canonicalize: simplify import with info from canonicalization

This commit is contained in:
Vincent Breitmoser 2014-06-12 22:27:32 +02:00
parent 0594d9156e
commit 79131be5f0
3 changed files with 9 additions and 43 deletions

View File

@ -177,7 +177,7 @@ public class ProviderHelper {
return getGenericData(KeyRings.buildUnifiedKeyRingUri(masterKeyId), proj, types);
}
private LongSparseArray<WrappedPublicKey> getAllWrappedMasterKeys() {
private LongSparseArray<WrappedPublicKey> getTrustedMasterKeys() {
Cursor cursor = mContentResolver.query(KeyRings.buildUnifiedKeyRingsUri(), new String[] {
KeyRings.MASTER_KEY_ID,
// we pick from cache only information that is not easily available from keyrings
@ -361,12 +361,6 @@ public class ProviderHelper {
Date creation = key.getCreationTime();
values.put(Keys.CREATION, creation.getTime() / 1000);
if (creation.after(new Date())) {
log(LogLevel.ERROR, LogType.MSG_IP_SUBKEY_FUTURE, new String[]{
creation.toString()
});
return new SaveKeyringResult(SaveKeyringResult.RESULT_ERROR, mLog);
}
Date expiryDate = key.getExpiryTime();
if (expiryDate != null) {
values.put(Keys.EXPIRY, expiryDate.getTime() / 1000);
@ -389,7 +383,7 @@ public class ProviderHelper {
mIndent -= 1;
// get a list of owned secret keys, for verification filtering
LongSparseArray<WrappedPublicKey> trustedKeys = getAllWrappedMasterKeys();
LongSparseArray<WrappedPublicKey> trustedKeys = getTrustedMasterKeys();
// classify and order user ids. primary are moved to the front, revoked to the back,
// otherwise the order in the keyfile is preserved.
@ -415,34 +409,16 @@ public class ProviderHelper {
try {
// self signature
if (certId == masterKeyId) {
cert.init(masterKey);
if (!cert.verifySignature(masterKey, userId)) {
// Bad self certification? That's kinda bad...
log(LogLevel.ERROR, LogType.MSG_IP_UID_SELF_BAD);
return new SaveKeyringResult(SaveKeyringResult.RESULT_ERROR, mLog);
}
// if we already have a cert..
if (item.selfCert != null) {
// ..is this perchance a more recent one?
if (item.selfCert.getCreationTime().before(cert.getCreationTime())) {
log(LogLevel.DEBUG, LogType.MSG_IP_UID_SELF_NEWER);
} else {
log(LogLevel.DEBUG, LogType.MSG_IP_UID_SELF_IGNORING_OLD);
continue;
}
} else {
// NOTE self-certificates are already verified during canonicalization,
// AND we know there is at most one cert plus at most one revocation
if (!cert.isRevocation()) {
item.selfCert = cert;
item.isPrimary = cert.isPrimaryUserId();
log(LogLevel.DEBUG, LogType.MSG_IP_UID_SELF_GOOD);
}
// save certificate as primary self-cert
item.selfCert = cert;
item.isPrimary = cert.isPrimaryUserId();
if (cert.isRevocation()) {
} else {
item.isRevoked = true;
log(LogLevel.DEBUG, LogType.MSG_IP_UID_REVOKED);
} else {
item.isRevoked = false;
}
}
@ -489,10 +465,8 @@ public class ProviderHelper {
for (int userIdRank = 0; userIdRank < uids.size(); userIdRank++) {
UserIdItem item = uids.get(userIdRank);
operations.add(buildUserIdOperations(masterKeyId, item, userIdRank));
// no self cert is bad, but allowed by the rfc...
if (item.selfCert != null) {
operations.add(buildCertOperations(
masterKeyId, userIdRank, item.selfCert,
operations.add(buildCertOperations(masterKeyId, userIdRank, item.selfCert,
secretRing != null ? Certs.VERIFIED_SECRET : Certs.VERIFIED_SELF));
}
// don't bother with trusted certs if the uid is revoked, anyways

View File

@ -131,7 +131,6 @@ public class OperationResultParcel implements Parcelable {
MSG_IP_SUBKEY_FLAGS_XEX (R.string.msg_ip_subkey_flags_xex),
MSG_IP_SUBKEY_FLAGS_XXS (R.string.msg_ip_subkey_flags_xxs),
MSG_IP_SUBKEY_FLAGS_XXX (R.string.msg_ip_subkey_flags_xxx),
MSG_IP_SUBKEY_FUTURE (R.string.msg_ip_subkey_future),
MSG_IP_SUCCESS (R.string.msg_ip_success),
MSG_IP_UID_CERT_BAD (R.string.msg_ip_uid_cert_bad),
MSG_IP_UID_CERT_ERROR (R.string.msg_ip_uid_cert_error),
@ -141,10 +140,7 @@ public class OperationResultParcel implements Parcelable {
MSG_IP_UID_REORDER(R.string.msg_ip_uid_reorder),
MSG_IP_UID_PROCESSING (R.string.msg_ip_uid_processing),
MSG_IP_UID_REVOKED (R.string.msg_ip_uid_revoked),
MSG_IP_UID_SELF_BAD (R.string.msg_ip_uid_self_bad),
MSG_IP_UID_SELF_GOOD (R.string.msg_ip_uid_self_good),
MSG_IP_UID_SELF_IGNORING_OLD (R.string.msg_ip_uid_self_ignoring_old),
MSG_IP_UID_SELF_NEWER (R.string.msg_ip_uid_self_newer),
// import secret
MSG_IS(R.string.msg_is),

View File

@ -531,7 +531,6 @@
<string name="msg_ip_subkey_flags_xex">Subkey flags: encrypt</string>
<string name="msg_ip_subkey_flags_xxs">Subkey flags: sign</string>
<string name="msg_ip_subkey_flags_xxx">Subkey flags: none</string>
<string name="msg_ip_subkey_future">Subkey creation date lies in the future! (%s)</string>
<string name="msg_ip_success">Successfully imported public keyring</string>
<string name="msg_ip_reinsert_secret">Re-inserting secret key</string>
<string name="msg_ip_uid_cert_bad">Encountered bad certificate!</string>
@ -542,10 +541,7 @@
<string name="msg_ip_uid_reorder">Re-ordering user ids</string>
<string name="msg_ip_uid_processing">Processing user id %s</string>
<string name="msg_ip_uid_revoked">Found uid revocation certificate</string>
<string name="msg_ip_uid_self_bad">Bad self certificate encountered!</string>
<string name="msg_ip_uid_self_good">Found good self certificate</string>
<string name="msg_ip_uid_self_ignoring_old">Ignoring older self certificate</string>
<string name="msg_ip_uid_self_newer">Using more recent good self certificate</string>
<string name="msg_is_bad_type_public">Tried to import public keyring as secret. This is a bug, please file a report!</string>
<!-- Import Secret log entries -->