Fix signature verification

toJson(SignedOneTimeKey) incorrectly generated a "signatures" key
mapped to an empty object when no signatures were in the C++ value.

Also: fallback keys have an additional flag that also has to be taken
into account when verifying signatures.

1 files changed, 6 insertions, 2 deletions

diff --git a/lib/e2ee/e2ee.h b/lib/e2ee/e2ee.h
index 234d4bcb..aba795a4 100644
--- a/lib/e2ee/e2ee.h
+++ b/lib/e2ee/e2ee.h
@@ -89,6 +89,8 @@ public:
     //! Required. Signatures of the key object.
     //! The signature is calculated using the process described at Signing JSON.
     QHash<QString, QHash<QString, QString>> signatures;
+
+    bool fallback = false;
 };
 
 template <>
@@ -97,12 +99,14 @@ struct JsonObjectConverter<SignedOneTimeKey> {
     {
         fromJson(jo.value("key"_ls), result.key);
         fromJson(jo.value("signatures"_ls), result.signatures);
+        fromJson(jo.value("fallback"_ls), result.fallback);
     }
 
     static void dumpTo(QJsonObject &jo, const SignedOneTimeKey &result)
     {
-        addParam<>(jo, QStringLiteral("key"), result.key);
-        addParam<>(jo, QStringLiteral("signatures"), result.signatures);
+        addParam<>(jo, "key"_ls, result.key);
+        addParam<IfNotEmpty>(jo, "signatures"_ls, result.signatures);
+        addParam<IfNotEmpty>(jo, "key"_ls, result.fallback);
     }
 };