introduced blind trust before verification mode

read more about the concept on https://gultsch.de/trust.html
author: Daniel Gultsch <daniel@gultsch.de> 2016-11-23 10:42:27 +0100
committer: Daniel Gultsch <daniel@gultsch.de> 2016-11-23 10:42:27 +0100
commit: 839ef8e14b576e546a13942d72139248873f7fac (patch)
tree: 021c0d78328b1e638d78c3507fc75abf5b229728 /src/main/java/eu/siacs/conversations/crypto
parent: 4720ac94d39af262fdcc249a88b118443f7cac68 (diff)
3 files changed, 38 insertions, 3 deletions
diff --git a/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java b/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java
index 377d26b9..45f0529f 100644
--- a/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java
+++ b/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java
@@ -112,6 +112,15 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded {
 		axolotlStore.preVerifyFingerprint(account, account.getJid().toBareJid().toPreppedString(), fingerprint);
 	}
 
+	public boolean hasVerifiedKeys(String name) {
+		for(XmppAxolotlSession session : this.sessions.getAll(new AxolotlAddress(name,0)).values()) {
+			if (session.getTrust().isVerified()) {
+				return true;
+			}
+		}
+		return false;
+	}
+
 	private static class AxolotlAddressMap<T> {
 		protected Map<String, Map<Integer, T>> map;
 		protected final Object MAP_LOCK = new Object();
@@ -226,6 +235,7 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded {
 		SUCCESS,
 		SUCCESS_VERIFIED,
 		TIMEOUT,
+		SUCCESS_TRUSTED,
 		ERROR
 	}
 
@@ -779,6 +789,8 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded {
 				report = FetchStatus.SUCCESS;
 			} else if (own.containsValue(FetchStatus.SUCCESS_VERIFIED) || remote.containsValue(FetchStatus.SUCCESS_VERIFIED)) {
 				report = FetchStatus.SUCCESS_VERIFIED;
+			} else if (own.containsValue(FetchStatus.SUCCESS_TRUSTED) || remote.containsValue(FetchStatus.SUCCESS_TRUSTED)) {
+				report = FetchStatus.SUCCESS_TRUSTED;
 			} else if (own.containsValue(FetchStatus.ERROR) || remote.containsValue(FetchStatus.ERROR)) {
 				report = FetchStatus.ERROR;
 			}
@@ -836,8 +848,15 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded {
 								verifySessionWithPEP(session);
 							} else {
 								FingerprintStatus status = getFingerprintTrust(bundle.getIdentityKey().getFingerprint().replaceAll("\\s",""));
-								boolean verified = status != null && status.isVerified();
-								fetchStatusMap.put(address, verified ? FetchStatus.SUCCESS_VERIFIED : FetchStatus.SUCCESS);
+								FetchStatus fetchStatus;
+								if (status != null && status.isVerified()) {
+									fetchStatus = FetchStatus.SUCCESS_VERIFIED;
+								} else if (status != null && status.isTrusted()) {
+									fetchStatus = FetchStatus.SUCCESS_TRUSTED;
+								} else {
+									fetchStatus = FetchStatus.SUCCESS;
+								}
+								fetchStatusMap.put(address, fetchStatus);
 								finishBuildingSessionsFromPEP(address);
 							}
 						} catch (UntrustedIdentityException | InvalidKeyException e) {
diff --git a/src/main/java/eu/siacs/conversations/crypto/axolotl/FingerprintStatus.java b/src/main/java/eu/siacs/conversations/crypto/axolotl/FingerprintStatus.java
index cfd3b214..31b2264b 100644
--- a/src/main/java/eu/siacs/conversations/crypto/axolotl/FingerprintStatus.java
+++ b/src/main/java/eu/siacs/conversations/crypto/axolotl/FingerprintStatus.java
@@ -63,6 +63,14 @@ public class FingerprintStatus implements Comparable<FingerprintStatus> {
         return status;
     }
 
+    public static FingerprintStatus createActiveTrusted() {
+        final FingerprintStatus status = new FingerprintStatus();
+        status.trust = Trust.TRUSTED;
+        status.active = true;
+        status.lastActivation = System.currentTimeMillis();
+        return status;
+    }
+
     public static FingerprintStatus createActiveVerified(boolean x509) {
         final FingerprintStatus status = new FingerprintStatus();
         status.trust = x509 ? Trust.VERIFIED_X509 : Trust.VERIFIED;
diff --git a/src/main/java/eu/siacs/conversations/crypto/axolotl/SQLiteAxolotlStore.java b/src/main/java/eu/siacs/conversations/crypto/axolotl/SQLiteAxolotlStore.java
index cd605248..13858b74 100644
--- a/src/main/java/eu/siacs/conversations/crypto/axolotl/SQLiteAxolotlStore.java
+++ b/src/main/java/eu/siacs/conversations/crypto/axolotl/SQLiteAxolotlStore.java
@@ -21,7 +21,10 @@ import java.util.Set;
 
 import eu.siacs.conversations.Config;
 import eu.siacs.conversations.entities.Account;
+import eu.siacs.conversations.entities.Contact;
 import eu.siacs.conversations.services.XmppConnectionService;
+import eu.siacs.conversations.xmpp.jid.InvalidJidException;
+import eu.siacs.conversations.xmpp.jid.Jid;
 
 public class SQLiteAxolotlStore implements AxolotlStore {
 
@@ -191,7 +194,12 @@ public class SQLiteAxolotlStore implements AxolotlStore {
 			String fingerprint = identityKey.getFingerprint().replaceAll("\\s", "");
 			FingerprintStatus status = getFingerprintStatus(fingerprint);
 			if (status == null) {
-				status = FingerprintStatus.createActiveUndecided(); //default for new keys
+				if (mXmppConnectionService.blindTrustBeforeVerification() && !account.getAxolotlService().hasVerifiedKeys(name)) {
+					Log.d(Config.LOGTAG,account.getJid().toBareJid()+": blindly trusted "+fingerprint+" of "+name);
+					status = FingerprintStatus.createActiveTrusted();
+				} else {
+					status = FingerprintStatus.createActiveUndecided();
+				}
 			} else {
 				status = status.toActive();
 			}
author	Daniel Gultsch <daniel@gultsch.de>	2016-11-23 10:42:27 +0100
committer	Daniel Gultsch <daniel@gultsch.de>	2016-11-23 10:42:27 +0100
commit	839ef8e14b576e546a13942d72139248873f7fac (patch)
tree	021c0d78328b1e638d78c3507fc75abf5b229728 /src/main/java/eu/siacs/conversations/crypto
parent	4720ac94d39af262fdcc249a88b118443f7cac68 (diff)