From 7769ff817372c99164012151e040c277eb385b99 Mon Sep 17 00:00:00 2001
From: Paul Schaub <vanitasvitae@fsfe.org>
Date: Tue, 6 Jun 2023 11:00:44 +0200
Subject: [PATCH] Direct-Key signatures are calculated over the signee only,
 not the signer plus signee

---
 .../builder/ThirdPartyDirectKeySignatureBuilder.java        | 6 +-----
 .../pgpainless/signature/consumer/SignatureValidator.java   | 6 +++---
 2 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/pgpainless-core/src/main/java/org/pgpainless/signature/builder/ThirdPartyDirectKeySignatureBuilder.java b/pgpainless-core/src/main/java/org/pgpainless/signature/builder/ThirdPartyDirectKeySignatureBuilder.java
index dd720bce..51a14052 100644
--- a/pgpainless-core/src/main/java/org/pgpainless/signature/builder/ThirdPartyDirectKeySignatureBuilder.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/signature/builder/ThirdPartyDirectKeySignatureBuilder.java
@@ -43,11 +43,7 @@ public class ThirdPartyDirectKeySignatureBuilder extends AbstractSignatureBuilde
 
     public PGPSignature build(PGPPublicKey key) throws PGPException {
         PGPSignatureGenerator signatureGenerator = buildAndInitSignatureGenerator();
-        if (key.getKeyID() != publicSigningKey.getKeyID()) {
-            return signatureGenerator.generateCertification(publicSigningKey, key);
-        } else {
-            return signatureGenerator.generateCertification(key);
-        }
+        return signatureGenerator.generateCertification(key);
     }
 
     @Override
diff --git a/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignatureValidator.java b/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignatureValidator.java
index 096bb5ee..27f99499 100644
--- a/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignatureValidator.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignatureValidator.java
@@ -546,10 +546,10 @@ public abstract class SignatureValidator {
                 try {
                     signature.init(ImplementationFactory.getInstance().getPGPContentVerifierBuilderProvider(), signer);
                     boolean valid;
-                    if (signer.getKeyID() != signee.getKeyID()) {
-                        valid = signature.verifyCertification(signer, signee);
-                    } else {
+                    if (signer.getKeyID() == signee.getKeyID() || signature.getSignatureType() == PGPSignature.DIRECT_KEY) {
                         valid = signature.verifyCertification(signee);
+                    } else {
+                        valid = signature.verifyCertification(signer, signee);
                     }
                     if (!valid) {
                         throw new SignatureValidationException("Signature is not correct.");