From 212d1a8c91d5b83d1132d3a02664607ce37f8ecf Mon Sep 17 00:00:00 2001
From: Daniel Gultsch <daniel@gultsch.de>
Date: Mon, 12 Oct 2015 13:18:20 +0200
Subject: add config variable to enable x509 verification

---
 src/main/java/eu/siacs/conversations/Config.java   |  2 ++
 .../crypto/axolotl/AxolotlService.java             |  6 ++--
 .../services/XmppConnectionService.java            | 33 +++++++++-------------
 .../conversations/ui/ManageAccountActivity.java    | 11 ++++++--
 src/main/res/menu/manageaccounts.xml               |  4 +--
 src/main/res/values/strings.xml                    |  2 +-
 6 files changed, 31 insertions(+), 27 deletions(-)

(limited to 'src')

diff --git a/src/main/java/eu/siacs/conversations/Config.java b/src/main/java/eu/siacs/conversations/Config.java
index b4dcf209..bd9ad1a8 100644
--- a/src/main/java/eu/siacs/conversations/Config.java
+++ b/src/main/java/eu/siacs/conversations/Config.java
@@ -48,6 +48,8 @@ public final class Config {
 
 	public static final boolean SHOW_REGENERATE_AXOLOTL_KEYS_BUTTON = false;
 
+	public static final boolean X509_VERIFICATION = false; //use x509 certificates to verify OMEMO keys
+
 	public static final long MILLISECONDS_IN_DAY = 24 * 60 * 60 * 1000;
 	public static final long MAM_MAX_CATCHUP =  MILLISECONDS_IN_DAY / 2;
 	public static final int MAM_MAX_MESSAGES = 500;
diff --git a/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java b/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java
index fe801755..58e5a095 100644
--- a/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java
+++ b/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java
@@ -504,10 +504,10 @@ public class AxolotlService {
 
 
 					if (changed) {
-						if (account.getPrivateKeyAlias() == null) {
-							publishDeviceBundle(signedPreKeyRecord, preKeyRecords, announce, wipe);
-						} else {
+						if (account.getPrivateKeyAlias() != null && Config.X509_VERIFICATION) {
 							publishDeviceVerificationAndBundle(signedPreKeyRecord, preKeyRecords, announce, wipe);
+						} else {
+							publishDeviceBundle(signedPreKeyRecord, preKeyRecords, announce, wipe);
 						}
 					} else {
 						Log.d(Config.LOGTAG, getLogprefix(account) + "Bundle " + getOwnDeviceId() + " in PEP was current");
diff --git a/src/main/java/eu/siacs/conversations/services/XmppConnectionService.java b/src/main/java/eu/siacs/conversations/services/XmppConnectionService.java
index f3bd545a..7a39bd06 100644
--- a/src/main/java/eu/siacs/conversations/services/XmppConnectionService.java
+++ b/src/main/java/eu/siacs/conversations/services/XmppConnectionService.java
@@ -1311,25 +1311,18 @@ public class XmppConnectionService extends Service implements OnPhoneContactsLoa
 						account.setOption(Account.OPTION_DISABLED, true);
 						createAccount(account);
 						callback.onAccountCreated(account);
-						try {
-							getMemorizingTrustManager().getNonInteractive().checkClientTrusted(chain, "RSA");
-						} catch (CertificateException e) {
-							callback.informUser(R.string.certificate_chain_is_not_trusted);
+						if (Config.X509_VERIFICATION) {
+							try {
+								getMemorizingTrustManager().getNonInteractive().checkClientTrusted(chain, "RSA");
+							} catch (CertificateException e) {
+								callback.informUser(R.string.certificate_chain_is_not_trusted);
+							}
 						}
 					} else {
 						callback.informUser(R.string.account_already_exists);
 					}
-				} catch (KeyChainException e) {
-					callback.informUser(R.string.unable_to_parse_certificate);
-				} catch (InterruptedException e) {
+				} catch (Exception e) {
 					callback.informUser(R.string.unable_to_parse_certificate);
-					e.printStackTrace();
-				} catch (CertificateEncodingException e) {
-					callback.informUser(R.string.unable_to_parse_certificate);
-					e.printStackTrace();
-				} catch (InvalidJidException e) {
-					callback.informUser(R.string.unable_to_parse_certificate);
-					e.printStackTrace();
 				}
 			}
 		}).start();
@@ -1344,12 +1337,14 @@ public class XmppConnectionService extends Service implements OnPhoneContactsLoa
 			if (account.getJid().toBareJid().equals(info.first)) {
 				account.setPrivateKeyAlias(alias);
 				databaseBackend.updateAccount(account);
-				try {
-					getMemorizingTrustManager().getNonInteractive().checkClientTrusted(chain, "RSA");
-				} catch (CertificateException e) {
-					showErrorToastInUi(R.string.certificate_chain_is_not_trusted);
+				if (Config.X509_VERIFICATION) {
+					try {
+						getMemorizingTrustManager().getNonInteractive().checkClientTrusted(chain, "RSA");
+					} catch (CertificateException e) {
+						showErrorToastInUi(R.string.certificate_chain_is_not_trusted);
+					}
+					account.getAxolotlService().regenerateKeys(true);
 				}
-				account.getAxolotlService().regenerateKeys(true);
 			} else {
 				showErrorToastInUi(R.string.jid_does_not_match_certificate);
 			}
diff --git a/src/main/java/eu/siacs/conversations/ui/ManageAccountActivity.java b/src/main/java/eu/siacs/conversations/ui/ManageAccountActivity.java
index 80e77506..6024177a 100644
--- a/src/main/java/eu/siacs/conversations/ui/ManageAccountActivity.java
+++ b/src/main/java/eu/siacs/conversations/ui/ManageAccountActivity.java
@@ -7,7 +7,6 @@ import android.content.Intent;
 import android.os.Bundle;
 import android.security.KeyChain;
 import android.security.KeyChainAliasCallback;
-import android.util.Log;
 import android.view.ContextMenu;
 import android.view.ContextMenu.ContextMenuInfo;
 import android.view.Menu;
@@ -103,6 +102,14 @@ public class ManageAccountActivity extends XmppActivity implements OnAccountUpda
 	public boolean onCreateOptionsMenu(Menu menu) {
 		getMenuInflater().inflate(R.menu.manageaccounts, menu);
 		MenuItem enableAll = menu.findItem(R.id.action_enable_all);
+		MenuItem addAccount = menu.findItem(R.id.action_add_account);
+		MenuItem addAccountWithCertificate = menu.findItem(R.id.action_add_account_with_cert);
+
+		if (Config.X509_VERIFICATION) {
+			addAccount.setVisible(false);
+			addAccountWithCertificate.setShowAsAction(MenuItem.SHOW_AS_ACTION_ALWAYS);
+		}
+
 		if (!accountsLeftToEnable()) {
 			enableAll.setVisible(false);
 		}
@@ -149,7 +156,7 @@ public class ManageAccountActivity extends XmppActivity implements OnAccountUpda
 			case R.id.action_enable_all:
 				enableAllAccounts();
 				break;
-			case R.id.action_add_account_from_key:
+			case R.id.action_add_account_with_cert:
 				addAccountFromKey();
 				break;
 			default:
diff --git a/src/main/res/menu/manageaccounts.xml b/src/main/res/menu/manageaccounts.xml
index 2eeb30db..ffa692a0 100644
--- a/src/main/res/menu/manageaccounts.xml
+++ b/src/main/res/menu/manageaccounts.xml
@@ -7,10 +7,10 @@
 		android:showAsAction="always"
 		android:title="@string/action_add_account"/>
 	<item
-		android:id="@+id/action_add_account_from_key"
+		android:id="@+id/action_add_account_with_cert"
 		android:showAsAction="never"
 		android:icon="?attr/icon_add_person"
-		android:title="@string/action_add_account_from_key"
+		android:title="@string/action_add_account_with_certificate"
 		android:visible="true"/>
 	<item
 		android:id="@+id/action_enable_all"
diff --git a/src/main/res/values/strings.xml b/src/main/res/values/strings.xml
index 20b861f4..162c277b 100644
--- a/src/main/res/values/strings.xml
+++ b/src/main/res/values/strings.xml
@@ -524,7 +524,7 @@
 	<string name="pref_away_when_screen_off_summary">Marks your resource as away when the screen is turned off</string>
 	<string name="pref_xa_on_silent_mode">Not available in silent mode</string>
 	<string name="pref_xa_on_silent_mode_summary">Marks your resource as not available when phone is in silent mode</string>
-	<string name="action_add_account_from_key">Add account from certificate</string>
+	<string name="action_add_account_with_certificate">Add account with certificate</string>
 	<string name="unable_to_parse_certificate">Unable to parse certificate</string>
 	<string name="authenticate_with_certificate">Leave empty to authenticate w/ certificate</string>
 	<string name="captcha_ocr">Captcha text</string>
-- 
cgit v1.2.3