Commits

Kristian Fiskerstrand committed 8f7efb9

Add check if upload is a revocation certificate, and if it is, produce an error message tailored for this

Comments (0)

Files changed (3)

                               plerror 2 "key %s %s"
                                 (KeyHash.hexify (KeyHash.hash origkey))
                                 "could not be parsed by KeyMerge.canonicalize"
+                          | Fixkey.Standalone_revocation_certificate ->
+                               cout#write_string ("Add failed: This is a stand-alone " ^
+                                                  "revocation certificate. Revocation " ^
+                                                  "certificates should be imported to a " ^
+                                                  "public key before being published to " ^
+                                                  "a keyserver");
                           | Bdb.Key_exists as e ->
                               cout#write_string
                               ("Add failed: identical key already " ^
 module Map = PMap.Map
 
 exception Bad_key
+exception Standalone_revocation_certificate
 
 
 (** list of filters currently applied on incoming keys.  Filter types are
 (** Returns canonicalized version of key.  Raises Bad_key if key should simply
   be discarded
 *)
+let is_revocation_signature pack =
+   match pack.packet_type with
+    | Signature_Packet ->
+      let parsed_signature = ParsePGP.parse_signature pack in
+       let result = match parsed_signature with
+         | V3sig s -> (match (int_to_sigtype s.v3s_sigtype) with
+           | Key_revocation_signature | Subkey_revocation_signature
+             | Certification_revocation_signature -> true
+           | _ -> false)
+         | V4sig s -> (match (int_to_sigtype s.v4s_sigtype) with
+           | Key_revocation_signature | Subkey_revocation_signature
+             | Certification_revocation_signature -> true
+           | _ -> false)
+         in
+         result
+    | _ -> false
+
 let canonicalize key =
+  if is_revocation_signature (List.hd key)
+    then raise Standalone_revocation_certificate;
   try KeyMerge.dedup_key key
   with KeyMerge.Unparseable_packet_sequence -> raise Bad_key
 
 exception Bad_key
+exception Standalone_revocation_certificate
 val filters : string list
 val get_keypacket : KeyMerge.pkey -> Packet.packet
 val ( |= ) : ('a, 'b) PMap.Map.t -> 'a -> 'b