mirror of
https://github.com/pgpainless/pgpainless.git
synced 2025-01-24 19:06:24 +01:00
Fix fingerprint comparison
This commit is contained in:
parent
4ce25bbe8c
commit
e514cf752d
5 changed files with 15 additions and 15 deletions
|
@ -60,7 +60,7 @@ fun PGPKeyRing.requirePublicKey(fingerprint: OpenPgpFingerprint): PGPPublicKey =
|
|||
* subpacket to identify the [PGPPublicKey] via its key-ID.
|
||||
*/
|
||||
fun PGPKeyRing.getPublicKeyFor(signature: PGPSignature): PGPPublicKey? =
|
||||
signature.fingerprint?.let { this.getPublicKey(it) } ?: this.getPublicKey(signature.keyID)
|
||||
signature.pgpFingerprint?.let { this.getPublicKey(it) } ?: this.getPublicKey(signature.keyID)
|
||||
|
||||
/** Return the [PGPPublicKey] that matches the key-ID of the given [PGPOnePassSignature] packet. */
|
||||
fun PGPKeyRing.getPublicKeyFor(onePassSignature: PGPOnePassSignature): PGPPublicKey? =
|
||||
|
|
|
@ -66,13 +66,13 @@ fun PGPSecretKeyRing.requireSecretKey(fingerprint: OpenPgpFingerprint): PGPSecre
|
|||
* subpacket to identify the [PGPSecretKey] via its key-ID.
|
||||
*/
|
||||
fun PGPSecretKeyRing.getSecretKeyFor(signature: PGPSignature): PGPSecretKey? =
|
||||
signature.fingerprint?.let { this.getSecretKey(it) } ?: this.getSecretKey(signature.keyID)
|
||||
signature.pgpFingerprint?.let { this.getSecretKey(it) } ?: this.getSecretKey(signature.keyID)
|
||||
|
||||
/** Return the [PGPSecretKey] that matches the key-ID of the given [PGPOnePassSignature] packet. */
|
||||
fun PGPSecretKeyRing.getSecretKeyFor(onePassSignature: PGPOnePassSignature): PGPSecretKey? =
|
||||
when (onePassSignature.version) {
|
||||
3 -> this.getSecretKey(onePassSignature.keyID)
|
||||
6 -> this.getSecretKey(onePassSignature.fingerprint)
|
||||
3,
|
||||
6 -> this.getSecretKey(onePassSignature.keyIdentifier)
|
||||
else ->
|
||||
throw NotImplementedError(
|
||||
"Version ${onePassSignature.version} OPSs are not yet supported.")
|
||||
|
@ -80,7 +80,7 @@ fun PGPSecretKeyRing.getSecretKeyFor(onePassSignature: PGPOnePassSignature): PGP
|
|||
|
||||
fun PGPSecretKeyRing.getSecretKeyFor(pkesk: PGPPublicKeyEncryptedData): PGPSecretKey? =
|
||||
when (pkesk.version) {
|
||||
3 -> this.getSecretKey(pkesk.keyID)
|
||||
6 -> this.getSecretKey(pkesk.fingerprint)
|
||||
3,
|
||||
6 -> this.getSecretKey(pkesk.keyIdentifier)
|
||||
else -> throw NotImplementedError("Version ${pkesk.version} PKESKs are not yet supported.")
|
||||
}
|
||||
|
|
|
@ -50,13 +50,13 @@ val PGPSignature.issuerKeyId: Long
|
|||
SignatureSubpacketsUtil.getIssuerKeyIdAsLong(this)?.let {
|
||||
if (it != 0L) it else null
|
||||
}
|
||||
?: fingerprint?.keyId ?: 0L
|
||||
?: pgpFingerprint?.keyId ?: 0L
|
||||
}
|
||||
}
|
||||
|
||||
/** Return true, if the signature was likely issued by a key with the given fingerprint. */
|
||||
fun PGPSignature.wasIssuedBy(fingerprint: OpenPgpFingerprint): Boolean =
|
||||
this.fingerprint?.let { it.keyId == fingerprint.keyId } ?: (keyID == fingerprint.keyId)
|
||||
this.pgpFingerprint?.let { it.keyId == fingerprint.keyId } ?: (keyID == fingerprint.keyId)
|
||||
|
||||
/**
|
||||
* Return true, if the signature was likely issued by a key with the given fingerprint.
|
||||
|
@ -94,7 +94,7 @@ fun PGPSignature?.toRevocationState() =
|
|||
else if (isHardRevocation) RevocationState.hardRevoked()
|
||||
else RevocationState.softRevoked(creationTime)
|
||||
|
||||
val PGPSignature.fingerprint: OpenPgpFingerprint?
|
||||
val PGPSignature.pgpFingerprint: OpenPgpFingerprint?
|
||||
get() = SignatureSubpacketsUtil.getIssuerFingerprintAsOpenPgpFingerprint(this)
|
||||
|
||||
val PGPSignature.publicKeyAlgorithm: PublicKeyAlgorithm
|
||||
|
|
|
@ -684,7 +684,7 @@ class OpenPgpMessageInputStream(
|
|||
PGPainless.inspectKeyRing(it).decryptionSubkeys.any { subkey ->
|
||||
when (pkesk.version) {
|
||||
3 -> pkesk.keyID == subkey.keyID
|
||||
6 -> pkesk.fingerprint.contentEquals(subkey.fingerprint)
|
||||
6 -> pkesk.keyIdentifier.fingerprint.contentEquals(subkey.fingerprint)
|
||||
else -> false
|
||||
}
|
||||
}
|
||||
|
@ -696,7 +696,7 @@ class OpenPgpMessageInputStream(
|
|||
PGPainless.inspectKeyRing(it).decryptionSubkeys.any { subkey ->
|
||||
when (pkesk.version) {
|
||||
3 -> pkesk.keyID == subkey.keyID
|
||||
6 -> pkesk.fingerprint.contentEquals(subkey.fingerprint)
|
||||
6 -> pkesk.keyIdentifier.fingerprint.contentEquals(subkey.fingerprint)
|
||||
else -> false
|
||||
}
|
||||
}
|
||||
|
|
|
@ -15,9 +15,9 @@ import org.bouncycastle.openpgp.PGPUserAttributeSubpacketVector
|
|||
import org.pgpainless.algorithm.KeyFlag
|
||||
import org.pgpainless.algorithm.SignatureSubpacket
|
||||
import org.pgpainless.algorithm.SignatureType
|
||||
import org.pgpainless.bouncycastle.extensions.fingerprint
|
||||
import org.pgpainless.bouncycastle.extensions.isHardRevocation
|
||||
import org.pgpainless.bouncycastle.extensions.isOfType
|
||||
import org.pgpainless.bouncycastle.extensions.pgpFingerprint
|
||||
import org.pgpainless.bouncycastle.extensions.publicKeyAlgorithm
|
||||
import org.pgpainless.bouncycastle.extensions.signatureExpirationDate
|
||||
import org.pgpainless.bouncycastle.extensions.signatureHashAlgorithm
|
||||
|
@ -63,11 +63,11 @@ abstract class SignatureValidator {
|
|||
}
|
||||
}
|
||||
|
||||
if (signature.fingerprint != null &&
|
||||
signature.fingerprint != signingKeyFingerprint) {
|
||||
if (signature.pgpFingerprint != null &&
|
||||
signature.pgpFingerprint != signingKeyFingerprint) {
|
||||
throw SignatureValidationException(
|
||||
"Signature was not created by" +
|
||||
" $signingKeyFingerprint (signature fingerprint: ${signature.fingerprint})")
|
||||
" $signingKeyFingerprint (signature fingerprint: ${signature.pgpFingerprint})")
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue