introduced blind trust before verification mode
read more about the concept on https://gultsch.de/trust.html
This commit is contained in:
parent
4720ac94d3
commit
839ef8e14b
|
@ -112,6 +112,15 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded {
|
||||||
axolotlStore.preVerifyFingerprint(account, account.getJid().toBareJid().toPreppedString(), fingerprint);
|
axolotlStore.preVerifyFingerprint(account, account.getJid().toBareJid().toPreppedString(), fingerprint);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public boolean hasVerifiedKeys(String name) {
|
||||||
|
for(XmppAxolotlSession session : this.sessions.getAll(new AxolotlAddress(name,0)).values()) {
|
||||||
|
if (session.getTrust().isVerified()) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
private static class AxolotlAddressMap<T> {
|
private static class AxolotlAddressMap<T> {
|
||||||
protected Map<String, Map<Integer, T>> map;
|
protected Map<String, Map<Integer, T>> map;
|
||||||
protected final Object MAP_LOCK = new Object();
|
protected final Object MAP_LOCK = new Object();
|
||||||
|
@ -226,6 +235,7 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded {
|
||||||
SUCCESS,
|
SUCCESS,
|
||||||
SUCCESS_VERIFIED,
|
SUCCESS_VERIFIED,
|
||||||
TIMEOUT,
|
TIMEOUT,
|
||||||
|
SUCCESS_TRUSTED,
|
||||||
ERROR
|
ERROR
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -779,6 +789,8 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded {
|
||||||
report = FetchStatus.SUCCESS;
|
report = FetchStatus.SUCCESS;
|
||||||
} else if (own.containsValue(FetchStatus.SUCCESS_VERIFIED) || remote.containsValue(FetchStatus.SUCCESS_VERIFIED)) {
|
} else if (own.containsValue(FetchStatus.SUCCESS_VERIFIED) || remote.containsValue(FetchStatus.SUCCESS_VERIFIED)) {
|
||||||
report = FetchStatus.SUCCESS_VERIFIED;
|
report = FetchStatus.SUCCESS_VERIFIED;
|
||||||
|
} else if (own.containsValue(FetchStatus.SUCCESS_TRUSTED) || remote.containsValue(FetchStatus.SUCCESS_TRUSTED)) {
|
||||||
|
report = FetchStatus.SUCCESS_TRUSTED;
|
||||||
} else if (own.containsValue(FetchStatus.ERROR) || remote.containsValue(FetchStatus.ERROR)) {
|
} else if (own.containsValue(FetchStatus.ERROR) || remote.containsValue(FetchStatus.ERROR)) {
|
||||||
report = FetchStatus.ERROR;
|
report = FetchStatus.ERROR;
|
||||||
}
|
}
|
||||||
|
@ -836,8 +848,15 @@ public class AxolotlService implements OnAdvancedStreamFeaturesLoaded {
|
||||||
verifySessionWithPEP(session);
|
verifySessionWithPEP(session);
|
||||||
} else {
|
} else {
|
||||||
FingerprintStatus status = getFingerprintTrust(bundle.getIdentityKey().getFingerprint().replaceAll("\\s",""));
|
FingerprintStatus status = getFingerprintTrust(bundle.getIdentityKey().getFingerprint().replaceAll("\\s",""));
|
||||||
boolean verified = status != null && status.isVerified();
|
FetchStatus fetchStatus;
|
||||||
fetchStatusMap.put(address, verified ? FetchStatus.SUCCESS_VERIFIED : FetchStatus.SUCCESS);
|
if (status != null && status.isVerified()) {
|
||||||
|
fetchStatus = FetchStatus.SUCCESS_VERIFIED;
|
||||||
|
} else if (status != null && status.isTrusted()) {
|
||||||
|
fetchStatus = FetchStatus.SUCCESS_TRUSTED;
|
||||||
|
} else {
|
||||||
|
fetchStatus = FetchStatus.SUCCESS;
|
||||||
|
}
|
||||||
|
fetchStatusMap.put(address, fetchStatus);
|
||||||
finishBuildingSessionsFromPEP(address);
|
finishBuildingSessionsFromPEP(address);
|
||||||
}
|
}
|
||||||
} catch (UntrustedIdentityException | InvalidKeyException e) {
|
} catch (UntrustedIdentityException | InvalidKeyException e) {
|
||||||
|
|
|
@ -63,6 +63,14 @@ public class FingerprintStatus implements Comparable<FingerprintStatus> {
|
||||||
return status;
|
return status;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static FingerprintStatus createActiveTrusted() {
|
||||||
|
final FingerprintStatus status = new FingerprintStatus();
|
||||||
|
status.trust = Trust.TRUSTED;
|
||||||
|
status.active = true;
|
||||||
|
status.lastActivation = System.currentTimeMillis();
|
||||||
|
return status;
|
||||||
|
}
|
||||||
|
|
||||||
public static FingerprintStatus createActiveVerified(boolean x509) {
|
public static FingerprintStatus createActiveVerified(boolean x509) {
|
||||||
final FingerprintStatus status = new FingerprintStatus();
|
final FingerprintStatus status = new FingerprintStatus();
|
||||||
status.trust = x509 ? Trust.VERIFIED_X509 : Trust.VERIFIED;
|
status.trust = x509 ? Trust.VERIFIED_X509 : Trust.VERIFIED;
|
||||||
|
|
|
@ -21,7 +21,10 @@ import java.util.Set;
|
||||||
|
|
||||||
import eu.siacs.conversations.Config;
|
import eu.siacs.conversations.Config;
|
||||||
import eu.siacs.conversations.entities.Account;
|
import eu.siacs.conversations.entities.Account;
|
||||||
|
import eu.siacs.conversations.entities.Contact;
|
||||||
import eu.siacs.conversations.services.XmppConnectionService;
|
import eu.siacs.conversations.services.XmppConnectionService;
|
||||||
|
import eu.siacs.conversations.xmpp.jid.InvalidJidException;
|
||||||
|
import eu.siacs.conversations.xmpp.jid.Jid;
|
||||||
|
|
||||||
public class SQLiteAxolotlStore implements AxolotlStore {
|
public class SQLiteAxolotlStore implements AxolotlStore {
|
||||||
|
|
||||||
|
@ -191,7 +194,12 @@ public class SQLiteAxolotlStore implements AxolotlStore {
|
||||||
String fingerprint = identityKey.getFingerprint().replaceAll("\\s", "");
|
String fingerprint = identityKey.getFingerprint().replaceAll("\\s", "");
|
||||||
FingerprintStatus status = getFingerprintStatus(fingerprint);
|
FingerprintStatus status = getFingerprintStatus(fingerprint);
|
||||||
if (status == null) {
|
if (status == null) {
|
||||||
status = FingerprintStatus.createActiveUndecided(); //default for new keys
|
if (mXmppConnectionService.blindTrustBeforeVerification() && !account.getAxolotlService().hasVerifiedKeys(name)) {
|
||||||
|
Log.d(Config.LOGTAG,account.getJid().toBareJid()+": blindly trusted "+fingerprint+" of "+name);
|
||||||
|
status = FingerprintStatus.createActiveTrusted();
|
||||||
|
} else {
|
||||||
|
status = FingerprintStatus.createActiveUndecided();
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
status = status.toActive();
|
status = status.toActive();
|
||||||
}
|
}
|
||||||
|
|
|
@ -3666,6 +3666,10 @@ public class XmppConnectionService extends Service {
|
||||||
return verifiedSomething;
|
return verifiedSomething;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public boolean blindTrustBeforeVerification() {
|
||||||
|
return getPreferences().getBoolean(SettingsActivity.BLIND_TRUST_BEFORE_VERIFICATION, true);
|
||||||
|
}
|
||||||
|
|
||||||
public interface OnMamPreferencesFetched {
|
public interface OnMamPreferencesFetched {
|
||||||
void onPreferencesFetched(Element prefs);
|
void onPreferencesFetched(Element prefs);
|
||||||
void onPreferencesFetchFailed();
|
void onPreferencesFetchFailed();
|
||||||
|
|
|
@ -39,6 +39,7 @@ public class SettingsActivity extends XmppActivity implements
|
||||||
public static final String AWAY_WHEN_SCREEN_IS_OFF = "away_when_screen_off";
|
public static final String AWAY_WHEN_SCREEN_IS_OFF = "away_when_screen_off";
|
||||||
public static final String TREAT_VIBRATE_AS_SILENT = "treat_vibrate_as_silent";
|
public static final String TREAT_VIBRATE_AS_SILENT = "treat_vibrate_as_silent";
|
||||||
public static final String MANUALLY_CHANGE_PRESENCE = "manually_change_presence";
|
public static final String MANUALLY_CHANGE_PRESENCE = "manually_change_presence";
|
||||||
|
public static final String BLIND_TRUST_BEFORE_VERIFICATION = "btbv";
|
||||||
|
|
||||||
public static final int REQUEST_WRITE_LOGS = 0xbf8701;
|
public static final int REQUEST_WRITE_LOGS = 0xbf8701;
|
||||||
private SettingsFragment mSettingsFragment;
|
private SettingsFragment mSettingsFragment;
|
||||||
|
|
|
@ -73,6 +73,7 @@ public class TrustKeysActivity extends OmemoActivity implements OnKeyStatusUpdat
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
private XmppUri mPendingFingerprintVerificationUri = null;
|
private XmppUri mPendingFingerprintVerificationUri = null;
|
||||||
|
private Toast mUseCameraHintToast = null;
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void refreshUiReal() {
|
protected void refreshUiReal() {
|
||||||
|
@ -114,10 +115,10 @@ public class TrustKeysActivity extends OmemoActivity implements OnKeyStatusUpdat
|
||||||
@Override
|
@Override
|
||||||
public boolean onCreateOptionsMenu(Menu menu) {
|
public boolean onCreateOptionsMenu(Menu menu) {
|
||||||
getMenuInflater().inflate(R.menu.trust_keys, menu);
|
getMenuInflater().inflate(R.menu.trust_keys, menu);
|
||||||
Toast toast = Toast.makeText(this,R.string.use_camera_icon_to_scan_barcode,Toast.LENGTH_LONG);
|
mUseCameraHintToast = Toast.makeText(this,R.string.use_camera_icon_to_scan_barcode,Toast.LENGTH_LONG);
|
||||||
ActionBar actionBar = getActionBar();
|
ActionBar actionBar = getActionBar();
|
||||||
toast.setGravity(Gravity.TOP | Gravity.END, 0 ,actionBar == null ? 0 : actionBar.getHeight());
|
mUseCameraHintToast.setGravity(Gravity.TOP | Gravity.END, 0 ,actionBar == null ? 0 : actionBar.getHeight());
|
||||||
toast.show();
|
mUseCameraHintToast.show();
|
||||||
return super.onCreateOptionsMenu(menu);
|
return super.onCreateOptionsMenu(menu);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -307,15 +308,22 @@ public class TrustKeysActivity extends OmemoActivity implements OnKeyStatusUpdat
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void onKeyStatusUpdated(final AxolotlService.FetchStatus report) {
|
public void onKeyStatusUpdated(final AxolotlService.FetchStatus report) {
|
||||||
|
final boolean keysToTrust = reloadFingerprints();
|
||||||
if (report != null) {
|
if (report != null) {
|
||||||
lastFetchReport = report;
|
lastFetchReport = report;
|
||||||
runOnUiThread(new Runnable() {
|
runOnUiThread(new Runnable() {
|
||||||
@Override
|
@Override
|
||||||
public void run() {
|
public void run() {
|
||||||
|
if (mUseCameraHintToast != null && !keysToTrust) {
|
||||||
|
mUseCameraHintToast.cancel();
|
||||||
|
}
|
||||||
switch (report) {
|
switch (report) {
|
||||||
case ERROR:
|
case ERROR:
|
||||||
Toast.makeText(TrustKeysActivity.this,R.string.error_fetching_omemo_key,Toast.LENGTH_SHORT).show();
|
Toast.makeText(TrustKeysActivity.this,R.string.error_fetching_omemo_key,Toast.LENGTH_SHORT).show();
|
||||||
break;
|
break;
|
||||||
|
case SUCCESS_TRUSTED:
|
||||||
|
Toast.makeText(TrustKeysActivity.this,R.string.blindly_trusted_omemo_keys,Toast.LENGTH_LONG).show();
|
||||||
|
break;
|
||||||
case SUCCESS_VERIFIED:
|
case SUCCESS_VERIFIED:
|
||||||
Toast.makeText(TrustKeysActivity.this,
|
Toast.makeText(TrustKeysActivity.this,
|
||||||
Config.X509_VERIFICATION ? R.string.verified_omemo_key_with_certificate : R.string.all_omemo_keys_have_been_verified,
|
Config.X509_VERIFICATION ? R.string.verified_omemo_key_with_certificate : R.string.all_omemo_keys_have_been_verified,
|
||||||
|
@ -326,7 +334,6 @@ public class TrustKeysActivity extends OmemoActivity implements OnKeyStatusUpdat
|
||||||
});
|
});
|
||||||
|
|
||||||
}
|
}
|
||||||
boolean keysToTrust = reloadFingerprints();
|
|
||||||
if (keysToTrust || hasPendingKeyFetches() || hasNoOtherTrustedKeys()) {
|
if (keysToTrust || hasPendingKeyFetches() || hasNoOtherTrustedKeys()) {
|
||||||
refreshUi();
|
refreshUi();
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -710,4 +710,7 @@
|
||||||
<string name="share_as_barcode">Share as Barcode</string>
|
<string name="share_as_barcode">Share as Barcode</string>
|
||||||
<string name="share_as_uri">Share as XMPP URI</string>
|
<string name="share_as_uri">Share as XMPP URI</string>
|
||||||
<string name="share_as_http">Share as HTTP link</string>
|
<string name="share_as_http">Share as HTTP link</string>
|
||||||
|
<string name="pref_blind_trust_before_verification">Blind Trust Before Verification</string>
|
||||||
|
<string name="pref_blind_trust_before_verification_summary">Automatically trust all new devices from contacts that haven’t been verified before.</string>
|
||||||
|
<string name="blindly_trusted_omemo_keys">Blindly trusted OMEMO keys</string>
|
||||||
</resources>
|
</resources>
|
||||||
|
|
|
@ -164,6 +164,11 @@
|
||||||
android:summary="@string/pref_expert_options_summary"
|
android:summary="@string/pref_expert_options_summary"
|
||||||
android:title="@string/pref_expert_options">
|
android:title="@string/pref_expert_options">
|
||||||
<PreferenceCategory android:title="@string/pref_security_settings">
|
<PreferenceCategory android:title="@string/pref_security_settings">
|
||||||
|
<CheckBoxPreference
|
||||||
|
android:defaultValue="true"
|
||||||
|
android:key="btbv"
|
||||||
|
android:title="@string/pref_blind_trust_before_verification"
|
||||||
|
android:summary="@string/pref_blind_trust_before_verification_summary"/>
|
||||||
<CheckBoxPreference
|
<CheckBoxPreference
|
||||||
android:defaultValue="false"
|
android:defaultValue="false"
|
||||||
android:key="dont_save_encrypted"
|
android:key="dont_save_encrypted"
|
||||||
|
|
Loading…
Reference in New Issue