mirror of
https://github.com/moparisthebest/open-keychain
synced 2024-11-30 12:32:17 -05:00
drop invalid user ids and add fatal case(s)
This commit is contained in:
parent
2f0e70587d
commit
ffea551afc
@ -191,10 +191,8 @@ public class UncachedKeyRing {
|
|||||||
* - key revocation signatures on the master key
|
* - key revocation signatures on the master key
|
||||||
* - subkey binding signatures for subkeys
|
* - subkey binding signatures for subkeys
|
||||||
* - certifications and certification revocations for user ids
|
* - certifications and certification revocations for user ids
|
||||||
*
|
* - If a subkey retains no valid subkey binding certificate, remove it
|
||||||
* After this cleaning, a number of checks are done: TODO implement
|
* - If a user id retains no valid self certificate, remove it
|
||||||
* - See if each subkey retains a valid self certificate
|
|
||||||
* - See if each user id retains a valid self certificate
|
|
||||||
*
|
*
|
||||||
* This operation writes an OperationLog which can be used as part of a OperationResultParcel.
|
* This operation writes an OperationLog which can be used as part of a OperationResultParcel.
|
||||||
*
|
*
|
||||||
@ -419,6 +417,19 @@ public class UncachedKeyRing {
|
|||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// If no valid certificate (if only a revocation) remains, drop it
|
||||||
|
if (selfCert == null && revocation == null) {
|
||||||
|
modified = PGPPublicKey.removeCertification(modified, userId);
|
||||||
|
log.add(LogLevel.ERROR, LogType.MSG_KC_UID_REVOKE_DUP,
|
||||||
|
new String[] { userId }, indent);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// If NO user ids remain, error out!
|
||||||
|
if (!modified.getUserIDs().hasNext()) {
|
||||||
|
log.add(LogLevel.ERROR, LogType.MSG_KC_FATAL_NO_UID, null, indent);
|
||||||
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Replace modified key in the keyring
|
// Replace modified key in the keyring
|
||||||
@ -570,7 +581,7 @@ public class UncachedKeyRing {
|
|||||||
ring = PGPPublicKeyRing.removePublicKey(ring, modified);
|
ring = PGPPublicKeyRing.removePublicKey(ring, modified);
|
||||||
|
|
||||||
log.add(LogLevel.ERROR, LogType.MSG_KC_SUB_NO_CERT,
|
log.add(LogLevel.ERROR, LogType.MSG_KC_SUB_NO_CERT,
|
||||||
new String[]{PgpKeyHelper.convertKeyIdToHex(key.getKeyID())}, indent);
|
new String[]{ PgpKeyHelper.convertKeyIdToHex(key.getKeyID()) }, indent);
|
||||||
indent -= 1;
|
indent -= 1;
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
@ -298,6 +298,9 @@ public class ProviderHelper {
|
|||||||
|
|
||||||
// Canonicalize this key, to assert a number of assumptions made about it.
|
// Canonicalize this key, to assert a number of assumptions made about it.
|
||||||
keyRing = keyRing.canonicalize(mLog, mIndent);
|
keyRing = keyRing.canonicalize(mLog, mIndent);
|
||||||
|
if (keyRing == null) {
|
||||||
|
return new SaveKeyringResult(SaveKeyringResult.RESULT_ERROR, mLog);
|
||||||
|
}
|
||||||
|
|
||||||
UncachedPublicKey masterKey = keyRing.getPublicKey();
|
UncachedPublicKey masterKey = keyRing.getPublicKey();
|
||||||
|
|
||||||
|
@ -180,6 +180,7 @@ public class OperationResultParcel implements Parcelable {
|
|||||||
|
|
||||||
// keyring canonicalization
|
// keyring canonicalization
|
||||||
MSG_KC (R.string.msg_kc),
|
MSG_KC (R.string.msg_kc),
|
||||||
|
MSG_KC_FATAL_NO_UID (R.string.msg_kc_fatal_no_uid),
|
||||||
MSG_KC_MASTER (R.string.msg_kc_master),
|
MSG_KC_MASTER (R.string.msg_kc_master),
|
||||||
MSG_KC_REVOKE_BAD_ERR (R.string.msg_kc_revoke_bad_err),
|
MSG_KC_REVOKE_BAD_ERR (R.string.msg_kc_revoke_bad_err),
|
||||||
MSG_KC_REVOKE_BAD_LOCAL (R.string.msg_kc_revoke_bad_local),
|
MSG_KC_REVOKE_BAD_LOCAL (R.string.msg_kc_revoke_bad_local),
|
||||||
@ -211,6 +212,7 @@ public class OperationResultParcel implements Parcelable {
|
|||||||
MSG_KC_UID_BAD_TYPE (R.string.msg_kc_uid_bad_type),
|
MSG_KC_UID_BAD_TYPE (R.string.msg_kc_uid_bad_type),
|
||||||
MSG_KC_UID_BAD (R.string.msg_kc_uid_bad),
|
MSG_KC_UID_BAD (R.string.msg_kc_uid_bad),
|
||||||
MSG_KC_UID_DUP (R.string.msg_kc_uid_dup),
|
MSG_KC_UID_DUP (R.string.msg_kc_uid_dup),
|
||||||
|
MSG_KC_UID_NO_CERT (R.string.msg_kc_uid_no_cert),
|
||||||
MSG_KC_UID_REVOKE_DUP (R.string.msg_kc_uid_revoke_dup),
|
MSG_KC_UID_REVOKE_DUP (R.string.msg_kc_uid_revoke_dup),
|
||||||
MSG_KC_UID_REVOKE_OLD (R.string.msg_kc_uid_revoke_old),
|
MSG_KC_UID_REVOKE_OLD (R.string.msg_kc_uid_revoke_old),
|
||||||
;
|
;
|
||||||
|
@ -564,6 +564,7 @@
|
|||||||
|
|
||||||
<!-- Keyring Canonicalization log entries -->
|
<!-- Keyring Canonicalization log entries -->
|
||||||
<string name="msg_kc">Canonicalizing keyring %s</string>
|
<string name="msg_kc">Canonicalizing keyring %s</string>
|
||||||
|
<string name="msg_kc_fatal_no_uid">Keyring canonicalization failed: Keyring has no valid user ids</string>
|
||||||
<string name="msg_kc_master">Processing master key</string>
|
<string name="msg_kc_master">Processing master key</string>
|
||||||
<string name="msg_kc_revoke_bad_err">Removing bad keyring revocation certificate</string>
|
<string name="msg_kc_revoke_bad_err">Removing bad keyring revocation certificate</string>
|
||||||
<string name="msg_kc_revoke_bad_local">Removing keyring revocation certificate with "local" flag</string>
|
<string name="msg_kc_revoke_bad_local">Removing keyring revocation certificate with "local" flag</string>
|
||||||
@ -597,6 +598,7 @@
|
|||||||
<string name="msg_kc_uid_dup">Removing outdated self certificate for user id "%s"</string>
|
<string name="msg_kc_uid_dup">Removing outdated self certificate for user id "%s"</string>
|
||||||
<string name="msg_kc_uid_revoke_dup">Removing redundant revocation certificate for user id "%s"</string>
|
<string name="msg_kc_uid_revoke_dup">Removing redundant revocation certificate for user id "%s"</string>
|
||||||
<string name="msg_kc_uid_revoke_old">Removing outdated revocation certificate for user id "%s"</string>
|
<string name="msg_kc_uid_revoke_old">Removing outdated revocation certificate for user id "%s"</string>
|
||||||
|
<string name="msg_kc_uid_no_cert">No valid self-certificate found for user id %s, removing from ring</string>
|
||||||
|
|
||||||
<!-- unsorted -->
|
<!-- unsorted -->
|
||||||
<string name="section_certifier_id">Certifier</string>
|
<string name="section_certifier_id">Certifier</string>
|
||||||
|
Loading…
Reference in New Issue
Block a user