From 6492f127b8decb19ad1fe4b5552cc31b4ababb5d Mon Sep 17 00:00:00 2001 From: joe Date: Sat, 10 May 2014 22:40:26 -0400 Subject: oops, added cert parsing to readKeyFromFile. Also: code comments. --- KeyRing.hs | 39 ++++++++++++++++++++++++++++----------- 1 file changed, 28 insertions(+), 11 deletions(-) diff --git a/KeyRing.hs b/KeyRing.hs index adbf23c..18dc60d 100644 --- a/KeyRing.hs +++ b/KeyRing.hs @@ -1462,7 +1462,7 @@ readSecretPEMFile fname = do -- Therefore, we should attempt to preserve it. timestamp <- getInputFileTime ctx fname input <- readInputFileL ctx fname - let dta = catMaybes $ scanAndParse pkcs1 $ Char8.lines input + let dta = catMaybes $ scanAndParse (pkcs1 <> cert) $ Char8.lines input pkcs1 = fmap (parseRSAPrivateKey . pemBlob) $ pemParser $ Just "RSA PRIVATE KEY" cert = fmap (fmap (PEMPacket . pcertKey) . parseCertBlob False . pemBlob) @@ -1504,9 +1504,16 @@ doImport doDecrypt db (fname,subspec,ms,_) = do flip (maybe $ return CannotImportMasterKey) subspec $ \tag -> do ps <- readSecretPEMFile (ArgFile fname) - foldM (importPemThing tag) (KikiSuccess (db,[])) ps + let (mapMaybe spemCert -> certs,mapMaybe spemPacket-> keys) + = partition (isJust . spemCert) ps + -- TODO Probably we need to move to a new design where signature + -- packets are merged into the database in one phase with null + -- signatures, and then the signatures are made in the next phase. + -- This would let us merge annotations (like certificates) from + -- seperate files. + foldM (importPEMKey tag certs) (KikiSuccess (db,[])) keys where - importPemThing tag prior (PEMPacket key) = do + importPEMKey tag certs prior key = do try prior $ \(db,report) -> do let (m0,tailms) = splitAt 1 ms if (not (null tailms) || null m0) @@ -1515,13 +1522,6 @@ doImport doDecrypt db (fname,subspec,ms,_) = do r <- doImportG doDecrypt db m0 tag fname key try r $ \(db',report') -> do return $ KikiSuccess (db',report++report') - importPemThing tag prior (PEMCertificate cert) = do - -- TODO Probably we need to move to a new design where signature - -- packets are merged into the database in one phase with null - -- signatures, and then the signatures are made in the next phase. - -- This would let us merge annotations (like certificates) from - -- seperate files. - return prior doImportG :: Ord k => @@ -1589,6 +1589,7 @@ doImportG doDecrypt db m0 tag fname key = do wk = packet top (xs',minsig,ys') = findTag tag wk key subsigs doInsert mbsig db = do + -- NEW SUBKEY BINDING SIGNATURE sig' <- makeSig doDecrypt top fname subkey_p tag mbsig try sig' $ \(sig',report) -> do report <- return $ fmap (fname,) report ++ [(fname, YieldSignature)] @@ -2512,8 +2513,13 @@ readPacketsFromFile ctx fname = do return $ decode input #endif +-- | Get the time stamp of a signature. +-- +-- Warning: This function checks unhashed_subpackets if no timestamp occurs in +-- the hashed section. TODO: change this? +-- signature_time :: SignatureOver -> Word32 -signature_time ov = case if null cs then ds else cs of +signature_time ov = case (if null cs then ds else cs) of [] -> minBound xs -> maximum xs where @@ -2535,6 +2541,17 @@ splitAtMinBy comp xs = minimumBy comp' xxs +-- | Given a usage@ tag, the working master key, one of its subkeys and a list +-- of signatures on that subkey, yields: +-- +-- * preceding list of signatures +-- +-- * The most recent valid signature made by the working key along with a +-- flag that indicates whether or not the given usage tag occurs in it or, +-- if no valid signature from the working key is present, Nothing. +-- +-- * following list of signatures +-- findTag :: String -> Packet -- cgit v1.2.3