From ca44b47053cc6ea39f6ea56dab98b5cbf504dad4 Mon Sep 17 00:00:00 2001
From: Zdenek Prikryl <zprikryl@redhat.com>
Date: Thu, 20 Aug 2009 17:43:59 +0200
Subject: fixed signature check

---
 lib/MiddleWare/RPM.cpp    | 36 ++++++++++++++++++++++++++----------
 src/Daemon/MiddleWare.cpp | 10 +++++++---
 2 files changed, 33 insertions(+), 13 deletions(-)

diff --git a/lib/MiddleWare/RPM.cpp b/lib/MiddleWare/RPM.cpp
index 7a77318..6659457 100644
--- a/lib/MiddleWare/RPM.cpp
+++ b/lib/MiddleWare/RPM.cpp
@@ -40,21 +40,37 @@ bool CRPM::CheckFingerprint(const std::string& pPackage)
     rpmts ts = rpmtsCreate();
     rpmdbMatchIterator iter = rpmtsInitIterator(ts, RPMTAG_NAME, pPackage.c_str(), 0);
     Header header;
+
     if ((header = rpmdbNextIterator(iter)) != NULL)
     {
-        if (headerIsEntry(header, RPMTAG_SIGGPG))
+        rpmTag rpmTags[] = { RPMTAG_DSAHEADER, RPMTAG_RSAHEADER, RPMTAG_SHA1HEADER };
+        int ii;
+        for (ii = 0; ii < 3; ii++)
         {
-            char* headerFingerprint;
-            rpmtd td = rpmtdNew();
-            headerGet(header, RPMTAG_SIGGPG, td, HEADERGET_DEFAULT);
-            headerFingerprint = pgpHexStr((const uint8_t*)td->data + 9, sizeof(pgpKeyID_t));
-            rpmtdFree(td);
-            if (headerFingerprint != NULL)
+            if (headerIsEntry(header, rpmTags[ii]))
             {
-                if (m_setFingerprints.find(headerFingerprint) != m_setFingerprints.end())
+                rpmtd td = rpmtdNew();
+                headerGet(header, rpmTags[ii] , td, HEADERGET_DEFAULT);
+                char* pgpsig = rpmtdFormat(td, RPMTD_FORMAT_PGPSIG , NULL);
+                if (pgpsig)
                 {
-                    free(headerFingerprint);
-                    ret = true;
+                    std::string PGPSignatureText = pgpsig;
+                    free(pgpsig);
+
+                    if (PGPSignatureText.find(" Key ID ") != std::string::npos)
+                    {
+                        std::string headerFingerprint = PGPSignatureText.substr(PGPSignatureText.find(" Key ID ") + sizeof (" Key ID ") - 1);
+
+                        rpmtdFree(td);
+                        if (headerFingerprint != "")
+                        {
+                            if (m_setFingerprints.find(headerFingerprint) != m_setFingerprints.end())
+                            {
+                                ret = true;
+                                break;
+                            }
+                        }
+                    }
                 }
             }
         }
diff --git a/src/Daemon/MiddleWare.cpp b/src/Daemon/MiddleWare.cpp
index 4cfd86d..44ddb2d 100644
--- a/src/Daemon/MiddleWare.cpp
+++ b/src/Daemon/MiddleWare.cpp
@@ -415,10 +415,14 @@ CMiddleWare::mw_result_t CMiddleWare::SavePackageDescriptionToDebugDump(const st
         }
         if (m_bOpenGPGCheck)
         {
-            if (!m_RPM.CheckFingerprint(packageName) ||
-                !m_RPM.CheckHash(packageName, pExecutable))
+            if (!m_RPM.CheckFingerprint(packageName))
             {
-                comm_layer_inner_debug("Can not find package");
+                comm_layer_inner_debug("package isn't signed with proper key");
+                return MW_GPG_ERROR;
+            }
+            if (!m_RPM.CheckHash(packageName, pExecutable))
+            {
+                comm_layer_inner_debug("executable has bad hash");
                 return MW_GPG_ERROR;
             }
         }
-- 
cgit