Differentiate between empty or no fingerprint

cmd/csaf_aggregator/mirror.go

@@ -199,7 +199,7 @@ func (w *worker) mirrorPGPKeys(pm *csaf.ProviderMetadata) error {
 			w.log.Warn("Ignoring PGP key without URL", "fingerprint", pgpKey.Fingerprint)
 			continue
 		}
-		if _, err := hex.DecodeString(string(pgpKey.Fingerprint)); err != nil {
+		if _, err := hex.DecodeString(string(*pgpKey.Fingerprint)); err != nil {
 			w.log.Warn("Ignoring PGP key with invalid fingerprint", "url", *pgpKey.URL)
 			continue
 		}
@@ -217,7 +217,7 @@ func (w *worker) mirrorPGPKeys(pm *csaf.ProviderMetadata) error {
 				*pgpKey.URL, res.Status, res.StatusCode)
 		}
 
-		fingerprint := strings.ToUpper(string(pgpKey.Fingerprint))
+		fingerprint := strings.ToUpper(string(*pgpKey.Fingerprint))
 
 		localFile := filepath.Join(openPGPFolder, fingerprint+".asc")
 
@@ -588,12 +588,12 @@ func (w *worker) mirrorFiles(tlpLabel csaf.TLPLabel, files []csaf.AdvisoryFile)
 			if err := os.MkdirAll(yearDir, 0755); err != nil {
 				return err
 			}
-			//log.Printf("created %s\n", yearDir)
+			// log.Printf("created %s\n", yearDir)
 			yearDirs[year] = yearDir
 		}
 
 		fname := filepath.Join(yearDir, filename)
-		//log.Printf("write: %s\n", fname)
+		// log.Printf("write: %s\n", fname)
 		data := content.Bytes()
 		if err := writeFileHashes(
 			fname, filename,

cmd/csaf_checker/processor.go

@@ -83,10 +83,8 @@ type reporter interface {
 	report(*processor, *Domain)
 }
 
-var (
-	// errContinue indicates that the current check should continue.
-	errContinue = errors.New("continue")
-)
+// errContinue indicates that the current check should continue.
+var errContinue = errors.New("continue")
 
 type whereType byte
 
@@ -970,8 +968,7 @@ func (p *processor) checkChanges(base string, mask whereType) error {
 				continue
 			}
 			path := r[pathColumn]
-			times, files =
-				append(times, t),
+			times, files = append(times, t),
 				append(files, csaf.PlainAdvisoryFile(path))
 		}
 		return times, files, nil
@@ -1227,7 +1224,6 @@ func (p *processor) checkWhitePermissions(string) error {
 // According to the result, the respective error messages added to
 // badProviderMetadata.
 func (p *processor) checkProviderMetadata(domain string) bool {
-
 	p.badProviderMetadata.use()
 
 	client := p.httpClient()
@@ -1449,9 +1445,9 @@ func (p *processor) checkWellknownSecurityDNS(domain string) error {
 }
 
 // checkPGPKeys checks if the OpenPGP keys are available and valid, fetches
-// the remotely keys and compares the fingerprints.
-// As a result of these a respective error messages are passed to badPGP method
-// in case of errors. It returns nil if all checks are passed.
+// the remote pubkeys and compares the fingerprints.
+// As a result of these checks respective error messages are passed
+// to badPGPs methods. It returns nil if all checks are passed.
 func (p *processor) checkPGPKeys(_ string) error {
 
 	p.badPGPs.use()
@@ -1485,7 +1481,7 @@ func (p *processor) checkPGPKeys(_ string) error {
 	for i := range keys {
 		key := &keys[i]
 		if key.URL == nil {
-			p.badPGPs.error("Missing URL for fingerprint %x.", key.Fingerprint)
+			p.badPGPs.error("Missing URL for fingerprint %x.", *key.Fingerprint)
 			continue
 		}
 		up, err := url.Parse(*key.URL)
@@ -1518,13 +1514,17 @@ func (p *processor) checkPGPKeys(_ string) error {
 			continue
 		}
 
-		if key.Fingerprint == "" {
+		if key.Fingerprint == nil {
 			p.badPGPs.warn("No fingerprint for public OpenPGP key found.")
 			continue
 		}
 
-		if !strings.EqualFold(ckey.GetFingerprint(), string(key.Fingerprint)) {
-			p.badPGPs.error("Given Fingerprint (%q) of public OpenPGP key %q does not match remotely loaded (%q).", string(key.Fingerprint), u, ckey.GetFingerprint())
+		if *key.Fingerprint == "" {
+			p.badPGPs.warn("Empty fingerprint for public OpenPGP key found.")
+		}
+
+		if !strings.EqualFold(ckey.GetFingerprint(), string(*key.Fingerprint)) {
+			p.badPGPs.error("Given Fingerprint (%q) of public OpenPGP key %q does not match remotely loaded (%q).", string(*key.Fingerprint), u, ckey.GetFingerprint())
 			continue
 		}
 		if p.keys == nil {

cmd/csaf_downloader/downloader.go

@@ -366,12 +366,17 @@ func (d *downloader) loadOpenPGPKeys(
 			continue
 		}
 
-		if key.Fingerprint == "" {
+		if key.Fingerprint == nil {
 			slog.Warn("No fingerprint for public OpenPGP key found.")
 			continue
 		}
 
-		if !strings.EqualFold(ckey.GetFingerprint(), string(key.Fingerprint)) {
+		if *key.Fingerprint == "" {
+			slog.Warn("Empty fingerprint for public OpenPGP key found.")
+			continue
+		}
+
+		if !strings.EqualFold(ckey.GetFingerprint(), string(*key.Fingerprint)) {
 			slog.Warn(
 				"Fingerprint of public OpenPGP key does not match remotely loaded",
 				"url", u, "fingerprint", key.Fingerprint, "remote-fingerprint", ckey.GetFingerprint())

csaf/models.go

@@ -81,8 +81,8 @@ var fingerprintPattern = patternUnmarshal(`^[0-9a-fA-F]{40,}$`)
 // PGPKey is location and the fingerprint of the key
 // used to sign the CSAF documents.
 type PGPKey struct {
-	Fingerprint Fingerprint `json:"fingerprint,omitempty"`
-	URL         *string     `json:"url"` // required
+	Fingerprint *Fingerprint `json:"fingerprint,omitempty"`
+	URL         *string      `json:"url"` // required
 }
 
 // Category is the category of the CSAF feed.
@@ -616,13 +616,14 @@ func (pmd *ProviderMetadata) SetLastUpdated(t time.Time) {
 // If there is no such key it is append to the list of keys.
 func (pmd *ProviderMetadata) SetPGP(fingerprint, url string) {
 	for i := range pmd.PGPKeys {
-		if strings.EqualFold(string(pmd.PGPKeys[i].Fingerprint), fingerprint) {
+		if strings.EqualFold(string(*pmd.PGPKeys[i].Fingerprint), fingerprint) {
 			pmd.PGPKeys[i].URL = &url
 			return
 		}
 	}
+	f := Fingerprint(fingerprint)
 	pmd.PGPKeys = append(pmd.PGPKeys, PGPKey{
-		Fingerprint: Fingerprint(fingerprint),
+		Fingerprint: &f,
 		URL:         &url,
 	})
 }