getSignaturesForID can return null, check this

This commit is contained in:
Dominik Schürmann 2014-09-13 17:30:07 +02:00
parent 40c81c9429
commit aca9ecdb85
2 changed files with 146 additions and 127 deletions

View File

@ -375,130 +375,131 @@ public class UncachedKeyRing {
PGPSignature selfCert = null; PGPSignature selfCert = null;
revocation = null; revocation = null;
// look through signatures for this specific key // look through signatures for this specific user id
for (PGPSignature zert : new IterableIterator<PGPSignature>( @SuppressWarnings("unchecked")
masterKey.getSignaturesForID(userId))) { Iterator<PGPSignature> signaturesIt = masterKey.getSignaturesForID(userId);
WrappedSignature cert = new WrappedSignature(zert); if (signaturesIt != null) {
long certId = cert.getKeyId(); for (PGPSignature zert : new IterableIterator<PGPSignature>(signaturesIt)) {
WrappedSignature cert = new WrappedSignature(zert);
long certId = cert.getKeyId();
int type = zert.getSignatureType(); int type = zert.getSignatureType();
if (type != PGPSignature.DEFAULT_CERTIFICATION if (type != PGPSignature.DEFAULT_CERTIFICATION
&& type != PGPSignature.NO_CERTIFICATION && type != PGPSignature.NO_CERTIFICATION
&& type != PGPSignature.CASUAL_CERTIFICATION && type != PGPSignature.CASUAL_CERTIFICATION
&& type != PGPSignature.POSITIVE_CERTIFICATION && type != PGPSignature.POSITIVE_CERTIFICATION
&& type != PGPSignature.CERTIFICATION_REVOCATION) { && type != PGPSignature.CERTIFICATION_REVOCATION) {
log.add(LogLevel.WARN, LogType.MSG_KC_UID_BAD_TYPE, log.add(LogLevel.WARN, LogType.MSG_KC_UID_BAD_TYPE,
indent, "0x" + Integer.toString(zert.getSignatureType(), 16)); indent, "0x" + Integer.toString(zert.getSignatureType(), 16));
modified = PGPPublicKey.removeCertification(modified, userId, zert);
badCerts += 1;
continue;
}
if (cert.getCreationTime().after(now)) {
// Creation date in the future? No way!
log.add(LogLevel.WARN, LogType.MSG_KC_UID_BAD_TIME, indent);
modified = PGPPublicKey.removeCertification(modified, userId, zert);
badCerts += 1;
continue;
}
if (cert.isLocal()) {
// Creation date in the future? No way!
log.add(LogLevel.WARN, LogType.MSG_KC_UID_BAD_LOCAL, indent);
modified = PGPPublicKey.removeCertification(modified, userId, zert);
badCerts += 1;
continue;
}
// If this is a foreign signature, ...
if (certId != masterKeyId) {
// never mind any further for public keys, but remove them from secret ones
if (isSecret()) {
log.add(LogLevel.WARN, LogType.MSG_KC_UID_FOREIGN,
indent, PgpKeyHelper.convertKeyIdToHex(certId));
modified = PGPPublicKey.removeCertification(modified, userId, zert); modified = PGPPublicKey.removeCertification(modified, userId, zert);
badCerts += 1; badCerts += 1;
continue;
} }
continue;
}
// Otherwise, first make sure it checks out if (cert.getCreationTime().after(now)) {
try { // Creation date in the future? No way!
cert.init(masterKey); log.add(LogLevel.WARN, LogType.MSG_KC_UID_BAD_TIME, indent);
if (!cert.verifySignature(masterKey, userId)) { modified = PGPPublicKey.removeCertification(modified, userId, zert);
log.add(LogLevel.WARN, LogType.MSG_KC_UID_BAD, badCerts += 1;
continue;
}
if (cert.isLocal()) {
// Creation date in the future? No way!
log.add(LogLevel.WARN, LogType.MSG_KC_UID_BAD_LOCAL, indent);
modified = PGPPublicKey.removeCertification(modified, userId, zert);
badCerts += 1;
continue;
}
// If this is a foreign signature, ...
if (certId != masterKeyId) {
// never mind any further for public keys, but remove them from secret ones
if (isSecret()) {
log.add(LogLevel.WARN, LogType.MSG_KC_UID_FOREIGN,
indent, PgpKeyHelper.convertKeyIdToHex(certId));
modified = PGPPublicKey.removeCertification(modified, userId, zert);
badCerts += 1;
}
continue;
}
// Otherwise, first make sure it checks out
try {
cert.init(masterKey);
if (!cert.verifySignature(masterKey, userId)) {
log.add(LogLevel.WARN, LogType.MSG_KC_UID_BAD,
indent, userId);
modified = PGPPublicKey.removeCertification(modified, userId, zert);
badCerts += 1;
continue;
}
} catch (PgpGeneralException e) {
log.add(LogLevel.WARN, LogType.MSG_KC_UID_BAD_ERR,
indent, userId); indent, userId);
modified = PGPPublicKey.removeCertification(modified, userId, zert); modified = PGPPublicKey.removeCertification(modified, userId, zert);
badCerts += 1; badCerts += 1;
continue; continue;
} }
} catch (PgpGeneralException e) {
log.add(LogLevel.WARN, LogType.MSG_KC_UID_BAD_ERR, switch (type) {
indent, userId); case PGPSignature.DEFAULT_CERTIFICATION:
modified = PGPPublicKey.removeCertification(modified, userId, zert); case PGPSignature.NO_CERTIFICATION:
badCerts += 1; case PGPSignature.CASUAL_CERTIFICATION:
continue; case PGPSignature.POSITIVE_CERTIFICATION:
if (selfCert == null) {
selfCert = zert;
} else if (selfCert.getCreationTime().before(cert.getCreationTime())) {
log.add(LogLevel.DEBUG, LogType.MSG_KC_UID_CERT_DUP,
indent, userId);
modified = PGPPublicKey.removeCertification(modified, userId, selfCert);
redundantCerts += 1;
selfCert = zert;
} else {
log.add(LogLevel.DEBUG, LogType.MSG_KC_UID_CERT_DUP,
indent, userId);
modified = PGPPublicKey.removeCertification(modified, userId, zert);
redundantCerts += 1;
}
// If there is a revocation certificate, and it's older than this, drop it
if (revocation != null
&& revocation.getCreationTime().before(selfCert.getCreationTime())) {
log.add(LogLevel.DEBUG, LogType.MSG_KC_UID_REVOKE_OLD,
indent, userId);
modified = PGPPublicKey.removeCertification(modified, userId, revocation);
revocation = null;
redundantCerts += 1;
}
break;
case PGPSignature.CERTIFICATION_REVOCATION:
// If this is older than the (latest) self cert, drop it
if (selfCert != null && selfCert.getCreationTime().after(zert.getCreationTime())) {
log.add(LogLevel.DEBUG, LogType.MSG_KC_UID_REVOKE_OLD,
indent, userId);
modified = PGPPublicKey.removeCertification(modified, userId, zert);
redundantCerts += 1;
continue;
}
// first revocation? remember it.
if (revocation == null) {
revocation = zert;
// more revocations? at least one is superfluous, then.
} else if (revocation.getCreationTime().before(cert.getCreationTime())) {
log.add(LogLevel.DEBUG, LogType.MSG_KC_UID_REVOKE_DUP,
indent, userId);
modified = PGPPublicKey.removeCertification(modified, userId, revocation);
redundantCerts += 1;
revocation = zert;
} else {
log.add(LogLevel.DEBUG, LogType.MSG_KC_UID_REVOKE_DUP,
indent, userId);
modified = PGPPublicKey.removeCertification(modified, userId, zert);
redundantCerts += 1;
}
break;
}
} }
switch (type) {
case PGPSignature.DEFAULT_CERTIFICATION:
case PGPSignature.NO_CERTIFICATION:
case PGPSignature.CASUAL_CERTIFICATION:
case PGPSignature.POSITIVE_CERTIFICATION:
if (selfCert == null) {
selfCert = zert;
} else if (selfCert.getCreationTime().before(cert.getCreationTime())) {
log.add(LogLevel.DEBUG, LogType.MSG_KC_UID_CERT_DUP,
indent, userId);
modified = PGPPublicKey.removeCertification(modified, userId, selfCert);
redundantCerts += 1;
selfCert = zert;
} else {
log.add(LogLevel.DEBUG, LogType.MSG_KC_UID_CERT_DUP,
indent, userId);
modified = PGPPublicKey.removeCertification(modified, userId, zert);
redundantCerts += 1;
}
// If there is a revocation certificate, and it's older than this, drop it
if (revocation != null
&& revocation.getCreationTime().before(selfCert.getCreationTime())) {
log.add(LogLevel.DEBUG, LogType.MSG_KC_UID_REVOKE_OLD,
indent, userId);
modified = PGPPublicKey.removeCertification(modified, userId, revocation);
revocation = null;
redundantCerts += 1;
}
break;
case PGPSignature.CERTIFICATION_REVOCATION:
// If this is older than the (latest) self cert, drop it
if (selfCert != null && selfCert.getCreationTime().after(zert.getCreationTime())) {
log.add(LogLevel.DEBUG, LogType.MSG_KC_UID_REVOKE_OLD,
indent, userId);
modified = PGPPublicKey.removeCertification(modified, userId, zert);
redundantCerts += 1;
continue;
}
// first revocation? remember it.
if (revocation == null) {
revocation = zert;
// more revocations? at least one is superfluous, then.
} else if (revocation.getCreationTime().before(cert.getCreationTime())) {
log.add(LogLevel.DEBUG, LogType.MSG_KC_UID_REVOKE_DUP,
indent, userId);
modified = PGPPublicKey.removeCertification(modified, userId, revocation);
redundantCerts += 1;
revocation = zert;
} else {
log.add(LogLevel.DEBUG, LogType.MSG_KC_UID_REVOKE_DUP,
indent, userId);
modified = PGPPublicKey.removeCertification(modified, userId, zert);
redundantCerts += 1;
}
break;
}
} }
// If no valid certificate (if only a revocation) remains, drop it // If no valid certificate (if only a revocation) remains, drop it
@ -510,7 +511,7 @@ public class UncachedKeyRing {
} }
// If NO user ids remain, error out! // If NO user ids remain, error out!
if (!modified.getUserIDs().hasNext()) { if (modified == null || !modified.getUserIDs().hasNext()) {
log.add(LogLevel.ERROR, LogType.MSG_KC_ERROR_NO_UID, indent); log.add(LogLevel.ERROR, LogType.MSG_KC_ERROR_NO_UID, indent);
return null; return null;
} }
@ -817,7 +818,13 @@ public class UncachedKeyRing {
// Copy over all user id certificates // Copy over all user id certificates
for (String userId : new IterableIterator<String>(key.getUserIDs())) { for (String userId : new IterableIterator<String>(key.getUserIDs())) {
for (PGPSignature cert : new IterableIterator<PGPSignature>(key.getSignaturesForID(userId))) { @SuppressWarnings("unchecked")
Iterator<PGPSignature> signaturesIt = key.getSignaturesForID(userId);
// no signatures for this User ID, skip it
if (signaturesIt == null) {
continue;
}
for (PGPSignature cert : new IterableIterator<PGPSignature>(signaturesIt)) {
// Don't merge foreign stuff into secret keys // Don't merge foreign stuff into secret keys
if (cert.getKeyID() != masterKeyId && isSecret()) { if (cert.getKeyID() != masterKeyId && isSecret()) {
continue; continue;

View File

@ -128,10 +128,18 @@ public class UncachedPublicKey {
public String getPrimaryUserId() { public String getPrimaryUserId() {
String found = null; String found = null;
PGPSignature foundSig = null; PGPSignature foundSig = null;
// noinspection unchecked
for (String userId : new IterableIterator<String>(mPublicKey.getUserIDs())) { for (String userId : new IterableIterator<String>(mPublicKey.getUserIDs())) {
PGPSignature revocation = null; PGPSignature revocation = null;
for (PGPSignature sig : new IterableIterator<PGPSignature>(mPublicKey.getSignaturesForID(userId))) { @SuppressWarnings("unchecked")
Iterator<PGPSignature> signaturesIt = mPublicKey.getSignaturesForID(userId);
// no signatures for this User ID
if (signaturesIt == null) {
continue;
}
for (PGPSignature sig : new IterableIterator<PGPSignature>(signaturesIt)) {
try { try {
// if this is a revocation, this is not the user id // if this is a revocation, this is not the user id
@ -314,17 +322,21 @@ public class UncachedPublicKey {
public Iterator<WrappedSignature> getSignaturesForId(String userId) { public Iterator<WrappedSignature> getSignaturesForId(String userId) {
final Iterator<PGPSignature> it = mPublicKey.getSignaturesForID(userId); final Iterator<PGPSignature> it = mPublicKey.getSignaturesForID(userId);
return new Iterator<WrappedSignature>() { if (it != null) {
public void remove() { return new Iterator<WrappedSignature>() {
it.remove(); public void remove() {
} it.remove();
public WrappedSignature next() { }
return new WrappedSignature(it.next()); public WrappedSignature next() {
} return new WrappedSignature(it.next());
public boolean hasNext() { }
return it.hasNext(); public boolean hasNext() {
} return it.hasNext();
}; }
};
} else {
return null;
}
} }
} }