diff options
author | Daniel Gultsch <daniel@gultsch.de> | 2015-10-12 13:18:20 +0200 |
---|---|---|
committer | Daniel Gultsch <daniel@gultsch.de> | 2015-10-12 13:18:20 +0200 |
commit | 212d1a8c91d5b83d1132d3a02664607ce37f8ecf (patch) | |
tree | 36cf3f3c387097075af0c404548f27dc59800867 /src/main | |
parent | 933538a39da9fb80025e07fc173514f45033c261 (diff) |
add config variable to enable x509 verification
Diffstat (limited to 'src/main')
6 files changed, 31 insertions, 27 deletions
diff --git a/src/main/java/eu/siacs/conversations/Config.java b/src/main/java/eu/siacs/conversations/Config.java index b4dcf209..bd9ad1a8 100644 --- a/src/main/java/eu/siacs/conversations/Config.java +++ b/src/main/java/eu/siacs/conversations/Config.java @@ -48,6 +48,8 @@ public final class Config { public static final boolean SHOW_REGENERATE_AXOLOTL_KEYS_BUTTON = false; + public static final boolean X509_VERIFICATION = false; //use x509 certificates to verify OMEMO keys + public static final long MILLISECONDS_IN_DAY = 24 * 60 * 60 * 1000; public static final long MAM_MAX_CATCHUP = MILLISECONDS_IN_DAY / 2; public static final int MAM_MAX_MESSAGES = 500; diff --git a/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java b/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java index fe801755..58e5a095 100644 --- a/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java +++ b/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java @@ -504,10 +504,10 @@ public class AxolotlService { if (changed) { - if (account.getPrivateKeyAlias() == null) { - publishDeviceBundle(signedPreKeyRecord, preKeyRecords, announce, wipe); - } else { + if (account.getPrivateKeyAlias() != null && Config.X509_VERIFICATION) { publishDeviceVerificationAndBundle(signedPreKeyRecord, preKeyRecords, announce, wipe); + } else { + publishDeviceBundle(signedPreKeyRecord, preKeyRecords, announce, wipe); } } else { Log.d(Config.LOGTAG, getLogprefix(account) + "Bundle " + getOwnDeviceId() + " in PEP was current"); diff --git a/src/main/java/eu/siacs/conversations/services/XmppConnectionService.java b/src/main/java/eu/siacs/conversations/services/XmppConnectionService.java index f3bd545a..7a39bd06 100644 --- a/src/main/java/eu/siacs/conversations/services/XmppConnectionService.java +++ b/src/main/java/eu/siacs/conversations/services/XmppConnectionService.java @@ -1311,25 +1311,18 @@ public class XmppConnectionService extends Service implements OnPhoneContactsLoa account.setOption(Account.OPTION_DISABLED, true); createAccount(account); callback.onAccountCreated(account); - try { - getMemorizingTrustManager().getNonInteractive().checkClientTrusted(chain, "RSA"); - } catch (CertificateException e) { - callback.informUser(R.string.certificate_chain_is_not_trusted); + if (Config.X509_VERIFICATION) { + try { + getMemorizingTrustManager().getNonInteractive().checkClientTrusted(chain, "RSA"); + } catch (CertificateException e) { + callback.informUser(R.string.certificate_chain_is_not_trusted); + } } } else { callback.informUser(R.string.account_already_exists); } - } catch (KeyChainException e) { - callback.informUser(R.string.unable_to_parse_certificate); - } catch (InterruptedException e) { + } catch (Exception e) { callback.informUser(R.string.unable_to_parse_certificate); - e.printStackTrace(); - } catch (CertificateEncodingException e) { - callback.informUser(R.string.unable_to_parse_certificate); - e.printStackTrace(); - } catch (InvalidJidException e) { - callback.informUser(R.string.unable_to_parse_certificate); - e.printStackTrace(); } } }).start(); @@ -1344,12 +1337,14 @@ public class XmppConnectionService extends Service implements OnPhoneContactsLoa if (account.getJid().toBareJid().equals(info.first)) { account.setPrivateKeyAlias(alias); databaseBackend.updateAccount(account); - try { - getMemorizingTrustManager().getNonInteractive().checkClientTrusted(chain, "RSA"); - } catch (CertificateException e) { - showErrorToastInUi(R.string.certificate_chain_is_not_trusted); + if (Config.X509_VERIFICATION) { + try { + getMemorizingTrustManager().getNonInteractive().checkClientTrusted(chain, "RSA"); + } catch (CertificateException e) { + showErrorToastInUi(R.string.certificate_chain_is_not_trusted); + } + account.getAxolotlService().regenerateKeys(true); } - account.getAxolotlService().regenerateKeys(true); } else { showErrorToastInUi(R.string.jid_does_not_match_certificate); } diff --git a/src/main/java/eu/siacs/conversations/ui/ManageAccountActivity.java b/src/main/java/eu/siacs/conversations/ui/ManageAccountActivity.java index 80e77506..6024177a 100644 --- a/src/main/java/eu/siacs/conversations/ui/ManageAccountActivity.java +++ b/src/main/java/eu/siacs/conversations/ui/ManageAccountActivity.java @@ -7,7 +7,6 @@ import android.content.Intent; import android.os.Bundle; import android.security.KeyChain; import android.security.KeyChainAliasCallback; -import android.util.Log; import android.view.ContextMenu; import android.view.ContextMenu.ContextMenuInfo; import android.view.Menu; @@ -103,6 +102,14 @@ public class ManageAccountActivity extends XmppActivity implements OnAccountUpda public boolean onCreateOptionsMenu(Menu menu) { getMenuInflater().inflate(R.menu.manageaccounts, menu); MenuItem enableAll = menu.findItem(R.id.action_enable_all); + MenuItem addAccount = menu.findItem(R.id.action_add_account); + MenuItem addAccountWithCertificate = menu.findItem(R.id.action_add_account_with_cert); + + if (Config.X509_VERIFICATION) { + addAccount.setVisible(false); + addAccountWithCertificate.setShowAsAction(MenuItem.SHOW_AS_ACTION_ALWAYS); + } + if (!accountsLeftToEnable()) { enableAll.setVisible(false); } @@ -149,7 +156,7 @@ public class ManageAccountActivity extends XmppActivity implements OnAccountUpda case R.id.action_enable_all: enableAllAccounts(); break; - case R.id.action_add_account_from_key: + case R.id.action_add_account_with_cert: addAccountFromKey(); break; default: diff --git a/src/main/res/menu/manageaccounts.xml b/src/main/res/menu/manageaccounts.xml index 2eeb30db..ffa692a0 100644 --- a/src/main/res/menu/manageaccounts.xml +++ b/src/main/res/menu/manageaccounts.xml @@ -7,10 +7,10 @@ android:showAsAction="always" android:title="@string/action_add_account"/> <item - android:id="@+id/action_add_account_from_key" + android:id="@+id/action_add_account_with_cert" android:showAsAction="never" android:icon="?attr/icon_add_person" - android:title="@string/action_add_account_from_key" + android:title="@string/action_add_account_with_certificate" android:visible="true"/> <item android:id="@+id/action_enable_all" diff --git a/src/main/res/values/strings.xml b/src/main/res/values/strings.xml index 20b861f4..162c277b 100644 --- a/src/main/res/values/strings.xml +++ b/src/main/res/values/strings.xml @@ -524,7 +524,7 @@ <string name="pref_away_when_screen_off_summary">Marks your resource as away when the screen is turned off</string> <string name="pref_xa_on_silent_mode">Not available in silent mode</string> <string name="pref_xa_on_silent_mode_summary">Marks your resource as not available when phone is in silent mode</string> - <string name="action_add_account_from_key">Add account from certificate</string> + <string name="action_add_account_with_certificate">Add account with certificate</string> <string name="unable_to_parse_certificate">Unable to parse certificate</string> <string name="authenticate_with_certificate">Leave empty to authenticate w/ certificate</string> <string name="captcha_ocr">Captcha text</string> |