Merge branch 'development' of github.com:open-keychain/open-keychain into development

This commit is contained in:
Dominik Schürmann 2015-01-06 14:52:12 +01:00
commit af762a65a0
41 changed files with 1422 additions and 343 deletions

View File

@ -0,0 +1,238 @@
/*
* Copyright (C) 2014 Vincent Breitmoser <v.breitmoser@mugenguild.com>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package org.sufficientlysecure.keychain.operations;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.robolectric.Robolectric;
import org.robolectric.RobolectricTestRunner;
import org.robolectric.shadows.ShadowLog;
import org.spongycastle.bcpg.sig.KeyFlags;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.sufficientlysecure.keychain.operations.results.CertifyResult;
import org.sufficientlysecure.keychain.operations.results.OperationResult.LogType;
import org.sufficientlysecure.keychain.operations.results.PgpEditKeyResult;
import org.sufficientlysecure.keychain.operations.results.ExportResult;
import org.sufficientlysecure.keychain.operations.results.OperationResult.OperationLog;
import org.sufficientlysecure.keychain.pgp.CanonicalizedPublicKeyRing;
import org.sufficientlysecure.keychain.pgp.PgpDecryptVerify;
import org.sufficientlysecure.keychain.pgp.PgpKeyOperation;
import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
import org.sufficientlysecure.keychain.pgp.UncachedKeyRing.IteratorWithIOThrow;
import org.sufficientlysecure.keychain.pgp.WrappedSignature;
import org.sufficientlysecure.keychain.provider.KeychainContract.Certs;
import org.sufficientlysecure.keychain.provider.ProviderHelper;
import org.sufficientlysecure.keychain.service.CertifyActionsParcel;
import org.sufficientlysecure.keychain.service.CertifyActionsParcel.CertifyAction;
import org.sufficientlysecure.keychain.service.SaveKeyringParcel;
import org.sufficientlysecure.keychain.service.SaveKeyringParcel.Algorithm;
import org.sufficientlysecure.keychain.service.SaveKeyringParcel.ChangeUnlockParcel;
import org.sufficientlysecure.keychain.util.InputData;
import org.sufficientlysecure.keychain.util.ProgressScaler;
import org.sufficientlysecure.keychain.util.TestingUtils;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.OutputStream;
import java.io.PrintStream;
import java.security.Security;
import java.util.Iterator;
@RunWith(RobolectricTestRunner.class)
@org.robolectric.annotation.Config(emulateSdk = 18) // Robolectric doesn't yet support 19
public class CertifyOperationTest {
static String mPassphrase = TestingUtils.genPassphrase(true);
static UncachedKeyRing mStaticRing1, mStaticRing2;
static String mKeyPhrase1 = TestingUtils.genPassphrase(true);
static String mKeyPhrase2 = TestingUtils.genPassphrase(true);
static PrintStream oldShadowStream;
@BeforeClass
public static void setUpOnce() throws Exception {
Security.insertProviderAt(new BouncyCastleProvider(), 1);
oldShadowStream = ShadowLog.stream;
// ShadowLog.stream = System.out;
PgpKeyOperation op = new PgpKeyOperation(null);
{
SaveKeyringParcel parcel = new SaveKeyringParcel();
parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(
Algorithm.RSA, 1024, null, KeyFlags.CERTIFY_OTHER, 0L));
parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(
Algorithm.DSA, 1024, null, KeyFlags.SIGN_DATA, 0L));
parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(
Algorithm.ELGAMAL, 1024, null, KeyFlags.ENCRYPT_COMMS, 0L));
parcel.mAddUserIds.add("derp");
parcel.mNewUnlock = new ChangeUnlockParcel(mKeyPhrase1);
PgpEditKeyResult result = op.createSecretKeyRing(parcel);
Assert.assertTrue("initial test key creation must succeed", result.success());
Assert.assertNotNull("initial test key creation must succeed", result.getRing());
mStaticRing1 = result.getRing();
}
{
SaveKeyringParcel parcel = new SaveKeyringParcel();
parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(
Algorithm.RSA, 1024, null, KeyFlags.CERTIFY_OTHER, 0L));
parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(
Algorithm.DSA, 1024, null, KeyFlags.SIGN_DATA, 0L));
parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(
Algorithm.ELGAMAL, 1024, null, KeyFlags.ENCRYPT_COMMS, 0L));
parcel.mAddUserIds.add("ditz");
parcel.mNewUnlock = new ChangeUnlockParcel(null, "1234");
PgpEditKeyResult result = op.createSecretKeyRing(parcel);
Assert.assertTrue("initial test key creation must succeed", result.success());
Assert.assertNotNull("initial test key creation must succeed", result.getRing());
mStaticRing2 = result.getRing();
}
}
@Before
public void setUp() throws Exception {
ProviderHelper providerHelper = new ProviderHelper(Robolectric.application);
// don't log verbosely here, we're not here to test imports
ShadowLog.stream = oldShadowStream;
providerHelper.saveSecretKeyRing(mStaticRing1, new ProgressScaler());
providerHelper.savePublicKeyRing(mStaticRing2.extractPublicKeyRing(), new ProgressScaler());
// ok NOW log verbosely!
ShadowLog.stream = System.out;
}
@Test
public void testSelfCertifyFlag() throws Exception {
CanonicalizedPublicKeyRing ring = new ProviderHelper(Robolectric.application)
.getCanonicalizedPublicKeyRing(mStaticRing1.getMasterKeyId());
Assert.assertEquals("secret key must be marked self-certified in database",
// TODO this should be more correctly be VERIFIED_SELF at some point!
Certs.VERIFIED_SECRET, ring.getVerified());
}
@Test
public void testCertify() throws Exception {
CertifyOperation op = operationWithFakePassphraseCache(
mStaticRing1.getMasterKeyId(), mStaticRing1.getMasterKeyId(), mKeyPhrase1);
{
CanonicalizedPublicKeyRing ring = new ProviderHelper(Robolectric.application)
.getCanonicalizedPublicKeyRing(mStaticRing2.getMasterKeyId());
Assert.assertEquals("public key must not be marked verified prior to certification",
Certs.UNVERIFIED, ring.getVerified());
}
CertifyActionsParcel actions = new CertifyActionsParcel(mStaticRing1.getMasterKeyId());
actions.add(new CertifyAction(mStaticRing2.getMasterKeyId()));
CertifyResult result = op.certify(actions, null);
Assert.assertTrue("certification must succeed", result.success());
{
CanonicalizedPublicKeyRing ring = new ProviderHelper(Robolectric.application)
.getCanonicalizedPublicKeyRing(mStaticRing2.getMasterKeyId());
Assert.assertEquals("new key must be verified now",
Certs.VERIFIED_SECRET, ring.getVerified());
}
}
@Test
public void testCertifySelf() throws Exception {
CertifyOperation op = operationWithFakePassphraseCache(
mStaticRing1.getMasterKeyId(), mStaticRing1.getMasterKeyId(), mKeyPhrase1);
CertifyActionsParcel actions = new CertifyActionsParcel(mStaticRing1.getMasterKeyId());
actions.add(new CertifyAction(mStaticRing1.getMasterKeyId()));
CertifyResult result = op.certify(actions, null);
Assert.assertFalse("certification with itself must fail!", result.success());
Assert.assertTrue("error msg must be about self certification",
result.getLog().containsType(LogType.MSG_CRT_ERROR_SELF));
}
@Test
public void testCertifyNonexistent() throws Exception {
CertifyOperation op = operationWithFakePassphraseCache(null, null, mKeyPhrase1);
{
CertifyActionsParcel actions = new CertifyActionsParcel(mStaticRing1.getMasterKeyId());
actions.add(new CertifyAction(1234L));
CertifyResult result = op.certify(actions, null);
Assert.assertFalse("certification of nonexistent key must fail", result.success());
Assert.assertTrue("must contain error msg about not found",
result.getLog().containsType(LogType.MSG_CRT_WARN_NOT_FOUND));
}
{
CertifyActionsParcel actions = new CertifyActionsParcel(1234L);
actions.add(new CertifyAction(mStaticRing1.getMasterKeyId()));
CertifyResult result = op.certify(actions, null);
Assert.assertFalse("certification of nonexistent key must fail", result.success());
Assert.assertTrue("must contain error msg about not found",
result.getLog().containsType(LogType.MSG_CRT_ERROR_MASTER_NOT_FOUND));
}
}
private CertifyOperation operationWithFakePassphraseCache(
final Long checkMasterKeyId, final Long checkSubKeyId, final String passphrase) {
return new CertifyOperation(Robolectric.application,
new ProviderHelper(Robolectric.application),
null, null) {
@Override
public String getCachedPassphrase(long masterKeyId, long subKeyId)
throws NoSecretKeyException {
if (checkMasterKeyId != null) {
Assert.assertEquals("requested passphrase should be for expected master key id",
(long) checkMasterKeyId, masterKeyId);
}
if (checkSubKeyId != null) {
Assert.assertEquals("requested passphrase should be for expected sub key id",
(long) checkSubKeyId, subKeyId);
}
if (passphrase == null) {
return null;
}
return passphrase;
}
};
}
}

View File

@ -0,0 +1,223 @@
/*
* Copyright (C) 2014 Vincent Breitmoser <v.breitmoser@mugenguild.com>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package org.sufficientlysecure.keychain.operations;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.robolectric.Robolectric;
import org.robolectric.RobolectricTestRunner;
import org.robolectric.shadows.ShadowLog;
import org.spongycastle.bcpg.sig.KeyFlags;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.sufficientlysecure.keychain.operations.results.PgpEditKeyResult;
import org.sufficientlysecure.keychain.operations.results.ExportResult;
import org.sufficientlysecure.keychain.operations.results.OperationResult.OperationLog;
import org.sufficientlysecure.keychain.pgp.PgpKeyOperation;
import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
import org.sufficientlysecure.keychain.pgp.UncachedKeyRing.IteratorWithIOThrow;
import org.sufficientlysecure.keychain.pgp.WrappedSignature;
import org.sufficientlysecure.keychain.provider.ProviderHelper;
import org.sufficientlysecure.keychain.service.SaveKeyringParcel;
import org.sufficientlysecure.keychain.service.SaveKeyringParcel.Algorithm;
import org.sufficientlysecure.keychain.service.SaveKeyringParcel.ChangeUnlockParcel;
import org.sufficientlysecure.keychain.util.ProgressScaler;
import org.sufficientlysecure.keychain.util.TestingUtils;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.PrintStream;
import java.security.Security;
import java.util.Iterator;
@RunWith(RobolectricTestRunner.class)
@org.robolectric.annotation.Config(emulateSdk = 18) // Robolectric doesn't yet support 19
public class ExportTest {
static String mPassphrase = TestingUtils.genPassphrase(true);
static UncachedKeyRing mStaticRing1, mStaticRing2;
static String mKeyPhrase1 = TestingUtils.genPassphrase(true);
static String mKeyPhrase2 = TestingUtils.genPassphrase(true);
static PrintStream oldShadowStream;
@BeforeClass
public static void setUpOnce() throws Exception {
Security.insertProviderAt(new BouncyCastleProvider(), 1);
oldShadowStream = ShadowLog.stream;
// ShadowLog.stream = System.out;
PgpKeyOperation op = new PgpKeyOperation(null);
{
SaveKeyringParcel parcel = new SaveKeyringParcel();
parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(
Algorithm.RSA, 1024, null, KeyFlags.CERTIFY_OTHER, 0L));
parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(
Algorithm.DSA, 1024, null, KeyFlags.SIGN_DATA, 0L));
parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(
Algorithm.ELGAMAL, 1024, null, KeyFlags.ENCRYPT_COMMS, 0L));
parcel.mAddUserIds.add("snips");
parcel.mNewUnlock = new ChangeUnlockParcel(mKeyPhrase1);
PgpEditKeyResult result = op.createSecretKeyRing(parcel);
Assert.assertTrue("initial test key creation must succeed", result.success());
Assert.assertNotNull("initial test key creation must succeed", result.getRing());
mStaticRing1 = result.getRing();
}
{
SaveKeyringParcel parcel = new SaveKeyringParcel();
parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(
Algorithm.RSA, 1024, null, KeyFlags.CERTIFY_OTHER, 0L));
parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(
Algorithm.DSA, 1024, null, KeyFlags.SIGN_DATA, 0L));
parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(
Algorithm.ELGAMAL, 1024, null, KeyFlags.ENCRYPT_COMMS, 0L));
parcel.mAddUserIds.add("snails");
parcel.mNewUnlock = new ChangeUnlockParcel(null, "1234");
PgpEditKeyResult result = op.createSecretKeyRing(parcel);
Assert.assertTrue("initial test key creation must succeed", result.success());
Assert.assertNotNull("initial test key creation must succeed", result.getRing());
mStaticRing2 = result.getRing();
}
}
@Before
public void setUp() {
ProviderHelper providerHelper = new ProviderHelper(Robolectric.application);
// don't log verbosely here, we're not here to test imports
ShadowLog.stream = oldShadowStream;
providerHelper.saveSecretKeyRing(mStaticRing1, new ProgressScaler());
providerHelper.saveSecretKeyRing(mStaticRing2, new ProgressScaler());
// ok NOW log verbosely!
ShadowLog.stream = System.out;
}
@Test
public void testExportAll() throws Exception {
ImportExportOperation op = new ImportExportOperation(Robolectric.application,
new ProviderHelper(Robolectric.application), null);
// make sure there is a local cert (so the later checks that there are none are meaningful)
Assert.assertTrue("second keyring has local certification", checkForLocal(mStaticRing2));
ByteArrayOutputStream out = new ByteArrayOutputStream();
ExportResult result = op.exportKeyRings(new OperationLog(), null, false, out);
Assert.assertTrue("export must be a success", result.success());
long masterKeyId1, masterKeyId2;
if (mStaticRing1.getMasterKeyId() < mStaticRing2.getMasterKeyId()) {
masterKeyId1 = mStaticRing1.getMasterKeyId();
masterKeyId2 = mStaticRing2.getMasterKeyId();
} else {
masterKeyId2 = mStaticRing1.getMasterKeyId();
masterKeyId1 = mStaticRing2.getMasterKeyId();
}
IteratorWithIOThrow<UncachedKeyRing> unc =
UncachedKeyRing.fromStream(new ByteArrayInputStream(out.toByteArray()));
{
Assert.assertTrue("export must have two keys (1/2)", unc.hasNext());
UncachedKeyRing ring = unc.next();
Assert.assertEquals("first exported key has correct masterkeyid",
masterKeyId1, ring.getMasterKeyId());
Assert.assertFalse("first exported key must not be secret", ring.isSecret());
Assert.assertFalse("there must be no local signatures in an exported keyring",
checkForLocal(ring));
}
{
Assert.assertTrue("export must have two keys (2/2)", unc.hasNext());
UncachedKeyRing ring = unc.next();
Assert.assertEquals("second exported key has correct masterkeyid",
masterKeyId2, ring.getMasterKeyId());
Assert.assertFalse("second exported key must not be secret", ring.isSecret());
Assert.assertFalse("there must be no local signatures in an exported keyring",
checkForLocal(ring));
}
out = new ByteArrayOutputStream();
result = op.exportKeyRings(new OperationLog(), null, true, out);
Assert.assertTrue("export must be a success", result.success());
unc = UncachedKeyRing.fromStream(new ByteArrayInputStream(out.toByteArray()));
{
Assert.assertTrue("export must have four keys (1/4)", unc.hasNext());
UncachedKeyRing ring = unc.next();
Assert.assertEquals("1/4 exported key has correct masterkeyid",
masterKeyId1, ring.getMasterKeyId());
Assert.assertFalse("1/4 exported key must not be public", ring.isSecret());
Assert.assertFalse("there must be no local signatures in an exported keyring",
checkForLocal(ring));
Assert.assertTrue("export must have four keys (2/4)", unc.hasNext());
ring = unc.next();
Assert.assertEquals("2/4 exported key has correct masterkeyid",
masterKeyId1, ring.getMasterKeyId());
Assert.assertTrue("2/4 exported key must be public", ring.isSecret());
Assert.assertFalse("there must be no local signatures in an exported keyring",
checkForLocal(ring));
}
{
Assert.assertTrue("export must have four keys (3/4)", unc.hasNext());
UncachedKeyRing ring = unc.next();
Assert.assertEquals("3/4 exported key has correct masterkeyid",
masterKeyId2, ring.getMasterKeyId());
Assert.assertFalse("3/4 exported key must not be public", ring.isSecret());
Assert.assertFalse("there must be no local signatures in an exported keyring",
checkForLocal(ring));
Assert.assertTrue("export must have four keys (4/4)", unc.hasNext());
ring = unc.next();
Assert.assertEquals("4/4 exported key has correct masterkeyid",
masterKeyId2, ring.getMasterKeyId());
Assert.assertTrue("4/4 exported key must be public", ring.isSecret());
Assert.assertFalse("there must be no local signatures in an exported keyring",
checkForLocal(ring));
}
}
/** This function checks whether or not there are any local signatures in a keyring. */
private boolean checkForLocal(UncachedKeyRing ring) {
Iterator<WrappedSignature> sigs = ring.getPublicKey().getSignatures();
while (sigs.hasNext()) {
if (sigs.next().isLocal()) {
return true;
}
}
return false;
}
}

View File

@ -22,25 +22,32 @@ import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.openintents.openpgp.OpenPgpSignatureResult;
import org.robolectric.*;
import org.robolectric.shadows.ShadowLog;
import org.spongycastle.bcpg.sig.KeyFlags;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.openpgp.PGPEncryptedData;
import org.sufficientlysecure.keychain.operations.results.PgpEditKeyResult;
import org.sufficientlysecure.keychain.pgp.PgpSignEncrypt.Builder;
import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRingData;
import org.sufficientlysecure.keychain.provider.ProviderHelper;
import org.sufficientlysecure.keychain.service.SaveKeyringParcel;
import org.sufficientlysecure.keychain.service.SaveKeyringParcel.Algorithm;
import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult;
import org.sufficientlysecure.keychain.operations.results.EditKeyResult;
import org.sufficientlysecure.keychain.operations.results.SignEncryptResult;
import org.sufficientlysecure.keychain.service.SaveKeyringParcel.ChangeUnlockParcel;
import org.sufficientlysecure.keychain.support.KeyringTestingHelper;
import org.sufficientlysecure.keychain.util.InputData;
import org.sufficientlysecure.keychain.util.ProgressScaler;
import org.sufficientlysecure.keychain.util.TestingUtils;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.OutputStream;
import java.io.PrintStream;
import java.security.Security;
import java.util.HashSet;
@RunWith(RobolectricTestRunner.class)
@org.robolectric.annotation.Config(emulateSdk = 18) // Robolectric doesn't yet support 19
@ -52,10 +59,13 @@ public class PgpEncryptDecryptTest {
static String mKeyPhrase1 = TestingUtils.genPassphrase(true);
static String mKeyPhrase2 = TestingUtils.genPassphrase(true);
static PrintStream oldShadowStream;
@BeforeClass
public static void setUpOnce() throws Exception {
Security.insertProviderAt(new BouncyCastleProvider(), 1);
ShadowLog.stream = System.out;
oldShadowStream = ShadowLog.stream;
// ShadowLog.stream = System.out;
PgpKeyOperation op = new PgpKeyOperation(null);
@ -68,9 +78,9 @@ public class PgpEncryptDecryptTest {
parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(
Algorithm.ELGAMAL, 1024, null, KeyFlags.ENCRYPT_COMMS, 0L));
parcel.mAddUserIds.add("bloom");
parcel.mNewUnlock = mKeyPhrase1;
parcel.mNewUnlock = new ChangeUnlockParcel(mKeyPhrase1);
EditKeyResult result = op.createSecretKeyRing(parcel);
PgpEditKeyResult result = op.createSecretKeyRing(parcel);
Assert.assertTrue("initial test key creation must succeed", result.success());
Assert.assertNotNull("initial test key creation must succeed", result.getRing());
@ -86,9 +96,9 @@ public class PgpEncryptDecryptTest {
parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(
Algorithm.ELGAMAL, 1024, null, KeyFlags.ENCRYPT_COMMS, 0L));
parcel.mAddUserIds.add("belle");
parcel.mNewUnlock = mKeyPhrase2;
parcel.mNewUnlock = new ChangeUnlockParcel(mKeyPhrase2);
EditKeyResult result = op.createSecretKeyRing(parcel);
PgpEditKeyResult result = op.createSecretKeyRing(parcel);
Assert.assertTrue("initial test key creation must succeed", result.success());
Assert.assertNotNull("initial test key creation must succeed", result.getRing());
@ -101,8 +111,14 @@ public class PgpEncryptDecryptTest {
public void setUp() {
ProviderHelper providerHelper = new ProviderHelper(Robolectric.application);
// don't log verbosely here, we're not here to test imports
ShadowLog.stream = oldShadowStream;
providerHelper.saveSecretKeyRing(mStaticRing1, new ProgressScaler());
providerHelper.saveSecretKeyRing(mStaticRing1, new ProgressScaler());
providerHelper.saveSecretKeyRing(mStaticRing2, new ProgressScaler());
// ok NOW log verbosely!
ShadowLog.stream = System.out;
}
@Test
@ -118,7 +134,7 @@ public class PgpEncryptDecryptTest {
InputData data = new InputData(in, in.available());
Builder b = new PgpSignEncrypt.Builder(Robolectric.application,
new ProviderHelper(Robolectric.application),
null, // new DummyPassphraseCache(mPassphrase, 0L)
null,
data, out);
b.setSymmetricPassphrase(mPassphrase);
@ -215,11 +231,8 @@ public class PgpEncryptDecryptTest {
ByteArrayInputStream in = new ByteArrayInputStream(ciphertext);
InputData data = new InputData(in, in.available());
PgpDecryptVerify.Builder b = new PgpDecryptVerify.Builder(
Robolectric.application,
new ProviderHelper(Robolectric.application),
null, // new DummyPassphraseCache(null, null),
data, out);
PgpDecryptVerify.Builder b = builderWithFakePassphraseCache(data, out, null, null, null);
b.setPassphrase(mKeyPhrase1);
DecryptVerifyResult result = b.build().execute();
Assert.assertTrue("decryption with provided passphrase must succeed", result.success());
@ -230,74 +243,230 @@ public class PgpEncryptDecryptTest {
// TODO how to test passphrase cache?
/*{ // decryption with passphrase cached should succeed
{ // decryption with passphrase cached should succeed
ByteArrayOutputStream out = new ByteArrayOutputStream();
ByteArrayInputStream in = new ByteArrayInputStream(ciphertext);
InputData data = new InputData(in, in.available());
PassphraseCacheService.addCachedPassphrase(
Robolectric.application, mStaticRing1.getMasterKeyId(),
mStaticRing1.getMasterKeyId(), mKeyPhrase1, "dummy");
PgpDecryptVerify.Builder b = builderWithFakePassphraseCache(data, out,
mKeyPhrase1, mStaticRing1.getMasterKeyId(), null);
PgpDecryptVerify.Builder b = new PgpDecryptVerify.Builder(
Robolectric.application,
new ProviderHelper(Robolectric.application),
null, // new DummyPassphraseCache(mKeyPhrase1, null),
data, out);
DecryptVerifyResult result = b.build().execute();
Assert.assertTrue("decryption with cached passphrase must succeed", result.success());
Assert.assertArrayEquals("decrypted ciphertext with cached passphrase should equal plaintext",
out.toByteArray(), plaintext.getBytes());
Assert.assertNull("signature should be empty", result.getSignatureResult());
}*/
}
/*{ // decryption with no passphrase provided should return status pending
{ // decryption with no passphrase provided should return status pending
ByteArrayOutputStream out = new ByteArrayOutputStream();
ByteArrayInputStream in = new ByteArrayInputStream(ciphertext);
InputData data = new InputData(in, in.available());
PgpDecryptVerify.Builder b = new PgpDecryptVerify.Builder(
Robolectric.application,
new ProviderHelper(Robolectric.application),
null, // new DummyPassphraseCache(null, null),
data, out);
PgpDecryptVerify.Builder b = builderWithFakePassphraseCache(data, out,
null, mStaticRing1.getMasterKeyId(), null);
DecryptVerifyResult result = b.build().execute();
Assert.assertFalse("decryption with no passphrase must return pending", result.success());
Assert.assertTrue("decryption with no passphrase should return pending", result.isPending());
Assert.assertEquals("decryption with no passphrase should return pending passphrase",
DecryptVerifyResult.RESULT_PENDING_ASYM_PASSPHRASE, result.getResult());
}*/
}
}
static class DummyPassphraseCache implements PassphraseCacheInterface {
@Test
public void testMultiAsymmetricEncryptDecrypt() {
String mPassphrase;
Long mExpectedId;
public DummyPassphraseCache(String passphrase, Long expectedId) {
mPassphrase = passphrase;
mExpectedId = expectedId;
String plaintext = "dies ist ein plaintext ☭" + TestingUtils.genPassphrase(true);
byte[] ciphertext;
{ // encrypt data with a given passphrase
ByteArrayOutputStream out = new ByteArrayOutputStream();
ByteArrayInputStream in = new ByteArrayInputStream(plaintext.getBytes());
InputData data = new InputData(in, in.available());
Builder b = new PgpSignEncrypt.Builder(
Robolectric.application,
new ProviderHelper(Robolectric.application),
null, // new DummyPassphraseCache(mPassphrase, 0L),
data, out);
b.setEncryptionMasterKeyIds(new long[] {
mStaticRing1.getMasterKeyId(),
mStaticRing2.getMasterKeyId()
});
b.setSymmetricEncryptionAlgorithm(PGPEncryptedData.AES_128);
SignEncryptResult result = b.build().execute();
Assert.assertTrue("encryption must succeed", result.success());
ciphertext = out.toByteArray();
}
{ // decryption with passphrase cached should succeed for the first key
ByteArrayOutputStream out = new ByteArrayOutputStream();
ByteArrayInputStream in = new ByteArrayInputStream(ciphertext);
InputData data = new InputData(in, in.available());
PgpDecryptVerify.Builder b = builderWithFakePassphraseCache(data, out,
mKeyPhrase1, mStaticRing1.getMasterKeyId(), null);
DecryptVerifyResult result = b.build().execute();
Assert.assertTrue("decryption with cached passphrase must succeed for the first key", result.success());
Assert.assertArrayEquals("decrypted ciphertext with cached passphrase should equal plaintext",
out.toByteArray(), plaintext.getBytes());
Assert.assertNull("signature should be empty", result.getSignatureResult());
}
{ // decryption with passphrase cached should succeed for the first key
ByteArrayOutputStream out = new ByteArrayOutputStream();
ByteArrayInputStream in = new ByteArrayInputStream(ciphertext);
InputData data = new InputData(in, in.available());
// allow only the second to decrypt
HashSet<Long> allowed = new HashSet<Long>();
allowed.add(mStaticRing2.getMasterKeyId());
// provide passphrase for the second, and check that the first is never asked for!
PgpDecryptVerify.Builder b = builderWithFakePassphraseCache(data, out,
mKeyPhrase2, mStaticRing2.getMasterKeyId(), null);
b.setAllowedKeyIds(allowed);
DecryptVerifyResult result = b.build().execute();
Assert.assertTrue("decryption with cached passphrase must succeed for the first key", result.success());
Assert.assertArrayEquals("decrypted ciphertext with cached passphrase should equal plaintext",
out.toByteArray(), plaintext.getBytes());
Assert.assertNull("signature should be empty", result.getSignatureResult());
}
{ // decryption with passphrase cached should succeed for the other key if first is gone
// delete first key from database
new ProviderHelper(Robolectric.application).getContentResolver().delete(
KeyRingData.buildPublicKeyRingUri(mStaticRing1.getMasterKeyId()), null, null
);
ByteArrayOutputStream out = new ByteArrayOutputStream();
ByteArrayInputStream in = new ByteArrayInputStream(ciphertext);
InputData data = new InputData(in, in.available());
PgpDecryptVerify.Builder b = builderWithFakePassphraseCache(data, out,
mKeyPhrase2, mStaticRing2.getMasterKeyId(), null);
DecryptVerifyResult result = b.build().execute();
Assert.assertTrue("decryption with cached passphrase must succeed", result.success());
Assert.assertArrayEquals("decrypted ciphertext with cached passphrase should equal plaintext",
out.toByteArray(), plaintext.getBytes());
Assert.assertNull("signature should be empty", result.getSignatureResult());
}
}
@Test
public void testMultiAsymmetricSignEncryptDecryptVerify() {
String plaintext = "dies ist ein plaintext ☭" + TestingUtils.genPassphrase(true);
byte[] ciphertext;
{ // encrypt data with a given passphrase
ByteArrayOutputStream out = new ByteArrayOutputStream();
ByteArrayInputStream in = new ByteArrayInputStream(plaintext.getBytes());
InputData data = new InputData(in, in.available());
Builder b = new PgpSignEncrypt.Builder(
Robolectric.application,
new ProviderHelper(Robolectric.application),
null, // new DummyPassphraseCache(mPassphrase, 0L),
data, out);
b.setEncryptionMasterKeyIds(new long[] {
mStaticRing1.getMasterKeyId(),
mStaticRing2.getMasterKeyId()
});
b.setSignatureMasterKeyId(mStaticRing1.getMasterKeyId());
b.setSignatureSubKeyId(KeyringTestingHelper.getSubkeyId(mStaticRing1, 1));
b.setSignaturePassphrase(mKeyPhrase1);
b.setSymmetricEncryptionAlgorithm(PGPEncryptedData.AES_128);
SignEncryptResult result = b.build().execute();
Assert.assertTrue("encryption must succeed", result.success());
ciphertext = out.toByteArray();
}
{ // decryption with passphrase cached should succeed for the first key
ByteArrayOutputStream out = new ByteArrayOutputStream();
ByteArrayInputStream in = new ByteArrayInputStream(ciphertext);
InputData data = new InputData(in, in.available());
PgpDecryptVerify.Builder b = builderWithFakePassphraseCache(data, out,
mKeyPhrase1, mStaticRing1.getMasterKeyId(), null);
DecryptVerifyResult result = b.build().execute();
Assert.assertTrue("decryption with cached passphrase must succeed for the first key", result.success());
Assert.assertArrayEquals("decrypted ciphertext with cached passphrase should equal plaintext",
out.toByteArray(), plaintext.getBytes());
Assert.assertEquals("signature should be verified and certified",
OpenPgpSignatureResult.SIGNATURE_SUCCESS_CERTIFIED, result.getSignatureResult().getStatus());
}
{ // decryption with passphrase cached should succeed for the other key if first is gone
// delete first key from database
new ProviderHelper(Robolectric.application).getContentResolver().delete(
KeyRingData.buildPublicKeyRingUri(mStaticRing1.getMasterKeyId()), null, null
);
ByteArrayOutputStream out = new ByteArrayOutputStream();
ByteArrayInputStream in = new ByteArrayInputStream(ciphertext);
InputData data = new InputData(in, in.available());
PgpDecryptVerify.Builder b = builderWithFakePassphraseCache(data, out,
mKeyPhrase2, mStaticRing2.getMasterKeyId(), null);
DecryptVerifyResult result = b.build().execute();
Assert.assertTrue("decryption with cached passphrase must succeed", result.success());
Assert.assertArrayEquals("decrypted ciphertext with cached passphrase should equal plaintext",
out.toByteArray(), plaintext.getBytes());
Assert.assertEquals("signature key should be missing",
OpenPgpSignatureResult.SIGNATURE_KEY_MISSING,
result.getSignatureResult().getStatus());
}
}
private PgpDecryptVerify.Builder builderWithFakePassphraseCache (
InputData data, OutputStream out,
final String passphrase, final Long checkMasterKeyId, final Long checkSubKeyId) {
return new PgpDecryptVerify.Builder(Robolectric.application,
new ProviderHelper(Robolectric.application),
null,
data, out) {
public PgpDecryptVerify build() {
return new PgpDecryptVerify(this) {
@Override
public String getCachedPassphrase(long masterKeyId, long subKeyId) throws NoSecretKeyException {
if (mExpectedId != null){
Assert.assertEquals("requested passphrase must be for expected id",
(long) mExpectedId, subKeyId);
public String getCachedPassphrase(long masterKeyId, long subKeyId)
throws NoSecretKeyException {
if (checkMasterKeyId != null) {
Assert.assertEquals("requested passphrase should be for expected master key id",
(long) checkMasterKeyId, masterKeyId);
}
return mPassphrase;
if (checkSubKeyId != null) {
Assert.assertEquals("requested passphrase should be for expected sub key id",
(long) checkSubKeyId, subKeyId);
}
@Override
public String getCachedPassphrase(long subKeyId) throws NoSecretKeyException {
if (mExpectedId != null){
Assert.assertEquals("requested passphrase must be for expected id",
(long) mExpectedId, subKeyId);
if (passphrase == null) {
return null;
}
return mPassphrase;
return passphrase;
}
};
}
};
}
}

View File

@ -40,9 +40,11 @@ import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.openpgp.PGPSignature;
import org.sufficientlysecure.keychain.operations.results.OperationResult.LogType;
import org.sufficientlysecure.keychain.operations.results.OperationResult.OperationLog;
import org.sufficientlysecure.keychain.operations.results.EditKeyResult;
import org.sufficientlysecure.keychain.operations.results.PgpEditKeyResult;
import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey.SecretKeyType;
import org.sufficientlysecure.keychain.service.SaveKeyringParcel;
import org.sufficientlysecure.keychain.service.SaveKeyringParcel.Algorithm;
import org.sufficientlysecure.keychain.service.SaveKeyringParcel.ChangeUnlockParcel;
import org.sufficientlysecure.keychain.service.SaveKeyringParcel.SubkeyAdd;
import org.sufficientlysecure.keychain.service.SaveKeyringParcel.SubkeyChange;
import org.sufficientlysecure.keychain.support.KeyringBuilder;
@ -91,14 +93,15 @@ public class PgpKeyOperationTest {
parcel.mAddUserIds.add("twi");
parcel.mAddUserIds.add("pink");
parcel.mNewUnlock = passphrase;
parcel.mNewUnlock = new ChangeUnlockParcel(passphrase);
PgpKeyOperation op = new PgpKeyOperation(null);
EditKeyResult result = op.createSecretKeyRing(parcel);
PgpEditKeyResult result = op.createSecretKeyRing(parcel);
Assert.assertTrue("initial test key creation must succeed", result.success());
Assert.assertNotNull("initial test key creation must succeed", result.getRing());
staticRing = result.getRing();
staticRing = staticRing.canonicalize(new OperationLog(), 0).getUncachedKeyRing();
// we sleep here for a second, to make sure all new certificates have different timestamps
Thread.sleep(1000);
@ -127,7 +130,7 @@ public class PgpKeyOperationTest {
parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(
Algorithm.RSA, new Random().nextInt(256)+255, null, KeyFlags.CERTIFY_OTHER, 0L));
parcel.mAddUserIds.add("shy");
parcel.mNewUnlock = passphrase;
parcel.mNewUnlock = new ChangeUnlockParcel(passphrase);
assertFailure("creating ring with < 512 bytes keysize should fail", parcel,
LogType.MSG_CR_ERROR_KEYSIZE_512);
@ -138,7 +141,7 @@ public class PgpKeyOperationTest {
parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(
Algorithm.ELGAMAL, 1024, null, KeyFlags.CERTIFY_OTHER, 0L));
parcel.mAddUserIds.add("shy");
parcel.mNewUnlock = passphrase;
parcel.mNewUnlock = new ChangeUnlockParcel(passphrase);
assertFailure("creating ring with ElGamal master key should fail", parcel,
LogType.MSG_CR_ERROR_FLAGS_ELGAMAL);
@ -149,7 +152,7 @@ public class PgpKeyOperationTest {
parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(
Algorithm.RSA, 1024, null, KeyFlags.CERTIFY_OTHER, null));
parcel.mAddUserIds.add("lotus");
parcel.mNewUnlock = passphrase;
parcel.mNewUnlock = new ChangeUnlockParcel(passphrase);
assertFailure("creating master key with null expiry should fail", parcel,
LogType.MSG_CR_ERROR_NULL_EXPIRY);
@ -160,7 +163,7 @@ public class PgpKeyOperationTest {
parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(
Algorithm.RSA, 1024, null, KeyFlags.SIGN_DATA, 0L));
parcel.mAddUserIds.add("shy");
parcel.mNewUnlock = passphrase;
parcel.mNewUnlock = new ChangeUnlockParcel(passphrase);
assertFailure("creating ring with non-certifying master key should fail", parcel,
LogType.MSG_CR_ERROR_NO_CERTIFY);
@ -170,7 +173,7 @@ public class PgpKeyOperationTest {
parcel.reset();
parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(
Algorithm.RSA, 1024, null, KeyFlags.CERTIFY_OTHER, 0L));
parcel.mNewUnlock = passphrase;
parcel.mNewUnlock = new ChangeUnlockParcel(passphrase);
assertFailure("creating ring without user ids should fail", parcel,
LogType.MSG_CR_ERROR_NO_USER_ID);
@ -179,7 +182,7 @@ public class PgpKeyOperationTest {
{
parcel.reset();
parcel.mAddUserIds.add("shy");
parcel.mNewUnlock = passphrase;
parcel.mNewUnlock = new ChangeUnlockParcel(passphrase);
assertFailure("creating ring with no master key should fail", parcel,
LogType.MSG_CR_ERROR_NO_MASTER);
@ -910,8 +913,10 @@ public class PgpKeyOperationTest {
public void testPassphraseChange() throws Exception {
// change passphrase to empty
parcel.mNewUnlock = "";
UncachedKeyRing modified = applyModificationWithChecks(parcel, ring, onlyA, onlyB);
parcel.mNewUnlock = new ChangeUnlockParcel("");
// note that canonicalization here necessarily strips the empty notation packet
UncachedKeyRing modified = applyModificationWithChecks(parcel, ring, onlyA, onlyB,
passphrase);
Assert.assertEquals("exactly three packets should have been modified (the secret keys)",
3, onlyB.size());
@ -923,7 +928,7 @@ public class PgpKeyOperationTest {
// modify keyring, change to non-empty passphrase
String otherPassphrase = TestingUtils.genPassphrase(true);
parcel.mNewUnlock = otherPassphrase;
parcel.mNewUnlock = new ChangeUnlockParcel(otherPassphrase);
modified = applyModificationWithChecks(parcel, modified, onlyA, onlyB, "");
Assert.assertEquals("exactly three packets should have been modified (the secret keys)",
@ -948,7 +953,7 @@ public class PgpKeyOperationTest {
PacketTags.SECRET_SUBKEY, sKeyNoPassphrase.tag);
String otherPassphrase2 = TestingUtils.genPassphrase(true);
parcel.mNewUnlock = otherPassphrase2;
parcel.mNewUnlock = new ChangeUnlockParcel(otherPassphrase2);
{
// if we replace a secret key with one without passphrase
modified = KeyringTestingHelper.removePacket(modified, sKeyNoPassphrase.position);
@ -957,7 +962,7 @@ public class PgpKeyOperationTest {
// we should still be able to modify it (and change its passphrase) without errors
PgpKeyOperation op = new PgpKeyOperation(null);
CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(modified.getEncoded(), false, 0);
EditKeyResult result = op.modifySecretKeyRing(secretRing, parcel, otherPassphrase);
PgpEditKeyResult result = op.modifySecretKeyRing(secretRing, parcel, otherPassphrase);
Assert.assertTrue("key modification must succeed", result.success());
Assert.assertFalse("log must not contain a warning",
result.getLog().containsWarnings());
@ -973,7 +978,7 @@ public class PgpKeyOperationTest {
PgpKeyOperation op = new PgpKeyOperation(null);
CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(modified.getEncoded(), false, 0);
EditKeyResult result = op.modifySecretKeyRing(secretRing, parcel, otherPassphrase2);
PgpEditKeyResult result = op.modifySecretKeyRing(secretRing, parcel, otherPassphrase2);
Assert.assertTrue("key modification must succeed", result.success());
Assert.assertTrue("log must contain a failed passphrase change warning",
result.getLog().containsType(LogType.MSG_MF_PASSPHRASE_FAIL));
@ -981,6 +986,46 @@ public class PgpKeyOperationTest {
}
@Test
public void testUnlockPin() throws Exception {
String pin = "5235125";
// change passphrase to a pin type
parcel.mNewUnlock = new ChangeUnlockParcel(null, pin);
UncachedKeyRing modified = applyModificationWithChecks(parcel, ring, onlyA, onlyB);
Assert.assertEquals("exactly three packets should have been added (the secret keys + notation packet)",
3, onlyA.size());
Assert.assertEquals("exactly four packets should have been added (the secret keys + notation packet)",
4, onlyB.size());
RawPacket dkSig = onlyB.get(1);
Assert.assertEquals("second modified packet should be notation data",
PacketTags.SIGNATURE, dkSig.tag);
// check that notation data contains pin
CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(
modified.getEncoded(), false, 0);
Assert.assertEquals("secret key type should be 'pin' after this",
SecretKeyType.PIN,
secretRing.getSecretKey().getSecretKeyType());
// need to sleep for a sec, so the timestamp changes for notation data
Thread.sleep(1000);
{
parcel.mNewUnlock = new ChangeUnlockParcel("phrayse", null);
applyModificationWithChecks(parcel, modified, onlyA, onlyB, pin, true, false);
Assert.assertEquals("exactly four packets should have been removed (the secret keys + notation packet)",
4, onlyA.size());
Assert.assertEquals("exactly three packets should have been added (no more notation packet)",
3, onlyB.size());
}
}
private static UncachedKeyRing applyModificationWithChecks(SaveKeyringParcel parcel,
UncachedKeyRing ring,
ArrayList<RawPacket> onlyA,
@ -1011,7 +1056,7 @@ public class PgpKeyOperationTest {
CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(ring.getEncoded(), false, 0);
PgpKeyOperation op = new PgpKeyOperation(null);
EditKeyResult result = op.modifySecretKeyRing(secretRing, parcel, passphrase);
PgpEditKeyResult result = op.modifySecretKeyRing(secretRing, parcel, passphrase);
Assert.assertTrue("key modification must succeed", result.success());
UncachedKeyRing rawModified = result.getRing();
Assert.assertNotNull("key modification must not return null", rawModified);
@ -1068,7 +1113,7 @@ public class PgpKeyOperationTest {
private void assertFailure(String reason, SaveKeyringParcel parcel, LogType expected) {
EditKeyResult result = op.createSecretKeyRing(parcel);
PgpEditKeyResult result = op.createSecretKeyRing(parcel);
Assert.assertFalse(reason, result.success());
Assert.assertNull(reason, result.getRing());
@ -1082,7 +1127,7 @@ public class PgpKeyOperationTest {
throws Exception {
CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(ring.getEncoded(), false, 0);
EditKeyResult result = op.modifySecretKeyRing(secretRing, parcel, passphrase);
PgpEditKeyResult result = op.modifySecretKeyRing(secretRing, parcel, passphrase);
Assert.assertFalse(reason, result.success());
Assert.assertNull(reason, result.getRing());
@ -1096,7 +1141,7 @@ public class PgpKeyOperationTest {
throws Exception {
CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(ring.getEncoded(), false, 0);
EditKeyResult result = op.modifySecretKeyRing(secretRing, parcel, passphrase);
PgpEditKeyResult result = op.modifySecretKeyRing(secretRing, parcel, passphrase);
Assert.assertFalse(reason, result.success());
Assert.assertNull(reason, result.getRing());
@ -1107,7 +1152,7 @@ public class PgpKeyOperationTest {
private UncachedKeyRing assertCreateSuccess(String reason, SaveKeyringParcel parcel) {
EditKeyResult result = op.createSecretKeyRing(parcel);
PgpEditKeyResult result = op.createSecretKeyRing(parcel);
Assert.assertTrue(reason, result.success());
Assert.assertNotNull(reason, result.getRing());

View File

@ -53,11 +53,12 @@ import org.spongycastle.openpgp.operator.jcajce.JcePBESecretKeyEncryptorBuilder;
import org.spongycastle.util.Strings;
import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.operations.results.OperationResult;
import org.sufficientlysecure.keychain.operations.results.EditKeyResult;
import org.sufficientlysecure.keychain.operations.results.PgpEditKeyResult;
import org.sufficientlysecure.keychain.service.SaveKeyringParcel;
import org.sufficientlysecure.keychain.service.SaveKeyringParcel.Algorithm;
import org.sufficientlysecure.keychain.operations.results.OperationResult.LogType;
import org.sufficientlysecure.keychain.operations.results.OperationResult.OperationLog;
import org.sufficientlysecure.keychain.service.SaveKeyringParcel.ChangeUnlockParcel;
import org.sufficientlysecure.keychain.support.KeyringTestingHelper;
import org.sufficientlysecure.keychain.support.KeyringTestingHelper.RawPacket;
@ -104,14 +105,16 @@ public class UncachedKeyringCanonicalizeTest {
parcel.mAddUserIds.add("twi");
parcel.mAddUserIds.add("pink");
// passphrase is tested in PgpKeyOperationTest, just use empty here
parcel.mNewUnlock = "";
parcel.mNewUnlock = new ChangeUnlockParcel("");
PgpKeyOperation op = new PgpKeyOperation(null);
EditKeyResult result = op.createSecretKeyRing(parcel);
PgpEditKeyResult result = op.createSecretKeyRing(parcel);
Assert.assertTrue("initial test key creation must succeed", result.success());
staticRing = result.getRing();
Assert.assertNotNull("initial test key creation must succeed", staticRing);
staticRing = staticRing.canonicalize(new OperationLog(), 0).getUncachedKeyRing();
// just for later reference
totalPackets = 9;

View File

@ -33,9 +33,11 @@ import org.spongycastle.bcpg.sig.KeyFlags;
import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.util.Strings;
import org.sufficientlysecure.keychain.operations.results.OperationResult;
import org.sufficientlysecure.keychain.operations.results.EditKeyResult;
import org.sufficientlysecure.keychain.operations.results.PgpEditKeyResult;
import org.sufficientlysecure.keychain.operations.results.OperationResult.OperationLog;
import org.sufficientlysecure.keychain.service.SaveKeyringParcel;
import org.sufficientlysecure.keychain.service.SaveKeyringParcel.Algorithm;
import org.sufficientlysecure.keychain.service.SaveKeyringParcel.ChangeUnlockParcel;
import org.sufficientlysecure.keychain.support.KeyringTestingHelper;
import org.sufficientlysecure.keychain.support.KeyringTestingHelper.RawPacket;
import org.sufficientlysecure.keychain.util.ProgressScaler;
@ -96,13 +98,14 @@ public class UncachedKeyringMergeTest {
parcel.mAddUserIds.add("twi");
parcel.mAddUserIds.add("pink");
// passphrase is tested in PgpKeyOperationTest, just use empty here
parcel.mNewUnlock = "";
parcel.mNewUnlock = new ChangeUnlockParcel("");
PgpKeyOperation op = new PgpKeyOperation(null);
OperationResult.OperationLog log = new OperationResult.OperationLog();
EditKeyResult result = op.createSecretKeyRing(parcel);
PgpEditKeyResult result = op.createSecretKeyRing(parcel);
staticRingA = result.getRing();
staticRingA = staticRingA.canonicalize(new OperationLog(), 0).getUncachedKeyRing();
}
{
@ -112,12 +115,13 @@ public class UncachedKeyringMergeTest {
parcel.mAddUserIds.add("shy");
// passphrase is tested in PgpKeyOperationTest, just use empty here
parcel.mNewUnlock = "";
parcel.mNewUnlock = new ChangeUnlockParcel("");
PgpKeyOperation op = new PgpKeyOperation(null);
OperationResult.OperationLog log = new OperationResult.OperationLog();
EditKeyResult result = op.createSecretKeyRing(parcel);
PgpEditKeyResult result = op.createSecretKeyRing(parcel);
staticRingB = result.getRing();
staticRingB = staticRingB.canonicalize(new OperationLog(), 0).getUncachedKeyRing();
}
Assert.assertNotNull("initial test key creation must succeed", staticRingA);

View File

@ -26,13 +26,16 @@ import org.junit.runner.RunWith;
import org.robolectric.RobolectricTestRunner;
import org.robolectric.shadows.ShadowLog;
import org.spongycastle.bcpg.sig.KeyFlags;
import org.sufficientlysecure.keychain.operations.results.EditKeyResult;
import org.sufficientlysecure.keychain.operations.results.PgpEditKeyResult;
import org.sufficientlysecure.keychain.pgp.UncachedKeyRing.IteratorWithIOThrow;
import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
import org.sufficientlysecure.keychain.service.SaveKeyringParcel;
import org.sufficientlysecure.keychain.service.SaveKeyringParcel.Algorithm;
import org.sufficientlysecure.keychain.service.SaveKeyringParcel.ChangeUnlockParcel;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.Iterator;
@RunWith(RobolectricTestRunner.class)
@ -57,10 +60,10 @@ public class UncachedKeyringTest {
parcel.mAddUserIds.add("twi");
parcel.mAddUserIds.add("pink");
// passphrase is tested in PgpKeyOperationTest, just use empty here
parcel.mNewUnlock = "";
parcel.mNewUnlock = new ChangeUnlockParcel("");
PgpKeyOperation op = new PgpKeyOperation(null);
EditKeyResult result = op.createSecretKeyRing(parcel);
PgpEditKeyResult result = op.createSecretKeyRing(parcel);
staticRing = result.getRing();
staticPubRing = staticRing.extractPublicKeyRing();
@ -108,7 +111,7 @@ public class UncachedKeyringTest {
ring.encodeArmored(out, "OpenKeychain");
pubRing.encodeArmored(out, "OpenKeychain");
Iterator<UncachedKeyRing> it =
IteratorWithIOThrow<UncachedKeyRing> it =
UncachedKeyRing.fromStream(new ByteArrayInputStream(out.toByteArray()));
Assert.assertTrue("there should be two rings in the stream", it.hasNext());
Assert.assertArrayEquals("first ring should be the first we put in",
@ -128,4 +131,16 @@ public class UncachedKeyringTest {
pubRing.extractPublicKeyRing();
}
@Test(expected = IOException.class)
public void testBrokenVersionCert() throws Throwable {
// this is a test for one of the patches we use on top of stock bouncycastle, which
// returns an IOException rather than a RuntimeException in case of a bad certificate
// version byte
readRingFromResource("/test-keys/broken_cert_version.asc");
}
UncachedKeyRing readRingFromResource(String name) throws Throwable {
return UncachedKeyRing.fromStream(UncachedKeyringTest.class.getResourceAsStream(name)).next();
}
}

View File

@ -0,0 +1,17 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQENBFSl5DIBCADqsGJJ8RhV4Uw6a3Q48QyTMrUtvZquOTlLVaqOdEFZNL5/OBal
prft9LNkcOkIVA89Hdn715WwkmG2OJiJoQ/ZAKwal1CPGm4Q8kZIM7k57ISJL6J5
300e7UIznc74XbG7eFNxNcjCM9wG12vW2rFwc+ogJtkBSf0IXukPwtUkRK+H5ufO
lpqS5NNZfiGbNQCrb+YsGZNRk4QTGR6WGyaIRHlcG8G00VPGNSauTqe/11MO9MoF
BvPgFeur3nefWunCQ+uDmzIEs8r94gaHu3LWbctd5w5x/o/PDfTSSiO+U8zzXrKC
4ZpEl5bk7t7jH1hYMLWyO6nn0vWTOMO1EYLBABEBAAG0GGJyb2tlbiBzaWduYXR1
cmUgdmVyc2lvbokBOMATAQIAIgUCVKXkMgIbAwYLCQgHAwIGFQgCCQoLBBYCAwEC
HgECF4AACgkQDe00lH/2SnprLggAh64TsdHDfIhTNc1DeJLCuvuHsitAcUdEEnue
yJjodxboKNSplIwnmb5CpM3P8f736dNaW77Yd6aO4IeAy6cBlxT1tSRkJMsp+cBt
kBa3lRr+GnWZlLZs3coL2g0t5RbuyYKyQxm2qvgFJGi/7Qfty5nJOW5U1ElT3VT8
jISNdQdDAIaBsCE+TuyW3VsP3PqnJ7x14K7VhkFuCyvYB9paLcJBnan93R0Ja0Ip
Cv1pbrNxXp0UELf0RYc2X5C1m6otZ9LKf3PmzxlEkApkb1TZUEBak2Za5p99koZT
+pg/XpZPyawi+gZeYkBAohxRGmzG/a4L+YacAZHbchfN0eG7lg==
=mxTR
-----END PGP PUBLIC KEY BLOCK-----

View File

@ -21,6 +21,7 @@ import android.content.Context;
import android.os.Parcel;
import android.os.Parcelable;
import org.sufficientlysecure.keychain.R;
import org.sufficientlysecure.keychain.pgp.KeyRing;
import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
@ -287,7 +288,7 @@ public class ImportKeysListEntry implements Serializable, Parcelable {
// if there was no user id flagged as primary, use the first one
if (mPrimaryUserId == null) {
mPrimaryUserId = mUserIds.get(0);
mPrimaryUserId = context.getString(R.string.user_id_none);
}
mKeyId = key.getKeyId();

View File

@ -50,9 +50,6 @@ public class CertifyOperation extends BaseOperation {
CanonicalizedSecretKey certificationKey;
try {
// certification is always with the master key id, so use that one
String passphrase = getCachedPassphrase(parcel.mMasterKeyId, parcel.mMasterKeyId);
log.add(LogType.MSG_CRT_MASTER_FETCH, 1);
CanonicalizedSecretKeyRing secretKeyRing =
mProviderHelper.getCanonicalizedSecretKeyRing(parcel.mMasterKeyId);
@ -62,6 +59,10 @@ public class CertifyOperation extends BaseOperation {
log.add(LogType.MSG_CRT_ERROR_DIVERT, 2);
return new CertifyResult(CertifyResult.RESULT_ERROR, log);
}
// certification is always with the master key id, so use that one
String passphrase = getCachedPassphrase(parcel.mMasterKeyId, parcel.mMasterKeyId);
if (!certificationKey.unlock(passphrase)) {
log.add(LogType.MSG_CRT_ERROR_UNLOCK, 2);
return new CertifyResult(CertifyResult.RESULT_ERROR, log);
@ -94,6 +95,12 @@ public class CertifyOperation extends BaseOperation {
try {
if (action.mMasterKeyId == parcel.mMasterKeyId) {
log.add(LogType.MSG_CRT_ERROR_SELF, 2);
certifyError += 1;
continue;
}
if (action.mUserIds == null) {
log.add(LogType.MSG_CRT_CERTIFY_ALL, 2,
KeyFormattingUtils.convertKeyIdToHex(action.mMasterKeyId));

View File

@ -0,0 +1,132 @@
package org.sufficientlysecure.keychain.operations;
import android.content.Context;
import org.sufficientlysecure.keychain.R;
import org.sufficientlysecure.keychain.operations.results.EditKeyResult;
import org.sufficientlysecure.keychain.operations.results.PgpEditKeyResult;
import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKeyRing;
import org.sufficientlysecure.keychain.pgp.PgpKeyOperation;
import org.sufficientlysecure.keychain.pgp.Progressable;
import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
import org.sufficientlysecure.keychain.provider.ProviderHelper;
import org.sufficientlysecure.keychain.provider.ProviderHelper.NotFoundException;
import org.sufficientlysecure.keychain.service.CertifyActionsParcel;
import org.sufficientlysecure.keychain.operations.results.OperationResult.LogType;
import org.sufficientlysecure.keychain.operations.results.OperationResult.OperationLog;
import org.sufficientlysecure.keychain.operations.results.SaveKeyringResult;
import org.sufficientlysecure.keychain.service.ContactSyncAdapterService;
import org.sufficientlysecure.keychain.service.PassphraseCacheService;
import org.sufficientlysecure.keychain.service.SaveKeyringParcel;
import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
import org.sufficientlysecure.keychain.util.ProgressScaler;
import java.util.concurrent.atomic.AtomicBoolean;
/** An operation which implements a high level key edit operation.
*
* This operation provides a higher level interface to the edit and
* create key operations in PgpKeyOperation. It takes care of fetching
* and saving the key before and after the operation.
*
* @see CertifyActionsParcel
*
*/
public class EditKeyOperation extends BaseOperation {
public EditKeyOperation(Context context, ProviderHelper providerHelper,
Progressable progressable, AtomicBoolean cancelled) {
super(context, providerHelper, progressable, cancelled);
}
public EditKeyResult execute(SaveKeyringParcel saveParcel, String passphrase) {
OperationLog log = new OperationLog();
log.add(LogType.MSG_ED, 0);
if (saveParcel == null) {
log.add(LogType.MSG_ED_ERROR_NO_PARCEL, 1);
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
}
// Perform actual modification (or creation)
PgpEditKeyResult modifyResult;
{
PgpKeyOperation keyOperations =
new PgpKeyOperation(new ProgressScaler(mProgressable, 10, 60, 100), mCancelled);
// If a key id is specified, fetch and edit
if (saveParcel.mMasterKeyId != null) {
try {
log.add(LogType.MSG_ED_FETCHING, 1,
KeyFormattingUtils.convertKeyIdToHex(saveParcel.mMasterKeyId));
CanonicalizedSecretKeyRing secRing =
mProviderHelper.getCanonicalizedSecretKeyRing(saveParcel.mMasterKeyId);
modifyResult = keyOperations.modifySecretKeyRing(secRing, saveParcel, passphrase);
} catch (NotFoundException e) {
log.add(LogType.MSG_ED_ERROR_KEY_NOT_FOUND, 2);
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
}
} else {
// otherwise, create new one
modifyResult = keyOperations.createSecretKeyRing(saveParcel);
}
}
// Add the result to the log
log.add(modifyResult, 1);
// Check if the action was cancelled
if (checkCancelled()) {
log.add(LogType.MSG_OPERATION_CANCELLED, 0);
return new EditKeyResult(PgpEditKeyResult.RESULT_CANCELLED, log, null);
}
// If the edit operation didn't succeed, exit here
if (!modifyResult.success()) {
// error is already logged by modification
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
}
// Cannot cancel from here on out!
mProgressable.setPreventCancel();
// It's a success, so this must be non-null now
UncachedKeyRing ring = modifyResult.getRing();
// Save the new keyring.
SaveKeyringResult saveResult = mProviderHelper
.saveSecretKeyRing(ring, new ProgressScaler(mProgressable, 60, 95, 100));
log.add(saveResult, 1);
// If the save operation didn't succeed, exit here
if (!saveResult.success()) {
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
}
// There is a new passphrase - cache it
if (saveParcel.mNewUnlock != null) {
log.add(LogType.MSG_ED_CACHING_NEW, 1);
PassphraseCacheService.addCachedPassphrase(mContext,
ring.getMasterKeyId(),
ring.getMasterKeyId(),
saveParcel.mNewUnlock.mNewPassphrase != null
? saveParcel.mNewUnlock.mNewPassphrase
: saveParcel.mNewUnlock.mNewPin,
ring.getPublicKey().getPrimaryUserIdWithFallback());
}
updateProgress(R.string.progress_done, 100, 100);
// make sure new data is synced into contacts
ContactSyncAdapterService.requestSync();
log.add(LogType.MSG_ED_SUCCESS, 0);
return new EditKeyResult(EditKeyResult.RESULT_OK, log, ring.getMasterKeyId());
}
}

View File

@ -31,6 +31,7 @@ import org.sufficientlysecure.keychain.keyimport.Keyserver;
import org.sufficientlysecure.keychain.keyimport.Keyserver.AddKeyException;
import org.sufficientlysecure.keychain.keyimport.ParcelableKeyRing;
import org.sufficientlysecure.keychain.operations.results.ExportResult;
import org.sufficientlysecure.keychain.pgp.CanonicalizedKeyRing;
import org.sufficientlysecure.keychain.pgp.CanonicalizedPublicKeyRing;
import org.sufficientlysecure.keychain.pgp.PgpHelper;
import org.sufficientlysecure.keychain.pgp.Progressable;
@ -399,7 +400,7 @@ public class ImportExportOperation extends BaseOperation {
}
private ExportResult exportKeyRings(OperationLog log, long[] masterKeyIds, boolean exportSecret,
ExportResult exportKeyRings(OperationLog log, long[] masterKeyIds, boolean exportSecret,
OutputStream outStream) {
/* TODO isn't this checked above, with the isStorageMounted call?
@ -469,12 +470,16 @@ public class ImportExportOperation extends BaseOperation {
log.add(LogType.MSG_EXPORT_PUBLIC, 1, KeyFormattingUtils.beautifyKeyId(keyId));
{ // export public key part
byte[] data = cursor.getBlob(1);
arOutStream.write(data);
CanonicalizedKeyRing ring =
UncachedKeyRing.decodeFromData(data).canonicalize(log, 2, true);
ring.encode(arOutStream);
okPublic += 1;
}
} catch (PgpGeneralException e) {
log.add(LogType.MSG_EXPORT_ERROR_KEY, 2);
updateProgress(progress++, numKeys);
continue;
} finally {
// make sure this is closed
if (arOutStream != null) {
@ -494,9 +499,15 @@ public class ImportExportOperation extends BaseOperation {
// export secret key part
log.add(LogType.MSG_EXPORT_SECRET, 2, KeyFormattingUtils.beautifyKeyId(keyId));
byte[] data = cursor.getBlob(2);
arOutStream.write(data);
CanonicalizedKeyRing ring =
UncachedKeyRing.decodeFromData(data).canonicalize(log, 2, true);
ring.encode(arOutStream);
okSecret += 1;
} catch (PgpGeneralException e) {
log.add(LogType.MSG_EXPORT_ERROR_KEY, 2);
updateProgress(progress++, numKeys);
continue;
} finally {
// make sure this is closed
if (arOutStream != null) {

View File

@ -20,34 +20,24 @@ package org.sufficientlysecure.keychain.operations.results;
import android.os.Parcel;
import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
public class EditKeyResult extends OperationResult {
private transient UncachedKeyRing mRing;
public final long mRingMasterKeyId;
public final Long mMasterKeyId;
public EditKeyResult(int result, OperationLog log,
UncachedKeyRing ring) {
public EditKeyResult(int result, OperationLog log, Long masterKeyId) {
super(result, log);
mRing = ring;
mRingMasterKeyId = ring != null ? ring.getMasterKeyId() : Constants.key.none;
}
public UncachedKeyRing getRing() {
return mRing;
mMasterKeyId = masterKeyId;
}
public EditKeyResult(Parcel source) {
super(source);
mRingMasterKeyId = source.readLong();
mMasterKeyId = source.readLong();
}
@Override
public void writeToParcel(Parcel dest, int flags) {
super.writeToParcel(dest, flags);
dest.writeLong(mRingMasterKeyId);
dest.writeLong(mMasterKeyId);
}
public static Creator<EditKeyResult> CREATOR = new Creator<EditKeyResult>() {

View File

@ -359,6 +359,7 @@ public abstract class OperationResult implements Parcelable {
MSG_IS_SUBKEY_STRIPPED (LogLevel.DEBUG, R.string.msg_is_subkey_stripped),
MSG_IS_SUBKEY_DIVERT (LogLevel.DEBUG, R.string.msg_is_subkey_divert),
MSG_IS_SUBKEY_EMPTY (LogLevel.DEBUG, R.string.msg_is_subkey_empty),
MSG_IS_SUBKEY_PIN (LogLevel.DEBUG, R.string.msg_is_subkey_pin),
MSG_IS_SUCCESS_IDENTICAL (LogLevel.OK, R.string.msg_is_success_identical),
MSG_IS_SUCCESS (LogLevel.OK, R.string.msg_is_success),
@ -370,13 +371,16 @@ public abstract class OperationResult implements Parcelable {
MSG_KC_ERROR_MASTER_ALGO (LogLevel.ERROR, R.string.msg_kc_error_master_algo),
MSG_KC_ERROR_DUP_KEY (LogLevel.ERROR, R.string.msg_kc_error_dup_key),
MSG_KC_MASTER (LogLevel.DEBUG, R.string.msg_kc_master),
MSG_KC_REVOKE_BAD_ERR (LogLevel.WARN, R.string.msg_kc_revoke_bad_err),
MSG_KC_REVOKE_BAD_LOCAL (LogLevel.WARN, R.string.msg_kc_revoke_bad_local),
MSG_KC_REVOKE_BAD_TIME (LogLevel.WARN, R.string.msg_kc_revoke_bad_time),
MSG_KC_REVOKE_BAD_TYPE (LogLevel.WARN, R.string.msg_kc_revoke_bad_type),
MSG_KC_REVOKE_BAD_TYPE_UID (LogLevel.WARN, R.string.msg_kc_revoke_bad_type_uid),
MSG_KC_REVOKE_BAD (LogLevel.WARN, R.string.msg_kc_revoke_bad),
MSG_KC_MASTER_BAD_TYPE(LogLevel.WARN, R.string.msg_kc_master_bad_type),
MSG_KC_MASTER_BAD_LOCAL(LogLevel.WARN, R.string.msg_kc_master_bad_local),
MSG_KC_MASTER_BAD_ERR(LogLevel.WARN, R.string.msg_kc_master_bad_err),
MSG_KC_MASTER_BAD_TIME(LogLevel.WARN, R.string.msg_kc_master_bad_time),
MSG_KC_MASTER_BAD_TYPE_UID(LogLevel.WARN, R.string.msg_kc_master_bad_type_uid),
MSG_KC_MASTER_BAD(LogLevel.WARN, R.string.msg_kc_master_bad),
MSG_KC_MASTER_LOCAL(LogLevel.WARN, R.string.msg_kc_master_local),
MSG_KC_REVOKE_DUP (LogLevel.DEBUG, R.string.msg_kc_revoke_dup),
MSG_KC_NOTATION_DUP (LogLevel.DEBUG, R.string.msg_kc_notation_dup),
MSG_KC_NOTATION_EMPTY (LogLevel.DEBUG, R.string.msg_kc_notation_empty),
MSG_KC_SUB (LogLevel.DEBUG, R.string.msg_kc_sub),
MSG_KC_SUB_BAD(LogLevel.WARN, R.string.msg_kc_sub_bad),
MSG_KC_SUB_BAD_ERR(LogLevel.WARN, R.string.msg_kc_sub_bad_err),
@ -458,6 +462,8 @@ public abstract class OperationResult implements Parcelable {
MSG_MF_ERROR_SIG (LogLevel.ERROR, R.string.msg_mf_error_sig),
MSG_MF_ERROR_SUBKEY_MISSING(LogLevel.ERROR, R.string.msg_mf_error_subkey_missing),
MSG_MF_MASTER (LogLevel.DEBUG, R.string.msg_mf_master),
MSG_MF_NOTATION_PIN (LogLevel.DEBUG, R.string.msg_mf_notation_pin),
MSG_MF_NOTATION_EMPTY (LogLevel.DEBUG, R.string.msg_mf_notation_empty),
MSG_MF_PASSPHRASE (LogLevel.INFO, R.string.msg_mf_passphrase),
MSG_MF_PASSPHRASE_KEY (LogLevel.DEBUG, R.string.msg_mf_passphrase_key),
MSG_MF_PASSPHRASE_EMPTY_RETRY (LogLevel.DEBUG, R.string.msg_mf_passphrase_empty_retry),
@ -502,6 +508,14 @@ public abstract class OperationResult implements Parcelable {
MSG_CON_WARN_DELETE_PUBLIC (LogLevel.WARN, R.string.msg_con_warn_delete_public),
MSG_CON_WARN_DELETE_SECRET (LogLevel.WARN, R.string.msg_con_warn_delete_secret),
// edit key (higher level operation than modify)
MSG_ED (LogLevel.START, R.string.msg_ed),
MSG_ED_CACHING_NEW (LogLevel.DEBUG, R.string.msg_ed_caching_new),
MSG_ED_ERROR_NO_PARCEL (LogLevel.ERROR, R.string.msg_ed_error_no_parcel),
MSG_ED_ERROR_KEY_NOT_FOUND (LogLevel.ERROR, R.string.msg_ed_error_key_not_found),
MSG_ED_FETCHING (LogLevel.DEBUG, R.string.msg_ed_fetching),
MSG_ED_SUCCESS (LogLevel.OK, R.string.msg_ed_success),
// messages used in UI code
MSG_EK_ERROR_DIVERT (LogLevel.ERROR, R.string.msg_ek_error_divert),
MSG_EK_ERROR_DUMMY (LogLevel.ERROR, R.string.msg_ek_error_dummy),
@ -525,6 +539,7 @@ public abstract class OperationResult implements Parcelable {
MSG_DC_ERROR_BAD_PASSPHRASE (LogLevel.ERROR, R.string.msg_dc_error_bad_passphrase),
MSG_DC_ERROR_EXTRACT_KEY (LogLevel.ERROR, R.string.msg_dc_error_extract_key),
MSG_DC_ERROR_INTEGRITY_CHECK (LogLevel.ERROR, R.string.msg_dc_error_integrity_check),
MSG_DC_ERROR_INTEGRITY_MISSING (LogLevel.ERROR, R.string.msg_dc_error_integrity_missing),
MSG_DC_ERROR_INVALID_SIGLIST(LogLevel.ERROR, R.string.msg_dc_error_invalid_siglist),
MSG_DC_ERROR_IO (LogLevel.ERROR, R.string.msg_dc_error_io),
MSG_DC_ERROR_NO_DATA (LogLevel.ERROR, R.string.msg_dc_error_no_data),
@ -572,6 +587,7 @@ public abstract class OperationResult implements Parcelable {
MSG_CRT_CERTIFYING (LogLevel.DEBUG, R.string.msg_crt_certifying),
MSG_CRT_CERTIFY_ALL (LogLevel.DEBUG, R.string.msg_crt_certify_all),
MSG_CRT_CERTIFY_SOME (LogLevel.DEBUG, R.plurals.msg_crt_certify_some),
MSG_CRT_ERROR_SELF (LogLevel.ERROR, R.string.msg_crt_error_self),
MSG_CRT_ERROR_MASTER_NOT_FOUND (LogLevel.ERROR, R.string.msg_crt_error_master_not_found),
MSG_CRT_ERROR_NOTHING (LogLevel.ERROR, R.string.msg_crt_error_nothing),
MSG_CRT_ERROR_UNLOCK (LogLevel.ERROR, R.string.msg_crt_error_unlock),
@ -613,6 +629,7 @@ public abstract class OperationResult implements Parcelable {
MSG_EXPORT_ERROR_STORAGE (LogLevel.ERROR, R.string.msg_export_error_storage),
MSG_EXPORT_ERROR_DB (LogLevel.ERROR, R.string.msg_export_error_db),
MSG_EXPORT_ERROR_IO (LogLevel.ERROR, R.string.msg_export_error_io),
MSG_EXPORT_ERROR_KEY (LogLevel.ERROR, R.string.msg_export_error_key),
MSG_EXPORT_SUCCESS (LogLevel.OK, R.string.msg_export_success),
MSG_CRT_UPLOAD_SUCCESS (LogLevel.OK, R.string.msg_crt_upload_success),

View File

@ -0,0 +1,63 @@
/*
* Copyright (C) 2014 Dominik Schürmann <dominik@dominikschuermann.de>
* Copyright (C) 2014 Vincent Breitmoser <v.breitmoser@mugenguild.com>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package org.sufficientlysecure.keychain.operations.results;
import android.os.Parcel;
import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
public class PgpEditKeyResult extends OperationResult {
private transient UncachedKeyRing mRing;
public final long mRingMasterKeyId;
public PgpEditKeyResult(int result, OperationLog log,
UncachedKeyRing ring) {
super(result, log);
mRing = ring;
mRingMasterKeyId = ring != null ? ring.getMasterKeyId() : Constants.key.none;
}
public UncachedKeyRing getRing() {
return mRing;
}
public PgpEditKeyResult(Parcel source) {
super(source);
mRingMasterKeyId = source.readLong();
}
@Override
public void writeToParcel(Parcel dest, int flags) {
super.writeToParcel(dest, flags);
dest.writeLong(mRingMasterKeyId);
}
public static Creator<PgpEditKeyResult> CREATOR = new Creator<PgpEditKeyResult>() {
public PgpEditKeyResult createFromParcel(final Parcel source) {
return new PgpEditKeyResult(source);
}
public PgpEditKeyResult[] newArray(final int size) {
return new PgpEditKeyResult[size];
}
};
}

View File

@ -49,6 +49,7 @@ import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.util.Date;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
@ -141,6 +142,11 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
// It means the passphrase is empty
return SecretKeyType.PASSPHRASE_EMPTY;
} catch (PGPException e) {
HashMap<String,String> notation = getRing().getLocalNotationData();
if (notation.containsKey("unlock.pin@sufficientlysecure.org")
&& "1".equals(notation.get("unlock.pin@sufficientlysecure.org"))) {
return SecretKeyType.PIN;
}
// Otherwise, it's just a regular ol' passphrase
return SecretKeyType.PASSPHRASE;
}
@ -295,6 +301,12 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
if (mPrivateKeyState == PRIVATE_KEY_STATE_LOCKED) {
throw new PrivateKeyNotUnlockedException();
}
if (!isMasterKey()) {
throw new AssertionError("tried to certify with non-master key, this is a programming error!");
}
if (publicKeyRing.getMasterKeyId() == getKeyId()) {
throw new AssertionError("key tried to self-certify, this is a programming error!");
}
// create a signatureGenerator from the supplied masterKeyId and passphrase
PGPSignatureGenerator signatureGenerator;

View File

@ -26,6 +26,7 @@ import org.spongycastle.openpgp.PGPPrivateKey;
import org.spongycastle.openpgp.PGPPublicKey;
import org.spongycastle.openpgp.PGPSecretKey;
import org.spongycastle.openpgp.PGPSecretKeyRing;
import org.spongycastle.openpgp.PGPSignature;
import org.spongycastle.openpgp.operator.PBESecretKeyDecryptor;
import org.spongycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder;
import org.sufficientlysecure.keychain.Constants;
@ -36,6 +37,7 @@ import org.sufficientlysecure.keychain.util.IterableIterator;
import org.sufficientlysecure.keychain.util.Log;
import java.io.IOException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
@ -130,4 +132,16 @@ public class CanonicalizedSecretKeyRing extends CanonicalizedKeyRing {
});
}
public HashMap<String,String> getLocalNotationData() {
HashMap<String,String> result = new HashMap<String,String>();
Iterator<PGPSignature> it = getRing().getPublicKey().getKeySignatures();
while (it.hasNext()) {
WrappedSignature sig = new WrappedSignature(it.next());
if (sig.isLocal()) {
result.putAll(sig.getNotation());
}
}
return result;
}
}

View File

@ -84,7 +84,7 @@ public class PgpDecryptVerify extends BaseOperation {
private boolean mDecryptMetadataOnly;
private byte[] mDecryptedSessionKey;
private PgpDecryptVerify(Builder builder) {
protected PgpDecryptVerify(Builder builder) {
super(builder.mContext, builder.mProviderHelper, builder.mProgressable);
// private Constructor can only be called from Builder
@ -633,7 +633,7 @@ public class PgpDecryptVerify extends BaseOperation {
// Handle missing integrity protection like failed integrity protection!
// The MDC packet can be stripped by an attacker!
if (!signatureResultBuilder.isValidSignature()) {
log.add(LogType.MSG_DC_ERROR_INTEGRITY_CHECK, indent);
log.add(LogType.MSG_DC_ERROR_INTEGRITY_MISSING, indent);
return new DecryptVerifyResult(DecryptVerifyResult.RESULT_ERROR, log);
}
}

View File

@ -49,7 +49,7 @@ import org.sufficientlysecure.keychain.R;
import org.sufficientlysecure.keychain.operations.results.OperationResult;
import org.sufficientlysecure.keychain.operations.results.OperationResult.LogType;
import org.sufficientlysecure.keychain.operations.results.OperationResult.OperationLog;
import org.sufficientlysecure.keychain.operations.results.EditKeyResult;
import org.sufficientlysecure.keychain.operations.results.PgpEditKeyResult;
import org.sufficientlysecure.keychain.service.SaveKeyringParcel;
import org.sufficientlysecure.keychain.service.SaveKeyringParcel.Algorithm;
import org.sufficientlysecure.keychain.service.SaveKeyringParcel.ChangeUnlockParcel;
@ -301,7 +301,7 @@ public class PgpKeyOperation {
}
}
public EditKeyResult createSecretKeyRing(SaveKeyringParcel saveParcel) {
public PgpEditKeyResult createSecretKeyRing(SaveKeyringParcel saveParcel) {
OperationLog log = new OperationLog();
int indent = 0;
@ -314,23 +314,23 @@ public class PgpKeyOperation {
if (saveParcel.mAddSubKeys.isEmpty()) {
log.add(LogType.MSG_CR_ERROR_NO_MASTER, indent);
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
}
if (saveParcel.mAddUserIds.isEmpty()) {
log.add(LogType.MSG_CR_ERROR_NO_USER_ID, indent);
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
}
SubkeyAdd add = saveParcel.mAddSubKeys.remove(0);
if ((add.mFlags & KeyFlags.CERTIFY_OTHER) != KeyFlags.CERTIFY_OTHER) {
log.add(LogType.MSG_CR_ERROR_NO_CERTIFY, indent);
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
}
if (add.mExpiry == null) {
log.add(LogType.MSG_CR_ERROR_NULL_EXPIRY, indent);
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
}
subProgressPush(10, 30);
@ -339,7 +339,7 @@ public class PgpKeyOperation {
// return null if this failed (an error will already have been logged by createKey)
if (keyPair == null) {
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
}
progress(R.string.progress_building_master_key, 40);
@ -366,10 +366,10 @@ public class PgpKeyOperation {
} catch (PGPException e) {
log.add(LogType.MSG_CR_ERROR_INTERNAL_PGP, indent);
Log.e(Constants.TAG, "pgp error encoding key", e);
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
} catch (IOException e) {
Log.e(Constants.TAG, "io error encoding key", e);
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
}
}
@ -389,7 +389,7 @@ public class PgpKeyOperation {
* handling of errors should be done in UI code!
*
*/
public EditKeyResult modifySecretKeyRing(CanonicalizedSecretKeyRing wsKR, SaveKeyringParcel saveParcel,
public PgpEditKeyResult modifySecretKeyRing(CanonicalizedSecretKeyRing wsKR, SaveKeyringParcel saveParcel,
String passphrase) {
OperationLog log = new OperationLog();
@ -414,7 +414,7 @@ public class PgpKeyOperation {
// Make sure this is called with a proper SaveKeyringParcel
if (saveParcel.mMasterKeyId == null || saveParcel.mMasterKeyId != wsKR.getMasterKeyId()) {
log.add(LogType.MSG_MF_ERROR_KEYID, indent);
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
}
// We work on bouncycastle object level here
@ -425,7 +425,7 @@ public class PgpKeyOperation {
if (saveParcel.mFingerprint == null || !Arrays.equals(saveParcel.mFingerprint,
masterSecretKey.getPublicKey().getFingerprint())) {
log.add(LogType.MSG_MF_ERROR_FINGERPRINT, indent);
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
}
// read masterKeyFlags, and use the same as before.
@ -439,7 +439,7 @@ public class PgpKeyOperation {
}
private EditKeyResult internal(PGPSecretKeyRing sKR, PGPSecretKey masterSecretKey,
private PgpEditKeyResult internal(PGPSecretKeyRing sKR, PGPSecretKey masterSecretKey,
int masterKeyFlags, long masterKeyExpiry,
SaveKeyringParcel saveParcel, String passphrase,
OperationLog log) {
@ -461,7 +461,7 @@ public class PgpKeyOperation {
masterPrivateKey = masterSecretKey.extractPrivateKey(keyDecryptor);
} catch (PGPException e) {
log.add(LogType.MSG_MF_UNLOCK_ERROR, indent + 1);
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
}
}
@ -470,7 +470,7 @@ public class PgpKeyOperation {
// Check if we were cancelled
if (checkCancelled()) {
log.add(LogType.MSG_OPERATION_CANCELLED, indent);
return new EditKeyResult(EditKeyResult.RESULT_CANCELLED, log, null);
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_CANCELLED, log, null);
}
{ // work on master secret key
@ -487,7 +487,7 @@ public class PgpKeyOperation {
if (userId.equals("")) {
log.add(LogType.MSG_MF_UID_ERROR_EMPTY, indent + 1);
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
}
// this operation supersedes all previous binding and revocation certificates,
@ -499,7 +499,7 @@ public class PgpKeyOperation {
if (cert.getKeyID() != masterPublicKey.getKeyID()) {
// foreign certificate?! error error error
log.add(LogType.MSG_MF_ERROR_INTEGRITY, indent);
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
}
if (cert.getSignatureType() == PGPSignature.CERTIFICATION_REVOCATION
|| cert.getSignatureType() == PGPSignature.NO_CERTIFICATION
@ -541,7 +541,7 @@ public class PgpKeyOperation {
}
if (!exists) {
log.add(LogType.MSG_MF_ERROR_NOEXIST_REVOKE, indent);
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
}
// a duplicate revocation will be removed during canonicalization, so no need to
@ -572,7 +572,7 @@ public class PgpKeyOperation {
if (cert.getKeyID() != masterPublicKey.getKeyID()) {
// foreign certificate?! error error error
log.add(LogType.MSG_MF_ERROR_INTEGRITY, indent);
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
}
// we know from canonicalization that if there is any revocation here, it
// is valid and not superseded by a newer certification.
@ -593,7 +593,7 @@ public class PgpKeyOperation {
if (currentCert == null) {
// no certificate found?! error error error
log.add(LogType.MSG_MF_ERROR_INTEGRITY, indent);
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
}
// we definitely should not update certifications of revoked keys, so just leave it.
@ -601,7 +601,7 @@ public class PgpKeyOperation {
// revoked user ids cannot be primary!
if (userId.equals(saveParcel.mChangePrimaryUserId)) {
log.add(LogType.MSG_MF_ERROR_REVOKED_PRIMARY, indent);
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
}
continue;
}
@ -650,7 +650,7 @@ public class PgpKeyOperation {
if (!ok) {
log.add(LogType.MSG_MF_ERROR_NOEXIST_PRIMARY, indent);
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
}
}
@ -666,7 +666,7 @@ public class PgpKeyOperation {
// Check if we were cancelled - again
if (checkCancelled()) {
log.add(LogType.MSG_OPERATION_CANCELLED, indent);
return new EditKeyResult(EditKeyResult.RESULT_CANCELLED, log, null);
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_CANCELLED, log, null);
}
// 4a. For each subkey change, generate new subkey binding certificate
@ -682,7 +682,7 @@ public class PgpKeyOperation {
if (sKey == null) {
log.add(LogType.MSG_MF_ERROR_SUBKEY_MISSING,
indent + 1, KeyFormattingUtils.convertKeyIdToHex(change.mKeyId));
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
}
// expiry must not be in the past
@ -690,7 +690,7 @@ public class PgpKeyOperation {
new Date(change.mExpiry*1000).before(new Date())) {
log.add(LogType.MSG_MF_ERROR_PAST_EXPIRY,
indent + 1, KeyFormattingUtils.convertKeyIdToHex(change.mKeyId));
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
}
// if this is the master key, update uid certificates instead
@ -700,7 +700,7 @@ public class PgpKeyOperation {
if ((flags & KeyFlags.CERTIFY_OTHER) != KeyFlags.CERTIFY_OTHER) {
log.add(LogType.MSG_MF_ERROR_NO_CERTIFY, indent + 1);
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
}
PGPPublicKey pKey =
@ -708,7 +708,7 @@ public class PgpKeyOperation {
flags, expiry, indent, log);
if (pKey == null) {
// error log entry has already been added by updateMasterCertificates itself
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
}
masterSecretKey = PGPSecretKey.replacePublicKey(sKey, pKey);
masterPublicKey = pKey;
@ -763,7 +763,7 @@ public class PgpKeyOperation {
if (sKey == null) {
log.add(LogType.MSG_MF_ERROR_SUBKEY_MISSING,
indent+1, KeyFormattingUtils.convertKeyIdToHex(revocation));
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
}
PGPPublicKey pKey = sKey.getPublicKey();
@ -788,7 +788,7 @@ public class PgpKeyOperation {
if (sKey == null) {
log.add(LogType.MSG_MF_ERROR_SUBKEY_MISSING,
indent+1, KeyFormattingUtils.convertKeyIdToHex(strip));
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
}
// IT'S DANGEROUS~
@ -806,7 +806,7 @@ public class PgpKeyOperation {
// Check if we were cancelled - again. This operation is expensive so we do it each loop.
if (checkCancelled()) {
log.add(LogType.MSG_OPERATION_CANCELLED, indent);
return new EditKeyResult(EditKeyResult.RESULT_CANCELLED, log, null);
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_CANCELLED, log, null);
}
progress(R.string.progress_modify_subkeyadd, (i-1) * (100 / saveParcel.mAddSubKeys.size()));
@ -816,12 +816,12 @@ public class PgpKeyOperation {
if (add.mExpiry == null) {
log.add(LogType.MSG_MF_ERROR_NULL_EXPIRY, indent +1);
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
}
if (add.mExpiry > 0L && new Date(add.mExpiry*1000).before(new Date())) {
log.add(LogType.MSG_MF_ERROR_PAST_EXPIRY, indent +1);
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
}
// generate a new secret key (privkey only for now)
@ -833,7 +833,7 @@ public class PgpKeyOperation {
subProgressPop();
if (keyPair == null) {
log.add(LogType.MSG_MF_ERROR_PGP, indent +1);
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
}
// add subkey binding signature (making this a sub rather than master key)
@ -868,7 +868,7 @@ public class PgpKeyOperation {
// Check if we were cancelled - again. This operation is expensive so we do it each loop.
if (checkCancelled()) {
log.add(LogType.MSG_OPERATION_CANCELLED, indent);
return new EditKeyResult(EditKeyResult.RESULT_CANCELLED, log, null);
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_CANCELLED, log, null);
}
// 6. If requested, change passphrase
@ -877,10 +877,11 @@ public class PgpKeyOperation {
log.add(LogType.MSG_MF_PASSPHRASE, indent);
indent += 1;
sKR = applyNewUnlock(sKR, masterPublicKey, passphrase, saveParcel.mNewUnlock, log, indent);
sKR = applyNewUnlock(sKR, masterPublicKey, masterPrivateKey,
passphrase, saveParcel.mNewUnlock, log, indent);
if (sKR == null) {
// The error has been logged above, just return a bad state
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
}
indent -= 1;
@ -889,38 +890,105 @@ public class PgpKeyOperation {
} catch (IOException e) {
Log.e(Constants.TAG, "encountered IOException while modifying key", e);
log.add(LogType.MSG_MF_ERROR_ENCODE, indent+1);
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
} catch (PGPException e) {
Log.e(Constants.TAG, "encountered pgp error while modifying key", e);
log.add(LogType.MSG_MF_ERROR_PGP, indent+1);
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
} catch (SignatureException e) {
Log.e(Constants.TAG, "encountered SignatureException while modifying key", e);
log.add(LogType.MSG_MF_ERROR_SIG, indent+1);
return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
}
progress(R.string.progress_done, 100);
log.add(LogType.MSG_MF_SUCCESS, indent);
return new EditKeyResult(OperationResult.RESULT_OK, log, new UncachedKeyRing(sKR));
return new PgpEditKeyResult(OperationResult.RESULT_OK, log, new UncachedKeyRing(sKR));
}
private static PGPSecretKeyRing applyNewUnlock(
PGPSecretKeyRing sKR,
PGPPublicKey masterPublicKey,
PGPPrivateKey masterPrivateKey,
String passphrase,
ChangeUnlockParcel newUnlock,
OperationLog log, int indent) throws PGPException {
if (newUnlock.mNewPassphrase != null) {
return applyNewPassphrase(sKR, masterPublicKey, passphrase, newUnlock.mNewPassphrase, log, indent);
sKR = applyNewPassphrase(sKR, masterPublicKey, passphrase, newUnlock.mNewPassphrase, log, indent);
// if there is any old packet with notation data
if (hasNotationData(sKR)) {
log.add(LogType.MSG_MF_NOTATION_EMPTY, indent);
// add packet with EMPTY notation data (updates old one, but will be stripped later)
PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(
masterPrivateKey.getPublicKeyPacket().getAlgorithm(), HashAlgorithmTags.SHA512)
.setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
PGPSignatureGenerator sGen = new PGPSignatureGenerator(signerBuilder);
{ // set subpackets
PGPSignatureSubpacketGenerator hashedPacketsGen = new PGPSignatureSubpacketGenerator();
hashedPacketsGen.setExportable(false, false);
sGen.setHashedSubpackets(hashedPacketsGen.generate());
}
sGen.init(PGPSignature.DIRECT_KEY, masterPrivateKey);
PGPSignature emptySig = sGen.generateCertification(masterPublicKey);
masterPublicKey = PGPPublicKey.addCertification(masterPublicKey, emptySig);
sKR = PGPSecretKeyRing.insertSecretKey(sKR,
PGPSecretKey.replacePublicKey(sKR.getSecretKey(), masterPublicKey));
}
return sKR;
}
if (newUnlock.mNewPin != null) {
sKR = applyNewPassphrase(sKR, masterPublicKey, passphrase, newUnlock.mNewPin, log, indent);
log.add(LogType.MSG_MF_NOTATION_PIN, indent);
// add packet with "pin" notation data
PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(
masterPrivateKey.getPublicKeyPacket().getAlgorithm(), HashAlgorithmTags.SHA512)
.setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
PGPSignatureGenerator sGen = new PGPSignatureGenerator(signerBuilder);
{ // set subpackets
PGPSignatureSubpacketGenerator hashedPacketsGen = new PGPSignatureSubpacketGenerator();
hashedPacketsGen.setExportable(false, false);
hashedPacketsGen.setNotationData(false, true, "unlock.pin@sufficientlysecure.org", "1");
sGen.setHashedSubpackets(hashedPacketsGen.generate());
}
sGen.init(PGPSignature.DIRECT_KEY, masterPrivateKey);
PGPSignature emptySig = sGen.generateCertification(masterPublicKey);
masterPublicKey = PGPPublicKey.addCertification(masterPublicKey, emptySig);
sKR = PGPSecretKeyRing.insertSecretKey(sKR,
PGPSecretKey.replacePublicKey(sKR.getSecretKey(), masterPublicKey));
return sKR;
}
throw new UnsupportedOperationException("PIN passphrases not yet implemented!");
}
/** This method returns true iff the provided keyring has a local direct key signature
* with notation data.
*/
private static boolean hasNotationData(PGPSecretKeyRing sKR) {
// noinspection unchecked
Iterator<PGPSignature> sigs = sKR.getPublicKey().getKeySignatures();
while (sigs.hasNext()) {
WrappedSignature sig = new WrappedSignature(sigs.next());
if (sig.getSignatureType() == PGPSignature.DIRECT_KEY
&& sig.isLocal() && !sig.getNotation().isEmpty()) {
return true;
}
}
return false;
}
private static PGPSecretKeyRing applyNewPassphrase(
PGPSecretKeyRing sKR,

View File

@ -95,7 +95,7 @@ public class PgpSignEncrypt extends BaseOperation {
}
}
private PgpSignEncrypt(Builder builder) {
protected PgpSignEncrypt(Builder builder) {
super(builder.mContext, builder.mProviderHelper, builder.mProgressable);
// private Constructor can only be called from Builder

View File

@ -41,7 +41,6 @@ import org.sufficientlysecure.keychain.util.IterableIterator;
import org.sufficientlysecure.keychain.util.Log;
import org.sufficientlysecure.keychain.util.Utf8Util;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
@ -138,7 +137,7 @@ public class UncachedKeyRing {
public static UncachedKeyRing decodeFromData(byte[] data)
throws PgpGeneralException, IOException {
Iterator<UncachedKeyRing> parsed = fromStream(new ByteArrayInputStream(data));
IteratorWithIOThrow<UncachedKeyRing> parsed = fromStream(new ByteArrayInputStream(data));
if ( ! parsed.hasNext()) {
throw new PgpGeneralException("Object not recognized as PGPKeyRing!");
@ -154,14 +153,14 @@ public class UncachedKeyRing {
}
public static Iterator<UncachedKeyRing> fromStream(final InputStream stream) throws IOException {
public static IteratorWithIOThrow<UncachedKeyRing> fromStream(final InputStream stream) {
return new Iterator<UncachedKeyRing>() {
return new IteratorWithIOThrow<UncachedKeyRing>() {
UncachedKeyRing mNext = null;
PGPObjectFactory mObjectFactory = null;
private void cacheNext() {
private void cacheNext() throws IOException {
if (mNext != null) {
return;
}
@ -190,21 +189,19 @@ public class UncachedKeyRing {
// if we are past the while loop, that means the objectFactory had no next
mObjectFactory = null;
}
} catch (IOException e) {
Log.e(Constants.TAG, "IOException while processing stream. ArmoredInputStream CRC check failed?", e);
} catch (ArrayIndexOutOfBoundsException e) {
Log.e(Constants.TAG, "ArmoredInputStream decode failed, symbol is not in decodingTable!", e);
throw new IOException(e);
}
}
@Override
public boolean hasNext() {
public boolean hasNext() throws IOException {
cacheNext();
return mNext != null;
}
@Override
public UncachedKeyRing next() {
public UncachedKeyRing next() throws IOException {
try {
cacheNext();
return mNext;
@ -212,15 +209,15 @@ public class UncachedKeyRing {
mNext = null;
}
}
@Override
public void remove() {
throw new UnsupportedOperationException();
}
};
}
public interface IteratorWithIOThrow<E> {
public boolean hasNext() throws IOException;
public E next() throws IOException;
}
public void encodeArmored(OutputStream out, String version) throws IOException {
ArmoredOutputStream aos = new ArmoredOutputStream(out);
if (version != null) {
@ -267,6 +264,35 @@ public class UncachedKeyRing {
*/
@SuppressWarnings("ConstantConditions")
public CanonicalizedKeyRing canonicalize(OperationLog log, int indent) {
return canonicalize(log, indent, false);
}
/** "Canonicalizes" a public key, removing inconsistencies in the process.
*
* More specifically:
* - Remove all non-verifying self-certificates
* - Remove all "future" self-certificates
* - Remove all certificates flagged as "local"
* - Remove all certificates which are superseded by a newer one on the same target,
* including revocations with later re-certifications.
* - Remove all certificates in other positions if not of known type:
* - key revocation signatures on the master key
* - subkey binding signatures for subkeys
* - certifications and certification revocations for user ids
* - If a subkey retains no valid subkey binding certificate, remove it
* - If a user id retains no valid self certificate, remove it
* - If the key is a secret key, remove all certificates by foreign keys
* - If no valid user id remains, log an error and return null
*
* This operation writes an OperationLog which can be used as part of an OperationResultParcel.
*
* @param forExport if this is true, non-exportable signatures will be removed
* @return A canonicalized key, or null on fatal error (log will include a message in this case)
*
*/
@SuppressWarnings("ConstantConditions")
public CanonicalizedKeyRing canonicalize(OperationLog log, int indent, boolean forExport) {
log.add(isSecret() ? LogType.MSG_KC_SECRET : LogType.MSG_KC_PUBLIC,
indent, KeyFormattingUtils.convertKeyIdToHex(getMasterKeyId()));
@ -302,6 +328,7 @@ public class UncachedKeyRing {
PGPPublicKey modified = masterKey;
PGPSignature revocation = null;
PGPSignature notation = null;
for (PGPSignature zert : new IterableIterator<PGPSignature>(masterKey.getKeySignatures())) {
int type = zert.getSignatureType();
@ -311,16 +338,16 @@ public class UncachedKeyRing {
|| type == PGPSignature.CASUAL_CERTIFICATION
|| type == PGPSignature.POSITIVE_CERTIFICATION
|| type == PGPSignature.CERTIFICATION_REVOCATION) {
log.add(LogType.MSG_KC_REVOKE_BAD_TYPE_UID, indent);
log.add(LogType.MSG_KC_MASTER_BAD_TYPE_UID, indent);
modified = PGPPublicKey.removeCertification(modified, zert);
badCerts += 1;
continue;
}
WrappedSignature cert = new WrappedSignature(zert);
if (type != PGPSignature.KEY_REVOCATION) {
if (type != PGPSignature.KEY_REVOCATION && type != PGPSignature.DIRECT_KEY) {
// Unknown type, just remove
log.add(LogType.MSG_KC_REVOKE_BAD_TYPE, indent, "0x" + Integer.toString(type, 16));
log.add(LogType.MSG_KC_MASTER_BAD_TYPE, indent, "0x" + Integer.toString(type, 16));
modified = PGPPublicKey.removeCertification(modified, zert);
badCerts += 1;
continue;
@ -328,15 +355,7 @@ public class UncachedKeyRing {
if (cert.getCreationTime().after(nowPlusOneDay)) {
// Creation date in the future? No way!
log.add(LogType.MSG_KC_REVOKE_BAD_TIME, indent);
modified = PGPPublicKey.removeCertification(modified, zert);
badCerts += 1;
continue;
}
if (cert.isLocal()) {
// Remove revocation certs with "local" flag
log.add(LogType.MSG_KC_REVOKE_BAD_LOCAL, indent);
log.add(LogType.MSG_KC_MASTER_BAD_TIME, indent);
modified = PGPPublicKey.removeCertification(modified, zert);
badCerts += 1;
continue;
@ -345,13 +364,54 @@ public class UncachedKeyRing {
try {
cert.init(masterKey);
if (!cert.verifySignature(masterKey)) {
log.add(LogType.MSG_KC_REVOKE_BAD, indent);
log.add(LogType.MSG_KC_MASTER_BAD, indent);
modified = PGPPublicKey.removeCertification(modified, zert);
badCerts += 1;
continue;
}
} catch (PgpGeneralException e) {
log.add(LogType.MSG_KC_REVOKE_BAD_ERR, indent);
log.add(LogType.MSG_KC_MASTER_BAD_ERR, indent);
modified = PGPPublicKey.removeCertification(modified, zert);
badCerts += 1;
continue;
}
// if this is for export, we always remove any non-exportable certs
if (forExport && cert.isLocal()) {
// Remove revocation certs with "local" flag
log.add(LogType.MSG_KC_MASTER_LOCAL, indent);
modified = PGPPublicKey.removeCertification(modified, zert);
continue;
}
// special case: non-exportable, direct key signatures for notations!
if (cert.getSignatureType() == PGPSignature.DIRECT_KEY) {
// must be local, otherwise strip!
if (!cert.isLocal()) {
log.add(LogType.MSG_KC_MASTER_BAD_TYPE, indent);
modified = PGPPublicKey.removeCertification(modified, zert);
badCerts += 1;
continue;
}
// first notation? fine then.
if (notation == null) {
notation = zert;
// more notations? at least one is superfluous, then.
} else if (notation.getCreationTime().before(zert.getCreationTime())) {
log.add(LogType.MSG_KC_NOTATION_DUP, indent);
modified = PGPPublicKey.removeCertification(modified, notation);
redundantCerts += 1;
notation = zert;
} else {
log.add(LogType.MSG_KC_NOTATION_DUP, indent);
modified = PGPPublicKey.removeCertification(modified, zert);
redundantCerts += 1;
}
continue;
} else if (cert.isLocal()) {
// Remove revocation certs with "local" flag
log.add(LogType.MSG_KC_MASTER_BAD_LOCAL, indent);
modified = PGPPublicKey.removeCertification(modified, zert);
badCerts += 1;
continue;
@ -373,6 +433,16 @@ public class UncachedKeyRing {
}
}
// If we have a notation packet, check if there is even any data in it?
if (notation != null) {
// If there isn't, might as well strip it
if (new WrappedSignature(notation).getNotation().isEmpty()) {
log.add(LogType.MSG_KC_NOTATION_EMPTY, indent);
modified = PGPPublicKey.removeCertification(modified, notation);
redundantCerts += 1;
}
}
ArrayList<String> processedUserIds = new ArrayList<String>();
for (byte[] rawUserId : new IterableIterator<byte[]>(masterKey.getRawUserIDs())) {
String userId = Utf8Util.fromUTF8ByteArrayReplaceBadEncoding(rawUserId);

View File

@ -186,12 +186,14 @@ public class UncachedPublicKey {
}
/**
* Returns primary user id if existing. If not, return first encountered user id.
* Returns primary user id if existing. If not, return first encountered user id. If there
* is no user id, return null (this can only happen for not yet canonicalized keys during import)
*/
public String getPrimaryUserIdWithFallback() {
String userId = getPrimaryUserId();
if (userId == null) {
userId = (String) mPublicKey.getUserIDs().next();
Iterator<String> it = mPublicKey.getUserIDs();
userId = it.hasNext() ? it.next() : null;
}
return userId;
}

View File

@ -21,6 +21,7 @@ package org.sufficientlysecure.keychain.pgp;
import org.spongycastle.bcpg.SignatureSubpacket;
import org.spongycastle.bcpg.SignatureSubpacketTags;
import org.spongycastle.bcpg.sig.Exportable;
import org.spongycastle.bcpg.sig.NotationData;
import org.spongycastle.bcpg.sig.Revocable;
import org.spongycastle.bcpg.sig.RevocationReason;
import org.spongycastle.openpgp.PGPException;
@ -37,6 +38,7 @@ import java.io.IOException;
import java.security.SignatureException;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
/** OpenKeychain wrapper around PGPSignature objects.
*
@ -239,4 +241,20 @@ public class WrappedSignature {
SignatureSubpacket p = mSig.getHashedSubPackets().getSubpacket(SignatureSubpacketTags.EXPORTABLE);
return ! ((Exportable) p).isExportable();
}
public HashMap<String,String> getNotation() {
HashMap<String,String> result = new HashMap<String,String>();
// If there is any notation data
if (mSig.getHashedSubPackets() != null
&& mSig.getHashedSubPackets().hasSubpacket(SignatureSubpacketTags.NOTATION_DATA)) {
// Iterate over notation data
for (NotationData data : mSig.getHashedSubPackets().getNotationDataOccurrences()) {
result.put(data.getNotationName(), data.getNotationValue());
}
}
return result;
}
}

View File

@ -307,6 +307,7 @@ public class KeychainContract {
public static final String USER_ID = UserIdsColumns.USER_ID;
public static final String SIGNER_UID = "signer_user_id";
public static final int UNVERIFIED = 0;
public static final int VERIFIED_SECRET = 1;
public static final int VERIFIED_SELF = 2;

View File

@ -192,6 +192,9 @@ public class ProviderHelper {
}
pos += 1;
}
} else {
// If no data was found, throw an appropriate exception
throw new NotFoundException();
}
return result;
@ -540,6 +543,7 @@ public class ProviderHelper {
UserIdItem item = uids.get(userIdRank);
operations.add(buildUserIdOperations(masterKeyId, item, userIdRank));
if (item.selfCert != null) {
// TODO get rid of "self verified" status? this cannot even happen anymore!
operations.add(buildCertOperations(masterKeyId, userIdRank, item.selfCert,
selfCertsAreTrusted ? Certs.VERIFIED_SECRET : Certs.VERIFIED_SELF));
}
@ -682,6 +686,11 @@ public class ProviderHelper {
KeyFormattingUtils.convertKeyIdToHex(id)
);
break;
case PIN:
log(LogType.MSG_IS_SUBKEY_PIN,
KeyFormattingUtils.convertKeyIdToHex(id)
);
break;
case GNU_DUMMY:
log(LogType.MSG_IS_SUBKEY_STRIPPED,
KeyFormattingUtils.convertKeyIdToHex(id)

View File

@ -27,11 +27,13 @@ import android.os.Messenger;
import android.os.RemoteException;
import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.R;
import org.sufficientlysecure.keychain.operations.CertifyOperation;
import org.sufficientlysecure.keychain.operations.DeleteOperation;
import org.sufficientlysecure.keychain.operations.EditKeyOperation;
import org.sufficientlysecure.keychain.operations.results.DeleteResult;
import org.sufficientlysecure.keychain.operations.results.EditKeyResult;
import org.sufficientlysecure.keychain.operations.results.ExportResult;
import org.sufficientlysecure.keychain.operations.results.PgpEditKeyResult;
import org.sufficientlysecure.keychain.pgp.exception.PgpKeyNotFoundException;
import org.sufficientlysecure.keychain.operations.results.CertifyResult;
import org.sufficientlysecure.keychain.util.FileHelper;
@ -41,31 +43,23 @@ import org.sufficientlysecure.keychain.keyimport.HkpKeyserver;
import org.sufficientlysecure.keychain.keyimport.Keyserver;
import org.sufficientlysecure.keychain.keyimport.ParcelableKeyRing;
import org.sufficientlysecure.keychain.pgp.CanonicalizedPublicKeyRing;
import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKeyRing;
import org.sufficientlysecure.keychain.pgp.PgpDecryptVerify;
import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult;
import org.sufficientlysecure.keychain.pgp.PgpHelper;
import org.sufficientlysecure.keychain.operations.ImportExportOperation;
import org.sufficientlysecure.keychain.pgp.PgpKeyOperation;
import org.sufficientlysecure.keychain.pgp.PgpSignEncrypt;
import org.sufficientlysecure.keychain.pgp.Progressable;
import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralMsgIdException;
import org.sufficientlysecure.keychain.provider.CachedPublicKeyRing;
import org.sufficientlysecure.keychain.provider.ProviderHelper;
import org.sufficientlysecure.keychain.operations.results.OperationResult;
import org.sufficientlysecure.keychain.operations.results.OperationResult.LogType;
import org.sufficientlysecure.keychain.operations.results.OperationResult.OperationLog;
import org.sufficientlysecure.keychain.operations.results.ConsolidateResult;
import org.sufficientlysecure.keychain.operations.results.EditKeyResult;
import org.sufficientlysecure.keychain.operations.results.ImportKeyResult;
import org.sufficientlysecure.keychain.operations.results.SaveKeyringResult;
import org.sufficientlysecure.keychain.operations.results.SignEncryptResult;
import org.sufficientlysecure.keychain.util.ParcelableFileCache;
import org.sufficientlysecure.keychain.util.InputData;
import org.sufficientlysecure.keychain.util.Log;
import org.sufficientlysecure.keychain.util.ProgressScaler;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
@ -342,83 +336,16 @@ public class KeychainIntentService extends IntentService implements Progressable
} else if (ACTION_EDIT_KEYRING.equals(action)) {
try {
/* Input */
// Input
SaveKeyringParcel saveParcel = data.getParcelable(EDIT_KEYRING_PARCEL);
if (saveParcel == null) {
Log.e(Constants.TAG, "bug: missing save_keyring_parcel in data!");
return;
}
/* Operation */
PgpKeyOperation keyOperations =
new PgpKeyOperation(new ProgressScaler(this, 10, 60, 100), mActionCanceled);
EditKeyResult modifyResult;
if (saveParcel.mMasterKeyId != null) {
String passphrase = data.getString(EDIT_KEYRING_PASSPHRASE);
CanonicalizedSecretKeyRing secRing =
new ProviderHelper(this).getCanonicalizedSecretKeyRing(saveParcel.mMasterKeyId);
modifyResult = keyOperations.modifySecretKeyRing(secRing, saveParcel, passphrase);
} else {
modifyResult = keyOperations.createSecretKeyRing(saveParcel);
}
// Operation
EditKeyOperation op = new EditKeyOperation(this, providerHelper, this, mActionCanceled);
EditKeyResult result = op.execute(saveParcel, passphrase);
// If the edit operation didn't succeed, exit here
if (!modifyResult.success()) {
// always return SaveKeyringResult, so create one out of the EditKeyResult
sendMessageToHandler(KeychainIntentServiceHandler.MESSAGE_OKAY, modifyResult);
return;
}
UncachedKeyRing ring = modifyResult.getRing();
// Check if the action was cancelled
if (mActionCanceled.get()) {
OperationLog log = modifyResult.getLog();
// If it wasn't added before, add log entry
if (!modifyResult.cancelled()) {
log.add(LogType.MSG_OPERATION_CANCELLED, 0);
}
// If so, just stop without saving
modifyResult = new EditKeyResult(
EditKeyResult.RESULT_CANCELLED, log, null);
sendMessageToHandler(KeychainIntentServiceHandler.MESSAGE_OKAY, modifyResult);
return;
}
// Save the keyring. The ProviderHelper is initialized with the previous log
SaveKeyringResult saveResult = new ProviderHelper(this, modifyResult.getLog())
.saveSecretKeyRing(ring, new ProgressScaler(this, 60, 95, 100));
// If the edit operation didn't succeed, exit here
if (!saveResult.success()) {
sendMessageToHandler(KeychainIntentServiceHandler.MESSAGE_OKAY, saveResult);
return;
}
// cache new passphrase
if (saveParcel.mNewUnlock != null) {
PassphraseCacheService.addCachedPassphrase(this,
ring.getMasterKeyId(),
ring.getMasterKeyId(),
saveParcel.mNewUnlock.mNewPassphrase != null
? saveParcel.mNewUnlock.mNewPassphrase
: saveParcel.mNewUnlock.mNewPin,
ring.getPublicKey().getPrimaryUserIdWithFallback());
}
setProgress(R.string.progress_done, 100, 100);
// make sure new data is synced into contacts
ContactSyncAdapterService.requestSync();
/* Output */
sendMessageToHandler(KeychainIntentServiceHandler.MESSAGE_OKAY, saveResult);
} catch (Exception e) {
sendErrorToHandler(e);
}
// Result
sendMessageToHandler(KeychainIntentServiceHandler.MESSAGE_OKAY, result);
} else if (ACTION_EXPORT_KEYRING.equals(action)) {
@ -430,7 +357,6 @@ public class KeychainIntentService extends IntentService implements Progressable
boolean exportAll = data.getBoolean(EXPORT_ALL);
long[] masterKeyIds = exportAll ? null : data.getLongArray(EXPORT_KEY_RING_MASTER_KEY_ID);
// Operation
ImportExportOperation importExportOperation = new ImportExportOperation(this, new ProviderHelper(this), this);
ExportResult result;

View File

@ -254,6 +254,9 @@ public class SaveKeyringParcel implements Parcelable {
// A new pin to use. Must only contain [0-9]+
public final String mNewPin;
public ChangeUnlockParcel(String newPassphrase) {
this(newPassphrase, null);
}
public ChangeUnlockParcel(String newPassphrase, String newPin) {
if (newPassphrase == null && newPin == null) {
throw new RuntimeException("Cannot set both passphrase and pin. THIS IS A BUG!");

View File

@ -34,6 +34,7 @@ import android.widget.TextView;
import org.spongycastle.bcpg.sig.KeyFlags;
import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.R;
import org.sufficientlysecure.keychain.operations.results.EditKeyResult;
import org.sufficientlysecure.keychain.service.SaveKeyringParcel.ChangeUnlockParcel;
import org.sufficientlysecure.keychain.util.Preferences;
import org.sufficientlysecure.keychain.pgp.KeyRing;
@ -190,14 +191,14 @@ public class CreateKeyFinalFragment extends Fragment {
if (returnData == null) {
return;
}
final SaveKeyringResult result =
final EditKeyResult result =
returnData.getParcelable(OperationResult.EXTRA_RESULT);
if (result == null) {
Log.e(Constants.TAG, "result == null");
return;
}
if (mUploadCheckbox.isChecked()) {
if (result.mMasterKeyId != null && mUploadCheckbox.isChecked()) {
// result will be displayed after upload
uploadKey(result);
} else {
@ -227,7 +228,8 @@ public class CreateKeyFinalFragment extends Fragment {
getActivity().startService(intent);
}
private void uploadKey(final SaveKeyringResult saveKeyResult) {
// TODO move into EditKeyOperation
private void uploadKey(final EditKeyResult saveKeyResult) {
// Send all information needed to service to upload key in other thread
final Intent intent = new Intent(getActivity(), KeychainIntentService.class);
@ -235,7 +237,7 @@ public class CreateKeyFinalFragment extends Fragment {
// set data uri as path to keyring
Uri blobUri = KeychainContract.KeyRings.buildUnifiedKeyRingUri(
saveKeyResult.mRingMasterKeyId);
saveKeyResult.mMasterKeyId);
intent.setData(blobUri);
// fill values for this action

View File

@ -208,12 +208,12 @@ public class PassphraseDialogActivity extends FragmentActivity {
case PASSPHRASE:
message = getString(R.string.passphrase_for, userId);
break;
case DIVERT_TO_CARD:
message = getString(R.string.yubikey_pin_for, userId);
break;
case PIN:
message = getString(R.string.pin_for, userId);
break;
case DIVERT_TO_CARD:
message = getString(R.string.yubikey_pin_for, userId);
break;
default:
message = "This should not happen!";
break;

View File

@ -27,6 +27,7 @@ import org.sufficientlysecure.keychain.keyimport.ParcelableKeyRing;
import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
import org.sufficientlysecure.keychain.operations.results.GetKeyResult;
import org.sufficientlysecure.keychain.operations.results.OperationResult;
import org.sufficientlysecure.keychain.pgp.UncachedKeyRing.IteratorWithIOThrow;
import org.sufficientlysecure.keychain.util.InputData;
import org.sufficientlysecure.keychain.util.Log;
import org.sufficientlysecure.keychain.util.PositionAwareInputStream;
@ -127,7 +128,7 @@ public class ImportKeysListLoader
BufferedInputStream bufferedInput = new BufferedInputStream(progressIn);
try {
// parse all keyrings
Iterator<UncachedKeyRing> it = UncachedKeyRing.fromStream(bufferedInput);
IteratorWithIOThrow<UncachedKeyRing> it = UncachedKeyRing.fromStream(bufferedInput);
while (it.hasNext()) {
UncachedKeyRing ring = it.next();
ImportKeysListEntry item = new ImportKeysListEntry(getContext(), ring);

View File

@ -604,11 +604,11 @@
<string name="msg_kc_error_no_uid">Schlüsselbund hat keine gültigen Benutzerkennungen!</string>
<string name="msg_kc_error_master_algo">Der Hauptschlüssel verwendet einen unbekannten (%s) Algorithmus!</string>
<string name="msg_kc_master">Verarbeite Hauptschlüssel</string>
<string name="msg_kc_revoke_bad_err">Entferne fehlerhaftes Schlüsselbund Widerrufszertifikat</string>
<string name="msg_kc_revoke_bad_local">Entferne Schlüsselbund Widerrufszertifikat mit \"Lokal\" Attribut</string>
<string name="msg_kc_revoke_bad_time">Entferne Schlüsselbund Widerrufszertifikat mit zukünftigem Zeitstempel</string>
<string name="msg_kc_revoke_bad_type">Entferne Hauptschlüsselbeglaubigung unbekannter Art (%s)</string>
<string name="msg_kc_revoke_bad">Entferne fehlerhaftes Schlüsselbund Widerrufszertifikat</string>
<string name="msg_kc_master_bad_err">Entferne fehlerhaftes Schlüsselbund Widerrufszertifikat</string>
<string name="msg_kc_master_bad_local">Entferne Schlüsselbund Widerrufszertifikat mit \"Lokal\" Attribut</string>
<string name="msg_kc_master_bad_time">Entferne Schlüsselbund Widerrufszertifikat mit zukünftigem Zeitstempel</string>
<string name="msg_kc_master_bad_type">Entferne Hauptschlüsselbeglaubigung unbekannter Art (%s)</string>
<string name="msg_kc_master_bad">Entferne fehlerhaftes Schlüsselbund Widerrufszertifikat</string>
<string name="msg_kc_revoke_dup">Entferne redundantes Schlüsselbund Widerrufszertifikat</string>
<string name="msg_kc_sub">Verarbeite Unterschlüssel %s</string>
<string name="msg_kc_sub_bad">Entferne ungültige Unterschlüssel Zwischenbeglaubigung</string>

View File

@ -649,12 +649,12 @@
<string name="msg_kc_error_master_algo">¡La clave maestra usa un algoritmo (%s) desconocido!</string>
<string name="msg_kc_error_dup_key">La subclave %s aparece dos veces en el juego de claves (keyring). El juego de claves está mal formado, ¡no se va a importar!</string>
<string name="msg_kc_master">Procesando clave maestra</string>
<string name="msg_kc_revoke_bad_err">Eliminando certificado defectuoso de revocación de juego de claves</string>
<string name="msg_kc_revoke_bad_local">Eliminando certificado de revocación de juego de claves, con distintivo \"local\"</string>
<string name="msg_kc_revoke_bad_time">Eliminando certificado de revocación de juego de claves, con marca de tiempo futura</string>
<string name="msg_kc_revoke_bad_type">Eliminando certificado de clave maestra, de tipo desconocido (%s)</string>
<string name="msg_kc_revoke_bad_type_uid">Eliminando certificado de identificación de usuario en posición incorrecta</string>
<string name="msg_kc_revoke_bad">Eliminando certificado defectuoso de revocación de juego de claves</string>
<string name="msg_kc_master_bad_err">Eliminando certificado defectuoso de revocación de juego de claves</string>
<string name="msg_kc_master_bad_local">Eliminando certificado de revocación de juego de claves, con distintivo \"local\"</string>
<string name="msg_kc_master_bad_time">Eliminando certificado de revocación de juego de claves, con marca de tiempo futura</string>
<string name="msg_kc_master_bad_type">Eliminando certificado de clave maestra, de tipo desconocido (%s)</string>
<string name="msg_kc_master_bad_type_uid">Eliminando certificado de identificación de usuario en posición incorrecta</string>
<string name="msg_kc_master_bad">Eliminando certificado defectuoso de revocación de juego de claves</string>
<string name="msg_kc_revoke_dup">Eliminando certificado redundante de revocación de juego de claves </string>
<string name="msg_kc_sub">Procesando subclave %s</string>
<string name="msg_kc_sub_bad">Eliminando certificado no válido de vinculación de subclave</string>

View File

@ -649,12 +649,12 @@
<string name="msg_kc_error_master_algo">La clef maîtresse utilise un algorithme (%s) inconnu ! </string>
<string name="msg_kc_error_dup_key">La sous-clef %s se présente deux fois dans le trousseau. Le trousseau est mal formé, pas d\'importation ! </string>
<string name="msg_kc_master">Traitement de la clef maîtresse</string>
<string name="msg_kc_revoke_bad_err">Suppression du mauvais certificat de révocation du trousseau</string>
<string name="msg_kc_revoke_bad_local">Suppression du certificat de révocation du trousseau ayant le drapeau « local »</string>
<string name="msg_kc_revoke_bad_time">Suppression du certificat de révocation du trousseau ayant une estampille temporelle dans le futur</string>
<string name="msg_kc_revoke_bad_type">Suppression du certificat de clef maîtresse de type inconnu (%s)</string>
<string name="msg_kc_revoke_bad_type_uid">Suppression du certificat de l\'ID d\'utilisateur en mauvaise position</string>
<string name="msg_kc_revoke_bad">Suppression du mauvais certificat de révocation du trousseau</string>
<string name="msg_kc_master_bad_err">Suppression du mauvais certificat de révocation du trousseau</string>
<string name="msg_kc_master_bad_local">Suppression du certificat de révocation du trousseau ayant le drapeau « local »</string>
<string name="msg_kc_master_bad_time">Suppression du certificat de révocation du trousseau ayant une estampille temporelle dans le futur</string>
<string name="msg_kc_master_bad_type">Suppression du certificat de clef maîtresse de type inconnu (%s)</string>
<string name="msg_kc_master_bad_type_uid">Suppression du certificat de l\'ID d\'utilisateur en mauvaise position</string>
<string name="msg_kc_master_bad">Suppression du mauvais certificat de révocation du trousseau</string>
<string name="msg_kc_revoke_dup"> Suppression du certificat redondant de révocation du trousseau</string>
<string name="msg_kc_sub">Traitement de la sous-clef %s</string>
<string name="msg_kc_sub_bad">Suppression du certificat invalide de liaison de la sous-clef</string>

View File

@ -599,11 +599,11 @@ Permetti accesso?\n\nATTENZIONE: Se non sai perche\' questo schermata e\' appars
<string name="msg_kc_secret">Canonicalizzazione portachiavi segreto %s</string>
<string name="msg_kc_error_v3">Questa è una chiave OpenPGP versione 3, è deprecata e non più supportata!</string>
<string name="msg_kc_master">Elaborazione chiave principale</string>
<string name="msg_kc_revoke_bad_err">Rimozione di certificato di revoca del portachiavi corrotto</string>
<string name="msg_kc_revoke_bad_local">Rimozione certificato di revoca del portachiavi con caratteristica \"locale\"</string>
<string name="msg_kc_revoke_bad_time">Rimozione certificato di revoca del portachiavi con marca temporale futura</string>
<string name="msg_kc_revoke_bad_type">Rimozione certificato della chiave principale di tipo sconosciuto (%s)</string>
<string name="msg_kc_revoke_bad">Rimozione certificato di revoca del portachiavi corrotto</string>
<string name="msg_kc_master_bad_err">Rimozione di certificato di revoca del portachiavi corrotto</string>
<string name="msg_kc_master_bad_local">Rimozione certificato di revoca del portachiavi con caratteristica \"locale\"</string>
<string name="msg_kc_master_bad_time">Rimozione certificato di revoca del portachiavi con marca temporale futura</string>
<string name="msg_kc_master_bad_type">Rimozione certificato della chiave principale di tipo sconosciuto (%s)</string>
<string name="msg_kc_master_bad">Rimozione certificato di revoca del portachiavi corrotto</string>
<string name="msg_kc_revoke_dup">Rimozione certificato di revoca del portachiavi ridondante</string>
<string name="msg_kc_sub">Elaborazione sottochiave %s</string>
<string name="msg_kc_sub_bad">Rimozione certificato vincolante di sottochiave non valido</string>

View File

@ -615,12 +615,12 @@
<string name="msg_kc_error_master_algo">主鍵で不明なアルゴリズム(%s)を利用しています!</string>
<string name="msg_kc_error_dup_key">鍵輪の中に副鍵 %s が2度出現しました。鍵輪が不整形となっており、インポートできあせん!</string>
<string name="msg_kc_master">主鍵処理中</string>
<string name="msg_kc_revoke_bad_err">問題のある鍵輪の破棄証明を破棄中</string>
<string name="msg_kc_revoke_bad_local">鍵輪のローカルフラグ付き破棄証明を破棄中</string>
<string name="msg_kc_revoke_bad_time">鍵輪の未来にタイムスタンプがある破棄証明を破棄中</string>
<string name="msg_kc_revoke_bad_type">問題のある主鍵の不明な型 (%s) の証明を破棄中</string>
<string name="msg_kc_revoke_bad_type_uid">不正な位置のユーザID検証を破棄中</string>
<string name="msg_kc_revoke_bad">問題のある鍵輪の破棄証明を破棄中</string>
<string name="msg_kc_master_bad_err">問題のある鍵輪の破棄証明を破棄中</string>
<string name="msg_kc_master_bad_local">鍵輪のローカルフラグ付き破棄証明を破棄中</string>
<string name="msg_kc_master_bad_time">鍵輪の未来にタイムスタンプがある破棄証明を破棄中</string>
<string name="msg_kc_master_bad_type">問題のある主鍵の不明な型 (%s) の証明を破棄中</string>
<string name="msg_kc_master_bad_type_uid">不正な位置のユーザID検証を破棄中</string>
<string name="msg_kc_master_bad">問題のある鍵輪の破棄証明を破棄中</string>
<string name="msg_kc_revoke_dup">重複している鍵輪の破棄証明を破棄中</string>
<string name="msg_kc_sub">副鍵 %s の処理中</string>
<string name="msg_kc_sub_bad">証明が付随する不正な副鍵を破棄中</string>

View File

@ -447,11 +447,11 @@
<string name="msg_is_success">Zasebna zbirka ključev uspešno uvožena</string>
<!--Keyring Canonicalization log entries-->
<string name="msg_kc_master">Obdelujem glavni ključ...</string>
<string name="msg_kc_revoke_bad_err">Umikam slab certifikat za preklic zbirk ključev</string>
<string name="msg_kc_revoke_bad_local">Umikam certifikat za preklic zbirk ključev z oznako \"lokalno\"</string>
<string name="msg_kc_revoke_bad_time">Umikam certifikat za preklic zbirk ključev s časovno znamko v prihodnosti</string>
<string name="msg_kc_revoke_bad_type">Umikam certifikat glavnega ključa neznanega tipa (%s)</string>
<string name="msg_kc_revoke_bad">Umikam slab certifikat za preklic zbirk ključev</string>
<string name="msg_kc_master_bad_err">Umikam slab certifikat za preklic zbirk ključev</string>
<string name="msg_kc_master_bad_local">Umikam certifikat za preklic zbirk ključev z oznako \"lokalno\"</string>
<string name="msg_kc_master_bad_time">Umikam certifikat za preklic zbirk ključev s časovno znamko v prihodnosti</string>
<string name="msg_kc_master_bad_type">Umikam certifikat glavnega ključa neznanega tipa (%s)</string>
<string name="msg_kc_master_bad">Umikam slab certifikat za preklic zbirk ključev</string>
<string name="msg_kc_revoke_dup">Umikam odvečen certifikat za preklic zbirk ključev</string>
<string name="msg_kc_sub">Obdelujem podključ %s</string>
<string name="msg_kc_sub_bad">Umikam neveljaven certifikat za povezovanje podključev</string>

View File

@ -669,12 +669,12 @@
<string name="msg_kc_error_master_algo">Главни кључ користи непознат алгоритам (%s)!</string>
<string name="msg_kc_error_dup_key">Поткључ %s се појављује два пута у привеску. Привезак је деформисан, не увозим!</string>
<string name="msg_kc_master">Обрађујем главни кључ</string>
<string name="msg_kc_revoke_bad_err">Уклањам лош сертификат опозива привеска</string>
<string name="msg_kc_revoke_bad_local">Уклањам сертификат опозива привеска са заставицом „локални“</string>
<string name="msg_kc_revoke_bad_time">Уклањам сертификат опозива привеска са временском ознаком у будућности</string>
<string name="msg_kc_revoke_bad_type">Уклањам сертификат главног кључа непознатог типа (%s)</string>
<string name="msg_kc_revoke_bad_type_uid">Уклањам сертификат корисничког ИД-а са погрешног места</string>
<string name="msg_kc_revoke_bad">Уклањам лош сертификат опозива привеска</string>
<string name="msg_kc_master_bad_err">Уклањам лош сертификат опозива привеска</string>
<string name="msg_kc_master_bad_local">Уклањам сертификат опозива привеска са заставицом „локални“</string>
<string name="msg_kc_master_bad_time">Уклањам сертификат опозива привеска са временском ознаком у будућности</string>
<string name="msg_kc_master_bad_type">Уклањам сертификат главног кључа непознатог типа (%s)</string>
<string name="msg_kc_master_bad_type_uid">Уклањам сертификат корисничког ИД-а са погрешног места</string>
<string name="msg_kc_master_bad">Уклањам лош сертификат опозива привеска</string>
<string name="msg_kc_revoke_dup">Уклањам сувишни сертификат опозива привеска</string>
<string name="msg_kc_sub">Обрађујем поткључ %s</string>
<string name="msg_kc_sub_bad">Уклањам неисправан повезујући сертификат поткључа</string>

View File

@ -571,10 +571,10 @@
<string name="msg_kc_error_v3">Den här nyckeln är skapad med OpenPGP version 3, vilken är en föråldrad version som inte längre stöds!</string>
<string name="msg_kc_error_master_algo">Den här huvudnyckeln använder en okänd (%s) algoritm!</string>
<string name="msg_kc_master">Bearbetar huvudnyckel</string>
<string name="msg_kc_revoke_bad_err">Tar bort dåligt återkallelsecertifikat för nyckelring</string>
<string name="msg_kc_revoke_bad_time">Tar bort återkallelsecertifikat för nyckelring med framtida tidstämpel</string>
<string name="msg_kc_revoke_bad_type">Tar bort huvudnyckelcertifikat av okänd typ (%s)</string>
<string name="msg_kc_revoke_bad">Tar bort dåligt återkallelsecertifikat för nyckelring</string>
<string name="msg_kc_master_bad_err">Tar bort dåligt återkallelsecertifikat för nyckelring</string>
<string name="msg_kc_master_bad_time">Tar bort återkallelsecertifikat för nyckelring med framtida tidstämpel</string>
<string name="msg_kc_master_bad_type">Tar bort huvudnyckelcertifikat av okänd typ (%s)</string>
<string name="msg_kc_master_bad">Tar bort dåligt återkallelsecertifikat för nyckelring</string>
<string name="msg_kc_revoke_dup">Tar bort överflödigt återkallelsecertifikat för nyckelring</string>
<string name="msg_kc_sub">Bearbetar undernyckel %s</string>
<string name="msg_kc_sub_no_cert">Inget giltigt certifikat hittades för %s, tar bort från nyckelring</string>

View File

@ -697,6 +697,7 @@
<string name="msg_is_subkey_nonexistent">"Subkey %s unavailable in secret key"</string>
<string name="msg_is_subkey_ok">"Marked secret subkey %s as available"</string>
<string name="msg_is_subkey_empty">"Marked secret subkey %s as available, with empty passphrase"</string>
<string name="msg_is_subkey_pin">"Marked secret subkey %s as available, with pin passphrase"</string>
<string name="msg_is_subkey_stripped">"Marked secret subkey %s as stripped"</string>
<string name="msg_is_subkey_divert">"Marked secret subkey %s as 'divert to smartcard/NFC'"</string>
<string name="msg_is_success_identical">"Keyring contains no new data, nothing to do"</string>
@ -710,13 +711,16 @@
<string name="msg_kc_error_master_algo">"The master key uses an unknown (%s) algorithm!"</string>
<string name="msg_kc_error_dup_key">"Subkey %s occurs twice in keyring. Keyring is malformed, not importing!"</string>
<string name="msg_kc_master">"Processing master key"</string>
<string name="msg_kc_revoke_bad_err">"Removing bad keyring revocation certificate"</string>
<string name="msg_kc_revoke_bad_local">"Removing keyring revocation certificate with "local" flag"</string>
<string name="msg_kc_revoke_bad_time">"Removing keyring revocation certificate with future timestamp"</string>
<string name="msg_kc_revoke_bad_type">"Removing master key certificate of unknown type (%s)"</string>
<string name="msg_kc_revoke_bad_type_uid">"Removing user ID certificate in bad position"</string>
<string name="msg_kc_revoke_bad">"Removing bad keyring revocation certificate"</string>
<string name="msg_kc_master_bad_type">"Removing master key certificate of unknown type (%s)"</string>
<string name="msg_kc_master_bad_local">"Removing master key certificate with "local" flag"</string>
<string name="msg_kc_master_bad_err">"Removing bad master key certificate"</string>
<string name="msg_kc_master_bad_time">"Removing keyring revocation certificate with future timestamp"</string>
<string name="msg_kc_master_bad_type_uid">"Removing user ID certificate in bad position"</string>
<string name="msg_kc_master_bad">"Removing bad master key certificate"</string>
<string name="msg_kc_master_local">"Removing master key certificate with "local" flag"</string>
<string name="msg_kc_revoke_dup">"Removing redundant keyring revocation certificate"</string>
<string name="msg_kc_notation_dup">"Removing redundant notation certificate"</string>
<string name="msg_kc_notation_empty">"Removing empty notation certificate"</string>
<string name="msg_kc_sub">"Processing subkey %s"</string>
<string name="msg_kc_sub_bad">"Removing invalid subkey binding certificate"</string>
<string name="msg_kc_sub_bad_err">"Removing bad subkey binding certificate"</string>
@ -800,7 +804,9 @@
<string name="msg_mf_error_pgp">"Internal PGP error!"</string>
<string name="msg_mf_error_sig">"Signature exception!"</string>
<string name="msg_mf_master">"Modifying master certifications"</string>
<string name="msg_mf_passphrase">"Changing passphrase for keyring…"</string>
<string name="msg_mf_notation_empty">"Adding empty notation packet"</string>
<string name="msg_mf_notation_pin">"Adding PIN notation packet"</string>
<string name="msg_mf_passphrase">"Changing passphrase for keyring"</string>
<string name="msg_mf_passphrase_key">"Re-encrypting subkey %s with new passphrase"</string>
<string name="msg_mf_passphrase_empty_retry">"Setting new passphrase failed, trying again with empty old passphrase"</string>
<string name="msg_mf_passphrase_fail">"Passphrase for subkey could not be changed! (Does it have a different one from the other keys?)"</string>
@ -853,6 +859,14 @@
<string name="msg_con_warn_delete_public">"Exception deleting public cache file"</string>
<string name="msg_con_warn_delete_secret">"Exception deleting secret cache file"</string>
<!-- Edit Key (higher level than modify) -->
<string name="msg_ed">"Performing key operation"</string>
<string name="msg_ed_caching_new">"Caching new passphrase"</string>
<string name="msg_ed_error_no_parcel">"Missing SaveKeyringParcel! (this is a bug, please report)"</string>
<string name="msg_ed_error_key_not_found">"Key not found!"</string>
<string name="msg_ed_fetching">"Fetching key to modify (%s)"</string>
<string name="msg_ed_success">"Key operation successful"</string>
<!-- Other messages used in OperationLogs -->
<string name="msg_ek_error_divert">"Editing of NFC keys is not (yet) supported!"</string>
<string name="msg_ek_error_dummy">"Cannot edit keyring with stripped master key!"</string>
@ -876,6 +890,7 @@
<string name="msg_dc_error_bad_passphrase">"Error unlocking key, bad passphrase!"</string>
<string name="msg_dc_error_extract_key">"Unknown error unlocking key!"</string>
<string name="msg_dc_error_integrity_check">"Integrity check error!"</string>
<string name="msg_dc_error_integrity_missing">"Missing integrity check! This can happen because the encrypting application is out of date, or from a downgrade attack."</string>
<string name="msg_dc_error_invalid_siglist">"No valid signature data found!"</string>
<string name="msg_dc_error_io">"Encountered IO Exception during operation!"</string>
<string name="msg_dc_error_no_data">"No encrypted data found in stream!"</string>
@ -927,6 +942,7 @@
<item quantity="one">"Certifying one user ID for key %2$s"</item>
<item quantity="other">"Certifying %1$d user IDs for key %2$s"</item>
</plurals>
<string name="msg_crt_error_self">"Cannot issue self-certificate like this!"</string>
<string name="msg_crt_error_master_not_found">"Master key not found!"</string>
<string name="msg_crt_error_nothing">"No keys certified!"</string>
<string name="msg_crt_error_unlock">"Error unlocking master key!"</string>
@ -975,6 +991,7 @@
<string name="msg_export_error_storage">"Storage is not ready for writing!"</string>
<string name="msg_export_error_db">"Database error!"</string>
<string name="msg_export_error_io">"Input/output error!"</string>
<string name="msg_export_error_key">"Error preprocessing key data!"</string>
<string name="msg_export_success">"Export operation successful"</string>
<string name="msg_del_error_empty">"Nothing to delete!"</string>
@ -1017,6 +1034,12 @@
<string name="passp_cache_notif_clear">"Clear Cache"</string>
<string name="passp_cache_notif_pwd">"Passphrase"</string>
<!-- First Time -->
<string name="first_time_text1">"Take back your privacy with OpenKeychain!"</string>
<string name="first_time_create_key">"Create my key"</string>
<string name="first_time_import_key">"Import from file"</string>
<string name="first_time_skip">"Skip Setup"</string>
<!-- unsorted -->
<string name="section_certifier_id">"Certifier"</string>
<string name="section_cert">"Certificate Details"</string>
@ -1047,12 +1070,7 @@
<string name="error_multi_not_supported">"Saving of multiple files not supported. This is a limitation on current Android."</string>
<string name="key_colon">"Key:"</string>
<string name="exchange_description">"To start a key exchange, choose the number of participants on the right side, then hit the “Start exchange” button.\n\nYou will be asked two more questions to make sure only the right participants are in the exchange and their fingerprints are correct."</string>
<!-- First Time -->
<string name="first_time_text1">"Take back your privacy with OpenKeychain!"</string>
<string name="first_time_create_key">"Create my key"</string>
<string name="first_time_import_key">"Import from file"</string>
<string name="first_time_skip">"Skip Setup"</string>
<string name="user_id_none"><![CDATA[<none>]]></string>
<!-- Passphrase wizard -->
<!-- TODO: rename all the things! -->

View File

@ -21,7 +21,7 @@ task wrapper(type: Wrapper) {
subprojects {
tasks.withType(Test) {
maxParallelForks = 5
maxParallelForks = 1
}
}

2
extern/spongycastle vendored

@ -1 +1 @@
Subproject commit 375084d55341b575274e49d9a69fa4cf9356682a
Subproject commit 1d9ee197d8fcc18dcdd1ae9649a5dc53e910b18c