We now close streams after reading them, so we can no longer use
stream.locked for a proxy for "has been read". What we want is the
internal [[disturbed]] property, but we can't access it for native
streams.
Since we always read the stream when calling getText(), it's not
an issue.
This change corrects verification of certifications over User Attributes
(such as photos).
Before this change the code did not differentiate between User IDs and
User Attributes as both of them were stored in `data.userid` [0] and
incorrectly used the User ID constant (0xB4) for both cases.
This change fixes the bug by storing User IDs in `userId` property and
User Attributes in `userAttribute` property. The check for property
existence has been modified to avoid comparisons with `undefined` as the
`User` class sets `null` for not assigned packets instead of
`undefined`.
Only data structures for signing and verification were modified and not
the properties used in the `User` class.
[0]: 11b2d2de3c/src/key.js (L872)
This bug caused all signersUserIds strings to be prefixed with `"null"`
string. Changed to use only the last value for this packet type.
Previous implementation probably assumed that there will be more than one
signersUserId packet but I haven't been able to generate such signature
using gpg (only last user id was embedded). Moreover signature
serialization function `write_all_sub_packets` writes only one value of
this packet as a UTF-8 string.
Instead of creating a text signature for text packets and a binary signature for
binary packets, we determine the signature type based on whether a String or
Uint8Array was originally passed. This is useful for the new MIME data packet
type (implemented in the next commit) which you can pass in either format.
This also partly reverts a22c9e4. Instead of canonicalizing the literal data
packet, we canonicalize the data when signing. This fixes a hypothetical case
where an uncanonicalized text packet has both a text and a binary signature.
This also partly reverts c28f7ad. GPG does not strip trailing whitespace when
creating text signatures of literal data packets.
There are dozens of links in the OpenPGP.js codebase that are http but
could be replaced with https links. I've converted as many of them as
i could find.
