Reintroduce pgp-certificate-store layer

This commit is contained in:
Paul Schaub 2022-08-12 14:10:09 +02:00
parent f91c5065fc
commit a3162f0cf9
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
25 changed files with 330 additions and 49 deletions

View file

@ -26,6 +26,8 @@ dependencies {
// Logging
testImplementation "ch.qos.logback:logback-classic:$logbackVersion"
api project(":pgp-certificate-store")
// SQL Subkey table
testImplementation project(":pgp-cert-d-java-jdbc-sqlite-lookup")
}

View file

@ -6,8 +6,10 @@ package pgp.cert_d;
import pgp.cert_d.backend.FileBasedCertificateDirectoryBackend;
import pgp.cert_d.backend.InMemoryCertificateDirectoryBackend;
import pgp.cert_d.exception.NotAStoreException;
import pgp.certificate.KeyMaterialReaderBackend;
import pgp.cert_d.subkey_lookup.InMemorySubkeyLookup;
import pgp.cert_d.subkey_lookup.SubkeyLookup;
import pgp.certificate_store.certificate.KeyMaterialReaderBackend;
import pgp.certificate_store.exception.NotAStoreException;
import java.io.File;
@ -18,18 +20,18 @@ public final class PGPCertificateDirectories {
}
public static PGPCertificateDirectory inMemoryCertificateDirectory(KeyMaterialReaderBackend keyReader) {
return new PGPCertificateDirectory(new InMemoryCertificateDirectoryBackend(keyReader));
return new PGPCertificateDirectory(new InMemoryCertificateDirectoryBackend(keyReader), new InMemorySubkeyLookup());
}
public static PGPCertificateDirectory defaultFileBasedCertificateDirectory(KeyMaterialReaderBackend keyReader)
public static PGPCertificateDirectory defaultFileBasedCertificateDirectory(KeyMaterialReaderBackend keyReader, SubkeyLookup subkeyLookup)
throws NotAStoreException {
return fileBasedCertificateDirectory(keyReader, BaseDirectoryProvider.getDefaultBaseDir());
return fileBasedCertificateDirectory(keyReader, BaseDirectoryProvider.getDefaultBaseDir(), subkeyLookup);
}
public static PGPCertificateDirectory fileBasedCertificateDirectory(
KeyMaterialReaderBackend keyReader, File baseDirectory)
KeyMaterialReaderBackend keyReader, File baseDirectory, SubkeyLookup subkeyLookup)
throws NotAStoreException {
return new PGPCertificateDirectory(
new FileBasedCertificateDirectoryBackend(baseDirectory, keyReader));
new FileBasedCertificateDirectoryBackend(baseDirectory, keyReader), subkeyLookup);
}
}

View file

@ -4,23 +4,28 @@
package pgp.cert_d;
import pgp.cert_d.exception.BadDataException;
import pgp.cert_d.exception.BadNameException;
import pgp.certificate.Certificate;
import pgp.certificate.KeyMaterial;
import pgp.certificate.KeyMaterialMerger;
import pgp.cert_d.subkey_lookup.SubkeyLookup;
import pgp.certificate_store.certificate.Certificate;
import pgp.certificate_store.certificate.KeyMaterial;
import pgp.certificate_store.certificate.KeyMaterialMerger;
import pgp.certificate_store.exception.BadDataException;
import pgp.certificate_store.exception.BadNameException;
import java.io.IOException;
import java.io.InputStream;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
public class PGPCertificateDirectory
implements ReadOnlyPGPCertificateDirectory, WritingPGPCertificateDirectory {
implements ReadOnlyPGPCertificateDirectory, WritingPGPCertificateDirectory, SubkeyLookup {
private final Backend backend;
private final SubkeyLookup subkeyLookup;
public PGPCertificateDirectory(Backend backend) {
public PGPCertificateDirectory(Backend backend, SubkeyLookup subkeyLookup) {
this.backend = backend;
this.subkeyLookup = subkeyLookup;
}
@Override
@ -83,6 +88,7 @@ public class PGPCertificateDirectory
throws IOException, BadDataException, InterruptedException {
backend.getLock().lockDirectory();
KeyMaterial inserted = backend.doInsertTrustRoot(data, merge);
subkeyLookup.storeCertificateSubkeyIds(inserted.getFingerprint(), inserted.getSubkeyIds());
backend.getLock().releaseDirectory();
return inserted;
}
@ -94,6 +100,7 @@ public class PGPCertificateDirectory
return null;
}
KeyMaterial inserted = backend.doInsertTrustRoot(data, merge);
subkeyLookup.storeCertificateSubkeyIds(inserted.getFingerprint(), inserted.getSubkeyIds());
backend.getLock().releaseDirectory();
return inserted;
}
@ -105,6 +112,7 @@ public class PGPCertificateDirectory
throws IOException, BadDataException, InterruptedException {
backend.getLock().lockDirectory();
Certificate inserted = backend.doInsert(data, merge);
subkeyLookup.storeCertificateSubkeyIds(inserted.getFingerprint(), inserted.getSubkeyIds());
backend.getLock().releaseDirectory();
return inserted;
}
@ -116,6 +124,7 @@ public class PGPCertificateDirectory
return null;
}
Certificate inserted = backend.doInsert(data, merge);
subkeyLookup.storeCertificateSubkeyIds(inserted.getFingerprint(), inserted.getSubkeyIds());
backend.getLock().releaseDirectory();
return inserted;
}
@ -125,6 +134,7 @@ public class PGPCertificateDirectory
throws IOException, BadDataException, BadNameException, InterruptedException {
backend.getLock().lockDirectory();
Certificate inserted = backend.doInsertWithSpecialName(specialName, data, merge);
subkeyLookup.storeCertificateSubkeyIds(inserted.getFingerprint(), inserted.getSubkeyIds());
backend.getLock().releaseDirectory();
return inserted;
}
@ -136,10 +146,21 @@ public class PGPCertificateDirectory
return null;
}
Certificate inserted = backend.doInsertWithSpecialName(specialName, data, merge);
subkeyLookup.storeCertificateSubkeyIds(inserted.getFingerprint(), inserted.getSubkeyIds());
backend.getLock().releaseDirectory();
return inserted;
}
@Override
public Set<String> getCertificateFingerprintsForSubkeyId(long subkeyId) throws IOException {
return subkeyLookup.getCertificateFingerprintsForSubkeyId(subkeyId);
}
@Override
public void storeCertificateSubkeyIds(String certificate, List<Long> subkeyIds) throws IOException {
subkeyLookup.storeCertificateSubkeyIds(certificate, subkeyIds);
}
public interface Backend {
LockingMechanism getLock();

View file

@ -0,0 +1,77 @@
// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
//
// SPDX-License-Identifier: Apache-2.0
package pgp.cert_d;
import pgp.certificate_store.PGPCertificateStore;
import pgp.certificate_store.certificate.Certificate;
import pgp.certificate_store.certificate.KeyMaterialMerger;
import pgp.certificate_store.exception.BadDataException;
import pgp.certificate_store.exception.BadNameException;
import java.io.IOException;
import java.io.InputStream;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
/**
* Adapter class to adapt a {@link PGPCertificateDirectory} to the {@link PGPCertificateStore} interface.
*/
public class PGPCertificateStoreAdapter implements PGPCertificateStore {
private final PGPCertificateDirectory directory;
public PGPCertificateStoreAdapter(PGPCertificateDirectory directory) {
this.directory = directory;
}
@Override
public Certificate getCertificate(String identifier)
throws IOException, BadNameException, BadDataException {
if (SpecialNames.lookupSpecialName(identifier) != null) {
return directory.getBySpecialName(identifier);
} else {
return directory.getByFingerprint(identifier.toLowerCase());
}
}
@Override
public Iterator<Certificate> getCertificatesBySubkeyId(long subkeyId)
throws IOException, BadDataException {
Set<String> fingerprints = directory.getCertificateFingerprintsForSubkeyId(subkeyId);
Set<Certificate> certificates = new HashSet<>();
for (String fingerprint : fingerprints) {
try {
certificates.add(directory.getByFingerprint(fingerprint));
} catch (BadNameException e) {
throw new RuntimeException(e);
}
}
return certificates.iterator();
}
@Override
public Certificate insertCertificate(InputStream data, KeyMaterialMerger merge)
throws IOException, InterruptedException, BadDataException {
Certificate certificate = directory.insert(data, merge);
return certificate;
}
@Override
public Certificate insertCertificateBySpecialName(String specialName, InputStream data, KeyMaterialMerger merge)
throws IOException, InterruptedException, BadDataException, BadNameException {
return directory.insertWithSpecialName(specialName, data, merge);
}
@Override
public Iterator<Certificate> getCertificates() {
return directory.items();
}
@Override
public Iterator<String> getFingerprints() {
return directory.fingerprints();
}
}

View file

@ -4,9 +4,9 @@
package pgp.cert_d;
import pgp.cert_d.exception.BadDataException;
import pgp.cert_d.exception.BadNameException;
import pgp.certificate.Certificate;
import pgp.certificate_store.certificate.Certificate;
import pgp.certificate_store.exception.BadDataException;
import pgp.certificate_store.exception.BadNameException;
import java.io.IOException;
import java.util.Iterator;

View file

@ -4,11 +4,11 @@
package pgp.cert_d;
import pgp.cert_d.exception.BadDataException;
import pgp.cert_d.exception.BadNameException;
import pgp.certificate.Certificate;
import pgp.certificate.KeyMaterial;
import pgp.certificate.KeyMaterialMerger;
import pgp.certificate_store.certificate.Certificate;
import pgp.certificate_store.certificate.KeyMaterial;
import pgp.certificate_store.certificate.KeyMaterialMerger;
import pgp.certificate_store.exception.BadDataException;
import pgp.certificate_store.exception.BadNameException;
import java.io.IOException;
import java.io.InputStream;

View file

@ -6,13 +6,13 @@ package pgp.cert_d.backend;
import pgp.cert_d.PGPCertificateDirectory;
import pgp.cert_d.SpecialNames;
import pgp.cert_d.exception.BadDataException;
import pgp.cert_d.exception.BadNameException;
import pgp.cert_d.exception.NotAStoreException;
import pgp.certificate.Certificate;
import pgp.certificate.KeyMaterial;
import pgp.certificate.KeyMaterialMerger;
import pgp.certificate.KeyMaterialReaderBackend;
import pgp.certificate_store.certificate.Certificate;
import pgp.certificate_store.certificate.KeyMaterial;
import pgp.certificate_store.certificate.KeyMaterialMerger;
import pgp.certificate_store.certificate.KeyMaterialReaderBackend;
import pgp.certificate_store.exception.BadDataException;
import pgp.certificate_store.exception.BadNameException;
import pgp.certificate_store.exception.NotAStoreException;
import java.io.BufferedInputStream;
import java.io.File;

View file

@ -6,12 +6,12 @@ package pgp.cert_d.backend;
import pgp.cert_d.PGPCertificateDirectory;
import pgp.cert_d.SpecialNames;
import pgp.cert_d.exception.BadDataException;
import pgp.cert_d.exception.BadNameException;
import pgp.certificate.Certificate;
import pgp.certificate.KeyMaterial;
import pgp.certificate.KeyMaterialMerger;
import pgp.certificate.KeyMaterialReaderBackend;
import pgp.certificate_store.certificate.Certificate;
import pgp.certificate_store.certificate.KeyMaterial;
import pgp.certificate_store.certificate.KeyMaterialMerger;
import pgp.certificate_store.certificate.KeyMaterialReaderBackend;
import pgp.certificate_store.exception.BadDataException;
import pgp.certificate_store.exception.BadNameException;
import java.io.IOException;
import java.io.InputStream;

View file

@ -7,7 +7,7 @@ package pgp.cert_d;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import pgp.cert_d.backend.FileBasedCertificateDirectoryBackend;
import pgp.cert_d.exception.BadNameException;
import pgp.certificate_store.exception.BadNameException;
import java.io.File;
import java.io.IOException;

View file

@ -0,0 +1,13 @@
<!--
SPDX-FileCopyrightText: 2022 Paul Schaub <info@pgpainless.org>
SPDX-License-Identifier: Apache-2.0
-->
# PGP Certificate Store Definitions
[![javadoc](https://javadoc.io/badge2/org.pgpainless/pgp-certificate-store/javadoc.svg)](https://javadoc.io/doc/org.pgpainless/pgp-certificate-store)
[![Maven Central](https://badgen.net/maven/v/maven-central/org.pgpainless/pgp-certificate-store)](https://search.maven.org/artifact/org.pgpainless/pgp-certificate-store)
This module contains API definitions for an OpenPGP certificate store.
A certificate store is used to store public key certificates only.

View file

@ -0,0 +1,36 @@
// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
//
// SPDX-License-Identifier: Apache-2.0
plugins {
id 'java-library'
}
group 'org.pgpainless'
repositories {
mavenCentral()
}
apply plugin: 'ru.vyarus.animalsniffer'
dependencies {
// animal sniffer for ensuring Android API compatibility
signature "net.sf.androidscents.signature:android-api-level-${minAndroidSdk}:2.3.3_r2@signature"
// JUnit for testing
testImplementation "org.junit.jupiter:junit-jupiter-api:$junitVersion"
testRuntimeOnly "org.junit.jupiter:junit-jupiter-engine:$junitVersion"
// Logging
api "org.slf4j:slf4j-api:$slf4jVersion"
testImplementation "ch.qos.logback:logback-classic:$logbackVersion"
}
animalsniffer {
sourceSets = [sourceSets.main]
}
test {
useJUnitPlatform()
}

View file

@ -0,0 +1,104 @@
// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
//
// SPDX-License-Identifier: Apache-2.0
package pgp.certificate_store;
import pgp.certificate_store.certificate.Certificate;
import pgp.certificate_store.certificate.KeyMaterialMerger;
import pgp.certificate_store.exception.BadDataException;
import pgp.certificate_store.exception.BadNameException;
import java.io.IOException;
import java.io.InputStream;
import java.util.Iterator;
/**
* Interface for an OpenPGP certificate (public key) store.
*/
public interface PGPCertificateStore {
/**
* Return the certificate that matches the given identifier.
* If no matching certificate can be found, return null.
*
* @param identifier identifier for a certificate.
* @return certificate or null
*
* @throws IOException in case of an IO-error
* @throws BadNameException if the identifier is invalid
* @throws BadDataException if the certificate file contains invalid data
*/
Certificate getCertificate(String identifier)
throws IOException, BadNameException, BadDataException;
/**
* Return an {@link Iterator} over all certificates in the store that contain a subkey with the given
* subkey id.
* @param subkeyId id of the subkey
* @return iterator
*
* @throws IOException in case of an IO error
* @throws BadDataException if any of the certificate files contains invalid data
*/
Iterator<Certificate> getCertificatesBySubkeyId(long subkeyId)
throws IOException, BadDataException;
/**
* Insert a certificate into the store.
* If an instance of the certificate is already present in the store, the given {@link KeyMaterialMerger} will be
* used to merge both the existing and the new instance of the {@link Certificate}. The resulting merged certificate
* will be stored in the store and returned.
*
* This method will block until a write-lock on the store can be acquired.
*
* @param data input stream containing the new certificate instance
* @param merge callback for merging with an existing certificate instance
* @return merged certificate
*
* @throws IOException in case of an IO-error
* @throws InterruptedException in case the inserting thread gets interrupted
* @throws BadDataException if the data stream does not contain valid OpenPGP data
*/
Certificate insertCertificate(InputStream data, KeyMaterialMerger merge)
throws IOException, InterruptedException, BadDataException;
/**
* Insert a certificate into the store.
* The certificate will be stored under the given special name instead of its fingerprint.
*
* If an instance of the certificate is already present under the special name in the store, the given {@link KeyMaterialMerger} will be
* used to merge both the existing and the new instance of the {@link Certificate}. The resulting merged certificate
* will be stored in the store and returned.
*
* This method will block until a write-lock on the store can be acquired.
*
* @param specialName special name of the certificate
* @param data input stream containing the new certificate instance
* @param merge callback for merging with an existing certificate instance
* @return merged certificate or null if the store cannot be locked
*
* @throws IOException in case of an IO-error
* @throws InterruptedException if the thread is interrupted
* @throws BadDataException if the certificate file does not contain valid OpenPGP data
* @throws BadNameException if the special name is unknown
*/
Certificate insertCertificateBySpecialName(String specialName, InputStream data, KeyMaterialMerger merge)
throws IOException, InterruptedException, BadDataException, BadNameException;
/**
* Return an {@link Iterator} containing all certificates in the store.
* The iterator will contain both certificates addressed by special names and by fingerprints.
*
* @return certificates
*/
Iterator<Certificate> getCertificates();
/**
* Return an {@link Iterator} containing all certificate fingerprints from the store.
* Note that this only includes the fingerprints of certificate primary keys, not those of subkeys.
*
* @return fingerprints
*/
Iterator<String> getFingerprints();
}

View file

@ -2,7 +2,7 @@
//
// SPDX-License-Identifier: Apache-2.0
package pgp.certificate;
package pgp.certificate_store.certificate;
/**
* OpenPGP certificate (public key).

View file

@ -2,7 +2,7 @@
//
// SPDX-License-Identifier: Apache-2.0
package pgp.certificate;
package pgp.certificate_store.certificate;
/**
* OpenPGP key (secret key).

View file

@ -2,10 +2,11 @@
//
// SPDX-License-Identifier: Apache-2.0
package pgp.certificate;
package pgp.certificate_store.certificate;
import java.io.IOException;
import java.io.InputStream;
import java.util.List;
import java.util.Set;
public interface KeyMaterial {
@ -36,5 +37,5 @@ public interface KeyMaterial {
* @return subkeys
* @throws IOException in case of an IO error
*/
Set<Long> getSubkeyIds() throws IOException;
List<Long> getSubkeyIds() throws IOException;
}

View file

@ -2,7 +2,7 @@
//
// SPDX-License-Identifier: Apache-2.0
package pgp.certificate;
package pgp.certificate_store.certificate;
import java.io.IOException;

View file

@ -2,9 +2,9 @@
//
// SPDX-License-Identifier: Apache-2.0
package pgp.certificate;
package pgp.certificate_store.certificate;
import pgp.cert_d.exception.BadDataException;
import pgp.certificate_store.exception.BadDataException;
import java.io.IOException;
import java.io.InputStream;

View file

@ -5,4 +5,4 @@
/**
* General OpenPGP Certificate Storage related classes.
*/
package pgp.certificate;
package pgp.certificate_store.certificate;

View file

@ -2,7 +2,7 @@
//
// SPDX-License-Identifier: Apache-2.0
package pgp.cert_d.exception;
package pgp.certificate_store.exception;
/**
* The data was not a valid OpenPGP cert or key in binary format.

View file

@ -2,7 +2,7 @@
//
// SPDX-License-Identifier: Apache-2.0
package pgp.cert_d.exception;
package pgp.certificate_store.exception;
/**
* Provided name was neither a valid fingerprint, nor a known special name.

View file

@ -2,7 +2,7 @@
//
// SPDX-License-Identifier: Apache-2.0
package pgp.cert_d.exception;
package pgp.certificate_store.exception;
/**
* The base dir cannot possibly contain a store.

View file

@ -5,4 +5,4 @@
/**
* Exceptions.
*/
package pgp.cert_d.exception;
package pgp.certificate_store.exception;

View file

@ -0,0 +1,8 @@
// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
//
// SPDX-License-Identifier: Apache-2.0
/**
* Abstract definitions of an OpenPGP certificate store.
*/
package pgp.certificate_store;

View file

@ -0,0 +1,16 @@
// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
//
// SPDX-License-Identifier: Apache-2.0
package pgp.certificate_store;
import org.junit.jupiter.api.Test;
import static org.junit.jupiter.api.Assertions.assertTrue;
public class DummyTest {
@Test
public void test() {
assertTrue(true);
}
}

View file

@ -4,6 +4,7 @@
rootProject.name = 'cert-d-java'
include 'pgp-cert-d-java',
include 'pgp-certificate-store',
'pgp-cert-d-java',
'pgp-cert-d-java-jdbc-sqlite-lookup'