mirror of
https://github.com/moparisthebest/open-keychain
synced 2024-12-25 00:18:51 -05:00
canonicalize: first step(s)
This commit is contained in:
parent
067ffa876d
commit
cdc61c4392
@ -229,7 +229,7 @@ public class ImportKeysListEntry implements Serializable, Parcelable {
|
||||
this.keyId = key.getKeyId();
|
||||
this.keyIdHex = PgpKeyHelper.convertKeyIdToHex(keyId);
|
||||
|
||||
this.revoked = key.maybeRevoked();
|
||||
this.revoked = key.isRevoked();
|
||||
this.fingerprintHex = PgpKeyHelper.convertFingerprintToHex(key.getFingerprint());
|
||||
this.bitStrength = key.getBitStrength();
|
||||
final int algorithm = key.getAlgorithm();
|
||||
|
@ -7,9 +7,14 @@ import org.spongycastle.openpgp.PGPObjectFactory;
|
||||
import org.spongycastle.openpgp.PGPPublicKey;
|
||||
import org.spongycastle.openpgp.PGPSecretKey;
|
||||
import org.spongycastle.openpgp.PGPSecretKeyRing;
|
||||
import org.spongycastle.openpgp.PGPSignature;
|
||||
import org.spongycastle.openpgp.PGPUtil;
|
||||
import org.sufficientlysecure.keychain.Constants;
|
||||
import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
|
||||
import org.sufficientlysecure.keychain.service.OperationResultParcel;
|
||||
import org.sufficientlysecure.keychain.service.OperationResultParcel.OperationLog;
|
||||
import org.sufficientlysecure.keychain.service.OperationResultParcel.LogLevel;
|
||||
import org.sufficientlysecure.keychain.service.OperationResultParcel.LogType;
|
||||
import org.sufficientlysecure.keychain.util.IterableIterator;
|
||||
import org.sufficientlysecure.keychain.util.Log;
|
||||
|
||||
@ -169,4 +174,54 @@ public class UncachedKeyRing {
|
||||
return result;
|
||||
}
|
||||
|
||||
/** "Canonicalizes" a key, removing inconsistencies in the process. This operation can be
|
||||
* applied to public keyrings only.
|
||||
*
|
||||
* More specifically:
|
||||
* - Remove all non-verifying self-certificates
|
||||
* - Remove all expired self-certificates
|
||||
* - Remove all certificates flagged as "local"
|
||||
* - Remove all certificates which are superseded by a newer one on the same target
|
||||
*
|
||||
* After this cleaning, a number of checks are done:
|
||||
* - See if each subkey retains a valid self certificate
|
||||
* - See if each user id retains a valid self certificate
|
||||
*
|
||||
* This operation writes an OperationLog which can be used as part of a OperationResultParcel.
|
||||
*
|
||||
* If any of these checks fail, the operation as a whole fails and the keyring is declared
|
||||
* unusable. (TODO: allow forcing of import?)
|
||||
*
|
||||
* TODO implement
|
||||
*
|
||||
* @return A canonicalized key
|
||||
*
|
||||
*/
|
||||
public UncachedKeyRing canonicalize(OperationLog log) {
|
||||
if(isSecret()) {
|
||||
throw new RuntimeException("Tried to canonicalize non-secret keyring. " +
|
||||
"This is a programming error and should never happen!");
|
||||
}
|
||||
|
||||
// dummy
|
||||
log.add(LogLevel.INFO, LogType.MSG_IP_BAD_TYPE_SECRET, null, 0);
|
||||
|
||||
/*
|
||||
// Remove all non-verifying self certificates
|
||||
for (PGPPublicKey key : new IterableIterator<PGPPublicKey>(mRing.getPublicKeys())) {
|
||||
|
||||
for (PGPSignature sig : new IterableIterator<PGPSignature>(
|
||||
key.getSignaturesOfType(isMasterKey() ? PGPSignature.KEY_REVOCATION
|
||||
: PGPSignature.SUBKEY_REVOCATION))) {
|
||||
return true;
|
||||
}
|
||||
|
||||
}*/
|
||||
|
||||
return this;
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
@ -2,6 +2,7 @@ package org.sufficientlysecure.keychain.pgp;
|
||||
|
||||
import org.spongycastle.bcpg.SignatureSubpacketTags;
|
||||
import org.spongycastle.bcpg.sig.KeyFlags;
|
||||
import org.spongycastle.openpgp.PGPException;
|
||||
import org.spongycastle.openpgp.PGPPublicKey;
|
||||
import org.spongycastle.openpgp.PGPSignature;
|
||||
import org.spongycastle.openpgp.PGPSignatureSubpacketVector;
|
||||
@ -9,6 +10,7 @@ import org.spongycastle.openpgp.operator.jcajce.JcaPGPContentVerifierBuilderProv
|
||||
import org.sufficientlysecure.keychain.Constants;
|
||||
import org.sufficientlysecure.keychain.util.IterableIterator;
|
||||
|
||||
import java.security.SignatureException;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Calendar;
|
||||
import java.util.Date;
|
||||
@ -28,8 +30,13 @@ public class UncachedPublicKey {
|
||||
}
|
||||
|
||||
/** The revocation signature is NOT checked here, so this may be false! */
|
||||
public boolean maybeRevoked() {
|
||||
return mPublicKey.isRevoked();
|
||||
public boolean isRevoked() {
|
||||
for (PGPSignature sig : new IterableIterator<PGPSignature>(
|
||||
mPublicKey.getSignaturesOfType(isMasterKey() ? PGPSignature.KEY_REVOCATION
|
||||
: PGPSignature.SUBKEY_REVOCATION))) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
public Date getCreationTime() {
|
||||
@ -193,4 +200,5 @@ public class UncachedPublicKey {
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user