From 1de74c2337a97c55180827ea8497f9efca12c24b Mon Sep 17 00:00:00 2001
From: Daniel Gultsch <daniel@gultsch.de>
Date: Tue, 8 Dec 2015 17:15:08 +0100
Subject: also verify sessions in CBE mode that got created by key transport
 messages

---
 .../conversations/crypto/axolotl/AxolotlService.java     | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

(limited to 'src/main/java/eu/siacs/conversations/crypto')

diff --git a/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java b/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java
index 2aaadab7..a3dc1357 100644
--- a/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java
+++ b/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java
@@ -924,7 +924,7 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded {
 		}
 
 		if (session.isFresh() && plaintextMessage != null) {
-			sessions.put(session);
+			putFreshSession(session);
 		}
 
 		return plaintextMessage;
@@ -937,9 +937,21 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded {
 		keyTransportMessage = message.getParameters(session, getOwnDeviceId());
 
 		if (session.isFresh() && keyTransportMessage != null) {
-			sessions.put(session);
+			putFreshSession(session);
 		}
 
 		return keyTransportMessage;
 	}
+
+	private void putFreshSession(XmppAxolotlSession session) {
+		sessions.put(session);
+		if (Config.X509_VERIFICATION) {
+			IdentityKey identityKey = axolotlStore.loadSession(session.getRemoteAddress()).getSessionState().getRemoteIdentityKey();
+			if (identityKey != null) {
+				verifySessionWithPEP(session, identityKey);
+			} else {
+				Log.e(Config.LOGTAG,account.getJid().toBareJid()+": identity key was empty after reloading for x509 verification");
+			}
+		}
+	}
 }
-- 
cgit v1.2.3