[Webfunds-commits] java/webfunds/openpgp/cert SimpleOpenPGPCertificate.java
Jeroen C. van Gelderen
gelderen@cypherpunks.ai
Wed, 16 Aug 2000 13:13:52 -0400 (AST)
gelderen 00/08/16 13:13:51
Modified: webfunds/openpgp/cert SimpleOpenPGPCertificate.java
Log:
Tentative fix for a bug that would allow keys without any userIds (and
hence no valid signatures) to pass the verify() check. We now check that
all userIds are signed *and* at least one userId is signed.
Revision Changes Path
1.2 +7 -4 java/webfunds/openpgp/cert/SimpleOpenPGPCertificate.java
Index: SimpleOpenPGPCertificate.java
===================================================================
RCS file: /home/webfunds/cvsroot/java/webfunds/openpgp/cert/SimpleOpenPGPCertificate.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- SimpleOpenPGPCertificate.java 2000/08/07 18:38:00 1.1
+++ SimpleOpenPGPCertificate.java 2000/08/16 17:13:51 1.2
@@ -1,4 +1,4 @@
-/* $Id: SimpleOpenPGPCertificate.java,v 1.1 2000/08/07 18:38:00 edwin Exp $
+/* $Id: SimpleOpenPGPCertificate.java,v 1.2 2000/08/16 17:13:51 gelderen Exp $
*
* Copyright (c) Systemics Ltd 2000 on behalf of
* the WebFunds Development Team. All Rights Reserved.
@@ -128,20 +128,23 @@
throw new InvalidKeyException("Key not of type: PGPPublicKey.");
}
- boolean result = true;
+ boolean allSigned = true; // all UserIds are signed with the key
+ boolean anySigned = false; // at least one is signed with the key
Vector userids = ((PGPPublicKey)key).getUserIDs();
for (int i=0; i<userids.size(); i++) {
PGPUserID userid = (PGPUserID)userids.elementAt(i);
try {
- result &= userid.isSignedBy((PGPPublicKey)key);
+ boolean isSigned = userid.isSignedBy((PGPPublicKey)key);
+ allSigned &= isSigned;
+ anySigned |= isSigned;
} catch (PGPFatalDataFormatException fdfe) {
throw new CertificateException("Invalid signature - "+fdfe);
}
}
- if (! result) {
+ if (anySigned & allSigned) {
throw new SignatureException("Not all userIDs are signed with "+
"the given key.");
}