diff --git a/.gitignore b/.gitignore
index 1dfe84d5a..68f5b5a9e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -14,6 +14,9 @@ ant.properties
.gradle
build
gradle.properties
+# this is in here because the prepare-tests thing modifies it, and we DON'T
+# want this to be commited. use git add -f to work on this file.
+settings.gradle
#Maven
target
diff --git a/.gitmodules b/.gitmodules
index b01f9a0ff..064be5619 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -7,9 +7,6 @@
[submodule "extern/zxing-qr-code"]
path = extern/zxing-qr-code
url = https://github.com/open-keychain/zxing-qr-code.git
-[submodule "extern/AppMsg"]
- path = extern/AppMsg
- url = https://github.com/open-keychain/Android-AppMsg.git
[submodule "extern/spongycastle"]
path = extern/spongycastle
url = https://github.com/open-keychain/spongycastle.git
@@ -31,9 +28,6 @@
[submodule "extern/minidns"]
path = extern/minidns
url = https://github.com/open-keychain/minidns.git
-[submodule "OpenKeychain/src/test/resources/extern/OpenPGP-Haskell"]
- path = OpenKeychain/src/test/resources/extern/OpenPGP-Haskell
- url = https://github.com/singpolyma/OpenPGP-Haskell.git
[submodule "extern/TokenAutoComplete"]
path = extern/TokenAutoComplete
url = https://github.com/open-keychain/TokenAutoComplete
diff --git a/.travis.yml b/.travis.yml
index 5da831e61..ef69eb556 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,5 +1,5 @@
language: java
-jdk: oraclejdk7
+jdk: openjdk7
before_install:
# Install base Android SDK
- sudo apt-get update -qq
@@ -12,6 +12,9 @@ before_install:
# Install required Android components.
#- echo "y" | android update sdk -a --filter build-tools-19.1.0,android-19,platform-tools,extra-android-support,extra-android-m2repository --no-ui --force
- ( sleep 5 && while [ 1 ]; do sleep 1; echo y; done ) | android update sdk --no-ui --all --force --filter build-tools-19.1.0,android-19,platform-tools,extra-android-support,extra-android-m2repository
+ - ./prepare-tests.sh
install: echo "Installation done"
-script: gradle assemble -S -q
+script:
+ - gradle assemble -S -q
+ - gradle --info OpenKeychain-Test:testDebug
diff --git a/OpenKeychain-Test/build.gradle b/OpenKeychain-Test/build.gradle
new file mode 100644
index 000000000..a98a79dc1
--- /dev/null
+++ b/OpenKeychain-Test/build.gradle
@@ -0,0 +1,118 @@
+buildscript {
+ repositories {
+ mavenCentral()
+ // need this for com.novoda:gradle-android-test-plugin:0.9.9-SNAPSHOT below (0.9.3 in repos doesn't work!)
+ // run ./install-custom-gradle-test-plugin.sh to pull the thing into the local repository
+ mavenLocal()
+ }
+
+ dependencies {
+ // NOTE: Always use fixed version codes not dynamic ones, e.g. 0.7.3 instead of 0.7.+, see README for more information
+ classpath 'com.novoda:gradle-android-test-plugin:0.9.9-SNAPSHOT'
+ }
+}
+
+apply plugin: 'java'
+apply plugin: 'android-test'
+apply plugin: 'jacoco'
+
+dependencies {
+ testCompile 'junit:junit:4.11'
+ testCompile 'com.google.android:android:4.1.1.4'
+ testCompile('com.squareup:fest-android:1.0.+') { exclude module: 'support-v4' }
+ testCompile ('org.robolectric:robolectric:2.3') {
+ exclude module: 'classworlds'
+ exclude module: 'maven-artifact'
+ exclude module: 'maven-artifact-manager'
+ exclude module: 'maven-error-diagnostics'
+ exclude module: 'maven-model'
+ exclude module: 'maven-plugin-registry'
+ exclude module: 'maven-profile'
+ exclude module: 'maven-project'
+ exclude module: 'maven-settings'
+ exclude module: 'nekohtml'
+ exclude module: 'plexus-container-default'
+ exclude module: 'plexus-interpolation'
+ exclude module: 'plexus-utils'
+ exclude module: 'support-v4' // crazy but my android studio don't like this dependency and to fix it remove .idea and re import project
+ exclude module: 'wagon-file'
+ exclude module: 'wagon-http-lightweight'
+ exclude module: 'wagon-http-shared'
+ exclude module: 'wagon-provider-api'
+ }
+}
+
+android {
+ projectUnderTest ':OpenKeychain'
+}
+
+jacoco {
+ toolVersion = "0.7.0.201403182114"
+}
+
+coverageSourceDirs = [
+ '../OpenKeychain/src/main/java',
+ '../OpenKeychain/src/gen',
+ '../OpenKeychain/build/source/apt/debug',
+ '../OpenKeychain/build/source/generated/buildConfig/debug',
+ '../OpenKeychain/build/source/generated/r/debug'
+ ]
+
+jacocoTestReport {
+ reports {
+ xml.enabled = true
+ html.destination "${buildDir}/jacocoHtml"
+ }
+ // class R is used, but usage will not be covered, so ignore this class from report
+ classDirectories = fileTree(dir: '../OpenKeychain/build/intermediates/classes/debug/org/sufficientlysecure/keychain', exclude: 'R*.class')
+ additionalSourceDirs = files(coverageSourceDirs)
+ executionData = files('build/jacoco/testDebug.exec')
+}
+
+// new workaround to force add custom output dirs for android studio
+task addTest {
+ def file = file(project.name + ".iml")
+ doLast {
+ try {
+ def parsedXml = (new XmlParser()).parse(file)
+ def node = parsedXml.component[1]
+ def outputNode = parsedXml.component[1].output[0]
+ def outputTestNode = parsedXml.component[1].'output-test'[0]
+ def rewrite = false
+
+ new Node(node, 'sourceFolder', ['url': 'file://$MODULE_DIR$/' + "${it}", 'isTestSource': "true"])
+
+ if(outputNode == null) {
+ new Node(node, 'output', ['url': 'file://$MODULE_DIR$/build/resources/testDebug'])
+ } else {
+ if(outputNode.attributes['url'] != 'file://$MODULE_DIR$/build/resources/testDebug') {
+ outputNode.attributes = ['url': 'file://$MODULE_DIR$/build/resources/testDebug']
+ rewrite = true
+ }
+ }
+
+ if(outputTestNode == null) {
+ new Node(node, 'output-test', ['url': 'file://$MODULE_DIR$/build/test-classes/debug'])
+ } else {
+ if(outputTestNode.attributes['url'] != 'file://$MODULE_DIR$/build/test-classes/debug') {
+ outputTestNode.attributes = ['url': 'file://$MODULE_DIR$/build/test-classes/debug']
+ rewrite = true
+ }
+ }
+
+ if(rewrite) {
+ def writer = new StringWriter()
+ new XmlNodePrinter(new PrintWriter(writer)).print(parsedXml)
+ file.text = writer.toString()
+ }
+ } catch (FileNotFoundException e) {
+ // iml not found, common on command line only builds
+ }
+
+ }
+}
+
+// always do the addtest on prebuild
+gradle.projectsEvaluated {
+ testDebugClasses.dependsOn(addTest)
+}
diff --git a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/support/KeyringBuilder.java b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/support/KeyringBuilder.java
new file mode 100644
index 000000000..94193bbcb
--- /dev/null
+++ b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/support/KeyringBuilder.java
@@ -0,0 +1,254 @@
+/*
+ * Copyright (C) Art O Cathain
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see .
+ */
+
+package org.sufficientlysecure.keychain.support;
+
+import org.spongycastle.bcpg.CompressionAlgorithmTags;
+import org.spongycastle.bcpg.ContainedPacket;
+import org.spongycastle.bcpg.HashAlgorithmTags;
+import org.spongycastle.bcpg.MPInteger;
+import org.spongycastle.bcpg.PublicKeyAlgorithmTags;
+import org.spongycastle.bcpg.PublicKeyPacket;
+import org.spongycastle.bcpg.PublicSubkeyPacket;
+import org.spongycastle.bcpg.RSAPublicBCPGKey;
+import org.spongycastle.bcpg.SignaturePacket;
+import org.spongycastle.bcpg.SignatureSubpacket;
+import org.spongycastle.bcpg.SignatureSubpacketInputStream;
+import org.spongycastle.bcpg.SignatureSubpacketTags;
+import org.spongycastle.bcpg.SymmetricKeyAlgorithmTags;
+import org.spongycastle.bcpg.UserIDPacket;
+import org.spongycastle.bcpg.sig.Features;
+import org.spongycastle.bcpg.sig.IssuerKeyID;
+import org.spongycastle.bcpg.sig.KeyExpirationTime;
+import org.spongycastle.bcpg.sig.KeyFlags;
+import org.spongycastle.bcpg.sig.PreferredAlgorithms;
+import org.spongycastle.bcpg.sig.SignatureCreationTime;
+import org.spongycastle.openpgp.PGPSignature;
+import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Date;
+import java.util.List;
+import java.util.concurrent.TimeUnit;
+
+/**
+ * Helps create correct and incorrect keyrings for tests.
+ *
+ * The original "correct" keyring was generated by GnuPG.
+ */
+public class KeyringBuilder {
+
+
+ private static final BigInteger PUBLIC_KEY_MODULUS = new BigInteger(
+ "cbab78d90d5f2cc0c54dd3c3953005a1e6b521f1ffa5465a102648bf7b91ec72" +
+ "f9c180759301587878caeb73332156209f81ca5b3b94309d96110f6972cfc56a" +
+ "37fd6279f61d71f19b8f64b288e338299dce133520f5b9b4253e6f4ba31ca36a" +
+ "fd87c2081b15f0b283e9350e370e181a23d31379101f17a23ae9192250db6540" +
+ "2e9cab2a275bc5867563227b197c8b136c832a94325b680e144ed864fb00b9b8" +
+ "b07e13f37b40d5ac27dae63cd6a470a7b40fa3c7479b5b43e634850cc680b177" +
+ "8dd6b1b51856f36c3520f258f104db2f96b31a53dd74f708ccfcefccbe420a90" +
+ "1c37f1f477a6a4b15f5ecbbfd93311a647bcc3f5f81c59dfe7252e3cd3be6e27"
+ , 16
+ );
+
+ private static final BigInteger PUBLIC_SUBKEY_MODULUS = new BigInteger(
+ "e8e2e2a33102649f19f8a07486fb076a1406ca888d72ae05d28f0ef372b5408e" +
+ "45132c69f6e5cb6a79bb8aed84634196731393a82d53e0ddd42f28f92cc15850" +
+ "8ce3b7ca1a9830502745aee774f86987993df984781f47c4a2910f95cf4c950c" +
+ "c4c6cccdc134ad408a0c5418b5e360c9781a8434d366053ea6338b975fae88f9" +
+ "383a10a90e7b2caa9ddb95708aa9d8a90246e29b04dbd6136613085c9a287315" +
+ "c6e9c7ff4012defc1713875e3ff6073333a1c93d7cd75ebeaaf16b8b853d96ba" +
+ "7003258779e8d2f70f1bc0bcd3ef91d7a9ccd8e225579b2d6fcae32799b0a6c0" +
+ "e7305fc65dc4edc849c6130a0d669c90c193b1e746c812510f9d600a208be4a5"
+ , 16
+ );
+
+ private static final Date SIGNATURE_DATE = new Date(1404566755000L);
+
+ private static final BigInteger EXPONENT = BigInteger.valueOf(0x010001);
+
+ private static final String USER_ID_STRING = "OpenKeychain User (NOT A REAL KEY) ";
+
+ public static final BigInteger CORRECT_SIGNATURE = new BigInteger(
+ "b065c071d3439d5610eb22e5b4df9e42ed78b8c94f487389e4fc98e8a75a043f" +
+ "14bf57d591811e8e7db2d31967022d2ee64372829183ec51d0e20c42d7a1e519" +
+ "e9fa22cd9db90f0fd7094fd093b78be2c0db62022193517404d749152c71edc6" +
+ "fd48af3416038d8842608ecddebbb11c5823a4321d2029b8993cb017fa8e5ad7" +
+ "8a9a618672d0217c4b34002f1a4a7625a514b6a86475e573cb87c64d7069658e" +
+ "627f2617874007a28d525e0f87d93ca7b15ad10dbdf10251e542afb8f9b16cbf" +
+ "7bebdb5fe7e867325a44e59cad0991cb239b1c859882e2ebb041b80e5cdc3b40" +
+ "ed259a8a27d63869754c0881ccdcb50f0564fecdc6966be4a4b87a3507a9d9be"
+ , 16
+ );
+ public static final BigInteger CORRECT_SUBKEY_SIGNATURE = new BigInteger(
+ "9c40543e646cfa6d3d1863d91a4e8f1421d0616ddb3187505df75fbbb6c59dd5" +
+ "3136b866f246a0320e793cb142c55c8e0e521d1e8d9ab864650f10690f5f1429" +
+ "2eb8402a3b1f82c01079d12f5c57c43fce524a530e6f49f6f87d984e26db67a2" +
+ "d469386dac87553c50147ebb6c2edd9248325405f737b815253beedaaba4f5c9" +
+ "3acd5d07fe6522ceda1027932d849e3ec4d316422cd43ea6e506f643936ab0be" +
+ "8246e546bb90d9a83613185047566864ffe894946477e939725171e0e15710b2" +
+ "089f78752a9cb572f5907323f1b62f14cb07671aeb02e6d7178f185467624ec5" +
+ "74e4a73c439a12edba200a4832106767366a1e6f63da0a42d593fa3914deee2b"
+ , 16
+ );
+ public static final BigInteger KEY_ID = BigInteger.valueOf(0x15130BCF071AE6BFL);
+
+ public static UncachedKeyRing correctRing() {
+ return convertToKeyring(correctKeyringPackets());
+ }
+
+ public static UncachedKeyRing ringWithExtraIncorrectSignature() {
+ List packets = correctKeyringPackets();
+ SignaturePacket incorrectSignaturePacket = createSignaturePacket(CORRECT_SIGNATURE.subtract(BigInteger.ONE));
+ packets.add(2, incorrectSignaturePacket);
+ return convertToKeyring(packets);
+ }
+
+ private static UncachedKeyRing convertToKeyring(List packets) {
+ try {
+ return UncachedKeyRing.decodeFromData(TestDataUtil.concatAll(packets));
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ private static List correctKeyringPackets() {
+ PublicKeyPacket publicKey = createPgpPublicKey(PUBLIC_KEY_MODULUS);
+ UserIDPacket userId = createUserId(USER_ID_STRING);
+ SignaturePacket signaturePacket = createSignaturePacket(CORRECT_SIGNATURE);
+ PublicKeyPacket subKey = createPgpPublicSubKey(PUBLIC_SUBKEY_MODULUS);
+ SignaturePacket subKeySignaturePacket = createSubkeySignaturePacket();
+
+ return new ArrayList(Arrays.asList(
+ publicKey,
+ userId,
+ signaturePacket,
+ subKey,
+ subKeySignaturePacket
+ ));
+ }
+
+ private static SignaturePacket createSignaturePacket(BigInteger signature) {
+ MPInteger[] signatureArray = new MPInteger[]{
+ new MPInteger(signature)
+ };
+
+ int signatureType = PGPSignature.POSITIVE_CERTIFICATION;
+ int keyAlgorithm = SignaturePacket.RSA_GENERAL;
+ int hashAlgorithm = HashAlgorithmTags.SHA1;
+
+ SignatureSubpacket[] hashedData = new SignatureSubpacket[]{
+ new SignatureCreationTime(false, SIGNATURE_DATE),
+ new KeyFlags(false, KeyFlags.CERTIFY_OTHER + KeyFlags.SIGN_DATA),
+ new KeyExpirationTime(false, TimeUnit.DAYS.toSeconds(2)),
+ new PreferredAlgorithms(SignatureSubpacketTags.PREFERRED_SYM_ALGS, false, new int[]{
+ SymmetricKeyAlgorithmTags.AES_256,
+ SymmetricKeyAlgorithmTags.AES_192,
+ SymmetricKeyAlgorithmTags.AES_128,
+ SymmetricKeyAlgorithmTags.CAST5,
+ SymmetricKeyAlgorithmTags.TRIPLE_DES
+ }),
+ new PreferredAlgorithms(SignatureSubpacketTags.PREFERRED_HASH_ALGS, false, new int[]{
+ HashAlgorithmTags.SHA256,
+ HashAlgorithmTags.SHA1,
+ HashAlgorithmTags.SHA384,
+ HashAlgorithmTags.SHA512,
+ HashAlgorithmTags.SHA224
+ }),
+ new PreferredAlgorithms(SignatureSubpacketTags.PREFERRED_COMP_ALGS, false, new int[]{
+ CompressionAlgorithmTags.ZLIB,
+ CompressionAlgorithmTags.BZIP2,
+ CompressionAlgorithmTags.ZIP
+ }),
+ new Features(false, Features.FEATURE_MODIFICATION_DETECTION),
+ createPreferencesSignatureSubpacket()
+ };
+ SignatureSubpacket[] unhashedData = new SignatureSubpacket[]{
+ new IssuerKeyID(false, KEY_ID.toByteArray())
+ };
+ byte[] fingerPrint = new BigInteger("522c", 16).toByteArray();
+
+ return new SignaturePacket(signatureType,
+ KEY_ID.longValue(),
+ keyAlgorithm,
+ hashAlgorithm,
+ hashedData,
+ unhashedData,
+ fingerPrint,
+ signatureArray);
+ }
+
+ /**
+ * There is no Preferences subpacket in BouncyCastle, so we have
+ * to create one manually.
+ */
+ private static SignatureSubpacket createPreferencesSignatureSubpacket() {
+ SignatureSubpacket prefs;
+ try {
+ prefs = new SignatureSubpacketInputStream(new ByteArrayInputStream(
+ new byte[]{2, SignatureSubpacketTags.KEY_SERVER_PREFS, (byte) 0x80})
+ ).readPacket();
+ } catch (IOException ex) {
+ throw new RuntimeException(ex);
+ }
+ return prefs;
+ }
+
+ private static SignaturePacket createSubkeySignaturePacket() {
+ int signatureType = PGPSignature.SUBKEY_BINDING;
+ int keyAlgorithm = SignaturePacket.RSA_GENERAL;
+ int hashAlgorithm = HashAlgorithmTags.SHA1;
+
+ SignatureSubpacket[] hashedData = new SignatureSubpacket[]{
+ new SignatureCreationTime(false, SIGNATURE_DATE),
+ new KeyFlags(false, KeyFlags.ENCRYPT_COMMS + KeyFlags.ENCRYPT_STORAGE),
+ new KeyExpirationTime(false, TimeUnit.DAYS.toSeconds(2)),
+ };
+ SignatureSubpacket[] unhashedData = new SignatureSubpacket[]{
+ new IssuerKeyID(false, KEY_ID.toByteArray())
+ };
+ byte[] fingerPrint = new BigInteger("234a", 16).toByteArray();
+ MPInteger[] signature = new MPInteger[]{
+ new MPInteger(CORRECT_SUBKEY_SIGNATURE)
+ };
+ return new SignaturePacket(signatureType,
+ KEY_ID.longValue(),
+ keyAlgorithm,
+ hashAlgorithm,
+ hashedData,
+ unhashedData,
+ fingerPrint,
+ signature);
+ }
+
+ private static PublicKeyPacket createPgpPublicKey(BigInteger modulus) {
+ return new PublicKeyPacket(PublicKeyAlgorithmTags.RSA_GENERAL, SIGNATURE_DATE, new RSAPublicBCPGKey(modulus, EXPONENT));
+ }
+
+ private static PublicKeyPacket createPgpPublicSubKey(BigInteger modulus) {
+ return new PublicSubkeyPacket(PublicKeyAlgorithmTags.RSA_GENERAL, SIGNATURE_DATE, new RSAPublicBCPGKey(modulus, EXPONENT));
+ }
+
+ private static UserIDPacket createUserId(String userId) {
+ return new UserIDPacket(userId);
+ }
+
+}
diff --git a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/support/KeyringTestingHelper.java b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/support/KeyringTestingHelper.java
new file mode 100644
index 000000000..015e134ea
--- /dev/null
+++ b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/support/KeyringTestingHelper.java
@@ -0,0 +1,363 @@
+/*
+ * Copyright (C) Art O Cathain, Vincent Breitmoser
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see .
+ */
+package org.sufficientlysecure.keychain.support;
+
+import android.content.Context;
+
+import org.spongycastle.util.Arrays;
+import org.sufficientlysecure.keychain.pgp.NullProgressable;
+import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
+import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
+import org.sufficientlysecure.keychain.provider.ProviderHelper;
+import org.sufficientlysecure.keychain.service.OperationResults;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Comparator;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+
+/** Helper methods for keyring tests. */
+public class KeyringTestingHelper {
+
+ private final Context context;
+
+ public KeyringTestingHelper(Context robolectricContext) {
+ this.context = robolectricContext;
+ }
+
+ public boolean addKeyring(Collection blobFiles) throws Exception {
+
+ ProviderHelper providerHelper = new ProviderHelper(context);
+
+ byte[] data = TestDataUtil.readAllFully(blobFiles);
+ UncachedKeyRing ring = UncachedKeyRing.decodeFromData(data);
+ long masterKeyId = ring.getMasterKeyId();
+
+ // Should throw an exception; key is not yet saved
+ retrieveKeyAndExpectNotFound(providerHelper, masterKeyId);
+
+ OperationResults.SaveKeyringResult saveKeyringResult = providerHelper.savePublicKeyRing(ring, new NullProgressable());
+
+ boolean saveSuccess = saveKeyringResult.success();
+
+ // Now re-retrieve the saved key. Should not throw an exception.
+ providerHelper.getCanonicalizedPublicKeyRing(masterKeyId);
+
+ // A different ID should still fail
+ retrieveKeyAndExpectNotFound(providerHelper, masterKeyId - 1);
+
+ return saveSuccess;
+ }
+
+ public static UncachedKeyRing removePacket(UncachedKeyRing ring, int position)
+ throws IOException, PgpGeneralException {
+ return UncachedKeyRing.decodeFromData(removePacket(ring.getEncoded(), position));
+ }
+
+ public static byte[] removePacket(byte[] ring, int position) throws IOException {
+ Iterator it = parseKeyring(ring);
+ ByteArrayOutputStream out = new ByteArrayOutputStream(ring.length);
+
+ int i = 0;
+ while(it.hasNext()) {
+ // at the right position, skip the packet
+ if(i++ == position) {
+ it.next();
+ continue;
+ }
+ // write the old one
+ out.write(it.next().buf);
+ }
+
+ if (i <= position) {
+ throw new IndexOutOfBoundsException("injection index did not not occur in stream!");
+ }
+
+ return out.toByteArray();
+ }
+
+ public static UncachedKeyRing injectPacket(UncachedKeyRing ring, byte[] inject, int position)
+ throws IOException, PgpGeneralException {
+ return UncachedKeyRing.decodeFromData(injectPacket(ring.getEncoded(), inject, position));
+ }
+
+ public static byte[] injectPacket(byte[] ring, byte[] inject, int position) throws IOException {
+
+ Iterator it = parseKeyring(ring);
+ ByteArrayOutputStream out = new ByteArrayOutputStream(ring.length + inject.length);
+
+ int i = 0;
+ while(it.hasNext()) {
+ // at the right position, inject the new packet
+ if(i++ == position) {
+ out.write(inject);
+ }
+ // write the old one
+ out.write(it.next().buf);
+ }
+
+ if (i <= position) {
+ throw new IndexOutOfBoundsException("injection index did not not occur in stream!");
+ }
+
+ return out.toByteArray();
+
+ }
+
+ /** This class contains a single pgp packet, together with information about its position
+ * in the keyring and its packet tag.
+ */
+ public static class RawPacket {
+ public int position;
+
+ // packet tag for convenience, this can also be read from the header
+ public int tag;
+
+ public int headerLength, length;
+ // this buf includes the header, so its length is headerLength + length!
+ public byte[] buf;
+
+ @Override
+ public boolean equals(Object other) {
+ return other instanceof RawPacket && Arrays.areEqual(this.buf, ((RawPacket) other).buf);
+ }
+
+ @Override
+ public int hashCode() {
+ return Arrays.hashCode(buf);
+ }
+ }
+
+ /** A comparator which compares RawPackets by their position */
+ public static final Comparator packetOrder = new Comparator() {
+ public int compare(RawPacket left, RawPacket right) {
+ return Integer.compare(left.position, right.position);
+ }
+ };
+
+ /** Diff two keyrings, returning packets only present in one keyring in its associated List.
+ *
+ * Packets in the returned lists are annotated and ordered by their original order of appearance
+ * in their origin keyrings.
+ *
+ * @return true if keyrings differ in at least one packet
+ */
+ public static boolean diffKeyrings(byte[] ringA, byte[] ringB,
+ List onlyA, List onlyB)
+ throws IOException {
+ Iterator streamA = parseKeyring(ringA);
+ Iterator streamB = parseKeyring(ringB);
+
+ HashSet a = new HashSet(), b = new HashSet();
+
+ RawPacket p;
+ int pos = 0;
+ while(true) {
+ p = streamA.next();
+ if (p == null) {
+ break;
+ }
+ p.position = pos++;
+ a.add(p);
+ }
+ pos = 0;
+ while(true) {
+ p = streamB.next();
+ if (p == null) {
+ break;
+ }
+ p.position = pos++;
+ b.add(p);
+ }
+
+ onlyA.clear();
+ onlyB.clear();
+
+ onlyA.addAll(a);
+ onlyA.removeAll(b);
+ onlyB.addAll(b);
+ onlyB.removeAll(a);
+
+ Collections.sort(onlyA, packetOrder);
+ Collections.sort(onlyB, packetOrder);
+
+ return !onlyA.isEmpty() || !onlyB.isEmpty();
+ }
+
+ /** Creates an iterator of RawPackets over a binary keyring. */
+ public static Iterator parseKeyring(byte[] ring) {
+
+ final InputStream stream = new ByteArrayInputStream(ring);
+
+ return new Iterator() {
+ RawPacket next;
+
+ @Override
+ public boolean hasNext() {
+ if (next == null) try {
+ next = readPacket(stream);
+ } catch (IOException e) {
+ return false;
+ }
+ return next != null;
+ }
+
+ @Override
+ public RawPacket next() {
+ if (!hasNext()) {
+ return null;
+ }
+ try {
+ return next;
+ } finally {
+ next = null;
+ }
+ }
+
+ @Override
+ public void remove() {
+ throw new UnsupportedOperationException();
+ }
+ };
+
+ }
+
+ /** Read a single (raw) pgp packet from an input stream.
+ *
+ * Note that the RawPacket.position field is NOT set here!
+ *
+ * Variable length packets are not handled here. we don't use those in our test classes, and
+ * otherwise rely on BouncyCastle's own unit tests to handle those correctly.
+ */
+ private static RawPacket readPacket(InputStream in) throws IOException {
+
+ // save here. this is tag + length, max 6 bytes
+ in.mark(6);
+
+ int hdr = in.read();
+ int headerLength = 1;
+
+ if (hdr < 0) {
+ return null;
+ }
+
+ if ((hdr & 0x80) == 0) {
+ throw new IOException("invalid header encountered");
+ }
+
+ boolean newPacket = (hdr & 0x40) != 0;
+ int tag;
+ int bodyLen;
+
+ if (newPacket) {
+ tag = hdr & 0x3f;
+
+ int l = in.read();
+ headerLength += 1;
+
+ if (l < 192) {
+ bodyLen = l;
+ } else if (l <= 223) {
+ int b = in.read();
+ headerLength += 1;
+
+ bodyLen = ((l - 192) << 8) + (b) + 192;
+ } else if (l == 255) {
+ bodyLen = (in.read() << 24) | (in.read() << 16) | (in.read() << 8) | in.read();
+ headerLength += 4;
+ } else {
+ // bodyLen = 1 << (l & 0x1f);
+ throw new IOException("no support for partial bodies in test classes");
+ }
+ } else {
+ int lengthType = hdr & 0x3;
+
+ tag = (hdr & 0x3f) >> 2;
+
+ switch (lengthType) {
+ case 0:
+ bodyLen = in.read();
+ headerLength += 1;
+ break;
+ case 1:
+ bodyLen = (in.read() << 8) | in.read();
+ headerLength += 2;
+ break;
+ case 2:
+ bodyLen = (in.read() << 24) | (in.read() << 16) | (in.read() << 8) | in.read();
+ headerLength += 4;
+ break;
+ case 3:
+ // bodyLen = 1 << (l & 0x1f);
+ throw new IOException("no support for partial bodies in test classes");
+ default:
+ throw new IOException("unknown length type encountered");
+ }
+ }
+
+ in.reset();
+
+ // read the entire packet INCLUDING the header here
+ byte[] buf = new byte[headerLength+bodyLen];
+ if (in.read(buf) != headerLength+bodyLen) {
+ throw new IOException("read length mismatch!");
+ }
+ RawPacket p = new RawPacket();
+ p.tag = tag;
+ p.headerLength = headerLength;
+ p.length = bodyLen;
+ p.buf = buf;
+ return p;
+
+ }
+
+ public static E getNth(Iterator it, int position) {
+ while(position-- > 0) {
+ it.next();
+ }
+ return it.next();
+ }
+
+ public static long getSubkeyId(UncachedKeyRing ring, int position) {
+ return getNth(ring.getPublicKeys(), position).getKeyId();
+ }
+
+ private void retrieveKeyAndExpectNotFound(ProviderHelper providerHelper, long masterKeyId) {
+ try {
+ providerHelper.getCanonicalizedPublicKeyRing(masterKeyId);
+ throw new AssertionError("Was expecting the previous call to fail!");
+ } catch (ProviderHelper.NotFoundException expectedException) {
+ // good
+ }
+ }
+
+ public static List itToList(Iterator it) {
+ List result = new ArrayList();
+ while(it.hasNext()) {
+ result.add(it.next());
+ }
+ return result;
+ }
+
+}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/testsupport/PgpVerifyTestingHelper.java b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/support/PgpVerifyTestingHelper.java
similarity index 68%
rename from OpenKeychain/src/main/java/org/sufficientlysecure/keychain/testsupport/PgpVerifyTestingHelper.java
rename to OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/support/PgpVerifyTestingHelper.java
index 1ab5878cc..dd5786512 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/testsupport/PgpVerifyTestingHelper.java
+++ b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/support/PgpVerifyTestingHelper.java
@@ -1,4 +1,20 @@
-package org.sufficientlysecure.keychain.testsupport;
+package org.sufficientlysecure.keychain.support;
+/*
+ * Copyright (C) Art O Cathain
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see .
+ */
import android.content.Context;
diff --git a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/support/ProviderHelperStub.java b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/support/ProviderHelperStub.java
new file mode 100644
index 000000000..2cd0c67a2
--- /dev/null
+++ b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/support/ProviderHelperStub.java
@@ -0,0 +1,39 @@
+/*
+ * Copyright (C) Art O Cathain
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see .
+ */
+
+package org.sufficientlysecure.keychain.support;
+
+import android.content.Context;
+import android.net.Uri;
+
+import org.sufficientlysecure.keychain.pgp.CanonicalizedPublicKeyRing;
+import org.sufficientlysecure.keychain.provider.ProviderHelper;
+
+/**
+ * Created by art on 21/06/14.
+ */
+class ProviderHelperStub extends ProviderHelper {
+ public ProviderHelperStub(Context context) {
+ super(context);
+ }
+
+ @Override
+ public CanonicalizedPublicKeyRing getCanonicalizedPublicKeyRing(Uri id) throws NotFoundException {
+ byte[] data = TestDataUtil.readFully(getClass().getResourceAsStream("/public-key-for-sample.blob"));
+ return new CanonicalizedPublicKeyRing(data, 0);
+ }
+}
diff --git a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/support/TestDataUtil.java b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/support/TestDataUtil.java
new file mode 100644
index 000000000..f2b3c0996
--- /dev/null
+++ b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/support/TestDataUtil.java
@@ -0,0 +1,142 @@
+/*
+ * Copyright (C) Art O Cathain
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see .
+ */
+
+package org.sufficientlysecure.keychain.support;
+
+import org.spongycastle.bcpg.ContainedPacket;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.util.Collection;
+import java.util.Iterator;
+
+/**
+ * Misc support functions. Would just use Guava / Apache Commons but
+ * avoiding extra dependencies.
+ */
+public class TestDataUtil {
+ public static byte[] readFully(InputStream input) {
+ ByteArrayOutputStream output = new ByteArrayOutputStream();
+ appendToOutput(input, output);
+ return output.toByteArray();
+ }
+
+ public static void appendToOutput(InputStream input, OutputStream output) {
+ byte[] buffer = new byte[8192];
+ int bytesRead;
+ try {
+ while ((bytesRead = input.read(buffer)) != -1) {
+ output.write(buffer, 0, bytesRead);
+ }
+ } catch (IOException e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public static byte[] readAllFully(Collection inputResources) {
+ ByteArrayOutputStream output = new ByteArrayOutputStream();
+
+ for (String inputResource : inputResources) {
+ appendToOutput(getResourceAsStream(inputResource), output);
+ }
+ return output.toByteArray();
+ }
+
+ public static InputStream getResourceAsStream(String resourceName) {
+ return TestDataUtil.class.getResourceAsStream(resourceName);
+ }
+
+ /**
+ * Null-safe equivalent of {@code a.equals(b)}.
+ */
+ public static boolean equals(Object a, Object b) {
+ return (a == null) ? (b == null) : a.equals(b);
+ }
+
+ public static boolean iterEquals(Iterator a, Iterator b, EqualityChecker comparator) {
+ while (a.hasNext()) {
+ T aObject = a.next();
+ if (!b.hasNext()) {
+ return false;
+ }
+ T bObject = b.next();
+ if (!comparator.areEquals(aObject, bObject)) {
+ return false;
+ }
+ }
+
+ if (b.hasNext()) {
+ return false;
+ }
+
+ return true;
+ }
+
+
+ public static boolean iterEquals(Iterator a, Iterator b) {
+ return iterEquals(a, b, new EqualityChecker() {
+ @Override
+ public boolean areEquals(T lhs, T rhs) {
+ return TestDataUtil.equals(lhs, rhs);
+ }
+ });
+ }
+
+ public static interface EqualityChecker {
+ public boolean areEquals(T lhs, T rhs);
+ }
+
+
+ public static byte[] concatAll(java.util.List packets) {
+ byte[][] byteArrays = new byte[packets.size()][];
+ try {
+ for (int i = 0; i < packets.size(); i++) {
+ byteArrays[i] = packets.get(i).getEncoded();
+ }
+ } catch (IOException ex) {
+ throw new RuntimeException(ex);
+ }
+
+ return concatAll(byteArrays);
+ }
+
+ public static byte[] concatAll(byte[]... byteArrays) {
+ if (byteArrays.length == 1) {
+ return byteArrays[0];
+ } else if (byteArrays.length == 2) {
+ return concat(byteArrays[0], byteArrays[1]);
+ } else {
+ byte[] first = concat(byteArrays[0], byteArrays[1]);
+ byte[][] remainingArrays = new byte[byteArrays.length - 1][];
+ remainingArrays[0] = first;
+ System.arraycopy(byteArrays, 2, remainingArrays, 1, byteArrays.length - 2);
+ return concatAll(remainingArrays);
+ }
+ }
+
+ private static byte[] concat(byte[] a, byte[] b) {
+ int aLen = a.length;
+ int bLen = b.length;
+ byte[] c = new byte[aLen + bLen];
+ System.arraycopy(a, 0, c, 0, aLen);
+ System.arraycopy(b, 0, c, aLen, bLen);
+ return c;
+ }
+
+}
diff --git a/OpenKeychain/src/test/java/tests/PgpDecryptVerifyTest.java b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/tests/PgpDecryptVerifyTest.java
similarity index 58%
rename from OpenKeychain/src/test/java/tests/PgpDecryptVerifyTest.java
rename to OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/tests/PgpDecryptVerifyTest.java
index d759bce05..158650012 100644
--- a/OpenKeychain/src/test/java/tests/PgpDecryptVerifyTest.java
+++ b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/tests/PgpDecryptVerifyTest.java
@@ -1,3 +1,20 @@
+/*
+ * Copyright (C) Art O Cathain
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see .
+ */
+
package tests;
import org.junit.Assert;
@@ -5,7 +22,7 @@ import org.junit.Test;
import org.junit.runner.RunWith;
import org.robolectric.*;
import org.openintents.openpgp.OpenPgpSignatureResult;
-import org.sufficientlysecure.keychain.testsupport.PgpVerifyTestingHelper;
+import org.sufficientlysecure.keychain.support.PgpVerifyTestingHelper;
@RunWith(RobolectricTestRunner.class)
@org.robolectric.annotation.Config(emulateSdk = 18) // Robolectric doesn't yet support 19
diff --git a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/tests/PgpKeyOperationTest.java b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/tests/PgpKeyOperationTest.java
new file mode 100644
index 000000000..4f6694049
--- /dev/null
+++ b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/tests/PgpKeyOperationTest.java
@@ -0,0 +1,770 @@
+package org.sufficientlysecure.keychain.tests;
+
+import junit.framework.AssertionFailedError;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.runner.RunWith;
+import org.robolectric.*;
+import org.robolectric.shadows.ShadowLog;
+import org.spongycastle.bcpg.BCPGInputStream;
+import org.spongycastle.bcpg.Packet;
+import org.spongycastle.bcpg.PacketTags;
+import org.spongycastle.bcpg.SecretSubkeyPacket;
+import org.spongycastle.bcpg.SignaturePacket;
+import org.spongycastle.bcpg.UserIDPacket;
+import org.spongycastle.bcpg.sig.KeyFlags;
+import org.spongycastle.openpgp.PGPSignature;
+import org.sufficientlysecure.keychain.Constants;
+import org.sufficientlysecure.keychain.Constants.choice.algorithm;
+import org.sufficientlysecure.keychain.pgp.CanonicalizedKeyRing;
+import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKeyRing;
+import org.sufficientlysecure.keychain.pgp.PgpKeyOperation;
+import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
+import org.sufficientlysecure.keychain.pgp.UncachedPublicKey;
+import org.sufficientlysecure.keychain.pgp.WrappedSignature;
+import org.sufficientlysecure.keychain.service.OperationResultParcel.OperationLog;
+import org.sufficientlysecure.keychain.service.SaveKeyringParcel;
+import org.sufficientlysecure.keychain.service.SaveKeyringParcel.SubkeyAdd;
+import org.sufficientlysecure.keychain.service.SaveKeyringParcel.SubkeyChange;
+import org.sufficientlysecure.keychain.support.KeyringBuilder;
+import org.sufficientlysecure.keychain.support.KeyringTestingHelper;
+import org.sufficientlysecure.keychain.support.KeyringTestingHelper.RawPacket;
+import org.sufficientlysecure.keychain.support.TestDataUtil;
+import org.sufficientlysecure.keychain.util.ProgressScaler;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.Iterator;
+import java.util.Random;
+
+@RunWith(RobolectricTestRunner.class)
+@org.robolectric.annotation.Config(emulateSdk = 18) // Robolectric doesn't yet support 19
+public class PgpKeyOperationTest {
+
+ static UncachedKeyRing staticRing;
+ static String passphrase;
+
+ UncachedKeyRing ring;
+ PgpKeyOperation op;
+ SaveKeyringParcel parcel;
+ ArrayList onlyA = new ArrayList();
+ ArrayList onlyB = new ArrayList();
+
+ @BeforeClass public static void setUpOnce() throws Exception {
+ ShadowLog.stream = System.out;
+
+ {
+ String chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ123456789!@#$%^&*()-_=";
+ Random r = new Random();
+ StringBuilder passbuilder = new StringBuilder();
+ // 20% chance for an empty passphrase
+ for(int i = 0, j = r.nextInt(10) > 2 ? r.nextInt(20) : 0; i < j; i++) {
+ passbuilder.append(chars.charAt(r.nextInt(chars.length())));
+ }
+ passphrase = passbuilder.toString();
+ System.out.println("Passphrase is '" + passphrase + "'");
+ }
+
+ SaveKeyringParcel parcel = new SaveKeyringParcel();
+ parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(
+ Constants.choice.algorithm.rsa, 1024, KeyFlags.CERTIFY_OTHER, null));
+ parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(
+ Constants.choice.algorithm.rsa, 1024, KeyFlags.SIGN_DATA, null));
+ parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(
+ Constants.choice.algorithm.rsa, 1024, KeyFlags.ENCRYPT_COMMS, null));
+
+ parcel.mAddUserIds.add("twi");
+ parcel.mAddUserIds.add("pink");
+ parcel.mNewPassphrase = passphrase;
+ PgpKeyOperation op = new PgpKeyOperation(null);
+
+ staticRing = op.createSecretKeyRing(parcel).getRing();
+
+ Assert.assertNotNull("initial test key creation must succeed", staticRing);
+
+ // we sleep here for a second, to make sure all new certificates have different timestamps
+ Thread.sleep(1000);
+ }
+
+ @Before public void setUp() throws Exception {
+ // show Log.x messages in system.out
+ ShadowLog.stream = System.out;
+ ring = staticRing;
+
+ // setting up some parameters just to reduce code duplication
+ op = new PgpKeyOperation(new ProgressScaler(null, 0, 100, 100));
+
+ // set this up, gonna need it more than once
+ parcel = new SaveKeyringParcel();
+ parcel.mMasterKeyId = ring.getMasterKeyId();
+ parcel.mFingerprint = ring.getFingerprint();
+
+ }
+
+ @Test
+ public void createSecretKeyRingTests() {
+
+ {
+ parcel.reset();
+ parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(
+ Constants.choice.algorithm.rsa, new Random().nextInt(256)+255, KeyFlags.CERTIFY_OTHER, null));
+ parcel.mAddUserIds.add("shy");
+ parcel.mNewPassphrase = passphrase;
+
+ UncachedKeyRing ring = op.createSecretKeyRing(parcel).getRing();
+
+ Assert.assertNull("creating ring with < 512 bytes keysize should fail", ring);
+ }
+
+ {
+ parcel.reset();
+ parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(
+ Constants.choice.algorithm.elgamal, 1024, KeyFlags.CERTIFY_OTHER, null));
+ parcel.mAddUserIds.add("shy");
+ parcel.mNewPassphrase = passphrase;
+
+ UncachedKeyRing ring = op.createSecretKeyRing(parcel).getRing();
+
+ Assert.assertNull("creating ring with ElGamal master key should fail", ring);
+ }
+
+ {
+ parcel.reset();
+ parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(
+ 12345, 1024, KeyFlags.CERTIFY_OTHER, null));
+ parcel.mAddUserIds.add("shy");
+ parcel.mNewPassphrase = passphrase;
+
+ UncachedKeyRing ring = op.createSecretKeyRing(parcel).getRing();
+ Assert.assertNull("creating ring with bad algorithm choice should fail", ring);
+ }
+
+ {
+ parcel.reset();
+ parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(
+ Constants.choice.algorithm.rsa, 1024, KeyFlags.SIGN_DATA, null));
+ parcel.mAddUserIds.add("shy");
+ parcel.mNewPassphrase = passphrase;
+
+ UncachedKeyRing ring = op.createSecretKeyRing(parcel).getRing();
+ Assert.assertNull("creating ring with non-certifying master key should fail", ring);
+ }
+
+ {
+ parcel.reset();
+ parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(
+ Constants.choice.algorithm.rsa, 1024, KeyFlags.CERTIFY_OTHER, null));
+ parcel.mNewPassphrase = passphrase;
+
+ UncachedKeyRing ring = op.createSecretKeyRing(parcel).getRing();
+ Assert.assertNull("creating ring without user ids should fail", ring);
+ }
+
+ {
+ parcel.reset();
+ parcel.mAddUserIds.add("shy");
+ parcel.mNewPassphrase = passphrase;
+
+ UncachedKeyRing ring = op.createSecretKeyRing(parcel).getRing();
+ Assert.assertNull("creating ring without subkeys should fail", ring);
+ }
+
+ }
+
+ @Test
+ // this is a special case since the flags are in user id certificates rather than
+ // subkey binding certificates
+ public void testMasterFlags() throws Exception {
+ SaveKeyringParcel parcel = new SaveKeyringParcel();
+ parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(
+ Constants.choice.algorithm.rsa, 1024, KeyFlags.CERTIFY_OTHER | KeyFlags.SIGN_DATA, null));
+ parcel.mAddUserIds.add("luna");
+ ring = op.createSecretKeyRing(parcel).getRing();
+
+ Assert.assertEquals("the keyring should contain only the master key",
+ 1, KeyringTestingHelper.itToList(ring.getPublicKeys()).size());
+ Assert.assertEquals("first (master) key must have both flags",
+ KeyFlags.CERTIFY_OTHER | KeyFlags.SIGN_DATA, ring.getPublicKey().getKeyUsage());
+
+ }
+
+ @Test
+ public void testCreatedKey() throws Exception {
+
+ // an empty modification should change nothing. this also ensures the keyring
+ // is constant through canonicalization.
+ // applyModificationWithChecks(parcel, ring, onlyA, onlyB);
+
+ Assert.assertNotNull("key creation failed", ring);
+
+ Assert.assertNull("primary user id must be empty",
+ ring.getPublicKey().getPrimaryUserId());
+
+ Assert.assertEquals("number of user ids must be two",
+ 2, ring.getPublicKey().getUnorderedUserIds().size());
+
+ Assert.assertEquals("number of subkeys must be three",
+ 3, KeyringTestingHelper.itToList(ring.getPublicKeys()).size());
+
+ Assert.assertTrue("key ring should have been created in the last 120 seconds",
+ ring.getPublicKey().getCreationTime().after(new Date(new Date().getTime()-1000*120)));
+
+ Assert.assertNull("key ring should not expire",
+ ring.getPublicKey().getExpiryTime());
+
+ Iterator it = ring.getPublicKeys();
+
+ Assert.assertEquals("first (master) key can certify",
+ KeyFlags.CERTIFY_OTHER, it.next().getKeyUsage());
+
+ UncachedPublicKey signingKey = it.next();
+ Assert.assertEquals("second key can sign",
+ KeyFlags.SIGN_DATA, signingKey.getKeyUsage());
+ ArrayList sigs = signingKey.getSignatures().next().getEmbeddedSignatures();
+ Assert.assertEquals("signing key signature should have one embedded signature",
+ 1, sigs.size());
+ Assert.assertEquals("embedded signature should be of primary key binding type",
+ PGPSignature.PRIMARYKEY_BINDING, sigs.get(0).getSignatureType());
+ Assert.assertEquals("primary key binding signature issuer should be signing subkey",
+ signingKey.getKeyId(), sigs.get(0).getKeyId());
+
+ Assert.assertEquals("third key can encrypt",
+ KeyFlags.ENCRYPT_COMMS, it.next().getKeyUsage());
+
+ }
+
+ @Test
+ public void testBadKeyModification() throws Exception {
+
+ {
+ SaveKeyringParcel parcel = new SaveKeyringParcel();
+ // off by one
+ parcel.mMasterKeyId = ring.getMasterKeyId() -1;
+ parcel.mFingerprint = ring.getFingerprint();
+
+ CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(ring.getEncoded(), false, 0);
+ UncachedKeyRing modified = op.modifySecretKeyRing(secretRing, parcel, passphrase).getRing();
+
+ Assert.assertNull("keyring modification with bad master key id should fail", modified);
+ }
+
+ {
+ SaveKeyringParcel parcel = new SaveKeyringParcel();
+ // off by one
+ parcel.mMasterKeyId = null;
+ parcel.mFingerprint = ring.getFingerprint();
+
+ CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(ring.getEncoded(), false, 0);
+ UncachedKeyRing modified = op.modifySecretKeyRing(secretRing, parcel, passphrase).getRing();
+
+ Assert.assertNull("keyring modification with null master key id should fail", modified);
+ }
+
+ {
+ SaveKeyringParcel parcel = new SaveKeyringParcel();
+ parcel.mMasterKeyId = ring.getMasterKeyId();
+ parcel.mFingerprint = ring.getFingerprint();
+ // some byte, off by one
+ parcel.mFingerprint[5] += 1;
+
+ CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(ring.getEncoded(), false, 0);
+ UncachedKeyRing modified = op.modifySecretKeyRing(secretRing, parcel, passphrase).getRing();
+
+ Assert.assertNull("keyring modification with bad fingerprint should fail", modified);
+ }
+
+ {
+ SaveKeyringParcel parcel = new SaveKeyringParcel();
+ parcel.mMasterKeyId = ring.getMasterKeyId();
+ parcel.mFingerprint = null;
+
+ CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(ring.getEncoded(), false, 0);
+ UncachedKeyRing modified = op.modifySecretKeyRing(secretRing, parcel, passphrase).getRing();
+
+ Assert.assertNull("keyring modification with null fingerprint should fail", modified);
+ }
+
+ {
+ String badphrase = "";
+ if (badphrase.equals(passphrase)) {
+ badphrase = "a";
+ }
+ CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(ring.getEncoded(), false, 0);
+ UncachedKeyRing modified = op.modifySecretKeyRing(secretRing, parcel, badphrase).getRing();
+
+ Assert.assertNull("keyring modification with bad passphrase should fail", modified);
+ }
+
+ }
+
+ @Test
+ public void testSubkeyAdd() throws Exception {
+
+ long expiry = new Date().getTime() / 1000 + 159;
+ int flags = KeyFlags.SIGN_DATA;
+ int bits = 1024 + new Random().nextInt(8);
+ parcel.mAddSubKeys.add(new SubkeyAdd(algorithm.rsa, bits, flags, expiry));
+
+ UncachedKeyRing modified = applyModificationWithChecks(parcel, ring, onlyA, onlyB);
+
+ Assert.assertEquals("no extra packets in original", 0, onlyA.size());
+ Assert.assertEquals("exactly two extra packets in modified", 2, onlyB.size());
+
+ Packet p;
+
+ p = new BCPGInputStream(new ByteArrayInputStream(onlyB.get(0).buf)).readPacket();
+ Assert.assertTrue("first new packet must be secret subkey", p instanceof SecretSubkeyPacket);
+
+ p = new BCPGInputStream(new ByteArrayInputStream(onlyB.get(1).buf)).readPacket();
+ Assert.assertTrue("second new packet must be signature", p instanceof SignaturePacket);
+ Assert.assertEquals("signature type must be subkey binding certificate",
+ PGPSignature.SUBKEY_BINDING, ((SignaturePacket) p).getSignatureType());
+ Assert.assertEquals("signature must have been created by master key",
+ ring.getMasterKeyId(), ((SignaturePacket) p).getKeyID());
+
+ // get new key from ring. it should be the last one (add a check to make sure?)
+ UncachedPublicKey newKey = null;
+ {
+ Iterator it = modified.getPublicKeys();
+ while (it.hasNext()) {
+ newKey = it.next();
+ }
+ }
+
+ Assert.assertNotNull("new key is not null", newKey);
+ Assert.assertNotNull("added key must have an expiry date",
+ newKey.getExpiryTime());
+ Assert.assertEquals("added key must have expected expiry date",
+ expiry, newKey.getExpiryTime().getTime()/1000);
+ Assert.assertEquals("added key must have expected flags",
+ flags, newKey.getKeyUsage());
+ Assert.assertEquals("added key must have expected bitsize",
+ bits, newKey.getBitStrength());
+
+ { // bad keysize should fail
+ parcel.reset();
+ parcel.mAddSubKeys.add(new SubkeyAdd(
+ algorithm.rsa, new Random().nextInt(512), KeyFlags.SIGN_DATA, null));
+
+ CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(ring.getEncoded(), false, 0);
+ modified = op.modifySecretKeyRing(secretRing, parcel, passphrase).getRing();
+
+ Assert.assertNull("creating a subkey with keysize < 512 should fail", modified);
+ }
+
+ { // a past expiry should fail
+ parcel.reset();
+ parcel.mAddSubKeys.add(new SubkeyAdd(algorithm.rsa, 1024, KeyFlags.SIGN_DATA,
+ new Date().getTime()/1000-10));
+
+ CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(ring.getEncoded(), false, 0);
+ modified = op.modifySecretKeyRing(secretRing, parcel, passphrase).getRing();
+
+ Assert.assertNull("creating subkey with past expiry date should fail", modified);
+ }
+
+ }
+
+ @Test
+ public void testSubkeyModify() throws Exception {
+
+ long expiry = new Date().getTime()/1000 + 1024;
+ long keyId = KeyringTestingHelper.getSubkeyId(ring, 1);
+
+ UncachedKeyRing modified = ring;
+ {
+ parcel.mChangeSubKeys.add(new SubkeyChange(keyId, null, expiry));
+ modified = applyModificationWithChecks(parcel, modified, onlyA, onlyB);
+
+ Assert.assertEquals("one extra packet in original", 1, onlyA.size());
+ Assert.assertEquals("one extra packet in modified", 1, onlyB.size());
+
+ Assert.assertEquals("old packet must be signature",
+ PacketTags.SIGNATURE, onlyA.get(0).tag);
+
+ Packet p = new BCPGInputStream(new ByteArrayInputStream(onlyB.get(0).buf)).readPacket();
+ Assert.assertTrue("first new packet must be signature", p instanceof SignaturePacket);
+ Assert.assertEquals("signature type must be subkey binding certificate",
+ PGPSignature.SUBKEY_BINDING, ((SignaturePacket) p).getSignatureType());
+ Assert.assertEquals("signature must have been created by master key",
+ ring.getMasterKeyId(), ((SignaturePacket) p).getKeyID());
+
+ Assert.assertNotNull("modified key must have an expiry date",
+ modified.getPublicKey(keyId).getExpiryTime());
+ Assert.assertEquals("modified key must have expected expiry date",
+ expiry, modified.getPublicKey(keyId).getExpiryTime().getTime()/1000);
+ Assert.assertEquals("modified key must have same flags as before",
+ ring.getPublicKey(keyId).getKeyUsage(), modified.getPublicKey(keyId).getKeyUsage());
+ }
+
+ {
+ int flags = KeyFlags.SIGN_DATA | KeyFlags.ENCRYPT_COMMS;
+ parcel.reset();
+ parcel.mChangeSubKeys.add(new SubkeyChange(keyId, flags, null));
+ modified = applyModificationWithChecks(parcel, modified, onlyA, onlyB);
+
+ Assert.assertEquals("old packet must be signature",
+ PacketTags.SIGNATURE, onlyA.get(0).tag);
+
+ Packet p = new BCPGInputStream(new ByteArrayInputStream(onlyB.get(0).buf)).readPacket();
+ Assert.assertTrue("first new packet must be signature", p instanceof SignaturePacket);
+ Assert.assertEquals("signature type must be subkey binding certificate",
+ PGPSignature.SUBKEY_BINDING, ((SignaturePacket) p).getSignatureType());
+ Assert.assertEquals("signature must have been created by master key",
+ ring.getMasterKeyId(), ((SignaturePacket) p).getKeyID());
+
+ Assert.assertEquals("modified key must have expected flags",
+ flags, modified.getPublicKey(keyId).getKeyUsage());
+ Assert.assertNotNull("key must retain its expiry",
+ modified.getPublicKey(keyId).getExpiryTime());
+ Assert.assertEquals("key expiry must be unchanged",
+ expiry, modified.getPublicKey(keyId).getExpiryTime().getTime()/1000);
+ }
+
+ { // a past expiry should fail
+ parcel.reset();
+ parcel.mChangeSubKeys.add(new SubkeyChange(keyId, null, new Date().getTime()/1000-10));
+
+ CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(ring.getEncoded(), false, 0);
+ modified = op.modifySecretKeyRing(secretRing, parcel, passphrase).getRing();
+
+ Assert.assertNull("setting subkey expiry to a past date should fail", modified);
+ }
+
+ { // modifying nonexistent keyring should fail
+ parcel.reset();
+ parcel.mChangeSubKeys.add(new SubkeyChange(123, null, null));
+
+ CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(ring.getEncoded(), false, 0);
+ modified = op.modifySecretKeyRing(secretRing, parcel, passphrase).getRing();
+
+ Assert.assertNull("modifying non-existent subkey should fail", modified);
+ }
+
+ }
+
+ @Test
+ public void testSubkeyRevoke() throws Exception {
+
+ long keyId = KeyringTestingHelper.getSubkeyId(ring, 1);
+ int flags = ring.getPublicKey(keyId).getKeyUsage();
+
+ UncachedKeyRing modified;
+
+ {
+
+ parcel.reset();
+ parcel.mRevokeSubKeys.add(123L);
+
+ CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(ring.getEncoded(), false, 0);
+ UncachedKeyRing otherModified = op.modifySecretKeyRing(secretRing, parcel, passphrase).getRing();
+
+ Assert.assertNull("revoking a nonexistent subkey should fail", otherModified);
+
+ }
+
+ { // revoked second subkey
+
+ parcel.reset();
+ parcel.mRevokeSubKeys.add(keyId);
+
+ modified = applyModificationWithChecks(parcel, ring, onlyA, onlyB);
+
+ Assert.assertEquals("no extra packets in original", 0, onlyA.size());
+ Assert.assertEquals("exactly one extra packet in modified", 1, onlyB.size());
+
+ Packet p;
+
+ p = new BCPGInputStream(new ByteArrayInputStream(onlyB.get(0).buf)).readPacket();
+ Assert.assertTrue("first new packet must be secret subkey", p instanceof SignaturePacket);
+ Assert.assertEquals("signature type must be subkey binding certificate",
+ PGPSignature.SUBKEY_REVOCATION, ((SignaturePacket) p).getSignatureType());
+ Assert.assertEquals("signature must have been created by master key",
+ ring.getMasterKeyId(), ((SignaturePacket) p).getKeyID());
+
+ Assert.assertTrue("subkey must actually be revoked",
+ modified.getPublicKey(keyId).isRevoked());
+ }
+
+ { // re-add second subkey
+
+ parcel.reset();
+ parcel.mChangeSubKeys.add(new SubkeyChange(keyId, null, null));
+
+ modified = applyModificationWithChecks(parcel, modified, onlyA, onlyB);
+
+ Assert.assertEquals("exactly two outdated packets in original", 2, onlyA.size());
+ Assert.assertEquals("exactly one extra packet in modified", 1, onlyB.size());
+
+ Packet p;
+
+ p = new BCPGInputStream(new ByteArrayInputStream(onlyA.get(0).buf)).readPacket();
+ Assert.assertTrue("first outdated packet must be signature", p instanceof SignaturePacket);
+ Assert.assertEquals("first outdated signature type must be subkey binding certification",
+ PGPSignature.SUBKEY_BINDING, ((SignaturePacket) p).getSignatureType());
+ Assert.assertEquals("first outdated signature must have been created by master key",
+ ring.getMasterKeyId(), ((SignaturePacket) p).getKeyID());
+
+ p = new BCPGInputStream(new ByteArrayInputStream(onlyA.get(1).buf)).readPacket();
+ Assert.assertTrue("second outdated packet must be signature", p instanceof SignaturePacket);
+ Assert.assertEquals("second outdated signature type must be subkey revocation",
+ PGPSignature.SUBKEY_REVOCATION, ((SignaturePacket) p).getSignatureType());
+ Assert.assertEquals("second outdated signature must have been created by master key",
+ ring.getMasterKeyId(), ((SignaturePacket) p).getKeyID());
+
+ p = new BCPGInputStream(new ByteArrayInputStream(onlyB.get(0).buf)).readPacket();
+ Assert.assertTrue("new packet must be signature ", p instanceof SignaturePacket);
+ Assert.assertEquals("new signature type must be subkey binding certification",
+ PGPSignature.SUBKEY_BINDING, ((SignaturePacket) p).getSignatureType());
+ Assert.assertEquals("signature must have been created by master key",
+ ring.getMasterKeyId(), ((SignaturePacket) p).getKeyID());
+
+ Assert.assertFalse("subkey must no longer be revoked",
+ modified.getPublicKey(keyId).isRevoked());
+ Assert.assertEquals("subkey must have the same usage flags as before",
+ flags, modified.getPublicKey(keyId).getKeyUsage());
+
+ }
+ }
+
+ @Test
+ public void testUserIdRevoke() throws Exception {
+
+ UncachedKeyRing modified;
+ String uid = ring.getPublicKey().getUnorderedUserIds().get(1);
+
+ { // revoke second user id
+
+ parcel.mRevokeUserIds.add(uid);
+
+ modified = applyModificationWithChecks(parcel, ring, onlyA, onlyB);
+
+ Assert.assertEquals("no extra packets in original", 0, onlyA.size());
+ Assert.assertEquals("exactly one extra packet in modified", 1, onlyB.size());
+
+ Packet p;
+
+ p = new BCPGInputStream(new ByteArrayInputStream(onlyB.get(0).buf)).readPacket();
+ Assert.assertTrue("first new packet must be secret subkey", p instanceof SignaturePacket);
+ Assert.assertEquals("signature type must be subkey binding certificate",
+ PGPSignature.CERTIFICATION_REVOCATION, ((SignaturePacket) p).getSignatureType());
+ Assert.assertEquals("signature must have been created by master key",
+ ring.getMasterKeyId(), ((SignaturePacket) p).getKeyID());
+
+ }
+
+ { // re-add second user id
+
+ parcel.reset();
+ parcel.mChangePrimaryUserId = uid;
+
+ CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(modified.getEncoded(), false, 0);
+ UncachedKeyRing otherModified = op.modifySecretKeyRing(secretRing, parcel, passphrase).getRing();
+
+ Assert.assertNull("setting primary user id to a revoked user id should fail", otherModified);
+
+ }
+
+ { // re-add second user id
+
+ parcel.reset();
+ parcel.mAddUserIds.add(uid);
+
+ applyModificationWithChecks(parcel, modified, onlyA, onlyB);
+
+ Assert.assertEquals("exactly two outdated packets in original", 2, onlyA.size());
+ Assert.assertEquals("exactly one extra packet in modified", 1, onlyB.size());
+
+ Packet p;
+
+ p = new BCPGInputStream(new ByteArrayInputStream(onlyA.get(0).buf)).readPacket();
+ Assert.assertTrue("first outdated packet must be signature", p instanceof SignaturePacket);
+ Assert.assertEquals("first outdated signature type must be positive certification",
+ PGPSignature.POSITIVE_CERTIFICATION, ((SignaturePacket) p).getSignatureType());
+ Assert.assertEquals("first outdated signature must have been created by master key",
+ ring.getMasterKeyId(), ((SignaturePacket) p).getKeyID());
+
+ p = new BCPGInputStream(new ByteArrayInputStream(onlyA.get(1).buf)).readPacket();
+ Assert.assertTrue("second outdated packet must be signature", p instanceof SignaturePacket);
+ Assert.assertEquals("second outdated signature type must be certificate revocation",
+ PGPSignature.CERTIFICATION_REVOCATION, ((SignaturePacket) p).getSignatureType());
+ Assert.assertEquals("second outdated signature must have been created by master key",
+ ring.getMasterKeyId(), ((SignaturePacket) p).getKeyID());
+
+ p = new BCPGInputStream(new ByteArrayInputStream(onlyB.get(0).buf)).readPacket();
+ Assert.assertTrue("new packet must be signature ", p instanceof SignaturePacket);
+ Assert.assertEquals("new signature type must be positive certification",
+ PGPSignature.POSITIVE_CERTIFICATION, ((SignaturePacket) p).getSignatureType());
+ Assert.assertEquals("signature must have been created by master key",
+ ring.getMasterKeyId(), ((SignaturePacket) p).getKeyID());
+ }
+
+ }
+
+ @Test
+ public void testUserIdAdd() throws Exception {
+
+ {
+ parcel.mAddUserIds.add("");
+ CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(ring.getEncoded(), false, 0);
+ UncachedKeyRing modified = op.modifySecretKeyRing(secretRing, parcel, passphrase).getRing();
+ Assert.assertNull("adding an empty user id should fail", modified);
+ }
+
+ parcel.reset();
+ parcel.mAddUserIds.add("rainbow");
+
+ UncachedKeyRing modified = applyModificationWithChecks(parcel, ring, onlyA, onlyB);
+
+ Assert.assertTrue("keyring must contain added user id",
+ modified.getPublicKey().getUnorderedUserIds().contains("rainbow"));
+
+ Assert.assertEquals("no extra packets in original", 0, onlyA.size());
+ Assert.assertEquals("exactly two extra packets in modified", 2, onlyB.size());
+
+ Assert.assertTrue("keyring must contain added user id",
+ modified.getPublicKey().getUnorderedUserIds().contains("rainbow"));
+
+ Packet p;
+
+ p = new BCPGInputStream(new ByteArrayInputStream(onlyB.get(0).buf)).readPacket();
+ Assert.assertTrue("first new packet must be user id", p instanceof UserIDPacket);
+ Assert.assertEquals("user id packet must match added user id",
+ "rainbow", ((UserIDPacket) p).getID());
+
+ p = new BCPGInputStream(new ByteArrayInputStream(onlyB.get(1).buf)).readPacket();
+ Assert.assertTrue("second new packet must be signature", p instanceof SignaturePacket);
+ Assert.assertEquals("signature type must be positive certification",
+ PGPSignature.POSITIVE_CERTIFICATION, ((SignaturePacket) p).getSignatureType());
+
+ }
+
+ @Test
+ public void testUserIdPrimary() throws Exception {
+
+ UncachedKeyRing modified = ring;
+ String uid = ring.getPublicKey().getUnorderedUserIds().get(1);
+
+ { // first part, add new user id which is also primary
+ parcel.mAddUserIds.add("jack");
+ parcel.mChangePrimaryUserId = "jack";
+
+ modified = applyModificationWithChecks(parcel, modified, onlyA, onlyB);
+
+ Assert.assertEquals("primary user id must be the one added",
+ "jack", modified.getPublicKey().getPrimaryUserId());
+ }
+
+ { // second part, change primary to a different one
+ parcel.reset();
+ parcel.mChangePrimaryUserId = uid;
+
+ modified = applyModificationWithChecks(parcel, modified, onlyA, onlyB);
+
+ Assert.assertEquals("old keyring must have two outdated certificates", 2, onlyA.size());
+ Assert.assertEquals("new keyring must have two new packets", 2, onlyB.size());
+
+ Assert.assertEquals("primary user id must be the one changed to",
+ "pink", modified.getPublicKey().getPrimaryUserId());
+ }
+
+ { // third part, change primary to a non-existent one
+ parcel.reset();
+ //noinspection SpellCheckingInspection
+ parcel.mChangePrimaryUserId = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
+ if (parcel.mChangePrimaryUserId.equals(passphrase)) {
+ parcel.mChangePrimaryUserId += "A";
+ }
+
+ CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(ring.getEncoded(), false, 0);
+ modified = op.modifySecretKeyRing(secretRing, parcel, passphrase).getRing();
+
+ Assert.assertNull("changing primary user id to a non-existent one should fail", modified);
+ }
+
+ // check for revoked primary user id already done in revoke test
+
+ }
+
+
+ private static UncachedKeyRing applyModificationWithChecks(SaveKeyringParcel parcel,
+ UncachedKeyRing ring,
+ ArrayList onlyA,
+ ArrayList onlyB) {
+ return applyModificationWithChecks(parcel, ring, onlyA, onlyB, true, true);
+ }
+
+ // applies a parcel modification while running some integrity checks
+ private static UncachedKeyRing applyModificationWithChecks(SaveKeyringParcel parcel,
+ UncachedKeyRing ring,
+ ArrayList onlyA,
+ ArrayList onlyB,
+ boolean canonicalize,
+ boolean constantCanonicalize) {
+
+ try {
+
+ Assert.assertTrue("modified keyring must be secret", ring.isSecret());
+ CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(ring.getEncoded(), false, 0);
+
+ PgpKeyOperation op = new PgpKeyOperation(null);
+ UncachedKeyRing rawModified = op.modifySecretKeyRing(secretRing, parcel, passphrase).getRing();
+ Assert.assertNotNull("key modification failed", rawModified);
+
+ if (!canonicalize) {
+ Assert.assertTrue("keyring must differ from original", KeyringTestingHelper.diffKeyrings(
+ ring.getEncoded(), rawModified.getEncoded(), onlyA, onlyB));
+ return rawModified;
+ }
+
+ CanonicalizedKeyRing modified = rawModified.canonicalize(new OperationLog(), 0);
+ if (constantCanonicalize) {
+ Assert.assertTrue("key must be constant through canonicalization",
+ !KeyringTestingHelper.diffKeyrings(
+ modified.getEncoded(), rawModified.getEncoded(), onlyA, onlyB)
+ );
+ }
+ Assert.assertTrue("keyring must differ from original", KeyringTestingHelper.diffKeyrings(
+ ring.getEncoded(), modified.getEncoded(), onlyA, onlyB));
+
+ return modified.getUncachedKeyRing();
+
+ } catch (IOException e) {
+ throw new AssertionFailedError("error during encoding!");
+ }
+ }
+
+ @Test
+ public void testVerifySuccess() throws Exception {
+
+ UncachedKeyRing expectedKeyRing = KeyringBuilder.correctRing();
+ UncachedKeyRing inputKeyRing = KeyringBuilder.ringWithExtraIncorrectSignature();
+
+ CanonicalizedKeyRing canonicalized = inputKeyRing.canonicalize(new OperationLog(), 0);
+ Assert.assertNotNull("canonicalization must succeed", canonicalized);
+
+ ArrayList onlyA = new ArrayList();
+ ArrayList onlyB = new ArrayList();
+ //noinspection unchecked
+ Assert.assertTrue("keyrings differ", !KeyringTestingHelper.diffKeyrings(
+ expectedKeyRing.getEncoded(), expectedKeyRing.getEncoded(), onlyA, onlyB));
+
+ }
+
+ /**
+ * Just testing my own test code. Should really be using a library for this.
+ */
+ @Test
+ public void testConcat() throws Exception {
+ byte[] actual = TestDataUtil.concatAll(new byte[]{1}, new byte[]{2,-2}, new byte[]{5},new byte[]{3});
+ byte[] expected = new byte[]{1,2,-2,5,3};
+ Assert.assertEquals(java.util.Arrays.toString(expected), java.util.Arrays.toString(actual));
+ }
+
+
+}
diff --git a/OpenKeychain/src/test/java/tests/ProviderHelperKeyringTest.java b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/tests/ProviderHelperKeyringTest.java
similarity index 78%
rename from OpenKeychain/src/test/java/tests/ProviderHelperKeyringTest.java
rename to OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/tests/ProviderHelperKeyringTest.java
index 3d48c2f97..665e8ef2b 100644
--- a/OpenKeychain/src/test/java/tests/ProviderHelperKeyringTest.java
+++ b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/tests/ProviderHelperKeyringTest.java
@@ -1,3 +1,20 @@
+/*
+ * Copyright (C) Art O Cathain
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see .
+ */
+
package tests;
import java.util.Collections;
@@ -9,9 +26,7 @@ import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.robolectric.*;
-import org.openintents.openpgp.OpenPgpSignatureResult;
-import org.sufficientlysecure.keychain.testsupport.KeyringTestingHelper;
-import org.sufficientlysecure.keychain.testsupport.PgpVerifyTestingHelper;
+import org.sufficientlysecure.keychain.support.KeyringTestingHelper;
@RunWith(RobolectricTestRunner.class)
@org.robolectric.annotation.Config(emulateSdk = 18) // Robolectric doesn't yet support 19
@@ -24,7 +39,7 @@ public class ProviderHelperKeyringTest {
)));
}
- @Test
+ // @Test
public void testSavePublicKeyringRsa() throws Exception {
Assert.assertTrue(new KeyringTestingHelper(Robolectric.application).addKeyring(prependResourcePath(Arrays.asList(
"000001-006.public_key",
@@ -45,7 +60,7 @@ public class ProviderHelperKeyringTest {
))));
}
- @Test
+ // @Test
public void testSavePublicKeyringDsa() throws Exception {
Assert.assertTrue(new KeyringTestingHelper(Robolectric.application).addKeyring(prependResourcePath(Arrays.asList(
"000016-006.public_key",
@@ -62,7 +77,7 @@ public class ProviderHelperKeyringTest {
))));
}
- @Test
+ // @Test
public void testSavePublicKeyringDsa2() throws Exception {
Assert.assertTrue(new KeyringTestingHelper(Robolectric.application).addKeyring(prependResourcePath(Arrays.asList(
"000027-006.public_key",
@@ -79,7 +94,7 @@ public class ProviderHelperKeyringTest {
private static Collection prependResourcePath(Collection files) {
Collection prependedFiles = new ArrayList();
for (String file: files) {
- prependedFiles.add("/extern/OpenPGP-Haskell/tests/data/" + file);
+ prependedFiles.add("/OpenPGP-Haskell/tests/data/" + file);
}
return prependedFiles;
}
diff --git a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/tests/UncachedKeyringCanonicalizeTest.java b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/tests/UncachedKeyringCanonicalizeTest.java
new file mode 100644
index 000000000..97e0d8a68
--- /dev/null
+++ b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/tests/UncachedKeyringCanonicalizeTest.java
@@ -0,0 +1,627 @@
+package org.sufficientlysecure.keychain.tests;
+
+import org.junit.BeforeClass;
+import org.junit.runner.RunWith;
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.Before;
+import org.robolectric.RobolectricTestRunner;
+import org.robolectric.shadows.ShadowLog;
+import org.spongycastle.bcpg.BCPGInputStream;
+import org.spongycastle.bcpg.Packet;
+import org.spongycastle.bcpg.PacketTags;
+import org.spongycastle.bcpg.UserIDPacket;
+import org.spongycastle.bcpg.sig.KeyFlags;
+import org.spongycastle.openpgp.PGPPrivateKey;
+import org.spongycastle.openpgp.PGPPublicKey;
+import org.spongycastle.openpgp.PGPSecretKey;
+import org.spongycastle.openpgp.PGPSecretKeyRing;
+import org.spongycastle.openpgp.PGPSignature;
+import org.spongycastle.openpgp.PGPSignatureGenerator;
+import org.spongycastle.openpgp.PGPSignatureSubpacketGenerator;
+import org.spongycastle.openpgp.PGPUtil;
+import org.spongycastle.openpgp.operator.PBESecretKeyDecryptor;
+import org.spongycastle.openpgp.operator.PGPContentSignerBuilder;
+import org.spongycastle.openpgp.operator.jcajce.JcaKeyFingerprintCalculator;
+import org.spongycastle.openpgp.operator.jcajce.JcaPGPContentSignerBuilder;
+import org.spongycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder;
+import org.sufficientlysecure.keychain.Constants;
+import org.sufficientlysecure.keychain.pgp.CanonicalizedKeyRing;
+import org.sufficientlysecure.keychain.pgp.PgpKeyOperation;
+import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
+import org.sufficientlysecure.keychain.pgp.UncachedPublicKey;
+import org.sufficientlysecure.keychain.pgp.WrappedSignature;
+import org.sufficientlysecure.keychain.service.OperationResultParcel;
+import org.sufficientlysecure.keychain.service.OperationResults.EditKeyResult;
+import org.sufficientlysecure.keychain.service.SaveKeyringParcel;
+import org.sufficientlysecure.keychain.support.KeyringTestingHelper;
+import org.sufficientlysecure.keychain.support.KeyringTestingHelper.RawPacket;
+
+import java.io.ByteArrayInputStream;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.Iterator;
+
+
+/** Tests for the UncachedKeyring.canonicalize method.
+ *
+ * This is a complex and crypto-relevant method, which takes care of sanitizing keyrings.
+ * Test cases are made for all its assertions.
+ */
+
+@RunWith(RobolectricTestRunner.class)
+@org.robolectric.annotation.Config(emulateSdk = 18) // Robolectric doesn't yet support 19
+public class UncachedKeyringCanonicalizeTest {
+
+ static UncachedKeyRing staticRing;
+ static int totalPackets;
+ UncachedKeyRing ring;
+ ArrayList onlyA = new ArrayList();
+ ArrayList onlyB = new ArrayList();
+ OperationResultParcel.OperationLog log = new OperationResultParcel.OperationLog();
+ PGPSignatureSubpacketGenerator subHashedPacketsGen;
+ PGPSecretKey secretKey;
+
+ @BeforeClass
+ public static void setUpOnce() throws Exception {
+ ShadowLog.stream = System.out;
+
+ SaveKeyringParcel parcel = new SaveKeyringParcel();
+ parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(
+ Constants.choice.algorithm.rsa, 1024, KeyFlags.CERTIFY_OTHER, null));
+ parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(
+ Constants.choice.algorithm.rsa, 1024, KeyFlags.SIGN_DATA, null));
+ parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(
+ Constants.choice.algorithm.rsa, 1024, KeyFlags.ENCRYPT_COMMS, null));
+
+ parcel.mAddUserIds.add("twi");
+ parcel.mAddUserIds.add("pink");
+ // passphrase is tested in PgpKeyOperationTest, just use empty here
+ parcel.mNewPassphrase = "";
+ PgpKeyOperation op = new PgpKeyOperation(null);
+
+ EditKeyResult result = op.createSecretKeyRing(parcel);
+ Assert.assertTrue("initial test key creation must succeed", result.success());
+ staticRing = result.getRing();
+ Assert.assertNotNull("initial test key creation must succeed", staticRing);
+
+ // just for later reference
+ totalPackets = 9;
+
+ // we sleep here for a second, to make sure all new certificates have different timestamps
+ Thread.sleep(1000);
+ }
+
+ @Before public void setUp() throws Exception {
+ // show Log.x messages in system.out
+ ShadowLog.stream = System.out;
+ ring = staticRing;
+
+ subHashedPacketsGen = new PGPSignatureSubpacketGenerator();
+ secretKey = new PGPSecretKeyRing(ring.getEncoded(), new JcaKeyFingerprintCalculator())
+ .getSecretKey();
+ }
+
+ /** Make sure the assumptions made about the generated ring packet structure are valid. */
+ @Test public void testGeneratedRingStructure() throws Exception {
+
+ Iterator it = KeyringTestingHelper.parseKeyring(ring.getEncoded());
+
+ Assert.assertEquals("packet #1 should be secret key",
+ PacketTags.SECRET_KEY, it.next().tag);
+
+ Assert.assertEquals("packet #2 should be user id",
+ PacketTags.USER_ID, it.next().tag);
+ Assert.assertEquals("packet #3 should be signature",
+ PacketTags.SIGNATURE, it.next().tag);
+
+ Assert.assertEquals("packet #4 should be user id",
+ PacketTags.USER_ID, it.next().tag);
+ Assert.assertEquals("packet #5 should be signature",
+ PacketTags.SIGNATURE, it.next().tag);
+
+ Assert.assertEquals("packet #6 should be secret subkey",
+ PacketTags.SECRET_SUBKEY, it.next().tag);
+ Assert.assertEquals("packet #7 should be signature",
+ PacketTags.SIGNATURE, it.next().tag);
+
+ Assert.assertEquals("packet #8 should be secret subkey",
+ PacketTags.SECRET_SUBKEY, it.next().tag);
+ Assert.assertEquals("packet #9 should be signature",
+ PacketTags.SIGNATURE, it.next().tag);
+
+ Assert.assertFalse("exactly 9 packets total", it.hasNext());
+
+ Assert.assertArrayEquals("created keyring should be constant through canonicalization",
+ ring.getEncoded(), ring.canonicalize(log, 0).getEncoded());
+
+ }
+
+ @Test public void testUidSignature() throws Exception {
+
+ UncachedPublicKey masterKey = ring.getPublicKey();
+ final WrappedSignature sig = masterKey.getSignaturesForId("twi").next();
+
+ byte[] raw = sig.getEncoded();
+ // destroy the signature
+ raw[raw.length - 5] += 1;
+ final WrappedSignature brokenSig = WrappedSignature.fromBytes(raw);
+
+ { // bad certificates get stripped
+ UncachedKeyRing modified = KeyringTestingHelper.injectPacket(ring, brokenSig.getEncoded(), 3);
+ CanonicalizedKeyRing canonicalized = modified.canonicalize(log, 0);
+
+ Assert.assertTrue("canonicalized keyring with invalid extra sig must be same as original one",
+ !KeyringTestingHelper.diffKeyrings(
+ ring.getEncoded(), canonicalized.getEncoded(), onlyA, onlyB));
+ }
+
+ // remove user id certificate for one user
+ final UncachedKeyRing base = KeyringTestingHelper.removePacket(ring, 2);
+
+ { // user id without certificate should be removed
+ CanonicalizedKeyRing modified = base.canonicalize(log, 0);
+ Assert.assertTrue("canonicalized keyring must differ", KeyringTestingHelper.diffKeyrings(
+ ring.getEncoded(), modified.getEncoded(), onlyA, onlyB));
+
+ Assert.assertEquals("two packets should be stripped after canonicalization", 2, onlyA.size());
+ Assert.assertEquals("no new packets after canonicalization", 0, onlyB.size());
+
+ Packet p = new BCPGInputStream(new ByteArrayInputStream(onlyA.get(0).buf)).readPacket();
+ Assert.assertTrue("first stripped packet must be user id", p instanceof UserIDPacket);
+ Assert.assertEquals("missing user id must be the expected one",
+ "twi", ((UserIDPacket) p).getID());
+
+ Assert.assertArrayEquals("second stripped packet must be signature we removed",
+ sig.getEncoded(), onlyA.get(1).buf);
+
+ }
+
+ { // add error to signature
+
+ UncachedKeyRing modified = KeyringTestingHelper.injectPacket(base, brokenSig.getEncoded(), 3);
+ CanonicalizedKeyRing canonicalized = modified.canonicalize(log, 0);
+
+ Assert.assertTrue("canonicalized keyring must differ", KeyringTestingHelper.diffKeyrings(
+ ring.getEncoded(), canonicalized.getEncoded(), onlyA, onlyB));
+
+ Assert.assertEquals("two packets should be missing after canonicalization", 2, onlyA.size());
+ Assert.assertEquals("no new packets after canonicalization", 0, onlyB.size());
+
+ Packet p = new BCPGInputStream(new ByteArrayInputStream(onlyA.get(0).buf)).readPacket();
+ Assert.assertTrue("first stripped packet must be user id", p instanceof UserIDPacket);
+ Assert.assertEquals("missing user id must be the expected one",
+ "twi", ((UserIDPacket) p).getID());
+
+ Assert.assertArrayEquals("second stripped packet must be signature we removed",
+ sig.getEncoded(), onlyA.get(1).buf);
+ }
+
+ }
+
+ @Test public void testUidDestroy() throws Exception {
+
+ // signature for "twi"
+ ring = KeyringTestingHelper.removePacket(ring, 2);
+ // signature for "pink"
+ ring = KeyringTestingHelper.removePacket(ring, 3);
+
+ // canonicalization should fail, because there are no valid uids left
+ CanonicalizedKeyRing canonicalized = ring.canonicalize(log, 0);
+ Assert.assertNull("canonicalization of keyring with no valid uids should fail", canonicalized);
+
+ }
+
+ @Test public void testRevocationRedundant() throws Exception {
+
+ PGPSignature revocation = forgeSignature(
+ secretKey, PGPSignature.KEY_REVOCATION, subHashedPacketsGen, secretKey.getPublicKey());
+
+ UncachedKeyRing modified = KeyringTestingHelper.injectPacket(ring, revocation.getEncoded(), 1);
+
+ // try to add the same packet again, it should be rejected in all positions
+ injectEverywhere(modified, revocation.getEncoded());
+
+ // an older (but different!) revocation should be rejected as well
+ subHashedPacketsGen.setSignatureCreationTime(false, new Date(new Date().getTime() -1000*1000));
+ revocation = forgeSignature(
+ secretKey, PGPSignature.KEY_REVOCATION, subHashedPacketsGen, secretKey.getPublicKey());
+
+ injectEverywhere(modified, revocation.getEncoded());
+
+ }
+
+ @Test public void testUidRedundant() throws Exception {
+
+ // an older uid certificate should be rejected
+ subHashedPacketsGen.setSignatureCreationTime(false, new Date(new Date().getTime() -1000*1000));
+ PGPSignature revocation = forgeSignature(
+ secretKey, PGPSignature.DEFAULT_CERTIFICATION, subHashedPacketsGen, "twi", secretKey.getPublicKey());
+
+ injectEverywhere(ring, revocation.getEncoded());
+
+ }
+
+ @Test public void testUidRevocationOutdated() throws Exception {
+ // an older uid revocation cert should be rejected
+ subHashedPacketsGen.setSignatureCreationTime(false, new Date(new Date().getTime() -1000*1000));
+ PGPSignature revocation = forgeSignature(
+ secretKey, PGPSignature.CERTIFICATION_REVOCATION, subHashedPacketsGen, "twi", secretKey.getPublicKey());
+
+ injectEverywhere(ring, revocation.getEncoded());
+
+ }
+
+ @Test public void testUidRevocationRedundant() throws Exception {
+
+ PGPSignature revocation = forgeSignature(
+ secretKey, PGPSignature.CERTIFICATION_REVOCATION, subHashedPacketsGen, "twi", secretKey.getPublicKey());
+
+ // add that revocation to the base, and check if the redundant one will be rejected as well
+ UncachedKeyRing modified = KeyringTestingHelper.injectPacket(ring, revocation.getEncoded(), 2);
+
+ injectEverywhere(modified, revocation.getEncoded());
+
+ // an older (but different!) uid revocation should be rejected as well
+ subHashedPacketsGen.setSignatureCreationTime(false, new Date(new Date().getTime() -1000*1000));
+ revocation = forgeSignature(
+ secretKey, PGPSignature.CERTIFICATION_REVOCATION, subHashedPacketsGen, "twi", secretKey.getPublicKey());
+
+ injectEverywhere(modified, revocation.getEncoded());
+
+ }
+
+ @Test public void testSignatureBroken() throws Exception {
+
+ injectEverytype(secretKey, ring, subHashedPacketsGen, true);
+
+ }
+
+ @Test public void testForeignSignature() throws Exception {
+
+ SaveKeyringParcel parcel = new SaveKeyringParcel();
+ parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(
+ Constants.choice.algorithm.rsa, 1024, KeyFlags.CERTIFY_OTHER, null));
+ parcel.mAddUserIds.add("trix");
+ PgpKeyOperation op = new PgpKeyOperation(null);
+
+ OperationResultParcel.OperationLog log = new OperationResultParcel.OperationLog();
+ UncachedKeyRing foreign = op.createSecretKeyRing(parcel).getRing();
+
+ Assert.assertNotNull("initial test key creation must succeed", foreign);
+ PGPSecretKey foreignSecretKey =
+ new PGPSecretKeyRing(foreign.getEncoded(), new JcaKeyFingerprintCalculator())
+ .getSecretKey();
+
+ injectEverytype(foreignSecretKey, ring, subHashedPacketsGen);
+
+ }
+
+ @Test public void testSignatureFuture() throws Exception {
+
+ // generate future
+ subHashedPacketsGen.setSignatureCreationTime(false, new Date(new Date().getTime() + 1000 * 1000));
+
+ injectEverytype(secretKey, ring, subHashedPacketsGen);
+
+
+ }
+
+ @Test public void testSignatureLocal() throws Exception {
+
+ // generate future
+ subHashedPacketsGen.setSignatureCreationTime(false, new Date());
+ subHashedPacketsGen.setExportable(false, false);
+
+ injectEverytype(secretKey, ring, subHashedPacketsGen);
+
+ }
+
+ @Test public void testSubkeyDestroy() throws Exception {
+
+ // signature for second key (first subkey)
+ UncachedKeyRing modified = KeyringTestingHelper.removePacket(ring, 6);
+
+ // canonicalization should fail, because there are no valid uids left
+ CanonicalizedKeyRing canonicalized = modified.canonicalize(log, 0);
+ Assert.assertTrue("keyring with missing subkey binding sig should differ from intact one after canonicalization",
+ KeyringTestingHelper.diffKeyrings(ring.getEncoded(), canonicalized.getEncoded(),
+ onlyA, onlyB)
+ );
+
+ Assert.assertEquals("canonicalized keyring should have two extra packets", 2, onlyA.size());
+ Assert.assertEquals("canonicalized keyring should have no extra packets", 0, onlyB.size());
+
+ Assert.assertEquals("first missing packet should be the subkey",
+ PacketTags.SECRET_SUBKEY, onlyA.get(0).tag);
+ Assert.assertEquals("second missing packet should be subkey's signature",
+ PacketTags.SIGNATURE, onlyA.get(1).tag);
+ Assert.assertEquals("second missing packet should be next to subkey",
+ onlyA.get(0).position + 1, onlyA.get(1).position);
+
+ }
+
+ @Test public void testSubkeyBindingNoPKB() throws Exception {
+
+ UncachedPublicKey pKey = KeyringTestingHelper.getNth(ring.getPublicKeys(), 1);
+ Assert.assertTrue("second subkey must be able to sign", pKey.canSign());
+
+ PGPSignature sig;
+
+ subHashedPacketsGen.setKeyFlags(false, KeyFlags.SIGN_DATA);
+
+ {
+ // forge a (newer) signature, which has the sign flag but no primary key binding sig
+ PGPSignatureSubpacketGenerator unhashedSubs = new PGPSignatureSubpacketGenerator();
+
+ // just add any random signature, because why not
+ unhashedSubs.setEmbeddedSignature(false, forgeSignature(
+ secretKey, PGPSignature.POSITIVE_CERTIFICATION, subHashedPacketsGen,
+ secretKey.getPublicKey()
+ )
+ );
+
+ sig = forgeSignature(
+ secretKey, PGPSignature.SUBKEY_BINDING, subHashedPacketsGen, unhashedSubs,
+ secretKey.getPublicKey(), pKey.getPublicKey());
+
+ // inject in the right position
+ UncachedKeyRing modified = KeyringTestingHelper.injectPacket(ring, sig.getEncoded(), 6);
+
+ // canonicalize, and check if we lose the bad signature
+ CanonicalizedKeyRing canonicalized = modified.canonicalize(log, 0);
+ Assert.assertFalse("subkey binding signature should be gone after canonicalization",
+ KeyringTestingHelper.diffKeyrings(ring.getEncoded(), canonicalized.getEncoded(),
+ onlyA, onlyB)
+ );
+ }
+
+ { // now try one with a /bad/ primary key binding signature
+
+ PGPSignatureSubpacketGenerator unhashedSubs = new PGPSignatureSubpacketGenerator();
+ // this one is signed by the primary key itself, not the subkey - but it IS primary binding
+ unhashedSubs.setEmbeddedSignature(false, forgeSignature(
+ secretKey, PGPSignature.PRIMARYKEY_BINDING, subHashedPacketsGen,
+ secretKey.getPublicKey(), pKey.getPublicKey()
+ )
+ );
+
+ sig = forgeSignature(
+ secretKey, PGPSignature.SUBKEY_BINDING, subHashedPacketsGen, unhashedSubs,
+ secretKey.getPublicKey(), pKey.getPublicKey());
+
+ // inject in the right position
+ UncachedKeyRing modified = KeyringTestingHelper.injectPacket(ring, sig.getEncoded(), 6);
+
+ // canonicalize, and check if we lose the bad signature
+ CanonicalizedKeyRing canonicalized = modified.canonicalize(log, 0);
+ Assert.assertFalse("subkey binding signature should be gone after canonicalization",
+ KeyringTestingHelper.diffKeyrings(ring.getEncoded(), canonicalized.getEncoded(),
+ onlyA, onlyB)
+ );
+ }
+
+ }
+
+ @Test public void testSubkeyBindingRedundant() throws Exception {
+
+ UncachedPublicKey pKey = KeyringTestingHelper.getNth(ring.getPublicKeys(), 2);
+
+ subHashedPacketsGen.setKeyFlags(false, KeyFlags.ENCRYPT_COMMS);
+ PGPSignature sig2 = forgeSignature(
+ secretKey, PGPSignature.SUBKEY_BINDING, subHashedPacketsGen,
+ secretKey.getPublicKey(), pKey.getPublicKey());
+
+ subHashedPacketsGen.setSignatureCreationTime(false, new Date(new Date().getTime() -1000*1000));
+ PGPSignature sig1 = forgeSignature(
+ secretKey, PGPSignature.SUBKEY_REVOCATION, subHashedPacketsGen,
+ secretKey.getPublicKey(), pKey.getPublicKey());
+
+ subHashedPacketsGen = new PGPSignatureSubpacketGenerator();
+ subHashedPacketsGen.setSignatureCreationTime(false, new Date(new Date().getTime() -100*1000));
+ PGPSignature sig3 = forgeSignature(
+ secretKey, PGPSignature.SUBKEY_BINDING, subHashedPacketsGen,
+ secretKey.getPublicKey(), pKey.getPublicKey());
+
+ UncachedKeyRing modified = KeyringTestingHelper.injectPacket(ring, sig1.getEncoded(), 8);
+ modified = KeyringTestingHelper.injectPacket(modified, sig2.getEncoded(), 9);
+ modified = KeyringTestingHelper.injectPacket(modified, sig1.getEncoded(), 10);
+ modified = KeyringTestingHelper.injectPacket(modified, sig3.getEncoded(), 11);
+
+ // canonicalize, and check if we lose the bad signature
+ CanonicalizedKeyRing canonicalized = modified.canonicalize(log, 0);
+ Assert.assertTrue("subkey binding signature should be gone after canonicalization",
+ KeyringTestingHelper.diffKeyrings(modified.getEncoded(), canonicalized.getEncoded(),
+ onlyA, onlyB)
+ );
+
+ Assert.assertEquals("canonicalized keyring should have lost two packets", 3, onlyA.size());
+ Assert.assertEquals("canonicalized keyring should have no extra packets", 0, onlyB.size());
+
+ Assert.assertEquals("first missing packet should be the subkey",
+ PacketTags.SIGNATURE, onlyA.get(0).tag);
+ Assert.assertEquals("second missing packet should be a signature",
+ PacketTags.SIGNATURE, onlyA.get(1).tag);
+ Assert.assertEquals("second missing packet should be a signature",
+ PacketTags.SIGNATURE, onlyA.get(2).tag);
+
+ }
+
+ private static final int[] sigtypes_direct = new int[] {
+ PGPSignature.KEY_REVOCATION,
+ PGPSignature.DIRECT_KEY,
+ };
+ private static final int[] sigtypes_uid = new int[] {
+ PGPSignature.DEFAULT_CERTIFICATION,
+ PGPSignature.NO_CERTIFICATION,
+ PGPSignature.CASUAL_CERTIFICATION,
+ PGPSignature.POSITIVE_CERTIFICATION,
+ PGPSignature.CERTIFICATION_REVOCATION,
+ };
+ private static final int[] sigtypes_subkey = new int[] {
+ PGPSignature.SUBKEY_BINDING,
+ PGPSignature.PRIMARYKEY_BINDING,
+ PGPSignature.SUBKEY_REVOCATION,
+ };
+
+ private static void injectEverytype(PGPSecretKey secretKey,
+ UncachedKeyRing ring,
+ PGPSignatureSubpacketGenerator subHashedPacketsGen)
+ throws Exception {
+ injectEverytype(secretKey, ring, subHashedPacketsGen, false);
+ }
+
+ private static void injectEverytype(PGPSecretKey secretKey,
+ UncachedKeyRing ring,
+ PGPSignatureSubpacketGenerator subHashedPacketsGen,
+ boolean breakSig)
+ throws Exception {
+
+ for (int sigtype : sigtypes_direct) {
+ PGPSignature sig = forgeSignature(
+ secretKey, sigtype, subHashedPacketsGen, secretKey.getPublicKey());
+ byte[] encoded = sig.getEncoded();
+ if (breakSig) {
+ encoded[encoded.length-10] += 1;
+ }
+ injectEverywhere(ring, encoded);
+ }
+
+ for (int sigtype : sigtypes_uid) {
+ PGPSignature sig = forgeSignature(
+ secretKey, sigtype, subHashedPacketsGen, "twi", secretKey.getPublicKey());
+
+ byte[] encoded = sig.getEncoded();
+ if (breakSig) {
+ encoded[encoded.length-10] += 1;
+ }
+ injectEverywhere(ring, encoded);
+ }
+
+ for (int sigtype : sigtypes_subkey) {
+ PGPSignature sig = forgeSignature(
+ secretKey, sigtype, subHashedPacketsGen,
+ secretKey.getPublicKey(), secretKey.getPublicKey());
+
+ byte[] encoded = sig.getEncoded();
+ if (breakSig) {
+ encoded[encoded.length-10] += 1;
+ }
+ injectEverywhere(ring, encoded);
+ }
+
+ }
+
+ private static void injectEverywhere(UncachedKeyRing ring, byte[] packet) throws Exception {
+
+ OperationResultParcel.OperationLog log = new OperationResultParcel.OperationLog();
+
+ byte[] encodedRing = ring.getEncoded();
+
+ for(int i = 0; i < totalPackets; i++) {
+
+ byte[] brokenEncoded = KeyringTestingHelper.injectPacket(encodedRing, packet, i);
+
+ try {
+
+ UncachedKeyRing brokenRing = UncachedKeyRing.decodeFromData(brokenEncoded);
+
+ CanonicalizedKeyRing canonicalized = brokenRing.canonicalize(log, 0);
+ if (canonicalized == null) {
+ System.out.println("ok, canonicalization failed.");
+ continue;
+ }
+
+ Assert.assertArrayEquals("injected bad signature must be gone after canonicalization",
+ ring.getEncoded(), canonicalized.getEncoded());
+
+ } catch (Exception e) {
+ System.out.println("ok, rejected with: " + e.getMessage());
+ }
+ }
+
+ }
+
+ private static PGPSignature forgeSignature(PGPSecretKey key, int type,
+ PGPSignatureSubpacketGenerator subpackets,
+ PGPPublicKey publicKey)
+ throws Exception {
+
+ PBESecretKeyDecryptor keyDecryptor = new JcePBESecretKeyDecryptorBuilder().setProvider(
+ Constants.BOUNCY_CASTLE_PROVIDER_NAME).build("".toCharArray());
+ PGPPrivateKey privateKey = key.extractPrivateKey(keyDecryptor);
+
+ PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(
+ publicKey.getAlgorithm(), PGPUtil.SHA1)
+ .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
+
+ PGPSignatureGenerator sGen = new PGPSignatureGenerator(signerBuilder);
+ sGen.setHashedSubpackets(subpackets.generate());
+ sGen.init(type, privateKey);
+ return sGen.generateCertification(publicKey);
+
+ }
+
+ private static PGPSignature forgeSignature(PGPSecretKey key, int type,
+ PGPSignatureSubpacketGenerator subpackets,
+ String userId, PGPPublicKey publicKey)
+ throws Exception {
+
+ PBESecretKeyDecryptor keyDecryptor = new JcePBESecretKeyDecryptorBuilder().setProvider(
+ Constants.BOUNCY_CASTLE_PROVIDER_NAME).build("".toCharArray());
+ PGPPrivateKey privateKey = key.extractPrivateKey(keyDecryptor);
+
+ PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(
+ publicKey.getAlgorithm(), PGPUtil.SHA1)
+ .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
+
+ PGPSignatureGenerator sGen = new PGPSignatureGenerator(signerBuilder);
+ sGen.setHashedSubpackets(subpackets.generate());
+ sGen.init(type, privateKey);
+ return sGen.generateCertification(userId, publicKey);
+
+ }
+
+ private static PGPSignature forgeSignature(PGPSecretKey key, int type,
+ PGPSignatureSubpacketGenerator subpackets,
+ PGPPublicKey publicKey, PGPPublicKey signedKey)
+ throws Exception {
+
+ PBESecretKeyDecryptor keyDecryptor = new JcePBESecretKeyDecryptorBuilder().setProvider(
+ Constants.BOUNCY_CASTLE_PROVIDER_NAME).build("".toCharArray());
+ PGPPrivateKey privateKey = key.extractPrivateKey(keyDecryptor);
+
+ PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(
+ publicKey.getAlgorithm(), PGPUtil.SHA1)
+ .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
+
+ PGPSignatureGenerator sGen = new PGPSignatureGenerator(signerBuilder);
+ sGen.setHashedSubpackets(subpackets.generate());
+ sGen.init(type, privateKey);
+ return sGen.generateCertification(publicKey, signedKey);
+
+ }
+
+ private static PGPSignature forgeSignature(PGPSecretKey key, int type,
+ PGPSignatureSubpacketGenerator hashedSubs,
+ PGPSignatureSubpacketGenerator unhashedSubs,
+ PGPPublicKey publicKey, PGPPublicKey signedKey)
+ throws Exception {
+
+ PBESecretKeyDecryptor keyDecryptor = new JcePBESecretKeyDecryptorBuilder().setProvider(
+ Constants.BOUNCY_CASTLE_PROVIDER_NAME).build("".toCharArray());
+ PGPPrivateKey privateKey = key.extractPrivateKey(keyDecryptor);
+
+ PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(
+ publicKey.getAlgorithm(), PGPUtil.SHA1)
+ .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
+
+ PGPSignatureGenerator sGen = new PGPSignatureGenerator(signerBuilder);
+ sGen.setHashedSubpackets(hashedSubs.generate());
+ sGen.setUnhashedSubpackets(unhashedSubs.generate());
+ sGen.init(type, privateKey);
+ return sGen.generateCertification(publicKey, signedKey);
+
+ }
+
+}
diff --git a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/tests/UncachedKeyringMergeTest.java b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/tests/UncachedKeyringMergeTest.java
new file mode 100644
index 000000000..977ddfc52
--- /dev/null
+++ b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/tests/UncachedKeyringMergeTest.java
@@ -0,0 +1,397 @@
+package org.sufficientlysecure.keychain.tests;
+
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.robolectric.RobolectricTestRunner;
+import org.robolectric.shadows.ShadowLog;
+import org.spongycastle.bcpg.PacketTags;
+import org.spongycastle.bcpg.sig.KeyFlags;
+import org.sufficientlysecure.keychain.Constants;
+import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKeyRing;
+import org.sufficientlysecure.keychain.pgp.PgpKeyOperation;
+import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
+import org.sufficientlysecure.keychain.pgp.UncachedPublicKey;
+import org.sufficientlysecure.keychain.pgp.CanonicalizedPublicKeyRing;
+import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey;
+import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKeyRing;
+import org.sufficientlysecure.keychain.service.OperationResultParcel;
+import org.sufficientlysecure.keychain.service.OperationResults.EditKeyResult;
+import org.sufficientlysecure.keychain.service.SaveKeyringParcel;
+import org.sufficientlysecure.keychain.support.KeyringTestingHelper;
+import org.sufficientlysecure.keychain.support.KeyringTestingHelper.RawPacket;
+import org.sufficientlysecure.keychain.util.ProgressScaler;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+
+/** Tests for the UncachedKeyring.merge method.
+ *
+ * This is another complex, crypto-related method. It merges information from one keyring into
+ * another, keeping information from the base (ie, called object) keyring in case of conflicts.
+ * The types of keys may be Public or Secret and can be mixed, For mixed types the result type
+ * will be the same as the base keyring.
+ *
+ * Test cases:
+ * - Merging keyrings with different masterKeyIds should fail
+ * - Merging a key with itself should be a no-operation
+ * - Merging a key with an extra revocation certificate, it should have that certificate
+ * - Merging a key with an extra user id, it should have that extra user id and its certificates
+ * - Merging a key with an extra user id certificate, it should have that certificate
+ * - Merging a key with an extra subkey, it should have that subkey
+ * - Merging a key with an extra subkey certificate, it should have that certificate
+ * - All of the above operations should work regardless of the key types. This means in particular
+ * that for new subkeys, an equivalent subkey of the proper type must be generated.
+ * - In case of two secret keys with the same id but different S2K, the key of the base keyring
+ * should be preferred (TODO or should it?)
+ *
+ * Note that the merge operation does not care about certificate validity, a bad certificate or
+ * packet will be copied regardless. Filtering out bad packets is done with canonicalization.
+ *
+ */
+@RunWith(RobolectricTestRunner.class)
+@org.robolectric.annotation.Config(emulateSdk = 18) // Robolectric doesn't yet support 19
+public class UncachedKeyringMergeTest {
+
+ static UncachedKeyRing staticRingA, staticRingB;
+ UncachedKeyRing ringA, ringB;
+ ArrayList onlyA = new ArrayList();
+ ArrayList onlyB = new ArrayList();
+ OperationResultParcel.OperationLog log = new OperationResultParcel.OperationLog();
+ PgpKeyOperation op;
+ SaveKeyringParcel parcel;
+
+ @BeforeClass
+ public static void setUpOnce() throws Exception {
+ ShadowLog.stream = System.out;
+
+ {
+ SaveKeyringParcel parcel = new SaveKeyringParcel();
+ parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(
+ Constants.choice.algorithm.rsa, 1024, KeyFlags.CERTIFY_OTHER, null));
+ parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(
+ Constants.choice.algorithm.rsa, 1024, KeyFlags.SIGN_DATA, null));
+
+ parcel.mAddUserIds.add("twi");
+ parcel.mAddUserIds.add("pink");
+ // passphrase is tested in PgpKeyOperationTest, just use empty here
+ parcel.mNewPassphrase = "";
+ PgpKeyOperation op = new PgpKeyOperation(null);
+
+ OperationResultParcel.OperationLog log = new OperationResultParcel.OperationLog();
+
+ EditKeyResult result = op.createSecretKeyRing(parcel);
+ staticRingA = result.getRing();
+ }
+
+ {
+ SaveKeyringParcel parcel = new SaveKeyringParcel();
+ parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(
+ Constants.choice.algorithm.rsa, 1024, KeyFlags.CERTIFY_OTHER, null));
+
+ parcel.mAddUserIds.add("shy");
+ // passphrase is tested in PgpKeyOperationTest, just use empty here
+ parcel.mNewPassphrase = "";
+ PgpKeyOperation op = new PgpKeyOperation(null);
+
+ OperationResultParcel.OperationLog log = new OperationResultParcel.OperationLog();
+ EditKeyResult result = op.createSecretKeyRing(parcel);
+ staticRingB = result.getRing();
+ }
+
+ Assert.assertNotNull("initial test key creation must succeed", staticRingA);
+ Assert.assertNotNull("initial test key creation must succeed", staticRingB);
+
+ // we sleep here for a second, to make sure all new certificates have different timestamps
+ Thread.sleep(1000);
+ }
+
+ @Before
+ public void setUp() throws Exception {
+ // show Log.x messages in system.out
+ ShadowLog.stream = System.out;
+ ringA = staticRingA;
+ ringB = staticRingB;
+
+ // setting up some parameters just to reduce code duplication
+ op = new PgpKeyOperation(new ProgressScaler(null, 0, 100, 100));
+
+ // set this up, gonna need it more than once
+ parcel = new SaveKeyringParcel();
+ parcel.mMasterKeyId = ringA.getMasterKeyId();
+ parcel.mFingerprint = ringA.getFingerprint();
+ }
+
+ public void testSelfNoOp() throws Exception {
+
+ UncachedKeyRing merged = mergeWithChecks(ringA, ringA, null);
+ Assert.assertArrayEquals("keyring merged with itself must be identical",
+ ringA.getEncoded(), merged.getEncoded()
+ );
+
+ }
+
+ @Test
+ public void testDifferentMasterKeyIds() throws Exception {
+
+ Assert.assertNotEquals("generated key ids must be different",
+ ringA.getMasterKeyId(), ringB.getMasterKeyId());
+
+ Assert.assertNull("merging keys with differing key ids must fail",
+ ringA.merge(ringB, log, 0));
+ Assert.assertNull("merging keys with differing key ids must fail",
+ ringB.merge(ringA, log, 0));
+
+ }
+
+ @Test
+ public void testAddedUserId() throws Exception {
+
+ UncachedKeyRing modifiedA, modifiedB; {
+ CanonicalizedSecretKeyRing secretRing =
+ new CanonicalizedSecretKeyRing(ringA.getEncoded(), false, 0);
+
+ parcel.reset();
+ parcel.mAddUserIds.add("flim");
+ modifiedA = op.modifySecretKeyRing(secretRing, parcel, "").getRing();
+
+ parcel.reset();
+ parcel.mAddUserIds.add("flam");
+ modifiedB = op.modifySecretKeyRing(secretRing, parcel, "").getRing();
+ }
+
+ { // merge A into base
+ UncachedKeyRing merged = mergeWithChecks(ringA, modifiedA);
+
+ Assert.assertEquals("merged keyring must have lost no packets", 0, onlyA.size());
+ Assert.assertEquals("merged keyring must have gained two packets", 2, onlyB.size());
+ Assert.assertTrue("merged keyring must contain new user id",
+ merged.getPublicKey().getUnorderedUserIds().contains("flim"));
+ }
+
+ { // merge A into B
+ UncachedKeyRing merged = mergeWithChecks(modifiedA, modifiedB, ringA);
+
+ Assert.assertEquals("merged keyring must have lost no packets", 0, onlyA.size());
+ Assert.assertEquals("merged keyring must have gained four packets", 4, onlyB.size());
+ Assert.assertTrue("merged keyring must contain first new user id",
+ merged.getPublicKey().getUnorderedUserIds().contains("flim"));
+ Assert.assertTrue("merged keyring must contain second new user id",
+ merged.getPublicKey().getUnorderedUserIds().contains("flam"));
+
+ }
+
+ }
+
+ @Test
+ public void testAddedSubkeyId() throws Exception {
+
+ UncachedKeyRing modifiedA, modifiedB;
+ long subKeyIdA, subKeyIdB;
+ {
+ CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(ringA.getEncoded(), false, 0);
+
+ parcel.reset();
+ parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(
+ Constants.choice.algorithm.rsa, 1024, KeyFlags.SIGN_DATA, null));
+ modifiedA = op.modifySecretKeyRing(secretRing, parcel, "").getRing();
+ modifiedB = op.modifySecretKeyRing(secretRing, parcel, "").getRing();
+
+ subKeyIdA = KeyringTestingHelper.getSubkeyId(modifiedA, 2);
+ subKeyIdB = KeyringTestingHelper.getSubkeyId(modifiedB, 2);
+
+ }
+
+ {
+ UncachedKeyRing merged = mergeWithChecks(ringA, modifiedA);
+
+ Assert.assertEquals("merged keyring must have lost no packets", 0, onlyA.size());
+ Assert.assertEquals("merged keyring must have gained two packets", 2, onlyB.size());
+
+ long mergedKeyId = KeyringTestingHelper.getSubkeyId(merged, 2);
+ Assert.assertEquals("merged keyring must contain the new subkey", subKeyIdA, mergedKeyId);
+ }
+
+ {
+ UncachedKeyRing merged = mergeWithChecks(modifiedA, modifiedB, ringA);
+
+ Assert.assertEquals("merged keyring must have lost no packets", 0, onlyA.size());
+ Assert.assertEquals("merged keyring must have gained four packets", 4, onlyB.size());
+
+ Iterator it = merged.getPublicKeys();
+ it.next(); it.next();
+ Assert.assertEquals("merged keyring must contain the new subkey",
+ subKeyIdA, it.next().getKeyId());
+ Assert.assertEquals("merged keyring must contain both new subkeys",
+ subKeyIdB, it.next().getKeyId());
+ }
+
+ }
+
+ @Test
+ public void testAddedKeySignature() throws Exception {
+
+ final UncachedKeyRing modified; {
+ parcel.reset();
+ parcel.mRevokeSubKeys.add(KeyringTestingHelper.getSubkeyId(ringA, 1));
+ CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(
+ ringA.getEncoded(), false, 0);
+ modified = op.modifySecretKeyRing(secretRing, parcel, "").getRing();
+ }
+
+ {
+ UncachedKeyRing merged = ringA.merge(modified, log, 0);
+ Assert.assertNotNull("merge must succeed", merged);
+ Assert.assertFalse(
+ "merging keyring with extra signatures into its base should yield that same keyring",
+ KeyringTestingHelper.diffKeyrings(merged.getEncoded(), modified.getEncoded(), onlyA, onlyB)
+ );
+ }
+
+ }
+
+ @Test
+ public void testAddedUserIdSignature() throws Exception {
+
+ final UncachedKeyRing pubRing = ringA.extractPublicKeyRing();
+
+ final UncachedKeyRing modified; {
+ CanonicalizedPublicKeyRing publicRing = new CanonicalizedPublicKeyRing(
+ pubRing.getEncoded(), 0);
+
+ CanonicalizedSecretKey secretKey = new CanonicalizedSecretKeyRing(
+ ringB.getEncoded(), false, 0).getSecretKey();
+ secretKey.unlock("");
+ // sign all user ids
+ modified = secretKey.certifyUserIds(publicRing, publicRing.getPublicKey().getUnorderedUserIds());
+ }
+
+ {
+ UncachedKeyRing merged = ringA.merge(modified, log, 0);
+ Assert.assertNotNull("merge must succeed", merged);
+ Assert.assertArrayEquals("foreign signatures should not be merged into secret key",
+ ringA.getEncoded(), merged.getEncoded()
+ );
+ }
+
+ {
+ byte[] sig = KeyringTestingHelper.getNth(
+ modified.getPublicKey().getSignaturesForId("twi"), 1).getEncoded();
+
+ // inject the (foreign!) signature into subkey signature position
+ UncachedKeyRing moreModified = KeyringTestingHelper.injectPacket(modified, sig, 1);
+
+ UncachedKeyRing merged = ringA.merge(moreModified, log, 0);
+ Assert.assertNotNull("merge must succeed", merged);
+ Assert.assertArrayEquals("foreign signatures should not be merged into secret key",
+ ringA.getEncoded(), merged.getEncoded()
+ );
+
+ merged = pubRing.merge(moreModified, log, 0);
+ Assert.assertNotNull("merge must succeed", merged);
+ Assert.assertTrue(
+ "merged keyring should contain new signature",
+ KeyringTestingHelper.diffKeyrings(pubRing.getEncoded(), merged.getEncoded(), onlyA, onlyB)
+ );
+ Assert.assertEquals("merged keyring should be missing no packets", 0, onlyA.size());
+ Assert.assertEquals("merged keyring should contain exactly two more packets", 2, onlyB.size());
+ Assert.assertEquals("first added packet should be a signature",
+ PacketTags.SIGNATURE, onlyB.get(0).tag);
+ Assert.assertEquals("first added packet should be in the position we injected it at",
+ 1, onlyB.get(0).position);
+ Assert.assertEquals("second added packet should be a signature",
+ PacketTags.SIGNATURE, onlyB.get(1).tag);
+
+ }
+
+ {
+ UncachedKeyRing merged = pubRing.merge(modified, log, 0);
+ Assert.assertNotNull("merge must succeed", merged);
+ Assert.assertFalse(
+ "merging keyring with extra signatures into its base should yield that same keyring",
+ KeyringTestingHelper.diffKeyrings(merged.getEncoded(), modified.getEncoded(), onlyA, onlyB)
+ );
+ }
+ }
+
+ private UncachedKeyRing mergeWithChecks(UncachedKeyRing a, UncachedKeyRing b)
+ throws Exception {
+ return mergeWithChecks(a, b, a);
+ }
+
+ private UncachedKeyRing mergeWithChecks(UncachedKeyRing a, UncachedKeyRing b,
+ UncachedKeyRing base)
+ throws Exception {
+
+ Assert.assertTrue("merging keyring must be secret type", a.isSecret());
+ Assert.assertTrue("merged keyring must be secret type", b.isSecret());
+
+ final UncachedKeyRing resultA;
+ UncachedKeyRing resultB;
+
+ { // sec + sec
+ resultA = a.merge(b, log, 0);
+ Assert.assertNotNull("merge must succeed as sec(a)+sec(b)", resultA);
+
+ resultB = b.merge(a, log, 0);
+ Assert.assertNotNull("merge must succeed as sec(b)+sec(a)", resultB);
+
+ // check commutativity, if requested
+ Assert.assertFalse("result of merge must be commutative",
+ KeyringTestingHelper.diffKeyrings(
+ resultA.getEncoded(), resultB.getEncoded(), onlyA, onlyB)
+ );
+ }
+
+ final UncachedKeyRing pubA = a.extractPublicKeyRing();
+ final UncachedKeyRing pubB = b.extractPublicKeyRing();
+
+ { // sec + pub, pub + sec, and pub + pub
+
+ try {
+ resultB = a.merge(pubB, log, 0);
+ Assert.assertNotNull("merge must succeed as sec(a)+pub(b)", resultA);
+
+ Assert.assertFalse("result of sec(a)+pub(b) must be same as sec(a)+sec(b)",
+ KeyringTestingHelper.diffKeyrings(
+ resultA.getEncoded(), resultB.getEncoded(), onlyA, onlyB)
+ );
+ } catch (RuntimeException e) {
+ System.out.println("special case, dummy key generation not in yet");
+ }
+
+ final UncachedKeyRing pubResult = resultA.extractPublicKeyRing();
+
+ resultB = pubA.merge(b, log, 0);
+ Assert.assertNotNull("merge must succeed as pub(a)+sec(b)", resultA);
+
+ Assert.assertFalse("result of pub(a)+sec(b) must be same as pub(sec(a)+sec(b))",
+ KeyringTestingHelper.diffKeyrings(
+ pubResult.getEncoded(), resultB.getEncoded(), onlyA, onlyB)
+ );
+
+ resultB = pubA.merge(pubB, log, 0);
+ Assert.assertNotNull("merge must succeed as pub(a)+pub(b)", resultA);
+
+ Assert.assertFalse("result of pub(a)+pub(b) must be same as pub(sec(a)+sec(b))",
+ KeyringTestingHelper.diffKeyrings(
+ pubResult.getEncoded(), resultB.getEncoded(), onlyA, onlyB)
+ );
+
+ }
+
+ if (base != null) {
+ // set up onlyA and onlyB to be a diff to the base
+ Assert.assertTrue("merged keyring must differ from base",
+ KeyringTestingHelper.diffKeyrings(
+ base.getEncoded(), resultA.getEncoded(), onlyA, onlyB)
+ );
+ }
+
+ return resultA;
+
+ }
+
+}
diff --git a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/tests/UncachedKeyringTest.java b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/tests/UncachedKeyringTest.java
new file mode 100644
index 000000000..15aaa4c5d
--- /dev/null
+++ b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/tests/UncachedKeyringTest.java
@@ -0,0 +1,125 @@
+package org.sufficientlysecure.keychain.tests;
+
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.robolectric.RobolectricTestRunner;
+import org.robolectric.shadows.ShadowLog;
+import org.spongycastle.bcpg.sig.KeyFlags;
+import org.sufficientlysecure.keychain.Constants;
+import org.sufficientlysecure.keychain.pgp.PgpKeyOperation;
+import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
+import org.sufficientlysecure.keychain.pgp.UncachedPublicKey;
+import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
+import org.sufficientlysecure.keychain.service.OperationResultParcel;
+import org.sufficientlysecure.keychain.service.OperationResults.EditKeyResult;
+import org.sufficientlysecure.keychain.service.SaveKeyringParcel;
+import org.sufficientlysecure.keychain.support.KeyringTestingHelper.RawPacket;
+import org.sufficientlysecure.keychain.util.ProgressScaler;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+@RunWith(RobolectricTestRunner.class)
+@org.robolectric.annotation.Config(emulateSdk = 18) // Robolectric doesn't yet support 19
+public class UncachedKeyringTest {
+
+ static UncachedKeyRing staticRing, staticPubRing;
+ UncachedKeyRing ring, pubRing;
+ ArrayList onlyA = new ArrayList();
+ ArrayList onlyB = new ArrayList();
+ PgpKeyOperation op;
+ SaveKeyringParcel parcel;
+
+ @BeforeClass
+ public static void setUpOnce() throws Exception {
+ ShadowLog.stream = System.out;
+
+ SaveKeyringParcel parcel = new SaveKeyringParcel();
+ parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(
+ Constants.choice.algorithm.rsa, 1024, KeyFlags.CERTIFY_OTHER, null));
+ parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(
+ Constants.choice.algorithm.rsa, 1024, KeyFlags.SIGN_DATA, null));
+ parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(
+ Constants.choice.algorithm.rsa, 1024, KeyFlags.ENCRYPT_COMMS, null));
+
+ parcel.mAddUserIds.add("twi");
+ parcel.mAddUserIds.add("pink");
+ // passphrase is tested in PgpKeyOperationTest, just use empty here
+ parcel.mNewPassphrase = "";
+ PgpKeyOperation op = new PgpKeyOperation(null);
+
+ EditKeyResult result = op.createSecretKeyRing(parcel);
+ staticRing = result.getRing();
+ staticPubRing = staticRing.extractPublicKeyRing();
+
+ Assert.assertNotNull("initial test key creation must succeed", staticRing);
+
+ // we sleep here for a second, to make sure all new certificates have different timestamps
+ Thread.sleep(1000);
+ }
+
+
+ @Before
+ public void setUp() throws Exception {
+ // show Log.x messages in system.out
+ ShadowLog.stream = System.out;
+ ring = staticRing;
+ pubRing = staticPubRing;
+ }
+
+ @Test(expected = UnsupportedOperationException.class)
+ public void testPublicKeyItRemove() throws Exception {
+ Iterator it = ring.getPublicKeys();
+ it.remove();
+ }
+
+ @Test(expected = PgpGeneralException.class)
+ public void testDecodeFromEmpty() throws Exception {
+ UncachedKeyRing.decodeFromData(new byte[0]);
+ }
+
+ @Test
+ public void testArmorIdentity() throws Exception {
+ ByteArrayOutputStream out = new ByteArrayOutputStream();
+ ring.encodeArmored(out, "OpenKeychain");
+
+ Assert.assertArrayEquals("armor encoded and decoded ring should be identical to original",
+ ring.getEncoded(),
+ UncachedKeyRing.decodeFromData(out.toByteArray()).getEncoded());
+ }
+
+ @Test(expected = PgpGeneralException.class)
+ public void testDecodeEncodeMulti() throws Exception {
+ ByteArrayOutputStream out = new ByteArrayOutputStream();
+
+ // encode secret and public ring in here
+ ring.encodeArmored(out, "OpenKeychain");
+ pubRing.encodeArmored(out, "OpenKeychain");
+
+ Iterator it =
+ UncachedKeyRing.fromStream(new ByteArrayInputStream(out.toByteArray()));
+ Assert.assertTrue("there should be two rings in the stream", it.hasNext());
+ Assert.assertArrayEquals("first ring should be the first we put in",
+ ring.getEncoded(), it.next().getEncoded());
+ Assert.assertTrue("there should be two rings in the stream", it.hasNext());
+ Assert.assertArrayEquals("second ring should be the second we put in",
+ pubRing.getEncoded(), it.next().getEncoded());
+ Assert.assertFalse("there should be two rings in the stream", it.hasNext());
+
+ // this should fail with PgpGeneralException, since it expects exactly one ring
+ UncachedKeyRing.decodeFromData(out.toByteArray());
+ }
+
+ @Test(expected = RuntimeException.class)
+ public void testPublicExtractPublic() throws Exception {
+ // can't do this, either!
+ pubRing.extractPublicKeyRing();
+ }
+
+}
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/COPYING b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/COPYING
new file mode 100644
index 000000000..55234e7a0
--- /dev/null
+++ b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/COPYING
@@ -0,0 +1,13 @@
+Copyright © 2011, Stephen Paul Weber
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/README b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/README
new file mode 100644
index 000000000..cff696c83
--- /dev/null
+++ b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/README
@@ -0,0 +1,26 @@
+These test files were copied from the OpenPGP Haskell project.
+
+
+
+Original README
+===============
+
+This is an OpenPGP library inspired by my work on OpenPGP libraries in
+Ruby ,
+PHP ,
+and Python .
+
+It defines types to represent OpenPGP messages as a series of packets
+and then defines instances of Data.Binary for each to facilitate
+encoding/decoding.
+
+For performing cryptography, see
+ or
+
+
+For dealing with ASCII armor, see
+
+
+It is intended that you use qualified imports with this library.
+
+> import qualified Data.OpenPGP as OpenPGP
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000001-006.public_key b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000001-006.public_key
new file mode 100644
index 000000000..7cbab1782
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000001-006.public_key differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000002-013.user_id b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000002-013.user_id
new file mode 100644
index 000000000..759449bb4
--- /dev/null
+++ b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000002-013.user_id
@@ -0,0 +1 @@
+´$Test Key (RSA)
\ No newline at end of file
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000003-002.sig b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000003-002.sig
new file mode 100644
index 000000000..1e0656d27
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000003-002.sig differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000004-012.ring_trust b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000004-012.ring_trust
new file mode 100644
index 000000000..ffa57e57a
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000004-012.ring_trust differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000005-002.sig b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000005-002.sig
new file mode 100644
index 000000000..108b99842
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000005-002.sig differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000006-012.ring_trust b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000006-012.ring_trust
new file mode 100644
index 000000000..ffa57e57a
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000006-012.ring_trust differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000007-002.sig b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000007-002.sig
new file mode 100644
index 000000000..14276d0a5
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000007-002.sig differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000008-012.ring_trust b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000008-012.ring_trust
new file mode 100644
index 000000000..ffa57e57a
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000008-012.ring_trust differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000009-002.sig b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000009-002.sig
new file mode 100644
index 000000000..4a282dd68
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000009-002.sig differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000010-012.ring_trust b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000010-012.ring_trust
new file mode 100644
index 000000000..ffa57e57a
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000010-012.ring_trust differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000011-002.sig b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000011-002.sig
new file mode 100644
index 000000000..cae1b7391
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000011-002.sig differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000012-012.ring_trust b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000012-012.ring_trust
new file mode 100644
index 000000000..ffa57e57a
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000012-012.ring_trust differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000013-014.public_subkey b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000013-014.public_subkey
new file mode 100644
index 000000000..08676d067
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000013-014.public_subkey differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000014-002.sig b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000014-002.sig
new file mode 100644
index 000000000..dd601807f
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000014-002.sig differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000015-012.ring_trust b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000015-012.ring_trust
new file mode 100644
index 000000000..ffa57e57a
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000015-012.ring_trust differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000016-006.public_key b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000016-006.public_key
new file mode 100644
index 000000000..c9dccbf1e
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000016-006.public_key differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000017-002.sig b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000017-002.sig
new file mode 100644
index 000000000..e734505a7
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000017-002.sig differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000018-012.ring_trust b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000018-012.ring_trust
new file mode 100644
index 000000000..ffa57e57a
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000018-012.ring_trust differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000019-013.user_id b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000019-013.user_id
new file mode 100644
index 000000000..ab3f51d91
--- /dev/null
+++ b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000019-013.user_id
@@ -0,0 +1 @@
+´$Test Key (DSA)
\ No newline at end of file
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000020-002.sig b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000020-002.sig
new file mode 100644
index 000000000..8588489a7
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000020-002.sig differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000021-012.ring_trust b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000021-012.ring_trust
new file mode 100644
index 000000000..ffa57e57a
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000021-012.ring_trust differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000022-002.sig b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000022-002.sig
new file mode 100644
index 000000000..fefcb5fea
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000022-002.sig differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000023-012.ring_trust b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000023-012.ring_trust
new file mode 100644
index 000000000..ffa57e57a
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000023-012.ring_trust differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000024-014.public_subkey b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000024-014.public_subkey
new file mode 100644
index 000000000..2e8deea28
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000024-014.public_subkey differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000025-002.sig b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000025-002.sig
new file mode 100644
index 000000000..a3eea0a20
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000025-002.sig differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000026-012.ring_trust b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000026-012.ring_trust
new file mode 100644
index 000000000..ffa57e57a
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000026-012.ring_trust differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000027-006.public_key b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000027-006.public_key
new file mode 100644
index 000000000..5817e0037
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000027-006.public_key differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000028-002.sig b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000028-002.sig
new file mode 100644
index 000000000..5194b7840
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000028-002.sig differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000029-012.ring_trust b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000029-012.ring_trust
new file mode 100644
index 000000000..ffa57e57a
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000029-012.ring_trust differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000030-013.user_id b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000030-013.user_id
new file mode 100644
index 000000000..fb3f49e0d
--- /dev/null
+++ b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000030-013.user_id
@@ -0,0 +1 @@
+´+Test Key (DSA sign-only)
\ No newline at end of file
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000031-002.sig b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000031-002.sig
new file mode 100644
index 000000000..f69f6875b
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000031-002.sig differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000032-012.ring_trust b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000032-012.ring_trust
new file mode 100644
index 000000000..ffa57e57a
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000032-012.ring_trust differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000033-002.sig b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000033-002.sig
new file mode 100644
index 000000000..2bb55d4fe
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000033-002.sig differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000034-012.ring_trust b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000034-012.ring_trust
new file mode 100644
index 000000000..ffa57e57a
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000034-012.ring_trust differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000035-006.public_key b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000035-006.public_key
new file mode 100644
index 000000000..5980638c4
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000035-006.public_key differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000036-013.user_id b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000036-013.user_id
new file mode 100644
index 000000000..5d0d46e5d
--- /dev/null
+++ b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000036-013.user_id
@@ -0,0 +1 @@
+´.Test Key (RSA sign-only)
\ No newline at end of file
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000037-002.sig b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000037-002.sig
new file mode 100644
index 000000000..833b563b2
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000037-002.sig differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000038-012.ring_trust b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000038-012.ring_trust
new file mode 100644
index 000000000..ffa57e57a
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000038-012.ring_trust differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000039-002.sig b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000039-002.sig
new file mode 100644
index 000000000..89c34fa5d
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000039-002.sig differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000040-012.ring_trust b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000040-012.ring_trust
new file mode 100644
index 000000000..ffa57e57a
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000040-012.ring_trust differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000041-017.attribute b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000041-017.attribute
new file mode 100644
index 000000000..a21a82fb1
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000041-017.attribute differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000042-002.sig b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000042-002.sig
new file mode 100644
index 000000000..fc6267fd0
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000042-002.sig differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000043-012.ring_trust b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000043-012.ring_trust
new file mode 100644
index 000000000..ffa57e57a
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000043-012.ring_trust differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000044-014.public_subkey b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000044-014.public_subkey
new file mode 100644
index 000000000..06bf50e4f
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000044-014.public_subkey differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000045-002.sig b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000045-002.sig
new file mode 100644
index 000000000..336eb0f24
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000045-002.sig differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000046-012.ring_trust b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000046-012.ring_trust
new file mode 100644
index 000000000..ffa57e57a
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000046-012.ring_trust differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000047-005.secret_key b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000047-005.secret_key
new file mode 100644
index 000000000..77b5d428a
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000047-005.secret_key differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000048-013.user_id b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000048-013.user_id
new file mode 100644
index 000000000..759449bb4
--- /dev/null
+++ b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000048-013.user_id
@@ -0,0 +1 @@
+´$Test Key (RSA)
\ No newline at end of file
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000049-002.sig b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000049-002.sig
new file mode 100644
index 000000000..14276d0a5
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000049-002.sig differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000050-012.ring_trust b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000050-012.ring_trust
new file mode 100644
index 000000000..b1eeabb95
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000050-012.ring_trust differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000051-007.secret_subkey b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000051-007.secret_subkey
new file mode 100644
index 000000000..b4e65c92f
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000051-007.secret_subkey differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000052-002.sig b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000052-002.sig
new file mode 100644
index 000000000..dd601807f
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000052-002.sig differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000053-012.ring_trust b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000053-012.ring_trust
new file mode 100644
index 000000000..b1eeabb95
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000053-012.ring_trust differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000054-005.secret_key b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000054-005.secret_key
new file mode 100644
index 000000000..f153e5932
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000054-005.secret_key differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000055-002.sig b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000055-002.sig
new file mode 100644
index 000000000..e734505a7
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000055-002.sig differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000056-012.ring_trust b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000056-012.ring_trust
new file mode 100644
index 000000000..b1eeabb95
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000056-012.ring_trust differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000057-013.user_id b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000057-013.user_id
new file mode 100644
index 000000000..ab3f51d91
--- /dev/null
+++ b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000057-013.user_id
@@ -0,0 +1 @@
+´$Test Key (DSA)
\ No newline at end of file
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000058-002.sig b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000058-002.sig
new file mode 100644
index 000000000..8588489a7
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000058-002.sig differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000059-012.ring_trust b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000059-012.ring_trust
new file mode 100644
index 000000000..b1eeabb95
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000059-012.ring_trust differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000060-007.secret_subkey b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000060-007.secret_subkey
new file mode 100644
index 000000000..9df45f395
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000060-007.secret_subkey differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000061-002.sig b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000061-002.sig
new file mode 100644
index 000000000..639494223
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000061-002.sig differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000062-012.ring_trust b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000062-012.ring_trust
new file mode 100644
index 000000000..b1eeabb95
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000062-012.ring_trust differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000063-005.secret_key b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000063-005.secret_key
new file mode 100644
index 000000000..2f4268ee1
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000063-005.secret_key differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000064-002.sig b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000064-002.sig
new file mode 100644
index 000000000..5194b7840
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000064-002.sig differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000065-012.ring_trust b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000065-012.ring_trust
new file mode 100644
index 000000000..b1eeabb95
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000065-012.ring_trust differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000066-013.user_id b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000066-013.user_id
new file mode 100644
index 000000000..fb3f49e0d
--- /dev/null
+++ b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000066-013.user_id
@@ -0,0 +1 @@
+´+Test Key (DSA sign-only)
\ No newline at end of file
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000067-002.sig b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000067-002.sig
new file mode 100644
index 000000000..d354e79df
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000067-002.sig differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000068-012.ring_trust b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000068-012.ring_trust
new file mode 100644
index 000000000..b1eeabb95
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000068-012.ring_trust differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000069-005.secret_key b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000069-005.secret_key
new file mode 100644
index 000000000..17a2c354d
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000069-005.secret_key differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000070-013.user_id b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000070-013.user_id
new file mode 100644
index 000000000..5d0d46e5d
--- /dev/null
+++ b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000070-013.user_id
@@ -0,0 +1 @@
+´.Test Key (RSA sign-only)
\ No newline at end of file
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000071-002.sig b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000071-002.sig
new file mode 100644
index 000000000..833b563b2
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000071-002.sig differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000072-012.ring_trust b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000072-012.ring_trust
new file mode 100644
index 000000000..b1eeabb95
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000072-012.ring_trust differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000073-017.attribute b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000073-017.attribute
new file mode 100644
index 000000000..a21a82fb1
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000073-017.attribute differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000074-002.sig b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000074-002.sig
new file mode 100644
index 000000000..fc6267fd0
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000074-002.sig differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000075-012.ring_trust b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000075-012.ring_trust
new file mode 100644
index 000000000..b1eeabb95
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000075-012.ring_trust differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000076-007.secret_subkey b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000076-007.secret_subkey
new file mode 100644
index 000000000..b380339a4
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000076-007.secret_subkey differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000077-002.sig b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000077-002.sig
new file mode 100644
index 000000000..336eb0f24
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000077-002.sig differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000078-012.ring_trust b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000078-012.ring_trust
new file mode 100644
index 000000000..b1eeabb95
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/000078-012.ring_trust differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/002182-002.sig b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/002182-002.sig
new file mode 100644
index 000000000..2bc6679f4
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/002182-002.sig differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/3F5BBA0B0694BEB6000005-002.sig b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/3F5BBA0B0694BEB6000005-002.sig
new file mode 100644
index 000000000..94055af66
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/3F5BBA0B0694BEB6000005-002.sig differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/3F5BBA0B0694BEB6000017-002.sig b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/3F5BBA0B0694BEB6000017-002.sig
new file mode 100644
index 000000000..b22f23b91
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/3F5BBA0B0694BEB6000017-002.sig differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/compressedsig-bzip2.gpg b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/compressedsig-bzip2.gpg
new file mode 100644
index 000000000..87539dbe8
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/compressedsig-bzip2.gpg differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/compressedsig-zlib.gpg b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/compressedsig-zlib.gpg
new file mode 100644
index 000000000..4da4dfa99
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/compressedsig-zlib.gpg differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/compressedsig.gpg b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/compressedsig.gpg
new file mode 100644
index 000000000..dd617de13
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/compressedsig.gpg differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/onepass_sig b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/onepass_sig
new file mode 100644
index 000000000..87b2895ea
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/onepass_sig differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/pubring.gpg b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/pubring.gpg
new file mode 100644
index 000000000..a1519ee74
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/pubring.gpg differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/secring.gpg b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/secring.gpg
new file mode 100644
index 000000000..13598756a
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/secring.gpg differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/symmetrically_encrypted b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/symmetrically_encrypted
new file mode 100644
index 000000000..129155aa2
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/symmetrically_encrypted differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/uncompressed-ops-dsa-sha384.txt.gpg b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/uncompressed-ops-dsa-sha384.txt.gpg
new file mode 100644
index 000000000..39828fcae
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/uncompressed-ops-dsa-sha384.txt.gpg differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/uncompressed-ops-dsa.gpg b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/uncompressed-ops-dsa.gpg
new file mode 100644
index 000000000..97e7a267b
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/uncompressed-ops-dsa.gpg differ
diff --git a/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/uncompressed-ops-rsa.gpg b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/uncompressed-ops-rsa.gpg
new file mode 100644
index 000000000..7ae453da6
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/OpenPGP-Haskell/tests/data/uncompressed-ops-rsa.gpg differ
diff --git a/OpenKeychain-Test/src/test/resources/public-key-canonicalize.blob b/OpenKeychain-Test/src/test/resources/public-key-canonicalize.blob
new file mode 100644
index 000000000..3450824c1
Binary files /dev/null and b/OpenKeychain-Test/src/test/resources/public-key-canonicalize.blob differ
diff --git a/OpenKeychain/src/test/resources/public-key-for-sample.blob b/OpenKeychain-Test/src/test/resources/public-key-for-sample.blob
similarity index 100%
rename from OpenKeychain/src/test/resources/public-key-for-sample.blob
rename to OpenKeychain-Test/src/test/resources/public-key-for-sample.blob
diff --git a/OpenKeychain/src/test/resources/sample-altered.txt b/OpenKeychain-Test/src/test/resources/sample-altered.txt
similarity index 100%
rename from OpenKeychain/src/test/resources/sample-altered.txt
rename to OpenKeychain-Test/src/test/resources/sample-altered.txt
diff --git a/OpenKeychain/src/test/resources/sample.txt b/OpenKeychain-Test/src/test/resources/sample.txt
similarity index 100%
rename from OpenKeychain/src/test/resources/sample.txt
rename to OpenKeychain-Test/src/test/resources/sample.txt
diff --git a/OpenKeychain/build.gradle b/OpenKeychain/build.gradle
index 18a801ce0..88706f1f9 100644
--- a/OpenKeychain/build.gradle
+++ b/OpenKeychain/build.gradle
@@ -1,5 +1,4 @@
apply plugin: 'android'
-apply plugin: 'robolectric'
dependencies {
// NOTE: Always use fixed version codes not dynamic ones, e.g. 0.7.3 instead of 0.7.+, see README for more information
@@ -16,18 +15,11 @@ dependencies {
compile project(':extern:spongycastle:pg')
compile project(':extern:spongycastle:pkix')
compile project(':extern:spongycastle:prov')
- compile project(':extern:AppMsg:library')
compile project(':extern:SuperToasts:supertoasts')
compile project(':extern:minidns')
compile project(':extern:KeybaseLib:Lib')
compile project(':extern:TokenAutoComplete:library')
- // Unit tests are run with Robolectric
- testCompile 'junit:junit:4.11'
- testCompile 'org.robolectric:robolectric:2.3'
- testCompile 'com.squareup:fest-android:1.0.8'
- testCompile 'com.google.android:android:4.1.1.4'
- // compile dependencies are automatically also included in testCompile
}
android {
@@ -86,7 +78,7 @@ android {
// NOTE: This disables Lint!
tasks.whenTaskAdded { task ->
- if (task.name.equals("lint")) {
+ if (task.name.contains("lint")) {
task.enabled = false
}
}
diff --git a/OpenKeychain/src/main/AndroidManifest.xml b/OpenKeychain/src/main/AndroidManifest.xml
index 82eb40ad3..de559fe16 100644
--- a/OpenKeychain/src/main/AndroidManifest.xml
+++ b/OpenKeychain/src/main/AndroidManifest.xml
@@ -31,7 +31,7 @@
For OI Filemanager it makes no difference, gpg files can't be associated
-->
-
+
@@ -49,17 +49,17 @@
android:name="android.hardware.touchscreen"
android:required="false" />
-
-
+
+
-
-
-
-
+
+
+
+
@@ -84,20 +84,26 @@
+ android:label="@string/app_name"
+ android:windowSoftInputMode="stateAlwaysHidden" />
+ android:label="@string/title_create_key">
+
+
+ android:label="@string/title_edit_key" />
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
@@ -254,6 +239,101 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
@@ -342,28 +425,8 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
@@ -374,7 +437,103 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
@@ -469,31 +628,31 @@
-
+
+ android:name="android.accounts.AccountAuthenticator"
+ android:resource="@xml/account_desc" />
-
+
+ android:name="android.content.SyncAdapter"
+ android:resource="@xml/sync_adapter_desc" />
+ android:name="android.provider.CONTACTS_STRUCTURE"
+ android:resource="@xml/custom_pgp_contacts_structure" />
+ android:exported="true" />
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/Constants.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/Constants.java
index 956019605..b679ef210 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/Constants.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/Constants.java
@@ -71,6 +71,8 @@ public final class Constants {
public static final String FORCE_V3_SIGNATURES = "forceV3Signatures";
public static final String KEY_SERVERS = "keyServers";
public static final String KEY_SERVERS_DEFAULT_VERSION = "keyServersDefaultVersion";
+ public static final String CONCEAL_PGP_APPLICATION = "concealPgpApplication";
+ public static final String FIRST_TIME = "firstTime";
}
public static final class Defaults {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/helper/Preferences.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/helper/Preferences.java
index 6f3d38ccd..5d765b663 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/helper/Preferences.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/helper/Preferences.java
@@ -139,6 +139,16 @@ public class Preferences {
editor.commit();
}
+ public boolean isFirstTime() {
+ return mSharedPreferences.getBoolean(Constants.Pref.FIRST_TIME, true);
+ }
+
+ public void setFirstTime(boolean value) {
+ SharedPreferences.Editor editor = mSharedPreferences.edit();
+ editor.putBoolean(Constants.Pref.FIRST_TIME, value);
+ editor.commit();
+ }
+
public String[] getKeyServers() {
String rawData = mSharedPreferences.getString(Constants.Pref.KEY_SERVERS,
Constants.Defaults.KEY_SERVERS);
@@ -187,4 +197,14 @@ public class Preferences {
.commit();
}
}
+
+ public void setConcealPgpApplication(boolean conceal) {
+ SharedPreferences.Editor editor = mSharedPreferences.edit();
+ editor.putBoolean(Constants.Pref.CONCEAL_PGP_APPLICATION, conceal);
+ editor.commit();
+ }
+
+ public boolean getConcealPgpApplication() {
+ return mSharedPreferences.getBoolean(Constants.Pref.CONCEAL_PGP_APPLICATION, false);
+ }
}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/FileImportCache.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/FileImportCache.java
new file mode 100644
index 000000000..08b8afae7
--- /dev/null
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/FileImportCache.java
@@ -0,0 +1,97 @@
+/*
+ * Copyright (C) 2014 Dominik Schürmann
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see .
+ */
+
+package org.sufficientlysecure.keychain.keyimport;
+
+import android.content.Context;
+import android.os.Bundle;
+import android.os.Parcel;
+
+import org.sufficientlysecure.keychain.KeychainApplication;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * When sending large data (over 1MB) through Androids Binder IPC you get
+ * JavaBinder E !!! FAILED BINDER TRANSACTION !!!
+ *
+ * To overcome this problem, we cache large Parcelables into a file in our private cache directory
+ * instead of sending them through IPC.
+ */
+public class FileImportCache {
+
+ private Context mContext;
+
+ private static final String FILENAME = "key_import.pcl";
+ private static final String BUNDLE_DATA = "data";
+
+ public FileImportCache(Context context) {
+ this.mContext = context;
+ }
+
+ public void writeCache(ArrayList selectedEntries) throws IOException {
+ Bundle in = new Bundle();
+ in.putParcelableArrayList(BUNDLE_DATA, selectedEntries);
+ File cacheDir = mContext.getCacheDir();
+ if (cacheDir == null) {
+ // https://groups.google.com/forum/#!topic/android-developers/-694j87eXVU
+ throw new IOException("cache dir is null!");
+ }
+ File tempFile = new File(mContext.getCacheDir(), FILENAME);
+
+ FileOutputStream fos = new FileOutputStream(tempFile);
+ Parcel p = Parcel.obtain(); // creating empty parcel object
+ in.writeToParcel(p, 0); // saving bundle as parcel
+ fos.write(p.marshall()); // writing parcel to file
+ fos.flush();
+ fos.close();
+ }
+
+ public List readCache() throws IOException {
+ Parcel parcel = Parcel.obtain(); // creating empty parcel object
+ Bundle out;
+ File cacheDir = mContext.getCacheDir();
+ if (cacheDir == null) {
+ // https://groups.google.com/forum/#!topic/android-developers/-694j87eXVU
+ throw new IOException("cache dir is null!");
+ }
+
+ File tempFile = new File(cacheDir, FILENAME);
+ try {
+ FileInputStream fis = new FileInputStream(tempFile);
+ byte[] array = new byte[(int) fis.getChannel().size()];
+ fis.read(array, 0, array.length);
+ fis.close();
+
+ parcel.unmarshall(array, 0, array.length);
+ parcel.setDataPosition(0);
+ out = parcel.readBundle(KeychainApplication.class.getClassLoader());
+ out.putAll(out);
+
+ return out.getParcelableArrayList(BUNDLE_DATA);
+ } finally {
+ parcel.recycle();
+ // delete temp file
+ tempFile.delete();
+ }
+ }
+}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/HkpKeyserver.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/HkpKeyserver.java
index 44679ba18..43bed8397 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/HkpKeyserver.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/HkpKeyserver.java
@@ -22,6 +22,7 @@ import de.measite.minidns.Client;
import de.measite.minidns.Question;
import de.measite.minidns.Record;
import de.measite.minidns.record.SRV;
+
import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.helper.TlsHelper;
import org.sufficientlysecure.keychain.pgp.PgpHelper;
@@ -102,8 +103,9 @@ public class HkpKeyserver extends Keyserver {
*/
public static final Pattern PUB_KEY_LINE = Pattern
.compile("pub:([0-9a-fA-F]+):([0-9]+):([0-9]+):([0-9]+):([0-9]*):([rde]*)[ \n\r]*" // pub line
- + "((uid:([^:]*):([0-9]+):([0-9]*):([rde]*)[ \n\r]*)+)", // one or more uid lines
- Pattern.CASE_INSENSITIVE);
+ + "((uid:([^:]*):([0-9]+):([0-9]*):([rde]*)[ \n\r]*)+)", // one or more uid lines
+ Pattern.CASE_INSENSITIVE
+ );
/**
* uid:%escaped uid string%:%creationdate%:%expirationdate%:%flags%
@@ -215,10 +217,18 @@ public class HkpKeyserver extends Keyserver {
throw new HttpError(response, data);
}
} catch (IOException e) {
- throw new QueryFailedException("querying server(s) for '" + mHost + "' failed");
+ throw new QueryFailedException("Keyserver '" + mHost + "' is unavailable. Check your Internet connection!");
}
}
+ /**
+ * Results are sorted by creation date of key!
+ *
+ * @param query
+ * @return
+ * @throws QueryFailedException
+ * @throws QueryNeedsRepairException
+ */
@Override
public ArrayList search(String query) throws QueryFailedException,
QueryNeedsRepairException {
@@ -240,18 +250,26 @@ public class HkpKeyserver extends Keyserver {
try {
data = query(request);
} catch (HttpError e) {
- if (e.getCode() == 404) {
- return results;
- } else {
+ if (e.getData() != null) {
+ Log.d(Constants.TAG, "returned error data: " + e.getData().toLowerCase(Locale.US));
+
if (e.getData().toLowerCase(Locale.US).contains("no keys found")) {
+ // NOTE: This is also a 404 error for some keyservers!
return results;
} else if (e.getData().toLowerCase(Locale.US).contains("too many")) {
throw new TooManyResponsesException();
} else if (e.getData().toLowerCase(Locale.US).contains("insufficient")) {
throw new QueryTooShortException();
+ } else if (e.getCode() == 404) {
+ // NOTE: handle this 404 at last, maybe it was a "no keys found" error
+ throw new QueryFailedException("Keyserver '" + mHost + "' not found. Error 404");
+ } else {
+ // NOTE: some keyserver do not provide a more detailed error response
+ throw new QueryTooShortOrTooManyResponsesException();
}
}
- throw new QueryFailedException("querying server(s) for '" + mHost + "' failed");
+
+ throw new QueryFailedException("Querying server(s) for '" + mHost + "' failed.");
}
final Matcher matcher = PUB_KEY_LINE.matcher(data);
@@ -291,7 +309,7 @@ public class HkpKeyserver extends Keyserver {
while (uidMatcher.find()) {
String tmp = uidMatcher.group(1).trim();
if (tmp.contains("%")) {
- if(tmp.contains("%%")) {
+ if (tmp.contains("%%")) {
// This is a fix for issue #683
// The server encodes a percent sign as %%, so it is swapped out with its
// urlencoded counterpart to prevent errors
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/ImportKeysListEntry.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/ImportKeysListEntry.java
index 0a49cb629..30e93f957 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/ImportKeysListEntry.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/ImportKeysListEntry.java
@@ -250,7 +250,7 @@ public class ImportKeysListEntry implements Serializable, Parcelable {
mHashCode = key.hashCode();
- mPrimaryUserId = key.getPrimaryUserId();
+ mPrimaryUserId = key.getPrimaryUserIdWithFallback();
mUserIds = key.getUnorderedUserIds();
// if there was no user id flagged as primary, use the first one
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/Keyserver.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/Keyserver.java
index 842e7d922..b726529f8 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/Keyserver.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/Keyserver.java
@@ -44,6 +44,13 @@ public abstract class Keyserver {
private static final long serialVersionUID = 2703768928624654514L;
}
+ /**
+ * query too short _or_ too many responses
+ */
+ public static class QueryTooShortOrTooManyResponsesException extends QueryNeedsRepairException {
+ private static final long serialVersionUID = 2703768928624654514L;
+ }
+
public static class AddKeyException extends Exception {
private static final long serialVersionUID = -507574859137295530L;
}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/WrappedKeyRing.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedKeyRing.java
similarity index 74%
rename from OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/WrappedKeyRing.java
rename to OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedKeyRing.java
index 6f3068261..ee0dfefa4 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/WrappedKeyRing.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedKeyRing.java
@@ -16,13 +16,11 @@ import java.io.OutputStream;
* getter method.
*
*/
-public abstract class WrappedKeyRing extends KeyRing {
+public abstract class CanonicalizedKeyRing extends KeyRing {
- private final boolean mHasAnySecret;
private final int mVerified;
- WrappedKeyRing(boolean hasAnySecret, int verified) {
- mHasAnySecret = hasAnySecret;
+ CanonicalizedKeyRing(int verified) {
mVerified = verified;
}
@@ -30,17 +28,17 @@ public abstract class WrappedKeyRing extends KeyRing {
return getRing().getPublicKey().getKeyID();
}
- public boolean hasAnySecret() {
- return mHasAnySecret;
- }
-
public int getVerified() {
return mVerified;
}
public String getPrimaryUserId() throws PgpGeneralException {
- return (String) getRing().getPublicKey().getUserIDs().next();
- };
+ return getPublicKey().getPrimaryUserId();
+ }
+
+ public String getPrimaryUserIdWithFallback() throws PgpGeneralException {
+ return getPublicKey().getPrimaryUserIdWithFallback();
+ }
public boolean isRevoked() throws PgpGeneralException {
// Is the master key revoked?
@@ -52,7 +50,7 @@ public abstract class WrappedKeyRing extends KeyRing {
}
public long getEncryptId() throws PgpGeneralException {
- for(WrappedPublicKey key : publicKeyIterator()) {
+ for(CanonicalizedPublicKey key : publicKeyIterator()) {
if(key.canEncrypt()) {
return key.getKeyId();
}
@@ -70,7 +68,7 @@ public abstract class WrappedKeyRing extends KeyRing {
}
public long getSignId() throws PgpGeneralException {
- for(WrappedPublicKey key : publicKeyIterator()) {
+ for(CanonicalizedPublicKey key : publicKeyIterator()) {
if(key.canSign()) {
return key.getKeyId();
}
@@ -99,10 +97,18 @@ public abstract class WrappedKeyRing extends KeyRing {
abstract PGPKeyRing getRing();
- abstract public IterableIterator publicKeyIterator();
+ abstract public IterableIterator publicKeyIterator();
- public UncachedKeyRing getUncached() {
- return new UncachedKeyRing(getRing());
+ public CanonicalizedPublicKey getPublicKey() {
+ return new CanonicalizedPublicKey(this, getRing().getPublicKey());
+ }
+
+ public CanonicalizedPublicKey getPublicKey(long id) {
+ return new CanonicalizedPublicKey(this, getRing().getPublicKey(id));
+ }
+
+ public byte[] getEncoded() throws IOException {
+ return getRing().getEncoded();
}
}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/WrappedPublicKey.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedPublicKey.java
similarity index 90%
rename from OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/WrappedPublicKey.java
rename to OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedPublicKey.java
index 69a4fbdee..981caad49 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/WrappedPublicKey.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedPublicKey.java
@@ -14,12 +14,12 @@ import org.sufficientlysecure.keychain.util.IterableIterator;
* stored in the database.
*
*/
-public class WrappedPublicKey extends UncachedPublicKey {
+public class CanonicalizedPublicKey extends UncachedPublicKey {
// this is the parent key ring
final KeyRing mRing;
- WrappedPublicKey(KeyRing ring, PGPPublicKey key) {
+ CanonicalizedPublicKey(KeyRing ring, PGPPublicKey key) {
super(key);
mRing = ring;
}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/WrappedPublicKeyRing.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedPublicKeyRing.java
similarity index 51%
rename from OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/WrappedPublicKeyRing.java
rename to OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedPublicKeyRing.java
index b2abf15a4..70288dceb 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/WrappedPublicKeyRing.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedPublicKeyRing.java
@@ -1,42 +1,45 @@
package org.sufficientlysecure.keychain.pgp;
import org.spongycastle.bcpg.ArmoredOutputStream;
-import org.spongycastle.openpgp.PGPKeyRing;
import org.spongycastle.openpgp.PGPObjectFactory;
import org.spongycastle.openpgp.PGPPublicKey;
import org.spongycastle.openpgp.PGPPublicKeyRing;
-import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
import org.sufficientlysecure.keychain.util.IterableIterator;
-import org.sufficientlysecure.keychain.util.Log;
import java.io.IOException;
import java.util.Iterator;
-public class WrappedPublicKeyRing extends WrappedKeyRing {
+public class CanonicalizedPublicKeyRing extends CanonicalizedKeyRing {
private PGPPublicKeyRing mRing;
- private final byte[] mPubKey;
- public WrappedPublicKeyRing(byte[] blob, boolean hasAnySecret, int verified) {
- super(hasAnySecret, verified);
- mPubKey = blob;
+ CanonicalizedPublicKeyRing(PGPPublicKeyRing ring, int verified) {
+ super(verified);
+ mRing = ring;
+ }
+
+ public CanonicalizedPublicKeyRing(byte[] blob, int verified) {
+ super(verified);
+ if(mRing == null) {
+ // get first object in block
+ PGPObjectFactory factory = new PGPObjectFactory(blob);
+ try {
+ Object obj = factory.nextObject();
+ if (! (obj instanceof PGPPublicKeyRing)) {
+ throw new RuntimeException("Error constructing CanonicalizedPublicKeyRing, should never happen!");
+ }
+ mRing = (PGPPublicKeyRing) obj;
+ if (factory.nextObject() != null) {
+ throw new RuntimeException("Encountered trailing data after keyring, should never happen!");
+ }
+ } catch (IOException e) {
+ throw new RuntimeException("IO Error constructing CanonicalizedPublicKeyRing, should never happen!");
+ }
+ }
}
PGPPublicKeyRing getRing() {
- if(mRing == null) {
- PGPObjectFactory factory = new PGPObjectFactory(mPubKey);
- PGPKeyRing keyRing = null;
- try {
- if ((keyRing = (PGPKeyRing) factory.nextObject()) == null) {
- Log.e(Constants.TAG, "No keys given!");
- }
- } catch (IOException e) {
- Log.e(Constants.TAG, "Error while converting to PGPKeyRing!", e);
- }
-
- mRing = (PGPPublicKeyRing) keyRing;
- }
return mRing;
}
@@ -44,19 +47,11 @@ public class WrappedPublicKeyRing extends WrappedKeyRing {
getRing().encode(stream);
}
- public WrappedPublicKey getSubkey() {
- return new WrappedPublicKey(this, getRing().getPublicKey());
- }
-
- public WrappedPublicKey getSubkey(long id) {
- return new WrappedPublicKey(this, getRing().getPublicKey(id));
- }
-
/** Getter that returns the subkey that should be used for signing. */
- WrappedPublicKey getEncryptionSubKey() throws PgpGeneralException {
+ CanonicalizedPublicKey getEncryptionSubKey() throws PgpGeneralException {
PGPPublicKey key = getRing().getPublicKey(getEncryptId());
if(key != null) {
- WrappedPublicKey cKey = new WrappedPublicKey(this, key);
+ CanonicalizedPublicKey cKey = new CanonicalizedPublicKey(this, key);
if(!cKey.canEncrypt()) {
throw new PgpGeneralException("key error");
}
@@ -65,18 +60,18 @@ public class WrappedPublicKeyRing extends WrappedKeyRing {
throw new PgpGeneralException("no encryption key available");
}
- public IterableIterator publicKeyIterator() {
+ public IterableIterator publicKeyIterator() {
@SuppressWarnings("unchecked")
final Iterator it = getRing().getPublicKeys();
- return new IterableIterator(new Iterator() {
+ return new IterableIterator(new Iterator() {
@Override
public boolean hasNext() {
return it.hasNext();
}
@Override
- public WrappedPublicKey next() {
- return new WrappedPublicKey(WrappedPublicKeyRing.this, it.next());
+ public CanonicalizedPublicKey next() {
+ return new CanonicalizedPublicKey(CanonicalizedPublicKeyRing.this, it.next());
}
@Override
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/WrappedSecretKey.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
similarity index 91%
rename from OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/WrappedSecretKey.java
rename to OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
index ef8044a9b..2eb517697 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/WrappedSecretKey.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
@@ -37,26 +37,18 @@ import java.util.List;
* properly imported secret keys only.
*
*/
-public class WrappedSecretKey extends WrappedPublicKey {
+public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
private final PGPSecretKey mSecretKey;
private PGPPrivateKey mPrivateKey = null;
- WrappedSecretKey(WrappedSecretKeyRing ring, PGPSecretKey key) {
+ CanonicalizedSecretKey(CanonicalizedSecretKeyRing ring, PGPSecretKey key) {
super(ring, key.getPublicKey());
mSecretKey = key;
}
- public WrappedSecretKeyRing getRing() {
- return (WrappedSecretKeyRing) mRing;
- }
-
- /** Returns the wrapped PGPSecretKeyRing.
- * This function is for compatibility only, should not be used anymore and will be removed
- */
- @Deprecated
- public PGPSecretKey getKeyExternal() {
- return mSecretKey;
+ public CanonicalizedSecretKeyRing getRing() {
+ return (CanonicalizedSecretKeyRing) mRing;
}
public boolean unlock(String passphrase) throws PgpGeneralException {
@@ -97,7 +89,7 @@ public class WrappedSecretKey extends WrappedPublicKey {
signatureGenerator.init(signatureType, mPrivateKey);
PGPSignatureSubpacketGenerator spGen = new PGPSignatureSubpacketGenerator();
- spGen.setSignerUserID(false, mRing.getPrimaryUserId());
+ spGen.setSignerUserID(false, mRing.getPrimaryUserIdWithFallback());
signatureGenerator.setHashedSubpackets(spGen.generate());
return signatureGenerator;
} catch(PGPException e) {
@@ -148,7 +140,7 @@ public class WrappedSecretKey extends WrappedPublicKey {
* @param userIds User IDs to certify, must not be null or empty
* @return A keyring with added certifications
*/
- public UncachedKeyRing certifyUserIds(WrappedPublicKeyRing publicKeyRing, List userIds)
+ public UncachedKeyRing certifyUserIds(CanonicalizedPublicKeyRing publicKeyRing, List userIds)
throws PgpGeneralMsgIdException, NoSuchAlgorithmException, NoSuchProviderException,
PGPException, SignatureException {
@@ -175,7 +167,7 @@ public class WrappedSecretKey extends WrappedPublicKey {
}
// get the master subkey (which we certify for)
- PGPPublicKey publicKey = publicKeyRing.getSubkey().getPublicKey();
+ PGPPublicKey publicKey = publicKeyRing.getPublicKey().getPublicKey();
// fetch public key ring, add the certification and return it
for (String userId : new IterableIterator(userIds.iterator())) {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/WrappedSecretKeyRing.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKeyRing.java
similarity index 62%
rename from OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/WrappedSecretKeyRing.java
rename to OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKeyRing.java
index c737b7c46..e48fe5020 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/WrappedSecretKeyRing.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKeyRing.java
@@ -1,10 +1,12 @@
package org.sufficientlysecure.keychain.pgp;
+import org.spongycastle.bcpg.S2K;
import org.spongycastle.openpgp.PGPException;
import org.spongycastle.openpgp.PGPKeyRing;
import org.spongycastle.openpgp.PGPObjectFactory;
import org.spongycastle.openpgp.PGPPrivateKey;
import org.spongycastle.openpgp.PGPPublicKey;
+import org.spongycastle.openpgp.PGPPublicKeyRing;
import org.spongycastle.openpgp.PGPSecretKey;
import org.spongycastle.openpgp.PGPSecretKeyRing;
import org.spongycastle.openpgp.operator.PBESecretKeyDecryptor;
@@ -15,15 +17,21 @@ import org.sufficientlysecure.keychain.util.IterableIterator;
import org.sufficientlysecure.keychain.util.Log;
import java.io.IOException;
+import java.util.HashSet;
import java.util.Iterator;
-public class WrappedSecretKeyRing extends WrappedKeyRing {
+public class CanonicalizedSecretKeyRing extends CanonicalizedKeyRing {
private PGPSecretKeyRing mRing;
- public WrappedSecretKeyRing(byte[] blob, boolean isRevoked, int verified)
+ CanonicalizedSecretKeyRing(PGPSecretKeyRing ring, int verified) {
+ super(verified);
+ mRing = ring;
+ }
+
+ public CanonicalizedSecretKeyRing(byte[] blob, boolean isRevoked, int verified)
{
- super(isRevoked, verified);
+ super(verified);
PGPObjectFactory factory = new PGPObjectFactory(blob);
PGPKeyRing keyRing = null;
try {
@@ -41,19 +49,32 @@ public class WrappedSecretKeyRing extends WrappedKeyRing {
return mRing;
}
- public WrappedSecretKey getSubKey() {
- return new WrappedSecretKey(this, mRing.getSecretKey());
+ public CanonicalizedSecretKey getSecretKey() {
+ return new CanonicalizedSecretKey(this, mRing.getSecretKey());
}
- public WrappedSecretKey getSubKey(long id) {
- return new WrappedSecretKey(this, mRing.getSecretKey(id));
+ public CanonicalizedSecretKey getSecretKey(long id) {
+ return new CanonicalizedSecretKey(this, mRing.getSecretKey(id));
+ }
+
+ public HashSet getAvailableSubkeys() {
+ HashSet result = new HashSet();
+ // then, mark exactly the keys we have available
+ for (PGPSecretKey sub : new IterableIterator(getRing().getSecretKeys())) {
+ S2K s2k = sub.getS2K();
+ // Set to 1, except if the encryption type is GNU_DUMMY_S2K
+ if(s2k == null || s2k.getType() != S2K.GNU_DUMMY_S2K) {
+ result.add(sub.getKeyID());
+ }
+ }
+ return result;
}
/** Getter that returns the subkey that should be used for signing. */
- WrappedSecretKey getSigningSubKey() throws PgpGeneralException {
+ CanonicalizedSecretKey getSigningSubKey() throws PgpGeneralException {
PGPSecretKey key = mRing.getSecretKey(getSignId());
if(key != null) {
- WrappedSecretKey cKey = new WrappedSecretKey(this, key);
+ CanonicalizedSecretKey cKey = new CanonicalizedSecretKey(this, key);
if(!cKey.canSign()) {
throw new PgpGeneralException("key error");
}
@@ -88,17 +109,17 @@ public class WrappedSecretKeyRing extends WrappedKeyRing {
}
}
- public IterableIterator secretKeyIterator() {
+ public IterableIterator secretKeyIterator() {
final Iterator it = mRing.getSecretKeys();
- return new IterableIterator(new Iterator() {
+ return new IterableIterator(new Iterator() {
@Override
public boolean hasNext() {
return it.hasNext();
}
@Override
- public WrappedSecretKey next() {
- return new WrappedSecretKey(WrappedSecretKeyRing.this, it.next());
+ public CanonicalizedSecretKey next() {
+ return new CanonicalizedSecretKey(CanonicalizedSecretKeyRing.this, it.next());
}
@Override
@@ -108,17 +129,17 @@ public class WrappedSecretKeyRing extends WrappedKeyRing {
});
}
- public IterableIterator publicKeyIterator() {
+ public IterableIterator publicKeyIterator() {
final Iterator it = getRing().getPublicKeys();
- return new IterableIterator(new Iterator() {
+ return new IterableIterator(new Iterator() {
@Override
public boolean hasNext() {
return it.hasNext();
}
@Override
- public WrappedPublicKey next() {
- return new WrappedPublicKey(WrappedSecretKeyRing.this, it.next());
+ public CanonicalizedPublicKey next() {
+ return new CanonicalizedPublicKey(CanonicalizedSecretKeyRing.this, it.next());
}
@Override
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/KeyRing.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/KeyRing.java
index 47b827677..ebc49ab05 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/KeyRing.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/KeyRing.java
@@ -12,7 +12,7 @@ import java.util.regex.Pattern;
* keyring should in all cases agree on the output of all methods described
* here.
*
- * @see org.sufficientlysecure.keychain.pgp.WrappedKeyRing
+ * @see CanonicalizedKeyRing
* @see org.sufficientlysecure.keychain.provider.CachedPublicKeyRing
*
*/
@@ -22,8 +22,10 @@ public abstract class KeyRing {
abstract public String getPrimaryUserId() throws PgpGeneralException;
- public String[] getSplitPrimaryUserId() throws PgpGeneralException {
- return splitUserId(getPrimaryUserId());
+ abstract public String getPrimaryUserIdWithFallback() throws PgpGeneralException;
+
+ public String[] getSplitPrimaryUserIdWithFallback() throws PgpGeneralException {
+ return splitUserId(getPrimaryUserIdWithFallback());
}
abstract public boolean isRevoked() throws PgpGeneralException;
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java
index a5ccfbd3b..7f2d971ed 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java
@@ -231,7 +231,7 @@ public class PgpDecryptVerify {
PGPPublicKeyEncryptedData encryptedDataAsymmetric = null;
PGPPBEEncryptedData encryptedDataSymmetric = null;
- WrappedSecretKey secretEncryptionKey = null;
+ CanonicalizedSecretKey secretEncryptionKey = null;
Iterator> it = enc.getEncryptedDataObjects();
boolean asymmetricPacketFound = false;
boolean symmetricPacketFound = false;
@@ -243,10 +243,10 @@ public class PgpDecryptVerify {
PGPPublicKeyEncryptedData encData = (PGPPublicKeyEncryptedData) obj;
- WrappedSecretKeyRing secretKeyRing;
+ CanonicalizedSecretKeyRing secretKeyRing;
try {
// get actual keyring object based on master key id
- secretKeyRing = mProviderHelper.getWrappedSecretKeyRing(
+ secretKeyRing = mProviderHelper.getCanonicalizedSecretKeyRing(
KeyRings.buildUnifiedKeyRingsFindBySubkeyUri(encData.getKeyID())
);
} catch (ProviderHelper.NotFoundException e) {
@@ -258,7 +258,7 @@ public class PgpDecryptVerify {
continue;
}
// get subkey which has been used for this encryption packet
- secretEncryptionKey = secretKeyRing.getSubKey(encData.getKeyID());
+ secretEncryptionKey = secretKeyRing.getSecretKey(encData.getKeyID());
if (secretEncryptionKey == null) {
// continue with the next packet in the while loop
continue;
@@ -365,8 +365,8 @@ public class PgpDecryptVerify {
Object dataChunk = plainFact.nextObject();
OpenPgpSignatureResultBuilder signatureResultBuilder = new OpenPgpSignatureResultBuilder();
int signatureIndex = -1;
- WrappedPublicKeyRing signingRing = null;
- WrappedPublicKey signingKey = null;
+ CanonicalizedPublicKeyRing signingRing = null;
+ CanonicalizedPublicKey signingKey = null;
if (dataChunk instanceof PGPCompressedData) {
updateProgress(R.string.progress_decompressing_data, currentProgress, 100);
@@ -390,10 +390,10 @@ public class PgpDecryptVerify {
for (int i = 0; i < sigList.size(); ++i) {
try {
long sigKeyId = sigList.get(i).getKeyID();
- signingRing = mProviderHelper.getWrappedPublicKeyRing(
+ signingRing = mProviderHelper.getCanonicalizedPublicKeyRing(
KeyRings.buildUnifiedKeyRingsFindBySubkeyUri(sigKeyId)
);
- signingKey = signingRing.getSubkey(sigKeyId);
+ signingKey = signingRing.getPublicKey(sigKeyId);
signatureIndex = i;
} catch (ProviderHelper.NotFoundException e) {
Log.d(Constants.TAG, "key not found!");
@@ -409,7 +409,7 @@ public class PgpDecryptVerify {
signatureResultBuilder.knownKey(true);
signatureResultBuilder.keyId(signingRing.getMasterKeyId());
try {
- signatureResultBuilder.userId(signingRing.getPrimaryUserId());
+ signatureResultBuilder.userId(signingRing.getPrimaryUserIdWithFallback());
} catch(PgpGeneralException e) {
Log.d(Constants.TAG, "No primary user id in key " + signingRing.getMasterKeyId());
}
@@ -566,8 +566,8 @@ public class PgpDecryptVerify {
throw new InvalidDataException();
}
- WrappedPublicKeyRing signingRing = null;
- WrappedPublicKey signingKey = null;
+ CanonicalizedPublicKeyRing signingRing = null;
+ CanonicalizedPublicKey signingKey = null;
int signatureIndex = -1;
// go through all signatures
@@ -575,10 +575,10 @@ public class PgpDecryptVerify {
for (int i = 0; i < sigList.size(); ++i) {
try {
long sigKeyId = sigList.get(i).getKeyID();
- signingRing = mProviderHelper.getWrappedPublicKeyRing(
+ signingRing = mProviderHelper.getCanonicalizedPublicKeyRing(
KeyRings.buildUnifiedKeyRingsFindBySubkeyUri(sigKeyId)
);
- signingKey = signingRing.getSubkey(sigKeyId);
+ signingKey = signingRing.getPublicKey(sigKeyId);
signatureIndex = i;
} catch (ProviderHelper.NotFoundException e) {
Log.d(Constants.TAG, "key not found!");
@@ -596,7 +596,7 @@ public class PgpDecryptVerify {
signatureResultBuilder.knownKey(true);
signatureResultBuilder.keyId(signingRing.getMasterKeyId());
try {
- signatureResultBuilder.userId(signingRing.getPrimaryUserId());
+ signatureResultBuilder.userId(signingRing.getPrimaryUserIdWithFallback());
} catch(PgpGeneralException e) {
Log.d(Constants.TAG, "No primary user id in key " + signingRing.getMasterKeyId());
}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpHelper.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpHelper.java
index 969ff1de8..0ceefc4d9 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpHelper.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpHelper.java
@@ -24,6 +24,7 @@ import android.content.pm.PackageManager.NameNotFoundException;
import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.R;
+import org.sufficientlysecure.keychain.helper.Preferences;
import org.sufficientlysecure.keychain.util.Log;
import java.io.File;
@@ -60,7 +61,11 @@ public class PgpHelper {
}
public static String getFullVersion(Context context) {
- return "OpenKeychain v" + getVersion(context);
+ if(Preferences.getPreferences(context).getConcealPgpApplication()){
+ return "";
+ } else {
+ return "OpenKeychain v" + getVersion(context);
+ }
}
// public static final class content {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpImportExport.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpImportExport.java
index 6fc55cfb8..846b00ef2 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpImportExport.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpImportExport.java
@@ -34,7 +34,7 @@ import org.sufficientlysecure.keychain.provider.KeychainContract;
import org.sufficientlysecure.keychain.provider.ProviderHelper;
import org.sufficientlysecure.keychain.service.KeychainIntentService;
import org.sufficientlysecure.keychain.service.OperationResultParcel.OperationLog;
-import org.sufficientlysecure.keychain.service.OperationResults.ImportResult;
+import org.sufficientlysecure.keychain.service.OperationResults.ImportKeyResult;
import org.sufficientlysecure.keychain.service.OperationResults.SaveKeyringResult;
import org.sufficientlysecure.keychain.util.Log;
import org.sufficientlysecure.keychain.util.ProgressScaler;
@@ -93,7 +93,7 @@ public class PgpImportExport {
}
}
- public boolean uploadKeyRingToServer(HkpKeyserver server, WrappedPublicKeyRing keyring) {
+ public boolean uploadKeyRingToServer(HkpKeyserver server, CanonicalizedPublicKeyRing keyring) {
ByteArrayOutputStream bos = new ByteArrayOutputStream();
ArmoredOutputStream aos = null;
try {
@@ -123,14 +123,14 @@ public class PgpImportExport {
}
/** Imports keys from given data. If keyIds is given only those are imported */
- public ImportResult importKeyRings(List entries) {
+ public ImportKeyResult importKeyRings(List entries) {
updateProgress(R.string.progress_importing, 0, 100);
// If there aren't even any keys, do nothing here.
if (entries == null || entries.size() == 0) {
- return new ImportResult(
- ImportResult.RESULT_FAIL_NOTHING, mProviderHelper.getLog(), 0, 0, 0);
+ return new ImportKeyResult(
+ ImportKeyResult.RESULT_FAIL_NOTHING, mProviderHelper.getLog(), 0, 0, 0);
}
int newKeys = 0, oldKeys = 0, badKeys = 0;
@@ -185,26 +185,26 @@ public class PgpImportExport {
int resultType = 0;
// special return case: no new keys at all
if (badKeys == 0 && newKeys == 0 && oldKeys == 0) {
- resultType = ImportResult.RESULT_FAIL_NOTHING;
+ resultType = ImportKeyResult.RESULT_FAIL_NOTHING;
} else {
if (newKeys > 0) {
- resultType |= ImportResult.RESULT_OK_NEWKEYS;
+ resultType |= ImportKeyResult.RESULT_OK_NEWKEYS;
}
if (oldKeys > 0) {
- resultType |= ImportResult.RESULT_OK_UPDATED;
+ resultType |= ImportKeyResult.RESULT_OK_UPDATED;
}
if (badKeys > 0) {
- resultType |= ImportResult.RESULT_WITH_ERRORS;
+ resultType |= ImportKeyResult.RESULT_WITH_ERRORS;
if (newKeys == 0 && oldKeys == 0) {
- resultType |= ImportResult.RESULT_ERROR;
+ resultType |= ImportKeyResult.RESULT_ERROR;
}
}
if (log.containsWarnings()) {
- resultType |= ImportResult.RESULT_WITH_WARNINGS;
+ resultType |= ImportKeyResult.RESULT_WITH_WARNINGS;
}
}
- return new ImportResult(resultType, log, newKeys, oldKeys, badKeys);
+ return new ImportKeyResult(resultType, log, newKeys, oldKeys, badKeys);
}
@@ -235,7 +235,7 @@ public class PgpImportExport {
updateProgress(progress * 100 / masterKeyIdsSize, 100);
try {
- WrappedPublicKeyRing ring = mProviderHelper.getWrappedPublicKeyRing(
+ CanonicalizedPublicKeyRing ring = mProviderHelper.getCanonicalizedPublicKeyRing(
KeychainContract.KeyRings.buildUnifiedKeyRingUri(pubKeyMasterId)
);
@@ -263,8 +263,8 @@ public class PgpImportExport {
updateProgress(progress * 100 / masterKeyIdsSize, 100);
try {
- WrappedSecretKeyRing secretKeyRing =
- mProviderHelper.getWrappedSecretKeyRing(secretKeyMasterId);
+ CanonicalizedSecretKeyRing secretKeyRing =
+ mProviderHelper.getCanonicalizedSecretKeyRing(secretKeyMasterId);
secretKeyRing.encode(arOutStream);
} catch (ProviderHelper.NotFoundException e) {
Log.e(Constants.TAG, "key not found!", e);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
index 9a08290e4..b1bd6a77a 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
@@ -46,15 +46,17 @@ import org.spongycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder;
import org.spongycastle.openpgp.operator.jcajce.JcePBESecretKeyEncryptorBuilder;
import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.R;
-import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralMsgIdException;
+import org.sufficientlysecure.keychain.service.OperationResultParcel;
import org.sufficientlysecure.keychain.service.OperationResultParcel.LogLevel;
import org.sufficientlysecure.keychain.service.OperationResultParcel.LogType;
import org.sufficientlysecure.keychain.service.OperationResultParcel.OperationLog;
+import org.sufficientlysecure.keychain.service.OperationResults.EditKeyResult;
import org.sufficientlysecure.keychain.service.SaveKeyringParcel;
import org.sufficientlysecure.keychain.service.SaveKeyringParcel.SubkeyAdd;
import org.sufficientlysecure.keychain.util.IterableIterator;
import org.sufficientlysecure.keychain.util.Log;
import org.sufficientlysecure.keychain.util.Primes;
+import org.sufficientlysecure.keychain.util.ProgressScaler;
import java.io.IOException;
import java.math.BigInteger;
@@ -65,10 +67,9 @@ import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.util.Arrays;
-import java.util.Calendar;
import java.util.Date;
import java.util.Iterator;
-import java.util.TimeZone;
+import java.util.Stack;
/**
* This class is the single place where ALL operations that actually modify a PGP public or secret
@@ -80,7 +81,7 @@ import java.util.TimeZone;
* This indicator may be null.
*/
public class PgpKeyOperation {
- private Progressable mProgress;
+ private Stack mProgress;
private static final int[] PREFERRED_SYMMETRIC_ALGORITHMS = new int[]{
SymmetricKeyAlgorithmTags.AES_256, SymmetricKeyAlgorithmTags.AES_192,
@@ -94,21 +95,43 @@ public class PgpKeyOperation {
public PgpKeyOperation(Progressable progress) {
super();
- this.mProgress = progress;
- }
-
- void updateProgress(int message, int current, int total) {
- if (mProgress != null) {
- mProgress.setProgress(message, current, total);
+ if (progress != null) {
+ mProgress = new Stack();
+ mProgress.push(progress);
}
}
+ private void subProgressPush(int from, int to) {
+ if (mProgress == null) {
+ return;
+ }
+ mProgress.push(new ProgressScaler(mProgress.peek(), from, to, 100));
+ }
+ private void subProgressPop() {
+ if (mProgress == null) {
+ return;
+ }
+ if (mProgress.size() == 1) {
+ throw new RuntimeException("Tried to pop progressable without prior push! "
+ + "This is a programming error, please file a bug report.");
+ }
+ mProgress.pop();
+ }
+
+ private void progress(int message, int current) {
+ if (mProgress == null) {
+ return;
+ }
+ mProgress.peek().setProgress(message, current, 100);
+ }
+
/** Creates new secret key. */
- private PGPKeyPair createKey(int algorithmChoice, int keySize) throws PgpGeneralMsgIdException {
+ private PGPKeyPair createKey(int algorithmChoice, int keySize, OperationLog log, int indent) {
try {
if (keySize < 512) {
- throw new PgpGeneralMsgIdException(R.string.error_key_size_minimum512bit);
+ log.add(LogLevel.ERROR, LogType.MSG_CR_ERROR_KEYSIZE_512, indent);
+ return null;
}
int algorithm;
@@ -116,6 +139,7 @@ public class PgpKeyOperation {
switch (algorithmChoice) {
case Constants.choice.algorithm.dsa: {
+ progress(R.string.progress_generating_dsa, 30);
keyGen = KeyPairGenerator.getInstance("DSA", Constants.BOUNCY_CASTLE_PROVIDER_NAME);
keyGen.initialize(keySize, new SecureRandom());
algorithm = PGPPublicKey.DSA;
@@ -123,6 +147,7 @@ public class PgpKeyOperation {
}
case Constants.choice.algorithm.elgamal: {
+ progress(R.string.progress_generating_elgamal, 30);
keyGen = KeyPairGenerator.getInstance("ElGamal", Constants.BOUNCY_CASTLE_PROVIDER_NAME);
BigInteger p = Primes.getBestPrime(keySize);
BigInteger g = new BigInteger("2");
@@ -135,6 +160,7 @@ public class PgpKeyOperation {
}
case Constants.choice.algorithm.rsa: {
+ progress(R.string.progress_generating_rsa, 30);
keyGen = KeyPairGenerator.getInstance("RSA", Constants.BOUNCY_CASTLE_PROVIDER_NAME);
keyGen.initialize(keySize, new SecureRandom());
@@ -143,7 +169,8 @@ public class PgpKeyOperation {
}
default: {
- throw new PgpGeneralMsgIdException(R.string.error_unknown_algorithm_choice);
+ log.add(LogLevel.ERROR, LogType.MSG_CR_ERROR_UNKNOWN_ALGO, indent);
+ return null;
}
}
@@ -157,31 +184,55 @@ public class PgpKeyOperation {
} catch(InvalidAlgorithmParameterException e) {
throw new RuntimeException(e);
} catch(PGPException e) {
- throw new PgpGeneralMsgIdException(R.string.msg_mf_error_pgp, e);
+ Log.e(Constants.TAG, "internal pgp error", e);
+ log.add(LogLevel.ERROR, LogType.MSG_CR_ERROR_INTERNAL_PGP, indent);
+ return null;
}
}
- public UncachedKeyRing createSecretKeyRing(SaveKeyringParcel saveParcel, OperationLog log,
- int indent) {
+ public EditKeyResult createSecretKeyRing(SaveKeyringParcel saveParcel) {
+
+ OperationLog log = new OperationLog();
+ int indent = 0;
try {
- log.add(LogLevel.ERROR, LogType.MSG_MF_ERROR_KEYID, indent);
+ log.add(LogLevel.START, LogType.MSG_CR, indent);
+ progress(R.string.progress_building_key, 0);
indent += 1;
- updateProgress(R.string.progress_building_key, 0, 100);
- if (saveParcel.addSubKeys == null || saveParcel.addSubKeys.isEmpty()) {
+ if (saveParcel.mAddSubKeys.isEmpty()) {
log.add(LogLevel.ERROR, LogType.MSG_CR_ERROR_NO_MASTER, indent);
- return null;
+ return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
}
- SubkeyAdd add = saveParcel.addSubKeys.remove(0);
- PGPKeyPair keyPair = createKey(add.mAlgorithm, add.mKeysize);
+ if (saveParcel.mAddUserIds.isEmpty()) {
+ log.add(LogLevel.ERROR, LogType.MSG_CR_ERROR_NO_USER_ID, indent);
+ return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
+ }
+
+ SubkeyAdd add = saveParcel.mAddSubKeys.remove(0);
+ if ((add.mFlags & KeyFlags.CERTIFY_OTHER) != KeyFlags.CERTIFY_OTHER) {
+ log.add(LogLevel.ERROR, LogType.MSG_CR_ERROR_NO_CERTIFY, indent);
+ return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
+ }
if (add.mAlgorithm == Constants.choice.algorithm.elgamal) {
- throw new PgpGeneralMsgIdException(R.string.error_master_key_must_not_be_el_gamal);
+ log.add(LogLevel.ERROR, LogType.MSG_CR_ERROR_MASTER_ELGAMAL, indent);
+ return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
}
+ subProgressPush(10, 30);
+ PGPKeyPair keyPair = createKey(add.mAlgorithm, add.mKeysize, log, indent);
+ subProgressPop();
+
+ // return null if this failed (an error will already have been logged by createKey)
+ if (keyPair == null) {
+ return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
+ }
+
+ progress(R.string.progress_building_master_key, 40);
+
// define hashing and signing algos
PGPDigestCalculator sha1Calc = new JcaPGPDigestCalculatorProviderBuilder()
.build().get(HashAlgorithmTags.SHA1);
@@ -195,17 +246,16 @@ public class PgpKeyOperation {
PGPSecretKeyRing sKR = new PGPSecretKeyRing(
masterSecretKey.getEncoded(), new JcaKeyFingerprintCalculator());
- return internal(sKR, masterSecretKey, saveParcel, "", log, indent);
+ subProgressPush(50, 100);
+ return internal(sKR, masterSecretKey, add.mFlags, saveParcel, "", log);
} catch (PGPException e) {
+ log.add(LogLevel.ERROR, LogType.MSG_CR_ERROR_INTERNAL_PGP, indent);
Log.e(Constants.TAG, "pgp error encoding key", e);
- return null;
+ return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
} catch (IOException e) {
Log.e(Constants.TAG, "io error encoding key", e);
- return null;
- } catch (PgpGeneralMsgIdException e) {
- Log.e(Constants.TAG, "pgp msg id error", e);
- return null;
+ return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
}
}
@@ -221,8 +271,11 @@ public class PgpKeyOperation {
* are changed by adding new certificates, which implicitly override older certificates.
*
*/
- public UncachedKeyRing modifySecretKeyRing(WrappedSecretKeyRing wsKR, SaveKeyringParcel saveParcel,
- String passphrase, OperationLog log, int indent) {
+ public EditKeyResult modifySecretKeyRing(CanonicalizedSecretKeyRing wsKR, SaveKeyringParcel saveParcel,
+ String passphrase) {
+
+ OperationLog log = new OperationLog();
+ int indent = 0;
/*
* 1. Unlock private key
@@ -235,14 +288,15 @@ public class PgpKeyOperation {
* 6. If requested, change passphrase
*/
- log.add(LogLevel.START, LogType.MSG_MF, indent);
+ log.add(LogLevel.START, LogType.MSG_MF, indent,
+ PgpKeyHelper.convertKeyIdToHex(wsKR.getMasterKeyId()));
indent += 1;
- updateProgress(R.string.progress_building_key, 0, 100);
+ progress(R.string.progress_building_key, 0);
// Make sure this is called with a proper SaveKeyringParcel
if (saveParcel.mMasterKeyId == null || saveParcel.mMasterKeyId != wsKR.getMasterKeyId()) {
log.add(LogLevel.ERROR, LogType.MSG_MF_ERROR_KEYID, indent);
- return null;
+ return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
}
// We work on bouncycastle object level here
@@ -254,22 +308,30 @@ public class PgpKeyOperation {
|| !Arrays.equals(saveParcel.mFingerprint,
masterSecretKey.getPublicKey().getFingerprint())) {
log.add(LogLevel.ERROR, LogType.MSG_MF_ERROR_FINGERPRINT, indent);
- return null;
+ return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
}
- return internal(sKR, masterSecretKey, saveParcel, passphrase, log, indent);
+ // read masterKeyFlags, and use the same as before.
+ // since this is the master key, this contains at least CERTIFY_OTHER
+ int masterKeyFlags = readKeyFlags(masterSecretKey.getPublicKey()) | KeyFlags.CERTIFY_OTHER;
+
+ return internal(sKR, masterSecretKey, masterKeyFlags, saveParcel, passphrase, log);
}
- private UncachedKeyRing internal(PGPSecretKeyRing sKR, PGPSecretKey masterSecretKey,
+ private EditKeyResult internal(PGPSecretKeyRing sKR, PGPSecretKey masterSecretKey,
+ int masterKeyFlags,
SaveKeyringParcel saveParcel, String passphrase,
- OperationLog log, int indent) {
+ OperationLog log) {
- updateProgress(R.string.progress_certifying_master_key, 20, 100);
+ int indent = 1;
+
+ progress(R.string.progress_modify, 0);
PGPPublicKey masterPublicKey = masterSecretKey.getPublicKey();
// 1. Unlock private key
+ progress(R.string.progress_modify_unlock, 10);
log.add(LogLevel.DEBUG, LogType.MSG_MF_UNLOCK, indent);
PGPPrivateKey masterPrivateKey;
{
@@ -279,7 +341,7 @@ public class PgpKeyOperation {
masterPrivateKey = masterSecretKey.extractPrivateKey(keyDecryptor);
} catch (PGPException e) {
log.add(LogLevel.ERROR, LogType.MSG_MF_UNLOCK_ERROR, indent + 1);
- return null;
+ return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
}
}
@@ -289,18 +351,28 @@ public class PgpKeyOperation {
PGPPublicKey modifiedPublicKey = masterPublicKey;
// 2a. Add certificates for new user ids
- for (String userId : saveParcel.addUserIds) {
+ subProgressPush(15, 25);
+ for (int i = 0; i < saveParcel.mAddUserIds.size(); i++) {
+
+ progress(R.string.progress_modify_adduid, (i-1) * (100 / saveParcel.mAddSubKeys.size()));
+ String userId = saveParcel.mAddUserIds.get(i);
log.add(LogLevel.INFO, LogType.MSG_MF_UID_ADD, indent);
+ if (userId.equals("")) {
+ log.add(LogLevel.ERROR, LogType.MSG_MF_UID_ERROR_EMPTY, indent+1);
+ return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
+ }
+
// this operation supersedes all previous binding and revocation certificates,
// so remove those to retain assertions from canonicalization for later operations
@SuppressWarnings("unchecked")
Iterator it = modifiedPublicKey.getSignaturesForID(userId);
if (it != null) {
for (PGPSignature cert : new IterableIterator(it)) {
- // if it's not a self cert, never mind
if (cert.getKeyID() != masterPublicKey.getKeyID()) {
- continue;
+ // foreign certificate?! error error error
+ log.add(LogLevel.ERROR, LogType.MSG_MF_ERROR_INTEGRITY, indent);
+ return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
}
if (cert.getSignatureType() == PGPSignature.CERTIFICATION_REVOCATION
|| cert.getSignatureType() == PGPSignature.NO_CERTIFICATION
@@ -314,27 +386,39 @@ public class PgpKeyOperation {
}
// if it's supposed to be primary, we can do that here as well
- boolean isPrimary = saveParcel.changePrimaryUserId != null
- && userId.equals(saveParcel.changePrimaryUserId);
+ boolean isPrimary = saveParcel.mChangePrimaryUserId != null
+ && userId.equals(saveParcel.mChangePrimaryUserId);
// generate and add new certificate
PGPSignature cert = generateUserIdSignature(masterPrivateKey,
- masterPublicKey, userId, isPrimary);
- modifiedPublicKey = PGPPublicKey.addCertification(masterPublicKey, userId, cert);
+ masterPublicKey, userId, isPrimary, masterKeyFlags);
+ modifiedPublicKey = PGPPublicKey.addCertification(modifiedPublicKey, userId, cert);
}
+ subProgressPop();
// 2b. Add revocations for revoked user ids
- for (String userId : saveParcel.revokeUserIds) {
- log.add(LogLevel.INFO, LogType.MSG_MF_UID_REVOKE, indent);
- // a duplicate revocatin will be removed during canonicalization, so no need to
+ subProgressPush(25, 40);
+ for (int i = 0; i < saveParcel.mRevokeUserIds.size(); i++) {
+
+ progress(R.string.progress_modify_revokeuid, (i-1) * (100 / saveParcel.mAddSubKeys.size()));
+ String userId = saveParcel.mRevokeUserIds.get(i);
+ log.add(LogLevel.INFO, LogType.MSG_MF_UID_REVOKE, indent, userId);
+
+ // a duplicate revocation will be removed during canonicalization, so no need to
// take care of that here.
PGPSignature cert = generateRevocationSignature(masterPrivateKey,
masterPublicKey, userId);
- modifiedPublicKey = PGPPublicKey.addCertification(masterPublicKey, userId, cert);
+ modifiedPublicKey = PGPPublicKey.addCertification(modifiedPublicKey, userId, cert);
}
+ subProgressPop();
// 3. If primary user id changed, generate new certificates for both old and new
- if (saveParcel.changePrimaryUserId != null) {
+ if (saveParcel.mChangePrimaryUserId != null) {
+ progress(R.string.progress_modify_primaryuid, 40);
+
+ // keep track if we actually changed one
+ boolean ok = false;
log.add(LogLevel.INFO, LogType.MSG_MF_UID_PRIMARY, indent);
+ indent += 1;
// we work on the modifiedPublicKey here, to respect new or newly revoked uids
// noinspection unchecked
@@ -343,10 +427,11 @@ public class PgpKeyOperation {
PGPSignature currentCert = null;
// noinspection unchecked
for (PGPSignature cert : new IterableIterator(
- masterPublicKey.getSignaturesForID(userId))) {
- // if it's not a self cert, never mind
+ modifiedPublicKey.getSignaturesForID(userId))) {
if (cert.getKeyID() != masterPublicKey.getKeyID()) {
- continue;
+ // foreign certificate?! error error error
+ log.add(LogLevel.ERROR, LogType.MSG_MF_ERROR_INTEGRITY, indent);
+ return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
}
// we know from canonicalization that if there is any revocation here, it
// is valid and not superseded by a newer certification.
@@ -367,30 +452,33 @@ public class PgpKeyOperation {
if (currentCert == null) {
// no certificate found?! error error error
log.add(LogLevel.ERROR, LogType.MSG_MF_ERROR_INTEGRITY, indent);
- return null;
+ return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
}
// we definitely should not update certifications of revoked keys, so just leave it.
if (isRevoked) {
// revoked user ids cannot be primary!
- if (userId.equals(saveParcel.changePrimaryUserId)) {
+ if (userId.equals(saveParcel.mChangePrimaryUserId)) {
log.add(LogLevel.ERROR, LogType.MSG_MF_ERROR_REVOKED_PRIMARY, indent);
- return null;
+ return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
}
continue;
}
// if this is~ the/a primary user id
- if (currentCert.hasSubpackets() && currentCert.getHashedSubPackets().isPrimaryUserID()) {
+ if (currentCert.getHashedSubPackets() != null
+ && currentCert.getHashedSubPackets().isPrimaryUserID()) {
// if it's the one we want, just leave it as is
- if (userId.equals(saveParcel.changePrimaryUserId)) {
+ if (userId.equals(saveParcel.mChangePrimaryUserId)) {
+ ok = true;
continue;
}
// otherwise, generate new non-primary certification
+ log.add(LogLevel.DEBUG, LogType.MSG_MF_PRIMARY_REPLACE_OLD, indent);
modifiedPublicKey = PGPPublicKey.removeCertification(
modifiedPublicKey, userId, currentCert);
PGPSignature newCert = generateUserIdSignature(
- masterPrivateKey, masterPublicKey, userId, false);
+ masterPrivateKey, masterPublicKey, userId, false, masterKeyFlags);
modifiedPublicKey = PGPPublicKey.addCertification(
modifiedPublicKey, userId, newCert);
continue;
@@ -399,20 +487,28 @@ public class PgpKeyOperation {
// if we are here, this is not currently a primary user id
// if it should be
- if (userId.equals(saveParcel.changePrimaryUserId)) {
+ if (userId.equals(saveParcel.mChangePrimaryUserId)) {
// add shiny new primary user id certificate
+ log.add(LogLevel.DEBUG, LogType.MSG_MF_PRIMARY_NEW, indent);
modifiedPublicKey = PGPPublicKey.removeCertification(
modifiedPublicKey, userId, currentCert);
PGPSignature newCert = generateUserIdSignature(
- masterPrivateKey, masterPublicKey, userId, true);
+ masterPrivateKey, masterPublicKey, userId, true, masterKeyFlags);
modifiedPublicKey = PGPPublicKey.addCertification(
modifiedPublicKey, userId, newCert);
+ ok = true;
}
// user id is not primary and is not supposed to be - nothing to do here.
}
+ indent -= 1;
+
+ if (!ok) {
+ log.add(LogLevel.ERROR, LogType.MSG_MF_ERROR_NOEXIST_PRIMARY, indent);
+ return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
+ }
}
// Update the secret key ring
@@ -423,40 +519,80 @@ public class PgpKeyOperation {
}
// 4a. For each subkey change, generate new subkey binding certificate
- for (SaveKeyringParcel.SubkeyChange change : saveParcel.changeSubKeys) {
+ subProgressPush(50, 60);
+ for (int i = 0; i < saveParcel.mChangeSubKeys.size(); i++) {
+
+ progress(R.string.progress_modify_subkeychange, (i-1) * (100 / saveParcel.mAddSubKeys.size()));
+ SaveKeyringParcel.SubkeyChange change = saveParcel.mChangeSubKeys.get(i);
log.add(LogLevel.INFO, LogType.MSG_MF_SUBKEY_CHANGE,
indent, PgpKeyHelper.convertKeyIdToHex(change.mKeyId));
+
+ // TODO allow changes in master key? this implies generating new user id certs...
+ if (change.mKeyId == masterPublicKey.getKeyID()) {
+ Log.e(Constants.TAG, "changing the master key not supported");
+ return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
+ }
+
PGPSecretKey sKey = sKR.getSecretKey(change.mKeyId);
if (sKey == null) {
log.add(LogLevel.ERROR, LogType.MSG_MF_SUBKEY_MISSING,
indent + 1, PgpKeyHelper.convertKeyIdToHex(change.mKeyId));
- return null;
+ return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
}
PGPPublicKey pKey = sKey.getPublicKey();
- if (change.mExpiry != null && new Date(change.mExpiry).before(new Date())) {
+ // expiry must not be in the past
+ if (change.mExpiry != null && new Date(change.mExpiry*1000).before(new Date())) {
log.add(LogLevel.ERROR, LogType.MSG_MF_SUBKEY_PAST_EXPIRY,
indent + 1, PgpKeyHelper.convertKeyIdToHex(change.mKeyId));
- return null;
+ return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
}
- // generate and add new signature. we can be sloppy here and just leave the old one,
- // it will be removed during canonicalization
+ // keep old flags, or replace with new ones
+ int flags = change.mFlags == null ? readKeyFlags(pKey) : change.mFlags;
+ long expiry;
+ if (change.mExpiry == null) {
+ long valid = pKey.getValidSeconds();
+ expiry = valid == 0
+ ? 0
+ : pKey.getCreationTime().getTime() / 1000 + pKey.getValidSeconds();
+ } else {
+ expiry = change.mExpiry;
+ }
+
+ // drop all old signatures, they will be superseded by the new one
+ //noinspection unchecked
+ for (PGPSignature sig : new IterableIterator(pKey.getSignatures())) {
+ // special case: if there is a revocation, don't use expiry from before
+ if (change.mExpiry == null
+ && sig.getSignatureType() == PGPSignature.SUBKEY_REVOCATION) {
+ expiry = 0;
+ }
+ pKey = PGPPublicKey.removeCertification(pKey, sig);
+ }
+
+ // generate and add new signature
PGPSignature sig = generateSubkeyBindingSignature(masterPublicKey, masterPrivateKey,
- sKey, pKey, change.mFlags, change.mExpiry, passphrase);
+ sKey, pKey, flags, expiry, passphrase);
pKey = PGPPublicKey.addCertification(pKey, sig);
sKR = PGPSecretKeyRing.insertSecretKey(sKR, PGPSecretKey.replacePublicKey(sKey, pKey));
}
+ subProgressPop();
// 4b. For each subkey revocation, generate new subkey revocation certificate
- for (long revocation : saveParcel.revokeSubKeys) {
+ subProgressPush(60, 70);
+ for (int i = 0; i < saveParcel.mRevokeSubKeys.size(); i++) {
+
+ progress(R.string.progress_modify_subkeyrevoke, (i-1) * (100 / saveParcel.mAddSubKeys.size()));
+ long revocation = saveParcel.mRevokeSubKeys.get(i);
log.add(LogLevel.INFO, LogType.MSG_MF_SUBKEY_REVOKE,
indent, PgpKeyHelper.convertKeyIdToHex(revocation));
+
PGPSecretKey sKey = sKR.getSecretKey(revocation);
if (sKey == null) {
log.add(LogLevel.ERROR, LogType.MSG_MF_SUBKEY_MISSING,
indent+1, PgpKeyHelper.convertKeyIdToHex(revocation));
- return null;
+ return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
}
PGPPublicKey pKey = sKey.getPublicKey();
@@ -466,54 +602,64 @@ public class PgpKeyOperation {
pKey = PGPPublicKey.addCertification(pKey, sig);
sKR = PGPSecretKeyRing.insertSecretKey(sKR, PGPSecretKey.replacePublicKey(sKey, pKey));
}
+ subProgressPop();
// 5. Generate and add new subkeys
- for (SaveKeyringParcel.SubkeyAdd add : saveParcel.addSubKeys) {
- try {
+ subProgressPush(70, 90);
+ for (int i = 0; i < saveParcel.mAddSubKeys.size(); i++) {
- if (add.mExpiry != null && new Date(add.mExpiry).before(new Date())) {
- log.add(LogLevel.ERROR, LogType.MSG_MF_SUBKEY_PAST_EXPIRY, indent +1);
- return null;
- }
+ progress(R.string.progress_modify_subkeyadd, (i-1) * (100 / saveParcel.mAddSubKeys.size()));
+ SaveKeyringParcel.SubkeyAdd add = saveParcel.mAddSubKeys.get(0);
+ log.add(LogLevel.INFO, LogType.MSG_MF_SUBKEY_NEW, indent);
- log.add(LogLevel.INFO, LogType.MSG_MF_SUBKEY_NEW, indent);
-
- // generate a new secret key (privkey only for now)
- PGPKeyPair keyPair = createKey(add.mAlgorithm, add.mKeysize);
-
- // add subkey binding signature (making this a sub rather than master key)
- PGPPublicKey pKey = keyPair.getPublicKey();
- PGPSignature cert = generateSubkeyBindingSignature(
- masterPublicKey, masterPrivateKey, keyPair.getPrivateKey(), pKey,
- add.mFlags, add.mExpiry);
- pKey = PGPPublicKey.addSubkeyBindingCertification(pKey, cert);
-
- PGPSecretKey sKey; {
- // define hashing and signing algos
- PGPDigestCalculator sha1Calc = new JcaPGPDigestCalculatorProviderBuilder()
- .build().get(HashAlgorithmTags.SHA1);
-
- // Build key encrypter and decrypter based on passphrase
- PBESecretKeyEncryptor keyEncryptor = new JcePBESecretKeyEncryptorBuilder(
- PGPEncryptedData.CAST5, sha1Calc)
- .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build("".toCharArray());
-
- sKey = new PGPSecretKey(keyPair.getPrivateKey(), pKey,
- sha1Calc, false, keyEncryptor);
- }
-
- log.add(LogLevel.DEBUG, LogType.MSG_MF_SUBKEY_NEW_ID,
- indent+1, PgpKeyHelper.convertKeyIdToHex(sKey.getKeyID()));
-
- sKR = PGPSecretKeyRing.insertSecretKey(sKR, sKey);
-
- } catch (PgpGeneralMsgIdException e) {
- return null;
+ if (add.mExpiry != null && new Date(add.mExpiry*1000).before(new Date())) {
+ log.add(LogLevel.ERROR, LogType.MSG_MF_SUBKEY_PAST_EXPIRY, indent +1);
+ return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
}
+
+ // generate a new secret key (privkey only for now)
+ subProgressPush(
+ (i-1) * (100 / saveParcel.mAddSubKeys.size()),
+ i * (100 / saveParcel.mAddSubKeys.size())
+ );
+ PGPKeyPair keyPair = createKey(add.mAlgorithm, add.mKeysize, log, indent);
+ subProgressPop();
+ if(keyPair == null) {
+ return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
+ }
+
+ // add subkey binding signature (making this a sub rather than master key)
+ PGPPublicKey pKey = keyPair.getPublicKey();
+ PGPSignature cert = generateSubkeyBindingSignature(
+ masterPublicKey, masterPrivateKey, keyPair.getPrivateKey(), pKey,
+ add.mFlags, add.mExpiry == null ? 0 : add.mExpiry);
+ pKey = PGPPublicKey.addSubkeyBindingCertification(pKey, cert);
+
+ PGPSecretKey sKey; {
+ // define hashing and signing algos
+ PGPDigestCalculator sha1Calc = new JcaPGPDigestCalculatorProviderBuilder()
+ .build().get(HashAlgorithmTags.SHA1);
+
+ // Build key encrypter and decrypter based on passphrase
+ PBESecretKeyEncryptor keyEncryptor = new JcePBESecretKeyEncryptorBuilder(
+ PGPEncryptedData.CAST5, sha1Calc)
+ .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build("".toCharArray());
+
+ sKey = new PGPSecretKey(keyPair.getPrivateKey(), pKey,
+ sha1Calc, false, keyEncryptor);
+ }
+
+ log.add(LogLevel.DEBUG, LogType.MSG_MF_SUBKEY_NEW_ID,
+ indent+1, PgpKeyHelper.convertKeyIdToHex(sKey.getKeyID()));
+
+ sKR = PGPSecretKeyRing.insertSecretKey(sKR, sKey);
+
}
+ subProgressPop();
// 6. If requested, change passphrase
- if (saveParcel.newPassphrase != null) {
+ if (saveParcel.mNewPassphrase != null) {
+ progress(R.string.progress_modify_passphrase, 90);
log.add(LogLevel.INFO, LogType.MSG_MF_PASSPHRASE, indent);
PGPDigestCalculator sha1Calc = new JcaPGPDigestCalculatorProviderBuilder().build()
.get(HashAlgorithmTags.SHA1);
@@ -523,7 +669,7 @@ public class PgpKeyOperation {
PBESecretKeyEncryptor keyEncryptorNew = new JcePBESecretKeyEncryptorBuilder(
PGPEncryptedData.CAST5, sha1Calc)
.setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(
- saveParcel.newPassphrase.toCharArray());
+ saveParcel.mNewPassphrase.toCharArray());
sKR = PGPSecretKeyRing.copyWithNewPassword(sKR, keyDecryptor, keyEncryptorNew);
}
@@ -531,22 +677,24 @@ public class PgpKeyOperation {
// This one must only be thrown by
} catch (IOException e) {
log.add(LogLevel.ERROR, LogType.MSG_MF_ERROR_ENCODE, indent+1);
- return null;
+ return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
} catch (PGPException e) {
+ Log.e(Constants.TAG, "encountered pgp error while modifying key", e);
log.add(LogLevel.ERROR, LogType.MSG_MF_ERROR_PGP, indent+1);
- return null;
+ return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
} catch (SignatureException e) {
log.add(LogLevel.ERROR, LogType.MSG_MF_ERROR_SIG, indent+1);
- return null;
+ return new EditKeyResult(EditKeyResult.RESULT_ERROR, log, null);
}
+ progress(R.string.progress_done, 100);
log.add(LogLevel.OK, LogType.MSG_MF_SUCCESS, indent);
- return new UncachedKeyRing(sKR);
+ return new EditKeyResult(OperationResultParcel.RESULT_OK, log, new UncachedKeyRing(sKR));
}
private static PGPSignature generateUserIdSignature(
- PGPPrivateKey masterPrivateKey, PGPPublicKey pKey, String userId, boolean primary)
+ PGPPrivateKey masterPrivateKey, PGPPublicKey pKey, String userId, boolean primary, int flags)
throws IOException, PGPException, SignatureException {
PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(
pKey.getAlgorithm(), PGPUtil.SHA1)
@@ -558,6 +706,7 @@ public class PgpKeyOperation {
subHashedPacketsGen.setPreferredHashAlgorithms(true, PREFERRED_HASH_ALGORITHMS);
subHashedPacketsGen.setPreferredCompressionAlgorithms(true, PREFERRED_COMPRESSION_ALGORITHMS);
subHashedPacketsGen.setPrimaryUserID(false, primary);
+ subHashedPacketsGen.setKeyFlags(false, flags);
sGen.setHashedSubpackets(subHashedPacketsGen.generate());
sGen.init(PGPSignature.POSITIVE_CERTIFICATION, masterPrivateKey);
return sGen.generateCertification(userId, pKey);
@@ -599,7 +748,7 @@ public class PgpKeyOperation {
private static PGPSignature generateSubkeyBindingSignature(
PGPPublicKey masterPublicKey, PGPPrivateKey masterPrivateKey,
- PGPSecretKey sKey, PGPPublicKey pKey, int flags, Long expiry, String passphrase)
+ PGPSecretKey sKey, PGPPublicKey pKey, int flags, long expiry, String passphrase)
throws IOException, PGPException, SignatureException {
PBESecretKeyDecryptor keyDecryptor = new JcePBESecretKeyDecryptorBuilder()
.setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(
@@ -611,7 +760,7 @@ public class PgpKeyOperation {
private static PGPSignature generateSubkeyBindingSignature(
PGPPublicKey masterPublicKey, PGPPrivateKey masterPrivateKey,
- PGPPrivateKey subPrivateKey, PGPPublicKey pKey, int flags, Long expiry)
+ PGPPrivateKey subPrivateKey, PGPPublicKey pKey, int flags, long expiry)
throws IOException, PGPException, SignatureException {
// date for signing
@@ -640,17 +789,9 @@ public class PgpKeyOperation {
hashedPacketsGen.setKeyFlags(false, flags);
}
- if (expiry != null) {
- Calendar creationDate = Calendar.getInstance(TimeZone.getTimeZone("UTC"));
- creationDate.setTime(pKey.getCreationTime());
-
- // (Just making sure there's no programming error here, this MUST have been checked above!)
- if (new Date(expiry).before(todayDate)) {
- throw new RuntimeException("Bad subkey creation date, this is a bug!");
- }
- hashedPacketsGen.setKeyExpirationTime(false, expiry - creationDate.getTimeInMillis());
- } else {
- hashedPacketsGen.setKeyExpirationTime(false, 0);
+ if (expiry > 0) {
+ long creationTime = pKey.getCreationTime().getTime() / 1000;
+ hashedPacketsGen.setKeyExpirationTime(false, expiry - creationTime);
}
PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(
@@ -665,4 +806,22 @@ public class PgpKeyOperation {
}
+ /** Returns all flags valid for this key.
+ *
+ * This method does not do any validity checks on the signature, so it should not be used on
+ * a non-canonicalized key!
+ *
+ */
+ private static int readKeyFlags(PGPPublicKey key) {
+ int flags = 0;
+ //noinspection unchecked
+ for(PGPSignature sig : new IterableIterator(key.getSignatures())) {
+ if (sig.getHashedSubPackets() == null) {
+ continue;
+ }
+ flags |= sig.getHashedSubPackets().getKeyFlags();
+ }
+ return flags;
+ }
+
}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncrypt.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncrypt.java
index 4cb92c368..f0403e625 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncrypt.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncrypt.java
@@ -266,11 +266,11 @@ public class PgpSignEncrypt {
}
/* Get keys for signature generation for later usage */
- WrappedSecretKey signingKey = null;
+ CanonicalizedSecretKey signingKey = null;
if (enableSignature) {
- WrappedSecretKeyRing signingKeyRing;
+ CanonicalizedSecretKeyRing signingKeyRing;
try {
- signingKeyRing = mProviderHelper.getWrappedSecretKeyRing(mSignatureMasterKeyId);
+ signingKeyRing = mProviderHelper.getCanonicalizedSecretKeyRing(mSignatureMasterKeyId);
} catch (ProviderHelper.NotFoundException e) {
throw new NoSigningKeyException();
}
@@ -316,9 +316,9 @@ public class PgpSignEncrypt {
// Asymmetric encryption
for (long id : mEncryptionMasterKeyIds) {
try {
- WrappedPublicKeyRing keyRing = mProviderHelper.getWrappedPublicKeyRing(
+ CanonicalizedPublicKeyRing keyRing = mProviderHelper.getCanonicalizedPublicKeyRing(
KeyRings.buildUnifiedKeyRingUri(id));
- WrappedPublicKey key = keyRing.getEncryptionSubKey();
+ CanonicalizedPublicKey key = keyRing.getEncryptionSubKey();
cPk.addMethod(key.getPubKeyEncryptionGenerator());
} catch (PgpGeneralException e) {
Log.e(Constants.TAG, "key not found!", e);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java
index 441e2762a..502e3a70c 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java
@@ -1,7 +1,6 @@
package org.sufficientlysecure.keychain.pgp;
import org.spongycastle.bcpg.ArmoredOutputStream;
-import org.spongycastle.bcpg.S2K;
import org.spongycastle.bcpg.SignatureSubpacketTags;
import org.spongycastle.bcpg.sig.KeyFlags;
import org.spongycastle.openpgp.PGPKeyFlags;
@@ -14,6 +13,7 @@ import org.spongycastle.openpgp.PGPSecretKeyRing;
import org.spongycastle.openpgp.PGPSignature;
import org.spongycastle.openpgp.PGPSignatureList;
import org.spongycastle.openpgp.PGPUtil;
+import org.spongycastle.openpgp.operator.jcajce.JcaKeyFingerprintCalculator;
import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
import org.sufficientlysecure.keychain.service.OperationResultParcel.OperationLog;
@@ -22,20 +22,18 @@ import org.sufficientlysecure.keychain.service.OperationResultParcel.LogType;
import org.sufficientlysecure.keychain.util.IterableIterator;
import org.sufficientlysecure.keychain.util.Log;
-import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.ArrayList;
import java.util.Comparator;
import java.util.Date;
-import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.TreeSet;
-import java.util.Vector;
/** Wrapper around PGPKeyRing class, to be constructed from bytes.
*
@@ -49,7 +47,7 @@ import java.util.Vector;
* treated equally for most purposes in UI code. It is up to the programmer to
* take care of the differences.
*
- * @see org.sufficientlysecure.keychain.pgp.WrappedKeyRing
+ * @see CanonicalizedKeyRing
* @see org.sufficientlysecure.keychain.pgp.UncachedPublicKey
* @see org.sufficientlysecure.keychain.pgp.UncachedSecretKey
*
@@ -59,18 +57,10 @@ public class UncachedKeyRing {
final PGPKeyRing mRing;
final boolean mIsSecret;
- final boolean mIsCanonicalized;
UncachedKeyRing(PGPKeyRing ring) {
mRing = ring;
mIsSecret = ring instanceof PGPSecretKeyRing;
- mIsCanonicalized = false;
- }
-
- private UncachedKeyRing(PGPKeyRing ring, boolean canonicalized) {
- mRing = ring;
- mIsSecret = ring instanceof PGPSecretKeyRing;
- mIsCanonicalized = canonicalized;
}
public long getMasterKeyId() {
@@ -81,11 +71,15 @@ public class UncachedKeyRing {
return new UncachedPublicKey(mRing.getPublicKey());
}
+ public UncachedPublicKey getPublicKey(long keyId) {
+ return new UncachedPublicKey(mRing.getPublicKey(keyId));
+ }
+
public Iterator getPublicKeys() {
final Iterator it = mRing.getPublicKeys();
return new Iterator() {
public void remove() {
- it.remove();
+ throw new UnsupportedOperationException();
}
public UncachedPublicKey next() {
return new UncachedPublicKey(it.next());
@@ -101,10 +95,6 @@ public class UncachedKeyRing {
return mIsSecret;
}
- public boolean isCanonicalized() {
- return mIsCanonicalized;
- }
-
public byte[] getEncoded() throws IOException {
return mRing.getEncoded();
}
@@ -115,43 +105,86 @@ public class UncachedKeyRing {
public static UncachedKeyRing decodeFromData(byte[] data)
throws PgpGeneralException, IOException {
- BufferedInputStream bufferedInput =
- new BufferedInputStream(new ByteArrayInputStream(data));
- if (bufferedInput.available() > 0) {
- InputStream in = PGPUtil.getDecoderStream(bufferedInput);
- PGPObjectFactory objectFactory = new PGPObjectFactory(in);
- // get first object in block
- Object obj;
- if ((obj = objectFactory.nextObject()) != null && obj instanceof PGPKeyRing) {
- return new UncachedKeyRing((PGPKeyRing) obj);
- } else {
- throw new PgpGeneralException("Object not recognized as PGPKeyRing!");
- }
- } else {
+ Iterator parsed = fromStream(new ByteArrayInputStream(data));
+
+ if ( ! parsed.hasNext()) {
throw new PgpGeneralException("Object not recognized as PGPKeyRing!");
}
+
+ UncachedKeyRing ring = parsed.next();
+
+ if (parsed.hasNext()) {
+ throw new PgpGeneralException("Expected single keyring in stream, found at least two");
+ }
+
+ return ring;
+
}
- public static List fromStream(InputStream stream)
- throws PgpGeneralException, IOException {
+ public static Iterator fromStream(final InputStream stream) throws IOException {
- PGPObjectFactory objectFactory = new PGPObjectFactory(PGPUtil.getDecoderStream(stream));
+ return new Iterator() {
- List result = new Vector();
+ UncachedKeyRing mNext = null;
+ PGPObjectFactory mObjectFactory = null;
- // go through all objects in this block
- Object obj;
- while ((obj = objectFactory.nextObject()) != null) {
- Log.d(Constants.TAG, "Found class: " + obj.getClass());
+ private void cacheNext() {
+ if (mNext != null) {
+ return;
+ }
+
+ try {
+ while(stream.available() > 0) {
+ // if there are no objects left from the last factory, create a new one
+ if (mObjectFactory == null) {
+ mObjectFactory = new PGPObjectFactory(PGPUtil.getDecoderStream(stream));
+ }
+
+ // go through all objects in this block
+ Object obj;
+ while ((obj = mObjectFactory.nextObject()) != null) {
+ Log.d(Constants.TAG, "Found class: " + obj.getClass());
+ if (!(obj instanceof PGPKeyRing)) {
+ Log.i(Constants.TAG,
+ "Skipping object of bad type " + obj.getClass().getName() + " in stream");
+ // skip object
+ continue;
+ }
+ mNext = new UncachedKeyRing((PGPKeyRing) obj);
+ return;
+ }
+ // if we are past the while loop, that means the objectFactory had no next
+ mObjectFactory = null;
+ }
+ } catch (IOException e) {
+ Log.e(Constants.TAG, "IOException while processing stream", e);
+ }
- if (obj instanceof PGPKeyRing) {
- result.add(new UncachedKeyRing((PGPKeyRing) obj));
- } else {
- Log.e(Constants.TAG, "Object not recognized as PGPKeyRing!");
}
- }
- return result;
+
+ @Override
+ public boolean hasNext() {
+ cacheNext();
+ return mNext != null;
+ }
+
+ @Override
+ public UncachedKeyRing next() {
+ try {
+ cacheNext();
+ return mNext;
+ } finally {
+ mNext = null;
+ }
+ }
+
+ @Override
+ public void remove() {
+ throw new UnsupportedOperationException();
+ }
+ };
+
}
public void encodeArmored(OutputStream out, String version) throws IOException {
@@ -161,25 +194,6 @@ public class UncachedKeyRing {
aos.close();
}
- public HashSet getAvailableSubkeys() {
- if(!isSecret()) {
- throw new RuntimeException("Tried to find available subkeys from non-secret keys. " +
- "This is a programming error and should never happen!");
- }
-
- HashSet result = new HashSet();
- // then, mark exactly the keys we have available
- for (PGPSecretKey sub : new IterableIterator(
- ((PGPSecretKeyRing) mRing).getSecretKeys())) {
- S2K s2k = sub.getS2K();
- // Set to 1, except if the encryption type is GNU_DUMMY_S2K
- if(s2k == null || s2k.getType() != S2K.GNU_DUMMY_S2K) {
- result.add(sub.getKeyID());
- }
- }
- return result;
- }
-
/** "Canonicalizes" a public key, removing inconsistencies in the process. This variant can be
* applied to public keyrings only.
*
@@ -189,7 +203,7 @@ public class UncachedKeyRing {
* - Remove all certificates flagged as "local"
* - Remove all certificates which are superseded by a newer one on the same target,
* including revocations with later re-certifications.
- * - Remove all certificates of unknown type:
+ * - Remove all certificates in other positions if not of known type:
* - key revocation signatures on the master key
* - subkey binding signatures for subkeys
* - certifications and certification revocations for user ids
@@ -204,7 +218,7 @@ public class UncachedKeyRing {
*
*/
@SuppressWarnings("ConstantConditions")
- public UncachedKeyRing canonicalize(OperationLog log, int indent) {
+ public CanonicalizedKeyRing canonicalize(OperationLog log, int indent) {
log.add(LogLevel.START, isSecret() ? LogType.MSG_KC_SECRET : LogType.MSG_KC_PUBLIC,
indent, PgpKeyHelper.convertKeyIdToHex(getMasterKeyId()));
@@ -225,7 +239,7 @@ public class UncachedKeyRing {
PGPPublicKey modified = masterKey;
PGPSignature revocation = null;
- for (PGPSignature zert : new IterableIterator(masterKey.getSignatures())) {
+ for (PGPSignature zert : new IterableIterator(masterKey.getKeySignatures())) {
int type = zert.getSignatureType();
// Disregard certifications on user ids, we will deal with those later
@@ -234,6 +248,10 @@ public class UncachedKeyRing {
|| type == PGPSignature.CASUAL_CERTIFICATION
|| type == PGPSignature.POSITIVE_CERTIFICATION
|| type == PGPSignature.CERTIFICATION_REVOCATION) {
+ // These should not be here...
+ log.add(LogLevel.WARN, LogType.MSG_KC_REVOKE_BAD_TYPE_UID, indent);
+ modified = PGPPublicKey.removeCertification(modified, zert);
+ badCerts += 1;
continue;
}
WrappedSignature cert = new WrappedSignature(zert);
@@ -317,7 +335,7 @@ public class UncachedKeyRing {
if (cert.getCreationTime().after(now)) {
// Creation date in the future? No way!
- log.add(LogLevel.WARN, LogType.MSG_KC_REVOKE_BAD_TIME, indent);
+ log.add(LogLevel.WARN, LogType.MSG_KC_UID_BAD_TIME, indent);
modified = PGPPublicKey.removeCertification(modified, zert);
badCerts += 1;
continue;
@@ -325,7 +343,7 @@ public class UncachedKeyRing {
if (cert.isLocal()) {
// Creation date in the future? No way!
- log.add(LogLevel.WARN, LogType.MSG_KC_REVOKE_BAD_LOCAL, indent);
+ log.add(LogLevel.WARN, LogType.MSG_KC_UID_BAD_LOCAL, indent);
modified = PGPPublicKey.removeCertification(modified, zert);
badCerts += 1;
continue;
@@ -425,7 +443,7 @@ public class UncachedKeyRing {
// If no valid certificate (if only a revocation) remains, drop it
if (selfCert == null && revocation == null) {
modified = PGPPublicKey.removeCertification(modified, userId);
- log.add(LogLevel.ERROR, LogType.MSG_KC_UID_REVOKE_DUP,
+ log.add(LogLevel.ERROR, LogType.MSG_KC_UID_REMOVE,
indent, userId);
}
}
@@ -505,14 +523,17 @@ public class UncachedKeyRing {
continue;
}
- if (zert.getHashedSubPackets().hasSubpacket(SignatureSubpacketTags.KEY_FLAGS)) {
+ // if this certificate says it allows signing for the key
+ if (zert.getHashedSubPackets() != null &&
+ zert.getHashedSubPackets().hasSubpacket(SignatureSubpacketTags.KEY_FLAGS)) {
+
int flags = ((KeyFlags) zert.getHashedSubPackets()
.getSubpacket(SignatureSubpacketTags.KEY_FLAGS)).getFlags();
- // If this subkey is allowed to sign data,
if ((flags & PGPKeyFlags.CAN_SIGN) == PGPKeyFlags.CAN_SIGN) {
+ boolean ok = false;
+ // it MUST have an embedded primary key binding signature
try {
PGPSignatureList list = zert.getUnhashedSubPackets().getEmbeddedSignatures();
- boolean ok = false;
for (int i = 0; i < list.size(); i++) {
WrappedSignature subsig = new WrappedSignature(list.get(i));
if (subsig.getSignatureType() == PGPSignature.PRIMARYKEY_BINDING) {
@@ -526,17 +547,19 @@ public class UncachedKeyRing {
}
}
}
- if (!ok) {
- log.add(LogLevel.WARN, LogType.MSG_KC_SUB_PRIMARY_NONE, indent);
- badCerts += 1;
- continue;
- }
} catch (Exception e) {
log.add(LogLevel.WARN, LogType.MSG_KC_SUB_PRIMARY_BAD_ERR, indent);
badCerts += 1;
continue;
}
+ // if it doesn't, get rid of this!
+ if (!ok) {
+ log.add(LogLevel.WARN, LogType.MSG_KC_SUB_PRIMARY_NONE, indent);
+ badCerts += 1;
+ continue;
+ }
}
+
}
// if we already have a cert, and this one is not newer: skip it
@@ -549,6 +572,8 @@ public class UncachedKeyRing {
selfCert = zert;
// if this is newer than a possibly existing revocation, drop that one
if (revocation != null && selfCert.getCreationTime().after(revocation.getCreationTime())) {
+ log.add(LogLevel.DEBUG, LogType.MSG_KC_SUB_REVOKE_DUP, indent);
+ redundantCerts += 1;
revocation = null;
}
@@ -558,7 +583,7 @@ public class UncachedKeyRing {
// make sure the certificate checks out
try {
cert.init(masterKey);
- if (!cert.verifySignature(key)) {
+ if (!cert.verifySignature(masterKey, key)) {
log.add(LogLevel.WARN, LogType.MSG_KC_SUB_REVOKE_BAD, indent);
badCerts += 1;
continue;
@@ -582,7 +607,7 @@ public class UncachedKeyRing {
// it is not properly bound? error!
if (selfCert == null) {
- ring = replacePublicKey(ring, modified);
+ ring = removeSubKey(ring, key);
log.add(LogLevel.ERROR, LogType.MSG_KC_SUB_NO_CERT,
indent, PgpKeyHelper.convertKeyIdToHex(key.getKeyID()));
@@ -615,7 +640,8 @@ public class UncachedKeyRing {
log.add(LogLevel.OK, LogType.MSG_KC_SUCCESS, indent);
}
- return new UncachedKeyRing(ring, true);
+ return isSecret() ? new CanonicalizedSecretKeyRing((PGPSecretKeyRing) ring, 1)
+ : new CanonicalizedPublicKeyRing((PGPPublicKeyRing) ring, 0);
}
/** This operation merges information from a different keyring, returning a combined
@@ -650,7 +676,7 @@ public class UncachedKeyRing {
return left.length - right.length;
}
// compare byte-by-byte
- for (int i = 0; i < left.length && i < right.length; i++) {
+ for (int i = 0; i < left.length; i++) {
if (left[i] != right[i]) {
return (left[i] & 0xff) - (right[i] & 0xff);
}
@@ -678,7 +704,14 @@ public class UncachedKeyRing {
final PGPPublicKey resultKey = result.getPublicKey(key.getKeyID());
if (resultKey == null) {
log.add(LogLevel.DEBUG, LogType.MSG_MG_NEW_SUBKEY, indent);
- result = replacePublicKey(result, key);
+ // special case: if both rings are secret, copy over the secret key
+ if (isSecret() && other.isSecret()) {
+ PGPSecretKey sKey = ((PGPSecretKeyRing) candidate).getSecretKey(key.getKeyID());
+ result = PGPSecretKeyRing.insertSecretKey((PGPSecretKeyRing) result, sKey);
+ } else {
+ // otherwise, just insert the public key
+ result = replacePublicKey(result, key);
+ }
continue;
}
@@ -686,17 +719,7 @@ public class UncachedKeyRing {
PGPPublicKey modified = resultKey;
// Iterate certifications
- for (PGPSignature cert : new IterableIterator(key.getSignatures())) {
- int type = cert.getSignatureType();
- // Disregard certifications on user ids, we will deal with those later
- if (type == PGPSignature.NO_CERTIFICATION
- || type == PGPSignature.DEFAULT_CERTIFICATION
- || type == PGPSignature.CASUAL_CERTIFICATION
- || type == PGPSignature.POSITIVE_CERTIFICATION
- || type == PGPSignature.CERTIFICATION_REVOCATION) {
- continue;
- }
-
+ for (PGPSignature cert : new IterableIterator(key.getKeySignatures())) {
// Don't merge foreign stuff into secret keys
if (cert.getKeyID() != masterKeyId && isSecret()) {
continue;
@@ -744,8 +767,12 @@ public class UncachedKeyRing {
}
- log.add(LogLevel.DEBUG, LogType.MSG_MG_FOUND_NEW,
- indent, Integer.toString(newCerts));
+ if (newCerts > 0) {
+ log.add(LogLevel.DEBUG, LogType.MSG_MG_FOUND_NEW, indent,
+ Integer.toString(newCerts));
+ } else {
+ log.add(LogLevel.DEBUG, LogType.MSG_MG_UNCHANGED, indent);
+ }
return new UncachedKeyRing(result);
@@ -756,19 +783,20 @@ public class UncachedKeyRing {
}
- public UncachedKeyRing extractPublicKeyRing() {
+ public UncachedKeyRing extractPublicKeyRing() throws IOException {
if(!isSecret()) {
throw new RuntimeException("Tried to extract public keyring from non-secret keyring. " +
"This is a programming error and should never happen!");
}
- ArrayList keys = new ArrayList();
Iterator it = mRing.getPublicKeys();
+ ByteArrayOutputStream stream = new ByteArrayOutputStream(2048);
while (it.hasNext()) {
- keys.add(it.next());
+ stream.write(it.next().getEncoded());
}
- return new UncachedKeyRing(new PGPPublicKeyRing(keys));
+ return new UncachedKeyRing(
+ new PGPPublicKeyRing(stream.toByteArray(), new JcaKeyFingerprintCalculator()));
}
/** This method replaces a public key in a keyring.
@@ -792,4 +820,20 @@ public class UncachedKeyRing {
return PGPSecretKeyRing.insertSecretKey(secRing, sKey);
}
+ /** This method removes a subkey in a keyring.
+ *
+ * This method essentially wraps PGP*KeyRing.remove*Key, where the keyring may be of either
+ * the secret or public subclass.
+ *
+ * @return the resulting PGPKeyRing of the same type as the input
+ */
+ private static PGPKeyRing removeSubKey(PGPKeyRing ring, PGPPublicKey key) {
+ if (ring instanceof PGPPublicKeyRing) {
+ return PGPPublicKeyRing.removePublicKey((PGPPublicKeyRing) ring, key);
+ } else {
+ PGPSecretKey sKey = ((PGPSecretKeyRing) ring).getSecretKey(key.getKeyID());
+ return PGPSecretKeyRing.removeSecretKey((PGPSecretKeyRing) ring, sKey);
+ }
+ }
+
}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedPublicKey.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedPublicKey.java
index 33db7771b..358b1c552 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedPublicKey.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedPublicKey.java
@@ -1,16 +1,14 @@
package org.sufficientlysecure.keychain.pgp;
-import org.spongycastle.bcpg.SignatureSubpacketTags;
import org.spongycastle.bcpg.sig.KeyFlags;
-import org.spongycastle.openpgp.PGPException;
import org.spongycastle.openpgp.PGPPublicKey;
import org.spongycastle.openpgp.PGPSignature;
import org.spongycastle.openpgp.PGPSignatureSubpacketVector;
import org.spongycastle.openpgp.operator.jcajce.JcaPGPContentVerifierBuilderProvider;
import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.util.IterableIterator;
+import org.sufficientlysecure.keychain.util.Log;
-import java.security.SignatureException;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
@@ -44,14 +42,19 @@ public class UncachedPublicKey {
}
public Date getExpiryTime() {
- Date creationDate = getCreationTime();
- if (mPublicKey.getValidDays() == 0) {
+ long seconds = mPublicKey.getValidSeconds();
+ if (seconds > Integer.MAX_VALUE) {
+ Log.e(Constants.TAG, "error, expiry time too large");
+ return null;
+ }
+ if (seconds == 0) {
// no expiry
return null;
}
+ Date creationDate = getCreationTime();
Calendar calendar = GregorianCalendar.getInstance();
calendar.setTime(creationDate);
- calendar.add(Calendar.DATE, mPublicKey.getValidDays());
+ calendar.add(Calendar.SECOND, (int) seconds);
return calendar.getTime();
}
@@ -77,26 +80,76 @@ public class UncachedPublicKey {
return mPublicKey.getBitStrength();
}
+ /** Returns the primary user id, as indicated by the public key's self certificates.
+ *
+ * This is an expensive operation, since potentially a lot of certificates (and revocations)
+ * have to be checked, and even then the result is NOT guaranteed to be constant through a
+ * canonicalization operation.
+ *
+ * Returns null if there is no primary user id (as indicated by certificates)
+ *
+ */
public String getPrimaryUserId() {
+ String found = null;
+ PGPSignature foundSig = null;
for (String userId : new IterableIterator(mPublicKey.getUserIDs())) {
+ PGPSignature revocation = null;
+
for (PGPSignature sig : new IterableIterator(mPublicKey.getSignaturesForID(userId))) {
- if (sig.getHashedSubPackets() != null
- && sig.getHashedSubPackets().hasSubpacket(SignatureSubpacketTags.PRIMARY_USER_ID)) {
- try {
+ try {
+
+ // if this is a revocation, this is not the user id
+ if (sig.getSignatureType() == PGPSignature.CERTIFICATION_REVOCATION) {
+ // make sure it's actually valid
+ sig.init(new JcaPGPContentVerifierBuilderProvider().setProvider(
+ Constants.BOUNCY_CASTLE_PROVIDER_NAME), mPublicKey);
+ if (!sig.verifyCertification(userId, mPublicKey)) {
+ continue;
+ }
+ if (found != null && found.equals(userId)) {
+ found = null;
+ }
+ revocation = sig;
+ // this revocation may still be overridden by a newer cert
+ continue;
+ }
+
+ if (sig.getHashedSubPackets() != null && sig.getHashedSubPackets().isPrimaryUserID()) {
+ if (foundSig != null && sig.getCreationTime().before(foundSig.getCreationTime())) {
+ continue;
+ }
+ // ignore if there is a newer revocation for this user id
+ if (revocation != null && sig.getCreationTime().before(revocation.getCreationTime())) {
+ continue;
+ }
// make sure it's actually valid
sig.init(new JcaPGPContentVerifierBuilderProvider().setProvider(
Constants.BOUNCY_CASTLE_PROVIDER_NAME), mPublicKey);
if (sig.verifyCertification(userId, mPublicKey)) {
- return userId;
+ found = userId;
+ foundSig = sig;
+ // this one can't be relevant anymore at this point
+ revocation = null;
}
- } catch (Exception e) {
- // nothing bad happens, the key is just not considered the primary key id
}
- }
+ } catch (Exception e) {
+ // nothing bad happens, the key is just not considered the primary key id
+ }
}
}
- return null;
+ return found;
+ }
+
+ /**
+ * Returns primary user id if existing. If not, return first encountered user id.
+ */
+ public String getPrimaryUserIdWithFallback() {
+ String userId = getPrimaryUserId();
+ if (userId == null) {
+ userId = (String) mPublicKey.getUserIDs().next();
+ }
+ return userId;
}
public ArrayList getUnorderedUserIds() {
@@ -186,6 +239,21 @@ public class UncachedPublicKey {
return mPublicKey;
}
+ public Iterator getSignatures() {
+ final Iterator it = mPublicKey.getSignatures();
+ return new Iterator() {
+ public void remove() {
+ it.remove();
+ }
+ public WrappedSignature next() {
+ return new WrappedSignature(it.next());
+ }
+ public boolean hasNext() {
+ return it.hasNext();
+ }
+ };
+ }
+
public Iterator getSignaturesForId(String userId) {
final Iterator it = mPublicKey.getSignaturesForID(userId);
return new Iterator() {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/WrappedSignature.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/WrappedSignature.java
index 196ac1dee..07fb4fb9e 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/WrappedSignature.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/WrappedSignature.java
@@ -15,6 +15,7 @@ import org.sufficientlysecure.keychain.util.Log;
import java.io.IOException;
import java.security.SignatureException;
+import java.util.ArrayList;
import java.util.Date;
/** OpenKeychain wrapper around PGPSignature objects.
@@ -55,12 +56,41 @@ public class WrappedSignature {
return mSig.getCreationTime();
}
+ public ArrayList getEmbeddedSignatures() {
+ ArrayList sigs = new ArrayList();
+ if (!mSig.hasSubpackets()) {
+ return sigs;
+ }
+ try {
+ PGPSignatureList list;
+ if (mSig.getHashedSubPackets() != null) {
+ list = mSig.getHashedSubPackets().getEmbeddedSignatures();
+ for (int i = 0; i < list.size(); i++) {
+ sigs.add(new WrappedSignature(list.get(i)));
+ }
+ }
+ if (mSig.getUnhashedSubPackets() != null) {
+ list = mSig.getUnhashedSubPackets().getEmbeddedSignatures();
+ for (int i = 0; i < list.size(); i++) {
+ sigs.add(new WrappedSignature(list.get(i)));
+ }
+ }
+ } catch (PGPException e) {
+ // no matter
+ Log.e(Constants.TAG, "exception reading embedded signatures", e);
+ } catch (IOException e) {
+ // no matter
+ Log.e(Constants.TAG, "exception reading embedded signatures", e);
+ }
+ return sigs;
+ }
+
public byte[] getEncoded() throws IOException {
return mSig.getEncoded();
}
public boolean isRevocation() {
- return mSig.getHashedSubPackets().hasSubpacket(SignatureSubpacketTags.REVOCATION_REASON);
+ return mSig.getSignatureType() == PGPSignature.CERTIFICATION_REVOCATION;
}
public boolean isPrimaryUserId() {
@@ -71,6 +101,9 @@ public class WrappedSignature {
if(!isRevocation()) {
throw new PgpGeneralException("Not a revocation signature.");
}
+ if (mSig.getHashedSubPackets() == null) {
+ return null;
+ }
SignatureSubpacket p = mSig.getHashedSubPackets().getSubpacket(
SignatureSubpacketTags.REVOCATION_REASON);
// For some reason, this is missing in SignatureSubpacketInputStream:146
@@ -80,7 +113,7 @@ public class WrappedSignature {
return ((RevocationReason) p).getRevocationDescription();
}
- public void init(WrappedPublicKey key) throws PgpGeneralException {
+ public void init(CanonicalizedPublicKey key) throws PgpGeneralException {
init(key.getPublicKey());
}
@@ -158,7 +191,7 @@ public class WrappedSignature {
public boolean verifySignature(UncachedPublicKey key, String uid) throws PgpGeneralException {
return verifySignature(key.getPublicKey(), uid);
}
- public boolean verifySignature(WrappedPublicKey key, String uid) throws PgpGeneralException {
+ public boolean verifySignature(CanonicalizedPublicKey key, String uid) throws PgpGeneralException {
return verifySignature(key.getPublicKey(), uid);
}
@@ -179,7 +212,7 @@ public class WrappedSignature {
}
public boolean isLocal() {
- if (!mSig.hasSubpackets()
+ if (mSig.getHashedSubPackets() == null
|| !mSig.getHashedSubPackets().hasSubpacket(SignatureSubpacketTags.EXPORTABLE)) {
return false;
}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/CachedPublicKeyRing.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/CachedPublicKeyRing.java
index bc7221d13..aa0207a6a 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/CachedPublicKeyRing.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/CachedPublicKeyRing.java
@@ -83,6 +83,10 @@ public class CachedPublicKeyRing extends KeyRing {
}
}
+ public String getPrimaryUserIdWithFallback() throws PgpGeneralException {
+ return getPrimaryUserId();
+ }
+
@Override
public boolean isRevoked() throws PgpGeneralException {
try {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java
index 81e218ccf..aa85577e0 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java
@@ -28,10 +28,12 @@ import android.os.RemoteException;
import android.support.v4.util.LongSparseArray;
import org.sufficientlysecure.keychain.Constants;
+import org.sufficientlysecure.keychain.pgp.CanonicalizedPublicKeyRing;
+import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKeyRing;
import org.sufficientlysecure.keychain.pgp.KeyRing;
import org.sufficientlysecure.keychain.pgp.NullProgressable;
import org.sufficientlysecure.keychain.pgp.Progressable;
-import org.sufficientlysecure.keychain.pgp.WrappedPublicKey;
+import org.sufficientlysecure.keychain.pgp.CanonicalizedPublicKey;
import org.sufficientlysecure.keychain.service.OperationResultParcel.LogType;
import org.sufficientlysecure.keychain.service.OperationResultParcel.LogLevel;
import org.sufficientlysecure.keychain.service.OperationResultParcel.OperationLog;
@@ -39,8 +41,6 @@ import org.sufficientlysecure.keychain.pgp.PgpHelper;
import org.sufficientlysecure.keychain.pgp.PgpKeyHelper;
import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
import org.sufficientlysecure.keychain.pgp.UncachedPublicKey;
-import org.sufficientlysecure.keychain.pgp.WrappedPublicKeyRing;
-import org.sufficientlysecure.keychain.pgp.WrappedSecretKeyRing;
import org.sufficientlysecure.keychain.pgp.WrappedSignature;
import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
import org.sufficientlysecure.keychain.provider.KeychainContract.ApiApps;
@@ -180,7 +180,7 @@ public class ProviderHelper {
return getGenericData(KeyRings.buildUnifiedKeyRingUri(masterKeyId), proj, types);
}
- private LongSparseArray getTrustedMasterKeys() {
+ private LongSparseArray getTrustedMasterKeys() {
Cursor cursor = mContentResolver.query(KeyRings.buildUnifiedKeyRingsUri(), new String[] {
KeyRings.MASTER_KEY_ID,
// we pick from cache only information that is not easily available from keyrings
@@ -190,16 +190,15 @@ public class ProviderHelper {
}, KeyRings.HAS_ANY_SECRET + " = 1", null, null);
try {
- LongSparseArray result = new LongSparseArray();
+ LongSparseArray result = new LongSparseArray();
if (cursor != null && cursor.moveToFirst()) do {
long masterKeyId = cursor.getLong(0);
- boolean hasAnySecret = cursor.getInt(1) > 0;
int verified = cursor.getInt(2);
byte[] blob = cursor.getBlob(3);
if (blob != null) {
result.put(masterKeyId,
- new WrappedPublicKeyRing(blob, hasAnySecret, verified).getSubkey());
+ new CanonicalizedPublicKeyRing(blob, verified).getPublicKey());
}
} while (cursor.moveToNext());
@@ -217,23 +216,23 @@ public class ProviderHelper {
return new CachedPublicKeyRing(this, queryUri);
}
- public WrappedPublicKeyRing getWrappedPublicKeyRing(long id) throws NotFoundException {
- return (WrappedPublicKeyRing) getWrappedKeyRing(KeyRings.buildUnifiedKeyRingUri(id), false);
+ public CanonicalizedPublicKeyRing getCanonicalizedPublicKeyRing(long id) throws NotFoundException {
+ return (CanonicalizedPublicKeyRing) getCanonicalizedKeyRing(KeyRings.buildUnifiedKeyRingUri(id), false);
}
- public WrappedPublicKeyRing getWrappedPublicKeyRing(Uri queryUri) throws NotFoundException {
- return (WrappedPublicKeyRing) getWrappedKeyRing(queryUri, false);
+ public CanonicalizedPublicKeyRing getCanonicalizedPublicKeyRing(Uri queryUri) throws NotFoundException {
+ return (CanonicalizedPublicKeyRing) getCanonicalizedKeyRing(queryUri, false);
}
- public WrappedSecretKeyRing getWrappedSecretKeyRing(long id) throws NotFoundException {
- return (WrappedSecretKeyRing) getWrappedKeyRing(KeyRings.buildUnifiedKeyRingUri(id), true);
+ public CanonicalizedSecretKeyRing getCanonicalizedSecretKeyRing(long id) throws NotFoundException {
+ return (CanonicalizedSecretKeyRing) getCanonicalizedKeyRing(KeyRings.buildUnifiedKeyRingUri(id), true);
}
- public WrappedSecretKeyRing getWrappedSecretKeyRing(Uri queryUri) throws NotFoundException {
- return (WrappedSecretKeyRing) getWrappedKeyRing(queryUri, true);
+ public CanonicalizedSecretKeyRing getCanonicalizedSecretKeyRing(Uri queryUri) throws NotFoundException {
+ return (CanonicalizedSecretKeyRing) getCanonicalizedKeyRing(queryUri, true);
}
- private KeyRing getWrappedKeyRing(Uri queryUri, boolean secret) throws NotFoundException {
+ private KeyRing getCanonicalizedKeyRing(Uri queryUri, boolean secret) throws NotFoundException {
Cursor cursor = mContentResolver.query(queryUri,
new String[]{
// we pick from cache only information that is not easily available from keyrings
@@ -252,8 +251,8 @@ public class ProviderHelper {
throw new NotFoundException("Secret key not available!");
}
return secret
- ? new WrappedSecretKeyRing(blob, true, verified)
- : new WrappedPublicKeyRing(blob, hasAnySecret, verified);
+ ? new CanonicalizedSecretKeyRing(blob, true, verified)
+ : new CanonicalizedPublicKeyRing(blob, verified);
} else {
throw new NotFoundException("Key not found!");
}
@@ -271,16 +270,8 @@ public class ProviderHelper {
* and need to be saved externally to be preserved past the operation.
*/
@SuppressWarnings("unchecked")
- private int internalSavePublicKeyRing(UncachedKeyRing keyRing,
- Progressable progress, boolean selfCertsAreTrusted) {
- if (keyRing.isSecret()) {
- log(LogLevel.ERROR, LogType.MSG_IP_BAD_TYPE_SECRET);
- return SaveKeyringResult.RESULT_ERROR;
- }
- if (!keyRing.isCanonicalized()) {
- log(LogLevel.ERROR, LogType.MSG_IP_BAD_TYPE_SECRET);
- return SaveKeyringResult.RESULT_ERROR;
- }
+ private int saveCanonicalizedPublicKeyRing(CanonicalizedPublicKeyRing keyRing,
+ Progressable progress, boolean selfCertsAreTrusted) {
// start with ok result
int result = SaveKeyringResult.SAVED_PUBLIC;
@@ -318,7 +309,7 @@ public class ProviderHelper {
{ // insert subkeys
Uri uri = Keys.buildKeysUri(Long.toString(masterKeyId));
int rank = 0;
- for (UncachedPublicKey key : new IterableIterator(keyRing.getPublicKeys())) {
+ for (CanonicalizedPublicKey key : keyRing.publicKeyIterator()) {
long keyId = key.getKeyId();
log(LogLevel.DEBUG, keyId == masterKeyId ? LogType.MSG_IP_MASTER : LogType.MSG_IP_SUBKEY,
PgpKeyHelper.convertKeyIdToHex(keyId)
@@ -401,7 +392,7 @@ public class ProviderHelper {
mIndent -= 1;
// get a list of owned secret keys, for verification filtering
- LongSparseArray trustedKeys = getTrustedMasterKeys();
+ LongSparseArray trustedKeys = getTrustedMasterKeys();
// classify and order user ids. primary are moved to the front, revoked to the back,
// otherwise the order in the keyfile is preserved.
@@ -445,13 +436,12 @@ public class ProviderHelper {
// verify signatures from known private keys
if (trustedKeys.indexOfKey(certId) >= 0) {
- WrappedPublicKey trustedKey = trustedKeys.get(certId);
+ CanonicalizedPublicKey trustedKey = trustedKeys.get(certId);
cert.init(trustedKey);
if (cert.verifySignature(masterKey, userId)) {
item.trustedCerts.add(cert);
log(LogLevel.INFO, LogType.MSG_IP_UID_CERT_GOOD,
- PgpKeyHelper.convertKeyIdToHexShort(trustedKey.getKeyId()),
- trustedKey.getPrimaryUserId()
+ PgpKeyHelper.convertKeyIdToHexShort(trustedKey.getKeyId())
);
} else {
log(LogLevel.WARN, LogType.MSG_IP_UID_CERT_BAD);
@@ -560,28 +550,13 @@ public class ProviderHelper {
/** Saves an UncachedKeyRing of the secret variant into the db.
* This method will fail if no corresponding public keyring is in the database!
*/
- private int internalSaveSecretKeyRing(UncachedKeyRing keyRing) {
-
- if (!keyRing.isSecret()) {
- log(LogLevel.ERROR, LogType.MSG_IS_BAD_TYPE_PUBLIC);
- return SaveKeyringResult.RESULT_ERROR;
- }
-
- if (!keyRing.isCanonicalized()) {
- log(LogLevel.ERROR, LogType.MSG_IS_BAD_TYPE_PUBLIC);
- return SaveKeyringResult.RESULT_ERROR;
- }
+ private int saveCanonicalizedSecretKeyRing(CanonicalizedSecretKeyRing keyRing) {
long masterKeyId = keyRing.getMasterKeyId();
log(LogLevel.START, LogType.MSG_IS, PgpKeyHelper.convertKeyIdToHex(masterKeyId));
mIndent += 1;
- try {
- // Canonicalize this key, to assert a number of assumptions made about it.
- keyRing = keyRing.canonicalize(mLog, mIndent);
- if (keyRing == null) {
- return SaveKeyringResult.RESULT_ERROR;
- }
+ try {
// IF this is successful, it's a secret key
int result = SaveKeyringResult.SAVED_SECRET;
@@ -616,8 +591,7 @@ public class ProviderHelper {
log(LogLevel.INFO, LogType.MSG_IS_IMPORTING_SUBKEYS);
mIndent += 1;
Set available = keyRing.getAvailableSubkeys();
- for (UncachedPublicKey sub :
- new IterableIterator(keyRing.getPublicKeys())) {
+ for (UncachedPublicKey sub : keyRing.publicKeyIterator()) {
long id = sub.getKeyId();
if (available.contains(id)) {
int upd = mContentResolver.update(uri, values, Keys.KEY_ID + " = ?",
@@ -668,9 +642,16 @@ public class ProviderHelper {
log(LogLevel.START, LogType.MSG_IP, PgpKeyHelper.convertKeyIdToHex(masterKeyId));
mIndent += 1;
+ if (publicRing.isSecret()) {
+ log(LogLevel.ERROR, LogType.MSG_IP_BAD_TYPE_SECRET);
+ return new SaveKeyringResult(SaveKeyringResult.RESULT_ERROR, mLog);
+ }
+
+ CanonicalizedPublicKeyRing canPublicRing;
+
// If there is an old keyring, merge it
try {
- UncachedKeyRing oldPublicRing = getWrappedPublicKeyRing(masterKeyId).getUncached();
+ UncachedKeyRing oldPublicRing = getCanonicalizedPublicKeyRing(masterKeyId).getUncachedKeyRing();
// Merge data from new public ring into the old one
publicRing = oldPublicRing.merge(publicRing, mLog, mIndent);
@@ -681,8 +662,8 @@ public class ProviderHelper {
}
// Canonicalize this keyring, to assert a number of assumptions made about it.
- publicRing = publicRing.canonicalize(mLog, mIndent);
- if (publicRing == null) {
+ canPublicRing = (CanonicalizedPublicKeyRing) publicRing.canonicalize(mLog, mIndent);
+ if (canPublicRing == null) {
return new SaveKeyringResult(SaveKeyringResult.RESULT_ERROR, mLog);
}
@@ -696,39 +677,40 @@ public class ProviderHelper {
// Not an issue, just means we are dealing with a new keyring.
// Canonicalize this keyring, to assert a number of assumptions made about it.
- publicRing = publicRing.canonicalize(mLog, mIndent);
- if (publicRing == null) {
+ canPublicRing = (CanonicalizedPublicKeyRing) publicRing.canonicalize(mLog, mIndent);
+ if (canPublicRing == null) {
return new SaveKeyringResult(SaveKeyringResult.RESULT_ERROR, mLog);
}
}
// If there is a secret key, merge new data (if any) and save the key for later
- UncachedKeyRing secretRing;
+ CanonicalizedSecretKeyRing canSecretRing;
try {
- secretRing = getWrappedSecretKeyRing(publicRing.getMasterKeyId()).getUncached();
+ UncachedKeyRing secretRing = getCanonicalizedSecretKeyRing(publicRing.getMasterKeyId()).getUncachedKeyRing();
// Merge data from new public ring into secret one
secretRing = secretRing.merge(publicRing, mLog, mIndent);
if (secretRing == null) {
return new SaveKeyringResult(SaveKeyringResult.RESULT_ERROR, mLog);
}
- secretRing = secretRing.canonicalize(mLog, mIndent);
- if (secretRing == null) {
+ // This has always been a secret key ring, this is a safe cast
+ canSecretRing = (CanonicalizedSecretKeyRing) secretRing.canonicalize(mLog, mIndent);
+ if (canSecretRing == null) {
return new SaveKeyringResult(SaveKeyringResult.RESULT_ERROR, mLog);
}
} catch (NotFoundException e) {
// No secret key available (this is what happens most of the time)
- secretRing = null;
+ canSecretRing = null;
}
- int result = internalSavePublicKeyRing(publicRing, progress, secretRing != null);
+ int result = saveCanonicalizedPublicKeyRing(canPublicRing, progress, canSecretRing != null);
// Save the saved keyring (if any)
- if (secretRing != null) {
+ if (canSecretRing != null) {
progress.setProgress(LogType.MSG_IP_REINSERT_SECRET.getMsgId(), 90, 100);
- int secretResult = internalSaveSecretKeyRing(secretRing);
+ int secretResult = saveCanonicalizedSecretKeyRing(canSecretRing);
if ((secretResult & SaveKeyringResult.RESULT_ERROR) != SaveKeyringResult.RESULT_ERROR) {
result |= SaveKeyringResult.SAVED_SECRET;
}
@@ -752,12 +734,19 @@ public class ProviderHelper {
log(LogLevel.START, LogType.MSG_IS, PgpKeyHelper.convertKeyIdToHex(masterKeyId));
mIndent += 1;
+ if ( ! secretRing.isSecret()) {
+ log(LogLevel.ERROR, LogType.MSG_IS_BAD_TYPE_PUBLIC);
+ return new SaveKeyringResult(SaveKeyringResult.RESULT_ERROR, mLog);
+ }
+
+ CanonicalizedSecretKeyRing canSecretRing;
+
// If there is an old secret key, merge it.
try {
- UncachedKeyRing oldSecretRing = getWrappedSecretKeyRing(masterKeyId).getUncached();
+ UncachedKeyRing oldSecretRing = getCanonicalizedSecretKeyRing(masterKeyId).getUncachedKeyRing();
// Merge data from new secret ring into old one
- secretRing = oldSecretRing.merge(secretRing, mLog, mIndent);
+ secretRing = secretRing.merge(oldSecretRing, mLog, mIndent);
// If this is null, there is an error in the log so we can just return
if (secretRing == null) {
@@ -765,8 +754,9 @@ public class ProviderHelper {
}
// Canonicalize this keyring, to assert a number of assumptions made about it.
- secretRing = secretRing.canonicalize(mLog, mIndent);
- if (secretRing == null) {
+ // This is a safe cast, because we made sure this is a secret ring above
+ canSecretRing = (CanonicalizedSecretKeyRing) secretRing.canonicalize(mLog, mIndent);
+ if (canSecretRing == null) {
return new SaveKeyringResult(SaveKeyringResult.RESULT_ERROR, mLog);
}
@@ -781,8 +771,9 @@ public class ProviderHelper {
// Not an issue, just means we are dealing with a new keyring
// Canonicalize this keyring, to assert a number of assumptions made about it.
- secretRing = secretRing.canonicalize(mLog, mIndent);
- if (secretRing == null) {
+ // This is a safe cast, because we made sure this is a secret ring above
+ canSecretRing = (CanonicalizedSecretKeyRing) secretRing.canonicalize(mLog, mIndent);
+ if (canSecretRing == null) {
return new SaveKeyringResult(SaveKeyringResult.RESULT_ERROR, mLog);
}
@@ -791,39 +782,34 @@ public class ProviderHelper {
// Merge new data into public keyring as well, if there is any
UncachedKeyRing publicRing;
try {
- UncachedKeyRing oldPublicRing = getWrappedPublicKeyRing(masterKeyId).getUncached();
+ UncachedKeyRing oldPublicRing = getCanonicalizedPublicKeyRing(masterKeyId).getUncachedKeyRing();
- // Merge data from new public ring into secret one
+ // Merge data from new secret ring into public one
publicRing = oldPublicRing.merge(secretRing, mLog, mIndent);
if (publicRing == null) {
return new SaveKeyringResult(SaveKeyringResult.RESULT_ERROR, mLog);
}
- // If nothing changed, never mind
- if (Arrays.hashCode(publicRing.getEncoded())
- == Arrays.hashCode(oldPublicRing.getEncoded())) {
- publicRing = null;
- }
-
} catch (NotFoundException e) {
log(LogLevel.DEBUG, LogType.MSG_IS_PUBRING_GENERATE);
publicRing = secretRing.extractPublicKeyRing();
}
- if (publicRing != null) {
- publicRing = publicRing.canonicalize(mLog, mIndent);
- if (publicRing == null) {
- return new SaveKeyringResult(SaveKeyringResult.RESULT_ERROR, mLog);
- }
+ CanonicalizedPublicKeyRing canPublicRing = (CanonicalizedPublicKeyRing) publicRing.canonicalize(mLog, mIndent);
+ if (canPublicRing == null) {
+ return new SaveKeyringResult(SaveKeyringResult.RESULT_ERROR, mLog);
+ }
- int result = internalSavePublicKeyRing(publicRing, progress, true);
- if ((result & SaveKeyringResult.RESULT_ERROR) == SaveKeyringResult.RESULT_ERROR) {
- return new SaveKeyringResult(SaveKeyringResult.RESULT_ERROR, mLog);
- }
+ int result;
+
+ result = saveCanonicalizedPublicKeyRing(canPublicRing, progress, true);
+ if ((result & SaveKeyringResult.RESULT_ERROR) == SaveKeyringResult.RESULT_ERROR) {
+ return new SaveKeyringResult(SaveKeyringResult.RESULT_ERROR, mLog);
}
progress.setProgress(LogType.MSG_IP_REINSERT_SECRET.getMsgId(), 90, 100);
- int result = internalSaveSecretKeyRing(secretRing);
+ result = saveCanonicalizedSecretKeyRing(canSecretRing);
+
return new SaveKeyringResult(result, mLog);
} catch (IOException e) {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
index 17c277026..5ed95acb3 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
@@ -53,6 +53,12 @@ import java.util.Set;
public class OpenPgpService extends RemoteService {
+ static final String[] KEYRING_PROJECTION =
+ new String[]{
+ KeyRings._ID,
+ KeyRings.MASTER_KEY_ID,
+ };
+
/**
* Search database for key ids based on emails.
*
@@ -70,7 +76,7 @@ public class OpenPgpService extends RemoteService {
for (String email : encryptionUserIds) {
Uri uri = KeyRings.buildUnifiedKeyRingsFindByEmailUri(email);
- Cursor cursor = getContentResolver().query(uri, null, null, null, null);
+ Cursor cursor = getContentResolver().query(uri, KEYRING_PROJECTION, null, null, null);
try {
if (cursor != null && cursor.moveToFirst()) {
long id = cursor.getLong(cursor.getColumnIndex(KeyRings.MASTER_KEY_ID));
@@ -419,7 +425,7 @@ public class OpenPgpService extends RemoteService {
try {
// try to find key, throws NotFoundException if not in db!
- mProviderHelper.getWrappedPublicKeyRing(masterKeyId);
+ mProviderHelper.getCanonicalizedPublicKeyRing(masterKeyId);
Intent result = new Intent();
result.putExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_SUCCESS);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ui/AccountSettingsFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ui/AccountSettingsFragment.java
index 0b1d521ad..2ba792f9a 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ui/AccountSettingsFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ui/AccountSettingsFragment.java
@@ -32,10 +32,11 @@ import android.widget.Button;
import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.R;
+import org.sufficientlysecure.keychain.pgp.KeyRing;
import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
import org.sufficientlysecure.keychain.provider.ProviderHelper;
import org.sufficientlysecure.keychain.remote.AccountSettings;
-import org.sufficientlysecure.keychain.ui.EditKeyActivityOld;
+import org.sufficientlysecure.keychain.ui.CreateKeyActivity;
import org.sufficientlysecure.keychain.ui.SelectSecretKeyLayoutFragment;
import org.sufficientlysecure.keychain.ui.adapter.KeyValueSpinnerAdapter;
import org.sufficientlysecure.keychain.util.AlgorithmNames;
@@ -163,11 +164,11 @@ public class AccountSettingsFragment extends Fragment implements
}
private void createKey() {
- Intent intent = new Intent(getActivity(), EditKeyActivityOld.class);
- intent.setAction(EditKeyActivityOld.ACTION_CREATE_KEY);
- intent.putExtra(EditKeyActivityOld.EXTRA_GENERATE_DEFAULT_KEYS, true);
- // set default user id to account name
- intent.putExtra(EditKeyActivityOld.EXTRA_USER_IDS, mAccSettings.getAccountName());
+ String[] userId = KeyRing.splitUserId(mAccSettings.getAccountName());
+
+ Intent intent = new Intent(getActivity(), CreateKeyActivity.class);
+ intent.putExtra(CreateKeyActivity.EXTRA_NAME, userId[0]);
+ intent.putExtra(CreateKeyActivity.EXTRA_EMAIL, userId[1]);
startActivityForResult(intent, REQUEST_CODE_CREATE_KEY);
}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java
index 00f210cc1..7318833e1 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java
@@ -31,11 +31,15 @@ import org.sufficientlysecure.keychain.R;
import org.sufficientlysecure.keychain.helper.FileHelper;
import org.sufficientlysecure.keychain.helper.OtherHelper;
import org.sufficientlysecure.keychain.helper.Preferences;
+import org.sufficientlysecure.keychain.keyimport.FileImportCache;
import org.sufficientlysecure.keychain.keyimport.HkpKeyserver;
-import org.sufficientlysecure.keychain.keyimport.Keyserver;
import org.sufficientlysecure.keychain.keyimport.ImportKeysListEntry;
import org.sufficientlysecure.keychain.keyimport.KeybaseKeyserver;
+import org.sufficientlysecure.keychain.keyimport.Keyserver;
import org.sufficientlysecure.keychain.keyimport.ParcelableKeyRing;
+import org.sufficientlysecure.keychain.pgp.CanonicalizedPublicKeyRing;
+import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey;
+import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKeyRing;
import org.sufficientlysecure.keychain.pgp.PgpDecryptVerify;
import org.sufficientlysecure.keychain.pgp.PgpDecryptVerifyResult;
import org.sufficientlysecure.keychain.pgp.PgpHelper;
@@ -44,15 +48,13 @@ import org.sufficientlysecure.keychain.pgp.PgpKeyOperation;
import org.sufficientlysecure.keychain.pgp.PgpSignEncrypt;
import org.sufficientlysecure.keychain.pgp.Progressable;
import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
-import org.sufficientlysecure.keychain.pgp.WrappedPublicKeyRing;
-import org.sufficientlysecure.keychain.pgp.WrappedSecretKey;
-import org.sufficientlysecure.keychain.pgp.WrappedSecretKeyRing;
import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralMsgIdException;
import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
import org.sufficientlysecure.keychain.provider.KeychainDatabase;
import org.sufficientlysecure.keychain.provider.ProviderHelper;
-import org.sufficientlysecure.keychain.service.OperationResultParcel.OperationLog;
+import org.sufficientlysecure.keychain.service.OperationResults.EditKeyResult;
+import org.sufficientlysecure.keychain.service.OperationResults.ImportKeyResult;
import org.sufficientlysecure.keychain.util.InputData;
import org.sufficientlysecure.keychain.util.Log;
import org.sufficientlysecure.keychain.util.ProgressScaler;
@@ -138,9 +140,6 @@ public class KeychainIntentService extends IntentService
// delete file securely
public static final String DELETE_FILE = "deleteFile";
- // import key
- public static final String IMPORT_KEY_LIST = "import_key_list";
-
// export key
public static final String EXPORT_OUTPUT_STREAM = "export_output_stream";
public static final String EXPORT_FILENAME = "export_filename";
@@ -175,7 +174,7 @@ public class KeychainIntentService extends IntentService
// export
public static final String RESULT_EXPORT = "exported";
- public static final String RESULT = "result";
+ public static final String RESULT_IMPORT = "result";
Messenger mMessenger;
@@ -342,39 +341,37 @@ public class KeychainIntentService extends IntentService
/* Operation */
ProviderHelper providerHelper = new ProviderHelper(this);
- PgpKeyOperation keyOperations = new PgpKeyOperation(new ProgressScaler(this, 10, 50, 100));
- try {
- OperationLog log = new OperationLog();
- UncachedKeyRing ring;
- if (saveParcel.mMasterKeyId != null) {
- String passphrase = data.getString(SAVE_KEYRING_PASSPHRASE);
- WrappedSecretKeyRing secRing =
- providerHelper.getWrappedSecretKeyRing(saveParcel.mMasterKeyId);
+ PgpKeyOperation keyOperations = new PgpKeyOperation(new ProgressScaler(this, 10, 60, 100));
+ EditKeyResult result;
- ring = keyOperations.modifySecretKeyRing(secRing, saveParcel,
- passphrase, log, 0);
- } else {
- ring = keyOperations.createSecretKeyRing(saveParcel, log, 0);
- }
+ if (saveParcel.mMasterKeyId != null) {
+ String passphrase = data.getString(SAVE_KEYRING_PASSPHRASE);
+ CanonicalizedSecretKeyRing secRing =
+ providerHelper.getCanonicalizedSecretKeyRing(saveParcel.mMasterKeyId);
- providerHelper.saveSecretKeyRing(ring, new ProgressScaler(this, 10, 95, 100));
+ result = keyOperations.modifySecretKeyRing(secRing, saveParcel, passphrase);
+ } else {
+ result = keyOperations.createSecretKeyRing(saveParcel);
+ }
- // cache new passphrase
- if (saveParcel.newPassphrase != null) {
- PassphraseCacheService.addCachedPassphrase(this, ring.getMasterKeyId(),
- saveParcel.newPassphrase);
- }
- } catch (ProviderHelper.NotFoundException e) {
- sendErrorToHandler(e);
+ UncachedKeyRing ring = result.getRing();
+
+ providerHelper.saveSecretKeyRing(ring, new ProgressScaler(this, 60, 95, 100));
+
+ // cache new passphrase
+ if (saveParcel.mNewPassphrase != null) {
+ PassphraseCacheService.addCachedPassphrase(this, ring.getMasterKeyId(),
+ saveParcel.mNewPassphrase, ring.getPublicKey().getPrimaryUserIdWithFallback());
}
setProgress(R.string.progress_done, 100, 100);
/* Output */
- sendMessageToHandler(KeychainIntentServiceHandler.MESSAGE_OKAY);
+ sendMessageToHandler(KeychainIntentServiceHandler.MESSAGE_OKAY, result);
} catch (Exception e) {
sendErrorToHandler(e);
}
+
} else if (ACTION_DELETE_FILE_SECURELY.equals(action)) {
try {
/* Input */
@@ -398,13 +395,15 @@ public class KeychainIntentService extends IntentService
}
} else if (ACTION_IMPORT_KEYRING.equals(action)) {
try {
- List entries = data.getParcelableArrayList(IMPORT_KEY_LIST);
+ // get entries from cached file
+ FileImportCache cache = new FileImportCache(this);
+ List entries = cache.readCache();
PgpImportExport pgpImportExport = new PgpImportExport(this, this);
- OperationResults.ImportResult result = pgpImportExport.importKeyRings(entries);
+ ImportKeyResult result = pgpImportExport.importKeyRings(entries);
Bundle resultData = new Bundle();
- resultData.putParcelable(RESULT, result);
+ resultData.putParcelable(RESULT_IMPORT, result);
sendMessageToHandler(KeychainIntentServiceHandler.MESSAGE_OKAY, resultData);
} catch (Exception e) {
@@ -488,7 +487,7 @@ public class KeychainIntentService extends IntentService
HkpKeyserver server = new HkpKeyserver(keyServer);
ProviderHelper providerHelper = new ProviderHelper(this);
- WrappedPublicKeyRing keyring = providerHelper.getWrappedPublicKeyRing(dataUri);
+ CanonicalizedPublicKeyRing keyring = providerHelper.getCanonicalizedPublicKeyRing(dataUri);
PgpImportExport pgpImportExport = new PgpImportExport(this, null);
boolean uploaded = pgpImportExport.uploadKeyRingToServer(server, keyring);
@@ -537,7 +536,6 @@ public class KeychainIntentService extends IntentService
Intent importIntent = new Intent(this, KeychainIntentService.class);
importIntent.setAction(ACTION_IMPORT_KEYRING);
Bundle importData = new Bundle();
- importData.putParcelableArrayList(IMPORT_KEY_LIST, keyRings);
importIntent.putExtra(EXTRA_DATA, importData);
importIntent.putExtra(EXTRA_MESSENGER, mMessenger);
@@ -564,9 +562,9 @@ public class KeychainIntentService extends IntentService
}
ProviderHelper providerHelper = new ProviderHelper(this);
- WrappedPublicKeyRing publicRing = providerHelper.getWrappedPublicKeyRing(pubKeyId);
- WrappedSecretKeyRing secretKeyRing = providerHelper.getWrappedSecretKeyRing(masterKeyId);
- WrappedSecretKey certificationKey = secretKeyRing.getSubKey();
+ CanonicalizedPublicKeyRing publicRing = providerHelper.getCanonicalizedPublicKeyRing(pubKeyId);
+ CanonicalizedSecretKeyRing secretKeyRing = providerHelper.getCanonicalizedSecretKeyRing(masterKeyId);
+ CanonicalizedSecretKey certificationKey = secretKeyRing.getSecretKey();
if(!certificationKey.unlock(signaturePassphrase)) {
throw new PgpGeneralException("Error extracting key (bad passphrase?)");
}
@@ -644,6 +642,12 @@ public class KeychainIntentService extends IntentService
}
}
+ private void sendMessageToHandler(Integer arg1, OperationResultParcel data) {
+ Bundle bundle = new Bundle();
+ bundle.putParcelable(OperationResultParcel.EXTRA_RESULT, data);
+ sendMessageToHandler(arg1, null, bundle);
+ }
+
private void sendMessageToHandler(Integer arg1, Bundle data) {
sendMessageToHandler(arg1, null, data);
}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentServiceHandler.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentServiceHandler.java
index 755827482..0cdbe708e 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentServiceHandler.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentServiceHandler.java
@@ -25,12 +25,11 @@ import android.os.Message;
import android.support.v4.app.FragmentActivity;
import android.support.v4.app.FragmentManager;
-import com.devspark.appmsg.AppMsg;
-
import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.R;
import org.sufficientlysecure.keychain.ui.dialog.ProgressDialogFragment;
import org.sufficientlysecure.keychain.util.Log;
+import org.sufficientlysecure.keychain.util.Notify;
public class KeychainIntentServiceHandler extends Handler {
@@ -102,9 +101,9 @@ public class KeychainIntentServiceHandler extends Handler {
// show error from service
if (data.containsKey(DATA_ERROR)) {
- AppMsg.makeText(mActivity,
+ Notify.showNotify(mActivity,
mActivity.getString(R.string.error_message, data.getString(DATA_ERROR)),
- AppMsg.STYLE_ALERT).show();
+ Notify.Style.ERROR);
}
break;
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/OperationResultParcel.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/OperationResultParcel.java
index 6bf6b655d..c27b3f6da 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/OperationResultParcel.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/OperationResultParcel.java
@@ -1,14 +1,27 @@
package org.sufficientlysecure.keychain.service;
+import android.app.Activity;
+import android.content.Intent;
import android.os.Parcel;
import android.os.Parcelable;
+import android.view.View;
+
+import com.github.johnpersano.supertoasts.SuperCardToast;
+import com.github.johnpersano.supertoasts.SuperToast;
+import com.github.johnpersano.supertoasts.util.OnClickWrapper;
+import com.github.johnpersano.supertoasts.util.Style;
import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.R;
+import org.sufficientlysecure.keychain.ui.LogDisplayActivity;
+import org.sufficientlysecure.keychain.ui.LogDisplayFragment;
import org.sufficientlysecure.keychain.util.IterableIterator;
import org.sufficientlysecure.keychain.util.Log;
import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Iterator;
+import java.util.List;
/** Represent the result of an operation.
*
@@ -21,6 +34,9 @@ import java.util.ArrayList;
*
*/
public class OperationResultParcel implements Parcelable {
+
+ public static final String EXTRA_RESULT = "operation_result";
+
/** Holds the overall result, the number specifying varying degrees of success. The first bit
* is 0 on overall success, 1 on overall failure. All other bits may be used for more specific
* conditions. */
@@ -67,9 +83,7 @@ public class OperationResultParcel implements Parcelable {
mType = type;
mParameters = parameters;
mIndent = indent;
- }
- public LogEntryParcel(LogLevel level, LogType type, Object... parameters) {
- this(level, type, 0, parameters);
+ Log.v(Constants.TAG, "log: " + this.toString());
}
public LogEntryParcel(Parcel source) {
@@ -102,6 +116,77 @@ public class OperationResultParcel implements Parcelable {
}
};
+ @Override
+ public String toString() {
+ return "LogEntryParcel{" +
+ "mLevel=" + mLevel +
+ ", mType=" + mType +
+ ", mParameters=" + Arrays.toString(mParameters) +
+ ", mIndent=" + mIndent +
+ '}';
+ }
+ }
+
+ public SuperCardToast createNotify(final Activity activity) {
+
+ int resultType = getResult();
+
+ String str;
+ int duration, color;
+
+ // Not an overall failure
+ if ((resultType & OperationResultParcel.RESULT_ERROR) == 0) {
+
+ if (getLog().containsWarnings()) {
+ duration = 0;
+ color = Style.ORANGE;
+ } else {
+ duration = SuperToast.Duration.LONG;
+ color = Style.GREEN;
+ }
+
+ str = "operation succeeded!";
+ // str = activity.getString(R.string.import_error);
+
+ } else {
+
+ duration = 0;
+ color = Style.RED;
+
+ str = "operation failed";
+ // str = activity.getString(R.string.import_error);
+
+ }
+
+ boolean button = getLog() != null && !getLog().isEmpty();
+ SuperCardToast toast = new SuperCardToast(activity,
+ button ? SuperToast.Type.BUTTON : SuperToast.Type.STANDARD,
+ Style.getStyle(color, SuperToast.Animations.POPUP));
+ toast.setText(str);
+ toast.setDuration(duration);
+ toast.setIndeterminate(duration == 0);
+ toast.setSwipeToDismiss(true);
+ // If we have a log and it's non-empty, show a View Log button
+ if (button) {
+ toast.setButtonIcon(R.drawable.ic_action_view_as_list,
+ activity.getResources().getString(R.string.view_log));
+ toast.setButtonTextColor(activity.getResources().getColor(R.color.black));
+ toast.setTextColor(activity.getResources().getColor(R.color.black));
+ toast.setOnClickWrapper(new OnClickWrapper("supercardtoast",
+ new SuperToast.OnClickListener() {
+ @Override
+ public void onClick(View view, Parcelable token) {
+ Intent intent = new Intent(
+ activity, LogDisplayActivity.class);
+ intent.putExtra(LogDisplayFragment.EXTRA_RESULT, OperationResultParcel.this);
+ activity.startActivity(intent);
+ }
+ }
+ ));
+ }
+
+ return toast;
+
}
/** This is an enum of all possible log events.
@@ -123,6 +208,8 @@ public class OperationResultParcel implements Parcelable {
*/
public static enum LogType {
+ INTERNAL_ERROR (R.string.internal_error),
+
// import public
MSG_IP(R.string.msg_ip),
MSG_IP_APPLY_BATCH (R.string.msg_ip_apply_batch),
@@ -193,6 +280,7 @@ public class OperationResultParcel implements Parcelable {
MSG_KC_REVOKE_BAD_LOCAL (R.string.msg_kc_revoke_bad_local),
MSG_KC_REVOKE_BAD_TIME (R.string.msg_kc_revoke_bad_time),
MSG_KC_REVOKE_BAD_TYPE (R.string.msg_kc_revoke_bad_type),
+ MSG_KC_REVOKE_BAD_TYPE_UID (R.string.msg_kc_revoke_bad_type_uid),
MSG_KC_REVOKE_BAD (R.string.msg_kc_revoke_bad),
MSG_KC_REVOKE_DUP (R.string.msg_kc_revoke_dup),
MSG_KC_SUB (R.string.msg_kc_sub),
@@ -224,6 +312,7 @@ public class OperationResultParcel implements Parcelable {
MSG_KC_UID_NO_CERT (R.string.msg_kc_uid_no_cert),
MSG_KC_UID_REVOKE_DUP (R.string.msg_kc_uid_revoke_dup),
MSG_KC_UID_REVOKE_OLD (R.string.msg_kc_uid_revoke_old),
+ MSG_KC_UID_REMOVE (R.string.msg_kc_uid_remove),
// keyring consolidation
@@ -233,9 +322,17 @@ public class OperationResultParcel implements Parcelable {
MSG_MG_HETEROGENEOUS (R.string.msg_mg_heterogeneous),
MSG_MG_NEW_SUBKEY (R.string.msg_mg_new_subkey),
MSG_MG_FOUND_NEW (R.string.msg_mg_found_new),
+ MSG_MG_UNCHANGED (R.string.msg_mg_unchanged),
// secret key create
- MSG_CR_ERROR_NO_MASTER (R.string.msg_mr),
+ MSG_CR (R.string.msg_cr),
+ MSG_CR_ERROR_NO_MASTER (R.string.msg_cr_error_no_master),
+ MSG_CR_ERROR_NO_USER_ID (R.string.msg_cr_error_no_user_id),
+ MSG_CR_ERROR_NO_CERTIFY (R.string.msg_cr_error_no_certify),
+ MSG_CR_ERROR_KEYSIZE_512 (R.string.msg_cr_error_keysize_512),
+ MSG_CR_ERROR_UNKNOWN_ALGO (R.string.msg_cr_error_unknown_algo),
+ MSG_CR_ERROR_INTERNAL_PGP (R.string.msg_cr_error_internal_pgp),
+ MSG_CR_ERROR_MASTER_ELGAMAL (R.string.msg_cr_error_master_elgamal),
// secret key modify
MSG_MF (R.string.msg_mr),
@@ -243,10 +340,13 @@ public class OperationResultParcel implements Parcelable {
MSG_MF_ERROR_FINGERPRINT (R.string.msg_mf_error_fingerprint),
MSG_MF_ERROR_KEYID (R.string.msg_mf_error_keyid),
MSG_MF_ERROR_INTEGRITY (R.string.msg_mf_error_integrity),
+ MSG_MF_ERROR_NOEXIST_PRIMARY (R.string.msg_mf_error_noexist_primary),
MSG_MF_ERROR_REVOKED_PRIMARY (R.string.msg_mf_error_revoked_primary),
MSG_MF_ERROR_PGP (R.string.msg_mf_error_pgp),
MSG_MF_ERROR_SIG (R.string.msg_mf_error_sig),
MSG_MF_PASSPHRASE (R.string.msg_mf_passphrase),
+ MSG_MF_PRIMARY_REPLACE_OLD (R.string.msg_mf_primary_replace_old),
+ MSG_MF_PRIMARY_NEW (R.string.msg_mf_primary_new),
MSG_MF_SUBKEY_CHANGE (R.string.msg_mf_subkey_change),
MSG_MF_SUBKEY_MISSING (R.string.msg_mf_subkey_missing),
MSG_MF_SUBKEY_NEW_ID (R.string.msg_mf_subkey_new_id),
@@ -257,6 +357,7 @@ public class OperationResultParcel implements Parcelable {
MSG_MF_UID_ADD (R.string.msg_mf_uid_add),
MSG_MF_UID_PRIMARY (R.string.msg_mf_uid_primary),
MSG_MF_UID_REVOKE (R.string.msg_mf_uid_revoke),
+ MSG_MF_UID_ERROR_EMPTY (R.string.msg_mf_uid_error_empty),
MSG_MF_UNLOCK_ERROR (R.string.msg_mf_unlock_error),
MSG_MF_UNLOCK (R.string.msg_mf_unlock),
;
@@ -288,7 +389,7 @@ public class OperationResultParcel implements Parcelable {
@Override
public void writeToParcel(Parcel dest, int flags) {
dest.writeInt(mResult);
- dest.writeTypedList(mLog);
+ dest.writeTypedList(mLog.toList());
}
public static final Creator CREATOR = new Creator() {
@@ -301,20 +402,21 @@ public class OperationResultParcel implements Parcelable {
}
};
- public static class OperationLog extends ArrayList {
+ public static class OperationLog implements Iterable {
+
+ private final List mParcels = new ArrayList();
/// Simple convenience method
public void add(LogLevel level, LogType type, int indent, Object... parameters) {
- Log.d(Constants.TAG, type.toString());
- add(new OperationResultParcel.LogEntryParcel(level, type, indent, parameters));
+ mParcels.add(new OperationResultParcel.LogEntryParcel(level, type, indent, parameters));
}
public void add(LogLevel level, LogType type, int indent) {
- add(new OperationResultParcel.LogEntryParcel(level, type, indent, (Object[]) null));
+ mParcels.add(new OperationResultParcel.LogEntryParcel(level, type, indent, (Object[]) null));
}
public boolean containsWarnings() {
- for(LogEntryParcel entry : new IterableIterator(iterator())) {
+ for(LogEntryParcel entry : new IterableIterator(mParcels.iterator())) {
if (entry.mLevel == LogLevel.WARN || entry.mLevel == LogLevel.ERROR) {
return true;
}
@@ -322,6 +424,22 @@ public class OperationResultParcel implements Parcelable {
return false;
}
+ public void addAll(List parcels) {
+ mParcels.addAll(parcels);
+ }
+
+ public List toList() {
+ return mParcels;
+ }
+
+ public boolean isEmpty() {
+ return mParcels.isEmpty();
+ }
+
+ @Override
+ public Iterator iterator() {
+ return mParcels.iterator();
+ }
}
}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/OperationResults.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/OperationResults.java
index fd3d4ed00..11829e7b8 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/OperationResults.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/OperationResults.java
@@ -12,12 +12,13 @@ import com.github.johnpersano.supertoasts.util.OnClickWrapper;
import com.github.johnpersano.supertoasts.util.Style;
import org.sufficientlysecure.keychain.R;
+import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
import org.sufficientlysecure.keychain.ui.LogDisplayActivity;
import org.sufficientlysecure.keychain.ui.LogDisplayFragment;
public abstract class OperationResults {
- public static class ImportResult extends OperationResultParcel {
+ public static class ImportKeyResult extends OperationResultParcel {
public final int mNewKeys, mUpdatedKeys, mBadKeys;
@@ -47,15 +48,15 @@ public abstract class OperationResults {
return (mResult & RESULT_FAIL_NOTHING) == RESULT_FAIL_NOTHING;
}
- public ImportResult(Parcel source) {
+ public ImportKeyResult(Parcel source) {
super(source);
mNewKeys = source.readInt();
mUpdatedKeys = source.readInt();
mBadKeys = source.readInt();
}
- public ImportResult(int result, OperationLog log,
- int newKeys, int updatedKeys, int badKeys) {
+ public ImportKeyResult(int result, OperationLog log,
+ int newKeys, int updatedKeys, int badKeys) {
super(result, log);
mNewKeys = newKeys;
mUpdatedKeys = updatedKeys;
@@ -70,17 +71,17 @@ public abstract class OperationResults {
dest.writeInt(mBadKeys);
}
- public static Creator CREATOR = new Creator() {
- public ImportResult createFromParcel(final Parcel source) {
- return new ImportResult(source);
+ public static Creator CREATOR = new Creator() {
+ public ImportKeyResult createFromParcel(final Parcel source) {
+ return new ImportKeyResult(source);
}
- public ImportResult[] newArray(final int size) {
- return new ImportResult[size];
+ public ImportKeyResult[] newArray(final int size) {
+ return new ImportKeyResult[size];
}
};
- public void displayNotify(final Activity activity) {
+ public SuperCardToast createNotify(final Activity activity) {
int resultType = getResult();
@@ -88,11 +89,11 @@ public abstract class OperationResults {
int duration, color;
// Not an overall failure
- if ((resultType & ImportResult.RESULT_ERROR) == 0) {
+ if ((resultType & OperationResultParcel.RESULT_ERROR) == 0) {
String withWarnings;
// Any warnings?
- if ((resultType & ImportResult.RESULT_WITH_WARNINGS) > 0) {
+ if ((resultType & ImportKeyResult.RESULT_WITH_WARNINGS) > 0) {
duration = 0;
color = Style.ORANGE;
withWarnings = activity.getResources().getString(R.string.import_with_warnings);
@@ -106,7 +107,7 @@ public abstract class OperationResults {
if (this.isOkBoth()) {
str = activity.getResources().getQuantityString(
R.plurals.import_keys_added_and_updated_1, mNewKeys, mNewKeys);
- str += activity.getResources().getQuantityString(
+ str += " "+ activity.getResources().getQuantityString(
R.plurals.import_keys_added_and_updated_2, mUpdatedKeys, mUpdatedKeys, withWarnings);
} else if (isOkUpdated()) {
str = activity.getResources().getQuantityString(
@@ -142,7 +143,7 @@ public abstract class OperationResults {
// If we have a log and it's non-empty, show a View Log button
if (button) {
toast.setButtonIcon(R.drawable.ic_action_view_as_list,
- activity.getResources().getString(R.string.import_view_log));
+ activity.getResources().getString(R.string.view_log));
toast.setButtonTextColor(activity.getResources().getColor(R.color.black));
toast.setTextColor(activity.getResources().getColor(R.color.black));
toast.setOnClickWrapper(new OnClickWrapper("supercardtoast",
@@ -151,18 +152,59 @@ public abstract class OperationResults {
public void onClick(View view, Parcelable token) {
Intent intent = new Intent(
activity, LogDisplayActivity.class);
- intent.putExtra(LogDisplayFragment.EXTRA_RESULT, ImportResult.this);
+ intent.putExtra(LogDisplayFragment.EXTRA_RESULT, ImportKeyResult.this);
activity.startActivity(intent);
}
}
));
}
- toast.show();
+
+ return toast;
}
}
+ public static class EditKeyResult extends OperationResultParcel {
+
+ private transient UncachedKeyRing mRing;
+ public final Long mRingMasterKeyId;
+
+ public EditKeyResult(int result, OperationLog log,
+ UncachedKeyRing ring) {
+ super(result, log);
+ mRing = ring;
+ mRingMasterKeyId = ring != null ? ring.getMasterKeyId() : null;
+ }
+
+ public UncachedKeyRing getRing() {
+ return mRing;
+ }
+
+ public EditKeyResult(Parcel source) {
+ super(source);
+ mRingMasterKeyId = source.readLong();
+ }
+
+ @Override
+ public void writeToParcel(Parcel dest, int flags) {
+ super.writeToParcel(dest, flags);
+ dest.writeLong(mRingMasterKeyId);
+ }
+
+ public static Creator CREATOR = new Creator() {
+ public EditKeyResult createFromParcel(final Parcel source) {
+ return new EditKeyResult(source);
+ }
+
+ public EditKeyResult[] newArray(final int size) {
+ return new EditKeyResult[size];
+ }
+ };
+
+ }
+
+
public static class SaveKeyringResult extends OperationResultParcel {
public SaveKeyringResult(int result, OperationLog log) {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java
index 28f230f71..c4ecfdec5 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java
@@ -18,6 +18,7 @@
package org.sufficientlysecure.keychain.service;
import android.app.AlarmManager;
+import android.app.Notification;
import android.app.PendingIntent;
import android.app.Service;
import android.content.BroadcastReceiver;
@@ -25,6 +26,7 @@ import android.content.Context;
import android.content.Intent;
import android.content.IntentFilter;
import android.os.Binder;
+import android.os.Build;
import android.os.Bundle;
import android.os.Handler;
import android.os.HandlerThread;
@@ -32,11 +34,15 @@ import android.os.IBinder;
import android.os.Message;
import android.os.Messenger;
import android.os.RemoteException;
+
import android.support.v4.util.LongSparseArray;
+import android.support.v4.app.NotificationCompat;
import org.sufficientlysecure.keychain.Constants;
+import org.sufficientlysecure.keychain.R;
import org.sufficientlysecure.keychain.helper.Preferences;
-import org.sufficientlysecure.keychain.pgp.WrappedSecretKeyRing;
+import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKeyRing;
+import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
import org.sufficientlysecure.keychain.provider.KeychainContract;
import org.sufficientlysecure.keychain.provider.ProviderHelper;
import org.sufficientlysecure.keychain.util.Log;
@@ -54,6 +60,8 @@ public class PassphraseCacheService extends Service {
+ "PASSPHRASE_CACHE_ADD";
public static final String ACTION_PASSPHRASE_CACHE_GET = Constants.INTENT_PREFIX
+ "PASSPHRASE_CACHE_GET";
+ public static final String ACTION_PASSPHRASE_CACHE_CLEAR = Constants.INTENT_PREFIX
+ + "PASSPHRASE_CACHE_CLEAR";
public static final String BROADCAST_ACTION_PASSPHRASE_CACHE_SERVICE = Constants.INTENT_PREFIX
+ "PASSPHRASE_CACHE_BROADCAST";
@@ -62,13 +70,16 @@ public class PassphraseCacheService extends Service {
public static final String EXTRA_KEY_ID = "key_id";
public static final String EXTRA_PASSPHRASE = "passphrase";
public static final String EXTRA_MESSENGER = "messenger";
+ public static final String EXTRA_USER_ID = "user_id";
private static final int REQUEST_ID = 0;
private static final long DEFAULT_TTL = 15;
+ private static final int NOTIFICATION_ID = 1;
+
private BroadcastReceiver mIntentReceiver;
- private LongSparseArray mPassphraseCache = new LongSparseArray();
+ private LongSparseArray mPassphraseCache = new LongSparseArray();
Context mContext;
@@ -81,14 +92,17 @@ public class PassphraseCacheService extends Service {
* @param keyId
* @param passphrase
*/
- public static void addCachedPassphrase(Context context, long keyId, String passphrase) {
+ public static void addCachedPassphrase(Context context, long keyId, String passphrase,
+ String primaryUserId) {
Log.d(Constants.TAG, "PassphraseCacheService.cacheNewPassphrase() for " + keyId);
Intent intent = new Intent(context, PassphraseCacheService.class);
intent.setAction(ACTION_PASSPHRASE_CACHE_ADD);
+
intent.putExtra(EXTRA_TTL, Preferences.getPreferences(context).getPassphraseCacheTtl());
intent.putExtra(EXTRA_PASSPHRASE, passphrase);
intent.putExtra(EXTRA_KEY_ID, keyId);
+ intent.putExtra(EXTRA_USER_ID, primaryUserId);
context.startService(intent);
}
@@ -159,42 +173,46 @@ public class PassphraseCacheService extends Service {
// passphrase for symmetric encryption?
if (keyId == Constants.key.symmetric) {
Log.d(Constants.TAG, "PassphraseCacheService.getCachedPassphraseImpl() for symmetric encryption");
- String cachedPassphrase = mPassphraseCache.get(Constants.key.symmetric);
+ String cachedPassphrase = mPassphraseCache.get(Constants.key.symmetric).getPassphrase();
if (cachedPassphrase == null) {
return null;
}
- addCachedPassphrase(this, Constants.key.symmetric, cachedPassphrase);
+ addCachedPassphrase(this, Constants.key.symmetric, cachedPassphrase, getString(R.string.passp_cache_notif_pwd));
return cachedPassphrase;
}
// try to get master key id which is used as an identifier for cached passphrases
try {
Log.d(Constants.TAG, "PassphraseCacheService.getCachedPassphraseImpl() for masterKeyId " + keyId);
- WrappedSecretKeyRing key = new ProviderHelper(this).getWrappedSecretKeyRing(
+ CanonicalizedSecretKeyRing key = new ProviderHelper(this).getCanonicalizedSecretKeyRing(
KeychainContract.KeyRings.buildUnifiedKeyRingsFindBySubkeyUri(keyId));
// no passphrase needed? just add empty string and return it, then
if (!key.hasPassphrase()) {
Log.d(Constants.TAG, "Key has no passphrase! Caches and returns empty passphrase!");
- addCachedPassphrase(this, keyId, "");
+ try {
+ addCachedPassphrase(this, keyId, "", key.getPrimaryUserIdWithFallback());
+ } catch (PgpGeneralException e) {
+ Log.d(Constants.TAG, "PgpGeneralException occured");
+ }
return "";
}
// get cached passphrase
- String cachedPassphrase = mPassphraseCache.get(keyId);
+ CachedPassphrase cachedPassphrase = mPassphraseCache.get(keyId);
if (cachedPassphrase == null) {
- Log.d(Constants.TAG, "PassphraseCacheService Passphrase not (yet) cached, returning null");
+ Log.d(Constants.TAG, "PassphraseCacheService: Passphrase not (yet) cached, returning null");
// not really an error, just means the passphrase is not cached but not empty either
return null;
}
// set it again to reset the cache life cycle
- Log.d(Constants.TAG, "PassphraseCacheService Cache passphrase again when getting it!");
- addCachedPassphrase(this, keyId, cachedPassphrase);
- return cachedPassphrase;
+ Log.d(Constants.TAG, "PassphraseCacheService: Cache passphrase again when getting it!");
+ addCachedPassphrase(this, keyId, cachedPassphrase.getPassphrase(), cachedPassphrase.getPrimaryUserID());
+ return cachedPassphrase.getPassphrase();
} catch (ProviderHelper.NotFoundException e) {
- Log.e(Constants.TAG, "PassphraseCacheService Passphrase for unknown key was requested!");
+ Log.e(Constants.TAG, "PassphraseCacheService: Passphrase for unknown key was requested!");
return null;
}
}
@@ -211,7 +229,7 @@ public class PassphraseCacheService extends Service {
public void onReceive(Context context, Intent intent) {
String action = intent.getAction();
- Log.d(Constants.TAG, "PassphraseCacheService Received broadcast...");
+ Log.d(Constants.TAG, "PassphraseCacheService: Received broadcast...");
if (action.equals(BROADCAST_ACTION_PASSPHRASE_CACHE_SERVICE)) {
long keyId = intent.getLongExtra(EXTRA_KEY_ID, -1);
@@ -236,10 +254,8 @@ public class PassphraseCacheService extends Service {
private static PendingIntent buildIntent(Context context, long keyId) {
Intent intent = new Intent(BROADCAST_ACTION_PASSPHRASE_CACHE_SERVICE);
intent.putExtra(EXTRA_KEY_ID, keyId);
- PendingIntent sender = PendingIntent.getBroadcast(context, REQUEST_ID, intent,
+ return PendingIntent.getBroadcast(context, REQUEST_ID, intent,
PendingIntent.FLAG_CANCEL_CURRENT);
-
- return sender;
}
/**
@@ -256,14 +272,17 @@ public class PassphraseCacheService extends Service {
if (ACTION_PASSPHRASE_CACHE_ADD.equals(intent.getAction())) {
long ttl = intent.getLongExtra(EXTRA_TTL, DEFAULT_TTL);
long keyId = intent.getLongExtra(EXTRA_KEY_ID, -1);
+
String passphrase = intent.getStringExtra(EXTRA_PASSPHRASE);
+ String primaryUserID = intent.getStringExtra(EXTRA_USER_ID);
Log.d(Constants.TAG,
- "PassphraseCacheService Received ACTION_PASSPHRASE_CACHE_ADD intent in onStartCommand() with keyId: "
- + keyId + ", ttl: " + ttl);
+ "PassphraseCacheService: Received ACTION_PASSPHRASE_CACHE_ADD intent in onStartCommand() with keyId: "
+ + keyId + ", ttl: " + ttl + ", usrId: " + primaryUserID
+ );
- // add keyId and passphrase to memory
- mPassphraseCache.put(keyId, passphrase);
+ // add keyId, passphrase and primary user id to memory
+ mPassphraseCache.put(keyId, new CachedPassphrase(passphrase, primaryUserID));
if (ttl > 0) {
// register new alarm with keyId for this passphrase
@@ -271,6 +290,8 @@ public class PassphraseCacheService extends Service {
AlarmManager am = (AlarmManager) this.getSystemService(Context.ALARM_SERVICE);
am.set(AlarmManager.RTC_WAKEUP, triggerTime, buildIntent(this, keyId));
}
+
+ updateService();
} else if (ACTION_PASSPHRASE_CACHE_GET.equals(intent.getAction())) {
long keyId = intent.getLongExtra(EXTRA_KEY_ID, -1);
Messenger messenger = intent.getParcelableExtra(EXTRA_MESSENGER);
@@ -284,10 +305,21 @@ public class PassphraseCacheService extends Service {
try {
messenger.send(msg);
} catch (RemoteException e) {
- Log.e(Constants.TAG, "PassphraseCacheService Sending message failed", e);
+ Log.e(Constants.TAG, "PassphraseCacheService: Sending message failed", e);
}
+ } else if (ACTION_PASSPHRASE_CACHE_CLEAR.equals(intent.getAction())) {
+ AlarmManager am = (AlarmManager) this.getSystemService(Context.ALARM_SERVICE);
+
+ // Stop all ttl alarms
+ for (int i = 0; i < mPassphraseCache.size(); i++) {
+ am.cancel(buildIntent(this, mPassphraseCache.keyAt(i)));
+ }
+
+ mPassphraseCache.clear();
+
+ updateService();
} else {
- Log.e(Constants.TAG, "PassphraseCacheService Intent or Intent Action not supported!");
+ Log.e(Constants.TAG, "PassphraseCacheService: Intent or Intent Action not supported!");
}
}
@@ -306,13 +338,76 @@ public class PassphraseCacheService extends Service {
Log.d(Constants.TAG, "PassphraseCacheService Timeout of keyId " + keyId + ", removed from memory!");
- // stop whole service if no cached passphrases remaining
- if (mPassphraseCache.size() == 0) {
- Log.d(Constants.TAG, "PassphraseCacheServic No passphrases remaining in memory, stopping service!");
- stopSelf();
+ updateService();
+ }
+
+ private void updateService() {
+ if (mPassphraseCache.size() > 0) {
+ startForeground(NOTIFICATION_ID, getNotification());
+ } else {
+ // stop whole service if no cached passphrases remaining
+ Log.d(Constants.TAG, "PassphraseCacheService: No passphrases remaining in memory, stopping service!");
+ stopForeground(true);
}
}
+ private Notification getNotification() {
+ NotificationCompat.Builder builder = new NotificationCompat.Builder(this);
+
+ if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN) {
+ builder.setSmallIcon(R.drawable.ic_launcher)
+ .setContentTitle(getString(R.string.app_name))
+ .setContentText(String.format(getString(R.string.passp_cache_notif_n_keys),
+ mPassphraseCache.size()));
+
+ NotificationCompat.InboxStyle inboxStyle = new NotificationCompat.InboxStyle();
+
+ inboxStyle.setBigContentTitle(getString(R.string.passp_cache_notif_keys));
+
+ // Moves events into the big view
+ for (int i = 0; i < mPassphraseCache.size(); i++) {
+ inboxStyle.addLine(mPassphraseCache.valueAt(i).getPrimaryUserID());
+ }
+
+ // Moves the big view style object into the notification object.
+ builder.setStyle(inboxStyle);
+
+ // Add purging action
+ Intent intent = new Intent(getApplicationContext(), PassphraseCacheService.class);
+ intent.setAction(ACTION_PASSPHRASE_CACHE_CLEAR);
+ builder.addAction(
+ R.drawable.abc_ic_clear_normal,
+ getString(R.string.passp_cache_notif_clear),
+ PendingIntent.getService(
+ getApplicationContext(),
+ 0,
+ intent,
+ PendingIntent.FLAG_UPDATE_CURRENT
+ )
+ );
+ } else {
+ // Fallback, since expandable notifications weren't available back then
+ builder.setSmallIcon(R.drawable.ic_launcher)
+ .setContentTitle(String.format(getString(R.string.passp_cache_notif_n_keys,
+ mPassphraseCache.size())))
+ .setContentText(getString(R.string.passp_cache_notif_click_to_clear));
+
+ Intent intent = new Intent(getApplicationContext(), PassphraseCacheService.class);
+ intent.setAction(ACTION_PASSPHRASE_CACHE_CLEAR);
+
+ builder.setContentIntent(
+ PendingIntent.getService(
+ getApplicationContext(),
+ 0,
+ intent,
+ PendingIntent.FLAG_UPDATE_CURRENT
+ )
+ );
+ }
+
+ return builder.build();
+ }
+
@Override
public void onCreate() {
super.onCreate();
@@ -341,4 +436,29 @@ public class PassphraseCacheService extends Service {
private final IBinder mBinder = new PassphraseCacheBinder();
-}
+ public class CachedPassphrase {
+ private String primaryUserID;
+ private String passphrase;
+
+ public CachedPassphrase(String passphrase, String primaryUserID) {
+ setPassphrase(passphrase);
+ setPrimaryUserID(primaryUserID);
+ }
+
+ public String getPrimaryUserID() {
+ return primaryUserID;
+ }
+
+ public String getPassphrase() {
+ return passphrase;
+ }
+
+ public void setPrimaryUserID(String primaryUserID) {
+ this.primaryUserID = primaryUserID;
+ }
+
+ public void setPassphrase(String passphrase) {
+ this.passphrase = passphrase;
+ }
+ }
+}
\ No newline at end of file
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/SaveKeyringParcel.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/SaveKeyringParcel.java
index a56095767..5e90b396e 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/SaveKeyringParcel.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/SaveKeyringParcel.java
@@ -27,23 +27,19 @@ public class SaveKeyringParcel implements Parcelable {
// the key fingerprint, for safety. MUST be null for a new key.
public byte[] mFingerprint;
- public String newPassphrase;
+ public String mNewPassphrase;
- public ArrayList addUserIds;
- public ArrayList addSubKeys;
+ public ArrayList mAddUserIds;
+ public ArrayList mAddSubKeys;
- public ArrayList changeSubKeys;
- public String changePrimaryUserId;
+ public ArrayList mChangeSubKeys;
+ public String mChangePrimaryUserId;
- public ArrayList revokeUserIds;
- public ArrayList revokeSubKeys;
+ public ArrayList mRevokeUserIds;
+ public ArrayList mRevokeSubKeys;
public SaveKeyringParcel() {
- addUserIds = new ArrayList();
- addSubKeys = new ArrayList();
- changeSubKeys = new ArrayList();
- revokeUserIds = new ArrayList();
- revokeSubKeys = new ArrayList();
+ reset();
}
public SaveKeyringParcel(long masterKeyId, byte[] fingerprint) {
@@ -52,6 +48,16 @@ public class SaveKeyringParcel implements Parcelable {
mFingerprint = fingerprint;
}
+ public void reset() {
+ mNewPassphrase = null;
+ mAddUserIds = new ArrayList();
+ mAddSubKeys = new ArrayList();
+ mChangePrimaryUserId = null;
+ mChangeSubKeys = new ArrayList();
+ mRevokeUserIds = new ArrayList();
+ mRevokeSubKeys = new ArrayList();
+ }
+
// performance gain for using Parcelable here would probably be negligible,
// use Serializable instead.
public static class SubkeyAdd implements Serializable {
@@ -70,6 +76,7 @@ public class SaveKeyringParcel implements Parcelable {
public static class SubkeyChange implements Serializable {
public long mKeyId;
public Integer mFlags;
+ // this is a long unix timestamp, in seconds (NOT MILLISECONDS!)
public Long mExpiry;
public SubkeyChange(long keyId, Integer flags, Long expiry) {
mKeyId = keyId;
@@ -82,16 +89,16 @@ public class SaveKeyringParcel implements Parcelable {
mMasterKeyId = source.readInt() != 0 ? source.readLong() : null;
mFingerprint = source.createByteArray();
- newPassphrase = source.readString();
+ mNewPassphrase = source.readString();
- addUserIds = source.createStringArrayList();
- addSubKeys = (ArrayList) source.readSerializable();
+ mAddUserIds = source.createStringArrayList();
+ mAddSubKeys = (ArrayList) source.readSerializable();
- changeSubKeys = (ArrayList) source.readSerializable();
- changePrimaryUserId = source.readString();
+ mChangeSubKeys = (ArrayList) source.readSerializable();
+ mChangePrimaryUserId = source.readString();
- revokeUserIds = source.createStringArrayList();
- revokeSubKeys = (ArrayList) source.readSerializable();
+ mRevokeUserIds = source.createStringArrayList();
+ mRevokeSubKeys = (ArrayList) source.readSerializable();
}
@Override
@@ -102,16 +109,16 @@ public class SaveKeyringParcel implements Parcelable {
}
destination.writeByteArray(mFingerprint);
- destination.writeString(newPassphrase);
+ destination.writeString(mNewPassphrase);
- destination.writeStringList(addUserIds);
- destination.writeSerializable(addSubKeys);
+ destination.writeStringList(mAddUserIds);
+ destination.writeSerializable(mAddSubKeys);
- destination.writeSerializable(changeSubKeys);
- destination.writeString(changePrimaryUserId);
+ destination.writeSerializable(mChangeSubKeys);
+ destination.writeString(mChangePrimaryUserId);
- destination.writeStringList(revokeUserIds);
- destination.writeSerializable(revokeSubKeys);
+ destination.writeStringList(mRevokeUserIds);
+ destination.writeSerializable(mRevokeSubKeys);
}
public static final Creator CREATOR = new Creator() {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/testsupport/KeyringTestingHelper.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/testsupport/KeyringTestingHelper.java
deleted file mode 100644
index a565f0707..000000000
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/testsupport/KeyringTestingHelper.java
+++ /dev/null
@@ -1,56 +0,0 @@
-package org.sufficientlysecure.keychain.testsupport;
-
-import android.content.Context;
-
-import org.sufficientlysecure.keychain.pgp.NullProgressable;
-import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
-import org.sufficientlysecure.keychain.provider.ProviderHelper;
-import org.sufficientlysecure.keychain.service.OperationResults;
-
-import java.util.Collection;
-
-/**
- * Helper for tests of the Keyring import in ProviderHelper.
- */
-public class KeyringTestingHelper {
-
- private final Context context;
-
- public KeyringTestingHelper(Context robolectricContext) {
- this.context = robolectricContext;
- }
-
- public boolean addKeyring(Collection blobFiles) throws Exception {
-
- ProviderHelper providerHelper = new ProviderHelper(context);
-
- byte[] data = TestDataUtil.readAllFully(blobFiles);
- UncachedKeyRing ring = UncachedKeyRing.decodeFromData(data);
- long masterKeyId = ring.getMasterKeyId();
-
- // Should throw an exception; key is not yet saved
- retrieveKeyAndExpectNotFound(providerHelper, masterKeyId);
-
- OperationResults.SaveKeyringResult saveKeyringResult = providerHelper.savePublicKeyRing(ring, new NullProgressable());
-
- boolean saveSuccess = saveKeyringResult.success();
-
- // Now re-retrieve the saved key. Should not throw an exception.
- providerHelper.getWrappedPublicKeyRing(masterKeyId);
-
- // A different ID should still fail
- retrieveKeyAndExpectNotFound(providerHelper, masterKeyId - 1);
-
- return saveSuccess;
- }
-
-
- private void retrieveKeyAndExpectNotFound(ProviderHelper providerHelper, long masterKeyId) {
- try {
- providerHelper.getWrappedPublicKeyRing(masterKeyId);
- throw new AssertionError("Was expecting the previous call to fail!");
- } catch (ProviderHelper.NotFoundException expectedException) {
- // good
- }
- }
-}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/testsupport/ProviderHelperStub.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/testsupport/ProviderHelperStub.java
deleted file mode 100644
index c6d834bf9..000000000
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/testsupport/ProviderHelperStub.java
+++ /dev/null
@@ -1,22 +0,0 @@
-package org.sufficientlysecure.keychain.testsupport;
-
-import android.content.Context;
-import android.net.Uri;
-
-import org.sufficientlysecure.keychain.pgp.WrappedPublicKeyRing;
-import org.sufficientlysecure.keychain.provider.ProviderHelper;
-
-/**
- * Created by art on 21/06/14.
- */
-class ProviderHelperStub extends ProviderHelper {
- public ProviderHelperStub(Context context) {
- super(context);
- }
-
- @Override
- public WrappedPublicKeyRing getWrappedPublicKeyRing(Uri id) throws NotFoundException {
- byte[] data = TestDataUtil.readFully(getClass().getResourceAsStream("/public-key-for-sample.blob"));
- return new WrappedPublicKeyRing(data, false, 0);
- }
-}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/testsupport/TestDataUtil.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/testsupport/TestDataUtil.java
deleted file mode 100644
index 9e6ede761..000000000
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/testsupport/TestDataUtil.java
+++ /dev/null
@@ -1,44 +0,0 @@
-package org.sufficientlysecure.keychain.testsupport;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.Collection;
-
-/**
- * Misc support functions. Would just use Guava / Apache Commons but
- * avoiding extra dependencies.
- */
-public class TestDataUtil {
- public static byte[] readFully(InputStream input) {
- ByteArrayOutputStream output = new ByteArrayOutputStream();
- appendToOutput(input, output);
- return output.toByteArray();
- }
-
- private static void appendToOutput(InputStream input, ByteArrayOutputStream output) {
- byte[] buffer = new byte[8192];
- int bytesRead;
- try {
- while ((bytesRead = input.read(buffer)) != -1) {
- output.write(buffer, 0, bytesRead);
- }
- } catch (IOException e) {
- throw new RuntimeException(e);
- }
- }
-
- public static byte[] readAllFully(Collection inputResources) {
- ByteArrayOutputStream output = new ByteArrayOutputStream();
-
- for (String inputResource : inputResources) {
- appendToOutput(getResourceAsStream(inputResource), output);
- }
- return output.toByteArray();
- }
-
-
- public static InputStream getResourceAsStream(String resourceName) {
- return TestDataUtil.class.getResourceAsStream(resourceName);
- }
-}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/testsupport/package-info.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/testsupport/package-info.java
deleted file mode 100644
index 1cc0f9a95..000000000
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/testsupport/package-info.java
+++ /dev/null
@@ -1,7 +0,0 @@
-/**
- * Test support classes.
- * This is only in main code because of gradle-Android Studio-robolectric issues. Having
- * classes in main code means IDE autocomplete, class detection, etc., all works.
- * TODO Move into test package when possible
- */
-package org.sufficientlysecure.keychain.testsupport;
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyActivity.java
index 7ac229b91..3c69fb071 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CertifyKeyActivity.java
@@ -20,6 +20,7 @@ package org.sufficientlysecure.keychain.ui;
import android.app.ProgressDialog;
import android.content.Intent;
import android.database.Cursor;
+import android.graphics.PorterDuff;
import android.net.Uri;
import android.os.Bundle;
import android.os.Handler;
@@ -37,12 +38,11 @@ import android.widget.ArrayAdapter;
import android.widget.CheckBox;
import android.widget.CompoundButton;
import android.widget.CompoundButton.OnCheckedChangeListener;
+import android.widget.ImageView;
import android.widget.ListView;
import android.widget.Spinner;
import android.widget.TextView;
-import com.devspark.appmsg.AppMsg;
-
import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.R;
import org.sufficientlysecure.keychain.helper.Preferences;
@@ -52,10 +52,12 @@ import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
import org.sufficientlysecure.keychain.provider.KeychainContract.UserIds;
import org.sufficientlysecure.keychain.service.KeychainIntentService;
import org.sufficientlysecure.keychain.service.KeychainIntentServiceHandler;
+import org.sufficientlysecure.keychain.service.OperationResultParcel;
import org.sufficientlysecure.keychain.service.PassphraseCacheService;
import org.sufficientlysecure.keychain.ui.adapter.UserIdsAdapter;
import org.sufficientlysecure.keychain.ui.dialog.PassphraseDialogFragment;
import org.sufficientlysecure.keychain.util.Log;
+import org.sufficientlysecure.keychain.util.Notify;
import java.util.ArrayList;
@@ -64,7 +66,8 @@ import java.util.ArrayList;
*/
public class CertifyKeyActivity extends ActionBarActivity implements
SelectSecretKeyLayoutFragment.SelectSecretKeyCallback, LoaderManager.LoaderCallbacks {
- private View mSignButton;
+ private View mCertifyButton;
+ private ImageView mActionCertifyImage;
private CheckBox mUploadKeyCheckbox;
private Spinner mSelectKeyserverSpinner;
@@ -88,10 +91,19 @@ public class CertifyKeyActivity extends ActionBarActivity implements
mSelectKeyFragment = (SelectSecretKeyLayoutFragment) getSupportFragmentManager()
.findFragmentById(R.id.sign_key_select_key_fragment);
+ mSelectKeyserverSpinner = (Spinner) findViewById(R.id.upload_key_keyserver);
+ mUploadKeyCheckbox = (CheckBox) findViewById(R.id.sign_key_upload_checkbox);
+ mCertifyButton = findViewById(R.id.certify_key_certify_button);
+ mActionCertifyImage = (ImageView) findViewById(R.id.certify_key_action_certify_image);
+ mUserIds = (ListView) findViewById(R.id.view_key_user_ids);
+
+ // make certify image gray, like action icons
+ mActionCertifyImage.setColorFilter(getResources().getColor(R.color.tertiary_text_light),
+ PorterDuff.Mode.SRC_IN);
+
mSelectKeyFragment.setCallback(this);
mSelectKeyFragment.setFilterCertify(true);
- mSelectKeyserverSpinner = (Spinner) findViewById(R.id.upload_key_keyserver);
ArrayAdapter adapter = new ArrayAdapter(this,
android.R.layout.simple_spinner_item, Preferences.getPreferences(this)
.getKeyServers()
@@ -99,7 +111,6 @@ public class CertifyKeyActivity extends ActionBarActivity implements
adapter.setDropDownViewResource(android.R.layout.simple_spinner_dropdown_item);
mSelectKeyserverSpinner.setAdapter(adapter);
- mUploadKeyCheckbox = (CheckBox) findViewById(R.id.sign_key_upload_checkbox);
if (!mUploadKeyCheckbox.isChecked()) {
mSelectKeyserverSpinner.setEnabled(false);
} else {
@@ -118,14 +129,15 @@ public class CertifyKeyActivity extends ActionBarActivity implements
}
});
- mSignButton = findViewById(R.id.sign_key_sign_button);
- mSignButton.setOnClickListener(new OnClickListener() {
+ mCertifyButton.setOnClickListener(new OnClickListener() {
@Override
public void onClick(View v) {
if (mPubKeyId != 0) {
if (mMasterKeyId == 0) {
mSelectKeyFragment.setError(getString(R.string.select_key_to_certify));
+ Notify.showNotify(CertifyKeyActivity.this, getString(R.string.select_key_to_certify),
+ Notify.Style.ERROR);
} else {
initiateSigning();
}
@@ -141,7 +153,6 @@ public class CertifyKeyActivity extends ActionBarActivity implements
}
Log.e(Constants.TAG, "uri: " + mDataUri);
- mUserIds = (ListView) findViewById(R.id.view_key_user_ids);
mUserIdsAdapter = new UserIdsAdapter(this, null, 0, true);
mUserIds.setAdapter(mUserIdsAdapter);
@@ -230,7 +241,8 @@ public class CertifyKeyActivity extends ActionBarActivity implements
startSigning();
}
}
- });
+ }
+ );
// bail out; need to wait until the user has entered the passphrase before trying again
return;
} else {
@@ -246,8 +258,8 @@ public class CertifyKeyActivity extends ActionBarActivity implements
// Bail out if there is not at least one user id selected
ArrayList userIds = mUserIdsAdapter.getSelectedUserIds();
if (userIds.isEmpty()) {
- AppMsg.makeText(CertifyKeyActivity.this, "No User IDs to sign selected!",
- AppMsg.STYLE_ALERT).show();
+ Notify.showNotify(CertifyKeyActivity.this, "No identities selected!",
+ Notify.Style.ERROR);
return;
}
@@ -274,8 +286,8 @@ public class CertifyKeyActivity extends ActionBarActivity implements
if (message.arg1 == KeychainIntentServiceHandler.MESSAGE_OKAY) {
- AppMsg.makeText(CertifyKeyActivity.this, R.string.key_certify_success,
- AppMsg.STYLE_INFO).show();
+ Notify.showNotify(CertifyKeyActivity.this, R.string.key_certify_success,
+ Notify.Style.INFO);
// check if we need to send the key to the server or not
if (mUploadKeyCheckbox.isChecked()) {
@@ -327,8 +339,10 @@ public class CertifyKeyActivity extends ActionBarActivity implements
super.handleMessage(message);
if (message.arg1 == KeychainIntentServiceHandler.MESSAGE_OKAY) {
- AppMsg.makeText(CertifyKeyActivity.this, R.string.key_send_success,
- AppMsg.STYLE_INFO).show();
+ Intent intent = new Intent();
+ intent.putExtra(OperationResultParcel.EXTRA_RESULT, message.getData());
+ Notify.showNotify(CertifyKeyActivity.this, R.string.key_send_success,
+ Notify.Style.INFO);
setResult(RESULT_OK);
finish();
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyActivity.java
new file mode 100644
index 000000000..534ac5811
--- /dev/null
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyActivity.java
@@ -0,0 +1,85 @@
+/*
+ * Copyright (C) 2014 Dominik Schürmann
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see .
+ */
+
+package org.sufficientlysecure.keychain.ui;
+
+import android.os.Bundle;
+import android.support.v4.app.Fragment;
+import android.support.v4.app.FragmentTransaction;
+import android.support.v7.app.ActionBarActivity;
+
+import org.sufficientlysecure.keychain.R;
+
+public class CreateKeyActivity extends ActionBarActivity {
+
+ public static final String EXTRA_NAME = "name";
+ public static final String EXTRA_EMAIL = "email";
+
+ public static final int FRAG_ACTION_START = 0;
+ public static final int FRAG_ACTION_TO_RIGHT = 1;
+ public static final int FRAG_ACTION_TO_LEFT = 2;
+
+ @Override
+ public void onCreate(Bundle savedInstanceState) {
+ super.onCreate(savedInstanceState);
+
+ setContentView(R.layout.create_key_activity);
+
+ // pass extras into fragment
+ CreateKeyInputFragment frag =
+ CreateKeyInputFragment.newInstance(
+ getIntent().getStringExtra(EXTRA_NAME),
+ getIntent().getStringExtra(EXTRA_EMAIL)
+ );
+ loadFragment(null, frag, FRAG_ACTION_START);
+ }
+
+ public void loadFragment(Bundle savedInstanceState, Fragment fragment, int action) {
+ // However, if we're being restored from a previous state,
+ // then we don't need to do anything and should return or else
+ // we could end up with overlapping fragments.
+ if (savedInstanceState != null) {
+ return;
+ }
+
+ // Add the fragment to the 'fragment_container' FrameLayout
+ // NOTE: We use commitAllowingStateLoss() to prevent weird crashes!
+ FragmentTransaction transaction = getSupportFragmentManager().beginTransaction();
+
+ switch (action) {
+ case FRAG_ACTION_START:
+ transaction.setCustomAnimations(0, 0);
+ transaction.replace(R.id.create_key_fragment_container, fragment)
+ .commitAllowingStateLoss();
+ break;
+ case FRAG_ACTION_TO_LEFT:
+ getSupportFragmentManager().popBackStackImmediate();
+ break;
+ case FRAG_ACTION_TO_RIGHT:
+ transaction.setCustomAnimations(R.anim.frag_slide_in_from_right, R.anim.frag_slide_out_to_left,
+ R.anim.frag_slide_in_from_left, R.anim.frag_slide_out_to_right);
+ transaction.addToBackStack(null);
+ transaction.replace(R.id.create_key_fragment_container, fragment)
+ .commitAllowingStateLoss();
+ break;
+
+ }
+ // do it immediately!
+ getSupportFragmentManager().executePendingTransactions();
+ }
+
+}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyFinalFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyFinalFragment.java
new file mode 100644
index 000000000..b64480087
--- /dev/null
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyFinalFragment.java
@@ -0,0 +1,245 @@
+/*
+ * Copyright (C) 2014 Dominik Schürmann
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see .
+ */
+
+package org.sufficientlysecure.keychain.ui;
+
+import android.app.Activity;
+import android.app.ProgressDialog;
+import android.content.Intent;
+import android.net.Uri;
+import android.os.Bundle;
+import android.os.Message;
+import android.os.Messenger;
+import android.support.v4.app.Fragment;
+import android.view.LayoutInflater;
+import android.view.View;
+import android.view.ViewGroup;
+import android.widget.CheckBox;
+import android.widget.TextView;
+
+import org.spongycastle.bcpg.sig.KeyFlags;
+import org.sufficientlysecure.keychain.Constants;
+import org.sufficientlysecure.keychain.R;
+import org.sufficientlysecure.keychain.helper.Preferences;
+import org.sufficientlysecure.keychain.provider.KeychainContract;
+import org.sufficientlysecure.keychain.service.KeychainIntentService;
+import org.sufficientlysecure.keychain.service.KeychainIntentServiceHandler;
+import org.sufficientlysecure.keychain.service.OperationResultParcel;
+import org.sufficientlysecure.keychain.service.OperationResults;
+import org.sufficientlysecure.keychain.service.SaveKeyringParcel;
+import org.sufficientlysecure.keychain.util.Notify;
+
+public class CreateKeyFinalFragment extends Fragment {
+
+ CreateKeyActivity mCreateKeyActivity;
+
+ TextView mNameEdit;
+ TextView mEmailEdit;
+ CheckBox mUploadCheckbox;
+ View mBackButton;
+ View mCreateButton;
+
+ public static final String ARG_NAME = "name";
+ public static final String ARG_EMAIL = "email";
+ public static final String ARG_PASSPHRASE = "passphrase";
+
+ String mName;
+ String mEmail;
+ String mPassphrase;
+
+ /**
+ * Creates new instance of this fragment
+ */
+ public static CreateKeyFinalFragment newInstance(String name, String email, String passphrase) {
+ CreateKeyFinalFragment frag = new CreateKeyFinalFragment();
+
+ Bundle args = new Bundle();
+ args.putString(ARG_NAME, name);
+ args.putString(ARG_EMAIL, email);
+ args.putString(ARG_PASSPHRASE, passphrase);
+
+ frag.setArguments(args);
+
+ return frag;
+ }
+
+ @Override
+ public View onCreateView(LayoutInflater inflater, ViewGroup container, Bundle savedInstanceState) {
+ View view = inflater.inflate(R.layout.create_key_final_fragment, container, false);
+
+ mNameEdit = (TextView) view.findViewById(R.id.name);
+ mEmailEdit = (TextView) view.findViewById(R.id.email);
+ mUploadCheckbox = (CheckBox) view.findViewById(R.id.create_key_upload);
+ mBackButton = view.findViewById(R.id.create_key_back_button);
+ mCreateButton = view.findViewById(R.id.create_key_create_button);
+
+ // get args
+ mName = getArguments().getString(ARG_NAME);
+ mEmail = getArguments().getString(ARG_EMAIL);
+ mPassphrase = getArguments().getString(ARG_PASSPHRASE);
+
+ // set values
+ mNameEdit.setText(mName);
+ mEmailEdit.setText(mEmail);
+
+ mCreateButton.setOnClickListener(new View.OnClickListener() {
+ @Override
+ public void onClick(View v) {
+ createKey();
+ }
+ });
+
+ mBackButton.setOnClickListener(new View.OnClickListener() {
+ @Override
+ public void onClick(View v) {
+ mCreateKeyActivity.loadFragment(null, null, CreateKeyActivity.FRAG_ACTION_TO_LEFT);
+ }
+ });
+
+ return view;
+ }
+
+ @Override
+ public void onActivityCreated(Bundle savedInstanceState) {
+ super.onActivityCreated(savedInstanceState);
+
+ mCreateKeyActivity = (CreateKeyActivity) getActivity();
+ }
+
+ private void createKey() {
+ Intent intent = new Intent(getActivity(), KeychainIntentService.class);
+ intent.setAction(KeychainIntentService.ACTION_SAVE_KEYRING);
+
+ // Message is received after importing is done in KeychainIntentService
+ KeychainIntentServiceHandler saveHandler = new KeychainIntentServiceHandler(
+ getActivity(),
+ getString(R.string.progress_importing),
+ ProgressDialog.STYLE_HORIZONTAL) {
+ public void handleMessage(Message message) {
+ // handle messages by standard KeychainIntentServiceHandler first
+ super.handleMessage(message);
+
+ if (message.arg1 == KeychainIntentServiceHandler.MESSAGE_OKAY) {
+ // get returned data bundle
+ Bundle returnData = message.getData();
+ if (returnData == null) {
+ return;
+ }
+ final OperationResults.EditKeyResult result =
+ returnData.getParcelable(OperationResultParcel.EXTRA_RESULT);
+ if (result == null) {
+ return;
+ }
+
+ if (mUploadCheckbox.isChecked()) {
+ if (result.getResult() == OperationResultParcel.RESULT_OK) {
+ // result will be displayed after upload
+ uploadKey(result);
+ } else {
+ // display result on error without finishing activity
+ result.createNotify(getActivity());
+ }
+ } else {
+ // TODO: return result
+ result.createNotify(getActivity());
+
+ getActivity().setResult(Activity.RESULT_OK);
+ getActivity().finish();
+ }
+ }
+ }
+ };
+
+ // fill values for this action
+ Bundle data = new Bundle();
+
+ SaveKeyringParcel parcel = new SaveKeyringParcel();
+ parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(Constants.choice.algorithm.rsa, 4096, KeyFlags.CERTIFY_OTHER, null));
+ parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(Constants.choice.algorithm.rsa, 4096, KeyFlags.SIGN_DATA, null));
+ parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(Constants.choice.algorithm.rsa, 4096, KeyFlags.ENCRYPT_COMMS | KeyFlags.ENCRYPT_STORAGE, null));
+ String userId = mName + " <" + mEmail + ">";
+ parcel.mAddUserIds.add(userId);
+ parcel.mNewPassphrase = mPassphrase;
+
+ // get selected key entries
+ data.putParcelable(KeychainIntentService.SAVE_KEYRING_PARCEL, parcel);
+
+ intent.putExtra(KeychainIntentService.EXTRA_DATA, data);
+
+ // Create a new Messenger for the communication back
+ Messenger messenger = new Messenger(saveHandler);
+ intent.putExtra(KeychainIntentService.EXTRA_MESSENGER, messenger);
+
+ saveHandler.showProgressDialog(getActivity());
+
+ getActivity().startService(intent);
+ }
+
+ private void uploadKey(final OperationResults.EditKeyResult editKeyResult) {
+ // Send all information needed to service to upload key in other thread
+ final Intent intent = new Intent(getActivity(), KeychainIntentService.class);
+
+ intent.setAction(KeychainIntentService.ACTION_UPLOAD_KEYRING);
+
+ // set data uri as path to keyring
+ Uri blobUri = KeychainContract.KeyRingData.buildPublicKeyRingUri(
+ Long.toString(editKeyResult.mRingMasterKeyId)
+ );
+ intent.setData(blobUri);
+
+ // fill values for this action
+ Bundle data = new Bundle();
+
+ // upload to favorite keyserver
+ String keyserver = Preferences.getPreferences(getActivity()).getKeyServers()[0];
+ data.putString(KeychainIntentService.UPLOAD_KEY_SERVER, keyserver);
+
+ intent.putExtra(KeychainIntentService.EXTRA_DATA, data);
+
+ // Message is received after uploading is done in KeychainIntentService
+ KeychainIntentServiceHandler saveHandler = new KeychainIntentServiceHandler(getActivity(),
+ getString(R.string.progress_exporting), ProgressDialog.STYLE_HORIZONTAL) {
+ public void handleMessage(Message message) {
+ // handle messages by standard KeychainIntentServiceHandler first
+ super.handleMessage(message);
+
+ if (message.arg1 == KeychainIntentServiceHandler.MESSAGE_OKAY) {
+ // TODO: return results
+
+ editKeyResult.createNotify(getActivity());
+
+ Notify.showNotify(getActivity(), R.string.key_send_success,
+ Notify.Style.INFO);
+
+ getActivity().setResult(Activity.RESULT_OK);
+ getActivity().finish();
+ }
+ }
+ };
+
+ // Create a new Messenger for the communication back
+ Messenger messenger = new Messenger(saveHandler);
+ intent.putExtra(KeychainIntentService.EXTRA_MESSENGER, messenger);
+
+ // show progress dialog
+ saveHandler.showProgressDialog(getActivity());
+
+ // start service with intent
+ getActivity().startService(intent);
+ }
+
+}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyInputFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyInputFragment.java
new file mode 100644
index 000000000..ef5a3b145
--- /dev/null
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyInputFragment.java
@@ -0,0 +1,214 @@
+/*
+ * Copyright (C) 2014 Dominik Schürmann
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see .
+ */
+
+package org.sufficientlysecure.keychain.ui;
+
+import android.content.Context;
+import android.os.Bundle;
+import android.support.v4.app.Fragment;
+import android.text.Editable;
+import android.text.TextWatcher;
+import android.util.Patterns;
+import android.view.LayoutInflater;
+import android.view.View;
+import android.view.ViewGroup;
+import android.view.inputmethod.InputMethodManager;
+import android.widget.ArrayAdapter;
+import android.widget.AutoCompleteTextView;
+import android.widget.EditText;
+
+import org.sufficientlysecure.keychain.R;
+import org.sufficientlysecure.keychain.helper.ContactHelper;
+
+import java.util.regex.Matcher;
+
+public class CreateKeyInputFragment extends Fragment {
+
+ CreateKeyActivity mCreateKeyActivity;
+
+ AutoCompleteTextView mNameEdit;
+ AutoCompleteTextView mEmailEdit;
+ EditText mPassphraseEdit;
+ EditText mPassphraseEditAgain;
+ View mCreateButton;
+
+ public static final String ARG_NAME = "name";
+ public static final String ARG_EMAIL = "email";
+
+ /**
+ * Creates new instance of this fragment
+ */
+ public static CreateKeyInputFragment newInstance(String name, String email) {
+ CreateKeyInputFragment frag = new CreateKeyInputFragment();
+
+ Bundle args = new Bundle();
+ args.putString(ARG_NAME, name);
+ args.putString(ARG_EMAIL, email);
+
+ frag.setArguments(args);
+
+ return frag;
+ }
+
+ @Override
+ public View onCreateView(LayoutInflater inflater, ViewGroup container, Bundle savedInstanceState) {
+ View view = inflater.inflate(R.layout.create_key_input_fragment, container, false);
+
+ mNameEdit = (AutoCompleteTextView) view.findViewById(R.id.name);
+ mEmailEdit = (AutoCompleteTextView) view.findViewById(R.id.email);
+ mPassphraseEdit = (EditText) view.findViewById(R.id.passphrase);
+ mPassphraseEditAgain = (EditText) view.findViewById(R.id.passphrase_again);
+ mCreateButton = view.findViewById(R.id.create_key_button);
+
+ // initial values
+ String name = getArguments().getString(ARG_NAME);
+ String email = getArguments().getString(ARG_EMAIL);
+ mNameEdit.setText(name);
+ mEmailEdit.setText(email);
+
+ // focus non-empty edit fields
+ if (name != null && email != null) {
+ mPassphraseEdit.requestFocus();
+ } else if (name != null) {
+ mEmailEdit.requestFocus();
+ }
+
+ mEmailEdit.setThreshold(1); // Start working from first character
+ mEmailEdit.setAdapter(
+ new ArrayAdapter
+ (getActivity(), android.R.layout.simple_spinner_dropdown_item,
+ ContactHelper.getPossibleUserEmails(getActivity())
+ )
+ );
+ mEmailEdit.addTextChangedListener(new TextWatcher() {
+ @Override
+ public void beforeTextChanged(CharSequence charSequence, int i, int i2, int i3) {
+ }
+
+ @Override
+ public void onTextChanged(CharSequence charSequence, int i, int i2, int i3) {
+ }
+
+ @Override
+ public void afterTextChanged(Editable editable) {
+ String email = editable.toString();
+ if (email.length() > 0) {
+ Matcher emailMatcher = Patterns.EMAIL_ADDRESS.matcher(email);
+ if (emailMatcher.matches()) {
+ mEmailEdit.setCompoundDrawablesWithIntrinsicBounds(0, 0,
+ R.drawable.uid_mail_ok, 0);
+ } else {
+ mEmailEdit.setCompoundDrawablesWithIntrinsicBounds(0, 0,
+ R.drawable.uid_mail_bad, 0);
+ }
+ } else {
+ // remove drawable if email is empty
+ mEmailEdit.setCompoundDrawablesWithIntrinsicBounds(0, 0, 0, 0);
+ }
+ }
+ });
+
+ mNameEdit.setThreshold(1); // Start working from first character
+ mNameEdit.setAdapter(
+ new ArrayAdapter
+ (getActivity(), android.R.layout.simple_spinner_dropdown_item,
+ ContactHelper.getPossibleUserNames(getActivity())
+ )
+ );
+
+ mCreateButton.setOnClickListener(new View.OnClickListener() {
+ @Override
+ public void onClick(View v) {
+ createKeyCheck();
+ }
+ });
+
+ return view;
+ }
+
+ @Override
+ public void onActivityCreated(Bundle savedInstanceState) {
+ super.onActivityCreated(savedInstanceState);
+
+ mCreateKeyActivity = (CreateKeyActivity) getActivity();
+ }
+
+ private void createKeyCheck() {
+ if (isEditTextNotEmpty(getActivity(), mNameEdit)
+ && isEditTextNotEmpty(getActivity(), mEmailEdit)
+ && isEditTextNotEmpty(getActivity(), mPassphraseEdit)
+ && areEditTextsEqual(getActivity(), mPassphraseEdit, mPassphraseEditAgain)) {
+
+ CreateKeyFinalFragment frag =
+ CreateKeyFinalFragment.newInstance(
+ mNameEdit.getText().toString(),
+ mEmailEdit.getText().toString(),
+ mPassphraseEdit.getText().toString()
+ );
+
+ hideKeyboard();
+ mCreateKeyActivity.loadFragment(null, frag, CreateKeyActivity.FRAG_ACTION_TO_RIGHT);
+ }
+ }
+
+ private void hideKeyboard() {
+ InputMethodManager inputManager = (InputMethodManager) getActivity()
+ .getSystemService(Context.INPUT_METHOD_SERVICE);
+
+ //check if no view has focus:
+ View v = getActivity().getCurrentFocus();
+ if (v == null)
+ return;
+
+ inputManager.hideSoftInputFromWindow(v.getWindowToken(), 0);
+ }
+
+ /**
+ * Checks if text of given EditText is not empty. If it is empty an error is
+ * set and the EditText gets the focus.
+ *
+ * @param context
+ * @param editText
+ * @return true if EditText is not empty
+ */
+ private static boolean isEditTextNotEmpty(Context context, EditText editText) {
+ boolean output = true;
+ if (editText.getText().toString().length() == 0) {
+ editText.setError(context.getString(R.string.create_key_empty));
+ editText.requestFocus();
+ output = false;
+ } else {
+ editText.setError(null);
+ }
+
+ return output;
+ }
+
+ private static boolean areEditTextsEqual(Context context, EditText editText1, EditText editText2) {
+ boolean output = true;
+ if (!editText1.getText().toString().equals(editText2.getText().toString())) {
+ editText2.setError(context.getString(R.string.create_key_passphrases_not_equal));
+ editText2.requestFocus();
+ output = false;
+ } else {
+ editText2.setError(null);
+ }
+
+ return output;
+ }
+
+}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFileFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFileFragment.java
index dd05537ef..5b61c3f52 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFileFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFileFragment.java
@@ -28,6 +28,9 @@ import android.view.LayoutInflater;
import android.view.View;
import android.view.ViewGroup;
import android.widget.CheckBox;
+import android.widget.EditText;
+import android.widget.ImageButton;
+
import android.widget.TextView;
import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.R;
@@ -107,7 +110,6 @@ public class DecryptFileFragment extends DecryptFragment {
private void decryptAction() {
if (mInputUri == null) {
- //AppMsg.makeText(getActivity(), R.string.no_file_selected, AppMsg.STYLE_ALERT).show();
Notify.showNotify(getActivity(), R.string.no_file_selected, Notify.Style.ERROR);
return;
}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFragment.java
index d450bdcca..16a7b911e 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFragment.java
@@ -132,7 +132,7 @@ public abstract class DecryptFragment extends Fragment {
mResultText.setText(R.string.decrypt_result_decrypted_and_signature_certified);
}
- mResultLayout.setBackgroundColor(getResources().getColor(R.color.result_green));
+ mResultLayout.setBackgroundColor(getResources().getColor(R.color.android_green_light));
mSignatureStatusImage.setImageResource(R.drawable.overlay_ok);
mSignatureLayout.setVisibility(View.VISIBLE);
mLookupKey.setVisibility(View.GONE);
@@ -146,7 +146,7 @@ public abstract class DecryptFragment extends Fragment {
mResultText.setText(R.string.decrypt_result_decrypted_and_signature_uncertified);
}
- mResultLayout.setBackgroundColor(getResources().getColor(R.color.result_orange));
+ mResultLayout.setBackgroundColor(getResources().getColor(R.color.android_orange_light));
mSignatureStatusImage.setImageResource(R.drawable.overlay_ok);
mSignatureLayout.setVisibility(View.VISIBLE);
mLookupKey.setVisibility(View.GONE);
@@ -160,7 +160,7 @@ public abstract class DecryptFragment extends Fragment {
mResultText.setText(R.string.decrypt_result_decrypted_unknown_pub_key);
}
- mResultLayout.setBackgroundColor(getResources().getColor(R.color.result_orange));
+ mResultLayout.setBackgroundColor(getResources().getColor(R.color.android_orange_light));
mSignatureStatusImage.setImageResource(R.drawable.overlay_error);
mSignatureLayout.setVisibility(View.VISIBLE);
mLookupKey.setVisibility(View.VISIBLE);
@@ -170,7 +170,7 @@ public abstract class DecryptFragment extends Fragment {
case OpenPgpSignatureResult.SIGNATURE_ERROR: {
mResultText.setText(R.string.decrypt_result_invalid_signature);
- mResultLayout.setBackgroundColor(getResources().getColor(R.color.result_red));
+ mResultLayout.setBackgroundColor(getResources().getColor(R.color.android_red_light));
mSignatureStatusImage.setImageResource(R.drawable.overlay_error);
mSignatureLayout.setVisibility(View.GONE);
mLookupKey.setVisibility(View.GONE);
@@ -180,7 +180,7 @@ public abstract class DecryptFragment extends Fragment {
default: {
mResultText.setText(R.string.error);
- mResultLayout.setBackgroundColor(getResources().getColor(R.color.result_red));
+ mResultLayout.setBackgroundColor(getResources().getColor(R.color.android_red_light));
mSignatureStatusImage.setImageResource(R.drawable.overlay_error);
mSignatureLayout.setVisibility(View.GONE);
mLookupKey.setVisibility(View.GONE);
@@ -192,7 +192,7 @@ public abstract class DecryptFragment extends Fragment {
mLookupKey.setVisibility(View.GONE);
// successful decryption-only
- mResultLayout.setBackgroundColor(getResources().getColor(R.color.result_purple));
+ mResultLayout.setBackgroundColor(getResources().getColor(R.color.android_purple_light));
mResultText.setText(R.string.decrypt_result_decrypted);
}
}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptMessageFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptMessageFragment.java
index 2db6c232c..cf7a0b4b8 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptMessageFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptMessageFragment.java
@@ -27,7 +27,7 @@ import android.view.View;
import android.view.View.OnClickListener;
import android.view.ViewGroup;
import android.widget.EditText;
-import com.devspark.appmsg.AppMsg;
+
import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.R;
import org.sufficientlysecure.keychain.compatibility.ClipboardReflection;
@@ -36,6 +36,7 @@ import org.sufficientlysecure.keychain.pgp.PgpHelper;
import org.sufficientlysecure.keychain.service.KeychainIntentService;
import org.sufficientlysecure.keychain.service.KeychainIntentServiceHandler;
import org.sufficientlysecure.keychain.util.Log;
+import org.sufficientlysecure.keychain.util.Notify;
import java.util.regex.Matcher;
@@ -105,12 +106,10 @@ public class DecryptMessageFragment extends DecryptFragment {
mCiphertext = matcher.group(1);
decryptStart(null);
} else {
- AppMsg.makeText(getActivity(), R.string.error_invalid_data, AppMsg.STYLE_ALERT)
- .show();
+ Notify.showNotify(getActivity(), R.string.error_invalid_data, Notify.Style.ERROR);
}
} else {
- AppMsg.makeText(getActivity(), R.string.error_invalid_data, AppMsg.STYLE_ALERT)
- .show();
+ Notify.showNotify(getActivity(), R.string.error_invalid_data, Notify.Style.ERROR);
}
}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EditKeyActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EditKeyActivity.java
index d80425c3c..6ddaec17f 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EditKeyActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EditKeyActivity.java
@@ -33,7 +33,7 @@ public class EditKeyActivity extends ActionBarActivity {
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
- setContentView(R.layout.edit_key_activity_new);
+ setContentView(R.layout.edit_key_activity);
Uri dataUri = getIntent().getData();
if (dataUri == null) {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EditKeyActivityOld.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EditKeyActivityOld.java
deleted file mode 100644
index 51457cd45..000000000
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EditKeyActivityOld.java
+++ /dev/null
@@ -1,744 +0,0 @@
-/*
- * Copyright (C) 2012-2014 Dominik Schürmann
- * Copyright (C) 2010-2014 Thialfihar
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see .
- */
-
-package org.sufficientlysecure.keychain.ui;
-
-import android.content.Context;
-import android.content.DialogInterface;
-import android.content.Intent;
-import android.net.Uri;
-import android.os.Bundle;
-import android.os.Handler;
-import android.os.Message;
-import android.os.Messenger;
-import android.support.v4.app.ActivityCompat;
-import android.support.v7.app.ActionBarActivity;
-import android.view.LayoutInflater;
-import android.view.View;
-import android.view.View.OnClickListener;
-import android.view.ViewGroup;
-import android.widget.Button;
-import android.widget.CheckBox;
-import android.widget.CompoundButton;
-import android.widget.CompoundButton.OnCheckedChangeListener;
-import android.widget.LinearLayout;
-import android.widget.Toast;
-
-import com.devspark.appmsg.AppMsg;
-
-import org.sufficientlysecure.keychain.Constants;
-import org.sufficientlysecure.keychain.R;
-import org.sufficientlysecure.keychain.helper.ActionBarHelper;
-import org.sufficientlysecure.keychain.helper.ExportHelper;
-import org.sufficientlysecure.keychain.pgp.KeyRing;
-import org.sufficientlysecure.keychain.pgp.UncachedSecretKey;
-import org.sufficientlysecure.keychain.pgp.WrappedSecretKey;
-import org.sufficientlysecure.keychain.pgp.WrappedSecretKeyRing;
-import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
-import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
-import org.sufficientlysecure.keychain.provider.ProviderHelper;
-import org.sufficientlysecure.keychain.service.PassphraseCacheService;
-import org.sufficientlysecure.keychain.ui.dialog.CustomAlertDialogBuilder;
-import org.sufficientlysecure.keychain.ui.dialog.PassphraseDialogFragment;
-import org.sufficientlysecure.keychain.ui.dialog.SetPassphraseDialogFragment;
-import org.sufficientlysecure.keychain.ui.widget.Editor;
-import org.sufficientlysecure.keychain.ui.widget.Editor.EditorListener;
-import org.sufficientlysecure.keychain.ui.widget.KeyEditor;
-import org.sufficientlysecure.keychain.ui.widget.SectionView;
-import org.sufficientlysecure.keychain.ui.widget.UserIdEditor;
-import org.sufficientlysecure.keychain.util.Log;
-
-import java.util.ArrayList;
-import java.util.Calendar;
-import java.util.List;
-import java.util.Vector;
-
-public class EditKeyActivityOld extends ActionBarActivity implements EditorListener {
-
- // Actions for internal use only:
- public static final String ACTION_CREATE_KEY = Constants.INTENT_PREFIX + "CREATE_KEY";
- public static final String ACTION_EDIT_KEY = Constants.INTENT_PREFIX + "EDIT_KEY";
-
- // possible extra keys
- public static final String EXTRA_USER_IDS = "user_ids";
- public static final String EXTRA_NO_PASSPHRASE = "no_passphrase";
- public static final String EXTRA_GENERATE_DEFAULT_KEYS = "generate_default_keys";
-
- // EDIT
- private Uri mDataUri;
-
- private SectionView mUserIdsView;
- private SectionView mKeysView;
-
- private String mCurrentPassphrase = null;
- private String mNewPassphrase = null;
- private String mSavedNewPassphrase = null;
- private boolean mIsPassphraseSet;
- private boolean mNeedsSaving;
- private boolean mIsBrandNewKeyring = false;
-
- private Button mChangePassphrase;
-
- private CheckBox mNoPassphrase;
-
- Vector mUserIds;
- Vector mKeys;
- Vector mKeysUsages;
- boolean mMasterCanSign = true;
-
- ExportHelper mExportHelper;
-
- public boolean needsSaving() {
- mNeedsSaving = (mUserIdsView == null) ? false : mUserIdsView.needsSaving();
- mNeedsSaving |= (mKeysView == null) ? false : mKeysView.needsSaving();
- mNeedsSaving |= hasPassphraseChanged();
- mNeedsSaving |= mIsBrandNewKeyring;
- return mNeedsSaving;
- }
-
-
- public void somethingChanged() {
- ActivityCompat.invalidateOptionsMenu(this);
- }
-
- public void onDeleted(Editor e, boolean wasNewItem) {
- somethingChanged();
- }
-
- public void onEdited() {
- somethingChanged();
- }
-
- @Override
- public void onCreate(Bundle savedInstanceState) {
- super.onCreate(savedInstanceState);
-
- mExportHelper = new ExportHelper(this);
-
- // Inflate a "Done"/"Cancel" custom action bar view
- ActionBarHelper.setTwoButtonView(getSupportActionBar(),
- R.string.btn_save, R.drawable.ic_action_save,
- new View.OnClickListener() {
- @Override
- public void onClick(View v) {
- // Save
- saveClicked();
- }
- }, R.string.menu_key_edit_cancel, R.drawable.ic_action_cancel,
- new View.OnClickListener() {
- @Override
- public void onClick(View v) {
- // Cancel
- cancelClicked();
- }
- }
- );
-
- mUserIds = new Vector();
- mKeys = new Vector();
- mKeysUsages = new Vector();
-
- // Catch Intents opened from other apps
- Intent intent = getIntent();
- String action = intent.getAction();
- if (ACTION_CREATE_KEY.equals(action)) {
- handleActionCreateKey(intent);
- } else if (ACTION_EDIT_KEY.equals(action)) {
- handleActionEditKey(intent);
- }
- }
-
- /**
- * Handle intent action to create new key
- *
- * @param intent
- */
- private void handleActionCreateKey(Intent intent) {
- Bundle extras = intent.getExtras();
-
- mCurrentPassphrase = "";
- mIsBrandNewKeyring = true;
-
- if (extras != null) {
- // if userId is given, prefill the fields
- if (extras.containsKey(EXTRA_USER_IDS)) {
- Log.d(Constants.TAG, "UserIds are given!");
- mUserIds.add(extras.getString(EXTRA_USER_IDS));
- }
-
- // if no passphrase is given
- if (extras.containsKey(EXTRA_NO_PASSPHRASE)) {
- boolean noPassphrase = extras.getBoolean(EXTRA_NO_PASSPHRASE);
- if (noPassphrase) {
- // check "no passphrase" checkbox and remove button
- mNoPassphrase.setChecked(true);
- mChangePassphrase.setVisibility(View.GONE);
- }
- }
-
- // generate key
- if (extras.containsKey(EXTRA_GENERATE_DEFAULT_KEYS)) {
- /*
- boolean generateDefaultKeys = extras.getBoolean(EXTRA_GENERATE_DEFAULT_KEYS);
- if (generateDefaultKeys) {
-
- // fill values for this action
- Bundle data = new Bundle();
- data.putString(KeychainIntentService.GENERATE_KEY_SYMMETRIC_PASSPHRASE,
- mCurrentPassphrase);
-
- serviceIntent.putExtra(KeychainIntentService.EXTRA_DATA, data);
-
- // Message is received after generating is done in KeychainIntentService
- KeychainIntentServiceHandler saveHandler = new KeychainIntentServiceHandler(
- this, getResources().getQuantityString(R.plurals.progress_generating, 1),
- ProgressDialog.STYLE_HORIZONTAL, true,
-
- new DialogInterface.OnCancelListener() {
- @Override
- public void onCancel(DialogInterface dialog) {
- // Stop key generation on cancel
- stopService(serviceIntent);
- EditKeyActivity.this.setResult(Activity.RESULT_CANCELED);
- EditKeyActivity.this.finish();
- }
- }) {
-
- @Override
- public void handleMessage(Message message) {
- // handle messages by standard KeychainIntentServiceHandler first
- super.handleMessage(message);
-
- if (message.arg1 == KeychainIntentServiceHandler.MESSAGE_OKAY) {
- // get new key from data bundle returned from service
- Bundle data = message.getDataAsStringList();
-
- ArrayList newKeys =
- PgpConversionHelper.BytesToPGPSecretKeyList(data
- .getByteArray(KeychainIntentService.RESULT_NEW_KEY));
-
- ArrayList keyUsageFlags = data.getIntegerArrayList(
- KeychainIntentService.RESULT_KEY_USAGES);
-
- if (newKeys.size() == keyUsageFlags.size()) {
- for (int i = 0; i < newKeys.size(); ++i) {
- mKeys.add(newKeys.get(i));
- mKeysUsages.add(keyUsageFlags.get(i));
- }
- }
-
- buildLayout(true);
- }
- }
- };
-
- // Create a new Messenger for the communication back
- Messenger messenger = new Messenger(saveHandler);
- serviceIntent.putExtra(KeychainIntentService.EXTRA_MESSENGER, messenger);
-
- saveHandler.showProgressDialog(this);
-
- // start service with intent
- startService(serviceIntent);
- }
- */
- }
- } else {
- buildLayout(false);
- }
- }
-
- /**
- * Handle intent action to edit existing key
- *
- * @param intent
- */
- private void handleActionEditKey(Intent intent) {
- mDataUri = intent.getData();
- if (mDataUri == null) {
- Log.e(Constants.TAG, "Intent data missing. Should be Uri of key!");
- finish();
- } else {
- Log.d(Constants.TAG, "uri: " + mDataUri);
-
- try {
- Uri secretUri = KeyRings.buildUnifiedKeyRingUri(mDataUri);
- WrappedSecretKeyRing keyRing = new ProviderHelper(this).getWrappedSecretKeyRing(secretUri);
-
- mMasterCanSign = keyRing.getSubKey().canCertify();
- for (WrappedSecretKey key : keyRing.secretKeyIterator()) {
- // Turn into uncached instance
- mKeys.add(key.getUncached());
- mKeysUsages.add(key.getKeyUsage()); // get usage when view is created
- }
-
- boolean isSet = false;
- for (String userId : keyRing.getSubKey().getUserIds()) {
- Log.d(Constants.TAG, "Added userId " + userId);
- if (!isSet) {
- isSet = true;
- String[] parts = KeyRing.splitUserId(userId);
- if (parts[0] != null) {
- setTitle(parts[0]);
- }
- }
- mUserIds.add(userId);
- }
-
- buildLayout(false);
-
- mCurrentPassphrase = "";
- mIsPassphraseSet = keyRing.hasPassphrase();
- if (!mIsPassphraseSet) {
- // check "no passphrase" checkbox and remove button
- mNoPassphrase.setChecked(true);
- mChangePassphrase.setVisibility(View.GONE);
- }
-
- } catch (ProviderHelper.NotFoundException e) {
- Log.e(Constants.TAG, "Keyring not found: " + e.getMessage(), e);
- Toast.makeText(this, R.string.error_no_secret_key_found, Toast.LENGTH_SHORT).show();
- finish();
- }
-
- }
- }
-
- /**
- * Shows the dialog to set a new passphrase
- */
- private void showSetPassphraseDialog() {
- // Message is received after passphrase is cached
- Handler returnHandler = new Handler() {
- @Override
- public void handleMessage(Message message) {
- if (message.what == SetPassphraseDialogFragment.MESSAGE_OKAY) {
- Bundle data = message.getData();
-
- // set new returned passphrase!
- mNewPassphrase = data
- .getString(SetPassphraseDialogFragment.MESSAGE_NEW_PASSPHRASE);
-
- updatePassphraseButtonText();
- somethingChanged();
- }
- }
- };
-
- // Create a new Messenger for the communication back
- Messenger messenger = new Messenger(returnHandler);
-
- // set title based on isPassphraseSet()
- int title;
- if (isPassphraseSet()) {
- title = R.string.title_change_passphrase;
- } else {
- title = R.string.title_set_passphrase;
- }
-
- SetPassphraseDialogFragment setPassphraseDialog = SetPassphraseDialogFragment.newInstance(
- messenger, null, title);
-
- setPassphraseDialog.show(getSupportFragmentManager(), "setPassphraseDialog");
- }
-
- /**
- * Build layout based on mUserId, mKeys and mKeysUsages Vectors. It creates Views for every user
- * id and key.
- *
- * @param newKeys
- */
- private void buildLayout(boolean newKeys) {
- setContentView(R.layout.edit_key_activity);
-
- // find views
- mChangePassphrase = (Button) findViewById(R.id.edit_key_btn_change_passphrase);
- mNoPassphrase = (CheckBox) findViewById(R.id.edit_key_no_passphrase);
- // Build layout based on given userIds and keys
-
- LayoutInflater inflater = (LayoutInflater) getSystemService(Context.LAYOUT_INFLATER_SERVICE);
-
- LinearLayout container = (LinearLayout) findViewById(R.id.edit_key_container);
- if (mIsPassphraseSet) {
- mChangePassphrase.setText(getString(R.string.btn_change_passphrase));
- }
- mUserIdsView = (SectionView) inflater.inflate(R.layout.edit_key_section, container, false);
- mUserIdsView.setType(SectionView.TYPE_USER_ID);
- mUserIdsView.setCanBeEdited(mMasterCanSign);
- mUserIdsView.setUserIds(mUserIds);
- mUserIdsView.setEditorListener(this);
- container.addView(mUserIdsView);
- mKeysView = (SectionView) inflater.inflate(R.layout.edit_key_section, container, false);
- mKeysView.setType(SectionView.TYPE_KEY);
- mKeysView.setCanBeEdited(mMasterCanSign);
- mKeysView.setKeys(mKeys, mKeysUsages, newKeys);
- mKeysView.setEditorListener(this);
- container.addView(mKeysView);
-
- updatePassphraseButtonText();
-
- mChangePassphrase.setOnClickListener(new OnClickListener() {
- public void onClick(View v) {
- showSetPassphraseDialog();
- }
- });
-
- // disable passphrase when no passphrase checkbox is checked!
- mNoPassphrase.setOnCheckedChangeListener(new OnCheckedChangeListener() {
-
- @Override
- public void onCheckedChanged(CompoundButton buttonView, boolean isChecked) {
- if (isChecked) {
- // remove passphrase
- mSavedNewPassphrase = mNewPassphrase;
- mNewPassphrase = "";
- mChangePassphrase.setVisibility(View.GONE);
- } else {
- mNewPassphrase = mSavedNewPassphrase;
- mChangePassphrase.setVisibility(View.VISIBLE);
- }
- somethingChanged();
- }
- });
- }
-
- private long getMasterKeyId() {
- if (mKeysView.getEditors().getChildCount() == 0) {
- return 0;
- }
- return ((KeyEditor) mKeysView.getEditors().getChildAt(0)).getValue().getKeyId();
- }
-
- public boolean isPassphraseSet() {
- if (mNoPassphrase.isChecked()) {
- return true;
- } else if ((mIsPassphraseSet)
- || (mNewPassphrase != null && !mNewPassphrase.equals(""))) {
- return true;
- } else {
- return false;
- }
- }
-
- public boolean hasPassphraseChanged() {
- if (mNoPassphrase != null) {
- if (mNoPassphrase.isChecked()) {
- return mIsPassphraseSet;
- } else {
- return (mNewPassphrase != null && !mNewPassphrase.equals(""));
- }
- } else {
- return false;
- }
- }
-
- private void saveClicked() {
- final long masterKeyId = getMasterKeyId();
- if (needsSaving()) { //make sure, as some versions don't support invalidateOptionsMenu
- try {
- if (!isPassphraseSet()) {
- throw new PgpGeneralException(this.getString(R.string.set_a_passphrase));
- }
-
- String passphrase;
- if (mIsPassphraseSet) {
- passphrase = PassphraseCacheService.getCachedPassphrase(this, masterKeyId);
- } else {
- passphrase = "";
- }
- if (passphrase == null) {
- PassphraseDialogFragment.show(this, masterKeyId,
- new Handler() {
- @Override
- public void handleMessage(Message message) {
- if (message.what == PassphraseDialogFragment.MESSAGE_OKAY) {
- mCurrentPassphrase = PassphraseCacheService.getCachedPassphrase(
- EditKeyActivityOld.this, masterKeyId);
- checkEmptyIDsWanted();
- }
- }
- });
- } else {
- mCurrentPassphrase = passphrase;
- checkEmptyIDsWanted();
- }
- } catch (PgpGeneralException e) {
- AppMsg.makeText(this, getString(R.string.error_message, e.getMessage()),
- AppMsg.STYLE_ALERT).show();
- }
- } else {
- AppMsg.makeText(this, R.string.error_change_something_first, AppMsg.STYLE_ALERT).show();
- }
- }
-
- private void checkEmptyIDsWanted() {
- try {
- ArrayList userIDs = getUserIds(mUserIdsView);
- List newIDs = mUserIdsView.getNewIDFlags();
- ArrayList originalIDs = mUserIdsView.getOriginalIDs();
- int curID = 0;
- for (String userID : userIDs) {
- if (userID.equals("") && (!userID.equals(originalIDs.get(curID)) || newIDs.get(curID))) {
- CustomAlertDialogBuilder alert = new CustomAlertDialogBuilder(
- EditKeyActivityOld.this);
-
- alert.setIcon(R.drawable.ic_dialog_alert_holo_light);
- alert.setTitle(R.string.warning);
- alert.setMessage(EditKeyActivityOld.this.getString(R.string.ask_empty_id_ok));
-
- alert.setPositiveButton(EditKeyActivityOld.this.getString(android.R.string.yes),
- new DialogInterface.OnClickListener() {
- public void onClick(DialogInterface dialog, int id) {
- dialog.dismiss();
- finallySaveClicked();
- }
- }
- );
- alert.setNegativeButton(this.getString(android.R.string.no),
- new DialogInterface.OnClickListener() {
- public void onClick(DialogInterface dialog, int id) {
- dialog.dismiss();
- }
- }
- );
- alert.setCancelable(false);
- alert.show();
- return;
- }
- curID++;
- }
- } catch (PgpGeneralException e) {
- Log.e(Constants.TAG, getString(R.string.error_message, e.getMessage()));
- AppMsg.makeText(this, getString(R.string.error_message, e.getMessage()), AppMsg.STYLE_ALERT).show();
- }
- finallySaveClicked();
- }
-
- private boolean[] toPrimitiveArray(final List booleanList) {
- final boolean[] primitives = new boolean[booleanList.size()];
- int index = 0;
- for (Boolean object : booleanList) {
- primitives[index++] = object;
- }
- return primitives;
- }
-
- private void finallySaveClicked() {
- /*
- try {
- // Send all information needed to service to edit key in other thread
- Intent intent = new Intent(this, KeychainIntentService.class);
-
- intent.setAction(KeychainIntentService.ACTION_SAVE_KEYRING);
-
- OldSaveKeyringParcel saveParams = new OldSaveKeyringParcel();
- saveParams.userIds = getUserIds(mUserIdsView);
- saveParams.originalIDs = mUserIdsView.getOriginalIDs();
- saveParams.deletedIDs = mUserIdsView.getDeletedIDs();
- saveParams.newIDs = toPrimitiveArray(mUserIdsView.getNewIDFlags());
- saveParams.primaryIDChanged = mUserIdsView.primaryChanged();
- saveParams.moddedKeys = toPrimitiveArray(mKeysView.getNeedsSavingArray());
- saveParams.deletedKeys = mKeysView.getDeletedKeys();
- saveParams.keysExpiryDates = getKeysExpiryDates(mKeysView);
- saveParams.keysUsages = getKeysUsages(mKeysView);
- saveParams.newPassphrase = mNewPassphrase;
- saveParams.oldPassphrase = mCurrentPassphrase;
- saveParams.newKeys = toPrimitiveArray(mKeysView.getNewKeysArray());
- saveParams.keys = getKeys(mKeysView);
- saveParams.originalPrimaryID = mUserIdsView.getOriginalPrimaryID();
-
- // fill values for this action
- Bundle data = new Bundle();
- data.putBoolean(KeychainIntentService.SAVE_KEYRING_CAN_SIGN, mMasterCanSign);
- data.putParcelable(KeychainIntentService.SAVE_KEYRING_PARCEL, saveParams);
-
- intent.putExtra(KeychainIntentService.EXTRA_DATA, data);
-
- // Message is received after saving is done in KeychainIntentService
- KeychainIntentServiceHandler saveHandler = new KeychainIntentServiceHandler(this,
- getString(R.string.progress_saving), ProgressDialog.STYLE_HORIZONTAL) {
- public void handleMessage(Message message) {
- // handle messages by standard KeychainIntentServiceHandler first
- super.handleMessage(message);
-
- if (message.arg1 == KeychainIntentServiceHandler.MESSAGE_OKAY) {
- Intent data = new Intent();
-
- // return uri pointing to new created key
- Uri uri = KeyRings.buildGenericKeyRingUri(getMasterKeyId());
- data.setData(uri);
-
- setResult(RESULT_OK, data);
- finish();
- }
- }
- };
-
- // Create a new Messenger for the communication back
- Messenger messenger = new Messenger(saveHandler);
- intent.putExtra(KeychainIntentService.EXTRA_MESSENGER, messenger);
-
- saveHandler.showProgressDialog(this);
-
- // start service with intent
- startService(intent);
- } catch (PgpGeneralException e) {
- Log.e(Constants.TAG, getString(R.string.error_message, e.getMessage()));
- AppMsg.makeText(this, getString(R.string.error_message, e.getMessage()),
- AppMsg.STYLE_ALERT).show();
- }
- */
- }
-
- private void cancelClicked() {
- if (needsSaving()) { //ask if we want to save
- CustomAlertDialogBuilder alert = new CustomAlertDialogBuilder(
- EditKeyActivityOld.this);
-
- alert.setIcon(R.drawable.ic_dialog_alert_holo_light);
- alert.setTitle(R.string.warning);
- alert.setMessage(EditKeyActivityOld.this.getString(R.string.ask_save_changed_key));
-
- alert.setPositiveButton(EditKeyActivityOld.this.getString(android.R.string.yes),
- new DialogInterface.OnClickListener() {
- public void onClick(DialogInterface dialog, int id) {
- dialog.dismiss();
- saveClicked();
- }
- });
- alert.setNegativeButton(this.getString(android.R.string.no),
- new DialogInterface.OnClickListener() {
- public void onClick(DialogInterface dialog, int id) {
- dialog.dismiss();
- setResult(RESULT_CANCELED);
- finish();
- }
- });
- alert.setCancelable(false);
- alert.show();
- } else {
- setResult(RESULT_CANCELED);
- finish();
- }
- }
-
- /**
- * Returns user ids from the SectionView
- *
- * @param userIdsView
- * @return
- */
- private ArrayList getUserIds(SectionView userIdsView) throws PgpGeneralException {
- ArrayList userIds = new ArrayList();
-
- ViewGroup userIdEditors = userIdsView.getEditors();
-
- boolean gotMainUserId = false;
- for (int i = 0; i < userIdEditors.getChildCount(); ++i) {
- UserIdEditor editor = (UserIdEditor) userIdEditors.getChildAt(i);
- String userId;
- userId = editor.getValue();
-
- if (editor.isMainUserId()) {
- userIds.add(0, userId);
- gotMainUserId = true;
- } else {
- userIds.add(userId);
- }
- }
-
- if (userIds.size() == 0) {
- throw new PgpGeneralException(getString(R.string.error_key_needs_a_user_id));
- }
-
- if (!gotMainUserId) {
- throw new PgpGeneralException(getString(R.string.error_main_user_id_must_not_be_empty));
- }
-
- return userIds;
- }
-
- /**
- * Returns keys from the SectionView
- *
- * @param keysView
- * @return
- */
- private ArrayList getKeys(SectionView keysView) throws PgpGeneralException {
- ArrayList keys = new ArrayList();
-
- ViewGroup keyEditors = keysView.getEditors();
-
- if (keyEditors.getChildCount() == 0) {
- throw new PgpGeneralException(getString(R.string.error_key_needs_master_key));
- }
-
- for (int i = 0; i < keyEditors.getChildCount(); ++i) {
- KeyEditor editor = (KeyEditor) keyEditors.getChildAt(i);
- keys.add(editor.getValue());
- }
-
- return keys;
- }
-
- /**
- * Returns usage selections of keys from the SectionView
- *
- * @param keysView
- * @return
- */
- private ArrayList