From 6408bac2453656eff2e4d2633872cc707cb8786e Mon Sep 17 00:00:00 2001 From: Harsh Shandilya Date: Sun, 2 May 2021 19:04:20 +0530 Subject: [PATCH 1/4] OpenKeychain: add a test for TLD-less email Signed-off-by: Harsh Shandilya --- .../keychain/pgp/SplitUserIdTest.java | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/SplitUserIdTest.java b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/SplitUserIdTest.java index 8f8ca1337..015efde43 100644 --- a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/SplitUserIdTest.java +++ b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/SplitUserIdTest.java @@ -130,4 +130,12 @@ public class SplitUserIdTest { Assert.assertEquals("this is a comment", info.comment); } -} \ No newline at end of file + @Test + public void splitUserIdWithInvalidEmailShouldReturnEmail() { + OpenPgpUtils.UserId info = KeyRing.splitUserId("Name@LooksLike.Email "); + Assert.assertEquals("Name@LooksLike.Email", info.name); + Assert.assertEquals("Name@LooksLikeEmail", info.email); + Assert.assertNull(info.comment); + } + +} From 6b3368acb26a25d4fe4e30a88c447c64fb4e2bdb Mon Sep 17 00:00:00 2001 From: Harsh Shandilya Date: Sun, 2 May 2021 19:23:02 +0530 Subject: [PATCH 2/4] Update SplitUserIdTest.java --- .../sufficientlysecure/keychain/pgp/SplitUserIdTest.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/SplitUserIdTest.java b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/SplitUserIdTest.java index 015efde43..335be9825 100644 --- a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/SplitUserIdTest.java +++ b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/SplitUserIdTest.java @@ -131,10 +131,10 @@ public class SplitUserIdTest { } @Test - public void splitUserIdWithInvalidEmailShouldReturnEmail() { - OpenPgpUtils.UserId info = KeyRing.splitUserId("Name@LooksLike.Email "); - Assert.assertEquals("Name@LooksLike.Email", info.name); - Assert.assertEquals("Name@LooksLikeEmail", info.email); + public void splitUserIdWithEmailWithoutTldShouldReturnNameAndEmail() { + OpenPgpUtils.UserId info = KeyRing.splitUserId("Max Mustermann "); + Assert.assertEquals("Max Mustermann", info.name); + Assert.assertEquals("max@localhost", info.email); Assert.assertNull(info.comment); } From 6f38af15828e07f0186109a89b7aa57f54101cfa Mon Sep 17 00:00:00 2001 From: Vincent Breitmoser Date: Tue, 17 Aug 2021 11:27:37 +0200 Subject: [PATCH 3/4] Add note about maintenance mode to readme Both @dschuermann and myself no longer spend a lot of time on this project. Here's a brief summary of a blog post we never wrote: * All of OpenKeychain's UI is an anti-feature. * If the user is doing anything in OpenKeychain's UI, OpenPGP is still doing it wrong. * OpenKeychain shouldn't be an app, it should be a library. * Changing OpenKeychain into a library is more work than we are motivated to do in our free time. --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 86fac8808..9f7809e3e 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,7 @@ +**WARNING: This software is no longer actively developed.** +We will still apply security fixes where reported, and do basic maintenance work, but no new features or will be worked on. +We will try to consider and merge contributions where possible. + # OpenKeychain (for Android) OpenKeychain is an OpenPGP implementation for Android. From 8f9728cd60ccb7c9902453a6ce37a38d5154a3aa Mon Sep 17 00:00:00 2001 From: Peter Cai Date: Mon, 12 Dec 2022 18:27:40 -0500 Subject: [PATCH 4/4] Catch SecurityException from using a stale Tag object Applications are not supposed to be able to do any I/O using a stale Tag object. This was not checked in older Android versions, but enforced later since Android 13 (and possibly in Android 12L). When we are checking for a disconnected tag, the Tag object can become stale if the same tag (or another tag) gets rediscovered. In addition, if NfcService is restarted for some reason, the cookie value used to check for this will also be reset to 0. In any case, a SecurityException could be raised when checking for a disconnected tag, and we should be able to handle this case. --- .../ui/SecurityTokenOperationActivity.java | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java index b767f2465..de4db520f 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java @@ -331,12 +331,18 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenActivity { protected Void doInBackground(Void... params) { // check all 200ms if Security Token has been taken away while (true) { - if (stConnection.isConnected()) { - try { + try { + if (stConnection.isConnected()) { Thread.sleep(200); - } catch (InterruptedException ignored) { + } else { + return null; } - } else { + } catch (InterruptedException ignored) { + // Sleep interrupted; ignore + } catch (SecurityException ignored) { + // In newer version of Android, isConnected() can throw an SecurityException + // when the Tag object becomes "stale"; this simply means the tag has been removed + // (and possibly rediscovered), so we can safely break from here. return null; } }