@ public class SelectSecretKeyLayoutFragment extends Fragment { public void selectKey(long secretKeyId) { if (secretKeyId == Id.key.none) { - mKeyMasterKeyIdHex.setText(R.string.api_settings_no_key); - mKeyUserIdRest.setText(""); + mNoKeySelected.setVisibility(View.VISIBLE); mKeyUserId.setVisibility(View.GONE); mKeyUserIdRest.setVisibility(View.GONE); + mKeyMasterKeyIdHex.setVisibility(View.GONE); } else { PGPSecretKeyRing keyRing = ProviderHelper.getPGPSecretKeyRingByMasterKeyId( @@ -93,20 +94,25 @@ public class SelectSecretKeyLayoutFragment extends Fragment { mKeyMasterKeyIdHex.setText(masterkeyIdHex); mKeyUserId.setText(userName); mKeyUserIdRest.setText(userEmail); + mKeyMasterKeyIdHex.setVisibility(View.VISIBLE); mKeyUserId.setVisibility(View.VISIBLE); mKeyUserIdRest.setVisibility(View.VISIBLE); + mNoKeySelected.setVisibility(View.GONE); } else { - mKeyMasterKeyIdHex.setText(getActivity().getResources().getString(R.string.no_key)); + mKeyMasterKeyIdHex.setVisibility(View.GONE); mKeyUserId.setVisibility(View.GONE); mKeyUserIdRest.setVisibility(View.GONE); + mNoKeySelected.setVisibility(View.VISIBLE); } } else { mKeyMasterKeyIdHex.setText( getActivity().getResources() .getString(R.string.no_keys_added_or_updated) + " for master id: " + secretKeyId); + mKeyMasterKeyIdHex.setVisibility(View.VISIBLE); mKeyUserId.setVisibility(View.GONE); mKeyUserIdRest.setVisibility(View.GONE); + mNoKeySelected.setVisibility(View.GONE); } } @@ -124,6 +130,7 @@ public class SelectSecretKeyLayoutFragment extends Fragment { public View onCreateView(LayoutInflater inflater, ViewGroup container, Bundle savedInstanceState) { View view = inflater.inflate(R.layout.select_secret_key_layout_fragment, container, false); + mNoKeySelected = (TextView) view.findViewById(R.id.no_key_selected); mKeyUserId = (TextView) view.findViewById(R.id.select_secret_key_user_id); mKeyUserIdRest = (TextView) view.findViewById(R.id.select_secret_key_user_id_rest); mKeyMasterKeyIdHex = (TextView) view.findViewById(R.id.select_secret_key_master_key_hex); diff --git a/OpenPGP-Keychain/src/main/res/layout/select_secret_key_layout_fragment.xml b/OpenPGP-Keychain/src/main/res/layout/select_secret_key_layout_fragment.xml index c9661c614..408c0c54e 100644 --- a/OpenPGP-Keychain/src/main/res/layout/select_secret_key_layout_fragment.xml +++ b/OpenPGP-Keychain/src/main/res/layout/select_secret_key_layout_fragment.xml @@ -52,16 +52,25 @@ android:layout_marginRight="5dip" android:text="" android:visibility="gone" - android:textAppearance="?android:attr/textAppearanceSmall" /> + android:textAppearance="?android:attr/textAppearanceSmall" + android:paddingLeft="10dp" /> + + + android:layout_marginTop="15dp" /> From efc8252598ef4e5e198b9572648e7af62573cffb Mon Sep 17 00:00:00 2001 From: Vincent Breitmoser Date: Sat, 15 Mar 2014 13:22:02 +0100 Subject: [PATCH 4/9] certify: viewkeyuseridsadapter cosmetics and checkbox capability --- .../keychain/ui/ViewKeyMainFragment.java | 13 +-- .../ui/adapter/ViewKeyUserIdsAdapter.java | 81 +++++++++++++++++-- .../main/res/layout/view_key_userids_item.xml | 41 ++++++++-- 3 files changed, 117 insertions(+), 18 deletions(-) diff --git a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyMainFragment.java b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyMainFragment.java index 0915fa2e2..a828a4405 100644 --- a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyMainFragment.java +++ b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyMainFragment.java @@ -198,12 +198,13 @@ public class ViewKeyMainFragment extends Fragment implements static final int KEYRING_INDEX_USER_ID = 2; static final String[] USER_IDS_PROJECTION = - new String[]{KeychainContract.UserIds._ID, KeychainContract.UserIds.USER_ID, - KeychainContract.UserIds.RANK, }; - // not the main user id - static final String USER_IDS_SELECTION = KeychainContract.UserIds.RANK + " > 0 "; + new String[]{ + KeychainContract.UserIds._ID, + KeychainContract.UserIds.USER_ID, + KeychainContract.UserIds.RANK, + }; static final String USER_IDS_SORT_ORDER = - KeychainContract.UserIds.USER_ID + " COLLATE LOCALIZED ASC"; + KeychainContract.UserIds.RANK + " COLLATE LOCALIZED ASC"; static final String[] KEYS_PROJECTION = new String[]{KeychainContract.Keys._ID, KeychainContract.Keys.KEY_ID, @@ -239,7 +240,7 @@ public class ViewKeyMainFragment extends Fragment implements // Now create and return a CursorLoader that will take care of // creating a Cursor for the data being displayed. - return new CursorLoader(getActivity(), baseUri, USER_IDS_PROJECTION, USER_IDS_SELECTION, null, + return new CursorLoader(getActivity(), baseUri, USER_IDS_PROJECTION, null, null, USER_IDS_SORT_ORDER); } case LOADER_ID_KEYS: { diff --git a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/ui/adapter/ViewKeyUserIdsAdapter.java b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/ui/adapter/ViewKeyUserIdsAdapter.java index 3ba291c3d..61572b9ce 100644 --- a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/ui/adapter/ViewKeyUserIdsAdapter.java +++ b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/ui/adapter/ViewKeyUserIdsAdapter.java @@ -23,26 +23,48 @@ import android.support.v4.widget.CursorAdapter; import android.view.LayoutInflater; import android.view.View; import android.view.ViewGroup; +import android.widget.CheckBox; +import android.widget.CompoundButton; import android.widget.TextView; import org.sufficientlysecure.keychain.R; +import org.sufficientlysecure.keychain.pgp.PgpKeyHelper; import org.sufficientlysecure.keychain.provider.KeychainContract.UserIds; +import java.util.ArrayList; + public class ViewKeyUserIdsAdapter extends CursorAdapter { private LayoutInflater mInflater; - private int mIndexUserId; + private int mIndexUserId, mIndexRank; - public ViewKeyUserIdsAdapter(Context context, Cursor c, int flags) { + final private ArrayList mCheckStates; + + public ViewKeyUserIdsAdapter(Context context, Cursor c, int flags, boolean showCheckBoxes) { super(context, c, flags); mInflater = LayoutInflater.from(context); + mCheckStates = showCheckBoxes ? new ArrayList() : null; + initIndex(c); } + public ViewKeyUserIdsAdapter(Context context, Cursor c, int flags) { + this(context, c, flags, false); + } @Override public Cursor swapCursor(Cursor newCursor) { initIndex(newCursor); + if(mCheckStates != null) { + mCheckStates.clear(); + if(newCursor != null) { + int count = newCursor.getCount(); + mCheckStates.ensureCapacity(count); + // initialize to true (use case knowledge: we usually want to sign all uids) + for(int i = 0; i < count; i++) + mCheckStates.add(true); + } + } return super.swapCursor(newCursor); } @@ -56,20 +78,67 @@ public class ViewKeyUserIdsAdapter extends CursorAdapter { private void initIndex(Cursor cursor) { if (cursor != null) { mIndexUserId = cursor.getColumnIndexOrThrow(UserIds.USER_ID); + mIndexRank = cursor.getColumnIndexOrThrow(UserIds.RANK); } } @Override public void bindView(View view, Context context, Cursor cursor) { - String userIdStr = cursor.getString(mIndexUserId); - TextView userId = (TextView) view.findViewById(R.id.userId); - userId.setText(userIdStr); + TextView vRank = (TextView) view.findViewById(R.id.rank); + TextView vUserId = (TextView) view.findViewById(R.id.userId); + TextView vAddress = (TextView) view.findViewById(R.id.address); + + vRank.setText(Integer.toString(cursor.getInt(mIndexRank))); + + String[] userId = PgpKeyHelper.splitUserId(cursor.getString(mIndexUserId)); + if (userId[0] != null) { + vUserId.setText(userId[0]); + } else { + vUserId.setText(R.string.user_id_no_name); + } + vAddress.setText(userId[1]); + + // don't care further if checkboxes aren't shown + if(mCheckStates == null) + return; + + final CheckBox vCheckBox = (CheckBox) view.findViewById(R.id.checkBox); + final int position = cursor.getPosition(); + vCheckBox.setClickable(false); + vCheckBox.setChecked(mCheckStates.get(position)); + vCheckBox.setOnCheckedChangeListener(new CompoundButton.OnCheckedChangeListener() { + @Override + public void onCheckedChanged(CompoundButton compoundButton, boolean b) { + mCheckStates.set(position, b); + } + }); + view.setOnClickListener(new View.OnClickListener() { + @Override + public void onClick(View view) { + vCheckBox.toggle(); + } + }); + + } + + public ArrayList getSelectedUserIds() { + ArrayList result = new ArrayList(); + for(int i = 0; i < mCheckStates.size(); i++) { + if(mCheckStates.get(i)) { + mCursor.moveToPosition(i); + result.add(mCursor.getString(mIndexUserId)); + } + } + return result; } @Override public View newView(Context context, Cursor cursor, ViewGroup parent) { - return mInflater.inflate(R.layout.view_key_userids_item, null); + View view = mInflater.inflate(R.layout.view_key_userids_item, null); + // only need to do this once ever, since mShowCheckBoxes is final + view.findViewById(R.id.checkBox).setVisibility(mCheckStates != null ? View.VISIBLE : View.GONE); + return view; } } diff --git a/OpenPGP-Keychain/src/main/res/layout/view_key_userids_item.xml b/OpenPGP-Keychain/src/main/res/layout/view_key_userids_item.xml index 22f0cdc5f..2e8cfeb04 100644 --- a/OpenPGP-Keychain/src/main/res/layout/view_key_userids_item.xml +++ b/OpenPGP-Keychain/src/main/res/layout/view_key_userids_item.xml @@ -2,15 +2,44 @@ - + android:id="@+id/checkBox" /> - \ No newline at end of file + + + + + + + + + + From 49984846d5955e29b1edd7aad5b1474a0eebfcfc Mon Sep 17 00:00:00 2001 From: Vincent Breitmoser Date: Sat, 15 Mar 2014 13:22:48 +0100 Subject: [PATCH 5/9] certify: support PUBLIC_KEY_RING_BY_MASTER_KEY_ID_USER_ID uri (haha) --- .../keychain/provider/KeychainProvider.java | 36 +++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainProvider.java b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainProvider.java index 748aaeb1b..b963ceb39 100644 --- a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainProvider.java +++ b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainProvider.java @@ -55,6 +55,7 @@ public class KeychainProvider extends ContentProvider { private static final int PUBLIC_KEY_RING_USER_ID = 121; private static final int PUBLIC_KEY_RING_USER_ID_BY_ROW_ID = 122; + private static final int PUBLIC_KEY_RING_BY_MASTER_KEY_ID_USER_ID = 123; private static final int SECRET_KEY_RING = 201; private static final int SECRET_KEY_RING_BY_ROW_ID = 202; @@ -150,6 +151,7 @@ public class KeychainProvider extends ContentProvider { *
          * key_rings/public/#/user_ids
          * key_rings/public/#/user_ids/#
+         * key_rings/public/master_key_id/#/user_ids
          * 
*/ matcher.addURI(authority, KeychainContract.BASE_KEY_RINGS + "/" @@ -158,6 +160,10 @@ public class KeychainProvider extends ContentProvider { matcher.addURI(authority, KeychainContract.BASE_KEY_RINGS + "/" + KeychainContract.PATH_PUBLIC + "/#/" + KeychainContract.PATH_USER_IDS + "/#", PUBLIC_KEY_RING_USER_ID_BY_ROW_ID); + matcher.addURI(authority, KeychainContract.BASE_KEY_RINGS + "/" + + KeychainContract.PATH_PUBLIC + "/" + + KeychainContract.PATH_BY_MASTER_KEY_ID + "/*/" + KeychainContract.PATH_USER_IDS, + PUBLIC_KEY_RING_BY_MASTER_KEY_ID_USER_ID); /** * secret key rings @@ -285,6 +291,7 @@ public class KeychainProvider extends ContentProvider { return Keys.CONTENT_ITEM_TYPE; case PUBLIC_KEY_RING_USER_ID: + case PUBLIC_KEY_RING_BY_MASTER_KEY_ID_USER_ID: case SECRET_KEY_RING_USER_ID: return UserIds.CONTENT_TYPE; @@ -322,6 +329,7 @@ public class KeychainProvider extends ContentProvider { case PUBLIC_KEY_RING_KEY: case PUBLIC_KEY_RING_KEY_BY_ROW_ID: case PUBLIC_KEY_RING_USER_ID: + case PUBLIC_KEY_RING_BY_MASTER_KEY_ID_USER_ID: case PUBLIC_KEY_RING_USER_ID_BY_ROW_ID: type = KeyTypes.PUBLIC; break; @@ -364,6 +372,11 @@ public class KeychainProvider extends ContentProvider { // TODO: deprecated master key id //projectionMap.put(KeyRingsColumns.MASTER_KEY_ID, Tables.KEYS + "." + KeysColumns.KEY_ID); + projectionMap.put(KeysColumns.ALGORITHM, Tables.KEYS + "." + KeysColumns.ALGORITHM); + projectionMap.put(KeysColumns.KEY_SIZE, Tables.KEYS + "." + KeysColumns.KEY_SIZE); + projectionMap.put(KeysColumns.CREATION, Tables.KEYS + "." + KeysColumns.CREATION); + projectionMap.put(KeysColumns.EXPIRY, Tables.KEYS + "." + KeysColumns.EXPIRY); + projectionMap.put(KeysColumns.KEY_RING_ROW_ID, Tables.KEYS + "." + KeysColumns.KEY_RING_ROW_ID); projectionMap.put(KeysColumns.FINGERPRINT, Tables.KEYS + "." + KeysColumns.FINGERPRINT); projectionMap.put(KeysColumns.IS_REVOKED, Tables.KEYS + "." + KeysColumns.IS_REVOKED); @@ -403,6 +416,18 @@ public class KeychainProvider extends ContentProvider { return projectionMap; } + private HashMap getProjectionMapForUserIds() { + HashMap projectionMap = new HashMap(); + + projectionMap.put(BaseColumns._ID, Tables.USER_IDS + "." + BaseColumns._ID); + projectionMap.put(UserIdsColumns.USER_ID, Tables.USER_IDS + "." + UserIdsColumns.USER_ID); + projectionMap.put(UserIdsColumns.RANK, Tables.USER_IDS + "." + UserIdsColumns.RANK); + projectionMap.put(KeyRingsColumns.MASTER_KEY_ID, Tables.KEY_RINGS + "." + + KeyRingsColumns.MASTER_KEY_ID); + + return projectionMap; + } + /** * Builds default query for keyRings: KeyRings table is joined with UserIds and Keys */ @@ -606,6 +631,17 @@ public class KeychainProvider extends ContentProvider { break; + case PUBLIC_KEY_RING_BY_MASTER_KEY_ID_USER_ID: + qb.setTables(Tables.USER_IDS + " INNER JOIN " + Tables.KEY_RINGS + " ON " + "(" + + Tables.KEY_RINGS + "." + BaseColumns._ID + " = " + Tables.USER_IDS + "." + + KeysColumns.KEY_RING_ROW_ID + " )"); + qb.appendWhere(Tables.KEY_RINGS + "." + KeyRingsColumns.MASTER_KEY_ID + " = "); + qb.appendWhereEscapeString(uri.getPathSegments().get(3)); + + qb.setProjectionMap(getProjectionMapForUserIds()); + + break; + case PUBLIC_KEY_RING_USER_ID: case SECRET_KEY_RING_USER_ID: qb.setTables(Tables.USER_IDS); From 1de0312bb53935f8b48e4e7437169e72a154edbf Mon Sep 17 00:00:00 2001 From: Vincent Breitmoser Date: Sat, 15 Mar 2014 13:24:49 +0100 Subject: [PATCH 6/9] certify: revamp certifykeyactivity show info on the key to be certified, along with a list of (selectable) user ids. user ids are handed through to the signing service, but not yet handled. --- .../service/KeychainIntentService.java | 2 + .../keychain/ui/CertifyKeyActivity.java | 97 ++++++++++++++++++- .../main/res/layout/certify_key_activity.xml | 87 +++++++++++++++++ .../src/main/res/values/strings.xml | 1 + 4 files changed, 186 insertions(+), 1 deletion(-) diff --git a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java index 4e5812202..eb2367061 100644 --- a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java +++ b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java @@ -143,6 +143,7 @@ public class KeychainIntentService extends IntentService // sign key public static final String CERTIFY_KEY_MASTER_KEY_ID = "sign_key_master_key_id"; public static final String CERTIFY_KEY_PUB_KEY_ID = "sign_key_pub_key_id"; + public static final String CERTIFY_KEY_UIDS = "sign_key_uids"; /* * possible data keys as result send over messenger @@ -804,6 +805,7 @@ public class KeychainIntentService extends IntentService /* Input */ long masterKeyId = data.getLong(CERTIFY_KEY_MASTER_KEY_ID); long pubKeyId = data.getLong(CERTIFY_KEY_PUB_KEY_ID); + // String[] userIds = data.getStringArray(CERTIFY_KEY_PUB_KEY_ID); /* Operation */ String signaturePassPhrase = PassphraseCacheService.getCachedPassphrase(this, diff --git a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyActivity.java b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyActivity.java index ecf8ff09e..3590baa76 100644 --- a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyActivity.java +++ b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyActivity.java @@ -19,13 +19,18 @@ package org.sufficientlysecure.keychain.ui; import android.app.ProgressDialog; import android.content.Intent; +import android.database.Cursor; import android.net.Uri; import android.os.Bundle; import android.os.Handler; import android.os.Message; import android.os.Messenger; +import android.support.v4.app.LoaderManager; +import android.support.v4.content.CursorLoader; +import android.support.v4.content.Loader; import android.support.v7.app.ActionBar; import android.support.v7.app.ActionBarActivity; +import android.text.format.DateFormat; import android.view.View; import android.view.View.OnClickListener; import android.widget.*; @@ -39,20 +44,23 @@ import org.sufficientlysecure.keychain.helper.OtherHelper; import org.sufficientlysecure.keychain.helper.Preferences; import org.sufficientlysecure.keychain.pgp.PgpKeyHelper; import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException; +import org.sufficientlysecure.keychain.provider.KeychainContract; import org.sufficientlysecure.keychain.provider.ProviderHelper; import org.sufficientlysecure.keychain.service.KeychainIntentService; import org.sufficientlysecure.keychain.service.KeychainIntentServiceHandler; import org.sufficientlysecure.keychain.service.PassphraseCacheService; +import org.sufficientlysecure.keychain.ui.adapter.ViewKeyUserIdsAdapter; import org.sufficientlysecure.keychain.ui.dialog.PassphraseDialogFragment; import org.sufficientlysecure.keychain.util.Log; +import java.util.Date; import java.util.Iterator; /** * Signs the specified public key with the specified secret master key */ public class CertifyKeyActivity extends ActionBarActivity implements - SelectSecretKeyLayoutFragment.SelectSecretKeyCallback { + SelectSecretKeyLayoutFragment.SelectSecretKeyCallback, LoaderManager.LoaderCallbacks { private BootstrapButton mSignButton; private CheckBox mUploadKeyCheckbox; private Spinner mSelectKeyserverSpinner; @@ -63,6 +71,12 @@ public class CertifyKeyActivity extends ActionBarActivity implements private long mPubKeyId = 0; private long mMasterKeyId = 0; + private ListView mUserIds; + private ViewKeyUserIdsAdapter mUserIdsAdapter; + + private static final int LOADER_ID_KEYRING = 0; + private static final int LOADER_ID_USER_IDS = 1; + @Override protected void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); @@ -126,9 +140,18 @@ public class CertifyKeyActivity extends ActionBarActivity implements finish(); return; } + Log.e(Constants.TAG, "uri: " + mDataUri); PGPPublicKeyRing signKey = (PGPPublicKeyRing) ProviderHelper.getPGPKeyRing(this, mDataUri); + mUserIds = (ListView) findViewById(R.id.user_ids); + + mUserIdsAdapter = new ViewKeyUserIdsAdapter(this, null, 0, true); + mUserIds.setAdapter(mUserIdsAdapter); + + getSupportLoaderManager().initLoader(LOADER_ID_KEYRING, null, this); + getSupportLoaderManager().initLoader(LOADER_ID_USER_IDS, null, this); + if (signKey != null) { mPubKeyId = PgpKeyHelper.getMasterKey(signKey).getKeyID(); } @@ -139,6 +162,76 @@ public class CertifyKeyActivity extends ActionBarActivity implements } } + static final String[] KEYRING_PROJECTION = + new String[] { + KeychainContract.KeyRings._ID, + KeychainContract.KeyRings.MASTER_KEY_ID, + KeychainContract.Keys.FINGERPRINT, + KeychainContract.UserIds.USER_ID + }; + static final int INDEX_MASTER_KEY_ID = 1; + static final int INDEX_FINGERPRINT = 2; + static final int INDEX_USER_ID = 3; + + static final String[] USER_IDS_PROJECTION = + new String[]{ + KeychainContract.UserIds._ID, + KeychainContract.UserIds.USER_ID, + KeychainContract.UserIds.RANK + }; + static final String USER_IDS_SORT_ORDER = + KeychainContract.UserIds.RANK + " ASC"; + + @Override + public Loader onCreateLoader(int id, Bundle args) { + switch(id) { + case LOADER_ID_KEYRING: + return new CursorLoader(this, mDataUri, KEYRING_PROJECTION, null, null, null); + case LOADER_ID_USER_IDS: { + Uri baseUri = KeychainContract.UserIds.buildUserIdsUri(mDataUri); + return new CursorLoader(this, baseUri, USER_IDS_PROJECTION, null, null, USER_IDS_SORT_ORDER); + } + } + return null; + } + + @Override + public void onLoadFinished(Loader loader, Cursor data) { + switch(loader.getId()) { + case LOADER_ID_KEYRING: + // the first key here is our master key + if (data.moveToFirst()) { + long keyId = data.getLong(INDEX_MASTER_KEY_ID); + String keyIdStr = PgpKeyHelper.convertKeyIdToHex(keyId); + ((TextView) findViewById(R.id.key_id)).setText(keyIdStr); + + String mainUserId = data.getString(INDEX_USER_ID); + ((TextView) findViewById(R.id.main_user_id)).setText(mainUserId); + + byte[] fingerprintBlob = data.getBlob(INDEX_FINGERPRINT); + if (fingerprintBlob == null) { + // FALLBACK for old database entries + fingerprintBlob = ProviderHelper.getFingerprint(this, mDataUri); + } + String fingerprint = PgpKeyHelper.convertFingerprintToHex(fingerprintBlob, true); + ((TextView) findViewById(R.id.fingerprint)).setText(OtherHelper.colorizeFingerprint(fingerprint)); + } + break; + case LOADER_ID_USER_IDS: + mUserIdsAdapter.swapCursor(data); + break; + } + } + + @Override + public void onLoaderReset(Loader loader) { + switch(loader.getId()) { + case LOADER_ID_USER_IDS: + mUserIdsAdapter.swapCursor(null); + break; + } + } + private void showPassphraseDialog(final long secretKeyId) { // Message is received after passphrase is cached Handler returnHandler = new Handler() { @@ -220,6 +313,8 @@ public class CertifyKeyActivity extends ActionBarActivity implements data.putLong(KeychainIntentService.CERTIFY_KEY_MASTER_KEY_ID, mMasterKeyId); data.putLong(KeychainIntentService.CERTIFY_KEY_PUB_KEY_ID, mPubKeyId); + data.putStringArray(KeychainIntentService.CERTIFY_KEY_UIDS, + (String[]) mUserIdsAdapter.getSelectedUserIds().toArray()); intent.putExtra(KeychainIntentService.EXTRA_DATA, data); diff --git a/OpenPGP-Keychain/src/main/res/layout/certify_key_activity.xml b/OpenPGP-Keychain/src/main/res/layout/certify_key_activity.xml index ddb424ee8..6cd140739 100644 --- a/OpenPGP-Keychain/src/main/res/layout/certify_key_activity.xml +++ b/OpenPGP-Keychain/src/main/res/layout/certify_key_activity.xml @@ -29,6 +29,93 @@ android:layout_marginTop="4dp" tools:layout="@layout/select_secret_key_layout_fragment" /> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Secret Key
available unavailable + User IDs to sign From a3224687f6d94ce36acb0b5d70087e9af8eb24c6 Mon Sep 17 00:00:00 2001 From: Vincent Breitmoser Date: Sat, 15 Mar 2014 15:28:26 +0100 Subject: [PATCH 7/9] certify: add some subscopes in PgpKeyOperation for readability note this commit introduces NO semantical changes whatsoever! --- .../keychain/pgp/PgpKeyOperation.java | 258 ++++++++++-------- 1 file changed, 137 insertions(+), 121 deletions(-) diff --git a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java index c7ec02d7d..fe09ea525 100644 --- a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java +++ b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java @@ -215,106 +215,118 @@ public class PgpKeyOperation { updateProgress(R.string.progress_preparing_master_key, 10, 100); - int usageId = keysUsages.get(0); - boolean canSign = - (usageId == Id.choice.usage.sign_only || usageId == Id.choice.usage.sign_and_encrypt); - boolean canEncrypt = - (usageId == Id.choice.usage.encrypt_only || usageId == Id.choice.usage.sign_and_encrypt); + // prepare keyring generator with given master public and secret key + PGPKeyRingGenerator keyGen; + PGPPublicKey masterPublicKey; { - String mainUserId = userIds.get(0); + String mainUserId = userIds.get(0); - PGPSecretKey masterKey = keys.get(0); + // prepare the master key pair + PGPKeyPair masterKeyPair; { - // this removes all userIds and certifications previously attached to the masterPublicKey - PGPPublicKey tmpKey = masterKey.getPublicKey(); - PGPPublicKey masterPublicKey = new PGPPublicKey(tmpKey.getAlgorithm(), - tmpKey.getKey(new BouncyCastleProvider()), tmpKey.getCreationTime()); + PGPSecretKey masterKey = keys.get(0); - // already done by code above: - // PGPPublicKey masterPublicKey = masterKey.getPublicKey(); - // // Somehow, the PGPPublicKey already has an empty certification attached to it when the - // // keyRing is generated the first time, we remove that when it exists, before adding the - // new - // // ones - // PGPPublicKey masterPublicKeyRmCert = PGPPublicKey.removeCertification(masterPublicKey, - // ""); - // if (masterPublicKeyRmCert != null) { - // masterPublicKey = masterPublicKeyRmCert; - // } + // this removes all userIds and certifications previously attached to the masterPublicKey + PGPPublicKey tmpKey = masterKey.getPublicKey(); + masterPublicKey = new PGPPublicKey(tmpKey.getAlgorithm(), + tmpKey.getKey(new BouncyCastleProvider()), tmpKey.getCreationTime()); - PBESecretKeyDecryptor keyDecryptor = new JcePBESecretKeyDecryptorBuilder().setProvider( - Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(oldPassPhrase.toCharArray()); - PGPPrivateKey masterPrivateKey = masterKey.extractPrivateKey(keyDecryptor); + // already done by code above: + // PGPPublicKey masterPublicKey = masterKey.getPublicKey(); + // // Somehow, the PGPPublicKey already has an empty certification attached to it when the + // // keyRing is generated the first time, we remove that when it exists, before adding the + // new + // // ones + // PGPPublicKey masterPublicKeyRmCert = PGPPublicKey.removeCertification(masterPublicKey, + // ""); + // if (masterPublicKeyRmCert != null) { + // masterPublicKey = masterPublicKeyRmCert; + // } - updateProgress(R.string.progress_certifying_master_key, 20, 100); + PBESecretKeyDecryptor keyDecryptor = new JcePBESecretKeyDecryptorBuilder().setProvider( + Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(oldPassPhrase.toCharArray()); + PGPPrivateKey masterPrivateKey = masterKey.extractPrivateKey(keyDecryptor); - // TODO: if we are editing a key, keep old certs, don't remake certs we don't have to. + updateProgress(R.string.progress_certifying_master_key, 20, 100); - for (String userId : userIds) { - PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder( - masterPublicKey.getAlgorithm(), HashAlgorithmTags.SHA1) - .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME); - PGPSignatureGenerator sGen = new PGPSignatureGenerator(signerBuilder); + // TODO: if we are editing a key, keep old certs, don't remake certs we don't have to. - sGen.init(PGPSignature.POSITIVE_CERTIFICATION, masterPrivateKey); + for (String userId : userIds) { + PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder( + masterPublicKey.getAlgorithm(), HashAlgorithmTags.SHA1) + .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME); + PGPSignatureGenerator sGen = new PGPSignatureGenerator(signerBuilder); - PGPSignature certification = sGen.generateCertification(userId, masterPublicKey); + sGen.init(PGPSignature.POSITIVE_CERTIFICATION, masterPrivateKey); - masterPublicKey = PGPPublicKey.addCertification(masterPublicKey, userId, certification); - } + PGPSignature certification = sGen.generateCertification(userId, masterPublicKey); - PGPKeyPair masterKeyPair = new PGPKeyPair(masterPublicKey, masterPrivateKey); + masterPublicKey = PGPPublicKey.addCertification(masterPublicKey, userId, certification); + } - PGPSignatureSubpacketGenerator hashedPacketsGen = new PGPSignatureSubpacketGenerator(); - PGPSignatureSubpacketGenerator unhashedPacketsGen = new PGPSignatureSubpacketGenerator(); - - int keyFlags = KeyFlags.CERTIFY_OTHER | KeyFlags.SIGN_DATA; - if (canEncrypt) { - keyFlags |= KeyFlags.ENCRYPT_COMMS | KeyFlags.ENCRYPT_STORAGE; - } - hashedPacketsGen.setKeyFlags(true, keyFlags); - - hashedPacketsGen.setPreferredSymmetricAlgorithms(true, PREFERRED_SYMMETRIC_ALGORITHMS); - hashedPacketsGen.setPreferredHashAlgorithms(true, PREFERRED_HASH_ALGORITHMS); - hashedPacketsGen.setPreferredCompressionAlgorithms(true, PREFERRED_COMPRESSION_ALGORITHMS); - - if (keysExpiryDates.get(0) != null) { - GregorianCalendar creationDate = new GregorianCalendar(TimeZone.getTimeZone("UTC")); - creationDate.setTime(masterPublicKey.getCreationTime()); - GregorianCalendar expiryDate = keysExpiryDates.get(0); - //note that the below, (a/c) - (b/c) is *not* the same as (a - b) /c - //here we purposefully ignore partial days in each date - long type has no fractional part! - long numDays = - (expiryDate.getTimeInMillis() / 86400000) - (creationDate.getTimeInMillis() / 86400000); - if (numDays <= 0) { - throw new PgpGeneralException( - mContext.getString(R.string.error_expiry_must_come_after_creation)); + masterKeyPair = new PGPKeyPair(masterPublicKey, masterPrivateKey); } - hashedPacketsGen.setKeyExpirationTime(false, numDays * 86400); - } else { - //do this explicitly, although since we're rebuilding, - hashedPacketsGen.setKeyExpirationTime(false, 0); - //this happens anyway + + PGPSignatureSubpacketGenerator hashedPacketsGen; + PGPSignatureSubpacketGenerator unhashedPacketsGen; { + + hashedPacketsGen = new PGPSignatureSubpacketGenerator(); + unhashedPacketsGen = new PGPSignatureSubpacketGenerator(); + + int usageId = keysUsages.get(0); + boolean canEncrypt = + (usageId == Id.choice.usage.encrypt_only || usageId == Id.choice.usage.sign_and_encrypt); + + int keyFlags = KeyFlags.CERTIFY_OTHER | KeyFlags.SIGN_DATA; + if (canEncrypt) { + keyFlags |= KeyFlags.ENCRYPT_COMMS | KeyFlags.ENCRYPT_STORAGE; + } + hashedPacketsGen.setKeyFlags(true, keyFlags); + + hashedPacketsGen.setPreferredSymmetricAlgorithms(true, PREFERRED_SYMMETRIC_ALGORITHMS); + hashedPacketsGen.setPreferredHashAlgorithms(true, PREFERRED_HASH_ALGORITHMS); + hashedPacketsGen.setPreferredCompressionAlgorithms(true, PREFERRED_COMPRESSION_ALGORITHMS); + + if (keysExpiryDates.get(0) != null) { + GregorianCalendar creationDate = new GregorianCalendar(TimeZone.getTimeZone("UTC")); + creationDate.setTime(masterPublicKey.getCreationTime()); + GregorianCalendar expiryDate = keysExpiryDates.get(0); + //note that the below, (a/c) - (b/c) is *not* the same as (a - b) /c + //here we purposefully ignore partial days in each date - long type has no fractional part! + long numDays = + (expiryDate.getTimeInMillis() / 86400000) - (creationDate.getTimeInMillis() / 86400000); + if (numDays <= 0) { + throw new PgpGeneralException( + mContext.getString(R.string.error_expiry_must_come_after_creation)); + } + hashedPacketsGen.setKeyExpirationTime(false, numDays * 86400); + } else { + //do this explicitly, although since we're rebuilding, + hashedPacketsGen.setKeyExpirationTime(false, 0); + //this happens anyway + } + } + + updateProgress(R.string.progress_building_master_key, 30, 100); + + // define hashing and signing algos + PGPDigestCalculator sha1Calc = new JcaPGPDigestCalculatorProviderBuilder().build().get( + HashAlgorithmTags.SHA1); + PGPContentSignerBuilder certificationSignerBuilder = new JcaPGPContentSignerBuilder( + masterKeyPair.getPublicKey().getAlgorithm(), HashAlgorithmTags.SHA1); + + // Build key encrypter based on passphrase + PBESecretKeyEncryptor keyEncryptor = new JcePBESecretKeyEncryptorBuilder( + PGPEncryptedData.CAST5, sha1Calc) + .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build( + newPassPhrase.toCharArray()); + + keyGen = new PGPKeyRingGenerator(PGPSignature.POSITIVE_CERTIFICATION, + masterKeyPair, mainUserId, sha1Calc, hashedPacketsGen.generate(), + unhashedPacketsGen.generate(), certificationSignerBuilder, keyEncryptor); + } - updateProgress(R.string.progress_building_master_key, 30, 100); - - // define hashing and signing algos - PGPDigestCalculator sha1Calc = new JcaPGPDigestCalculatorProviderBuilder().build().get( - HashAlgorithmTags.SHA1); - PGPContentSignerBuilder certificationSignerBuilder = new JcaPGPContentSignerBuilder( - masterKeyPair.getPublicKey().getAlgorithm(), HashAlgorithmTags.SHA1); - - // Build key encrypter based on passphrase - PBESecretKeyEncryptor keyEncryptor = new JcePBESecretKeyEncryptorBuilder( - PGPEncryptedData.CAST5, sha1Calc) - .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build( - newPassPhrase.toCharArray()); - - PGPKeyRingGenerator keyGen = new PGPKeyRingGenerator(PGPSignature.POSITIVE_CERTIFICATION, - masterKeyPair, mainUserId, sha1Calc, hashedPacketsGen.generate(), - unhashedPacketsGen.generate(), certificationSignerBuilder, keyEncryptor); - updateProgress(R.string.progress_adding_sub_keys, 40, 100); for (int i = 1; i < keys.size(); ++i) { @@ -323,23 +335,23 @@ public class PgpKeyOperation { PGPSecretKey subKey = keys.get(i); PGPPublicKey subPublicKey = subKey.getPublicKey(); - PBESecretKeyDecryptor keyDecryptor2 = new JcePBESecretKeyDecryptorBuilder() + PBESecretKeyDecryptor keyDecryptor = new JcePBESecretKeyDecryptorBuilder() .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build( oldPassPhrase.toCharArray()); - PGPPrivateKey subPrivateKey = subKey.extractPrivateKey(keyDecryptor2); + PGPPrivateKey subPrivateKey = subKey.extractPrivateKey(keyDecryptor); // TODO: now used without algorithm and creation time?! (APG 1) PGPKeyPair subKeyPair = new PGPKeyPair(subPublicKey, subPrivateKey); - hashedPacketsGen = new PGPSignatureSubpacketGenerator(); - unhashedPacketsGen = new PGPSignatureSubpacketGenerator(); + PGPSignatureSubpacketGenerator hashedPacketsGen = new PGPSignatureSubpacketGenerator(); + PGPSignatureSubpacketGenerator unhashedPacketsGen = new PGPSignatureSubpacketGenerator(); - keyFlags = 0; + int keyFlags = 0; - usageId = keysUsages.get(i); - canSign = + int usageId = keysUsages.get(i); + boolean canSign = (usageId == Id.choice.usage.sign_only || usageId == Id.choice.usage.sign_and_encrypt); - canEncrypt = + boolean canEncrypt = (usageId == Id.choice.usage.encrypt_only || usageId == Id.choice.usage.sign_and_encrypt); if (canSign) { Date todayDate = new Date(); //both sig times the same @@ -402,37 +414,41 @@ public class PgpKeyOperation { if (passphrase == null) { throw new PgpGeneralException("Unable to obtain passphrase"); } else { + + // create a signatureGenerator from the supplied masterKeyId and passphrase + PGPSignatureGenerator signatureGenerator; { + + PGPSecretKey certificationKey = PgpKeyHelper.getCertificationKey(mContext, masterKeyId); + if (certificationKey == null) { + throw new PgpGeneralException(mContext.getString(R.string.error_signature_failed)); + } + + PBESecretKeyDecryptor keyDecryptor = new JcePBESecretKeyDecryptorBuilder().setProvider( + Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(passphrase.toCharArray()); + PGPPrivateKey signaturePrivateKey = certificationKey.extractPrivateKey(keyDecryptor); + if (signaturePrivateKey == null) { + throw new PgpGeneralException( + mContext.getString(R.string.error_could_not_extract_private_key)); + } + + // TODO: SHA256 fixed? + JcaPGPContentSignerBuilder contentSignerBuilder = new JcaPGPContentSignerBuilder( + certificationKey.getPublicKey().getAlgorithm(), PGPUtil.SHA256) + .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME); + + signatureGenerator = new PGPSignatureGenerator(contentSignerBuilder); + signatureGenerator.init(PGPSignature.DIRECT_KEY, signaturePrivateKey); + } + + { // supply signatureGenerator with a SubpacketVector + PGPSignatureSubpacketGenerator spGen = new PGPSignatureSubpacketGenerator(); + PGPSignatureSubpacketVector packetVector = spGen.generate(); + signatureGenerator.setHashedSubpackets(packetVector); + } + + // fetch public key ring, add the certification and return it PGPPublicKeyRing pubring = ProviderHelper .getPGPPublicKeyRingByKeyId(mContext, pubKeyId); - - PGPSecretKey certificationKey = PgpKeyHelper.getCertificationKey(mContext, masterKeyId); - if (certificationKey == null) { - throw new PgpGeneralException(mContext.getString(R.string.error_signature_failed)); - } - - PBESecretKeyDecryptor keyDecryptor = new JcePBESecretKeyDecryptorBuilder().setProvider( - Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(passphrase.toCharArray()); - PGPPrivateKey signaturePrivateKey = certificationKey.extractPrivateKey(keyDecryptor); - if (signaturePrivateKey == null) { - throw new PgpGeneralException( - mContext.getString(R.string.error_could_not_extract_private_key)); - } - - // TODO: SHA256 fixed? - JcaPGPContentSignerBuilder contentSignerBuilder = new JcaPGPContentSignerBuilder( - certificationKey.getPublicKey().getAlgorithm(), PGPUtil.SHA256) - .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME); - - PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator( - contentSignerBuilder); - - signatureGenerator.init(PGPSignature.DIRECT_KEY, signaturePrivateKey); - - PGPSignatureSubpacketGenerator spGen = new PGPSignatureSubpacketGenerator(); - - PGPSignatureSubpacketVector packetVector = spGen.generate(); - signatureGenerator.setHashedSubpackets(packetVector); - PGPPublicKey signedKey = PGPPublicKey.addCertification(pubring.getPublicKey(pubKeyId), signatureGenerator.generate()); pubring = PGPPublicKeyRing.insertPublicKey(pubring, signedKey); From 95be228b474c31a47743e84cf2abc1dff1d63079 Mon Sep 17 00:00:00 2001 From: Vincent Breitmoser Date: Sat, 15 Mar 2014 18:12:44 +0100 Subject: [PATCH 8/9] certify: sign individual UIDs direct signing of pubkeys is out for now. not sure how this should be handled, but it's trivial to re-add so leaving this up for discussion for now. --- .../keychain/pgp/PgpKeyOperation.java | 20 +++++++++++++++---- .../service/KeychainIntentService.java | 4 ++-- .../keychain/ui/CertifyKeyActivity.java | 19 ++++++++++++------ 3 files changed, 31 insertions(+), 12 deletions(-) diff --git a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java index fe09ea525..78e48b4ab 100644 --- a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java +++ b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java @@ -408,7 +408,16 @@ public class PgpKeyOperation { updateProgress(R.string.progress_done, 100, 100); } - public PGPPublicKeyRing certifyKey(long masterKeyId, long pubKeyId, String passphrase) + /** + * Certify the given pubkeyid with the given masterkeyid. + * + * @param masterKeyId Certifying key, must be available as secret key + * @param pubKeyId ID of public key to certify + * @param userIds User IDs to certify, must not be null or empty + * @param passphrase Passphrase of the secret key + * @return A keyring with added certifications + */ + public PGPPublicKeyRing certifyKey(long masterKeyId, long pubKeyId, List userIds, String passphrase) throws PgpGeneralException, NoSuchAlgorithmException, NoSuchProviderException, PGPException, SignatureException { if (passphrase == null) { @@ -437,7 +446,7 @@ public class PgpKeyOperation { .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME); signatureGenerator = new PGPSignatureGenerator(contentSignerBuilder); - signatureGenerator.init(PGPSignature.DIRECT_KEY, signaturePrivateKey); + signatureGenerator.init(PGPSignature.DEFAULT_CERTIFICATION, signaturePrivateKey); } { // supply signatureGenerator with a SubpacketVector @@ -449,8 +458,11 @@ public class PgpKeyOperation { // fetch public key ring, add the certification and return it PGPPublicKeyRing pubring = ProviderHelper .getPGPPublicKeyRingByKeyId(mContext, pubKeyId); - PGPPublicKey signedKey = PGPPublicKey.addCertification(pubring.getPublicKey(pubKeyId), - signatureGenerator.generate()); + PGPPublicKey signedKey = pubring.getPublicKey(pubKeyId); + for(String userId : new IterableIterator(userIds.iterator())) { + PGPSignature sig = signatureGenerator.generateCertification(userId, signedKey); + signedKey = PGPPublicKey.addCertification(signedKey, userId, sig); + } pubring = PGPPublicKeyRing.insertPublicKey(pubring, signedKey); return pubring; diff --git a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java index eb2367061..506ff2735 100644 --- a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java +++ b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java @@ -805,7 +805,7 @@ public class KeychainIntentService extends IntentService /* Input */ long masterKeyId = data.getLong(CERTIFY_KEY_MASTER_KEY_ID); long pubKeyId = data.getLong(CERTIFY_KEY_PUB_KEY_ID); - // String[] userIds = data.getStringArray(CERTIFY_KEY_PUB_KEY_ID); + ArrayList userIds = data.getStringArrayList(CERTIFY_KEY_UIDS); /* Operation */ String signaturePassPhrase = PassphraseCacheService.getCachedPassphrase(this, @@ -813,7 +813,7 @@ public class KeychainIntentService extends IntentService PgpKeyOperation keyOperation = new PgpKeyOperation(this, this); PGPPublicKeyRing signedPubKeyRing = keyOperation.certifyKey(masterKeyId, pubKeyId, - signaturePassPhrase); + userIds, signaturePassPhrase); // store the signed key in our local cache PgpImportExport pgpImportExport = new PgpImportExport(this, null); diff --git a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyActivity.java b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyActivity.java index 3590baa76..d8df5ced3 100644 --- a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyActivity.java +++ b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyActivity.java @@ -30,14 +30,12 @@ import android.support.v4.content.CursorLoader; import android.support.v4.content.Loader; import android.support.v7.app.ActionBar; import android.support.v7.app.ActionBarActivity; -import android.text.format.DateFormat; import android.view.View; import android.view.View.OnClickListener; import android.widget.*; import android.widget.CompoundButton.OnCheckedChangeListener; import com.beardedhen.androidbootstrap.BootstrapButton; import org.spongycastle.openpgp.PGPPublicKeyRing; -import org.spongycastle.openpgp.PGPSignature; import org.sufficientlysecure.keychain.Constants; import org.sufficientlysecure.keychain.R; import org.sufficientlysecure.keychain.helper.OtherHelper; @@ -53,8 +51,7 @@ import org.sufficientlysecure.keychain.ui.adapter.ViewKeyUserIdsAdapter; import org.sufficientlysecure.keychain.ui.dialog.PassphraseDialogFragment; import org.sufficientlysecure.keychain.util.Log; -import java.util.Date; -import java.util.Iterator; +import java.util.ArrayList; /** * Signs the specified public key with the specified secret master key @@ -267,6 +264,7 @@ public class CertifyKeyActivity extends ActionBarActivity implements // if we have already signed this key, dont bother doing it again boolean alreadySigned = false; + /* todo: reconsider this at a later point when certs are in the db @SuppressWarnings("unchecked") Iterator itr = pubring.getPublicKey(mPubKeyId).getSignatures(); while (itr.hasNext()) { @@ -276,6 +274,7 @@ public class CertifyKeyActivity extends ActionBarActivity implements break; } } + */ if (!alreadySigned) { /* @@ -303,6 +302,15 @@ public class CertifyKeyActivity extends ActionBarActivity implements * kicks off the actual signing process on a background thread */ private void startSigning() { + + // Bail out if there is not at least one user id selected + ArrayList userIds = mUserIdsAdapter.getSelectedUserIds(); + if(userIds.isEmpty()) { + Toast.makeText(CertifyKeyActivity.this, "No User IDs to sign selected!", + Toast.LENGTH_SHORT).show(); + return; + } + // Send all information needed to service to sign key in other thread Intent intent = new Intent(this, KeychainIntentService.class); @@ -313,8 +321,7 @@ public class CertifyKeyActivity extends ActionBarActivity implements data.putLong(KeychainIntentService.CERTIFY_KEY_MASTER_KEY_ID, mMasterKeyId); data.putLong(KeychainIntentService.CERTIFY_KEY_PUB_KEY_ID, mPubKeyId); - data.putStringArray(KeychainIntentService.CERTIFY_KEY_UIDS, - (String[]) mUserIdsAdapter.getSelectedUserIds().toArray()); + data.putStringArrayList(KeychainIntentService.CERTIFY_KEY_UIDS, userIds); intent.putExtra(KeychainIntentService.EXTRA_DATA, data); From 8fbd77fb15fda5d8984d6e39c1ebbce9696b0ae5 Mon Sep 17 00:00:00 2001 From: Vincent Breitmoser Date: Sat, 15 Mar 2014 18:15:39 +0100 Subject: [PATCH 9/9] certify: preserve user id certificates when saving secret keys --- .../keychain/pgp/PgpKeyOperation.java | 64 +++++++++++++++++-- .../service/KeychainIntentService.java | 5 +- .../src/main/res/values/strings.xml | 1 + 3 files changed, 64 insertions(+), 6 deletions(-) diff --git a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java index 78e48b4ab..5e7eb0a4a 100644 --- a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java +++ b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java @@ -36,6 +36,7 @@ import org.sufficientlysecure.keychain.Id; import org.sufficientlysecure.keychain.R; import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException; import org.sufficientlysecure.keychain.provider.ProviderHelper; +import org.sufficientlysecure.keychain.util.IterableIterator; import org.sufficientlysecure.keychain.util.Log; import org.sufficientlysecure.keychain.util.Primes; import org.sufficientlysecure.keychain.util.ProgressDialogUpdater; @@ -46,6 +47,8 @@ import java.security.*; import java.util.ArrayList; import java.util.Date; import java.util.GregorianCalendar; +import java.util.Iterator; +import java.util.List; import java.util.TimeZone; public class PgpKeyOperation { @@ -198,7 +201,7 @@ public class PgpKeyOperation { public void buildSecretKey(ArrayList userIds, ArrayList keys, ArrayList keysUsages, ArrayList keysExpiryDates, - long masterKeyId, String oldPassPhrase, + PGPPublicKey oldPublicKey, String oldPassPhrase, String newPassPhrase) throws PgpGeneralException, NoSuchProviderException, PGPException, NoSuchAlgorithmException, SignatureException, IOException { @@ -249,9 +252,32 @@ public class PgpKeyOperation { updateProgress(R.string.progress_certifying_master_key, 20, 100); - // TODO: if we are editing a key, keep old certs, don't remake certs we don't have to. - + // re-add old certificates, or create new ones for new uids for (String userId : userIds) { + // re-add certs for this uid, take a note if self-signed cert is in there + boolean foundSelfSign = false; + Iterator it = tmpKey.getSignaturesForID(userId); + if(it != null) for(PGPSignature sig : new IterableIterator(it)) { + if(sig.getKeyID() == masterPublicKey.getKeyID()) { + // already have a self sign? skip this other one, then. + // note: PGPKeyRingGenerator adds one cert for the main user id, which + // will lead to duplicates. unfortunately, if we add any other here + // first, that will change the main user id order... + if(foundSelfSign) + continue; + foundSelfSign = true; + } + Log.d(Constants.TAG, "adding old sig for " + userId + " from " + + PgpKeyHelper.convertKeyIdToHex(sig.getKeyID())); + masterPublicKey = PGPPublicKey.addCertification(masterPublicKey, userId, sig); + } + + // there was an old self-signed certificate for this uid + if(foundSelfSign) + continue; + + Log.d(Constants.TAG, "generating self-signed cert for " + userId); + PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder( masterPublicKey.getAlgorithm(), HashAlgorithmTags.SHA1) .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME); @@ -330,7 +356,7 @@ public class PgpKeyOperation { updateProgress(R.string.progress_adding_sub_keys, 40, 100); for (int i = 1; i < keys.size(); ++i) { - updateProgress(40 + 50 * (i - 1) / (keys.size() - 1), 100); + updateProgress(40 + 40 * (i - 1) / (keys.size() - 1), 100); PGPSecretKey subKey = keys.get(i); PGPPublicKey subPublicKey = subKey.getPublicKey(); @@ -400,8 +426,38 @@ public class PgpKeyOperation { PGPSecretKeyRing secretKeyRing = keyGen.generateSecretKeyRing(); PGPPublicKeyRing publicKeyRing = keyGen.generatePublicKeyRing(); + updateProgress(R.string.progress_re_adding_certs, 80, 100); + + // re-add certificates from old public key + // TODO: this only takes care of user id certificates, what about others? + PGPPublicKey pubkey = publicKeyRing.getPublicKey(); + for(String uid : new IterableIterator(pubkey.getUserIDs())) { + for(PGPSignature sig : new IterableIterator(oldPublicKey.getSignaturesForID(uid))) { + // but skip self certificates + if(sig.getKeyID() == pubkey.getKeyID()) + continue; + pubkey = PGPPublicKey.addCertification(pubkey, uid, sig); + } + } + publicKeyRing = PGPPublicKeyRing.insertPublicKey(publicKeyRing, pubkey); + updateProgress(R.string.progress_saving_key_ring, 90, 100); + /* additional handy debug info + Log.d(Constants.TAG, " ------- in private key -------"); + for(String uid : new IterableIterator(secretKeyRing.getPublicKey().getUserIDs())) { + for(PGPSignature sig : new IterableIterator(secretKeyRing.getPublicKey().getSignaturesForID(uid))) { + Log.d(Constants.TAG, "sig: " + PgpKeyHelper.convertKeyIdToHex(sig.getKeyID()) + " for " + uid); + } + } + Log.d(Constants.TAG, " ------- in public key -------"); + for(String uid : new IterableIterator(publicKeyRing.getPublicKey().getUserIDs())) { + for(PGPSignature sig : new IterableIterator(publicKeyRing.getPublicKey().getSignaturesForID(uid))) { + Log.d(Constants.TAG, "sig: " + PgpKeyHelper.convertKeyIdToHex(sig.getKeyID()) + " for " + uid); + } + } + */ + ProviderHelper.saveKeyRing(mContext, secretKeyRing); ProviderHelper.saveKeyRing(mContext, publicKeyRing); diff --git a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java index 506ff2735..daaff5d54 100644 --- a/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java +++ b/OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java @@ -543,8 +543,9 @@ public class KeychainIntentService extends IntentService ProviderHelper.getPGPSecretKeyRingByKeyId(this, masterKeyId), oldPassPhrase, newPassPhrase); } else { - keyOperations.buildSecretKey(userIds, keys, keysUsages, keysExpiryDates, masterKeyId, - oldPassPhrase, newPassPhrase); + PGPPublicKey pubkey = ProviderHelper.getPGPPublicKeyByKeyId(this, masterKeyId); + keyOperations.buildSecretKey(userIds, keys, keysUsages, keysExpiryDates, + pubkey, oldPassPhrase, newPassPhrase); } PassphraseCacheService.addCachedPassphrase(this, masterKeyId, newPassPhrase); diff --git a/OpenPGP-Keychain/src/main/res/values/strings.xml b/OpenPGP-Keychain/src/main/res/values/strings.xml index 0520a414b..265bcc6db 100644 --- a/OpenPGP-Keychain/src/main/res/values/strings.xml +++ b/OpenPGP-Keychain/src/main/res/values/strings.xml @@ -466,5 +466,6 @@ available unavailable User IDs to sign + Reapplying certificates