mirror of
https://github.com/moparisthebest/open-keychain
synced 2025-03-03 02:42:00 -05:00
canonicalize: simplify import with info from canonicalization
This commit is contained in:
parent
0594d9156e
commit
79131be5f0
@ -177,7 +177,7 @@ public class ProviderHelper {
|
||||
return getGenericData(KeyRings.buildUnifiedKeyRingUri(masterKeyId), proj, types);
|
||||
}
|
||||
|
||||
private LongSparseArray<WrappedPublicKey> getAllWrappedMasterKeys() {
|
||||
private LongSparseArray<WrappedPublicKey> getTrustedMasterKeys() {
|
||||
Cursor cursor = mContentResolver.query(KeyRings.buildUnifiedKeyRingsUri(), new String[] {
|
||||
KeyRings.MASTER_KEY_ID,
|
||||
// we pick from cache only information that is not easily available from keyrings
|
||||
@ -361,12 +361,6 @@ public class ProviderHelper {
|
||||
|
||||
Date creation = key.getCreationTime();
|
||||
values.put(Keys.CREATION, creation.getTime() / 1000);
|
||||
if (creation.after(new Date())) {
|
||||
log(LogLevel.ERROR, LogType.MSG_IP_SUBKEY_FUTURE, new String[]{
|
||||
creation.toString()
|
||||
});
|
||||
return new SaveKeyringResult(SaveKeyringResult.RESULT_ERROR, mLog);
|
||||
}
|
||||
Date expiryDate = key.getExpiryTime();
|
||||
if (expiryDate != null) {
|
||||
values.put(Keys.EXPIRY, expiryDate.getTime() / 1000);
|
||||
@ -389,7 +383,7 @@ public class ProviderHelper {
|
||||
mIndent -= 1;
|
||||
|
||||
// get a list of owned secret keys, for verification filtering
|
||||
LongSparseArray<WrappedPublicKey> trustedKeys = getAllWrappedMasterKeys();
|
||||
LongSparseArray<WrappedPublicKey> trustedKeys = getTrustedMasterKeys();
|
||||
|
||||
// classify and order user ids. primary are moved to the front, revoked to the back,
|
||||
// otherwise the order in the keyfile is preserved.
|
||||
@ -415,34 +409,16 @@ public class ProviderHelper {
|
||||
try {
|
||||
// self signature
|
||||
if (certId == masterKeyId) {
|
||||
cert.init(masterKey);
|
||||
if (!cert.verifySignature(masterKey, userId)) {
|
||||
// Bad self certification? That's kinda bad...
|
||||
log(LogLevel.ERROR, LogType.MSG_IP_UID_SELF_BAD);
|
||||
return new SaveKeyringResult(SaveKeyringResult.RESULT_ERROR, mLog);
|
||||
}
|
||||
|
||||
// if we already have a cert..
|
||||
if (item.selfCert != null) {
|
||||
// ..is this perchance a more recent one?
|
||||
if (item.selfCert.getCreationTime().before(cert.getCreationTime())) {
|
||||
log(LogLevel.DEBUG, LogType.MSG_IP_UID_SELF_NEWER);
|
||||
} else {
|
||||
log(LogLevel.DEBUG, LogType.MSG_IP_UID_SELF_IGNORING_OLD);
|
||||
continue;
|
||||
}
|
||||
} else {
|
||||
// NOTE self-certificates are already verified during canonicalization,
|
||||
// AND we know there is at most one cert plus at most one revocation
|
||||
if (!cert.isRevocation()) {
|
||||
item.selfCert = cert;
|
||||
item.isPrimary = cert.isPrimaryUserId();
|
||||
log(LogLevel.DEBUG, LogType.MSG_IP_UID_SELF_GOOD);
|
||||
}
|
||||
|
||||
// save certificate as primary self-cert
|
||||
item.selfCert = cert;
|
||||
item.isPrimary = cert.isPrimaryUserId();
|
||||
if (cert.isRevocation()) {
|
||||
} else {
|
||||
item.isRevoked = true;
|
||||
log(LogLevel.DEBUG, LogType.MSG_IP_UID_REVOKED);
|
||||
} else {
|
||||
item.isRevoked = false;
|
||||
}
|
||||
|
||||
}
|
||||
@ -489,10 +465,8 @@ public class ProviderHelper {
|
||||
for (int userIdRank = 0; userIdRank < uids.size(); userIdRank++) {
|
||||
UserIdItem item = uids.get(userIdRank);
|
||||
operations.add(buildUserIdOperations(masterKeyId, item, userIdRank));
|
||||
// no self cert is bad, but allowed by the rfc...
|
||||
if (item.selfCert != null) {
|
||||
operations.add(buildCertOperations(
|
||||
masterKeyId, userIdRank, item.selfCert,
|
||||
operations.add(buildCertOperations(masterKeyId, userIdRank, item.selfCert,
|
||||
secretRing != null ? Certs.VERIFIED_SECRET : Certs.VERIFIED_SELF));
|
||||
}
|
||||
// don't bother with trusted certs if the uid is revoked, anyways
|
||||
|
@ -131,7 +131,6 @@ public class OperationResultParcel implements Parcelable {
|
||||
MSG_IP_SUBKEY_FLAGS_XEX (R.string.msg_ip_subkey_flags_xex),
|
||||
MSG_IP_SUBKEY_FLAGS_XXS (R.string.msg_ip_subkey_flags_xxs),
|
||||
MSG_IP_SUBKEY_FLAGS_XXX (R.string.msg_ip_subkey_flags_xxx),
|
||||
MSG_IP_SUBKEY_FUTURE (R.string.msg_ip_subkey_future),
|
||||
MSG_IP_SUCCESS (R.string.msg_ip_success),
|
||||
MSG_IP_UID_CERT_BAD (R.string.msg_ip_uid_cert_bad),
|
||||
MSG_IP_UID_CERT_ERROR (R.string.msg_ip_uid_cert_error),
|
||||
@ -141,10 +140,7 @@ public class OperationResultParcel implements Parcelable {
|
||||
MSG_IP_UID_REORDER(R.string.msg_ip_uid_reorder),
|
||||
MSG_IP_UID_PROCESSING (R.string.msg_ip_uid_processing),
|
||||
MSG_IP_UID_REVOKED (R.string.msg_ip_uid_revoked),
|
||||
MSG_IP_UID_SELF_BAD (R.string.msg_ip_uid_self_bad),
|
||||
MSG_IP_UID_SELF_GOOD (R.string.msg_ip_uid_self_good),
|
||||
MSG_IP_UID_SELF_IGNORING_OLD (R.string.msg_ip_uid_self_ignoring_old),
|
||||
MSG_IP_UID_SELF_NEWER (R.string.msg_ip_uid_self_newer),
|
||||
|
||||
// import secret
|
||||
MSG_IS(R.string.msg_is),
|
||||
|
@ -531,7 +531,6 @@
|
||||
<string name="msg_ip_subkey_flags_xex">Subkey flags: encrypt</string>
|
||||
<string name="msg_ip_subkey_flags_xxs">Subkey flags: sign</string>
|
||||
<string name="msg_ip_subkey_flags_xxx">Subkey flags: none</string>
|
||||
<string name="msg_ip_subkey_future">Subkey creation date lies in the future! (%s)</string>
|
||||
<string name="msg_ip_success">Successfully imported public keyring</string>
|
||||
<string name="msg_ip_reinsert_secret">Re-inserting secret key</string>
|
||||
<string name="msg_ip_uid_cert_bad">Encountered bad certificate!</string>
|
||||
@ -542,10 +541,7 @@
|
||||
<string name="msg_ip_uid_reorder">Re-ordering user ids</string>
|
||||
<string name="msg_ip_uid_processing">Processing user id %s</string>
|
||||
<string name="msg_ip_uid_revoked">Found uid revocation certificate</string>
|
||||
<string name="msg_ip_uid_self_bad">Bad self certificate encountered!</string>
|
||||
<string name="msg_ip_uid_self_good">Found good self certificate</string>
|
||||
<string name="msg_ip_uid_self_ignoring_old">Ignoring older self certificate</string>
|
||||
<string name="msg_ip_uid_self_newer">Using more recent good self certificate</string>
|
||||
<string name="msg_is_bad_type_public">Tried to import public keyring as secret. This is a bug, please file a report!</string>
|
||||
|
||||
<!-- Import Secret log entries -->
|
||||
|
Loading…
x
Reference in New Issue
Block a user