miniquorum: fix duplicate-signature validation logic
This commit is contained in:
parent
adf1e68006
commit
47f79aa62b
GPG Key ID:
8E401478A3FBEF72
|
|
@ -439,14 +439,6 @@ impl Payload {
|
|||
for issuer in signature.issuer_fingerprints() {
|
||||
let mut currently_seen = std::collections::HashMap::new();
|
||||
for cert in &certs {
|
||||
if let Some(seen_index) = seen.get(&cert.fingerprint()) {
|
||||
return Err(BaseError::DuplicateSignature(
|
||||
cert.fingerprint(),
|
||||
index,
|
||||
*seen_index,
|
||||
)
|
||||
.into());
|
||||
}
|
||||
match cert
|
||||
.with_policy(&policy, None)?
|
||||
.keys()
|
||||
|
|
@ -456,16 +448,29 @@ impl Payload {
|
|||
.next()
|
||||
.map(|signing_key| signature.verify_hash(&signing_key, hashed.clone()))
|
||||
{
|
||||
Some(Ok(())) => {
|
||||
// key found, signature matched
|
||||
signature_matched = true;
|
||||
Some(result) => {
|
||||
// matching key found, check for duplicates
|
||||
if let Some(seen_index) = seen.get(&cert.fingerprint()) {
|
||||
return Err(BaseError::DuplicateSignature(
|
||||
cert.fingerprint(),
|
||||
index,
|
||||
*seen_index,
|
||||
)
|
||||
.into());
|
||||
}
|
||||
|
||||
// mark the cert as seen, so it isn't reusable
|
||||
currently_seen.insert(cert.fingerprint(), index);
|
||||
}
|
||||
Some(Err(e)) => {
|
||||
if error_on_invalid {
|
||||
return Err(e)?;
|
||||
match result {
|
||||
Ok(()) => {
|
||||
signature_matched = true;
|
||||
|
||||
// mark the cert as seen, so it isn't reusable
|
||||
currently_seen.insert(cert.fingerprint(), index);
|
||||
}
|
||||
Err(e) => {
|
||||
if error_on_invalid {
|
||||
return Err(e)?;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
None => {
|
||||
|
|
|
|||
Loading…
Reference in New Issue