diff options
author | David Kalnischkies <david@kalnischkies.de> | 2016-04-29 10:16:42 +0200 |
---|---|---|
committer | David Kalnischkies <david@kalnischkies.de> | 2016-05-01 10:50:24 +0200 |
commit | 46e00c9062d09a642973e83a334483db1f310397 (patch) | |
tree | 6c498258c3e0ffb7e330c82506bb94e9f749b41a /methods/gpgv.cc | |
parent | 5419a6ce20967902102358a07632ae3688788d62 (diff) | |
download | apt-46e00c9062d09a642973e83a334483db1f310397.tar.gz |
support multiple fingerprints in signed-by
A keyring file can include multiple keys, so its only fair for
transitions and such to support multiple fingerprints as well.
Diffstat (limited to 'methods/gpgv.cc')
-rw-r--r-- | methods/gpgv.cc | 30 |
1 files changed, 17 insertions, 13 deletions
diff --git a/methods/gpgv.cc b/methods/gpgv.cc index 3e0b133a3..b9fb09a8f 100644 --- a/methods/gpgv.cc +++ b/methods/gpgv.cc @@ -249,25 +249,29 @@ string GPGVMethod::VerifyGetSigners(const char *file, const char *outfile, { if (Debug == true) std::clog << "GoodSigs needs to be limited to keyid " << key << std::endl; - std::vector<std::string>::iterator const foundItr = std::find(ValidSigners.begin(), ValidSigners.end(), key); - bool const found = (foundItr != ValidSigners.end()); - std::copy(GoodSigners.begin(), GoodSigners.end(), std::back_insert_iterator<std::vector<std::string> >(NoPubKeySigners)); - if (found) + bool foundGood = false; + for (auto const &k: VectorizeString(key, ',')) { + if (std::find(ValidSigners.begin(), ValidSigners.end(), k) == ValidSigners.end()) + continue; // we look for GOODSIG here as well as an expired sig is a valid sig as well (but not a good one) - std::string const goodlongkeyid = "GOODSIG " + key.substr(24, 16); - bool const foundGood = std::find(GoodSigners.begin(), GoodSigners.end(), goodlongkeyid) != GoodSigners.end(); + std::string const goodlongkeyid = "GOODSIG " + k.substr(24, 16); + foundGood = std::find(GoodSigners.begin(), GoodSigners.end(), goodlongkeyid) != GoodSigners.end(); if (Debug == true) - std::clog << "Key " << key << " is valid sig, is " << goodlongkeyid << " also a good one? " << (foundGood ? "yes" : "no") << std::endl; + std::clog << "Key " << k << " is valid sig, is " << goodlongkeyid << " also a good one? " << (foundGood ? "yes" : "no") << std::endl; + if (foundGood == false) + continue; + std::copy(GoodSigners.begin(), GoodSigners.end(), std::back_insert_iterator<std::vector<std::string> >(NoPubKeySigners)); GoodSigners.clear(); - if (foundGood) - { - GoodSigners.push_back(goodlongkeyid); - NoPubKeySigners.erase(std::remove(NoPubKeySigners.begin(), NoPubKeySigners.end(), goodlongkeyid), NoPubKeySigners.end()); - } + GoodSigners.push_back(goodlongkeyid); + NoPubKeySigners.erase(std::remove(NoPubKeySigners.begin(), NoPubKeySigners.end(), goodlongkeyid), NoPubKeySigners.end()); + break; } - else + if (foundGood == false) + { + std::copy(GoodSigners.begin(), GoodSigners.end(), std::back_insert_iterator<std::vector<std::string> >(NoPubKeySigners)); GoodSigners.clear(); + } } int status; |