From e2bad19a87752371bb0f5d25dd5b2885d43735e2 Mon Sep 17 00:00:00 2001 From: Alexandre Viau Date: Tue, 10 Aug 2021 09:35:43 -0400 Subject: [PATCH] EntityFetcher: require fingerprint (#1374) EntityFetcher no longer supports key ids. This isn't required anymore as its only user (`SignRequest.Sign()`) now passes fingerprints. --- pkg/jsonsign/sign.go | 18 +++++++++--------- pkg/schema/sign.go | 10 ++++------ 2 files changed, 13 insertions(+), 15 deletions(-) diff --git a/pkg/jsonsign/sign.go b/pkg/jsonsign/sign.go index 190abc93b..674c1d53d 100644 --- a/pkg/jsonsign/sign.go +++ b/pkg/jsonsign/sign.go @@ -36,7 +36,7 @@ import ( ) type EntityFetcher interface { - FetchEntity(keyID string) (*openpgp.Entity, error) + FetchEntity(fingerprint string) (*openpgp.Entity, error) } type FileEntityFetcher struct { @@ -54,10 +54,10 @@ type CachingEntityFetcher struct { m map[string]*openpgp.Entity } -func (ce *CachingEntityFetcher) FetchEntity(keyID string) (*openpgp.Entity, error) { +func (ce *CachingEntityFetcher) FetchEntity(fingerprint string) (*openpgp.Entity, error) { ce.lk.Lock() if ce.m != nil { - e := ce.m[keyID] + e := ce.m[fingerprint] if e != nil { ce.lk.Unlock() return e, nil @@ -65,20 +65,20 @@ func (ce *CachingEntityFetcher) FetchEntity(keyID string) (*openpgp.Entity, erro } ce.lk.Unlock() - e, err := ce.Fetcher.FetchEntity(keyID) + e, err := ce.Fetcher.FetchEntity(fingerprint) if err == nil { ce.lk.Lock() defer ce.lk.Unlock() if ce.m == nil { ce.m = make(map[string]*openpgp.Entity) } - ce.m[keyID] = e + ce.m[fingerprint] = e } return e, err } -func (fe *FileEntityFetcher) FetchEntity(keyID string) (*openpgp.Entity, error) { +func (fe *FileEntityFetcher) FetchEntity(fingerprint string) (*openpgp.Entity, error) { f, err := wkfs.Open(fe.File) if err != nil { return nil, fmt.Errorf("jsonsign: FetchEntity: %v", err) @@ -90,7 +90,7 @@ func (fe *FileEntityFetcher) FetchEntity(keyID string) (*openpgp.Entity, error) } for _, e := range el { pubk := &e.PrivateKey.PublicKey - if pubk.KeyIdString() != keyID { + if fingerprintString(pubk) != fingerprint { continue } if e.PrivateKey.Encrypted { @@ -101,7 +101,7 @@ func (fe *FileEntityFetcher) FetchEntity(keyID string) (*openpgp.Entity, error) } return e, nil } - return nil, fmt.Errorf("jsonsign: entity for keyid %q not found in %q", keyID, fe.File) + return nil, fmt.Errorf("jsonsign: entity for fingerprint %q not found in %q", fingerprint, fe.File) } type SignRequest struct { @@ -190,7 +190,7 @@ func (sr *SignRequest) Sign(ctx context.Context) (signedJSON string, err error) secring.Close() // just opened to see if it's readable entityFetcher = &FileEntityFetcher{File: file} } - signer, err := entityFetcher.FetchEntity(pubk.KeyIdString()) + signer, err := entityFetcher.FetchEntity(fingerprintString(pubk)) if err != nil { return "", err } diff --git a/pkg/schema/sign.go b/pkg/schema/sign.go index 0b13912be..b71721e97 100644 --- a/pkg/schema/sign.go +++ b/pkg/schema/sign.go @@ -96,12 +96,10 @@ func NewSigner(pubKeyRef blob.Ref, armoredPubKey io.Reader, privateKeySource int return uint32(len(armoredPubKeyString)), ioutil.NopCloser(strings.NewReader(armoredPubKeyString)) }, }, - EntityFetcher: entityFetcherFunc(func(wantKeyId string) (*openpgp.Entity, error) { - if fingerprint != wantKeyId && - privateKey.PrivateKey.KeyIdString() != wantKeyId && - privateKey.PrivateKey.KeyIdShortString() != wantKeyId { - return nil, fmt.Errorf("jsonsign code unexpectedly requested keyID %q; only have %q", - wantKeyId, fingerprint) + EntityFetcher: entityFetcherFunc(func(wantFingerprint string) (*openpgp.Entity, error) { + if fingerprint != wantFingerprint { + return nil, fmt.Errorf("jsonsign code unexpectedly requested fingerprint %q; only have %q", + wantFingerprint, fingerprint) } return privateKey, nil }),