From 3d633cb2d04e6b6bf58af77d440333cb23ddde46 Mon Sep 17 00:00:00 2001
From: ylecollen <ylecollen@amdocs.com>
Date: Thu, 5 Jan 2017 10:02:30 +0100
Subject: [PATCH] Add sanity checks in verifyKeyAndStartSession

---
 matrix-sdk/build.gradle                       |  2 +-
 .../matrix/androidsdk/crypto/MXCrypto.java    | 23 +++++++++++--------
 2 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/matrix-sdk/build.gradle b/matrix-sdk/build.gradle
index 2a5960be2..bc4851817 100644
--- a/matrix-sdk/build.gradle
+++ b/matrix-sdk/build.gradle
@@ -57,7 +57,7 @@ android {
                     def outputFile = output.outputFile
                     if (outputFile != null && outputFile.name.endsWith('.aar')) {
                         def fileName = outputFile.name.replace(".aar", "-${version}.aar")
-                        output.outputFile = new File("/Users/yannick_lecollen/riot-android/vector/libs", "matrix-sdk.aar")
+                        output.outputFile = new File(outputFile.parent, fileName)
                     }
                 }
             }
diff --git a/matrix-sdk/src/main/java/org/matrix/androidsdk/crypto/MXCrypto.java b/matrix-sdk/src/main/java/org/matrix/androidsdk/crypto/MXCrypto.java
index 8ff32bebe..24f47680b 100755
--- a/matrix-sdk/src/main/java/org/matrix/androidsdk/crypto/MXCrypto.java
+++ b/matrix-sdk/src/main/java/org/matrix/androidsdk/crypto/MXCrypto.java
@@ -1153,20 +1153,23 @@ private String verifyKeyAndStartSession(MXKey oneTimeKey, String userId, MXDevic
         String deviceId = deviceInfo.deviceId;
         String signKeyId = "ed25519:" + deviceId;
         String signature = oneTimeKey.signatureForUserId(userId, signKeyId);
-        StringBuffer error = new StringBuffer();
 
-        // Check one-time key signature
-        if (mOlmDevice.verifySignature(deviceInfo.fingerprint(), oneTimeKey.signalableJSONDictionary(), signature, error)) {
-            sessionId = getOlmDevice().createOutboundSession(deviceInfo.identityKey(), oneTimeKey.value);
+        if (!TextUtils.isEmpty(signature) && !TextUtils.isEmpty(deviceInfo.fingerprint())) {
+            StringBuffer error = new StringBuffer();
 
-            if (!TextUtils.isEmpty(sessionId)) {
-                Log.d(LOG_TAG, "## verifyKeyAndStartSession() : Started new sessionid " +  sessionId + " for device " + deviceInfo + "(theirOneTimeKey: " + oneTimeKey.value + ")");
+            // Check one-time key signature
+            if (mOlmDevice.verifySignature(deviceInfo.fingerprint(), oneTimeKey.signalableJSONDictionary(), signature, error)) {
+                sessionId = getOlmDevice().createOutboundSession(deviceInfo.identityKey(), oneTimeKey.value);
+
+                if (!TextUtils.isEmpty(sessionId)) {
+                    Log.d(LOG_TAG, "## verifyKeyAndStartSession() : Started new sessionid " + sessionId + " for device " + deviceInfo + "(theirOneTimeKey: " + oneTimeKey.value + ")");
+                } else {
+                    // Possibly a bad key
+                    Log.e(LOG_TAG, "## verifyKeyAndStartSession() : Error starting session with device " + userId + ":" + deviceId);
+                }
             } else {
-                // Possibly a bad key
-                Log.e(LOG_TAG, "## verifyKeyAndStartSession() : Error starting session with device " + userId + ":" + deviceId);
+                Log.e(LOG_TAG, "## verifyKeyAndStartSession() : Unable to verify signature on one-time key for device " + userId + ":" + deviceId + " Error " + error.toString());
             }
-        } else {
-            Log.e(LOG_TAG, "## verifyKeyAndStartSession() : Unable to verify signature on one-time key for device " + userId + ":" + deviceId + " Error " + error.toString());
         }
 
         return sessionId;