From 6e289b873865b01aa59afa497581b3217700be7f Mon Sep 17 00:00:00 2001 From: Daniel Gultsch Date: Sat, 3 Dec 2016 13:19:56 +0100 Subject: [PATCH] show warning dialog beforing verifying keys via a link --- .../ui/StartConversationActivity.java | 58 ++++++++++++++++--- .../eu/siacs/conversations/utils/XmppUri.java | 16 ++++- .../res/layout/dialog_verify_fingerprints.xml | 25 ++++++++ src/main/res/values/strings.xml | 3 + 4 files changed, 92 insertions(+), 10 deletions(-) create mode 100644 src/main/res/layout/dialog_verify_fingerprints.xml diff --git a/src/main/java/eu/siacs/conversations/ui/StartConversationActivity.java b/src/main/java/eu/siacs/conversations/ui/StartConversationActivity.java index 25ce50eb7..29739f239 100644 --- a/src/main/java/eu/siacs/conversations/ui/StartConversationActivity.java +++ b/src/main/java/eu/siacs/conversations/ui/StartConversationActivity.java @@ -25,12 +25,10 @@ import android.nfc.NfcAdapter; import android.os.Build; import android.os.Bundle; import android.os.Parcelable; -import android.support.v13.app.FragmentPagerAdapter; import android.support.v4.view.PagerAdapter; import android.support.v4.view.ViewPager; import android.text.Editable; import android.text.TextWatcher; -import android.util.Log; import android.util.Pair; import android.view.ContextMenu; import android.view.ContextMenu.ContextMenuInfo; @@ -65,7 +63,6 @@ import java.util.concurrent.atomic.AtomicBoolean; import eu.siacs.conversations.Config; import eu.siacs.conversations.R; import eu.siacs.conversations.entities.Account; -import eu.siacs.conversations.entities.Blockable; import eu.siacs.conversations.entities.Bookmark; import eu.siacs.conversations.entities.Contact; import eu.siacs.conversations.entities.Conversation; @@ -788,12 +785,15 @@ public class StartConversationActivity extends XmppActivity implements OnRosterU if (this.mPendingInvite != null) { mPendingInvite.invite(); this.mPendingInvite = null; + filter(null); } else if (!handleIntent(getIntent())) { if (mSearchEditText != null) { filter(mSearchEditText.getText().toString()); } else { filter(null); } + } else { + filter(null); } setIntent(null); } @@ -812,15 +812,13 @@ public class StartConversationActivity extends XmppActivity implements OnRosterU case Intent.ACTION_VIEW: Uri uri = intent.getData(); if (uri != null) { - Log.d(Config.LOGTAG, "received uri=" + intent.getData()); - return new Invite(intent.getData()).invite(); + return new Invite(intent.getData(),false).invite(); } else { return false; } case NfcAdapter.ACTION_NDEF_DISCOVERED: for (Parcelable message : getIntent().getParcelableArrayExtra(NfcAdapter.EXTRA_NDEF_MESSAGES)) { if (message instanceof NdefMessage) { - Log.d(Config.LOGTAG, "received message=" + message); for (NdefRecord record : ((NdefMessage) message).getRecords()) { switch (record.getTnf()) { case NdefRecord.TNF_WELL_KNOWN: @@ -867,10 +865,14 @@ public class StartConversationActivity extends XmppActivity implements OnRosterU return false; } else if (contacts.size() == 1) { Contact contact = contacts.get(0); - if (invite.hasFingerprints()) { - xmppConnectionService.verifyFingerprints(contact,invite.getFingerprints()); + if (!invite.isSafeSource() && invite.hasFingerprints()) { + displayVerificationWarningDialog(contact,invite); + } else { + if (invite.hasFingerprints()) { + xmppConnectionService.verifyFingerprints(contact, invite.getFingerprints()); + } + switchToConversation(contact, invite.getBody()); } - switchToConversation(contact,invite.getBody()); return true; } else { if (mMenuSearchView != null) { @@ -885,6 +887,40 @@ public class StartConversationActivity extends XmppActivity implements OnRosterU } } + private void displayVerificationWarningDialog(final Contact contact, final Invite invite) { + AlertDialog.Builder builder = new AlertDialog.Builder(this); + builder.setTitle(R.string.verify_omemo_keys); + View view = getLayoutInflater().inflate(R.layout.dialog_verify_fingerprints, null); + final CheckBox isTrustedSource = (CheckBox) view.findViewById(R.id.trusted_source); + TextView warning = (TextView) view.findViewById(R.id.warning); + warning.setText(getString(R.string.verifying_omemo_keys_trusted_source,contact.getJid().toBareJid().toString(),contact.getDisplayName())); + builder.setView(view); + builder.setPositiveButton(R.string.confirm, new OnClickListener() { + @Override + public void onClick(DialogInterface dialog, int which) { + if (isTrustedSource.isChecked() && invite.hasFingerprints()) { + xmppConnectionService.verifyFingerprints(contact, invite.getFingerprints()); + } + switchToConversation(contact, invite.getBody()); + } + }); + builder.setNegativeButton(R.string.cancel, new OnClickListener() { + @Override + public void onClick(DialogInterface dialog, int which) { + StartConversationActivity.this.finish(); + } + }); + AlertDialog dialog = builder.create(); + dialog.setCanceledOnTouchOutside(false); + dialog.setOnCancelListener(new DialogInterface.OnCancelListener() { + @Override + public void onCancel(DialogInterface dialog) { + StartConversationActivity.this.finish(); + } + }); + dialog.show(); + } + protected void filter(String needle) { if (xmppConnectionServiceBound) { this.filterContacts(needle); @@ -1111,6 +1147,10 @@ public class StartConversationActivity extends XmppActivity implements OnRosterU super(uri); } + public Invite(Uri uri, boolean safeSource) { + super(uri,safeSource); + } + boolean invite() { if (getJid() != null) { return handleJid(this); diff --git a/src/main/java/eu/siacs/conversations/utils/XmppUri.java b/src/main/java/eu/siacs/conversations/utils/XmppUri.java index e16377cfa..947a3366a 100644 --- a/src/main/java/eu/siacs/conversations/utils/XmppUri.java +++ b/src/main/java/eu/siacs/conversations/utils/XmppUri.java @@ -17,6 +17,7 @@ public class XmppUri { protected boolean muc; protected List fingerprints = new ArrayList<>(); private String body; + protected boolean safeSource = true; public static final String OMEMO_URI_PARAM = "omemo-sid-"; public static final String OTR_URI_PARAM = "otr-fingerprint"; @@ -37,6 +38,15 @@ public class XmppUri { parse(uri); } + public XmppUri(Uri uri, boolean safeSource) { + this.safeSource = safeSource; + parse(uri); + } + + public boolean isSafeSource() { + return safeSource; + } + protected void parse(Uri uri) { String scheme = uri.getScheme(); String host = uri.getHost(); @@ -81,8 +91,12 @@ public class XmppUri { } protected List parseFingerprints(String query) { + return parseFingerprints(query,';'); + } + + protected List parseFingerprints(String query, char seperator) { List fingerprints = new ArrayList<>(); - String[] pairs = query == null ? new String[0] : query.split(";"); + String[] pairs = query == null ? new String[0] : query.split(String.valueOf(seperator)); for(String pair : pairs) { String[] parts = pair.split("=",2); if (parts.length == 2) { diff --git a/src/main/res/layout/dialog_verify_fingerprints.xml b/src/main/res/layout/dialog_verify_fingerprints.xml new file mode 100644 index 000000000..452765753 --- /dev/null +++ b/src/main/res/layout/dialog_verify_fingerprints.xml @@ -0,0 +1,25 @@ + + + + + + + \ No newline at end of file diff --git a/src/main/res/values/strings.xml b/src/main/res/values/strings.xml index 638b6bd6f..51a7a3dc5 100644 --- a/src/main/res/values/strings.xml +++ b/src/main/res/values/strings.xml @@ -720,4 +720,7 @@ Clean cache Clean private storage Clean private storage where files are kept (They can be re-downloaded from the server) + I followed this link from a trusted source + You are about to verify the OMEMO keys form %1$s after clicking a link. This is only secure if you followed this link from a trusted source where only %2$s could have published this link. + Verify OMEMO keys