mirror of
https://github.com/pgpainless/pgpainless.git
synced 2024-12-25 04:17:59 +01:00
WIP: Fix fake signature issuer test
This commit is contained in:
parent
218d7becae
commit
c39d5a09ce
2 changed files with 47 additions and 12 deletions
|
@ -59,13 +59,23 @@ public abstract class SignatureValidator {
|
|||
public void verify(PGPSignature signature) throws SignatureValidationException {
|
||||
OpenPgpFingerprint signingKeyFingerprint = OpenPgpFingerprint.of(signingKey);
|
||||
|
||||
Long issuer = SignatureSubpacketsUtil.getIssuerKeyIdAsLong(signature);
|
||||
if (issuer != null) {
|
||||
if (issuer != signingKey.getKeyID()) {
|
||||
throw new SignatureValidationException("Signature was not created by " + signingKeyFingerprint + " (signature issuer: " + Long.toHexString(issuer) + ")");
|
||||
List<Long> issuers = SignatureSubpacketsUtil.getIssuerKeyIdsAsLongs(signature);
|
||||
boolean match = false;
|
||||
for (Long issuer : issuers) {
|
||||
if (issuer == 0L || issuer == signingKey.getKeyID()) {
|
||||
match = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (!match) {
|
||||
String[] hex = new String[issuers.size()];
|
||||
for (int i = 0; i < hex.length; i++) {
|
||||
hex[i] = Long.toHexString(issuers.get(i));
|
||||
}
|
||||
throw new SignatureValidationException("Signature was not created by " + signingKeyFingerprint + " (signature issuers: " + Arrays.toString(hex) + ")");
|
||||
}
|
||||
|
||||
OpenPgpFingerprint fingerprint = SignatureSubpacketsUtil.getIssuerFingerprintAsOpenPgpFingerprint(signature);
|
||||
if (fingerprint != null) {
|
||||
if (!fingerprint.equals(signingKeyFingerprint)) {
|
||||
|
|
|
@ -93,6 +93,21 @@ public final class SignatureSubpacketsUtil {
|
|||
return fingerprint;
|
||||
}
|
||||
|
||||
public static List<IssuerKeyID> getIssuerKeyIds(PGPSignature signature) {
|
||||
List<IssuerKeyID> keyIds = getSignatureSubpackets(signature.getHashedSubPackets(), SignatureSubpacket.issuerKeyId);
|
||||
keyIds.addAll(getSignatureSubpackets(signature.getUnhashedSubPackets(), SignatureSubpacket.issuerKeyId));
|
||||
return keyIds;
|
||||
}
|
||||
|
||||
public static List<Long> getIssuerKeyIdsAsLongs(PGPSignature signature) {
|
||||
List<IssuerKeyID> keyIds = getIssuerKeyIds(signature);
|
||||
List<Long> longs = new ArrayList<>();
|
||||
for (IssuerKeyID keyID : keyIds) {
|
||||
longs.add(keyID.getKeyID());
|
||||
}
|
||||
return longs;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the issuer key-id subpacket of the signature.
|
||||
* Since this packet is self-authenticating, we expect it to be in the unhashed area,
|
||||
|
@ -577,6 +592,16 @@ public final class SignatureSubpacketsUtil {
|
|||
return hashedSubpacket != null ? hashedSubpacket : unhashed(signature, type);
|
||||
}
|
||||
|
||||
public static <P extends org.bouncycastle.bcpg.SignatureSubpacket> List<P> getSignatureSubpackets(
|
||||
PGPSignatureSubpacketVector vector, SignatureSubpacket type) {
|
||||
List<P> subpackets = new ArrayList<>();
|
||||
org.bouncycastle.bcpg.SignatureSubpacket[] fromVector = vector.getSubpackets(type.getCode());
|
||||
for (org.bouncycastle.bcpg.SignatureSubpacket p : fromVector) {
|
||||
subpackets.add((P) p);
|
||||
}
|
||||
return subpackets;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the last occurrence of a subpacket type in the given signature subpacket vector.
|
||||
*
|
||||
|
|
Loading…
Reference in a new issue