Add sanity checks in verifyKeyAndStartSession

matrix-sdk/build.gradle

@@ -57,7 +57,7 @@ android {
                     def outputFile = output.outputFile
                     if (outputFile != null && outputFile.name.endsWith('.aar')) {
                         def fileName = outputFile.name.replace(".aar", "-${version}.aar")
-                        output.outputFile = new File("/Users/yannick_lecollen/riot-android/vector/libs", "matrix-sdk.aar")
+                        output.outputFile = new File(outputFile.parent, fileName)
                     }
                 }
             }

matrix-sdk/src/main/java/org/matrix/androidsdk/crypto/MXCrypto.java

@@ -1153,20 +1153,23 @@ private String verifyKeyAndStartSession(MXKey oneTimeKey, String userId, MXDevic
         String deviceId = deviceInfo.deviceId;
         String signKeyId = "ed25519:" + deviceId;
         String signature = oneTimeKey.signatureForUserId(userId, signKeyId);
-        StringBuffer error = new StringBuffer();
 
-        // Check one-time key signature
-        if (mOlmDevice.verifySignature(deviceInfo.fingerprint(), oneTimeKey.signalableJSONDictionary(), signature, error)) {
-            sessionId = getOlmDevice().createOutboundSession(deviceInfo.identityKey(), oneTimeKey.value);
+        if (!TextUtils.isEmpty(signature) && !TextUtils.isEmpty(deviceInfo.fingerprint())) {
+            StringBuffer error = new StringBuffer();
 
-            if (!TextUtils.isEmpty(sessionId)) {
-                Log.d(LOG_TAG, "## verifyKeyAndStartSession() : Started new sessionid " +  sessionId + " for device " + deviceInfo + "(theirOneTimeKey: " + oneTimeKey.value + ")");
+            // Check one-time key signature
+            if (mOlmDevice.verifySignature(deviceInfo.fingerprint(), oneTimeKey.signalableJSONDictionary(), signature, error)) {
+                sessionId = getOlmDevice().createOutboundSession(deviceInfo.identityKey(), oneTimeKey.value);
+
+                if (!TextUtils.isEmpty(sessionId)) {
+                    Log.d(LOG_TAG, "## verifyKeyAndStartSession() : Started new sessionid " + sessionId + " for device " + deviceInfo + "(theirOneTimeKey: " + oneTimeKey.value + ")");
+                } else {
+                    // Possibly a bad key
+                    Log.e(LOG_TAG, "## verifyKeyAndStartSession() : Error starting session with device " + userId + ":" + deviceId);
+                }
             } else {
-                // Possibly a bad key
-                Log.e(LOG_TAG, "## verifyKeyAndStartSession() : Error starting session with device " + userId + ":" + deviceId);
+                Log.e(LOG_TAG, "## verifyKeyAndStartSession() : Unable to verify signature on one-time key for device " + userId + ":" + deviceId + " Error " + error.toString());
             }
-        } else {
-            Log.e(LOG_TAG, "## verifyKeyAndStartSession() : Unable to verify signature on one-time key for device " + userId + ":" + deviceId + " Error " + error.toString());
         }
 
         return sessionId;