From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Mon, 14 Mar 2011 05:08:17 +0000 (-0400)
Subject: make use of PGPExtension in X.509 public key carriers
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=6623d49cdd0655c1a1545e0d1a49785244de010d;p=monkeysphere-validation-agent.git

make use of PGPExtension in X.509 public key carriers
---

diff --git a/Changelog b/Changelog
index ba076ba..03c8069 100644
--- a/Changelog
+++ b/Changelog
@@ -16,8 +16,10 @@ msva-perl (0.9~pre) upstream;
   * Now depending on Crypt::X509 0.50 for pubkey components directly.
   * Crypt::Monkeysphere::OpenPGP for helper functions in
     packet generation and parsing.
+  * Parse and make use of X.509 PGPExtension if present in X.509 public
+    key carrier.
 
- -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Fri, 11 Mar 2011 01:24:55 -0500
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net>  Mon, 14 Mar 2011 01:07:50 -0400
 
 msva-perl (0.8) upstream;
 
diff --git a/Crypt/Monkeysphere/MSVA.pm b/Crypt/Monkeysphere/MSVA.pm
index 5c48fa1..0b71816 100755
--- a/Crypt/Monkeysphere/MSVA.pm
+++ b/Crypt/Monkeysphere/MSVA.pm
@@ -38,6 +38,7 @@
   use Crypt::Monkeysphere::Logger;
   use Crypt::Monkeysphere::Util qw(untaint);
   use Crypt::Monkeysphere::MSVA::Monitor;
+  use Crypt::Monkeysphere::OpenPGP;
 
   use JSON;
   use POSIX qw(strftime);
@@ -442,6 +443,16 @@
         if (! defined $key) {
           msvalog('verbose', "failed to decode %s\n", unpack('H*', $cert->pubkey()));
           $key = {error => 'failed to decode the public key'};
+        } else {
+          # ensure these are Math::BigInts!
+          $key->{exponent} = Math::BigInt::->new($key->{exponent}) unless (ref($key->{exponent}));
+          $key->{modulus} = Math::BigInt::->new($key->{modulus}) unless (ref($key->{modulus}));
+
+          my $pgpext = $cert->PGPExtension();
+          if (defined $pgpext) {
+            $key->{openpgp4fpr} = Crypt::Monkeysphere::OpenPGP::fingerprint($key, $pgpext);
+            msvalog('verbose', "OpenPGP Fingerprint (derived from X.509 cert): 0x%s\n", uc(unpack("H*", $key->{openpgp4fpr})));
+          }
         }
       }
     }
@@ -625,7 +636,6 @@
       if ($data->{pkc}->{data} =~ /^(0x)?([[:xdigit:]]{40})$/) {
 	$data->{pkc}->{data} = uc($2);
 	$fpr = $data->{pkc}->{data};
-	msvalog('verbose', "OpenPGP v4 fingerprint: %s\n",$fpr);
       } else {
 	msvalog('error', "invalid OpenPGP v4 fingerprint: %s\n",$data->{pkc}->{data});
 	$ret->{message} = sprintf("Invalid OpenPGP v4 fingerprint.");
@@ -638,7 +648,11 @@
 	$ret->{message} = $key->{error};
 	return $status,$ret;
       }
+      $fpr = uc(unpack('H*', $key->{openpgp4fpr}))
+        if (exists $key->{openpgp4fpr});
     }
+    msvalog('verbose', "OpenPGP v4 fingerprint: %s\n",$fpr)
+      if defined $fpr;
 
     # determine keyserver policy
     my $kspolicy;