From 67ec527d0ee1e15745e163ed1c550b385f885265 Mon Sep 17 00:00:00 2001
From: Justus Winter <justus@sequoia-pgp.org>
Date: Thu, 26 Nov 2020 13:38:55 +0100
Subject: sop: Correctly handle keyrings in CERTS.

  - Fixes #590.
---
 sop/src/cli.rs  | 25 ++++++++++++++++++++++---
 sop/src/main.rs |  8 ++++----
 2 files changed, 26 insertions(+), 7 deletions(-)

diff --git a/sop/src/cli.rs b/sop/src/cli.rs
index 58bbdd2d..202dd5dd 100644
--- a/sop/src/cli.rs
+++ b/sop/src/cli.rs
@@ -7,7 +7,10 @@ use structopt::StructOpt;
 
 use sequoia_openpgp as openpgp;
 use openpgp::{
-    Cert,
+    cert::{
+        Cert,
+        CertParser,
+    },
     crypto::{
         Password,
     },
@@ -302,12 +305,28 @@ pub fn load_certs(files: Vec<String>) -> Result<Vec<Cert>> {
     let mut certs = vec![];
     for f in files {
         let r = load_file(&f)?;
-        certs.push(Cert::from_reader(r).map_err(|_| Error::BadData)
-                   .context(format!("Failed to load key from file {:?}", f))?);
+        for cert in CertParser::from_reader(r).map_err(|_| Error::BadData)
+            .context(format!("Failed to load CERTS from file {:?}", f))?
+        {
+            certs.push(
+                cert.context(format!("Malformed certificate in file {:?}", f))?
+            );
+        }
     }
     Ok(certs)
 }
 
+/// Loads the KEY given by the (special) files.
+pub fn load_keys(files: Vec<String>) -> Result<Vec<Cert>> {
+    let mut keys = vec![];
+    for f in files {
+        let r = load_file(&f)?;
+        keys.push(Cert::from_reader(r).map_err(|_| Error::BadData)
+                   .context(format!("Failed to load KEY from file {:?}", f))?);
+    }
+    Ok(keys)
+}
+
 /// Frobnicates the strings and converts them to passwords.
 pub fn frob_passwords(p: Vec<String>) -> Result<Vec<Password>> {
     // XXX: Maybe do additional checks.
diff --git a/sop/src/main.rs b/sop/src/main.rs
index 503470d8..96bf4628 100644
--- a/sop/src/main.rs
+++ b/sop/src/main.rs
@@ -43,7 +43,7 @@ type Result<T> = anyhow::Result<T>;
 mod cli;
 use cli::{
     SOP, SignAs, EncryptAs, ArmorKind,
-    load_file, create_file, load_certs, frob_passwords,
+    load_file, create_file, load_certs, load_keys, frob_passwords,
 };
 mod dates;
 
@@ -100,7 +100,7 @@ fn real_main() -> Result<()> {
                 }
             }
 
-            let tsks = load_certs(keys)?;
+            let tsks = load_keys(keys)?;
             if tsks.is_empty() {
                 return Err(anyhow::Error::from(Error::MissingArg))
                     .context("Expected at least one certificate");
@@ -191,7 +191,7 @@ fn real_main() -> Result<()> {
 
             let passwords = frob_passwords(with_password)?;
 
-            let tsks = load_certs(sign_with)?;
+            let tsks = load_keys(sign_with)?;
             let mut signers = Vec::new();
             for tsk in tsks {
                 let mut one = false;
@@ -386,7 +386,7 @@ fn real_main() -> Result<()> {
                 };
 
             let verify_with = load_certs(verify_with)?;
-            let keys = load_certs(key)?;
+            let keys = load_keys(key)?;
 
             let vhelper = VHelper::new(verify_out,
                                        if verify_with.is_empty() {
-- 
cgit v1.2.3