From 6e4d0dede1517b25dd51cdea23aa81537249c0f8 Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <valodim@mugenguild.com>
Date: Tue, 17 Jun 2014 23:25:45 +0200
Subject: canonicalize: support secret keys

---
 .../keychain/pgp/UncachedKeyRing.java              | 36 ++++++++++++++--------
 1 file changed, 24 insertions(+), 12 deletions(-)

(limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp')

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java
index f22ea7697..78620405f 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java
@@ -178,8 +178,7 @@ public class UncachedKeyRing {
         return result;
     }
 
-    /** "Canonicalizes" a key, removing inconsistencies in the process. This operation can be
-     * applied to public keyrings only.
+    /** "Canonicalizes" a key, removing inconsistencies in the process.
      *
      * More specifically:
      *  - Remove all non-verifying self-certificates
@@ -193,6 +192,7 @@ public class UncachedKeyRing {
      *   - certifications and certification revocations for user ids
      *  - If a subkey retains no valid subkey binding certificate, remove it
      *  - If a user id retains no valid self certificate, remove it
+     *  - If the key is a secret key, remove all certificates by foreign keys
      *
      * This operation writes an OperationLog which can be used as part of a OperationResultParcel.
      *
@@ -200,12 +200,8 @@ public class UncachedKeyRing {
      *
      */
     public UncachedKeyRing canonicalize(OperationLog log, int indent) {
-        if (isSecret()) {
-            throw new RuntimeException("Tried to canonicalize non-secret keyring. " +
-                    "This is a programming error and should never happen!");
-        }
 
-        log.add(LogLevel.START, LogType.MSG_KC,
+        log.add(LogLevel.START, isSecret() ? LogType.MSG_KC_SECRET : LogType.MSG_KC_PUBLIC,
                 new String[]{PgpKeyHelper.convertKeyIdToHex(getMasterKeyId())}, indent);
         indent += 1;
 
@@ -213,7 +209,7 @@ public class UncachedKeyRing {
 
         int redundantCerts = 0, badCerts = 0;
 
-        PGPPublicKeyRing ring = (PGPPublicKeyRing) mRing;
+        PGPKeyRing ring = mRing;
         PGPPublicKey masterKey = mRing.getPublicKey();
         final long masterKeyId = masterKey.getKeyID();
 
@@ -334,8 +330,15 @@ public class UncachedKeyRing {
                         continue;
                     }
 
-                    // If this is a foreign signature, never mind any further
+                    // If this is a foreign signature, ...
                     if (certId != masterKeyId) {
+                        // never mind any further for public keys, but remove them from secret ones
+                        if (isSecret()) {
+                            log.add(LogLevel.WARN, LogType.MSG_KC_UID_FOREIGN,
+                                    new String[] { PgpKeyHelper.convertKeyIdToHex(certId) }, indent);
+                            modified = PGPPublicKey.removeCertification(modified, userId, zert);
+                            badCerts += 1;
+                        }
                         continue;
                     }
 
@@ -433,7 +436,7 @@ public class UncachedKeyRing {
             }
 
             // Replace modified key in the keyring
-            ring = PGPPublicKeyRing.insertPublicKey(ring, modified);
+            ring = replacePublicKey(ring, modified);
             indent -= 1;
 
         }
@@ -578,7 +581,7 @@ public class UncachedKeyRing {
 
             // it is not properly bound? error!
             if (selfCert == null) {
-                ring = PGPPublicKeyRing.removePublicKey(ring, modified);
+                ring = replacePublicKey(ring, modified);
 
                 log.add(LogLevel.ERROR, LogType.MSG_KC_SUB_NO_CERT,
                         new String[]{ PgpKeyHelper.convertKeyIdToHex(key.getKeyID()) }, indent);
@@ -593,7 +596,7 @@ public class UncachedKeyRing {
                 modified = PGPPublicKey.addCertification(modified, revocation);
             }
             // replace pubkey in keyring
-            ring = PGPPublicKeyRing.insertPublicKey(ring, modified);
+            ring = replacePublicKey(ring, modified);
             indent -= 1;
         }
 
@@ -614,5 +617,14 @@ public class UncachedKeyRing {
         return new UncachedKeyRing(ring);
     }
 
+    private static PGPKeyRing replacePublicKey(PGPKeyRing ring, PGPPublicKey key) {
+        if (ring instanceof PGPPublicKeyRing) {
+            return PGPPublicKeyRing.insertPublicKey((PGPPublicKeyRing) ring, key);
+        }
+        PGPSecretKeyRing secRing = (PGPSecretKeyRing) ring;
+        PGPSecretKey sKey = secRing.getSecretKey(key.getKeyID());
+        sKey = PGPSecretKey.replacePublicKey(sKey, key);
+        return PGPSecretKeyRing.insertSecretKey(secRing, sKey);
+    }
 
 }
-- 
cgit v1.2.3