mirror of
https://github.com/moparisthebest/open-keychain
synced 2024-11-30 12:32:17 -05:00
check primary bindings
This commit is contained in:
parent
2b71b12b24
commit
bb0baa815e
Binary file not shown.
@ -33,7 +33,11 @@ import java.util.Iterator;
|
|||||||
|
|
||||||
import org.spongycastle.bcpg.ArmoredInputStream;
|
import org.spongycastle.bcpg.ArmoredInputStream;
|
||||||
import org.spongycastle.bcpg.ArmoredOutputStream;
|
import org.spongycastle.bcpg.ArmoredOutputStream;
|
||||||
|
import org.spongycastle.bcpg.BCPGInputStream;
|
||||||
import org.spongycastle.bcpg.BCPGOutputStream;
|
import org.spongycastle.bcpg.BCPGOutputStream;
|
||||||
|
|
||||||
|
import org.spongycastle.bcpg.SignaturePacket;
|
||||||
|
|
||||||
import org.spongycastle.bcpg.SignatureSubpacket;
|
import org.spongycastle.bcpg.SignatureSubpacket;
|
||||||
import org.spongycastle.bcpg.SignatureSubpacketTags;
|
import org.spongycastle.bcpg.SignatureSubpacketTags;
|
||||||
import org.spongycastle.openpgp.PGPCompressedData;
|
import org.spongycastle.openpgp.PGPCompressedData;
|
||||||
@ -892,7 +896,11 @@ public class PgpOperation {
|
|||||||
|
|
||||||
boolean sig_isok = signature.verify();
|
boolean sig_isok = signature.verify();
|
||||||
|
|
||||||
//We should only do the next part if the singing key was a subkey - not the master key!
|
//Now check binding signatures
|
||||||
|
boolean subkeyBinding_isok = false;
|
||||||
|
boolean tmp_subkeyBinding_isok = false;
|
||||||
|
boolean primkeyBinding_isok = false;
|
||||||
|
|
||||||
signatureKeyId = signature.getKeyID();
|
signatureKeyId = signature.getKeyID();
|
||||||
String userId = null;
|
String userId = null;
|
||||||
PGPPublicKeyRing signKeyRing = ProviderHelper.getPGPPublicKeyRingByKeyId(mContext,
|
PGPPublicKeyRing signKeyRing = ProviderHelper.getPGPPublicKeyRingByKeyId(mContext,
|
||||||
@ -901,11 +909,12 @@ public class PgpOperation {
|
|||||||
if (signKeyRing != null) {
|
if (signKeyRing != null) {
|
||||||
mKey = PgpKeyHelper.getMasterKey(signKeyRing);
|
mKey = PgpKeyHelper.getMasterKey(signKeyRing);
|
||||||
}
|
}
|
||||||
|
if (signature.getKeyID() != mKey.getKeyID()) {
|
||||||
Iterator<PGPSignature> itr = signatureKey.getSignatures();
|
Iterator<PGPSignature> itr = signatureKey.getSignatures();
|
||||||
|
|
||||||
boolean subkeyBinding_isok = false;
|
subkeyBinding_isok = false;
|
||||||
boolean tmp_subkeyBinding_isok = false;
|
tmp_subkeyBinding_isok = false;
|
||||||
boolean primkeyBinding_isok = false;
|
primkeyBinding_isok = false;
|
||||||
while (itr.hasNext()) { //what does gpg do if the subkey binding is wrong?
|
while (itr.hasNext()) { //what does gpg do if the subkey binding is wrong?
|
||||||
//gpg has an invalid subkey binding error on key import I think, but doesn't shout
|
//gpg has an invalid subkey binding error on key import I think, but doesn't shout
|
||||||
//about keys without subkey signing. Can't get it to import a slightly broken one
|
//about keys without subkey signing. Can't get it to import a slightly broken one
|
||||||
@ -920,20 +929,26 @@ public class PgpOperation {
|
|||||||
if (tmp_subkeyBinding_isok) {
|
if (tmp_subkeyBinding_isok) {
|
||||||
PGPSignatureSubpacketVector hPkts = sig.getHashedSubPackets();
|
PGPSignatureSubpacketVector hPkts = sig.getHashedSubPackets();
|
||||||
PGPSignatureSubpacketVector uhPkts = sig.getUnhashedSubPackets();
|
PGPSignatureSubpacketVector uhPkts = sig.getUnhashedSubPackets();
|
||||||
if (hPkts.hasSubpacket(SignatureSubpacketTags.EMBEDDED_SIGNATURE)) {
|
|
||||||
SignatureSubpacket[] subsigpkts = hPkts.getSubpackets(SignatureSubpacketTags.EMBEDDED_SIGNATURE);
|
|
||||||
PGPSignature[] vals = new PGPSignature[subsigpkts.length];
|
|
||||||
for (int i = 0; i < subsigpkts.length; i++)
|
|
||||||
{
|
|
||||||
vals[i] = (PGPSignature)subsigpkts[i];
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (uhPkts.hasSubpacket(SignatureSubpacketTags.EMBEDDED_SIGNATURE)) {
|
if (uhPkts.hasSubpacket(SignatureSubpacketTags.EMBEDDED_SIGNATURE)) {
|
||||||
|
PGPSignatureList eSigList = uhPkts.getEmbeddedSignatures();
|
||||||
|
for (int j = 0; j < eSigList.size(); ++j) {
|
||||||
|
PGPSignature emSig = eSigList.get(j);
|
||||||
|
emSig.init(contentVerifierBuilderProvider, signatureKey);
|
||||||
|
primkeyBinding_isok = emSig.verifyCertification(mKey, signatureKey);
|
||||||
|
if (primkeyBinding_isok)
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (hPkts.hasSubpacket(SignatureSubpacketTags.EMBEDDED_SIGNATURE)) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
returnData.putBoolean(KeychainIntentService.RESULT_SIGNATURE_SUCCESS, sig_isok & subkeyBinding_isok);
|
} else { //if the key used to make the signature was the master key, no need to check binding sigs
|
||||||
|
subkeyBinding_isok = true;
|
||||||
|
primkeyBinding_isok = true;
|
||||||
|
}
|
||||||
|
returnData.putBoolean(KeychainIntentService.RESULT_SIGNATURE_SUCCESS, sig_isok & subkeyBinding_isok & primkeyBinding_isok);
|
||||||
|
|
||||||
updateProgress(R.string.progress_done, 100, 100);
|
updateProgress(R.string.progress_done, 100, 100);
|
||||||
return returnData;
|
return returnData;
|
||||||
|
Loading…
Reference in New Issue
Block a user