accept primary key binding signatures as signed subpackets (fixes #2113)

2017-05-25 19:40:23 +02:00
parent 5a02488e52
commit 118b7b56a8
1 changed files with 32 additions and 13 deletions
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java
@@ -947,7 +947,8 @@ public class UncachedKeyRing {
                    // If this key can sign, it MUST have a primary key binding certificate
                    if (needsPrimaryBinding) {
                        boolean ok = false;
-                        if (zert.getUnhashedSubPackets() != null) try {
+                        try {
+                            if (zert.getUnhashedSubPackets() != null) {
                                // Check all embedded signatures, if any of them fits
                                PGPSignatureList list = zert.getUnhashedSubPackets().getEmbeddedSignatures();
                                for (int i = 0; i < list.size(); i++) {
@@ -963,6 +964,24 @@ public class UncachedKeyRing {
                                        }
                                    }
                                }
+                            }
+                            if (!ok) {
+                                // Check all embedded signatures, if any of them fits
+                                PGPSignatureList list = zert.getHashedSubPackets().getEmbeddedSignatures();
+                                for (int i = 0; i < list.size(); i++) {
+                                    WrappedSignature subsig = new WrappedSignature(list.get(i));
+                                    if (subsig.getSignatureType() == PGPSignature.PRIMARYKEY_BINDING) {
+                                        subsig.init(key);
+                                        if (subsig.verifySignature(masterKey, key)) {
+                                            ok = true;
+                                        } else {
+                                            log.add(LogType.MSG_KC_SUB_PRIMARY_BAD, indent);
+                                            badCerts += 1;
+                                            continue uids;
+                                        }
+                                    }
+                                }
+                            }
                        } catch (Exception e) {
                            log.add(LogType.MSG_KC_SUB_PRIMARY_BAD_ERR, indent);
                            badCerts += 1;