From 1de74c2337a97c55180827ea8497f9efca12c24b Mon Sep 17 00:00:00 2001 From: Daniel Gultsch Date: Tue, 8 Dec 2015 17:15:08 +0100 Subject: also verify sessions in CBE mode that got created by key transport messages --- .../conversations/crypto/axolotl/AxolotlService.java | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java b/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java index 2aaadab7..a3dc1357 100644 --- a/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java +++ b/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java @@ -924,7 +924,7 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded { } if (session.isFresh() && plaintextMessage != null) { - sessions.put(session); + putFreshSession(session); } return plaintextMessage; @@ -937,9 +937,21 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded { keyTransportMessage = message.getParameters(session, getOwnDeviceId()); if (session.isFresh() && keyTransportMessage != null) { - sessions.put(session); + putFreshSession(session); } return keyTransportMessage; } + + private void putFreshSession(XmppAxolotlSession session) { + sessions.put(session); + if (Config.X509_VERIFICATION) { + IdentityKey identityKey = axolotlStore.loadSession(session.getRemoteAddress()).getSessionState().getRemoteIdentityKey(); + if (identityKey != null) { + verifySessionWithPEP(session, identityKey); + } else { + Log.e(Config.LOGTAG,account.getJid().toBareJid()+": identity key was empty after reloading for x509 verification"); + } + } + } } -- cgit v1.2.3