mirror of
https://github.com/moparisthebest/open-keychain
synced 2024-11-24 09:42:16 -05:00
experimental cert import
This commit is contained in:
parent
74f8ec0365
commit
ba7613dc34
@ -19,6 +19,7 @@ package org.sufficientlysecure.keychain.provider;
|
|||||||
|
|
||||||
import java.io.ByteArrayOutputStream;
|
import java.io.ByteArrayOutputStream;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
import java.security.SignatureException;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
@ -27,12 +28,14 @@ import java.util.Date;
|
|||||||
import org.spongycastle.bcpg.ArmoredOutputStream;
|
import org.spongycastle.bcpg.ArmoredOutputStream;
|
||||||
import org.spongycastle.bcpg.UserAttributePacket;
|
import org.spongycastle.bcpg.UserAttributePacket;
|
||||||
import org.spongycastle.bcpg.UserAttributeSubpacket;
|
import org.spongycastle.bcpg.UserAttributeSubpacket;
|
||||||
|
import org.spongycastle.openpgp.PGPException;
|
||||||
import org.spongycastle.openpgp.PGPKeyRing;
|
import org.spongycastle.openpgp.PGPKeyRing;
|
||||||
import org.spongycastle.openpgp.PGPPublicKey;
|
import org.spongycastle.openpgp.PGPPublicKey;
|
||||||
import org.spongycastle.openpgp.PGPPublicKeyRing;
|
import org.spongycastle.openpgp.PGPPublicKeyRing;
|
||||||
import org.spongycastle.openpgp.PGPSecretKey;
|
import org.spongycastle.openpgp.PGPSecretKey;
|
||||||
import org.spongycastle.openpgp.PGPSecretKeyRing;
|
import org.spongycastle.openpgp.PGPSecretKeyRing;
|
||||||
import org.spongycastle.openpgp.PGPSignature;
|
import org.spongycastle.openpgp.PGPSignature;
|
||||||
|
import org.spongycastle.openpgp.operator.jcajce.JcaPGPContentVerifierBuilderProvider;
|
||||||
import org.sufficientlysecure.keychain.Constants;
|
import org.sufficientlysecure.keychain.Constants;
|
||||||
import org.sufficientlysecure.keychain.pgp.PgpConversionHelper;
|
import org.sufficientlysecure.keychain.pgp.PgpConversionHelper;
|
||||||
import org.sufficientlysecure.keychain.pgp.PgpHelper;
|
import org.sufficientlysecure.keychain.pgp.PgpHelper;
|
||||||
@ -41,6 +44,7 @@ import org.sufficientlysecure.keychain.provider.KeychainContract.ApiApps;
|
|||||||
import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
|
import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
|
||||||
import org.sufficientlysecure.keychain.provider.KeychainContract.Keys;
|
import org.sufficientlysecure.keychain.provider.KeychainContract.Keys;
|
||||||
import org.sufficientlysecure.keychain.provider.KeychainContract.UserIds;
|
import org.sufficientlysecure.keychain.provider.KeychainContract.UserIds;
|
||||||
|
import org.sufficientlysecure.keychain.provider.KeychainContract.Certs;
|
||||||
import org.sufficientlysecure.keychain.provider.KeychainDatabase.Tables;
|
import org.sufficientlysecure.keychain.provider.KeychainDatabase.Tables;
|
||||||
import org.sufficientlysecure.keychain.service.remote.AppSettings;
|
import org.sufficientlysecure.keychain.service.remote.AppSettings;
|
||||||
import org.sufficientlysecure.keychain.util.IterableIterator;
|
import org.sufficientlysecure.keychain.util.IterableIterator;
|
||||||
@ -214,19 +218,50 @@ public class ProviderHelper {
|
|||||||
++rank;
|
++rank;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// get a list of owned secret keys, for verification filtering
|
||||||
|
Map<Long, PGPKeyRing> allKeyRings = getPGPKeyRings(context, KeyRings.buildPublicKeyRingsUri());
|
||||||
|
|
||||||
int userIdRank = 0;
|
int userIdRank = 0;
|
||||||
for (String userId : new IterableIterator<String>(masterKey.getUserIDs())) {
|
for (String userId : new IterableIterator<String>(masterKey.getUserIDs())) {
|
||||||
operations.add(buildPublicUserIdOperations(context, keyRingRowId, userId, userIdRank));
|
operations.add(buildPublicUserIdOperations(context, keyRingRowId, userId, userIdRank));
|
||||||
|
|
||||||
|
// look through signatures for this specific key
|
||||||
|
for (PGPSignature cert : new IterableIterator<PGPSignature>(
|
||||||
|
masterKey.getSignaturesForID(userId))) {
|
||||||
|
long certId = cert.getKeyID();
|
||||||
|
boolean verified = false;
|
||||||
|
// only care for signatures from our own private keys
|
||||||
|
if(allKeyRings.containsKey(certId)) try {
|
||||||
|
// mark them as verified
|
||||||
|
cert.init(new JcaPGPContentVerifierBuilderProvider().setProvider("SC"), allKeyRings.get(certId).getPublicKey());
|
||||||
|
verified = cert.verifyCertification(userId, masterKey);
|
||||||
|
// TODO: at this point, we only save signatures from available secret keys.
|
||||||
|
// should we save all? those are quite a lot of rows for info we don't really
|
||||||
|
// use. I left it out for now - it is available from key servers, so we can
|
||||||
|
// always get it later.
|
||||||
|
Log.d(Constants.TAG, "sig for " + userId + " " + verified + " from "
|
||||||
|
+ PgpKeyHelper.convertKeyIdToHex(cert.getKeyID())
|
||||||
|
);
|
||||||
|
operations.add(buildPublicCertOperations(
|
||||||
|
context, keyRingRowId, userIdRank, masterKey.getKeyID(), cert, verified));
|
||||||
|
} catch(SignatureException e) {
|
||||||
|
Log.e(Constants.TAG, "Signature verification failed.", e);
|
||||||
|
} catch(PGPException e) {
|
||||||
|
Log.e(Constants.TAG, "Signature verification failed.", e);
|
||||||
|
} else {
|
||||||
|
Log.d(Constants.TAG, "ignored sig for "
|
||||||
|
+ PgpKeyHelper.convertKeyIdToHex(masterKey.getKeyID())
|
||||||
|
+ " from "
|
||||||
|
+ PgpKeyHelper.convertKeyIdToHex(cert.getKeyID())
|
||||||
|
);
|
||||||
|
}
|
||||||
|
// if we wanted to save all, not just our own verifications
|
||||||
|
// buildPublicCertOperations(context, keyRingRowId, rank, cert, verified);
|
||||||
|
}
|
||||||
|
|
||||||
++userIdRank;
|
++userIdRank;
|
||||||
}
|
}
|
||||||
|
|
||||||
for (PGPSignature certification : new IterableIterator<PGPSignature>(masterKey.getSignaturesOfType(PGPSignature.POSITIVE_CERTIFICATION))) {
|
|
||||||
//TODO: how to do this?? we need to verify the signatures again and again when they are displayed...
|
|
||||||
// if (certification.verify
|
|
||||||
// operations.add(buildPublicKeyOperations(context, keyRingRowId, key, rank));
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
try {
|
try {
|
||||||
context.getContentResolver().applyBatch(KeychainContract.CONTENT_AUTHORITY, operations);
|
context.getContentResolver().applyBatch(KeychainContract.CONTENT_AUTHORITY, operations);
|
||||||
} catch (RemoteException e) {
|
} catch (RemoteException e) {
|
||||||
|
Loading…
Reference in New Issue
Block a user