keyfork-shard: propagate errors when message signature validation fails
This commit is contained in:
parent
4e64c73f21
commit
0615a66ace
|
@ -2,7 +2,7 @@ use super::openpgp::{
|
|||
self,
|
||||
cert::Cert,
|
||||
packet::{PKESK, SKESK},
|
||||
parse::stream::{DecryptionHelper, VerificationHelper, MessageStructure},
|
||||
parse::stream::{DecryptionHelper, MessageLayer, MessageStructure, VerificationHelper},
|
||||
KeyHandle, KeyID,
|
||||
};
|
||||
|
||||
|
@ -48,32 +48,49 @@ impl Keyring {
|
|||
}
|
||||
|
||||
pub fn get_cert_for_primary_keyid<'a>(&'a self, keyid: &KeyID) -> Option<&'a Cert> {
|
||||
self
|
||||
.full_certs
|
||||
.iter()
|
||||
.find(|cert| &cert.keyid() == keyid)
|
||||
self.full_certs.iter().find(|cert| &cert.keyid() == keyid)
|
||||
}
|
||||
|
||||
// NOTE: This can't return an iterator because iterators are all different types
|
||||
// and returning different types is naughty
|
||||
fn get_certs_for_pkesk<'a>(&'a self, pkesk: &'a PKESK) -> impl Iterator<Item = &Cert> + 'a {
|
||||
self.full_certs.iter().filter(move |cert| {
|
||||
pkesk.recipient().is_wildcard()
|
||||
|| cert.keys().any(|k| {
|
||||
&k.keyid() == pkesk.recipient()
|
||||
})
|
||||
pkesk.recipient().is_wildcard() || cert.keys().any(|k| &k.keyid() == pkesk.recipient())
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
impl VerificationHelper for &mut Keyring {
|
||||
fn get_certs(&mut self, _ids: &[KeyHandle]) -> openpgp::Result<Vec<Cert>> {
|
||||
// TODO: no verification logic until we mark a cert as "root"
|
||||
// this is the first cert in the metadata list
|
||||
Ok(Vec::new())
|
||||
fn get_certs(&mut self, ids: &[KeyHandle]) -> openpgp::Result<Vec<Cert>> {
|
||||
Ok(ids
|
||||
.iter()
|
||||
.flat_map(|kh| {
|
||||
self.root
|
||||
.iter()
|
||||
.filter(move |cert| &cert.key_handle() == kh)
|
||||
})
|
||||
.cloned()
|
||||
.collect())
|
||||
}
|
||||
fn check(&mut self, structure: MessageStructure) -> openpgp::Result<()> {
|
||||
for layer in structure.into_iter() {
|
||||
#[allow(unused_variables)]
|
||||
match layer {
|
||||
MessageLayer::Compression { algo } => {}
|
||||
MessageLayer::Encryption {
|
||||
sym_algo,
|
||||
aead_algo,
|
||||
} => {}
|
||||
MessageLayer::SignatureGroup { results } => {
|
||||
for result in results {
|
||||
if let Err(e) = result {
|
||||
// FIXME: anyhow leak
|
||||
return Err(anyhow::anyhow!(e.to_string()));
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
fn check(&mut self, _structure: MessageStructure) -> openpgp::Result<()> {
|
||||
// TODO: ensure that we have a "root" cert and assign it
|
||||
Ok(())
|
||||
}
|
||||
}
|
||||
|
@ -87,10 +104,7 @@ impl DecryptionHelper for &mut Keyring {
|
|||
mut decrypt: D,
|
||||
) -> openpgp::Result<Option<openpgp::Fingerprint>>
|
||||
where
|
||||
D: FnMut(
|
||||
openpgp::types::SymmetricAlgorithm,
|
||||
&openpgp::crypto::SessionKey,
|
||||
) -> bool,
|
||||
D: FnMut(openpgp::types::SymmetricAlgorithm, &openpgp::crypto::SessionKey) -> bool,
|
||||
{
|
||||
// optimized route: use all locally stored certs
|
||||
for pkesk in pkesks {
|
||||
|
|
Loading…
Reference in New Issue