mirror of
https://github.com/pgpainless/pgpainless.git
synced 2024-11-23 12:52:07 +01:00
Check key flags on binding sig to determine if backsig is required
This commit is contained in:
parent
e7ed0f76a3
commit
5422468d73
1 changed files with 11 additions and 0 deletions
|
@ -24,6 +24,7 @@ import java.util.List;
|
|||
import java.util.Map;
|
||||
import java.util.concurrent.ConcurrentHashMap;
|
||||
|
||||
import org.bouncycastle.bcpg.sig.KeyFlags;
|
||||
import org.bouncycastle.bcpg.sig.NotationData;
|
||||
import org.bouncycastle.bcpg.sig.SignatureCreationTime;
|
||||
import org.bouncycastle.openpgp.PGPException;
|
||||
|
@ -33,6 +34,7 @@ import org.bouncycastle.openpgp.PGPSignatureList;
|
|||
import org.bouncycastle.openpgp.PGPSignatureSubpacketVector;
|
||||
import org.bouncycastle.openpgp.PGPUserAttributeSubpacketVector;
|
||||
import org.pgpainless.algorithm.HashAlgorithm;
|
||||
import org.pgpainless.algorithm.KeyFlag;
|
||||
import org.pgpainless.algorithm.PublicKeyAlgorithm;
|
||||
import org.pgpainless.algorithm.SignatureSubpacket;
|
||||
import org.pgpainless.algorithm.SignatureType;
|
||||
|
@ -493,6 +495,15 @@ public abstract class SignatureValidator {
|
|||
return;
|
||||
}
|
||||
|
||||
KeyFlags keyFlags = SignatureSubpacketsUtil.getKeyFlags(signature);
|
||||
if (keyFlags == null) {
|
||||
return;
|
||||
}
|
||||
if (!KeyFlag.hasKeyFlag(keyFlags.getFlags(), KeyFlag.SIGN_DATA)
|
||||
&& !KeyFlag.hasKeyFlag(keyFlags.getFlags(), KeyFlag.CERTIFY_OTHER)) {
|
||||
return;
|
||||
}
|
||||
|
||||
try {
|
||||
PGPSignatureList embeddedSignatures = SignatureSubpacketsUtil.getEmbeddedSignature(signature);
|
||||
boolean hasValidPrimaryKeyBinding = false;
|
||||
|
|
Loading…
Reference in a new issue