From 212d1a8c91d5b83d1132d3a02664607ce37f8ecf Mon Sep 17 00:00:00 2001 From: Daniel Gultsch Date: Mon, 12 Oct 2015 13:18:20 +0200 Subject: add config variable to enable x509 verification --- src/main/java/eu/siacs/conversations/Config.java | 2 ++ .../crypto/axolotl/AxolotlService.java | 6 ++-- .../services/XmppConnectionService.java | 33 +++++++++------------- .../conversations/ui/ManageAccountActivity.java | 11 ++++++-- src/main/res/menu/manageaccounts.xml | 4 +-- src/main/res/values/strings.xml | 2 +- 6 files changed, 31 insertions(+), 27 deletions(-) (limited to 'src') diff --git a/src/main/java/eu/siacs/conversations/Config.java b/src/main/java/eu/siacs/conversations/Config.java index b4dcf209..bd9ad1a8 100644 --- a/src/main/java/eu/siacs/conversations/Config.java +++ b/src/main/java/eu/siacs/conversations/Config.java @@ -48,6 +48,8 @@ public final class Config { public static final boolean SHOW_REGENERATE_AXOLOTL_KEYS_BUTTON = false; + public static final boolean X509_VERIFICATION = false; //use x509 certificates to verify OMEMO keys + public static final long MILLISECONDS_IN_DAY = 24 * 60 * 60 * 1000; public static final long MAM_MAX_CATCHUP = MILLISECONDS_IN_DAY / 2; public static final int MAM_MAX_MESSAGES = 500; diff --git a/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java b/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java index fe801755..58e5a095 100644 --- a/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java +++ b/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java @@ -504,10 +504,10 @@ public class AxolotlService { if (changed) { - if (account.getPrivateKeyAlias() == null) { - publishDeviceBundle(signedPreKeyRecord, preKeyRecords, announce, wipe); - } else { + if (account.getPrivateKeyAlias() != null && Config.X509_VERIFICATION) { publishDeviceVerificationAndBundle(signedPreKeyRecord, preKeyRecords, announce, wipe); + } else { + publishDeviceBundle(signedPreKeyRecord, preKeyRecords, announce, wipe); } } else { Log.d(Config.LOGTAG, getLogprefix(account) + "Bundle " + getOwnDeviceId() + " in PEP was current"); diff --git a/src/main/java/eu/siacs/conversations/services/XmppConnectionService.java b/src/main/java/eu/siacs/conversations/services/XmppConnectionService.java index f3bd545a..7a39bd06 100644 --- a/src/main/java/eu/siacs/conversations/services/XmppConnectionService.java +++ b/src/main/java/eu/siacs/conversations/services/XmppConnectionService.java @@ -1311,25 +1311,18 @@ public class XmppConnectionService extends Service implements OnPhoneContactsLoa account.setOption(Account.OPTION_DISABLED, true); createAccount(account); callback.onAccountCreated(account); - try { - getMemorizingTrustManager().getNonInteractive().checkClientTrusted(chain, "RSA"); - } catch (CertificateException e) { - callback.informUser(R.string.certificate_chain_is_not_trusted); + if (Config.X509_VERIFICATION) { + try { + getMemorizingTrustManager().getNonInteractive().checkClientTrusted(chain, "RSA"); + } catch (CertificateException e) { + callback.informUser(R.string.certificate_chain_is_not_trusted); + } } } else { callback.informUser(R.string.account_already_exists); } - } catch (KeyChainException e) { - callback.informUser(R.string.unable_to_parse_certificate); - } catch (InterruptedException e) { + } catch (Exception e) { callback.informUser(R.string.unable_to_parse_certificate); - e.printStackTrace(); - } catch (CertificateEncodingException e) { - callback.informUser(R.string.unable_to_parse_certificate); - e.printStackTrace(); - } catch (InvalidJidException e) { - callback.informUser(R.string.unable_to_parse_certificate); - e.printStackTrace(); } } }).start(); @@ -1344,12 +1337,14 @@ public class XmppConnectionService extends Service implements OnPhoneContactsLoa if (account.getJid().toBareJid().equals(info.first)) { account.setPrivateKeyAlias(alias); databaseBackend.updateAccount(account); - try { - getMemorizingTrustManager().getNonInteractive().checkClientTrusted(chain, "RSA"); - } catch (CertificateException e) { - showErrorToastInUi(R.string.certificate_chain_is_not_trusted); + if (Config.X509_VERIFICATION) { + try { + getMemorizingTrustManager().getNonInteractive().checkClientTrusted(chain, "RSA"); + } catch (CertificateException e) { + showErrorToastInUi(R.string.certificate_chain_is_not_trusted); + } + account.getAxolotlService().regenerateKeys(true); } - account.getAxolotlService().regenerateKeys(true); } else { showErrorToastInUi(R.string.jid_does_not_match_certificate); } diff --git a/src/main/java/eu/siacs/conversations/ui/ManageAccountActivity.java b/src/main/java/eu/siacs/conversations/ui/ManageAccountActivity.java index 80e77506..6024177a 100644 --- a/src/main/java/eu/siacs/conversations/ui/ManageAccountActivity.java +++ b/src/main/java/eu/siacs/conversations/ui/ManageAccountActivity.java @@ -7,7 +7,6 @@ import android.content.Intent; import android.os.Bundle; import android.security.KeyChain; import android.security.KeyChainAliasCallback; -import android.util.Log; import android.view.ContextMenu; import android.view.ContextMenu.ContextMenuInfo; import android.view.Menu; @@ -103,6 +102,14 @@ public class ManageAccountActivity extends XmppActivity implements OnAccountUpda public boolean onCreateOptionsMenu(Menu menu) { getMenuInflater().inflate(R.menu.manageaccounts, menu); MenuItem enableAll = menu.findItem(R.id.action_enable_all); + MenuItem addAccount = menu.findItem(R.id.action_add_account); + MenuItem addAccountWithCertificate = menu.findItem(R.id.action_add_account_with_cert); + + if (Config.X509_VERIFICATION) { + addAccount.setVisible(false); + addAccountWithCertificate.setShowAsAction(MenuItem.SHOW_AS_ACTION_ALWAYS); + } + if (!accountsLeftToEnable()) { enableAll.setVisible(false); } @@ -149,7 +156,7 @@ public class ManageAccountActivity extends XmppActivity implements OnAccountUpda case R.id.action_enable_all: enableAllAccounts(); break; - case R.id.action_add_account_from_key: + case R.id.action_add_account_with_cert: addAccountFromKey(); break; default: diff --git a/src/main/res/menu/manageaccounts.xml b/src/main/res/menu/manageaccounts.xml index 2eeb30db..ffa692a0 100644 --- a/src/main/res/menu/manageaccounts.xml +++ b/src/main/res/menu/manageaccounts.xml @@ -7,10 +7,10 @@ android:showAsAction="always" android:title="@string/action_add_account"/> Marks your resource as away when the screen is turned off Not available in silent mode Marks your resource as not available when phone is in silent mode - Add account from certificate + Add account with certificate Unable to parse certificate Leave empty to authenticate w/ certificate Captcha text -- cgit v1.2.3