Skip to content

Commit

Permalink
Improve PGP fingerprint handling
Browse files Browse the repository at this point in the history
Warn if no fingerprint is specified and give more details, if
fingerprint comparison fails.

Closes #555
  • Loading branch information
koplas committed Aug 8, 2024
1 parent 8feddc7 commit 7f0041f
Showing 1 changed file with 7 additions and 2 deletions.
9 changes: 7 additions & 2 deletions cmd/csaf_checker/processor.go
Original file line number Diff line number Diff line change
Expand Up @@ -1449,7 +1449,7 @@ func (p *processor) checkWellknownSecurityDNS(domain string) error {
}

// checkPGPKeys checks if the OpenPGP keys are available and valid, fetches
// the the remotely keys and compares the fingerprints.
// the remotely keys and compares the fingerprints.
// As a result of these a respective error messages are passed to badPGP method
// in case of errors. It returns nil if all checks are passed.
func (p *processor) checkPGPKeys(_ string) error {
Expand Down Expand Up @@ -1518,8 +1518,13 @@ func (p *processor) checkPGPKeys(_ string) error {
continue
}

if key.Fingerprint == "" {
p.badPGPs.warn("No fingerprint for public OpenPGP key found.")
continue
}

if !strings.EqualFold(ckey.GetFingerprint(), string(key.Fingerprint)) {
p.badPGPs.error("Fingerprint of public OpenPGP key %s does not match remotely loaded.", u)
p.badPGPs.error("Given Fingerprint (%q) of public OpenPGP key %q does not match remotely loaded (%q).", string(key.Fingerprint), u, ckey.GetFingerprint())
continue
}
if p.keys == nil {
Expand Down

0 comments on commit 7f0041f

Please sign in to comment.