pgpdecryptverify: only use keys for verification which are allowed to sign (OKC-01-013)

author: Vincent Breitmoser <valodim@mugenguild.com> 2015-10-08 20:01:04 +0200
committer: Vincent Breitmoser <valodim@mugenguild.com> 2015-10-08 20:01:04 +0200
commit: ba9b8f3a6009ca60abffccc3e3fbd160e0fa420c (patch)
tree: 809830edb97e0089715717f3607968d5970459b2 /OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignatureChecker.java
parent: 084d6f1d3d8e4fc54bbd5a77a9e22af76f28a673 (diff)
download: open-keychain-ba9b8f3a6009ca60abffccc3e3fbd160e0fa420c.tar.gz
open-keychain-ba9b8f3a6009ca60abffccc3e3fbd160e0fa420c.tar.bz2
open-keychain-ba9b8f3a6009ca60abffccc3e3fbd160e0fa420c.zip
1 files changed, 10 insertions, 2 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignatureChecker.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignatureChecker.java
index a892a8a0d..4067372a1 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignatureChecker.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignatureChecker.java
@@ -132,8 +132,12 @@ class PgpSignatureChecker {
                 CanonicalizedPublicKeyRing signingRing = mProviderHelper.getCanonicalizedPublicKeyRing(
                         KeyRings.buildUnifiedKeyRingsFindBySubkeyUri(sigKeyId)
                 );
+                CanonicalizedPublicKey keyCandidate = signingRing.getPublicKey(sigKeyId);
+                if ( ! signingKey.canSign()) {
+                    continue;
+                }
                 signatureIndex = i;
-                signingKey = signingRing.getPublicKey(sigKeyId);
+                signingKey = keyCandidate;
                 onePassSignature = sigList.get(i);
                 return;
             } catch (ProviderHelper.NotFoundException e) {
@@ -151,8 +155,12 @@ class PgpSignatureChecker {
                 CanonicalizedPublicKeyRing signingRing = mProviderHelper.getCanonicalizedPublicKeyRing(
                         KeyRings.buildUnifiedKeyRingsFindBySubkeyUri(sigKeyId)
                 );
+                CanonicalizedPublicKey keyCandidate = signingRing.getPublicKey(sigKeyId);
+                if ( ! signingKey.canSign()) {
+                    continue;
+                }
                 signatureIndex = i;
-                signingKey = signingRing.getPublicKey(sigKeyId);
+                signingKey = keyCandidate;
                 signature = sigList.get(i);
                 return;
             } catch (ProviderHelper.NotFoundException e) {
author	Vincent Breitmoser <valodim@mugenguild.com>	2015-10-08 20:01:04 +0200
committer	Vincent Breitmoser <valodim@mugenguild.com>	2015-10-08 20:01:04 +0200
commit	ba9b8f3a6009ca60abffccc3e3fbd160e0fa420c (patch)
tree	809830edb97e0089715717f3607968d5970459b2 /OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignatureChecker.java
parent	084d6f1d3d8e4fc54bbd5a77a9e22af76f28a673 (diff)
download	open-keychain-ba9b8f3a6009ca60abffccc3e3fbd160e0fa420c.tar.gz open-keychain-ba9b8f3a6009ca60abffccc3e3fbd160e0fa420c.tar.bz2 open-keychain-ba9b8f3a6009ca60abffccc3e3fbd160e0fa420c.zip