signed vs verified logic

This commit is contained in:
Sorunome 2020-05-27 17:37:14 +02:00
parent 8d75c2a0af
commit e4e4386178
No known key found for this signature in database
GPG key ID: B19471D07FC9BE9C
2 changed files with 14 additions and 22 deletions

View file

@ -149,25 +149,10 @@ class Client {
bool get fileEncryptionEnabled => true;
/// Wheather this session is unknown to others
bool get isUnknownSession {
if (!userDeviceKeys.containsKey(userID)) {
return true;
}
final masterKey = userDeviceKeys[userID].masterKey;
if (masterKey == null) {
return true;
}
if (!masterKey.directVerified) {
return true;
}
if (!userDeviceKeys[userID].deviceKeys.containsKey(deviceID)) {
return true;
}
if (!userDeviceKeys[userID].deviceKeys[deviceID].crossVerified) {
return true;
}
return false;
}
bool get isUnknownSession =>
!userDeviceKeys.containsKey(userID) ||
!userDeviceKeys[userID].deviceKeys.containsKey(deviceID) ||
!userDeviceKeys[userID].deviceKeys[deviceID].signed;
/// Warning! This endpoint is for testing only!
set rooms(List<Room> newList) {

View file

@ -140,6 +140,8 @@ abstract class SignedKey {
}
}
bool get signed => hasValidSignatureChain(verifiedOnly: false);
String get signingContent {
final data = Map<String, dynamic>.from(content);
// some old data might have the custom verified and blocked keys
@ -166,7 +168,7 @@ abstract class SignedKey {
return valid;
}
bool hasValidSignatureChain({Set<String> visited}) {
bool hasValidSignatureChain({bool verfiedOnly = true, Set<String> visited}) {
visited ??= <String>{};
final setKey = '${userId};${identifier}';
if (visited.contains(setKey)) {
@ -225,11 +227,16 @@ abstract class SignedKey {
continue;
}
if (key.directVerified) {
if ((verifiedOnly && key.directVerified) ||
(key is SignedKey &&
key.usage.includes('master') &&
key.directVerified &&
key.userId == client.userID)) {
return true; // we verified this key and it is valid...all checks out!
}
// or else we just recurse into that key and chack if it works out
final haveChain = key.hasValidSignatureChain(visited: visited);
final haveChain = key.hasValidSignatureChain(
verfiedOnly: verfiedOnly, visited: visited);
if (haveChain) {
return true;
}