[Webfunds-devel] key sigs check fails in Contract.java

Ian Grigg iang@julius.ai
Wed, 16 Aug 2000 14:55:19 -0400 (AST)


I've just committed where I'm at on the new COntract checks...

Beware that I've only lightly tested it on webfunds itself, but
seems to be ok.

Checks in Contract.verifyOpenPGPSignatures() don't work as planned:

   1. around line 1018, this check fails to pick up that the
      contractCert I am using is not signed by the topLevelKey
      (coz I never signed it...)

        /*
         *  Verify certification path - top-level signs contract signing key
         */
        try {
            contractCert.verify(topLevelKey);
        } catch (SignatureException se) {


   2. a bit later on it complains:

ERROR: contract failed to verify!
(11) Bad Contract Signing Key: webfunds.ricardian.ContractException: Illegal keyIds or signatures
        at webfunds.ricardian.Contract.verifyOpenPGPSignatures(Contract.java:1044)
        at webfunds.ricardian.Contract.verifyContract(Contract.java:946)
        at webfunds.client.contracts.wizard.FinishSig.sanityCheckContract(FinishSig.java:299)
        at webfunds.client.contracts.wizard.FinishSig.next(FinishSig.java:275)


      which is this bit of code:

        /*
         *  Verify that keys do not have any superfluous signatures.
         *  We have already checked all the positive errors like the
         *  certificate authority chain, so the only thing left should   
         *  be superfluous packets that we won't permit because they
         *  might be badly interpreted when push comes to shove.
         */
        String e = "Illegal keyIds or signatures";
        if (!KeyUtil.verifyKey(topLevelKey, USERID_TOP_LEVEL, null))
            throw new ContractException(ContractException.KEY_TOP_LEVEL, e);

        if (!KeyUtil.verifyKey(contractKey, USERID_CONTRACT, topLevelKey))
            throw new ContractException(ContractException.KEY_CONTRACT, e);
                                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

(line number in exception is a little old and points to _TOP_LEVEL,
but it is the KEY_CONTRACT line!)

      so (in contrast to the comment) that code is probably seeing that
      the topLevelKey doesn't sign the contractCert !

Hmmmmmmm, so comparing the two, maybe contractCert.verify(topLevelKey)
doesn't work and I need contractKey.verify(topLevelKey); instead???????

Or (taken from KeyUtil) sig.verify(key) ......

Any clues?

iang