mirror of
https://github.com/gocsaf/csaf.git
synced 2025-12-22 11:55:40 +01:00
Use Key ID instead of fingerprint in OpenPGP URL interpolation.
This commit is contained in:
Sascha L. Teichmann
parent
9cf4a7cb5c
commit
fbe20dbf60
2 changed files with 19 additions and 17 deletions
|
|
@ -112,65 +112,66 @@ func loadCSAF(r *http.Request) (string, []byte, error) {
|
|||
return cleanFileName(handler.Filename), buf.Bytes(), nil
|
||||
}
|
||||
|
||||
func (c *controller) handleSignature(r *http.Request, data []byte) (string, string, error) {
|
||||
func (c *controller) handleSignature(
|
||||
r *http.Request,
|
||||
data []byte,
|
||||
) (string, *crypto.Key, error) {
|
||||
|
||||
// Either way ... we need the key.
|
||||
key, err := c.cfg.loadCryptoKey()
|
||||
if err != nil {
|
||||
return "", "", err
|
||||
return "", nil, err
|
||||
}
|
||||
|
||||
fingerprint := key.GetFingerprint()
|
||||
|
||||
// Was the signature given via request?
|
||||
if c.cfg.UploadSignature {
|
||||
sigText := r.FormValue("signature")
|
||||
if sigText == "" {
|
||||
return "", "", errors.New("missing signature in request")
|
||||
return "", nil, errors.New("missing signature in request")
|
||||
}
|
||||
|
||||
pgpSig, err := crypto.NewPGPSignatureFromArmored(sigText)
|
||||
if err != nil {
|
||||
return "", "", err
|
||||
return "", nil, err
|
||||
}
|
||||
|
||||
// Use as public key
|
||||
signRing, err := crypto.NewKeyRing(key)
|
||||
if err != nil {
|
||||
return "", "", err
|
||||
return "", nil, err
|
||||
}
|
||||
|
||||
if err := signRing.VerifyDetached(
|
||||
crypto.NewPlainMessage(data),
|
||||
pgpSig, crypto.GetUnixTime(),
|
||||
); err != nil {
|
||||
return "", "", err
|
||||
return "", nil, err
|
||||
}
|
||||
|
||||
return sigText, fingerprint, nil
|
||||
return sigText, key, nil
|
||||
}
|
||||
|
||||
// Sign ourself
|
||||
|
||||
if passwd := r.FormValue("passphrase"); !c.cfg.NoPassphrase && passwd != "" {
|
||||
if key, err = key.Unlock([]byte(passwd)); err != nil {
|
||||
return "", "", err
|
||||
return "", nil, err
|
||||
}
|
||||
}
|
||||
|
||||
// Use as private key
|
||||
signRing, err := crypto.NewKeyRing(key)
|
||||
if err != nil {
|
||||
return "", "", err
|
||||
return "", nil, err
|
||||
}
|
||||
|
||||
sig, err := signRing.SignDetached(crypto.NewPlainMessage(data))
|
||||
if err != nil {
|
||||
return "", "", err
|
||||
return "", nil, err
|
||||
}
|
||||
|
||||
armored, err := sig.GetArmored()
|
||||
return armored, fingerprint, err
|
||||
return armored, key, err
|
||||
}
|
||||
|
||||
func (c *controller) upload(rw http.ResponseWriter, r *http.Request) {
|
||||
|
|
@ -208,7 +209,7 @@ func (c *controller) upload(rw http.ResponseWriter, r *http.Request) {
|
|||
}
|
||||
}
|
||||
|
||||
armored, fingerprint, err := c.handleSignature(r, data)
|
||||
armored, key, err := c.handleSignature(r, data)
|
||||
if err != nil {
|
||||
c.failed(rw, "upload.html", err)
|
||||
return
|
||||
|
|
@ -330,7 +331,8 @@ func (c *controller) upload(rw http.ResponseWriter, r *http.Request) {
|
|||
// TODO: Check for conflicts.
|
||||
pmd.Publisher = ex.publisher
|
||||
|
||||
pmd.SetPGP(fingerprint, c.cfg.GetOpenPGPURL(fingerprint))
|
||||
keyID, fingerprint := key.GetHexKeyID(), key.GetFingerprint()
|
||||
pmd.SetPGP(fingerprint, c.cfg.GetOpenPGPURL(keyID))
|
||||
|
||||
return nil
|
||||
}); err != nil {
|
||||
|
|
|
|||
|
|
@ -101,8 +101,8 @@ func createProviderMetadata(c *config, wellknownCSAF string) error {
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
fingerprint := key.GetFingerprint()
|
||||
pm.SetPGP(fingerprint, c.GetOpenPGPURL(fingerprint))
|
||||
keyID, fingerprint := key.GetHexKeyID(), key.GetFingerprint()
|
||||
pm.SetPGP(fingerprint, c.GetOpenPGPURL(keyID))
|
||||
|
||||
return saveToFile(path, pm)
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue