diff options
author | Andreas Straub <andy@strb.org> | 2015-07-21 14:18:16 +0200 |
---|---|---|
committer | Andreas Straub <andy@strb.org> | 2015-07-21 14:24:59 +0200 |
commit | 92b5081b5ebac1a3108a821a270beb3f7d9c39ee (patch) | |
tree | a6bde983b69fbf22c02b2c2785a727f2d9b1ea26 /src/main/java/eu/siacs/conversations/crypto | |
parent | 3c5c0c7d3b4ceaaca51b64ca91d2d1fcd76f9a66 (diff) |
Add INACTIVE state for removed keys
We introduce a new trust state: INACTIVE. This state is intended for
old keys that have been removed.
When a TRUSTED device is removed from the PEP devicelist, it's status
will be set to INACTIVE. INACTIVE keys are shown in the UI as greyed
out, non-interactible key rows. Messages are not encrypted for INACTIVE
devices.
When an INACTIVE device reappears in PEP, or a message is received from
an INACTIVE device, it is set back to trusted.
Diffstat (limited to 'src/main/java/eu/siacs/conversations/crypto')
-rw-r--r-- | src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java | 54 |
1 files changed, 43 insertions, 11 deletions
diff --git a/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java b/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java index a004599d6..c30a7ab86 100644 --- a/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java +++ b/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java @@ -102,7 +102,8 @@ public class AxolotlService { UNDECIDED(0), TRUSTED(1), UNTRUSTED(2), - COMPROMISED(3); + COMPROMISED(3), + INACTIVE(4); private static final Map<Integer, Trust> trustsByValue = new HashMap<>(); @@ -125,12 +126,16 @@ public class AxolotlService { public String toString() { switch(this){ case UNDECIDED: - return "Trust undecided"; + return "Trust undecided "+getCode(); case TRUSTED: - return "Trusted"; + return "Trusted "+getCode(); + case COMPROMISED: + return "Compromised "+getCode(); + case INACTIVE: + return "Inactive "+getCode(); case UNTRUSTED: default: - return "Untrusted"; + return "Untrusted "+getCode(); } } @@ -538,14 +543,20 @@ public class AxolotlService { return fingerprint; } - private SQLiteAxolotlStore.Trust getTrust() { + protected void setTrust(SQLiteAxolotlStore.Trust trust) { + sqLiteAxolotlStore.setFingerprintTrust(fingerprint, trust); + } + + protected SQLiteAxolotlStore.Trust getTrust() { return sqLiteAxolotlStore.getFingerprintTrust(fingerprint); } @Nullable public byte[] processReceiving(XmppAxolotlMessage.XmppAxolotlMessageHeader incomingHeader) { byte[] plaintext = null; - switch (getTrust()) { + SQLiteAxolotlStore.Trust trust = getTrust(); + switch (trust) { + case INACTIVE: case UNDECIDED: case UNTRUSTED: case TRUSTED: @@ -574,6 +585,10 @@ public class AxolotlService { Log.w(Config.LOGTAG, AxolotlService.getLogprefix(account)+"Error decrypting axolotl header, "+e.getClass().getName()+": " + e.getMessage()); } + if (plaintext != null && trust == SQLiteAxolotlStore.Trust.INACTIVE) { + setTrust(SQLiteAxolotlStore.Trust.TRUSTED); + } + break; case COMPROMISED: @@ -774,15 +789,32 @@ public class AxolotlService { return this.deviceIds.get(account.getJid().toBareJid()); } + private void setTrustOnSessions(final Jid jid, @NonNull final Set<Integer> deviceIds, + final SQLiteAxolotlStore.Trust from, + final SQLiteAxolotlStore.Trust to) { + for(Integer deviceId:deviceIds) { + AxolotlAddress address = new AxolotlAddress(jid.toBareJid().toString(), deviceId); + XmppAxolotlSession session = sessions.get(address); + if (session != null && session.getFingerprint() != null + && session.getTrust() == from) { + session.setTrust(to); + } + } + } + public void registerDevices(final Jid jid, @NonNull final Set<Integer> deviceIds) { if(deviceIds.contains(getOwnDeviceId())) { - Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account)+"Skipping own Device ID:"+ jid + ":"+getOwnDeviceId()); deviceIds.remove(getOwnDeviceId()); } - for(Integer i:deviceIds) { - Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account)+"Adding Device ID:"+ jid + ":"+i); - } + Set<Integer> expiredDevices = new HashSet<>(axolotlStore.getSubDeviceSessions(jid.toBareJid().toString())); + expiredDevices.removeAll(deviceIds); + setTrustOnSessions(jid, expiredDevices, SQLiteAxolotlStore.Trust.TRUSTED, + SQLiteAxolotlStore.Trust.INACTIVE); + Set<Integer> newDevices = new HashSet<>(deviceIds); + setTrustOnSessions(jid, newDevices, SQLiteAxolotlStore.Trust.INACTIVE, + SQLiteAxolotlStore.Trust.TRUSTED); this.deviceIds.put(jid, deviceIds); + mXmppConnectionService.keyStatusUpdated(); publishOwnDeviceIdIfNeeded(); } @@ -957,7 +989,7 @@ public class AxolotlService { } }); } - mXmppConnectionService.newKeysAvailable(); + mXmppConnectionService.keyStatusUpdated(); } } |