From 4885361cd2f7c27a528fcfc5e8eac1cc1a9b50d0 Mon Sep 17 00:00:00 2001 From: Vincent Breitmoser Date: Sun, 17 May 2015 10:36:14 +0200 Subject: check fingerprint length after scanning qr code Fixes #1281 --- .../operations/results/OperationResult.java | 3 +- .../keychain/ui/ImportKeysProxyActivity.java | 36 ++++++++++++++-------- 2 files changed, 26 insertions(+), 13 deletions(-) (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain') diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java index f7b1ca0b4..82f157d4c 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java @@ -719,7 +719,8 @@ public abstract class OperationResult implements Parcelable { MSG_ACC_SAVED (LogLevel.INFO, R.string.api_settings_save_msg), - MSG_WRONG_QR_CODE (LogLevel.INFO, R.string.import_qr_code_wrong), + MSG_WRONG_QR_CODE (LogLevel.ERROR, R.string.import_qr_code_wrong), + MSG_WRONG_QR_CODE_FP(LogLevel.ERROR, R.string.import_qr_code_fp), MSG_NO_VALID_ENC (LogLevel.ERROR, R.string.error_invalid_data), diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ImportKeysProxyActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ImportKeysProxyActivity.java index dc8752d1a..77fa9cc0b 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ImportKeysProxyActivity.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ImportKeysProxyActivity.java @@ -41,6 +41,7 @@ import org.sufficientlysecure.keychain.intents.OpenKeychainIntents; import org.sufficientlysecure.keychain.keyimport.ParcelableKeyRing; import org.sufficientlysecure.keychain.operations.results.ImportKeyResult; import org.sufficientlysecure.keychain.operations.results.OperationResult; +import org.sufficientlysecure.keychain.operations.results.OperationResult.LogType; import org.sufficientlysecure.keychain.operations.results.SingletonResult; import org.sufficientlysecure.keychain.service.KeychainIntentService; import org.sufficientlysecure.keychain.service.ServiceProgressHandler; @@ -141,24 +142,35 @@ public class ImportKeysProxyActivity extends FragmentActivity { Log.d(Constants.TAG, "scanned: " + uri); // example: openpgp4fpr:73EE2314F65FA92EC2390D3A718C070100012282 - if (uri != null && uri.getScheme() != null && uri.getScheme().toLowerCase(Locale.ENGLISH).equals(Constants.FINGERPRINT_SCHEME)) { - String fingerprint = uri.getEncodedSchemeSpecificPart().toLowerCase(Locale.ENGLISH); + if (uri == null || uri.getScheme() == null || + !uri.getScheme().toLowerCase(Locale.ENGLISH).equals(Constants.FINGERPRINT_SCHEME)) { + SingletonResult result = new SingletonResult( + SingletonResult.RESULT_ERROR, LogType.MSG_WRONG_QR_CODE); + Intent intent = new Intent(); + intent.putExtra(SingletonResult.EXTRA_RESULT, result); + returnResult(intent); + return; + } - if (ACTION_SCAN_WITH_RESULT.equals(action)) { - Intent result = new Intent(); - result.putExtra(EXTRA_FINGERPRINT, fingerprint); - setResult(RESULT_OK, result); - finish(); - } else { - importKeys(fingerprint); - } - } else { + String fingerprint = uri.getEncodedSchemeSpecificPart().toLowerCase(Locale.ENGLISH); + if (fingerprint.matches("[a-fA-F0-9]{40}")) { SingletonResult result = new SingletonResult( - SingletonResult.RESULT_ERROR, OperationResult.LogType.MSG_WRONG_QR_CODE); + SingletonResult.RESULT_ERROR, LogType.MSG_WRONG_QR_CODE_FP); Intent intent = new Intent(); intent.putExtra(SingletonResult.EXTRA_RESULT, result); returnResult(intent); + return; + } + + if (ACTION_SCAN_WITH_RESULT.equals(action)) { + Intent result = new Intent(); + result.putExtra(EXTRA_FINGERPRINT, fingerprint); + setResult(RESULT_OK, result); + finish(); + } else { + importKeys(fingerprint); } + } public void returnResult(Intent data) { -- cgit v1.2.3