1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-10-31 17:45:58 +01:00

Fix accidental verification of thirdparty user-id revocations using primary key

This commit is contained in:
Paul Schaub 2022-03-07 14:56:37 +01:00
parent fc65bb4496
commit f1f7dec8b6
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311

View file

@ -169,6 +169,11 @@ public final class SignaturePicker {
PGPSignature latestUserIdRevocation = null;
for (PGPSignature signature : signatures) {
PGPPublicKey signer = keyRing.getPublicKey(signature.getKeyID());
if (signer == null) {
// Signature made by external key. Skip.
continue;
}
try {
SignatureVerifier.verifyUserIdRevocation(userId, signature, primaryKey, policy, validationDate);
} catch (SignatureValidationException e) {