From 9037574d967da7ad80972edde4b74810c735e11c Mon Sep 17 00:00:00 2001
From: koplas <54645365+koplas@users.noreply.github.com>
Date: Thu, 8 Aug 2024 12:17:58 +0200
Subject: [PATCH] Improve PGP fingerprint handling

Warn if no fingerprint is specified and give more details, if
fingerprint comparison fails.

Closes #555
---
 cmd/csaf_checker/processor.go     | 9 +++++++--
 cmd/csaf_downloader/downloader.go | 7 ++++++-
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/cmd/csaf_checker/processor.go b/cmd/csaf_checker/processor.go
index 451a315c..b5f949e2 100644
--- a/cmd/csaf_checker/processor.go
+++ b/cmd/csaf_checker/processor.go
@@ -1449,7 +1449,7 @@ func (p *processor) checkWellknownSecurityDNS(domain string) error {
 }
 
 // checkPGPKeys checks if the OpenPGP keys are available and valid, fetches
-// the the remotely keys and compares the fingerprints.
+// the remotely keys and compares the fingerprints.
 // As a result of these a respective error messages are passed to badPGP method
 // in case of errors. It returns nil if all checks are passed.
 func (p *processor) checkPGPKeys(_ string) error {
@@ -1518,8 +1518,13 @@ func (p *processor) checkPGPKeys(_ string) error {
 			continue
 		}
 
+		if key.Fingerprint == "" {
+			p.badPGPs.warn("No fingerprint for public OpenPGP key found.")
+			continue
+		}
+
 		if !strings.EqualFold(ckey.GetFingerprint(), string(key.Fingerprint)) {
-			p.badPGPs.error("Fingerprint of public OpenPGP key %s does not match remotely loaded.", u)
+			p.badPGPs.error("Given Fingerprint (%q) of public OpenPGP key %q does not match remotely loaded (%q).", string(key.Fingerprint), u, ckey.GetFingerprint())
 			continue
 		}
 		if p.keys == nil {
diff --git a/cmd/csaf_downloader/downloader.go b/cmd/csaf_downloader/downloader.go
index badf0605..a5eeb714 100644
--- a/cmd/csaf_downloader/downloader.go
+++ b/cmd/csaf_downloader/downloader.go
@@ -366,10 +366,15 @@ func (d *downloader) loadOpenPGPKeys(
 			continue
 		}
 
+		if key.Fingerprint == "" {
+			slog.Warn("No fingerprint for public OpenPGP key found.")
+			continue
+		}
+
 		if !strings.EqualFold(ckey.GetFingerprint(), string(key.Fingerprint)) {
 			slog.Warn(
 				"Fingerprint of public OpenPGP key does not match remotely loaded",
-				"url", u)
+				"url", u, "fingerprint", key.Fingerprint, "remote-fingerprint", ckey.GetFingerprint())
 			continue
 		}
 		if d.keys == nil {