introduced blind trust before verification mode

read more about the concept on https://gultsch.de/trust.html

3 files changed, 35 insertions, 3 deletions

diff --git a/src/main/java/de/pixart/messenger/crypto/axolotl/AxolotlService.java b/src/main/java/de/pixart/messenger/crypto/axolotl/AxolotlService.java
index 8a38ce20d..7ecdcb355 100644
--- a/src/main/java/de/pixart/messenger/crypto/axolotl/AxolotlService.java
+++ b/src/main/java/de/pixart/messenger/crypto/axolotl/AxolotlService.java
@@ -111,6 +111,15 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded {
         axolotlStore.preVerifyFingerprint(account, account.getJid().toBareJid().toPreppedString(), fingerprint);
     }
 
+    public boolean hasVerifiedKeys(String name) {
+        for(XmppAxolotlSession session : this.sessions.getAll(new AxolotlAddress(name,0)).values()) {
+            if (session.getTrust().isVerified()) {
+                return true;
+            }
+        }
+        return false;
+    }
+
     private static class AxolotlAddressMap<T> {
         protected Map<String, Map<Integer, T>> map;
         protected final Object MAP_LOCK = new Object();
@@ -225,6 +234,7 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded {
         SUCCESS,
         SUCCESS_VERIFIED,
         TIMEOUT,
+        SUCCESS_TRUSTED,
         ERROR
     }
 
@@ -775,6 +785,8 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded {
                 report = FetchStatus.SUCCESS;
             } else if (own.containsValue(FetchStatus.SUCCESS_VERIFIED) || remote.containsValue(FetchStatus.SUCCESS_VERIFIED)) {
                 report = FetchStatus.SUCCESS_VERIFIED;
+            } else if (own.containsValue(FetchStatus.SUCCESS_TRUSTED) || remote.containsValue(FetchStatus.SUCCESS_TRUSTED)) {
+                report = FetchStatus.SUCCESS_TRUSTED;
             } else if (own.containsValue(FetchStatus.ERROR) || remote.containsValue(FetchStatus.ERROR)) {
                 report = FetchStatus.ERROR;
             }
@@ -832,8 +844,15 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded {
                                 verifySessionWithPEP(session);
                             } else {
                                 FingerprintStatus status = getFingerprintTrust(bundle.getIdentityKey().getFingerprint().replaceAll("\\s", ""));
-                                boolean verified = status != null && status.isVerified();
-                                fetchStatusMap.put(address, verified ? FetchStatus.SUCCESS_VERIFIED : FetchStatus.SUCCESS);
+                                FetchStatus fetchStatus;
+                                if (status != null && status.isVerified()) {
+                                    fetchStatus = FetchStatus.SUCCESS_VERIFIED;
+                                } else if (status != null && status.isTrusted()) {
+                                    fetchStatus = FetchStatus.SUCCESS_TRUSTED;
+                                } else {
+                                    fetchStatus = FetchStatus.SUCCESS;
+                                }
+                                fetchStatusMap.put(address, fetchStatus);
                                 finishBuildingSessionsFromPEP(address);
                             }
                         } catch (UntrustedIdentityException | InvalidKeyException e) {
diff --git a/src/main/java/de/pixart/messenger/crypto/axolotl/FingerprintStatus.java b/src/main/java/de/pixart/messenger/crypto/axolotl/FingerprintStatus.java
index 0614b759f..c38847be5 100644
--- a/src/main/java/de/pixart/messenger/crypto/axolotl/FingerprintStatus.java
+++ b/src/main/java/de/pixart/messenger/crypto/axolotl/FingerprintStatus.java
@@ -63,6 +63,14 @@ public class FingerprintStatus implements Comparable<FingerprintStatus> {
         return status;
     }
 
+    public static FingerprintStatus createActiveTrusted() {
+        final FingerprintStatus status = new FingerprintStatus();
+        status.trust = Trust.TRUSTED;
+        status.active = true;
+        status.lastActivation = System.currentTimeMillis();
+        return status;
+    }
+
     public static FingerprintStatus createActiveVerified(boolean x509) {
         final FingerprintStatus status = new FingerprintStatus();
         status.trust = x509 ? Trust.VERIFIED_X509 : Trust.VERIFIED;
diff --git a/src/main/java/de/pixart/messenger/crypto/axolotl/SQLiteAxolotlStore.java b/src/main/java/de/pixart/messenger/crypto/axolotl/SQLiteAxolotlStore.java
index 0d246795d..ed944b45a 100644
--- a/src/main/java/de/pixart/messenger/crypto/axolotl/SQLiteAxolotlStore.java
+++ b/src/main/java/de/pixart/messenger/crypto/axolotl/SQLiteAxolotlStore.java
@@ -191,7 +191,12 @@ public class SQLiteAxolotlStore implements AxolotlStore {
             String fingerprint = identityKey.getFingerprint().replaceAll("\\s", "");
             FingerprintStatus status = getFingerprintStatus(fingerprint);
             if (status == null) {
-                status = FingerprintStatus.createActiveUndecided(); //default for new keys
+                if (mXmppConnectionService.blindTrustBeforeVerification() && !account.getAxolotlService().hasVerifiedKeys(name)) {
+                    Log.d(Config.LOGTAG,account.getJid().toBareJid()+": blindly trusted "+fingerprint+" of "+name);
+                    status = FingerprintStatus.createActiveTrusted();
+                } else {
+                    status = FingerprintStatus.createActiveUndecided();
+                }
             } else {
                 status = status.toActive();
             }