add config variable to enable x509 verification
This commit is contained in:
parent
933538a39d
commit
212d1a8c91
|
@ -48,6 +48,8 @@ public final class Config {
|
||||||
|
|
||||||
public static final boolean SHOW_REGENERATE_AXOLOTL_KEYS_BUTTON = false;
|
public static final boolean SHOW_REGENERATE_AXOLOTL_KEYS_BUTTON = false;
|
||||||
|
|
||||||
|
public static final boolean X509_VERIFICATION = false; //use x509 certificates to verify OMEMO keys
|
||||||
|
|
||||||
public static final long MILLISECONDS_IN_DAY = 24 * 60 * 60 * 1000;
|
public static final long MILLISECONDS_IN_DAY = 24 * 60 * 60 * 1000;
|
||||||
public static final long MAM_MAX_CATCHUP = MILLISECONDS_IN_DAY / 2;
|
public static final long MAM_MAX_CATCHUP = MILLISECONDS_IN_DAY / 2;
|
||||||
public static final int MAM_MAX_MESSAGES = 500;
|
public static final int MAM_MAX_MESSAGES = 500;
|
||||||
|
|
|
@ -504,10 +504,10 @@ public class AxolotlService {
|
||||||
|
|
||||||
|
|
||||||
if (changed) {
|
if (changed) {
|
||||||
if (account.getPrivateKeyAlias() == null) {
|
if (account.getPrivateKeyAlias() != null && Config.X509_VERIFICATION) {
|
||||||
publishDeviceBundle(signedPreKeyRecord, preKeyRecords, announce, wipe);
|
|
||||||
} else {
|
|
||||||
publishDeviceVerificationAndBundle(signedPreKeyRecord, preKeyRecords, announce, wipe);
|
publishDeviceVerificationAndBundle(signedPreKeyRecord, preKeyRecords, announce, wipe);
|
||||||
|
} else {
|
||||||
|
publishDeviceBundle(signedPreKeyRecord, preKeyRecords, announce, wipe);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
Log.d(Config.LOGTAG, getLogprefix(account) + "Bundle " + getOwnDeviceId() + " in PEP was current");
|
Log.d(Config.LOGTAG, getLogprefix(account) + "Bundle " + getOwnDeviceId() + " in PEP was current");
|
||||||
|
|
|
@ -1311,25 +1311,18 @@ public class XmppConnectionService extends Service implements OnPhoneContactsLoa
|
||||||
account.setOption(Account.OPTION_DISABLED, true);
|
account.setOption(Account.OPTION_DISABLED, true);
|
||||||
createAccount(account);
|
createAccount(account);
|
||||||
callback.onAccountCreated(account);
|
callback.onAccountCreated(account);
|
||||||
try {
|
if (Config.X509_VERIFICATION) {
|
||||||
getMemorizingTrustManager().getNonInteractive().checkClientTrusted(chain, "RSA");
|
try {
|
||||||
} catch (CertificateException e) {
|
getMemorizingTrustManager().getNonInteractive().checkClientTrusted(chain, "RSA");
|
||||||
callback.informUser(R.string.certificate_chain_is_not_trusted);
|
} catch (CertificateException e) {
|
||||||
|
callback.informUser(R.string.certificate_chain_is_not_trusted);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
callback.informUser(R.string.account_already_exists);
|
callback.informUser(R.string.account_already_exists);
|
||||||
}
|
}
|
||||||
} catch (KeyChainException e) {
|
} catch (Exception e) {
|
||||||
callback.informUser(R.string.unable_to_parse_certificate);
|
callback.informUser(R.string.unable_to_parse_certificate);
|
||||||
} catch (InterruptedException e) {
|
|
||||||
callback.informUser(R.string.unable_to_parse_certificate);
|
|
||||||
e.printStackTrace();
|
|
||||||
} catch (CertificateEncodingException e) {
|
|
||||||
callback.informUser(R.string.unable_to_parse_certificate);
|
|
||||||
e.printStackTrace();
|
|
||||||
} catch (InvalidJidException e) {
|
|
||||||
callback.informUser(R.string.unable_to_parse_certificate);
|
|
||||||
e.printStackTrace();
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}).start();
|
}).start();
|
||||||
|
@ -1344,12 +1337,14 @@ public class XmppConnectionService extends Service implements OnPhoneContactsLoa
|
||||||
if (account.getJid().toBareJid().equals(info.first)) {
|
if (account.getJid().toBareJid().equals(info.first)) {
|
||||||
account.setPrivateKeyAlias(alias);
|
account.setPrivateKeyAlias(alias);
|
||||||
databaseBackend.updateAccount(account);
|
databaseBackend.updateAccount(account);
|
||||||
try {
|
if (Config.X509_VERIFICATION) {
|
||||||
getMemorizingTrustManager().getNonInteractive().checkClientTrusted(chain, "RSA");
|
try {
|
||||||
} catch (CertificateException e) {
|
getMemorizingTrustManager().getNonInteractive().checkClientTrusted(chain, "RSA");
|
||||||
showErrorToastInUi(R.string.certificate_chain_is_not_trusted);
|
} catch (CertificateException e) {
|
||||||
|
showErrorToastInUi(R.string.certificate_chain_is_not_trusted);
|
||||||
|
}
|
||||||
|
account.getAxolotlService().regenerateKeys(true);
|
||||||
}
|
}
|
||||||
account.getAxolotlService().regenerateKeys(true);
|
|
||||||
} else {
|
} else {
|
||||||
showErrorToastInUi(R.string.jid_does_not_match_certificate);
|
showErrorToastInUi(R.string.jid_does_not_match_certificate);
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,7 +7,6 @@ import android.content.Intent;
|
||||||
import android.os.Bundle;
|
import android.os.Bundle;
|
||||||
import android.security.KeyChain;
|
import android.security.KeyChain;
|
||||||
import android.security.KeyChainAliasCallback;
|
import android.security.KeyChainAliasCallback;
|
||||||
import android.util.Log;
|
|
||||||
import android.view.ContextMenu;
|
import android.view.ContextMenu;
|
||||||
import android.view.ContextMenu.ContextMenuInfo;
|
import android.view.ContextMenu.ContextMenuInfo;
|
||||||
import android.view.Menu;
|
import android.view.Menu;
|
||||||
|
@ -103,6 +102,14 @@ public class ManageAccountActivity extends XmppActivity implements OnAccountUpda
|
||||||
public boolean onCreateOptionsMenu(Menu menu) {
|
public boolean onCreateOptionsMenu(Menu menu) {
|
||||||
getMenuInflater().inflate(R.menu.manageaccounts, menu);
|
getMenuInflater().inflate(R.menu.manageaccounts, menu);
|
||||||
MenuItem enableAll = menu.findItem(R.id.action_enable_all);
|
MenuItem enableAll = menu.findItem(R.id.action_enable_all);
|
||||||
|
MenuItem addAccount = menu.findItem(R.id.action_add_account);
|
||||||
|
MenuItem addAccountWithCertificate = menu.findItem(R.id.action_add_account_with_cert);
|
||||||
|
|
||||||
|
if (Config.X509_VERIFICATION) {
|
||||||
|
addAccount.setVisible(false);
|
||||||
|
addAccountWithCertificate.setShowAsAction(MenuItem.SHOW_AS_ACTION_ALWAYS);
|
||||||
|
}
|
||||||
|
|
||||||
if (!accountsLeftToEnable()) {
|
if (!accountsLeftToEnable()) {
|
||||||
enableAll.setVisible(false);
|
enableAll.setVisible(false);
|
||||||
}
|
}
|
||||||
|
@ -149,7 +156,7 @@ public class ManageAccountActivity extends XmppActivity implements OnAccountUpda
|
||||||
case R.id.action_enable_all:
|
case R.id.action_enable_all:
|
||||||
enableAllAccounts();
|
enableAllAccounts();
|
||||||
break;
|
break;
|
||||||
case R.id.action_add_account_from_key:
|
case R.id.action_add_account_with_cert:
|
||||||
addAccountFromKey();
|
addAccountFromKey();
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
|
|
|
@ -7,10 +7,10 @@
|
||||||
android:showAsAction="always"
|
android:showAsAction="always"
|
||||||
android:title="@string/action_add_account"/>
|
android:title="@string/action_add_account"/>
|
||||||
<item
|
<item
|
||||||
android:id="@+id/action_add_account_from_key"
|
android:id="@+id/action_add_account_with_cert"
|
||||||
android:showAsAction="never"
|
android:showAsAction="never"
|
||||||
android:icon="?attr/icon_add_person"
|
android:icon="?attr/icon_add_person"
|
||||||
android:title="@string/action_add_account_from_key"
|
android:title="@string/action_add_account_with_certificate"
|
||||||
android:visible="true"/>
|
android:visible="true"/>
|
||||||
<item
|
<item
|
||||||
android:id="@+id/action_enable_all"
|
android:id="@+id/action_enable_all"
|
||||||
|
|
|
@ -524,7 +524,7 @@
|
||||||
<string name="pref_away_when_screen_off_summary">Marks your resource as away when the screen is turned off</string>
|
<string name="pref_away_when_screen_off_summary">Marks your resource as away when the screen is turned off</string>
|
||||||
<string name="pref_xa_on_silent_mode">Not available in silent mode</string>
|
<string name="pref_xa_on_silent_mode">Not available in silent mode</string>
|
||||||
<string name="pref_xa_on_silent_mode_summary">Marks your resource as not available when phone is in silent mode</string>
|
<string name="pref_xa_on_silent_mode_summary">Marks your resource as not available when phone is in silent mode</string>
|
||||||
<string name="action_add_account_from_key">Add account from certificate</string>
|
<string name="action_add_account_with_certificate">Add account with certificate</string>
|
||||||
<string name="unable_to_parse_certificate">Unable to parse certificate</string>
|
<string name="unable_to_parse_certificate">Unable to parse certificate</string>
|
||||||
<string name="authenticate_with_certificate">Leave empty to authenticate w/ certificate</string>
|
<string name="authenticate_with_certificate">Leave empty to authenticate w/ certificate</string>
|
||||||
<string name="captcha_ocr">Captcha text</string>
|
<string name="captcha_ocr">Captcha text</string>
|
||||||
|
|
Loading…
Reference in a new issue