redwood: Correctly check for secret key material

We were not checking if any subkeys had secret key material too, which is_tsk() checks for us. Fixes #6988.
freedomofpress · Oct 13, 2023 · 814a37c · 814a37c
1 parent 02cdf2f
commit 814a37c
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/redwood/src/lib.rs b/redwood/src/lib.rs
@@ -105,7 +105,7 @@ pub fn is_valid_public_key(input: &str) -> Result<String> {
     // We don't need the keys, just need to check there's at least one and no error
     keys::keys_from_cert(POLICY, &cert)?;
     // And there is no secret key material
-    if cert.keys().secret().next().is_some() {
+    if cert.is_tsk() {
         return Err(Error::HasSecretKeyMaterial);
     }
     Ok(cert.fingerprint().to_string())