aboutsummaryrefslogtreecommitdiffstats
path: root/src/main/java/eu
diff options
context:
space:
mode:
authorDaniel Gultsch <daniel@gultsch.de>2015-10-12 13:18:20 +0200
committerDaniel Gultsch <daniel@gultsch.de>2015-10-12 13:18:20 +0200
commit212d1a8c91d5b83d1132d3a02664607ce37f8ecf (patch)
tree36cf3f3c387097075af0c404548f27dc59800867 /src/main/java/eu
parent933538a39da9fb80025e07fc173514f45033c261 (diff)
add config variable to enable x509 verification
Diffstat (limited to 'src/main/java/eu')
-rw-r--r--src/main/java/eu/siacs/conversations/Config.java2
-rw-r--r--src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java6
-rw-r--r--src/main/java/eu/siacs/conversations/services/XmppConnectionService.java33
-rw-r--r--src/main/java/eu/siacs/conversations/ui/ManageAccountActivity.java11
4 files changed, 28 insertions, 24 deletions
diff --git a/src/main/java/eu/siacs/conversations/Config.java b/src/main/java/eu/siacs/conversations/Config.java
index b4dcf209..bd9ad1a8 100644
--- a/src/main/java/eu/siacs/conversations/Config.java
+++ b/src/main/java/eu/siacs/conversations/Config.java
@@ -48,6 +48,8 @@ public final class Config {
public static final boolean SHOW_REGENERATE_AXOLOTL_KEYS_BUTTON = false;
+ public static final boolean X509_VERIFICATION = false; //use x509 certificates to verify OMEMO keys
+
public static final long MILLISECONDS_IN_DAY = 24 * 60 * 60 * 1000;
public static final long MAM_MAX_CATCHUP = MILLISECONDS_IN_DAY / 2;
public static final int MAM_MAX_MESSAGES = 500;
diff --git a/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java b/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java
index fe801755..58e5a095 100644
--- a/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java
+++ b/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java
@@ -504,10 +504,10 @@ public class AxolotlService {
if (changed) {
- if (account.getPrivateKeyAlias() == null) {
- publishDeviceBundle(signedPreKeyRecord, preKeyRecords, announce, wipe);
- } else {
+ if (account.getPrivateKeyAlias() != null && Config.X509_VERIFICATION) {
publishDeviceVerificationAndBundle(signedPreKeyRecord, preKeyRecords, announce, wipe);
+ } else {
+ publishDeviceBundle(signedPreKeyRecord, preKeyRecords, announce, wipe);
}
} else {
Log.d(Config.LOGTAG, getLogprefix(account) + "Bundle " + getOwnDeviceId() + " in PEP was current");
diff --git a/src/main/java/eu/siacs/conversations/services/XmppConnectionService.java b/src/main/java/eu/siacs/conversations/services/XmppConnectionService.java
index f3bd545a..7a39bd06 100644
--- a/src/main/java/eu/siacs/conversations/services/XmppConnectionService.java
+++ b/src/main/java/eu/siacs/conversations/services/XmppConnectionService.java
@@ -1311,25 +1311,18 @@ public class XmppConnectionService extends Service implements OnPhoneContactsLoa
account.setOption(Account.OPTION_DISABLED, true);
createAccount(account);
callback.onAccountCreated(account);
- try {
- getMemorizingTrustManager().getNonInteractive().checkClientTrusted(chain, "RSA");
- } catch (CertificateException e) {
- callback.informUser(R.string.certificate_chain_is_not_trusted);
+ if (Config.X509_VERIFICATION) {
+ try {
+ getMemorizingTrustManager().getNonInteractive().checkClientTrusted(chain, "RSA");
+ } catch (CertificateException e) {
+ callback.informUser(R.string.certificate_chain_is_not_trusted);
+ }
}
} else {
callback.informUser(R.string.account_already_exists);
}
- } catch (KeyChainException e) {
- callback.informUser(R.string.unable_to_parse_certificate);
- } catch (InterruptedException e) {
+ } catch (Exception e) {
callback.informUser(R.string.unable_to_parse_certificate);
- e.printStackTrace();
- } catch (CertificateEncodingException e) {
- callback.informUser(R.string.unable_to_parse_certificate);
- e.printStackTrace();
- } catch (InvalidJidException e) {
- callback.informUser(R.string.unable_to_parse_certificate);
- e.printStackTrace();
}
}
}).start();
@@ -1344,12 +1337,14 @@ public class XmppConnectionService extends Service implements OnPhoneContactsLoa
if (account.getJid().toBareJid().equals(info.first)) {
account.setPrivateKeyAlias(alias);
databaseBackend.updateAccount(account);
- try {
- getMemorizingTrustManager().getNonInteractive().checkClientTrusted(chain, "RSA");
- } catch (CertificateException e) {
- showErrorToastInUi(R.string.certificate_chain_is_not_trusted);
+ if (Config.X509_VERIFICATION) {
+ try {
+ getMemorizingTrustManager().getNonInteractive().checkClientTrusted(chain, "RSA");
+ } catch (CertificateException e) {
+ showErrorToastInUi(R.string.certificate_chain_is_not_trusted);
+ }
+ account.getAxolotlService().regenerateKeys(true);
}
- account.getAxolotlService().regenerateKeys(true);
} else {
showErrorToastInUi(R.string.jid_does_not_match_certificate);
}
diff --git a/src/main/java/eu/siacs/conversations/ui/ManageAccountActivity.java b/src/main/java/eu/siacs/conversations/ui/ManageAccountActivity.java
index 80e77506..6024177a 100644
--- a/src/main/java/eu/siacs/conversations/ui/ManageAccountActivity.java
+++ b/src/main/java/eu/siacs/conversations/ui/ManageAccountActivity.java
@@ -7,7 +7,6 @@ import android.content.Intent;
import android.os.Bundle;
import android.security.KeyChain;
import android.security.KeyChainAliasCallback;
-import android.util.Log;
import android.view.ContextMenu;
import android.view.ContextMenu.ContextMenuInfo;
import android.view.Menu;
@@ -103,6 +102,14 @@ public class ManageAccountActivity extends XmppActivity implements OnAccountUpda
public boolean onCreateOptionsMenu(Menu menu) {
getMenuInflater().inflate(R.menu.manageaccounts, menu);
MenuItem enableAll = menu.findItem(R.id.action_enable_all);
+ MenuItem addAccount = menu.findItem(R.id.action_add_account);
+ MenuItem addAccountWithCertificate = menu.findItem(R.id.action_add_account_with_cert);
+
+ if (Config.X509_VERIFICATION) {
+ addAccount.setVisible(false);
+ addAccountWithCertificate.setShowAsAction(MenuItem.SHOW_AS_ACTION_ALWAYS);
+ }
+
if (!accountsLeftToEnable()) {
enableAll.setVisible(false);
}
@@ -149,7 +156,7 @@ public class ManageAccountActivity extends XmppActivity implements OnAccountUpda
case R.id.action_enable_all:
enableAllAccounts();
break;
- case R.id.action_add_account_from_key:
+ case R.id.action_add_account_with_cert:
addAccountFromKey();
break;
default: