moparisthebest/open-keychain
1
0
Fork 0
mirror of https://github.com/moparisthebest/open-keychain synced 2025-01-13 14:38:09 -05:00
Code Issues Releases Wiki Activity

canonicalize: first step(s)

Browse Source
This commit is contained in:
Vincent Breitmoser 2014-06-10 01:51:16 +02:00
parent 067ffa876d
commit cdc61c4392
3 changed files with 66 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/ImportKeysListEntry.java
View File

@ -229,7 +229,7 @@ public class ImportKeysListEntry implements Serializable, Parcelable {
this.keyId = key.getKeyId(); this.keyId = key.getKeyId();
this.keyIdHex = PgpKeyHelper.convertKeyIdToHex(keyId); this.keyIdHex = PgpKeyHelper.convertKeyIdToHex(keyId);
this.revoked = key.maybeRevoked(); this.revoked = key.isRevoked();
this.fingerprintHex = PgpKeyHelper.convertFingerprintToHex(key.getFingerprint()); this.fingerprintHex = PgpKeyHelper.convertFingerprintToHex(key.getFingerprint());
this.bitStrength = key.getBitStrength(); this.bitStrength = key.getBitStrength();
final int algorithm = key.getAlgorithm(); final int algorithm = key.getAlgorithm();

55
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java
View File

@ -7,9 +7,14 @@ import org.spongycastle.openpgp.PGPObjectFactory;
import org.spongycastle.openpgp.PGPPublicKey; import org.spongycastle.openpgp.PGPPublicKey;
import org.spongycastle.openpgp.PGPSecretKey; import org.spongycastle.openpgp.PGPSecretKey;
import org.spongycastle.openpgp.PGPSecretKeyRing; import org.spongycastle.openpgp.PGPSecretKeyRing;
import org.spongycastle.openpgp.PGPSignature;
import org.spongycastle.openpgp.PGPUtil; import org.spongycastle.openpgp.PGPUtil;
import org.sufficientlysecure.keychain.Constants; import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException; import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
import org.sufficientlysecure.keychain.service.OperationResultParcel;
import org.sufficientlysecure.keychain.service.OperationResultParcel.OperationLog;
import org.sufficientlysecure.keychain.service.OperationResultParcel.LogLevel;
import org.sufficientlysecure.keychain.service.OperationResultParcel.LogType;
import org.sufficientlysecure.keychain.util.IterableIterator; import org.sufficientlysecure.keychain.util.IterableIterator;
import org.sufficientlysecure.keychain.util.Log; import org.sufficientlysecure.keychain.util.Log;
@ -169,4 +174,54 @@ public class UncachedKeyRing {
return result; return result;
} }
/** "Canonicalizes" a key, removing inconsistencies in the process. This operation can be
* applied to public keyrings only.
*
* More specifically:
* - Remove all non-verifying self-certificates
* - Remove all expired self-certificates
* - Remove all certificates flagged as "local"
* - Remove all certificates which are superseded by a newer one on the same target
*
* After this cleaning, a number of checks are done:
* - See if each subkey retains a valid self certificate
* - See if each user id retains a valid self certificate
*
* This operation writes an OperationLog which can be used as part of a OperationResultParcel.
*
* If any of these checks fail, the operation as a whole fails and the keyring is declared
* unusable. (TODO: allow forcing of import?)
*
* TODO implement
*
* @return A canonicalized key
*
*/
public UncachedKeyRing canonicalize(OperationLog log) {
if(isSecret()) {
throw new RuntimeException("Tried to canonicalize non-secret keyring. " +
"This is a programming error and should never happen!");
}
// dummy
log.add(LogLevel.INFO, LogType.MSG_IP_BAD_TYPE_SECRET, null, 0);
/*
// Remove all non-verifying self certificates
for (PGPPublicKey key : new IterableIterator<PGPPublicKey>(mRing.getPublicKeys())) {
for (PGPSignature sig : new IterableIterator<PGPSignature>(
key.getSignaturesOfType(isMasterKey() ? PGPSignature.KEY_REVOCATION
: PGPSignature.SUBKEY_REVOCATION))) {
return true;
}
}*/
return this;
}
} }

12
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedPublicKey.java
View File

@ -2,6 +2,7 @@ package org.sufficientlysecure.keychain.pgp;
import org.spongycastle.bcpg.SignatureSubpacketTags; import org.spongycastle.bcpg.SignatureSubpacketTags;
import org.spongycastle.bcpg.sig.KeyFlags; import org.spongycastle.bcpg.sig.KeyFlags;
import org.spongycastle.openpgp.PGPException;
import org.spongycastle.openpgp.PGPPublicKey; import org.spongycastle.openpgp.PGPPublicKey;
import org.spongycastle.openpgp.PGPSignature; import org.spongycastle.openpgp.PGPSignature;
import org.spongycastle.openpgp.PGPSignatureSubpacketVector; import org.spongycastle.openpgp.PGPSignatureSubpacketVector;
@ -9,6 +10,7 @@ import org.spongycastle.openpgp.operator.jcajce.JcaPGPContentVerifierBuilderProv
import org.sufficientlysecure.keychain.Constants; import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.util.IterableIterator; import org.sufficientlysecure.keychain.util.IterableIterator;
import java.security.SignatureException;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Calendar; import java.util.Calendar;
import java.util.Date; import java.util.Date;
@ -28,8 +30,13 @@ public class UncachedPublicKey {
} }
/** The revocation signature is NOT checked here, so this may be false! */ /** The revocation signature is NOT checked here, so this may be false! */
public boolean maybeRevoked() { public boolean isRevoked() {
return mPublicKey.isRevoked(); for (PGPSignature sig : new IterableIterator<PGPSignature>(
mPublicKey.getSignaturesOfType(isMasterKey() ? PGPSignature.KEY_REVOCATION
: PGPSignature.SUBKEY_REVOCATION))) {
return true;
}
return false;
} }
public Date getCreationTime() { public Date getCreationTime() {
@ -193,4 +200,5 @@ public class UncachedPublicKey {
} }
}; };
} }
} }