From c57374689602edd3505d81bea78cd0bafc538c5c Mon Sep 17 00:00:00 2001
From: Andrey Smirnov <Smirnov.Andrey@gmail.com>
Date: Thu, 19 Mar 2015 01:36:39 +0300
Subject: [PATCH] Refactor to get Keys from Changes. #71

---
 deb/changes.go        |  5 ++++-
 deb/uploaders.go      |  6 +++---
 deb/uploaders_test.go | 16 ++++++++--------
 3 files changed, 15 insertions(+), 12 deletions(-)

diff --git a/deb/changes.go b/deb/changes.go
index e6db987d..7f5bac3e 100644
--- a/deb/changes.go
+++ b/deb/changes.go
@@ -22,6 +22,7 @@ type Changes struct {
 	Binary                []string
 	Architectures         []string
 	Stanza                Stanza
+	SignatureKeys         []utils.GpgKey
 }
 
 // NewChanges moves .changes file into temporary directory and creates Changes structure
@@ -67,11 +68,13 @@ func (c *Changes) VerifyAndParse(acceptUnsigned, ignoreSignature bool, verifier
 	}
 
 	if isClearSigned && !ignoreSignature {
-		_, err = verifier.VerifyClearsigned(input, false)
+		keyInfo, err := verifier.VerifyClearsigned(input, false)
 		if err != nil {
 			return err
 		}
 		input.Seek(0, 0)
+
+		c.SignatureKeys = keyInfo.GoodKeys
 	}
 
 	var text *os.File
diff --git a/deb/uploaders.go b/deb/uploaders.go
index c6c548b3..37f30add 100644
--- a/deb/uploaders.go
+++ b/deb/uploaders.go
@@ -47,11 +47,11 @@ func (u *Uploaders) ExpandGroups(items []string) []string {
 }
 
 // IsAllowed checks whether listed keys are allowed to upload given .changes file
-func (u *Uploaders) IsAllowed(keys []utils.GpgKey, changes *Changes) bool {
+func (u *Uploaders) IsAllowed(changes *Changes) bool {
 	for _, rule := range u.Rules {
 		if rule.CompiledCondition.Matches(changes) {
 			deny := u.ExpandGroups(rule.Deny)
-			for _, key := range keys {
+			for _, key := range changes.SignatureKeys {
 				for _, item := range deny {
 					if item == "*" || key.Matches(utils.GpgKey(item)) {
 						return false
@@ -60,7 +60,7 @@ func (u *Uploaders) IsAllowed(keys []utils.GpgKey, changes *Changes) bool {
 			}
 
 			allow := u.ExpandGroups(rule.Allow)
-			for _, key := range keys {
+			for _, key := range changes.SignatureKeys {
 				for _, item := range allow {
 					if item == "*" || key.Matches(utils.GpgKey(item)) {
 						return true
diff --git a/deb/uploaders_test.go b/deb/uploaders_test.go
index 5f90706d..28477251 100644
--- a/deb/uploaders_test.go
+++ b/deb/uploaders_test.go
@@ -58,22 +58,22 @@ func (s *UploadersSuite) TestIsAllowed(c *C) {
 	}
 
 	// no keys - not allowed
-	c.Check(u.IsAllowed([]utils.GpgKey{}, &Changes{Stanza: Stanza{"Source": "calamares"}}), Equals, false)
+	c.Check(u.IsAllowed(&Changes{SignatureKeys: []utils.GpgKey{}, Stanza: Stanza{"Source": "calamares"}}), Equals, false)
 
 	// no rule - not allowed
-	c.Check(u.IsAllowed([]utils.GpgKey{"37E1C17570096AD1", "EC4B033C70096AD1"}, &Changes{Stanza: Stanza{"Source": "unknown-calamares"}}), Equals, false)
+	c.Check(u.IsAllowed(&Changes{SignatureKeys: []utils.GpgKey{"37E1C17570096AD1", "EC4B033C70096AD1"}, Stanza: Stanza{"Source": "unknown-calamares"}}), Equals, false)
 
 	// first rule: allow anyone do stuff with calamares
-	c.Check(u.IsAllowed([]utils.GpgKey{"ABCD1234", "1234ABCD"}, &Changes{Stanza: Stanza{"Source": "calamares"}}), Equals, true)
+	c.Check(u.IsAllowed(&Changes{SignatureKeys: []utils.GpgKey{"ABCD1234", "1234ABCD"}, Stanza: Stanza{"Source": "calamares"}}), Equals, true)
 
 	// second rule: nobody is allowed to do stuff with never-calamares
-	c.Check(u.IsAllowed([]utils.GpgKey{"ABCD1234", "1234ABCD"}, &Changes{Stanza: Stanza{"Source": "never-calamares"}}), Equals, false)
+	c.Check(u.IsAllowed(&Changes{SignatureKeys: []utils.GpgKey{"ABCD1234", "1234ABCD"}, Stanza: Stanza{"Source": "never-calamares"}}), Equals, false)
 
 	// third rule: anyone from the group or explicit key
-	c.Check(u.IsAllowed([]utils.GpgKey{"45678901", "12345678"}, &Changes{Stanza: Stanza{"Source": "some-calamares"}}), Equals, true)
-	c.Check(u.IsAllowed([]utils.GpgKey{"37E1C17570096AD1"}, &Changes{Stanza: Stanza{"Source": "some-calamares"}}), Equals, true)
-	c.Check(u.IsAllowed([]utils.GpgKey{"70096AD1"}, &Changes{Stanza: Stanza{"Source": "some-calamares"}}), Equals, true)
+	c.Check(u.IsAllowed(&Changes{SignatureKeys: []utils.GpgKey{"45678901", "12345678"}, Stanza: Stanza{"Source": "some-calamares"}}), Equals, true)
+	c.Check(u.IsAllowed(&Changes{SignatureKeys: []utils.GpgKey{"37E1C17570096AD1"}, Stanza: Stanza{"Source": "some-calamares"}}), Equals, true)
+	c.Check(u.IsAllowed(&Changes{SignatureKeys: []utils.GpgKey{"70096AD1"}, Stanza: Stanza{"Source": "some-calamares"}}), Equals, true)
 
 	// fourth rule: some are not allowed
-	c.Check(u.IsAllowed([]utils.GpgKey{"ABCD1234", "45678901"}, &Changes{Stanza: Stanza{"Source": "some-calamares"}}), Equals, false)
+	c.Check(u.IsAllowed(&Changes{SignatureKeys: []utils.GpgKey{"ABCD1234", "45678901"}, Stanza: Stanza{"Source": "some-calamares"}}), Equals, false)
 }