Commit 4c7418a2 authored by Raphaël Hertzog's avatar Raphaël Hertzog

verify_signature: deals with keys without any email at all

Actually the real case is a broken key where the email has been input
in the "name" field instead of the "email" field but I don't want to add
extra code to support such broken keys, so this commit simply avoids
the error and logs the existence of the broken key.
parent a314a617
-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: Signed by Raphael Hertzog
mQGNBF1veIsBDADTAeM9IoQRk6nxxELuZpczN8mRc1PylPr0yP8AfZVwknoWomjA
WHyezCSuN94xAN24QTpqOlktWZbjXzYsUr99OKcvgjIgACD6b/75wJlASlHkuYIN
AXwgmqispP2vCrJMXO+7D9bBU9qASXxdwkKFjGUIhgXL3pICCRb0xDaLggZXyG9Z
4xeXne1V3s9DfAI+04vo4nq8LVee65wVPWI4RDWe6BHKvTkaiLyKNw8nvdkPePqL
OK8GuJcPtjLRwSEUVYy0aTvxiG0pYoyPka02J3PcvaCRCk6h5hfel0wbrr8TlWpx
8MPQ+tXp4n5kZ1mSLc8VThq0oz4vSpBDUKGpliYqIJ6Wtx3L3IjgjWuTZ+FPim/5
JrCFGZ44MW3ZTDcTnBD9jjMq7zHQ9foOTDBZEwlErGeiZ6dye8p9n7zetZIQO/J4
xvVMMEagDWIXasMVJX1dpaMC+0z41n1HzO78KUx+MkWciFTLG0zdOLlYK0xnf2wj
3x7zmZ2s1ud4awEAEQEAAbQLSnVzdCBBIE5hbWWJAdQEEwEKAD4WIQQWD/U3/Uq/
zJ8qM5F48rtcikcDTAUCXW94iwIbAwUJA8JnAAULCQgHAwUVCgkICwUWAgMBAAIe
AQIXgAAKCRB48rtcikcDTOiDDACshi4paqxibT6lIg2fyncy+FvH9tMwi6zsIr0g
599Wg6IFt1k5L0VN/eBAjfxeqhUxUAb97R3cytq2OEP5tnqZsp1D4jdKwrVSPd7x
6K1IuhXsB2rH133Xq5WKspEfwKmD4Pc8LyIbw/vAUMLSolSb3xGgxw9ywxYkueAH
9i4zcQyLUbIRFAKwxPo2zSNC8H55AWzNFhh24QD8ZmmZLh8odI75SM0eo9pLG/Xs
2UY0n/MhNRuBu1XW2GVX2pym+OUG9AVz8dhdCbQddsJF4G7qp0YcLr2/CXD24oDO
01O6/ACfk5Tp1rk9bp8TN/dWcGRLESEeegpEhLilcwLYgDV0y6cb+qKW9oqq+3YN
SYwInaHV3owazKMlWnqpmRRJ4DA3B9f/e66Ya+gA1rPZGlGVprEaDiiJMQJpNYys
yPf+xpU9AiXx8nWu4Nl9B+eoikCPyZoMU8EN/IQnwFcfS67JVWXjuXdkHoIXXZkq
d8g1D0hWgKDc3i5HJLLsR5DkdqS5AY0EXW94iwEMAM6FhBQSMpcwcMYQ/DL0h3Sr
/n0XRTuqgwWlp1P6kkq5JFtwh/EilMf6qi0Pzqf1jA+J9G5Nq4ZbFGB4WBxArUL4
5stHnZoO7qXCBgqwm5Yz0Q6TvxKtk8dUOFC541SJnaKyndh1GOjGiKG/WPndw7or
+J6nRQHirG1ulk7f9bP7dQv7LmRScxOC2lpixUdZVgQ9H+EMF5X3nKA9uGuNjYZx
VfDeJ3MgAFWNuyzX+IZuYwtU5OYa7t1jKAiUfQepJnK/QPZKBmwoZzGM+UIXWwUQ
2qO914P95Tqd9Ojb+1kVgd9xBFZKwQkzHJ8Ox+QafsRBSLD39HU3hDUEDfAKKnIp
e2sq+R8Smq9WoA/IZnc69kPmyGP4u0FpjnZSGKNHg2t8+0lpaxz+HQ1RhIZMYkMZ
wIlfsNDgyPLkU8rzvCBLAWRGJAEXQJY2ZrhMmbpSrSft3IQnUM1WJQJaBYlhj+oy
wZlr8/bT5zwDt+slTLQSfX1Xc8OfU2T6wpz29DuEQwARAQABiQG8BBgBCgAmFiEE
Fg/1N/1Kv8yfKjORePK7XIpHA0wFAl1veIsCGwwFCQPCZwAACgkQePK7XIpHA0y9
dAv7BX2uUfKd+oehYfda4LcLXpUJpbrKYPYkEQ8XZcdLyxLSLGMgiFqZ0cThPtOA
mWnP0khHMKkz2owz9CjorHjo4829QmEwxfXrGLKJJUSGzrVQlLPq3DH72xnsByxE
i3X0nOGq2dafewJyTADRtuXB6P40pQDC1bNmXqak/YAPu9JxbhVpYMy5ZRpOpxQc
O3IjVDhw13UbxZzotdw/4IdCXFpUvHBNsN7wVJMra2PcY65SdsI3jGAl/4CExdNO
mnQamarxgpYU5BRqbqicfSmJFqfzXySlXumTQt0nM10S8pE3SoxMZD3ZNauT626o
qswGzuyuXdwbw63FMosASWdllwgfLAnnraurQ+SqggA+u2jcO8hbebrCqhVy4Ozg
Uq79Tntsk06NN8XoedLRaSVqzgamfyPdgG8EFvKDF02ATZm1o2T3j4CK1Ix/QGar
7w9C74+hbShivMt2M/xUd3pHYz5LaCH5YHniufa+I5JwaDnzZNI4OZ+VsM5vRmxI
NlYt
=0ssl
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Key 3 has no identity with any email... we should deal with that as well. Shrug.
-----BEGIN PGP SIGNATURE-----
Comment: Signed by Raphael Hertzog
iQGzBAEBCgAdFiEEFg/1N/1Kv8yfKjORePK7XIpHA0wFAl1vehMACgkQePK7XIpH
A0xAdQv+Lb6ATE9XLuetmrYstfRAOrVrczWsVzPrqes/x5ZNpg/TOUGtsaXmofnp
rPQrJI3g2eBewgPqKkUjooEa/mwpCo8SSp+FYJbmpJxrBOqd+B6WbrNFbWK8wzEP
g9HLPxFdAFefP13yfmBtNvBFTB4E1oefj+V+2XnaYoecQgd91VHna7AKhuswh/tq
xh5Qw7emEXCGN1H9gWiKzvTFqQha3q45kL0p+snmLgW+tC44aijddiNTKVdXfQ5Z
OajyuMXRlNQbahAVmG4k2SD5dJ6EX9YUj18JxkFzm05TTkAhFfiRNyAYoo+d+4YH
SVK4r9WqUC7pfw7LoVuHw7zBFrtXk6AjJpllS30rBC/hXOeXkdAwOxSITVI5ATiH
UVgVufYIxg3uiZscYHfJbRfB/SgqHNMDsOEz9hxuBGYPVy1O0gFk7AQDmtbnynBS
V63beUqKD5ko3Qtb3urWjIzLZZq9yoG7/IKb1NDa/ckePxbrwTrbaXOK4PldnGbj
3hwZSq13
=NwlE
-----END PGP SIGNATURE-----
......@@ -1270,6 +1270,19 @@ class VerifySignatureTest(SimpleTestCase):
with open(file_path, 'rb') as f:
self.assertEqual(expected, verify_signature(f.read()))
@mock.patch('distro_tracker.core.utils.logger_input')
def test_key_without_any_email(self, logger):
"""Ensure that we deal properly with keys without emails."""
self.import_key_into_keyring('key3.pub')
file_path = self.get_test_data_path('signed-message-with-key3')
# No identity is returned
with open(file_path, 'rb') as f:
self.assertEqual([], verify_signature(f.read()))
# A message is logged about this bad key
self.assertTrue(logger.warning.called)
class DecodeHeaderTest(SimpleTestCase):
"""
......
......@@ -10,6 +10,7 @@
"""Various utilities for the distro-tracker project."""
import datetime
import json
import logging
import os
from django.conf import settings
......@@ -28,6 +29,8 @@ from .email_messages import extract_email_address_from_header # noqa
from .email_messages import get_decoded_message_payload # noqa
from .email_messages import message_from_bytes # noqa
logger_input = logging.getLogger('distro_tracker.input')
def get_or_none(model, **kwargs):
"""
......@@ -253,7 +256,12 @@ def verify_signature(content):
if not selected_uid:
selected_uid = _select_uid_in_key(key)
signers.append((selected_uid.name, selected_uid.email))
if selected_uid:
signers.append((selected_uid.name, selected_uid.email))
else:
logger_input.warning(
'Key %s has no valid UID (name=%s email=%s)', signature.fpr,
key.uids[0].name, key.uids[0].email)
return signers
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment