canonicalize: first step(s)

2024-11-11 03:25:05 -05:00 · 2014-06-10 01:51:16 +02:00 · 2014-06-10 01:51:16 +02:00 · cdc61c4392
commit cdc61c4392
parent 067ffa876d
3 changed files with 66 additions and 3 deletions
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/ImportKeysListEntry.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/ImportKeysListEntry.java
@ -229,7 +229,7 @@ public class ImportKeysListEntry implements Serializable, Parcelable {
        this.keyId = key.getKeyId();
        this.keyIdHex = PgpKeyHelper.convertKeyIdToHex(keyId);

-        this.revoked = key.maybeRevoked();
+        this.revoked = key.isRevoked();
        this.fingerprintHex = PgpKeyHelper.convertFingerprintToHex(key.getFingerprint());
        this.bitStrength = key.getBitStrength();
        final int algorithm = key.getAlgorithm();
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java
@ -7,9 +7,14 @@ import org.spongycastle.openpgp.PGPObjectFactory;
 import org.spongycastle.openpgp.PGPPublicKey;
 import org.spongycastle.openpgp.PGPSecretKey;
 import org.spongycastle.openpgp.PGPSecretKeyRing;
+import org.spongycastle.openpgp.PGPSignature;
 import org.spongycastle.openpgp.PGPUtil;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
+import org.sufficientlysecure.keychain.service.OperationResultParcel;
+import org.sufficientlysecure.keychain.service.OperationResultParcel.OperationLog;
+import org.sufficientlysecure.keychain.service.OperationResultParcel.LogLevel;
+import org.sufficientlysecure.keychain.service.OperationResultParcel.LogType;
 import org.sufficientlysecure.keychain.util.IterableIterator;
 import org.sufficientlysecure.keychain.util.Log;

@ -169,4 +174,54 @@ public class UncachedKeyRing {
        return result;
    }

+    /** "Canonicalizes" a key, removing inconsistencies in the process. This operation can be
+     * applied to public keyrings only.
+     *
+     * More specifically:
+     *  - Remove all non-verifying self-certificates
+     *  - Remove all expired self-certificates
+     *  - Remove all certificates flagged as "local"
+     *  - Remove all certificates which are superseded by a newer one on the same target
+     *
+     * After this cleaning, a number of checks are done:
+     *  - See if each subkey retains a valid self certificate
+     *  - See if each user id retains a valid self certificate
+     *
+     * This operation writes an OperationLog which can be used as part of a OperationResultParcel.
+     *
+     * If any of these checks fail, the operation as a whole fails and the keyring is declared
+     * unusable. (TODO: allow forcing of import?)
+     *
+     * TODO implement
+     *
+     * @return A canonicalized key
+     *
+     */
+    public UncachedKeyRing canonicalize(OperationLog log) {
+        if(isSecret()) {
+            throw new RuntimeException("Tried to canonicalize non-secret keyring. " +
+                    "This is a programming error and should never happen!");
+        }
+
+        // dummy
+        log.add(LogLevel.INFO, LogType.MSG_IP_BAD_TYPE_SECRET, null, 0);
+
+        /*
+        // Remove all non-verifying self certificates
+        for (PGPPublicKey key : new IterableIterator<PGPPublicKey>(mRing.getPublicKeys())) {
+
+            for (PGPSignature sig : new IterableIterator<PGPSignature>(
+                    key.getSignaturesOfType(isMasterKey() ? PGPSignature.KEY_REVOCATION
+                            : PGPSignature.SUBKEY_REVOCATION))) {
+                return true;
+            }
+
+        }*/
+
+        return this;
+
+
+    }
+
+
 }
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedPublicKey.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedPublicKey.java
@ -2,6 +2,7 @@ package org.sufficientlysecure.keychain.pgp;

 import org.spongycastle.bcpg.SignatureSubpacketTags;
 import org.spongycastle.bcpg.sig.KeyFlags;
+import org.spongycastle.openpgp.PGPException;
 import org.spongycastle.openpgp.PGPPublicKey;
 import org.spongycastle.openpgp.PGPSignature;
 import org.spongycastle.openpgp.PGPSignatureSubpacketVector;
@ -9,6 +10,7 @@ import org.spongycastle.openpgp.operator.jcajce.JcaPGPContentVerifierBuilderProv
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.util.IterableIterator;

+import java.security.SignatureException;
 import java.util.ArrayList;
 import java.util.Calendar;
 import java.util.Date;
@ -28,8 +30,13 @@ public class UncachedPublicKey {
    }

    /** The revocation signature is NOT checked here, so this may be false! */
-    public boolean maybeRevoked() {
-        return mPublicKey.isRevoked();
+    public boolean isRevoked() {
+        for (PGPSignature sig : new IterableIterator<PGPSignature>(
+                mPublicKey.getSignaturesOfType(isMasterKey() ? PGPSignature.KEY_REVOCATION
+                                                             : PGPSignature.SUBKEY_REVOCATION))) {
+            return true;
+        }
+        return false;
    }

    public Date getCreationTime() {
@ -193,4 +200,5 @@ public class UncachedPublicKey {
            }
        };
    }
+
 }