mirror of
https://github.com/moparisthebest/open-keychain
synced 2025-01-12 14:08:24 -05:00
Add check that proof & database fingerprints are the same
This commit is contained in:
parent
bbbc45e4e9
commit
e72c082acd
@ -336,7 +336,8 @@ public class PgpDecryptVerify extends BaseOperation {
|
|||||||
OpenPgpSignatureResult signatureResult = signatureResultBuilder.build();
|
OpenPgpSignatureResult signatureResult = signatureResultBuilder.build();
|
||||||
|
|
||||||
if (signatureResult.getStatus() != OpenPgpSignatureResult.SIGNATURE_SUCCESS_CERTIFIED
|
if (signatureResult.getStatus() != OpenPgpSignatureResult.SIGNATURE_SUCCESS_CERTIFIED
|
||||||
|| signatureResult.getStatus() != OpenPgpSignatureResult.SIGNATURE_SUCCESS_UNCERTIFIED) {
|
&& signatureResult.getStatus() != OpenPgpSignatureResult.SIGNATURE_SUCCESS_UNCERTIFIED) {
|
||||||
|
Log.d(Constants.TAG, "STATUS IS " + signatureResult.getStatus());
|
||||||
log.add(LogType.MSG_VL_ERROR_INTEGRITY_CHECK, indent);
|
log.add(LogType.MSG_VL_ERROR_INTEGRITY_CHECK, indent);
|
||||||
return new DecryptVerifyResult(DecryptVerifyResult.RESULT_ERROR, log);
|
return new DecryptVerifyResult(DecryptVerifyResult.RESULT_ERROR, log);
|
||||||
}
|
}
|
||||||
|
@ -30,7 +30,6 @@ import com.textuality.keybase.lib.Proof;
|
|||||||
import com.textuality.keybase.lib.prover.Prover;
|
import com.textuality.keybase.lib.prover.Prover;
|
||||||
|
|
||||||
import org.json.JSONObject;
|
import org.json.JSONObject;
|
||||||
import org.openintents.openpgp.OpenPgpSignatureResult;
|
|
||||||
import org.spongycastle.openpgp.PGPUtil;
|
import org.spongycastle.openpgp.PGPUtil;
|
||||||
import org.sufficientlysecure.keychain.Constants;
|
import org.sufficientlysecure.keychain.Constants;
|
||||||
import org.sufficientlysecure.keychain.R;
|
import org.sufficientlysecure.keychain.R;
|
||||||
@ -324,6 +323,11 @@ public class KeychainIntentService extends IntentService implements Progressable
|
|||||||
sendProofError(prover.getLog(), getString(R.string.keybase_problem_fetching_evidence));
|
sendProofError(prover.getLog(), getString(R.string.keybase_problem_fetching_evidence));
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
String requiredFingerprint = data.getString(KEYBASE_REQUIRED_FINGERPRINT);
|
||||||
|
if (!prover.checkFingerprint(requiredFingerprint)) {
|
||||||
|
sendProofError(getString(R.string.keybase_key_mismatch));
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
String domain = prover.dnsTxtCheckRequired();
|
String domain = prover.dnsTxtCheckRequired();
|
||||||
if (domain != null) {
|
if (domain != null) {
|
||||||
@ -361,13 +365,12 @@ public class KeychainIntentService extends IntentService implements Progressable
|
|||||||
|
|
||||||
InputData inputData = createDecryptInputData(data);
|
InputData inputData = createDecryptInputData(data);
|
||||||
OutputStream outStream = createCryptOutputStream(data);
|
OutputStream outStream = createCryptOutputStream(data);
|
||||||
String fingerprint = data.getString(KEYBASE_REQUIRED_FINGERPRINT);
|
|
||||||
|
|
||||||
PgpDecryptVerify.Builder builder = new PgpDecryptVerify.Builder(
|
PgpDecryptVerify.Builder builder = new PgpDecryptVerify.Builder(
|
||||||
this, new ProviderHelper(this), this,
|
this, new ProviderHelper(this), this,
|
||||||
inputData, outStream
|
inputData, outStream
|
||||||
);
|
);
|
||||||
builder.setSignedLiteralData(true).setRequiredSignerFingerprint(fingerprint);
|
builder.setSignedLiteralData(true).setRequiredSignerFingerprint(requiredFingerprint);
|
||||||
|
|
||||||
DecryptVerifyResult decryptVerifyResult = builder.build().execute();
|
DecryptVerifyResult decryptVerifyResult = builder.build().execute();
|
||||||
outStream.close();
|
outStream.close();
|
||||||
|
Loading…
Reference in New Issue
Block a user