oops, added cert parsing to readKeyFromFile. Also: code comments.

1 files changed, 28 insertions, 11 deletions

diff --git a/KeyRing.hs b/KeyRing.hs
index adbf23c..18dc60d 100644
--- a/KeyRing.hs
+++ b/KeyRing.hs
@@ -1462,7 +1462,7 @@ readSecretPEMFile fname = do
     --       Therefore, we should attempt to preserve it.
     timestamp <- getInputFileTime ctx fname
     input <- readInputFileL ctx fname
-    let dta = catMaybes $ scanAndParse pkcs1 $ Char8.lines input
+    let dta = catMaybes $ scanAndParse (pkcs1 <> cert) $ Char8.lines input
         pkcs1 = fmap (parseRSAPrivateKey . pemBlob)
                     $ pemParser $ Just "RSA PRIVATE KEY"
         cert  = fmap (fmap (PEMPacket . pcertKey) . parseCertBlob False . pemBlob)
@@ -1504,9 +1504,16 @@ doImport doDecrypt db (fname,subspec,ms,_) = do
     flip (maybe $ return CannotImportMasterKey)
          subspec $ \tag -> do
     ps <- readSecretPEMFile (ArgFile fname)
-    foldM (importPemThing tag) (KikiSuccess (db,[])) ps
+    let (mapMaybe spemCert -> certs,mapMaybe spemPacket-> keys)
+            = partition (isJust . spemCert) ps
+    -- TODO Probably we need to move to a new design where signature
+    -- packets are merged into the database in one phase with null
+    -- signatures, and then the signatures are made in the next phase.
+    -- This would let us merge annotations (like certificates) from
+    -- seperate files.
+    foldM (importPEMKey tag certs) (KikiSuccess (db,[])) keys
  where
-    importPemThing tag prior (PEMPacket key) = do
+    importPEMKey tag certs prior key = do
         try prior $ \(db,report) -> do
         let (m0,tailms) = splitAt 1 ms
         if (not (null tailms) || null m0)
@@ -1515,13 +1522,6 @@ doImport doDecrypt db (fname,subspec,ms,_) = do
                 r <- doImportG doDecrypt db m0 tag fname key
                 try r $ \(db',report') -> do
                 return $ KikiSuccess (db',report++report')
-    importPemThing tag prior (PEMCertificate cert) = do
-        -- TODO Probably we need to move to a new design where signature
-        -- packets are merged into the database in one phase with null
-        -- signatures, and then the signatures are made in the next phase.
-        -- This would let us merge annotations (like certificates) from
-        -- seperate files.
-        return prior
 
 doImportG
   :: Ord k =>
@@ -1589,6 +1589,7 @@ doImportG doDecrypt db m0 tag fname key = do
         wk = packet top
         (xs',minsig,ys') = findTag tag wk key subsigs
         doInsert mbsig db = do
+            -- NEW SUBKEY BINDING SIGNATURE
             sig' <- makeSig doDecrypt top fname subkey_p tag mbsig
             try sig' $ \(sig',report) -> do
             report <- return $ fmap (fname,) report ++ [(fname, YieldSignature)]
@@ -2512,8 +2513,13 @@ readPacketsFromFile ctx fname = do
     return $ decode input
 #endif
 
+-- | Get the time stamp of a signature.
+--
+-- Warning: This function checks unhashed_subpackets if no timestamp occurs in
+-- the hashed section.  TODO: change this?
+--
 signature_time :: SignatureOver -> Word32
-signature_time ov = case if null cs then ds else cs of
+signature_time ov = case (if null cs then ds else cs) of
                                 [] -> minBound
                                 xs -> maximum xs
           where
@@ -2535,6 +2541,17 @@ splitAtMinBy comp xs = minimumBy comp' xxs
 
 
 
+-- | Given a usage@ tag, the working master key, one of its subkeys and a list
+-- of signatures on that subkey, yields:
+--
+--   * preceding list of signatures
+--
+--   * The most recent valid signature made by the working key along with a
+--   flag that indicates whether or not the given usage tag occurs in it or,
+--   if no valid signature from the working key is present, Nothing.
+--
+--   * following list of signatures
+--
 findTag ::
   String
   -> Packet