moparisthebest/open-keychain
1
0
Fork 0
mirror of https://github.com/moparisthebest/open-keychain synced 2024-11-30 12:32:17 -05:00
Code Issues Releases Wiki Activity

save revocation instead of self-cert for revoked uids

Browse Source
This commit is contained in:
Vincent Breitmoser 2015-02-26 18:53:16 +01:00
parent d7888d4666
commit e5bb7a35b5
1 changed files with 19 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java
View File

@ -473,7 +473,7 @@ public class ProviderHelper {
item.selfCert = cert; item.selfCert = cert;
item.isPrimary = cert.isPrimaryUserId(); item.isPrimary = cert.isPrimaryUserId();
} else { } else {
item.isRevoked = true; item.selfRevocation = cert;
log(LogType.MSG_IP_UID_REVOKED); log(LogType.MSG_IP_UID_REVOKED);
} }
continue; continue;
@ -569,10 +569,11 @@ public class ProviderHelper {
// NOTE self-certificates are already verified during canonicalization, // NOTE self-certificates are already verified during canonicalization,
// AND we know there is at most one cert plus at most one revocation // AND we know there is at most one cert plus at most one revocation
// AND the revocation only exists if there is no newer certification
if (!cert.isRevocation()) { if (!cert.isRevocation()) {
item.selfCert = cert; item.selfCert = cert;
} else { } else {
item.isRevoked = true; item.selfRevocation = cert;
log(LogType.MSG_IP_UAT_REVOKED); log(LogType.MSG_IP_UAT_REVOKED);
} }
continue; continue;
@ -643,16 +644,21 @@ public class ProviderHelper {
for (int userIdRank = 0; userIdRank < uids.size(); userIdRank++) { for (int userIdRank = 0; userIdRank < uids.size(); userIdRank++) {
UserPacketItem item = uids.get(userIdRank); UserPacketItem item = uids.get(userIdRank);
operations.add(buildUserIdOperations(masterKeyId, item, userIdRank)); operations.add(buildUserIdOperations(masterKeyId, item, userIdRank));
if (item.selfCert != null) {
// TODO get rid of "self verified" status? this cannot even happen anymore! if (item.selfCert == null) {
operations.add(buildCertOperations(masterKeyId, userIdRank, item.selfCert, throw new AssertionError("User ids MUST be self-certified at this point!!");
selfCertsAreTrusted ? Certs.VERIFIED_SECRET : Certs.VERIFIED_SELF));
} }
// don't bother with trusted certs if the uid is revoked, anyways
if (item.isRevoked) { if (item.selfRevocation != null) {
operations.add(buildCertOperations(masterKeyId, userIdRank, item.selfRevocation,
Certs.VERIFIED_SELF));
// don't bother with trusted certs if the uid is revoked, anyways
continue; continue;
} }
operations.add(buildCertOperations(masterKeyId, userIdRank, item.selfCert,
selfCertsAreTrusted ? Certs.VERIFIED_SECRET : Certs.VERIFIED_SELF));
// iterate over signatures // iterate over signatures
for (int i = 0; i < item.trustedCerts.size() ; i++) { for (int i = 0; i < item.trustedCerts.size() ; i++) {
WrappedSignature sig = item.trustedCerts.valueAt(i); WrappedSignature sig = item.trustedCerts.valueAt(i);
@ -711,15 +717,16 @@ public class ProviderHelper {
String userId; String userId;
byte[] attributeData; byte[] attributeData;
boolean isPrimary = false; boolean isPrimary = false;
boolean isRevoked = false;
WrappedSignature selfCert; WrappedSignature selfCert;
WrappedSignature selfRevocation;
LongSparseArray<WrappedSignature> trustedCerts = new LongSparseArray<>(); LongSparseArray<WrappedSignature> trustedCerts = new LongSparseArray<>();
@Override @Override
public int compareTo(UserPacketItem o) { public int compareTo(UserPacketItem o) {
// revoked keys always come last! // revoked keys always come last!
if (isRevoked != o.isRevoked) { //noinspection DoubleNegation
return isRevoked ? 1 : -1; if ( (selfRevocation != null) != (o.selfRevocation != null)) {
return selfRevocation != null ? 1 : -1;
} }
// if one is a user id, but the other isn't, the user id always comes first. // if one is a user id, but the other isn't, the user id always comes first.
// we compare for null values here, so != is the correct operator! // we compare for null values here, so != is the correct operator!
@ -1353,7 +1360,7 @@ public class ProviderHelper {
values.put(UserPackets.USER_ID, item.userId); values.put(UserPackets.USER_ID, item.userId);
values.put(UserPackets.ATTRIBUTE_DATA, item.attributeData); values.put(UserPackets.ATTRIBUTE_DATA, item.attributeData);
values.put(UserPackets.IS_PRIMARY, item.isPrimary); values.put(UserPackets.IS_PRIMARY, item.isPrimary);
values.put(UserPackets.IS_REVOKED, item.isRevoked); values.put(UserPackets.IS_REVOKED, item.selfRevocation != null);
values.put(UserPackets.RANK, rank); values.put(UserPackets.RANK, rank);
Uri uri = UserPackets.buildUserIdsUri(masterKeyId); Uri uri = UserPackets.buildUserIdsUri(masterKeyId);