mirror of
https://github.com/moparisthebest/open-keychain
synced 2024-11-27 19:22:14 -05:00
Dont accept signatures by expired or revoked subkeys
This commit is contained in:
parent
fd60d49d26
commit
bbbc45e4e9
@ -84,10 +84,6 @@ public class OpenPgpSignatureResultBuilder {
|
||||
this.mUserIds = userIds;
|
||||
}
|
||||
|
||||
public boolean isValidSignature() {
|
||||
return mValidSignature;
|
||||
}
|
||||
|
||||
public void initValid(CanonicalizedPublicKeyRing signingRing,
|
||||
CanonicalizedPublicKey signingKey) {
|
||||
setSignatureAvailable(true);
|
||||
|
@ -22,6 +22,7 @@ import android.content.Context;
|
||||
import android.webkit.MimeTypeMap;
|
||||
|
||||
import org.openintents.openpgp.OpenPgpMetadata;
|
||||
import org.openintents.openpgp.OpenPgpSignatureResult;
|
||||
import org.spongycastle.bcpg.ArmoredInputStream;
|
||||
import org.spongycastle.openpgp.PGPCompressedData;
|
||||
import org.spongycastle.openpgp.PGPEncryptedData;
|
||||
@ -332,7 +333,10 @@ public class PgpDecryptVerify extends BaseOperation {
|
||||
}
|
||||
signatureResultBuilder.setValidSignature(validSignature);
|
||||
|
||||
if (!signatureResultBuilder.isValidSignature()) {
|
||||
OpenPgpSignatureResult signatureResult = signatureResultBuilder.build();
|
||||
|
||||
if (signatureResult.getStatus() != OpenPgpSignatureResult.SIGNATURE_SUCCESS_CERTIFIED
|
||||
|| signatureResult.getStatus() != OpenPgpSignatureResult.SIGNATURE_SUCCESS_UNCERTIFIED) {
|
||||
log.add(LogType.MSG_VL_ERROR_INTEGRITY_CHECK, indent);
|
||||
return new DecryptVerifyResult(DecryptVerifyResult.RESULT_ERROR, log);
|
||||
}
|
||||
@ -344,7 +348,7 @@ public class PgpDecryptVerify extends BaseOperation {
|
||||
// Return a positive result, with metadata and verification info
|
||||
DecryptVerifyResult result =
|
||||
new DecryptVerifyResult(DecryptVerifyResult.RESULT_OK, log);
|
||||
result.setSignatureResult(signatureResultBuilder.build());
|
||||
result.setSignatureResult(signatureResult);
|
||||
return result;
|
||||
}
|
||||
|
||||
@ -773,6 +777,8 @@ public class PgpDecryptVerify extends BaseOperation {
|
||||
metadata = null;
|
||||
}
|
||||
|
||||
OpenPgpSignatureResult signatureResult = signatureResultBuilder.build();
|
||||
|
||||
if (encryptedData.isIntegrityProtected()) {
|
||||
updateProgress(R.string.progress_verifying_integrity, 95, 100);
|
||||
|
||||
@ -786,7 +792,8 @@ public class PgpDecryptVerify extends BaseOperation {
|
||||
// If no valid signature is present:
|
||||
// Handle missing integrity protection like failed integrity protection!
|
||||
// The MDC packet can be stripped by an attacker!
|
||||
if (!signatureResultBuilder.isValidSignature()) {
|
||||
if (signatureResult.getStatus() != OpenPgpSignatureResult.SIGNATURE_SUCCESS_CERTIFIED
|
||||
|| signatureResult.getStatus() != OpenPgpSignatureResult.SIGNATURE_SUCCESS_UNCERTIFIED) {
|
||||
log.add(LogType.MSG_DC_ERROR_INTEGRITY_CHECK, indent);
|
||||
return new DecryptVerifyResult(DecryptVerifyResult.RESULT_ERROR, log);
|
||||
}
|
||||
@ -800,7 +807,7 @@ public class PgpDecryptVerify extends BaseOperation {
|
||||
DecryptVerifyResult result =
|
||||
new DecryptVerifyResult(DecryptVerifyResult.RESULT_OK, log);
|
||||
result.setDecryptMetadata(metadata);
|
||||
result.setSignatureResult(signatureResultBuilder.build());
|
||||
result.setSignatureResult(signatureResult);
|
||||
return result;
|
||||
|
||||
}
|
||||
|
@ -30,6 +30,7 @@ import com.textuality.keybase.lib.Proof;
|
||||
import com.textuality.keybase.lib.prover.Prover;
|
||||
|
||||
import org.json.JSONObject;
|
||||
import org.openintents.openpgp.OpenPgpSignatureResult;
|
||||
import org.spongycastle.openpgp.PGPUtil;
|
||||
import org.sufficientlysecure.keychain.Constants;
|
||||
import org.sufficientlysecure.keychain.R;
|
||||
|
@ -362,7 +362,7 @@ public class ViewKeyTrustFragment extends LoaderFragment implements
|
||||
// Create a new Messenger for the communication back after proof work is done
|
||||
//
|
||||
KeychainIntentServiceHandler handler = new KeychainIntentServiceHandler(getActivity(),
|
||||
getString(R.string.progress_decrypting), ProgressDialog.STYLE_HORIZONTAL) {
|
||||
getString(R.string.progress_verifying_signature), ProgressDialog.STYLE_HORIZONTAL) {
|
||||
public void handleMessage(Message message) {
|
||||
// handle messages by standard KeychainIntentServiceHandler first
|
||||
super.handleMessage(message);
|
||||
|
Loading…
Reference in New Issue
Block a user