diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2020-10-13 14:42:00 +0200 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2020-10-13 15:13:34 +0200 |
commit | d53cdb17493e3daaa234936b9f8f8c76fcdfc416 (patch) | |
tree | e754691d19a153ec5b939a71985429062193aa4a /openpgp/src/packet | |
parent | c320927784cc2cf179fd899b32944efad6fc2a98 (diff) |
openpgp: Add issuers and sort subpackets when canonicalizing Certs.
- This makes sure that merging a cert with itself does not change
the cert.
- Fixes #579.
Diffstat (limited to 'openpgp/src/packet')
-rw-r--r-- | openpgp/src/packet/signature.rs | 29 |
1 files changed, 21 insertions, 8 deletions
diff --git a/openpgp/src/packet/signature.rs b/openpgp/src/packet/signature.rs index e5fe662d..3c217a85 100644 --- a/openpgp/src/packet/signature.rs +++ b/openpgp/src/packet/signature.rs @@ -3463,20 +3463,33 @@ mod test { panic!("expected a signature"); } - // Parse into cert verifying the signatures. - use std::convert::TryFrom; - let cert = Cert::try_from(pp)?; - assert_eq!(cert.bad_signatures().len(), 0); - assert_eq!(cert.keys().subkeys().count(), 1); - let subkey = cert.keys().subkeys().nth(0).unwrap(); - assert_eq!(subkey.self_signatures().len(), 1); - let sig = &subkey.self_signatures()[0]; + // Verify the subkey binding without parsing into cert. + let primary_key = + if let Some(Packet::PublicKey(key)) = pp.path_ref(&[0]) { + key + } else { + panic!("Expected a primary key"); + }; + let subkey = + if let Some(Packet::PublicSubkey(key)) = pp.path_ref(&[3]) { + key + } else { + panic!("Expected a subkey"); + }; + let mut sig = + if let Some(Packet::Signature(sig)) = pp.path_ref(&[4]) { + sig.clone() + } else { + panic!("expected a signature"); + }; + // The signature has only an issuer fingerprint. assert_eq!(sig.get_issuers().len(), 1); assert_eq!(sig.subpackets(SubpacketTag::Issuer).count(), 0); // But normalization after verification adds the missing // information. + sig.verify_subkey_binding(&primary_key, &primary_key, &subkey)?; let normalized_sig = sig.normalize(); assert_eq!(normalized_sig.subpackets(SubpacketTag::Issuer).count(), 1); Ok(()) |