diff options
| -rw-r--r-- | src/mailman_pgp/commands/eml_key.py | 41 | ||||
| -rw-r--r-- | src/mailman_pgp/utils/pgp.py | 45 |
2 files changed, 50 insertions, 36 deletions
diff --git a/src/mailman_pgp/commands/eml_key.py b/src/mailman_pgp/commands/eml_key.py index 29fa99c..97a1a6f 100644 --- a/src/mailman_pgp/commands/eml_key.py +++ b/src/mailman_pgp/commands/eml_key.py @@ -39,7 +39,7 @@ from mailman_pgp.model.list import PGPMailingList from mailman_pgp.pgp.mime import MIMEWrapper from mailman_pgp.pgp.wrapper import PGPWrapper from mailman_pgp.utils.email import get_email -from mailman_pgp.utils.pgp import key_usable +from mailman_pgp.utils.pgp import key_merge, key_usable from mailman_pgp.workflows.key_change import (CHANGE_CONFIRM_REQUEST, KeyChangeModWorkflow, KeyChangeWorkflow) @@ -411,43 +411,12 @@ def _cmd_sign(pgp_list, mlist, msg, msgdata, arguments, results): print('You are not allowed to sign the list key.', file=results) return ContinueProcessing.no - if pgp_list.pubkey.key_material != key.key_material: - print('You sent a wrong key.', file=results) + try: + key_merge(pgp_list.key, key, pgp_address.key) + except ValueError as e: + print(str(e), file=results) return ContinueProcessing.no - uid_map = {} - for uid in pgp_list.key.userids: - for uid_other in key.userids: - if uid == uid_other: - uid_map[uid] = uid_other - - if len(uid_map) == 0: - print('No signed UIDs found.', file=results) - return ContinueProcessing.no - - uid_sigs = {} - for uid, uid_other in uid_map.items(): - for sig in uid_other.signatures: - if sig in uid.signatures: - continue - if sig.signer != pgp_address.key.fingerprint.keyid: - continue - # sig is a new signature, not currenctly on uid, ans seems to - # be made by the pgp_address.key - try: - verification = pgp_address.key.verify(uid, sig) - if bool(verification): - uid_sigs.setdefault(uid, []).append(sig) - except PGPError: - pass - - if len(uid_sigs) == 0: - print('No new certifications found.', file=results) - return ContinueProcessing.no - - for uid, sigs in uid_sigs.items(): - for sig in sigs: - uid |= sig pgp_list.fs_key.save() print('List key updated with new signatures.', file=results) diff --git a/src/mailman_pgp/utils/pgp.py b/src/mailman_pgp/utils/pgp.py index be97a75..05721b4 100644 --- a/src/mailman_pgp/utils/pgp.py +++ b/src/mailman_pgp/utils/pgp.py @@ -179,3 +179,48 @@ def key_usable(key, flags_required): if bool(verified): return False return flags_required.issubset(key_flags(key)) + + +@public +def key_merge(privkey, new_key, signer_key): + """ + + :param privkey: + :type privkey: pgpy.PGPKey + :param new_key: + :type new_key: pgpy.PGPKey + """ + if privkey.pubkey.key_material != new_key.key_material: + raise ValueError('You sent a wrong key.') + + uid_map = {} + for uid in privkey.userids: + for uid_other in new_key.userids: + if uid == uid_other: + uid_map[uid] = uid_other + + if len(uid_map) == 0: + raise ValueError('No signed UIDs found.') + + uid_sigs = {} + for uid, uid_other in uid_map.items(): + for sig in uid_other.signatures: + if sig in uid.signatures: + continue + if sig.signer != signer_key.fingerprint.keyid: + continue + # sig is a new signature, not currenctly on uid, ans seems to + # be made by the pgp_address.key + try: + verification = signer_key.verify(uid, sig) + if bool(verification): + uid_sigs.setdefault(uid, []).append(sig) + except PGPError: + pass + + if len(uid_sigs) == 0: + raise ValueError('No new certifications found.') + + for uid, sigs in uid_sigs.items(): + for sig in sigs: + uid |= sig |