moparisthebest/open-keychain
1
0
Fork 0
mirror of https://github.com/moparisthebest/open-keychain synced 2025-02-21 05:11:45 -05:00
Code Issues Releases Wiki Activity

actually import user attributes (though they are not shown anywhere yet)

Browse Source
This commit is contained in:
Vincent Breitmoser 2015-01-14 00:00:04 +01:00
parent 2b1c5358b7
commit c57355b24a
8 changed files with 202 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java
View File

@ -343,6 +343,18 @@ public abstract class OperationResult implements Parcelable {
MSG_IP_UID_REORDER(LogLevel.DEBUG, R.string.msg_ip_uid_reorder), MSG_IP_UID_REORDER(LogLevel.DEBUG, R.string.msg_ip_uid_reorder),
MSG_IP_UID_PROCESSING (LogLevel.DEBUG, R.string.msg_ip_uid_processing), MSG_IP_UID_PROCESSING (LogLevel.DEBUG, R.string.msg_ip_uid_processing),
MSG_IP_UID_REVOKED (LogLevel.DEBUG, R.string.msg_ip_uid_revoked), MSG_IP_UID_REVOKED (LogLevel.DEBUG, R.string.msg_ip_uid_revoked),
MSG_IP_UAT_CLASSIFYING (LogLevel.DEBUG, R.string.msg_ip_uat_classifying),
MSG_IP_UAT_PROCESSING_IMAGE (LogLevel.DEBUG, R.string.msg_ip_uat_processing_image),
MSG_IP_UAT_PROCESSING_UNKNOWN (LogLevel.DEBUG, R.string.msg_ip_uat_processing_unknown),
MSG_IP_UAT_REVOKED (LogLevel.DEBUG, R.string.msg_ip_uat_revoked),
MSG_IP_UAT_CERT_BAD (LogLevel.WARN, R.string.msg_ip_uat_cert_bad),
MSG_IP_UAT_CERT_OLD (LogLevel.DEBUG, R.string.msg_ip_uat_cert_old),
MSG_IP_UAT_CERT_NONREVOKE (LogLevel.DEBUG, R.string.msg_ip_uat_cert_nonrevoke),
MSG_IP_UAT_CERT_NEW (LogLevel.DEBUG, R.string.msg_ip_uat_cert_new),
MSG_IP_UAT_CERT_ERROR (LogLevel.WARN, R.string.msg_ip_uat_cert_error),
MSG_IP_UAT_CERTS_UNKNOWN (LogLevel.DEBUG, R.plurals.msg_ip_uat_certs_unknown),
MSG_IP_UAT_CERT_GOOD_REVOKE (LogLevel.DEBUG, R.string.msg_ip_uat_cert_good_revoke),
MSG_IP_UAT_CERT_GOOD (LogLevel.DEBUG, R.string.msg_ip_uat_cert_good),
// import secret // import secret
MSG_IS(LogLevel.START, R.string.msg_is), MSG_IS(LogLevel.START, R.string.msg_is),

2
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
View File

@ -531,7 +531,7 @@ public class PgpKeyOperation {
WrappedUserAttribute attribute = saveParcel.mAddUserAttribute.get(i); WrappedUserAttribute attribute = saveParcel.mAddUserAttribute.get(i);
switch (attribute.getType()) { switch (attribute.getType()) {
case WrappedUserAttribute.UAT_UNKNOWN: case WrappedUserAttribute.UAT_NONE:
log.add(LogType.MSG_MF_UAT_ADD_UNKNOWN, indent); log.add(LogType.MSG_MF_UAT_ADD_UNKNOWN, indent);
break; break;
case WrappedUserAttribute.UAT_IMAGE: case WrappedUserAttribute.UAT_IMAGE:

30
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedPublicKey.java
View File

@ -24,6 +24,7 @@ import org.spongycastle.bcpg.sig.KeyFlags;
import org.spongycastle.openpgp.PGPPublicKey; import org.spongycastle.openpgp.PGPPublicKey;
import org.spongycastle.openpgp.PGPSignature; import org.spongycastle.openpgp.PGPSignature;
import org.spongycastle.openpgp.PGPSignatureSubpacketVector; import org.spongycastle.openpgp.PGPSignatureSubpacketVector;
import org.spongycastle.openpgp.PGPUserAttributeSubpacketVector;
import org.spongycastle.openpgp.operator.jcajce.JcaPGPContentVerifierBuilderProvider; import org.spongycastle.openpgp.operator.jcajce.JcaPGPContentVerifierBuilderProvider;
import org.sufficientlysecure.keychain.Constants; import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.util.IterableIterator; import org.sufficientlysecure.keychain.util.IterableIterator;
@ -215,6 +216,15 @@ public class UncachedPublicKey {
return userIds; return userIds;
} }
public ArrayList<WrappedUserAttribute> getUnorderedUserAttributes() {
ArrayList<WrappedUserAttribute> userAttributes = new ArrayList<WrappedUserAttribute>();
for (PGPUserAttributeSubpacketVector userAttribute :
new IterableIterator<PGPUserAttributeSubpacketVector>(mPublicKey.getUserAttributes())) {
userAttributes.add(new WrappedUserAttribute(userAttribute));
}
return userAttributes;
}
public boolean isElGamalEncrypt() { public boolean isElGamalEncrypt() {
return getAlgorithm() == PGPPublicKey.ELGAMAL_ENCRYPT; return getAlgorithm() == PGPPublicKey.ELGAMAL_ENCRYPT;
} }
@ -270,6 +280,25 @@ public class UncachedPublicKey {
} }
} }
public Iterator<WrappedSignature> getSignaturesForUserAttribute(WrappedUserAttribute attribute) {
final Iterator<PGPSignature> it = mPublicKey.getSignaturesForUserAttribute(attribute.getVector());
if (it != null) {
return new Iterator<WrappedSignature>() {
public void remove() {
it.remove();
}
public WrappedSignature next() {
return new WrappedSignature(it.next());
}
public boolean hasNext() {
return it.hasNext();
}
};
} else {
return null;
}
}
/** Get all key usage flags. /** Get all key usage flags.
* If at least one key flag subpacket is present return these. If no * If at least one key flag subpacket is present return these. If no
* subpacket is present it returns null. * subpacket is present it returns null.
@ -299,4 +328,5 @@ public class UncachedPublicKey {
} }
return mCacheUsage; return mCacheUsage;
} }
} }

3
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/WrappedSignature.java
View File

@ -214,6 +214,9 @@ public class WrappedSignature {
public boolean verifySignature(CanonicalizedPublicKey key, String uid) throws PgpGeneralException { public boolean verifySignature(CanonicalizedPublicKey key, String uid) throws PgpGeneralException {
return verifySignature(key.getPublicKey(), uid); return verifySignature(key.getPublicKey(), uid);
} }
public boolean verifySignature(UncachedPublicKey key, WrappedUserAttribute attribute) throws PgpGeneralException {
return verifySignature(key.getPublicKey(), attribute.getVector());
}
public static WrappedSignature fromBytes(byte[] data) { public static WrappedSignature fromBytes(byte[] data) {
PGPObjectFactory factory = new PGPObjectFactory(data); PGPObjectFactory factory = new PGPObjectFactory(data);

21
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/WrappedUserAttribute.java
View File

@ -33,7 +33,7 @@ import java.io.Serializable;
public class WrappedUserAttribute implements Serializable { public class WrappedUserAttribute implements Serializable {
public static final int UAT_UNKNOWN = 0; public static final int UAT_NONE = 0;
public static final int UAT_IMAGE = UserAttributeSubpacketTags.IMAGE_ATTRIBUTE; public static final int UAT_IMAGE = UserAttributeSubpacketTags.IMAGE_ATTRIBUTE;
private PGPUserAttributeSubpacketVector mVector; private PGPUserAttributeSubpacketVector mVector;
@ -47,8 +47,9 @@ public class WrappedUserAttribute implements Serializable {
} }
public int getType() { public int getType() {
if (mVector.getSubpacket(UserAttributeSubpacketTags.IMAGE_ATTRIBUTE) != null) { UserAttributeSubpacket[] subpackets = mVector.toSubpacketArray();
return UAT_IMAGE; if (subpackets.length > 0) {
return subpackets[0].getType();
} }
return 0; return 0;
} }
@ -62,6 +63,20 @@ public class WrappedUserAttribute implements Serializable {
} }
public byte[] getEncoded () throws IOException {
UserAttributeSubpacket[] subpackets = mVector.toSubpacketArray();
ByteArrayOutputStream out = new ByteArrayOutputStream();
for (UserAttributeSubpacket subpacket : subpackets) {
subpacket.encode(out);
}
return out.toByteArray();
}
public static WrappedUserAttribute fromData (byte[] data) {
// TODO
return null;
}
/** Writes this object to an ObjectOutputStream. */ /** Writes this object to an ObjectOutputStream. */
private void writeObject(java.io.ObjectOutputStream out) throws IOException { private void writeObject(java.io.ObjectOutputStream out) throws IOException {

4
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/KeychainProvider.java
View File

@ -486,10 +486,12 @@ public class KeychainProvider extends ContentProvider {
// for now, we only respect user ids here, so TYPE must be NULL // for now, we only respect user ids here, so TYPE must be NULL
// TODO expand with KEY_RING_USER_PACKETS query type which lifts this restriction // TODO expand with KEY_RING_USER_PACKETS query type which lifts this restriction
qb.appendWhere(Tables.USER_PACKETS + "." + UserPackets.TYPE + " IS NULL AND "); qb.appendWhere(Tables.USER_PACKETS + "." + UserPackets.TYPE + " IS NULL");
// If we are searching for a particular keyring's ids, add where // If we are searching for a particular keyring's ids, add where
if (match == KEY_RING_USER_IDS) { if (match == KEY_RING_USER_IDS) {
// TODO remove with the thing above
qb.appendWhere(" AND ");
qb.appendWhere(Tables.USER_PACKETS + "." + UserPackets.MASTER_KEY_ID + " = "); qb.appendWhere(Tables.USER_PACKETS + "." + UserPackets.MASTER_KEY_ID + " = ");
qb.appendWhereEscapeString(uri.getPathSegments().get(1)); qb.appendWhereEscapeString(uri.getPathSegments().get(1));
} }

129
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java
View File

@ -31,6 +31,7 @@ import android.support.v4.util.LongSparseArray;
import org.sufficientlysecure.keychain.Constants; import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.R; import org.sufficientlysecure.keychain.R;
import org.sufficientlysecure.keychain.operations.results.ImportKeyResult; import org.sufficientlysecure.keychain.operations.results.ImportKeyResult;
import org.sufficientlysecure.keychain.pgp.WrappedUserAttribute;
import org.sufficientlysecure.keychain.provider.KeychainContract.UserPackets; import org.sufficientlysecure.keychain.provider.KeychainContract.UserPackets;
import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils; import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
import org.sufficientlysecure.keychain.util.ParcelableFileCache.IteratorWithSize; import org.sufficientlysecure.keychain.util.ParcelableFileCache.IteratorWithSize;
@ -439,18 +440,18 @@ public class ProviderHelper {
// classify and order user ids. primary are moved to the front, revoked to the back, // classify and order user ids. primary are moved to the front, revoked to the back,
// otherwise the order in the keyfile is preserved. // otherwise the order in the keyfile is preserved.
List<UserPacketItem> uids = new ArrayList<UserPacketItem>();
if (trustedKeys.size() == 0) { if (trustedKeys.size() == 0) {
log(LogType.MSG_IP_UID_CLASSIFYING_ZERO); log(LogType.MSG_IP_UID_CLASSIFYING_ZERO);
} else { } else {
log(LogType.MSG_IP_UID_CLASSIFYING, trustedKeys.size()); log(LogType.MSG_IP_UID_CLASSIFYING, trustedKeys.size());
} }
mIndent += 1; mIndent += 1;
List<UserIdItem> uids = new ArrayList<UserIdItem>(); for (byte[] rawUserId : masterKey.getUnorderedRawUserIds()) {
for (byte[] rawUserId : new IterableIterator<byte[]>(
masterKey.getUnorderedRawUserIds().iterator())) {
String userId = Utf8Util.fromUTF8ByteArrayReplaceBadEncoding(rawUserId); String userId = Utf8Util.fromUTF8ByteArrayReplaceBadEncoding(rawUserId);
UserIdItem item = new UserIdItem(); UserPacketItem item = new UserPacketItem();
uids.add(item); uids.add(item);
item.userId = userId; item.userId = userId;
@ -533,6 +534,105 @@ public class ProviderHelper {
} }
mIndent -= 1; mIndent -= 1;
ArrayList<WrappedUserAttribute> userAttributes = masterKey.getUnorderedUserAttributes();
// Don't spam the log if there aren't even any attributes
if ( ! userAttributes.isEmpty()) {
log(LogType.MSG_IP_UAT_CLASSIFYING);
}
mIndent += 1;
for (WrappedUserAttribute userAttribute : userAttributes) {
UserPacketItem item = new UserPacketItem();
uids.add(item);
item.type = userAttribute.getType();
item.attributeData = userAttribute.getEncoded();
int unknownCerts = 0;
switch (item.type) {
case WrappedUserAttribute.UAT_IMAGE:
log(LogType.MSG_IP_UAT_PROCESSING_IMAGE);
break;
default:
log(LogType.MSG_IP_UAT_PROCESSING_UNKNOWN);
break;
}
mIndent += 1;
// look through signatures for this specific key
for (WrappedSignature cert : new IterableIterator<WrappedSignature>(
masterKey.getSignaturesForUserAttribute(userAttribute))) {
long certId = cert.getKeyId();
// self signature
if (certId == masterKeyId) {
// NOTE self-certificates are already verified during canonicalization,
// AND we know there is at most one cert plus at most one revocation
if (!cert.isRevocation()) {
item.selfCert = cert;
} else {
item.isRevoked = true;
log(LogType.MSG_IP_UAT_REVOKED);
}
continue;
}
// do we have a trusted key for this?
if (trustedKeys.indexOfKey(certId) < 0) {
unknownCerts += 1;
continue;
}
// verify signatures from known private keys
CanonicalizedPublicKey trustedKey = trustedKeys.get(certId);
try {
cert.init(trustedKey);
// if it doesn't certify, leave a note and skip
if ( ! cert.verifySignature(masterKey, userAttribute)) {
log(LogType.MSG_IP_UAT_CERT_BAD);
continue;
}
log(cert.isRevocation()
? LogType.MSG_IP_UAT_CERT_GOOD_REVOKE
: LogType.MSG_IP_UAT_CERT_GOOD,
KeyFormattingUtils.convertKeyIdToHexShort(trustedKey.getKeyId())
);
// check if there is a previous certificate
WrappedSignature prev = item.trustedCerts.get(cert.getKeyId());
if (prev != null) {
// if it's newer, skip this one
if (prev.getCreationTime().after(cert.getCreationTime())) {
log(LogType.MSG_IP_UAT_CERT_OLD);
continue;
}
// if the previous one was a non-revokable certification, no need to look further
if (!prev.isRevocation() && !prev.isRevokable()) {
log(LogType.MSG_IP_UAT_CERT_NONREVOKE);
continue;
}
log(LogType.MSG_IP_UAT_CERT_NEW);
}
item.trustedCerts.put(cert.getKeyId(), cert);
} catch (PgpGeneralException e) {
log(LogType.MSG_IP_UAT_CERT_ERROR,
KeyFormattingUtils.convertKeyIdToHex(cert.getKeyId()));
}
}
if (unknownCerts > 0) {
log(LogType.MSG_IP_UAT_CERTS_UNKNOWN, unknownCerts);
}
mIndent -= 1;
}
mIndent -= 1;
progress.setProgress(LogType.MSG_IP_UID_REORDER.getMsgId(), 65, 100); progress.setProgress(LogType.MSG_IP_UID_REORDER.getMsgId(), 65, 100);
log(LogType.MSG_IP_UID_REORDER); log(LogType.MSG_IP_UID_REORDER);
// primary before regular before revoked (see UserIdItem.compareTo) // primary before regular before revoked (see UserIdItem.compareTo)
@ -540,7 +640,7 @@ public class ProviderHelper {
Collections.sort(uids); Collections.sort(uids);
// iterate and put into db // iterate and put into db
for (int userIdRank = 0; userIdRank < uids.size(); userIdRank++) { for (int userIdRank = 0; userIdRank < uids.size(); userIdRank++) {
UserIdItem item = uids.get(userIdRank); UserPacketItem item = uids.get(userIdRank);
operations.add(buildUserIdOperations(masterKeyId, item, userIdRank)); operations.add(buildUserIdOperations(masterKeyId, item, userIdRank));
if (item.selfCert != null) { if (item.selfCert != null) {
// TODO get rid of "self verified" status? this cannot even happen anymore! // TODO get rid of "self verified" status? this cannot even happen anymore!
@ -605,15 +705,23 @@ public class ProviderHelper {
} }
private static class UserIdItem implements Comparable<UserIdItem> { private static class UserPacketItem implements Comparable<UserPacketItem> {
Integer type;
String userId; String userId;
byte[] attributeData;
boolean isPrimary = false; boolean isPrimary = false;
boolean isRevoked = false; boolean isRevoked = false;
WrappedSignature selfCert; WrappedSignature selfCert;
LongSparseArray<WrappedSignature> trustedCerts = new LongSparseArray<WrappedSignature>(); LongSparseArray<WrappedSignature> trustedCerts = new LongSparseArray<WrappedSignature>();
@Override @Override
public int compareTo(UserIdItem o) { public int compareTo(UserPacketItem o) {
// if one is a user id, but the other isn't, the user id always comes first.
// we compare for null values here, so != is the correct operator!
// noinspection NumberEquality
if (type != o.type) {
return type == null ? -1 : 1;
}
// if one key is primary but the other isn't, the primary one always comes first // if one key is primary but the other isn't, the primary one always comes first
if (isPrimary != o.isPrimary) { if (isPrimary != o.isPrimary) {
return isPrimary ? -1 : 1; return isPrimary ? -1 : 1;
@ -1234,16 +1342,15 @@ public class ProviderHelper {
* Build ContentProviderOperation to add PublicUserIds to database corresponding to a keyRing * Build ContentProviderOperation to add PublicUserIds to database corresponding to a keyRing
*/ */
private ContentProviderOperation private ContentProviderOperation
buildUserIdOperations(long masterKeyId, UserIdItem item, int rank) { buildUserIdOperations(long masterKeyId, UserPacketItem item, int rank) {
ContentValues values = new ContentValues(); ContentValues values = new ContentValues();
values.put(UserPackets.MASTER_KEY_ID, masterKeyId); values.put(UserPackets.MASTER_KEY_ID, masterKeyId);
values.put(UserPackets.TYPE, item.type);
values.put(UserPackets.USER_ID, item.userId); values.put(UserPackets.USER_ID, item.userId);
values.put(UserPackets.ATTRIBUTE_DATA, item.attributeData);
values.put(UserPackets.IS_PRIMARY, item.isPrimary); values.put(UserPackets.IS_PRIMARY, item.isPrimary);
values.put(UserPackets.IS_REVOKED, item.isRevoked); values.put(UserPackets.IS_REVOKED, item.isRevoked);
values.put(UserPackets.RANK, rank); values.put(UserPackets.RANK, rank);
// we explicitly set these to null here, to indicate that this is a user id, not an attribute
values.put(UserPackets.TYPE, (String) null);
values.put(UserPackets.ATTRIBUTE_DATA, (String) null);
Uri uri = UserPackets.buildUserIdsUri(masterKeyId); Uri uri = UserPackets.buildUserIdsUri(masterKeyId);

17
OpenKeychain/src/main/res/values/strings.xml
View File

@ -683,6 +683,23 @@
<string name="msg_ip_uid_reorder">"Re-ordering user IDs"</string> <string name="msg_ip_uid_reorder">"Re-ordering user IDs"</string>
<string name="msg_ip_uid_processing">"Processing user ID %s"</string> <string name="msg_ip_uid_processing">"Processing user ID %s"</string>
<string name="msg_ip_uid_revoked">"User ID is revoked"</string> <string name="msg_ip_uid_revoked">"User ID is revoked"</string>
<string name="msg_ip_uat_processing_image">"Processing user attribute of type image"</string>
<string name="msg_ip_uat_processing_unknown">"Processing user attribute of unknown type"</string>
<string name="msg_ip_uat_cert_bad">"Encountered bad certificate!"</string>
<string name="msg_ip_uat_cert_error">"Error processing certificate!"</string>
<string name="msg_ip_uat_cert_nonrevoke">"Already have a non-revokable certificate, skipping."</string>
<string name="msg_ip_uat_cert_old">"Certificate is older than previous, skipping."</string>
<string name="msg_ip_uat_cert_new">"Certificate is more recent, replacing previous."</string>
<string name="msg_ip_uat_cert_good">"Found good certificate by %1$s"</string>
<string name="msg_ip_uat_cert_good_revoke">"Found good certificate revocation by %1$s"</string>
<plurals name="msg_ip_uat_certs_unknown">
<item quantity="one">"Ignoring one certificate issued by an unknown public key"</item>
<item quantity="other">"Ignoring %s certificates issued by unknown public keys"</item>
</plurals>
<string name="msg_ip_uat_classifying">"Classifying user attributes"</string>
<string name="msg_ip_uat_revoked">"User attribute is revoked"</string>
<string name="msg_is_bad_type_public">"Tried to import public keyring as secret. This is a bug, please file a report!"</string> <string name="msg_is_bad_type_public">"Tried to import public keyring as secret. This is a bug, please file a report!"</string>
<string name="msg_is_bad_type_uncanon">"Tried to import a keyring without canonicalization. This is a bug, please file a report!"</string> <string name="msg_is_bad_type_uncanon">"Tried to import a keyring without canonicalization. This is a bug, please file a report!"</string>