From 12b3e967f7d9ec78dad48657225ddb30617b92be Mon Sep 17 00:00:00 2001
From: Jacob Bachmeyer <jcb@gnu.org>
Date: Sat, 1 Jul 2023 16:42:24 -0500
Subject: [PATCH] Add accessor method for reporting key fingerprints from valid
 signatures

---
 gatekeeper.pl | 28 +++++++++++++++++++++++-----
 1 file changed, 23 insertions(+), 5 deletions(-)

diff --git a/gatekeeper.pl b/gatekeeper.pl
index abd1194..48d8156 100755
--- a/gatekeeper.pl
+++ b/gatekeeper.pl
@@ -1638,6 +1638,7 @@ sub read_directive_from_string {
   sub target_directory;
 
   sub auth_keyrings;
+  sub auth_signature_fingerprints;
 
   sub parse;
   sub auth_check;
@@ -1776,6 +1777,15 @@ sub read_directive_from_string {
     ::check_replay($self->{oplist}, $dsig_info->{sig_creation});
   }
 
+  sub auth_signature_fingerprints {
+    my $self = shift;
+
+    return ()
+      unless $self->{auth_directive_signature_info}
+	&& $self->{auth_directive_signature_info}{key_fingerprint};
+    return $self->{auth_directive_signature_info}{key_fingerprint};
+  }
+
   sub upload_check { }
 
   sub install {
@@ -1829,6 +1839,18 @@ sub read_directive_from_string {
     ::check_signature_timestamp(file => $fsig_info->{sig_creation});
   }
 
+  sub auth_signature_fingerprints {
+    my $self = shift;
+
+    my @fprs = $self->SUPER::auth_signature_fingerprints;
+
+    push @fprs, $self->{auth_file_signature_info}{key_fingerprint}
+      if $self->{auth_file_signature_info}
+	&& $self->{auth_file_signature_info}{key_fingerprint};
+
+    return @fprs;
+  }
+
   sub upload_check {
     my $self = shift;
 
@@ -3339,7 +3361,6 @@ foreach my $packet (@packets) {
   # variables preserved for the report if an exception is thrown
   my $directive_text;	# full text of directive
   my $dsig_info;	# directive signature information
-  my $fsig_info;	# file signature information
   my $complete = 0;	# direct flag to indicate successful processing
 
   eval {	# trap exceptions encountered while processing a packet
@@ -3354,7 +3375,6 @@ foreach my $packet (@packets) {
 
     # scaffolding to be cleaned up later
     $dsig_info = $packet->{auth_directive_signature_info};
-    $fsig_info = $packet->{auth_file_signature_info};
 
     $Phase = 'VL';
     $packet->upload_check;
@@ -3381,9 +3401,7 @@ foreach my $packet (@packets) {
     my @email_addresses = directory_email_addresses($packet->target_directory);
 
     # Successfully verifying a signature also yields a key fingerprint.
-    push @email_addresses, keyidx_email($dsig_info->{key_fingerprint});
-    push @email_addresses, keyidx_email($fsig_info->{key_fingerprint})
-      if $fsig_info;
+    push @email_addresses, keyidx_email $packet->auth_signature_fingerprints;
 
     # report success
     if (not $packet->has_uploaded_file) {
-- 
2.25.1