keyfork-shard: propagate errors when message signature validation fails

This commit is contained in:
Ryan Heywood 2023-10-19 19:55:12 -05:00
parent 4e64c73f21
commit 0615a66ace
Signed by: ryan
GPG Key ID: 8E401478A3FBEF72
1 changed files with 33 additions and 19 deletions

View File

@ -2,7 +2,7 @@ use super::openpgp::{
self,
cert::Cert,
packet::{PKESK, SKESK},
parse::stream::{DecryptionHelper, VerificationHelper, MessageStructure},
parse::stream::{DecryptionHelper, MessageLayer, MessageStructure, VerificationHelper},
KeyHandle, KeyID,
};
@ -48,32 +48,49 @@ impl Keyring {
}
pub fn get_cert_for_primary_keyid<'a>(&'a self, keyid: &KeyID) -> Option<&'a Cert> {
self
.full_certs
.iter()
.find(|cert| &cert.keyid() == keyid)
self.full_certs.iter().find(|cert| &cert.keyid() == keyid)
}
// NOTE: This can't return an iterator because iterators are all different types
// and returning different types is naughty
fn get_certs_for_pkesk<'a>(&'a self, pkesk: &'a PKESK) -> impl Iterator<Item = &Cert> + 'a {
self.full_certs.iter().filter(move |cert| {
pkesk.recipient().is_wildcard()
|| cert.keys().any(|k| {
&k.keyid() == pkesk.recipient()
})
pkesk.recipient().is_wildcard() || cert.keys().any(|k| &k.keyid() == pkesk.recipient())
})
}
}
impl VerificationHelper for &mut Keyring {
fn get_certs(&mut self, _ids: &[KeyHandle]) -> openpgp::Result<Vec<Cert>> {
// TODO: no verification logic until we mark a cert as "root"
// this is the first cert in the metadata list
Ok(Vec::new())
fn get_certs(&mut self, ids: &[KeyHandle]) -> openpgp::Result<Vec<Cert>> {
Ok(ids
.iter()
.flat_map(|kh| {
self.root
.iter()
.filter(move |cert| &cert.key_handle() == kh)
})
.cloned()
.collect())
}
fn check(&mut self, structure: MessageStructure) -> openpgp::Result<()> {
for layer in structure.into_iter() {
#[allow(unused_variables)]
match layer {
MessageLayer::Compression { algo } => {}
MessageLayer::Encryption {
sym_algo,
aead_algo,
} => {}
MessageLayer::SignatureGroup { results } => {
for result in results {
if let Err(e) = result {
// FIXME: anyhow leak
return Err(anyhow::anyhow!(e.to_string()));
}
}
}
}
}
fn check(&mut self, _structure: MessageStructure) -> openpgp::Result<()> {
// TODO: ensure that we have a "root" cert and assign it
Ok(())
}
}
@ -87,10 +104,7 @@ impl DecryptionHelper for &mut Keyring {
mut decrypt: D,
) -> openpgp::Result<Option<openpgp::Fingerprint>>
where
D: FnMut(
openpgp::types::SymmetricAlgorithm,
&openpgp::crypto::SessionKey,
) -> bool,
D: FnMut(openpgp::types::SymmetricAlgorithm, &openpgp::crypto::SessionKey) -> bool,
{
// optimized route: use all locally stored certs
for pkesk in pkesks {