1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2025-01-24 19:06:24 +01:00

Fix fingerprint comparison

This commit is contained in:
Paul Schaub 2024-09-16 14:12:33 +02:00
parent 4ce25bbe8c
commit e514cf752d
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
5 changed files with 15 additions and 15 deletions

View file

@ -60,7 +60,7 @@ fun PGPKeyRing.requirePublicKey(fingerprint: OpenPgpFingerprint): PGPPublicKey =
* subpacket to identify the [PGPPublicKey] via its key-ID.
*/
fun PGPKeyRing.getPublicKeyFor(signature: PGPSignature): PGPPublicKey? =
signature.fingerprint?.let { this.getPublicKey(it) } ?: this.getPublicKey(signature.keyID)
signature.pgpFingerprint?.let { this.getPublicKey(it) } ?: this.getPublicKey(signature.keyID)
/** Return the [PGPPublicKey] that matches the key-ID of the given [PGPOnePassSignature] packet. */
fun PGPKeyRing.getPublicKeyFor(onePassSignature: PGPOnePassSignature): PGPPublicKey? =

View file

@ -66,13 +66,13 @@ fun PGPSecretKeyRing.requireSecretKey(fingerprint: OpenPgpFingerprint): PGPSecre
* subpacket to identify the [PGPSecretKey] via its key-ID.
*/
fun PGPSecretKeyRing.getSecretKeyFor(signature: PGPSignature): PGPSecretKey? =
signature.fingerprint?.let { this.getSecretKey(it) } ?: this.getSecretKey(signature.keyID)
signature.pgpFingerprint?.let { this.getSecretKey(it) } ?: this.getSecretKey(signature.keyID)
/** Return the [PGPSecretKey] that matches the key-ID of the given [PGPOnePassSignature] packet. */
fun PGPSecretKeyRing.getSecretKeyFor(onePassSignature: PGPOnePassSignature): PGPSecretKey? =
when (onePassSignature.version) {
3 -> this.getSecretKey(onePassSignature.keyID)
6 -> this.getSecretKey(onePassSignature.fingerprint)
3,
6 -> this.getSecretKey(onePassSignature.keyIdentifier)
else ->
throw NotImplementedError(
"Version ${onePassSignature.version} OPSs are not yet supported.")
@ -80,7 +80,7 @@ fun PGPSecretKeyRing.getSecretKeyFor(onePassSignature: PGPOnePassSignature): PGP
fun PGPSecretKeyRing.getSecretKeyFor(pkesk: PGPPublicKeyEncryptedData): PGPSecretKey? =
when (pkesk.version) {
3 -> this.getSecretKey(pkesk.keyID)
6 -> this.getSecretKey(pkesk.fingerprint)
3,
6 -> this.getSecretKey(pkesk.keyIdentifier)
else -> throw NotImplementedError("Version ${pkesk.version} PKESKs are not yet supported.")
}

View file

@ -50,13 +50,13 @@ val PGPSignature.issuerKeyId: Long
SignatureSubpacketsUtil.getIssuerKeyIdAsLong(this)?.let {
if (it != 0L) it else null
}
?: fingerprint?.keyId ?: 0L
?: pgpFingerprint?.keyId ?: 0L
}
}
/** Return true, if the signature was likely issued by a key with the given fingerprint. */
fun PGPSignature.wasIssuedBy(fingerprint: OpenPgpFingerprint): Boolean =
this.fingerprint?.let { it.keyId == fingerprint.keyId } ?: (keyID == fingerprint.keyId)
this.pgpFingerprint?.let { it.keyId == fingerprint.keyId } ?: (keyID == fingerprint.keyId)
/**
* Return true, if the signature was likely issued by a key with the given fingerprint.
@ -94,7 +94,7 @@ fun PGPSignature?.toRevocationState() =
else if (isHardRevocation) RevocationState.hardRevoked()
else RevocationState.softRevoked(creationTime)
val PGPSignature.fingerprint: OpenPgpFingerprint?
val PGPSignature.pgpFingerprint: OpenPgpFingerprint?
get() = SignatureSubpacketsUtil.getIssuerFingerprintAsOpenPgpFingerprint(this)
val PGPSignature.publicKeyAlgorithm: PublicKeyAlgorithm

View file

@ -684,7 +684,7 @@ class OpenPgpMessageInputStream(
PGPainless.inspectKeyRing(it).decryptionSubkeys.any { subkey ->
when (pkesk.version) {
3 -> pkesk.keyID == subkey.keyID
6 -> pkesk.fingerprint.contentEquals(subkey.fingerprint)
6 -> pkesk.keyIdentifier.fingerprint.contentEquals(subkey.fingerprint)
else -> false
}
}
@ -696,7 +696,7 @@ class OpenPgpMessageInputStream(
PGPainless.inspectKeyRing(it).decryptionSubkeys.any { subkey ->
when (pkesk.version) {
3 -> pkesk.keyID == subkey.keyID
6 -> pkesk.fingerprint.contentEquals(subkey.fingerprint)
6 -> pkesk.keyIdentifier.fingerprint.contentEquals(subkey.fingerprint)
else -> false
}
}

View file

@ -15,9 +15,9 @@ import org.bouncycastle.openpgp.PGPUserAttributeSubpacketVector
import org.pgpainless.algorithm.KeyFlag
import org.pgpainless.algorithm.SignatureSubpacket
import org.pgpainless.algorithm.SignatureType
import org.pgpainless.bouncycastle.extensions.fingerprint
import org.pgpainless.bouncycastle.extensions.isHardRevocation
import org.pgpainless.bouncycastle.extensions.isOfType
import org.pgpainless.bouncycastle.extensions.pgpFingerprint
import org.pgpainless.bouncycastle.extensions.publicKeyAlgorithm
import org.pgpainless.bouncycastle.extensions.signatureExpirationDate
import org.pgpainless.bouncycastle.extensions.signatureHashAlgorithm
@ -63,11 +63,11 @@ abstract class SignatureValidator {
}
}
if (signature.fingerprint != null &&
signature.fingerprint != signingKeyFingerprint) {
if (signature.pgpFingerprint != null &&
signature.pgpFingerprint != signingKeyFingerprint) {
throw SignatureValidationException(
"Signature was not created by" +
" $signingKeyFingerprint (signature fingerprint: ${signature.fingerprint})")
" $signingKeyFingerprint (signature fingerprint: ${signature.pgpFingerprint})")
}
}