open-keychain/src/org/thialfihar/android/apg/SignKeyActivity.java

package org.thialfihar.android.apg;

import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.util.Iterator;

import org.spongycastle.jce.provider.BouncyCastleProvider;
import org.spongycastle.openpgp.PGPException;
import org.spongycastle.openpgp.PGPPrivateKey;
import org.spongycastle.openpgp.PGPPublicKey;
import org.spongycastle.openpgp.PGPPublicKeyRing;
import org.spongycastle.openpgp.PGPSecretKey;
import org.spongycastle.openpgp.PGPSignature;
import org.spongycastle.openpgp.PGPSignatureGenerator;
import org.spongycastle.openpgp.PGPSignatureSubpacketGenerator;
import org.spongycastle.openpgp.PGPSignatureSubpacketVector;
import org.spongycastle.openpgp.PGPUtil;

import android.content.Intent;
import android.os.Bundle;
import android.os.Message;
import android.util.Log;
import android.view.View;
import android.view.View.OnClickListener;
import android.widget.ArrayAdapter;
import android.widget.Button;
import android.widget.CheckBox;
import android.widget.CompoundButton;
import android.widget.CompoundButton.OnCheckedChangeListener;
import android.widget.Spinner;
import android.widget.Toast;

/**
 * gpg --sign-key
 * 
 * signs the specified public key with the specified secret master key
 */
public class SignKeyActivity extends BaseActivity {
    private static final String TAG = "SignKeyActivity";

    private long pubKeyId = 0;
    private long masterKeyId = 0;
    
    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);

        // check we havent already signed it
        setContentView(R.layout.sign_key_layout);

        final Spinner keyServer = (Spinner) findViewById(R.id.keyServer);
        ArrayAdapter<String> adapter = new ArrayAdapter<String>(this, android.R.layout.simple_spinner_item, mPreferences.getKeyServers());
        adapter.setDropDownViewResource(android.R.layout.simple_spinner_dropdown_item);
        keyServer.setAdapter(adapter);

        final CheckBox sendKey = (CheckBox) findViewById(R.id.sendKey);
        if (!sendKey.isChecked()) {
            keyServer.setEnabled(false);
        } else {
            keyServer.setEnabled(true);
        }

        sendKey.setOnCheckedChangeListener(new OnCheckedChangeListener() {

            @Override
            public void onCheckedChanged(CompoundButton buttonView, boolean isChecked) {
                if (!isChecked) {
                    keyServer.setEnabled(false);
                } else {
                    keyServer.setEnabled(true);
                }
            }
        });

        Button sign = (Button) findViewById(R.id.sign);
        sign.setEnabled(false); // disabled until the user selects a key to sign with
        sign.setOnClickListener(new OnClickListener() {

            @Override
            public void onClick(View v) {
                if (pubKeyId != 0) {
                    initiateSigning();
                }
            }
        });
        
        pubKeyId = getIntent().getLongExtra(Apg.EXTRA_KEY_ID, 0);
        if (pubKeyId == 0) {
            finish(); // nothing to do if we dont know what key to sign
        } else {
            // kick off the SecretKey selection activity so the user chooses which key to sign with first
            Intent intent = new Intent(this, SelectSecretKeyListActivity.class);
            startActivityForResult(intent, Id.request.secret_keys);
        }
    }

    /**
     * handles the UI bits of the signing process on the UI thread
     */
    private void initiateSigning() {
        PGPPublicKeyRing pubring = Apg.getPublicKeyRing(pubKeyId);
        if (pubring != null) {
            // if we have already signed this key, dont bother doing it again
            boolean alreadySigned = false;
    
            @SuppressWarnings("unchecked")
            Iterator<PGPSignature> itr = pubring.getPublicKey(pubKeyId).getSignatures();
            while (itr.hasNext()) {
                PGPSignature sig = itr.next();
                if (sig.getKeyID() == masterKeyId) {
                    alreadySigned = true;
                    break;
                }
            }
    
            if (!alreadySigned) {
                /*
                 * get the user's passphrase for this key (if required)
                 */
                String passphrase = Apg.getCachedPassPhrase(masterKeyId);
                if (passphrase == null) {
                    showDialog(Id.dialog.pass_phrase);
                    return; // bail out; need to wait until the user has entered the passphrase before trying again
                } else {
                    startSigning();
                }
            } else {
                final Bundle status = new Bundle();
                Message msg = new Message();

                status.putString(Apg.EXTRA_ERROR, "Key has already been signed");

                status.putInt(Constants.extras.status, Id.message.done);
                
                msg.setData(status);
                sendMessage(msg);
                
                setResult(Id.return_value.error);
                finish();
            }
        }
    }
    
    @Override
    public long getSecretKeyId() {
        return masterKeyId;
    }
    
    @Override
    public void passPhraseCallback(long keyId, String passPhrase) {
        super.passPhraseCallback(keyId, passPhrase);
        startSigning();
    }
    
    /**
     * kicks off the actual signing process on a background thread
     */
    private void startSigning() {
        showDialog(Id.dialog.signing);
        startThread();
    }
    
    @Override
    public void run() {
        final Bundle status = new Bundle();
        Message msg = new Message();

        try {
            String passphrase = Apg.getCachedPassPhrase(masterKeyId);
            if (passphrase == null || passphrase.length() <= 0) {
                status.putString(Apg.EXTRA_ERROR, "Unable to obtain passphrase");
            } else {
                PGPPublicKeyRing pubring = Apg.getPublicKeyRing(pubKeyId);
                
                /*
                 * sign the incoming key
                 */
                PGPSecretKey secretKey = Apg.getSecretKey(masterKeyId);
                PGPPrivateKey signingKey = secretKey.extractPrivateKey(passphrase.toCharArray(), BouncyCastleProvider.PROVIDER_NAME);
                PGPSignatureGenerator sGen = new PGPSignatureGenerator(secretKey.getPublicKey().getAlgorithm(), PGPUtil.SHA256, BouncyCastleProvider.PROVIDER_NAME);
                sGen.initSign(PGPSignature.DIRECT_KEY, signingKey);
    
                PGPSignatureSubpacketGenerator spGen = new PGPSignatureSubpacketGenerator();
    
                PGPSignatureSubpacketVector packetVector = spGen.generate();
                sGen.setHashedSubpackets(packetVector);
    
                PGPPublicKey signedKey = PGPPublicKey.addCertification(pubring.getPublicKey(pubKeyId), sGen.generate());
                pubring = PGPPublicKeyRing.insertPublicKey(pubring, signedKey);
    
                // check if we need to send the key to the server or not
                CheckBox sendKey = (CheckBox) findViewById(R.id.sendKey);
                if (sendKey.isChecked()) {
                    Spinner keyServer = (Spinner) findViewById(R.id.keyServer);
                    HkpKeyServer server = new HkpKeyServer((String) keyServer.getSelectedItem());
    
                    /*
                     * upload the newly signed key to the key server
                     */
    
                    Apg.uploadKeyRingToServer(server, pubring);
                }
    
                // store the signed key in our local cache
                int retval = Apg.storeKeyRingInCache(pubring);
                if (retval != Id.return_value.ok && retval != Id.return_value.updated) {
                    status.putString(Apg.EXTRA_ERROR, "Failed to store signed key in local cache");
                }
            }
        } catch (PGPException e) {
            Log.e(TAG, "Failed to sign key", e);
            status.putString(Apg.EXTRA_ERROR, "Failed to sign key");
            status.putInt(Constants.extras.status, Id.message.done);
            return;
        } catch (NoSuchAlgorithmException e) {
            Log.e(TAG, "Failed to sign key", e);
            status.putString(Apg.EXTRA_ERROR, "Failed to sign key");
            status.putInt(Constants.extras.status, Id.message.done);
            return;
        } catch (NoSuchProviderException e) {
            Log.e(TAG, "Failed to sign key", e);
            status.putString(Apg.EXTRA_ERROR, "Failed to sign key");
            status.putInt(Constants.extras.status, Id.message.done);
            return;
        } catch (SignatureException e) {
            Log.e(TAG, "Failed to sign key", e);
            status.putString(Apg.EXTRA_ERROR, "Failed to sign key");
            status.putInt(Constants.extras.status, Id.message.done);
            return;
        }
        
        status.putInt(Constants.extras.status, Id.message.done);
        
        msg.setData(status);
        sendMessage(msg);
        
        if (status.containsKey(Apg.EXTRA_ERROR)) {
            setResult(Id.return_value.error);
        } else {
            setResult(Id.return_value.ok);
        }
        
        finish();
    }
    
    @Override
    protected void onActivityResult(int requestCode, int resultCode, Intent data) {
        switch (requestCode) {
            case Id.request.secret_keys: {
                if (resultCode == RESULT_OK) {
                    masterKeyId = data.getLongExtra(Apg.EXTRA_KEY_ID, 0);
                    
                    // re-enable the sign button so the user can initiate the sign process
                    Button sign = (Button) findViewById(R.id.sign);
                    sign.setEnabled(true);
                }
                
                break;
            }
            
            default: {
                super.onActivityResult(requestCode, resultCode, data);
            }
        }
    }
    
    @Override
    public void doneCallback(Message msg) {
        super.doneCallback(msg);
        
        removeDialog(Id.dialog.signing);

        Bundle data = msg.getData();
        String error = data.getString(Apg.EXTRA_ERROR);
        if (error != null) {
            Toast.makeText(this, getString(R.string.errorMessage, error), Toast.LENGTH_SHORT).show();
            return;
        }

        Toast.makeText(this, R.string.keySignSuccess, Toast.LENGTH_SHORT).show();
        finish();
    }
}