Fixes #5068 - Incorrect fingerprint for PGP key determined

lib/secure_mailing/pgp/tool/parse.rb

@@ -22,6 +22,7 @@ module SecureMailing::PGP::Tool::Parse
     private
 
     def parse_info(data)
+      # https://github.com/gpg/gnupg/blob/master/doc/DETAILS
       info = {
         fingerprint: nil,
         uids:        [],
@@ -30,45 +31,48 @@ module SecureMailing::PGP::Tool::Parse
         secret:      false
       }
 
-      data.split("\n").each_with_index do |chunk, idx|
+      data.split("\n").tap do |chunks|
         # We assume all relevant subkeys [SCE] have the same expiration date.
-        info[:expires_at]  = determine_expires_at(chunk) if idx.zero?
-        info[:created_at]  = determine_created_at(chunk) if idx.zero?
-        info[:secret]      = determine_secret(chunk) if idx.zero?
-        info[:fingerprint] = determine_fingerprint(chunk) if idx == 1
+        dates = chunks.find { |chunk| chunk.start_with?(%r{pub|sec}) }
+        info[:expires_at]  = expires_at(dates)
+        info[:created_at]  = created_at(dates)
 
-        next if !chunk.start_with?('uid')
+        info[:secret] = secret?(chunks)
 
-        info[:uids] << determine_uid(chunk)
+        fpr = chunks.find { |chunk| chunk.start_with?('fpr') }
+        info[:fingerprint] = fingerprint(fpr)
+
+        uids = chunks.select { |chunk| chunk.start_with?('uid') }
+        info[:uids] = uids.map { |uid| uid(uid) }
       end
 
       PGP_KEY_INFO.new(*info.values)
     end
 
-    def determine_expires_at(chunk)
-      timestamp = chunk.split(':').fetch(PGP_KEY_INFO_EXPIRES_AT_TIMESTAMP)
-      return nil if timestamp.blank? || timestamp == '0'
+    def created_at(chunk)
+      timestamp = chunk.split(':').fetch(PGP_KEY_INFO_CREATED_AT_TIMESTAMP)
+      return nil if timestamp == '0'
 
       Time.zone.at(timestamp.to_i)
     end
 
-    def determine_created_at(chunk)
-      timestamp = chunk.split(':').fetch(PGP_KEY_INFO_CREATED_AT_TIMESTAMP)
-      return nil if timestamp == '0'
+    def expires_at(chunk)
+      timestamp = chunk.split(':').fetch(PGP_KEY_INFO_EXPIRES_AT_TIMESTAMP)
+      return nil if timestamp.blank? || timestamp == '0'
 
       Time.zone.at(timestamp.to_i)
     end
 
-    def determine_fingerprint(chunk)
+    def fingerprint(chunk)
       chunk.split(':').last
     end
 
-    def determine_secret(chunk)
-      chunk.start_with?('sec')
+    def uid(chunk)
+      chunk.split(':').fetch(PGP_KEY_INFO_UID)
     end
 
-    def determine_uid(chunk)
-      chunk.split(':').fetch(PGP_KEY_INFO_UID)
+    def secret?(chunks)
+      chunks.any? { |chunk| chunk.start_with?('sec') }
     end
   end
 end

spec/fixtures/files/pgp/zammad@localhost.revoker.created_at

@@ -0,0 +1 @@
+2023-07-05T13:02:07Z

spec/fixtures/files/pgp/zammad@localhost.revoker.data

@@ -0,0 +1 @@
+Hello, World.

spec/fixtures/files/pgp/zammad@localhost.revoker.data.enc.asc

@@ -0,0 +1,18 @@
+-----BEGIN PGP MESSAGE-----
+
+hQIMA1olhvIBk6KWARAAp0etMxHBnd1aRK4fY58CvguVnsvoqYKXCbgPCVvTCW/r
+xcRmbDcntsBeoy4OekPh9jNwHWmlezRQ32H83mL5DcMPRWV5xB90uv+b+prD1ndE
+2p09WQloVLQmD7IK5/niZqcw3dgjV0R6inT2gkZi9WwmP9pwlHvxjFds9bF0CkAf
+q5ZWYnnYRGa649rMuw/t2hoMY327aO84+nTIknYS5eLfbXjAzasNnrmyNm7BypI+
+CgIFdUgJwe+bI+oBB0Nev3Itqq23hpqOY+UumX5NHoAUvqY1QG7yPFc8XvF1u1A9
+sEF1Yzl2uehZUwZNMLL2pkySgsy4syfGpLAbbl2lHSZVtX0Siyc4mMF4yFcKwx/Z
+p3ptZbCUeohcqR49GsuXQvnhDJwSgtTmp7Xrf5dM+RXm4mNgI3PFawBrM3bFohKw
+ewdQdEppt+h8i5ZAnm8uFWyHXq51/yZi1BWZ8IkZhy0dKkTmukF8WOcaGN69QDS+
+8SGpodBcfWYHSBP0zYQUfaQParYehS0xtSISidRiu4cDtwlT+Vt83VCYA9/1rcLL
+FeSdJI5PqOQE5EcxwAcnCSRrpaLfauHgP8/KK0AEQgmPmsZU0nbNqtDEMFiCitgT
+I8cnpLVPAyONs2ddQaIqjlq/2f4Zu44xJUJL6cXyxh9eDNdsOfD1SIRd4Mz5crrS
+ZgGeUNsZa7q3PjKxufleM9wI5wArJ7zDtq4FSqvoYGrOu7iiA+vNQFWaja+l8QoF
+Y+PGGVO/zbMygJe7J58U3v9GjlXyVWtjowJfQxgolVLKiUO1pgJ0zFGtE3kIL+kJ
+FlhDrnkv/A==
+=PWyi
+-----END PGP MESSAGE-----

spec/fixtures/files/pgp/zammad@localhost.revoker.data.sig.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEThDyK3QOy74na3pSWiWG8gGTopYFAmXgjd4ACgkQWiWG8gGT
+opaYcA//RaYj4aqJqRlpyWHKyr0CbHQi5qQKbQsnei28MRVv9egDf/+ZXvB+xn7z
+SlhtX2ntUp+2jHXTMvT/Wv1FegWo+/EYJrfRie7z5QpzPfYZW4LKyGI6ePJmLLHs
+h1Hi+4DLSotRQKap5OZnbMxnGrigPDmSN9VHCoVyMCvPmzlPCRTnqOTfJW5B0qAS
+26BNkzn0L6xAJ7XgZGyPckRa8mqLfTCO5Wf0l53W104NFtuSqUvadEB5XDUEDTn/
+jA/kvDEwwFWmPF+n+eG2jSKCk+jz8TjM/6SInEI4060LQxVqsspyTFDpRvokabgi
+uMt/smxKpnUl2mCUY6PWGE3DkgBeHAMG+QWmic4RzOAqtZY6ZxleTCdIqPMkNCL9
+lSuxnromUCVCMr+SUQbCh3MCa/PwrWZquJQBQfqRnf3R1Nrbdj5vZHF7FUSPqRkX
+lYXDTynbMumeuRVkUnXsYTUBIA1GwGRmk0oQeCuoBmAaz/el13tSiUsH5Abh6P6E
+Ee972EQxzz6x7BcDEwXfzxq9qwT17gqIxfHtIwebAsBI2O+JFxh7N+ObizvkuWHm
+CUwKdIIUJKF9wGhfyxoofOZ18ltMbxXj7T4yhqFaZvy1hOMGgxTOP275ausVrvOi
+WecXjgLrUc5yZQgdszbWoR5MOZuldEDCcn6yiZBwpMYgDQXZCLs=
+=SHQO
+-----END PGP SIGNATURE-----

spec/fixtures/files/pgp/zammad@localhost.revoker.expires_at

@@ -0,0 +1 @@
+2033-07-02T13:02:07Z

spec/fixtures/files/pgp/zammad@localhost.revoker.fingerprint

@@ -0,0 +1 @@
+4E10F22B740ECBBE276B7A525A2586F20193A296

spec/fixtures/files/pgp/zammad@localhost.revoker.passphrase

@@ -0,0 +1 @@
+zammad

spec/fixtures/files/pgp/zammad@localhost.revoker.pub.asc

@@ -0,0 +1,41 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGSlac8BEAC84D3lTlKmCzG4UGcjBvZcW08+yez3/j3Va5vO7kmfwTF+XB5q
+ZH7K8g1PsGGipOLLseS0yml670SZvaEojth1wQwLSDUj/oSyVoJ8yqMNr9sVsSo3
+ASUl5vOGsIXj17WFnUzzahAnvFms9eLodgF80eSETXXqMFRyFztSvvphkyJ+uUeM
+r5EgjwBmbGtYb0BEiyiB7aeCoShRDCOGILL0eyCIDa6LCR+I1Ny00/pl0QeX9mte
+al7TySOu4bLS39r0qlMWvVveJ/mjY5SxFgrq0MvY46D7zLTALH2HEiK2c0/nqZsn
+XSN4RlSE2bQg9Cx35XG/Irh1ySgXtyFV9vEu+dlEWBEqbkHNPcKSrljbLlIUHjin
+b1f036fYASXbgrHolCa+bsNcoRrlmnYJEREnLh8rNnwBy8forRVcH6hVDchqsMqW
+tBWusEPEukZxljEBgtMxqUV/kmN/wfz7zviEL3OkomnpBVsmrFZpDUNAHX8knufe
+U6zY9JkZ78ZRKvIGNZ6E/ULR9QJsnCk9DmggdWkNDrtUVV+MEICwzH6472bnaY2S
+i3NLVlcnAVJa5gE4WBp4WL6ZbnqFF3CAxwb4hl9z5uCj7SBCifO8EirU+j5CJxC5
+7LYvjvB2c8qRoERQEJ1T72p3rfhXbvHdLRufKNeRyV8zFnF93UmJY2ZWvQARAQAB
+iQJOBB8BCgA4FiEEThDyK3QOy74na3pSWiWG8gGTopYFAmXgT4oXDIABxOYgJCD1
+91+ZHx2j36bVNdeLFCoCBwAACgkQWiWG8gGTopYcEhAAmZtQfOoM1vyxWIPiUTdW
+MfSqG8rL2k8UOYuqsDj8wkVX8ID7SaVWqPuUNZe11zDcTo9inhP1frCqdUL30FUM
+pRR3U0801eiLm//vMe8Kd92rgwWmH7/twc2CH+QIf0OQUA3yJVsCbSVcJ/6o9JA5
+2BDgQp+eVmoXMA/5EHtRZ9iaemgKz/clIPcjM6K6aUP3dB3KZ4EksCp9OnV0+PQF
+px92untwdwBaNiRH7q10wD2Y7oUMBNKwHCGodXWfUxpPRHsyf45qk3J5qqdcZCjz
+BD6KEUR+D/B1hK2g27GqXDW+puLbWQ8aPKQYkAYNx7MKyqwfWPDlZs7egnBzVLAl
+lG7OEGVCSfONf0o2QxGqV0KynwNb758OfB2hl2MgIhTiUe4y0VpAKAzW8naysYuy
+60tbd/WoRVwz9QfFvJsREBQV/i7ESYkiIn0UBa/Ob/TVOwnk+3AnAQM6H/mIj9Gj
+ygnOKar0abO/IMnzfVjrchNMOybiZViYRvbkQntR63QCt9Ro2Q0A/YeYuzdrW7aU
+wd37YOv43ML0HgPyhhC3ut/tC3HXcwtJPf9SXDP0SnoWEvAiCdMvLeBKflw1QnRh
+xVYXQlKeP1IMCck2O6sqF6e/TNyZtdyWoxrtctZjFSpSP2bDWyWC7qH3PktJixyn
+pYQ6VmZTxyHIElJR9nZvcHi0EHphbW1hZEBsb2NhbGhvc3SJAlQEEwEIAD4CGw8F
+CRLMAwACF4AWIQROEPIrdA7LvidrelJaJYbyAZOilgUCZL5AswQLCQgHBhUKCQgL
+AgUWAgMBAAIeBQAKCRBaJYbyAZOili+RD/4tPiwPSGzQ3uz9dU6V3HtM/wOLBUsC
+ZtoPbpXsmSsiieFS/+iG7vAnSdG8qzdbG1wMNZYuQsAofgzZTcusNRU6OZQy9ech
+Igp4biW3pwN8llvixa5UrRm2bGd7KX/99pNkrPZmXGlDu1oEFnfmqVKqZx0RG9za
+yeYc3IgZjxN+DIs2opVAfwAvuCKc9DHd1zkVb57Gnwk8VROBRZXgDnRy25Y5lYK2
+Zirdb3t7RpHqNaoHvX3yAmVd+q0/xOz4CRytM7d2eZS/+N2Un0N8PgnlG2iNqh1E
+yBeSJl4ymblBMmLAY2S2jCuhCMSxhNsfbZODG9sysuKmtp1mkomvIcyfDCuly1KX
+qYzIGj6bfG9VoAuXkMoZpCAFDDKyz84Mz5ff/7RxRmha7GGVBK5SMCsxE8iILmor
+WeiQuYBci54f5RP3lM/Q13DcKRZH3f5y9sHJw60hIvYahqu7aKX9bSTmbpJwAO6q
+JaBQVdmuxFST7ZfbNuImpBTTYiyjgyM7JPZvEA7+QmR2jgCwGd7p7s8kTmKafLtO
+aStBuU5t/Njp9Qt+rowldf7qeR3M9AGcMrE+5Urqc/L7uyjGjKu0Mzt/pZPwzXFU
+GnUz7/sxU5qGfeRjsnnuDIWovp6fsdrAk8SAZaKfoQfMISau8lvcnEd5gg/V2Att
+r+B+NI2HMuXKXA==
+=cF8S
+-----END PGP PUBLIC KEY BLOCK-----