Reintroduce pgp-certificate-store layer

pgp-cert-d-java/build.gradle

@@ -26,6 +26,8 @@ dependencies {
     // Logging
     testImplementation "ch.qos.logback:logback-classic:$logbackVersion"
 
+    api project(":pgp-certificate-store")
+
     // SQL Subkey table
     testImplementation project(":pgp-cert-d-java-jdbc-sqlite-lookup")
 }

pgp-cert-d-java/src/main/java/pgp/cert_d/PGPCertificateDirectories.java

@@ -6,8 +6,10 @@ package pgp.cert_d;
 
 import pgp.cert_d.backend.FileBasedCertificateDirectoryBackend;
 import pgp.cert_d.backend.InMemoryCertificateDirectoryBackend;
-import pgp.cert_d.exception.NotAStoreException;
-import pgp.certificate.KeyMaterialReaderBackend;
+import pgp.cert_d.subkey_lookup.InMemorySubkeyLookup;
+import pgp.cert_d.subkey_lookup.SubkeyLookup;
+import pgp.certificate_store.certificate.KeyMaterialReaderBackend;
+import pgp.certificate_store.exception.NotAStoreException;
 
 import java.io.File;
 
@@ -18,18 +20,18 @@ public final class PGPCertificateDirectories {
     }
 
     public static PGPCertificateDirectory inMemoryCertificateDirectory(KeyMaterialReaderBackend keyReader) {
-        return new PGPCertificateDirectory(new InMemoryCertificateDirectoryBackend(keyReader));
+        return new PGPCertificateDirectory(new InMemoryCertificateDirectoryBackend(keyReader), new InMemorySubkeyLookup());
     }
 
-    public static PGPCertificateDirectory defaultFileBasedCertificateDirectory(KeyMaterialReaderBackend keyReader)
+    public static PGPCertificateDirectory defaultFileBasedCertificateDirectory(KeyMaterialReaderBackend keyReader, SubkeyLookup subkeyLookup)
             throws NotAStoreException {
-        return fileBasedCertificateDirectory(keyReader, BaseDirectoryProvider.getDefaultBaseDir());
+        return fileBasedCertificateDirectory(keyReader, BaseDirectoryProvider.getDefaultBaseDir(), subkeyLookup);
     }
 
     public static PGPCertificateDirectory fileBasedCertificateDirectory(
-            KeyMaterialReaderBackend keyReader, File baseDirectory)
+            KeyMaterialReaderBackend keyReader, File baseDirectory, SubkeyLookup subkeyLookup)
             throws NotAStoreException {
         return new PGPCertificateDirectory(
-                new FileBasedCertificateDirectoryBackend(baseDirectory, keyReader));
+                new FileBasedCertificateDirectoryBackend(baseDirectory, keyReader), subkeyLookup);
     }
 }

pgp-cert-d-java/src/main/java/pgp/cert_d/PGPCertificateDirectory.java

@@ -4,23 +4,28 @@
 
 package pgp.cert_d;
 
-import pgp.cert_d.exception.BadDataException;
-import pgp.cert_d.exception.BadNameException;
-import pgp.certificate.Certificate;
-import pgp.certificate.KeyMaterial;
-import pgp.certificate.KeyMaterialMerger;
+import pgp.cert_d.subkey_lookup.SubkeyLookup;
+import pgp.certificate_store.certificate.Certificate;
+import pgp.certificate_store.certificate.KeyMaterial;
+import pgp.certificate_store.certificate.KeyMaterialMerger;
+import pgp.certificate_store.exception.BadDataException;
+import pgp.certificate_store.exception.BadNameException;
 
 import java.io.IOException;
 import java.io.InputStream;
 import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
 
 public class PGPCertificateDirectory
-        implements ReadOnlyPGPCertificateDirectory, WritingPGPCertificateDirectory {
+        implements ReadOnlyPGPCertificateDirectory, WritingPGPCertificateDirectory, SubkeyLookup {
 
     private final Backend backend;
+    private final SubkeyLookup subkeyLookup;
 
-    public PGPCertificateDirectory(Backend backend) {
+    public PGPCertificateDirectory(Backend backend, SubkeyLookup subkeyLookup) {
         this.backend = backend;
+        this.subkeyLookup = subkeyLookup;
     }
 
     @Override
@@ -83,6 +88,7 @@ public class PGPCertificateDirectory
             throws IOException, BadDataException, InterruptedException {
         backend.getLock().lockDirectory();
         KeyMaterial inserted = backend.doInsertTrustRoot(data, merge);
+        subkeyLookup.storeCertificateSubkeyIds(inserted.getFingerprint(), inserted.getSubkeyIds());
         backend.getLock().releaseDirectory();
         return inserted;
     }
@@ -94,6 +100,7 @@ public class PGPCertificateDirectory
             return null;
         }
         KeyMaterial inserted = backend.doInsertTrustRoot(data, merge);
+        subkeyLookup.storeCertificateSubkeyIds(inserted.getFingerprint(), inserted.getSubkeyIds());
         backend.getLock().releaseDirectory();
         return inserted;
     }
@@ -105,6 +112,7 @@ public class PGPCertificateDirectory
             throws IOException, BadDataException, InterruptedException {
         backend.getLock().lockDirectory();
         Certificate inserted = backend.doInsert(data, merge);
+        subkeyLookup.storeCertificateSubkeyIds(inserted.getFingerprint(), inserted.getSubkeyIds());
         backend.getLock().releaseDirectory();
         return inserted;
     }
@@ -116,6 +124,7 @@ public class PGPCertificateDirectory
             return null;
         }
         Certificate inserted = backend.doInsert(data, merge);
+        subkeyLookup.storeCertificateSubkeyIds(inserted.getFingerprint(), inserted.getSubkeyIds());
         backend.getLock().releaseDirectory();
         return inserted;
     }
@@ -125,6 +134,7 @@ public class PGPCertificateDirectory
             throws IOException, BadDataException, BadNameException, InterruptedException {
         backend.getLock().lockDirectory();
         Certificate inserted = backend.doInsertWithSpecialName(specialName, data, merge);
+        subkeyLookup.storeCertificateSubkeyIds(inserted.getFingerprint(), inserted.getSubkeyIds());
         backend.getLock().releaseDirectory();
         return inserted;
     }
@@ -136,10 +146,21 @@ public class PGPCertificateDirectory
             return null;
         }
         Certificate inserted = backend.doInsertWithSpecialName(specialName, data, merge);
+        subkeyLookup.storeCertificateSubkeyIds(inserted.getFingerprint(), inserted.getSubkeyIds());
         backend.getLock().releaseDirectory();
         return inserted;
     }
 
+    @Override
+    public Set<String> getCertificateFingerprintsForSubkeyId(long subkeyId) throws IOException {
+        return subkeyLookup.getCertificateFingerprintsForSubkeyId(subkeyId);
+    }
+
+    @Override
+    public void storeCertificateSubkeyIds(String certificate, List<Long> subkeyIds) throws IOException {
+        subkeyLookup.storeCertificateSubkeyIds(certificate, subkeyIds);
+    }
+
     public interface Backend {
 
         LockingMechanism getLock();

pgp-cert-d-java/src/main/java/pgp/cert_d/PGPCertificateStoreAdapter.java

@@ -0,0 +1,77 @@
+// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package pgp.cert_d;
+
+import pgp.certificate_store.PGPCertificateStore;
+import pgp.certificate_store.certificate.Certificate;
+import pgp.certificate_store.certificate.KeyMaterialMerger;
+import pgp.certificate_store.exception.BadDataException;
+import pgp.certificate_store.exception.BadNameException;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
+/**
+ * Adapter class to adapt a {@link PGPCertificateDirectory} to the {@link  PGPCertificateStore} interface.
+ */
+public class PGPCertificateStoreAdapter implements PGPCertificateStore {
+
+    private final PGPCertificateDirectory directory;
+
+    public PGPCertificateStoreAdapter(PGPCertificateDirectory directory) {
+        this.directory = directory;
+    }
+
+    @Override
+    public Certificate getCertificate(String identifier)
+            throws IOException, BadNameException, BadDataException {
+        if (SpecialNames.lookupSpecialName(identifier) != null) {
+            return directory.getBySpecialName(identifier);
+        } else {
+            return directory.getByFingerprint(identifier.toLowerCase());
+        }
+    }
+
+    @Override
+    public Iterator<Certificate> getCertificatesBySubkeyId(long subkeyId)
+            throws IOException, BadDataException {
+        Set<String> fingerprints = directory.getCertificateFingerprintsForSubkeyId(subkeyId);
+        Set<Certificate> certificates = new HashSet<>();
+        for (String fingerprint : fingerprints) {
+            try {
+                certificates.add(directory.getByFingerprint(fingerprint));
+            } catch (BadNameException e) {
+                throw new RuntimeException(e);
+            }
+        }
+        return certificates.iterator();
+    }
+
+    @Override
+    public Certificate insertCertificate(InputStream data, KeyMaterialMerger merge)
+            throws IOException, InterruptedException, BadDataException {
+        Certificate certificate = directory.insert(data, merge);
+        return certificate;
+    }
+
+    @Override
+    public Certificate insertCertificateBySpecialName(String specialName, InputStream data, KeyMaterialMerger merge)
+            throws IOException, InterruptedException, BadDataException, BadNameException {
+        return directory.insertWithSpecialName(specialName, data, merge);
+    }
+
+    @Override
+    public Iterator<Certificate> getCertificates() {
+        return directory.items();
+    }
+
+    @Override
+    public Iterator<String> getFingerprints() {
+        return directory.fingerprints();
+    }
+}

pgp-cert-d-java/src/main/java/pgp/cert_d/ReadOnlyPGPCertificateDirectory.java

@@ -4,9 +4,9 @@
 
 package pgp.cert_d;
 
-import pgp.cert_d.exception.BadDataException;
-import pgp.cert_d.exception.BadNameException;
-import pgp.certificate.Certificate;
+import pgp.certificate_store.certificate.Certificate;
+import pgp.certificate_store.exception.BadDataException;
+import pgp.certificate_store.exception.BadNameException;
 
 import java.io.IOException;
 import java.util.Iterator;

pgp-cert-d-java/src/main/java/pgp/cert_d/WritingPGPCertificateDirectory.java

@@ -4,11 +4,11 @@
 
 package pgp.cert_d;
 
-import pgp.cert_d.exception.BadDataException;
-import pgp.cert_d.exception.BadNameException;
-import pgp.certificate.Certificate;
-import pgp.certificate.KeyMaterial;
-import pgp.certificate.KeyMaterialMerger;
+import pgp.certificate_store.certificate.Certificate;
+import pgp.certificate_store.certificate.KeyMaterial;
+import pgp.certificate_store.certificate.KeyMaterialMerger;
+import pgp.certificate_store.exception.BadDataException;
+import pgp.certificate_store.exception.BadNameException;
 
 import java.io.IOException;
 import java.io.InputStream;

pgp-cert-d-java/src/main/java/pgp/cert_d/backend/FileBasedCertificateDirectoryBackend.java

@@ -6,13 +6,13 @@ package pgp.cert_d.backend;
 
 import pgp.cert_d.PGPCertificateDirectory;
 import pgp.cert_d.SpecialNames;
-import pgp.cert_d.exception.BadDataException;
-import pgp.cert_d.exception.BadNameException;
-import pgp.cert_d.exception.NotAStoreException;
-import pgp.certificate.Certificate;
-import pgp.certificate.KeyMaterial;
-import pgp.certificate.KeyMaterialMerger;
-import pgp.certificate.KeyMaterialReaderBackend;
+import pgp.certificate_store.certificate.Certificate;
+import pgp.certificate_store.certificate.KeyMaterial;
+import pgp.certificate_store.certificate.KeyMaterialMerger;
+import pgp.certificate_store.certificate.KeyMaterialReaderBackend;
+import pgp.certificate_store.exception.BadDataException;
+import pgp.certificate_store.exception.BadNameException;
+import pgp.certificate_store.exception.NotAStoreException;
 
 import java.io.BufferedInputStream;
 import java.io.File;

pgp-cert-d-java/src/main/java/pgp/cert_d/backend/InMemoryCertificateDirectoryBackend.java

@@ -6,12 +6,12 @@ package pgp.cert_d.backend;
 
 import pgp.cert_d.PGPCertificateDirectory;
 import pgp.cert_d.SpecialNames;
-import pgp.cert_d.exception.BadDataException;
-import pgp.cert_d.exception.BadNameException;
-import pgp.certificate.Certificate;
-import pgp.certificate.KeyMaterial;
-import pgp.certificate.KeyMaterialMerger;
-import pgp.certificate.KeyMaterialReaderBackend;
+import pgp.certificate_store.certificate.Certificate;
+import pgp.certificate_store.certificate.KeyMaterial;
+import pgp.certificate_store.certificate.KeyMaterialMerger;
+import pgp.certificate_store.certificate.KeyMaterialReaderBackend;
+import pgp.certificate_store.exception.BadDataException;
+import pgp.certificate_store.exception.BadNameException;
 
 import java.io.IOException;
 import java.io.InputStream;

pgp-cert-d-java/src/test/java/pgp/cert_d/FilenameResolverTest.java

@@ -7,7 +7,7 @@ package pgp.cert_d;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import pgp.cert_d.backend.FileBasedCertificateDirectoryBackend;
-import pgp.cert_d.exception.BadNameException;
+import pgp.certificate_store.exception.BadNameException;
 
 import java.io.File;
 import java.io.IOException;

pgp-certificate-store/README.md

@@ -0,0 +1,13 @@
+<!--
+SPDX-FileCopyrightText: 2022 Paul Schaub <info@pgpainless.org>
+
+SPDX-License-Identifier: Apache-2.0
+-->
+
+# PGP Certificate Store Definitions
+
+[![javadoc](https://javadoc.io/badge2/org.pgpainless/pgp-certificate-store/javadoc.svg)](https://javadoc.io/doc/org.pgpainless/pgp-certificate-store)
+[![Maven Central](https://badgen.net/maven/v/maven-central/org.pgpainless/pgp-certificate-store)](https://search.maven.org/artifact/org.pgpainless/pgp-certificate-store)
+
+This module contains API definitions for an OpenPGP certificate store.
+A certificate store is used to store public key certificates only.

pgp-certificate-store/build.gradle

@@ -0,0 +1,36 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+plugins {
+    id 'java-library'
+}
+
+group 'org.pgpainless'
+
+repositories {
+    mavenCentral()
+}
+
+apply plugin: 'ru.vyarus.animalsniffer'
+
+dependencies {
+    // animal sniffer for ensuring Android API compatibility
+    signature "net.sf.androidscents.signature:android-api-level-${minAndroidSdk}:2.3.3_r2@signature"
+
+    // JUnit for testing
+    testImplementation "org.junit.jupiter:junit-jupiter-api:$junitVersion"
+    testRuntimeOnly "org.junit.jupiter:junit-jupiter-engine:$junitVersion"
+
+    // Logging
+    api "org.slf4j:slf4j-api:$slf4jVersion"
+    testImplementation "ch.qos.logback:logback-classic:$logbackVersion"
+}
+
+animalsniffer {
+    sourceSets = [sourceSets.main]
+}
+
+test {
+    useJUnitPlatform()
+}

pgp-certificate-store/src/main/java/pgp/certificate_store/PGPCertificateStore.java

@@ -0,0 +1,104 @@
+// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package pgp.certificate_store;
+
+import pgp.certificate_store.certificate.Certificate;
+import pgp.certificate_store.certificate.KeyMaterialMerger;
+import pgp.certificate_store.exception.BadDataException;
+import pgp.certificate_store.exception.BadNameException;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Iterator;
+
+/**
+ * Interface for an OpenPGP certificate (public key) store.
+ */
+public interface PGPCertificateStore {
+
+    /**
+     * Return the certificate that matches the given identifier.
+     * If no matching certificate can be found, return null.
+     *
+     * @param identifier identifier for a certificate.
+     * @return certificate or null
+     *
+     * @throws IOException in case of an IO-error
+     * @throws BadNameException if the identifier is invalid
+     * @throws BadDataException if the certificate file contains invalid data
+     */
+    Certificate getCertificate(String identifier)
+            throws IOException, BadNameException, BadDataException;
+
+    /**
+     * Return an {@link Iterator} over all certificates in the store that contain a subkey with the given
+     * subkey id.
+     * @param subkeyId id of the subkey
+     * @return iterator
+     *
+     * @throws IOException in case of an IO error
+     * @throws BadDataException if any of the certificate files contains invalid data
+     */
+    Iterator<Certificate> getCertificatesBySubkeyId(long subkeyId)
+        throws IOException, BadDataException;
+
+    /**
+     * Insert a certificate into the store.
+     * If an instance of the certificate is already present in the store, the given {@link KeyMaterialMerger} will be
+     * used to merge both the existing and the new instance of the {@link Certificate}. The resulting merged certificate
+     * will be stored in the store and returned.
+     *
+     * This method will block until a write-lock on the store can be acquired.
+     *
+     * @param data input stream containing the new certificate instance
+     * @param merge callback for merging with an existing certificate instance
+     * @return merged certificate
+     *
+     * @throws IOException in case of an IO-error
+     * @throws InterruptedException in case the inserting thread gets interrupted
+     * @throws BadDataException if the data stream does not contain valid OpenPGP data
+     */
+    Certificate insertCertificate(InputStream data, KeyMaterialMerger merge)
+            throws IOException, InterruptedException, BadDataException;
+
+    /**
+     * Insert a certificate into the store.
+     * The certificate will be stored under the given special name instead of its fingerprint.
+     *
+     * If an instance of the certificate is already present under the special name in the store, the given {@link KeyMaterialMerger} will be
+     * used to merge both the existing and the new instance of the {@link Certificate}. The resulting merged certificate
+     * will be stored in the store and returned.
+     *
+     * This method will block until a write-lock on the store can be acquired.
+     *
+     * @param specialName special name of the certificate
+     * @param data input stream containing the new certificate instance
+     * @param merge callback for merging with an existing certificate instance
+     * @return merged certificate or null if the store cannot be locked
+     *
+     * @throws IOException in case of an IO-error
+     * @throws InterruptedException if the thread is interrupted
+     * @throws BadDataException if the certificate file does not contain valid OpenPGP data
+     * @throws BadNameException if the special name is unknown
+     */
+    Certificate insertCertificateBySpecialName(String specialName, InputStream data, KeyMaterialMerger merge)
+            throws IOException, InterruptedException, BadDataException, BadNameException;
+
+    /**
+     * Return an {@link Iterator} containing all certificates in the store.
+     * The iterator will contain both certificates addressed by special names and by fingerprints.
+     *
+     * @return certificates
+     */
+    Iterator<Certificate> getCertificates();
+
+    /**
+     * Return an {@link Iterator} containing all certificate fingerprints from the store.
+     * Note that this only includes the fingerprints of certificate primary keys, not those of subkeys.
+     *
+     * @return fingerprints
+     */
+    Iterator<String> getFingerprints();
+}

pgp-certificate-store/src/main/java/pgp/certificate_store/certificate/Certificate.java

@@ -2,7 +2,7 @@
 //
 // SPDX-License-Identifier: Apache-2.0
 
-package pgp.certificate;
+package pgp.certificate_store.certificate;
 
 /**
  * OpenPGP certificate (public key).

pgp-certificate-store/src/main/java/pgp/certificate_store/certificate/Key.java

@@ -2,7 +2,7 @@
 //
 // SPDX-License-Identifier: Apache-2.0
 
-package pgp.certificate;
+package pgp.certificate_store.certificate;
 
 /**
  * OpenPGP key (secret key).

pgp-certificate-store/src/main/java/pgp/certificate_store/certificate/KeyMaterial.java

@@ -2,10 +2,11 @@
 //
 // SPDX-License-Identifier: Apache-2.0
 
-package pgp.certificate;
+package pgp.certificate_store.certificate;
 
 import java.io.IOException;
 import java.io.InputStream;
+import java.util.List;
 import java.util.Set;
 
 public interface KeyMaterial {
@@ -36,5 +37,5 @@ public interface KeyMaterial {
      * @return subkeys
      * @throws IOException in case of an IO error
      */
-    Set<Long> getSubkeyIds() throws IOException;
+    List<Long> getSubkeyIds() throws IOException;
 }

pgp-certificate-store/src/main/java/pgp/certificate_store/certificate/KeyMaterialMerger.java

@@ -2,7 +2,7 @@
 //
 // SPDX-License-Identifier: Apache-2.0
 
-package pgp.certificate;
+package pgp.certificate_store.certificate;
 
 import java.io.IOException;
 

pgp-certificate-store/src/main/java/pgp/certificate_store/certificate/KeyMaterialReaderBackend.java

@@ -2,9 +2,9 @@
 //
 // SPDX-License-Identifier: Apache-2.0
 
-package pgp.certificate;
+package pgp.certificate_store.certificate;
 
-import pgp.cert_d.exception.BadDataException;
+import pgp.certificate_store.exception.BadDataException;
 
 import java.io.IOException;
 import java.io.InputStream;

pgp-certificate-store/src/main/java/pgp/certificate_store/certificate/package-info.java

@@ -5,4 +5,4 @@
 /**
  * General OpenPGP Certificate Storage related classes.
  */
-package pgp.certificate;
+package pgp.certificate_store.certificate;

pgp-certificate-store/src/main/java/pgp/certificate_store/exception/BadDataException.java

@@ -2,7 +2,7 @@
 //
 // SPDX-License-Identifier: Apache-2.0
 
-package pgp.cert_d.exception;
+package pgp.certificate_store.exception;
 
 /**
  * The data was not a valid OpenPGP cert or key in binary format.

pgp-certificate-store/src/main/java/pgp/certificate_store/exception/BadNameException.java

@@ -2,7 +2,7 @@
 //
 // SPDX-License-Identifier: Apache-2.0
 
-package pgp.cert_d.exception;
+package pgp.certificate_store.exception;
 
 /**
  * Provided name was neither a valid fingerprint, nor a known special name.

pgp-certificate-store/src/main/java/pgp/certificate_store/exception/NotAStoreException.java

@@ -2,7 +2,7 @@
 //
 // SPDX-License-Identifier: Apache-2.0
 
-package pgp.cert_d.exception;
+package pgp.certificate_store.exception;
 
 /**
  * The base dir cannot possibly contain a store.

pgp-certificate-store/src/main/java/pgp/certificate_store/exception/package-info.java

@@ -5,4 +5,4 @@
 /**
  * Exceptions.
  */
-package pgp.cert_d.exception;
+package pgp.certificate_store.exception;

pgp-certificate-store/src/main/java/pgp/certificate_store/package-info.java

@@ -0,0 +1,8 @@
+// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+/**
+ * Abstract definitions of an OpenPGP certificate store.
+ */
+package pgp.certificate_store;

pgp-certificate-store/src/test/java/pgp/certificate_store/DummyTest.java

@@ -0,0 +1,16 @@
+// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package pgp.certificate_store;
+
+import org.junit.jupiter.api.Test;
+
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+public class DummyTest {
+    @Test
+    public void test() {
+        assertTrue(true);
+    }
+}

settings.gradle

@@ -4,6 +4,7 @@
 
 rootProject.name = 'cert-d-java'
 
-include 'pgp-cert-d-java',
+include 'pgp-certificate-store',
+        'pgp-cert-d-java',
         'pgp-cert-d-java-jdbc-sqlite-lookup'