reject keys with colliding fingerprints or key ids
This commit is contained in:
parent
70cb8319d6
commit
8cbdc2d4ba
|
@ -386,15 +386,30 @@ impl Database for Filesystem {
|
||||||
}
|
}
|
||||||
|
|
||||||
fn check_link_fpr(&self, fpr: &Fingerprint, fpr_target: &Fingerprint) -> Result<Option<Fingerprint>> {
|
fn check_link_fpr(&self, fpr: &Fingerprint, fpr_target: &Fingerprint) -> Result<Option<Fingerprint>> {
|
||||||
let link = self.link_by_fingerprint(&fpr);
|
let link_keyid = self.link_by_keyid(&fpr.into());
|
||||||
let target = diff_paths(&self.fingerprint_to_path_published(fpr_target),
|
let link_fpr = self.link_by_fingerprint(&fpr);
|
||||||
link.parent().unwrap()).unwrap();
|
|
||||||
|
|
||||||
if link == target {
|
let path_published = self.fingerprint_to_path_published(fpr_target);
|
||||||
return Ok(None);
|
|
||||||
|
if let Ok(link_keyid_target) = link_keyid.canonicalize() {
|
||||||
|
if link_keyid_target != path_published {
|
||||||
|
info!("KeyID points to different key for {}", fpr);
|
||||||
|
Err(failure::err_msg("Collision with a different key!"))?;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
Ok(Some(fpr.clone()))
|
if let Ok(link_fpr_target) = link_keyid.canonicalize() {
|
||||||
|
if link_fpr_target != path_published {
|
||||||
|
info!("Fingerprint points to different key for {}", fpr);
|
||||||
|
Err(failure::err_msg("Collision with a different key!"))?;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if !link_fpr.exists() || link_keyid.exists() {
|
||||||
|
Ok(Some(fpr.clone()))
|
||||||
|
} else {
|
||||||
|
Ok(None)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
fn lookup_primary_fingerprint(&self, term: &Query) -> Option<Fingerprint> {
|
fn lookup_primary_fingerprint(&self, term: &Query) -> Option<Fingerprint> {
|
||||||
|
|
Loading…
Reference in New Issue