Merge pull request #1 from pgpainless/rewrite

Major rewrite
This commit is contained in:
Paul Schaub 2022-08-24 15:05:48 +02:00 committed by GitHub
commit 0cc7c64412
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
25 changed files with 389 additions and 669 deletions

View file

@ -1,124 +0,0 @@
// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
//
// SPDX-License-Identifier: Apache-2.0
package pgp.cert_d.cli;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.pgpainless.PGPainless;
import org.pgpainless.certificate_store.CertificateFactory;
import org.pgpainless.key.OpenPgpFingerprint;
import pgp.certificate_store.Certificate;
import pgp.certificate_store.CertificateMerger;
import pgp.certificate_store.Key;
import pgp.certificate_store.KeyMerger;
import java.io.IOException;
import java.util.Iterator;
public class MergeCallbacks {
/**
* Return a {@link CertificateMerger} that merges the two copies of the same certificate (same primary key) into one
* combined certificate.
*
* @return merging callback
*/
public static CertificateMerger mergeCertificates() {
return new CertificateMerger() {
@Override
public Certificate merge(Certificate data, Certificate existing) throws IOException {
try {
PGPPublicKeyRing existingCert = PGPainless.readKeyRing().publicKeyRing(existing.getInputStream());
PGPPublicKeyRing updatedCert = PGPainless.readKeyRing().publicKeyRing(data.getInputStream());
PGPPublicKeyRing mergedCert = PGPPublicKeyRing.join(existingCert, updatedCert);
printOutDifferences(existingCert, mergedCert);
return CertificateFactory.certificateFromPublicKeyRing(mergedCert);
} catch (PGPException e) {
throw new RuntimeException(e);
}
}
private void printOutDifferences(PGPPublicKeyRing existingCert, PGPPublicKeyRing mergedCert) {
int numSigsBefore = countSigs(existingCert);
int numSigsAfter = countSigs(mergedCert);
int newSigs = numSigsAfter - numSigsBefore;
int numUidsBefore = count(existingCert.getPublicKey().getUserIDs());
int numUidsAfter = count(mergedCert.getPublicKey().getUserIDs());
int newUids = numUidsAfter - numUidsBefore;
if (!existingCert.equals(mergedCert)) {
OpenPgpFingerprint fingerprint = OpenPgpFingerprint.of(mergedCert);
StringBuilder sb = new StringBuilder();
sb.append(String.format("Certificate %s has", fingerprint));
if (newSigs != 0) {
sb.append(String.format(" %d new signatures", newSigs));
}
if (newUids != 0) {
if (newSigs != 0) {
sb.append(" and");
}
sb.append(String.format(" %d new UIDs", newUids));
}
if (newSigs == 0 && newUids == 0) {
sb.append(" changed");
}
// In this case it is okay to print to stdout, since we are a CLI app
// CHECKSTYLE:OFF
System.out.println(sb);
// CHECKSTYLE:ON
}
}
private int countSigs(PGPPublicKeyRing keys) {
int numSigs = 0;
for (PGPPublicKey key : keys) {
numSigs += count(key.getSignatures());
}
return numSigs;
}
// TODO: Use CollectionUtils.count() once available
private int count(Iterator<?> iterator) {
int num = 0;
while (iterator.hasNext()) {
iterator.next();
num++;
}
return num;
}
};
}
/**
* Return an implementation of {@link CertificateMerger} that ignores the existing certificate and instead
* returns the first instance.
*
* @return overriding callback
*/
public static CertificateMerger overrideCertificate() {
// noinspection Convert2Lambda
return new CertificateMerger() {
@Override
public Certificate merge(Certificate data, Certificate existing) {
return data;
}
};
}
public static KeyMerger overrideKey() {
// noinspection Convert2Lambda
return new KeyMerger() {
@Override
public Key merge(Key data, Key existing) {
return data;
}
};
}
}

View file

@ -4,21 +4,17 @@
package pgp.cert_d.cli; package pgp.cert_d.cli;
import org.pgpainless.certificate_store.KeyReader; import org.pgpainless.certificate_store.PGPainlessCertD;
import org.pgpainless.certificate_store.SharedPGPCertificateDirectoryAdapter;
import pgp.cert_d.BaseDirectoryProvider; import pgp.cert_d.BaseDirectoryProvider;
import pgp.cert_d.SharedPGPCertificateDirectoryImpl;
import pgp.cert_d.cli.commands.Export; import pgp.cert_d.cli.commands.Export;
import pgp.cert_d.cli.commands.Find;
import pgp.cert_d.cli.commands.Get; import pgp.cert_d.cli.commands.Get;
import pgp.cert_d.cli.commands.Insert; import pgp.cert_d.cli.commands.Insert;
import pgp.cert_d.cli.commands.Import; import pgp.cert_d.cli.commands.Import;
import pgp.cert_d.cli.commands.List; import pgp.cert_d.cli.commands.List;
import pgp.cert_d.cli.commands.Setup; import pgp.cert_d.cli.commands.Setup;
import pgp.cert_d.jdbc.sqlite.DatabaseSubkeyLookup; import pgp.cert_d.jdbc.sqlite.DatabaseSubkeyLookupFactory;
import pgp.cert_d.jdbc.sqlite.SqliteSubkeyLookupDaoImpl;
import pgp.certificate_store.SubkeyLookup;
import pgp.certificate_store.exception.NotAStoreException; import pgp.certificate_store.exception.NotAStoreException;
import pgp.certificate_store.CertificateDirectory;
import picocli.CommandLine; import picocli.CommandLine;
import java.io.File; import java.io.File;
@ -34,7 +30,8 @@ import java.sql.SQLException;
Import.class, Import.class,
Get.class, Get.class,
Setup.class, Setup.class,
List.class List.class,
Find.class
} }
) )
public class PGPCertDCli { public class PGPCertDCli {
@ -43,7 +40,7 @@ public class PGPCertDCli {
scope = CommandLine.ScopeType.INHERIT) scope = CommandLine.ScopeType.INHERIT)
File baseDirectory; File baseDirectory;
private static CertificateDirectory certificateDirectory; private static PGPainlessCertD certificateDirectory;
private int executionStrategy(CommandLine.ParseResult parseResult) { private int executionStrategy(CommandLine.ParseResult parseResult) {
try { try {
@ -55,19 +52,11 @@ public class PGPCertDCli {
} }
private void initStore() throws NotAStoreException, SQLException { private void initStore() throws NotAStoreException, SQLException {
SharedPGPCertificateDirectoryImpl certificateDirectory;
SubkeyLookup subkeyLookup;
if (baseDirectory == null) { if (baseDirectory == null) {
baseDirectory = BaseDirectoryProvider.getDefaultBaseDir(); baseDirectory = BaseDirectoryProvider.getDefaultBaseDir();
} }
certificateDirectory = new SharedPGPCertificateDirectoryImpl( PGPCertDCli.certificateDirectory = PGPainlessCertD.fileBased(baseDirectory, new DatabaseSubkeyLookupFactory());
baseDirectory,
new KeyReader());
subkeyLookup = new DatabaseSubkeyLookup(
SqliteSubkeyLookupDaoImpl.forDatabaseFile(new File(baseDirectory, "_pgpainless_subkey_map.db")));
PGPCertDCli.certificateDirectory = new SharedPGPCertificateDirectoryAdapter(certificateDirectory, subkeyLookup);
} }
public static void main(String[] args) { public static void main(String[] args) {
@ -77,7 +66,7 @@ public class PGPCertDCli {
.execute(args); .execute(args);
} }
public static CertificateDirectory getCertificateDirectory() { public static PGPainlessCertD getCertificateDirectory() {
return certificateDirectory; return certificateDirectory;
} }
} }

View file

@ -9,7 +9,7 @@ import org.bouncycastle.util.io.Streams;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import pgp.cert_d.cli.PGPCertDCli; import pgp.cert_d.cli.PGPCertDCli;
import pgp.certificate_store.Certificate; import pgp.certificate_store.certificate.Certificate;
import picocli.CommandLine; import picocli.CommandLine;
import java.io.IOException; import java.io.IOException;
@ -29,7 +29,7 @@ public class Export implements Runnable {
@Override @Override
public void run() { public void run() {
Iterator<Certificate> certificates = PGPCertDCli.getCertificateDirectory() Iterator<Certificate> certificates = PGPCertDCli.getCertificateDirectory()
.getCertificates(); .items();
OutputStream out = armor ? new ArmoredOutputStream(System.out) : System.out; OutputStream out = armor ? new ArmoredOutputStream(System.out) : System.out;
while (certificates.hasNext()) { while (certificates.hasNext()) {
try { try {

View file

@ -0,0 +1,57 @@
// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
//
// SPDX-License-Identifier: Apache-2.0
package pgp.cert_d.cli.commands;
import org.pgpainless.key.OpenPgpFingerprint;
import pgp.cert_d.cli.PGPCertDCli;
import picocli.CommandLine;
import java.io.IOException;
import java.math.BigInteger;
import java.util.Set;
import java.util.regex.Pattern;
@CommandLine.Command(name = "find",
resourceBundle = "msg_find")
public class Find implements Runnable {
private static final Pattern LONG_KEY_ID = Pattern.compile("^[0-9A-Fa-f]{16}$");
@CommandLine.Parameters(
paramLabel = "IDENTIFIER",
arity = "1")
String identifier;
@Override
public void run() {
if (identifier == null) {
throw new IllegalArgumentException("No subkey ID provided.");
}
identifier = identifier.trim();
long subkeyId = 0;
try {
OpenPgpFingerprint fingerprint = OpenPgpFingerprint.parse(identifier);
subkeyId = fingerprint.getKeyId();
} catch (IllegalArgumentException e) {
if (!LONG_KEY_ID.matcher(identifier).matches()) {
throw new IllegalArgumentException("Provided long key-id does not match expected format. " +
"A long key-id consists of 16 hexadecimal characters.");
}
subkeyId = new BigInteger(identifier, 16).longValue();
}
try {
Set<String> fingerprints = PGPCertDCli.getCertificateDirectory()
.getCertificateFingerprintsForSubkeyId(subkeyId);
for (String fingerprint : fingerprints) {
// CHECKSTYLE:OFF
System.out.println(fingerprint);
// CHECKSTYLE:ON
}
} catch (IOException e) {
throw new RuntimeException(e);
}
}
}

View file

@ -4,23 +4,31 @@
package pgp.cert_d.cli.commands; package pgp.cert_d.cli.commands;
import java.io.IOException; import org.bouncycastle.bcpg.ArmoredOutputStream;
import org.bouncycastle.openpgp.PGPKeyRing;
import org.bouncycastle.util.io.Streams; import org.bouncycastle.util.io.Streams;
import org.pgpainless.PGPainless;
import org.pgpainless.util.ArmorUtils;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import pgp.cert_d.SpecialNames;
import pgp.cert_d.cli.PGPCertDCli; import pgp.cert_d.cli.PGPCertDCli;
import pgp.certificate_store.Certificate; import pgp.certificate_store.certificate.KeyMaterial;
import pgp.certificate_store.exception.BadDataException; import pgp.certificate_store.exception.BadDataException;
import pgp.certificate_store.exception.BadNameException; import pgp.certificate_store.exception.BadNameException;
import picocli.CommandLine; import picocli.CommandLine;
import java.io.IOException;
@CommandLine.Command(name = "get", @CommandLine.Command(name = "get",
resourceBundle = "msg_get") resourceBundle = "msg_get")
public class Get implements Runnable { public class Get implements Runnable {
private static final Logger LOGGER = LoggerFactory.getLogger(Get.class); private static final Logger LOGGER = LoggerFactory.getLogger(Get.class);
@CommandLine.Option(names = {"-a", "--armor"})
boolean armor = false;
@CommandLine.Parameters( @CommandLine.Parameters(
paramLabel = "IDENTIFIER", paramLabel = "IDENTIFIER",
arity = "1" arity = "1"
@ -30,12 +38,25 @@ public class Get implements Runnable {
@Override @Override
public void run() { public void run() {
try { try {
Certificate certificate = PGPCertDCli.getCertificateDirectory() KeyMaterial record;
.getCertificate(identifer); if (SpecialNames.lookupSpecialName(identifer) != null) {
if (certificate == null) { record = PGPCertDCli.getCertificateDirectory().getBySpecialName(identifer);
} else {
record = PGPCertDCli.getCertificateDirectory().getByFingerprint(identifer.toLowerCase());
}
if (record == null) {
return; return;
} }
Streams.pipeAll(certificate.getInputStream(), System.out);
if (armor) {
PGPKeyRing keyRing = PGPainless.readKeyRing().keyRing(record.getInputStream());
ArmoredOutputStream armorOut = ArmorUtils.toAsciiArmoredStream(keyRing, System.out);
Streams.pipeAll(record.getInputStream(), armorOut);
armorOut.close();
} else {
Streams.pipeAll(record.getInputStream(), System.out);
}
} catch (IOException e) { } catch (IOException e) {
LOGGER.error("IO Error", e); LOGGER.error("IO Error", e);
System.exit(-1); System.exit(-1);

View file

@ -10,9 +10,9 @@ import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
import org.pgpainless.PGPainless; import org.pgpainless.PGPainless;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import pgp.cert_d.cli.MergeCallbacks; import org.pgpainless.certificate_store.MergeCallbacks;
import pgp.cert_d.cli.PGPCertDCli; import pgp.cert_d.cli.PGPCertDCli;
import pgp.certificate_store.Certificate; import pgp.certificate_store.certificate.Certificate;
import pgp.certificate_store.exception.BadDataException; import pgp.certificate_store.exception.BadDataException;
import picocli.CommandLine; import picocli.CommandLine;
@ -32,7 +32,7 @@ public class Import implements Runnable {
for (PGPPublicKeyRing cert : certificates) { for (PGPPublicKeyRing cert : certificates) {
ByteArrayInputStream certIn = new ByteArrayInputStream(cert.getEncoded()); ByteArrayInputStream certIn = new ByteArrayInputStream(cert.getEncoded());
Certificate certificate = PGPCertDCli.getCertificateDirectory() Certificate certificate = PGPCertDCli.getCertificateDirectory()
.insertCertificate(certIn, MergeCallbacks.mergeCertificates()); .insert(certIn, MergeCallbacks.mergeCertificates());
} }
} catch (IOException e) { } catch (IOException e) {
LOGGER.error("IO-Error.", e); LOGGER.error("IO-Error.", e);

View file

@ -6,9 +6,9 @@ package pgp.cert_d.cli.commands;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import pgp.cert_d.cli.MergeCallbacks; import org.pgpainless.certificate_store.MergeCallbacks;
import pgp.cert_d.cli.PGPCertDCli; import pgp.cert_d.cli.PGPCertDCli;
import pgp.certificate_store.Certificate; import pgp.certificate_store.certificate.Certificate;
import pgp.certificate_store.exception.BadDataException; import pgp.certificate_store.exception.BadDataException;
import picocli.CommandLine; import picocli.CommandLine;
@ -24,7 +24,7 @@ public class Insert implements Runnable {
public void run() { public void run() {
try { try {
Certificate certificate = PGPCertDCli.getCertificateDirectory() Certificate certificate = PGPCertDCli.getCertificateDirectory()
.insertCertificate(System.in, MergeCallbacks.mergeCertificates()); .insert(System.in, MergeCallbacks.mergeCertificates());
} catch (IOException e) { } catch (IOException e) {
LOGGER.error("IO-Error.", e); LOGGER.error("IO-Error.", e);
System.exit(-1); System.exit(-1);

View file

@ -5,7 +5,7 @@
package pgp.cert_d.cli.commands; package pgp.cert_d.cli.commands;
import pgp.cert_d.cli.PGPCertDCli; import pgp.cert_d.cli.PGPCertDCli;
import pgp.certificate_store.Certificate; import pgp.certificate_store.certificate.Certificate;
import picocli.CommandLine; import picocli.CommandLine;
import java.util.Iterator; import java.util.Iterator;
@ -18,7 +18,7 @@ public class List implements Runnable {
@Override @Override
public void run() { public void run() {
Iterator<Certificate> certificates = PGPCertDCli.getCertificateDirectory() Iterator<Certificate> certificates = PGPCertDCli.getCertificateDirectory()
.getCertificates(); .items();
while (certificates.hasNext()) { while (certificates.hasNext()) {
Certificate certificate = certificates.next(); Certificate certificate = certificates.next();
// CHECKSTYLE:OFF // CHECKSTYLE:OFF

View file

@ -15,7 +15,7 @@ import org.pgpainless.key.generation.type.eddsa.EdDSACurve;
import org.pgpainless.util.Passphrase; import org.pgpainless.util.Passphrase;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import pgp.cert_d.cli.MergeCallbacks; import org.pgpainless.certificate_store.MergeCallbacks;
import pgp.cert_d.cli.PGPCertDCli; import pgp.cert_d.cli.PGPCertDCli;
import pgp.certificate_store.exception.BadDataException; import pgp.certificate_store.exception.BadDataException;
import picocli.CommandLine; import picocli.CommandLine;

View file

@ -2,6 +2,7 @@
# #
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
usage.header=Export all certificates in the store to Standard Output usage.header=Export all certificates in the store to Standard Output
armor=Wrap the output in ASCII armor
# Generic TODO: Remove when bumping picocli to 4.7.0 # Generic TODO: Remove when bumping picocli to 4.7.0
usage.synopsisHeading=Usage:\u0020 usage.synopsisHeading=Usage:\u0020

View file

@ -2,6 +2,7 @@
# #
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
usage.header=Exportiere alle gespeicherten Zertifikate zur Standardausgabe usage.header=Exportiere alle gespeicherten Zertifikate zur Standardausgabe
armor=Verpacke the Ausgabe in ASCII Armor
# Generic TODO: Remove when bumping picocli to 4.7.0 # Generic TODO: Remove when bumping picocli to 4.7.0
usage.synopsisHeading=Aufruf:\u0020 usage.synopsisHeading=Aufruf:\u0020

View file

@ -0,0 +1,11 @@
# SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
#
# SPDX-License-Identifier: Apache-2.0
usage.header=Lookup primary certificate fingerprints by subkey ids or fingerprints
# Generic TODO: Remove when bumping picocli to 4.7.0
usage.synopsisHeading=Usage:\u0020
usage.commandListHeading = %nCommands:%n
usage.optionListHeading = %nOptions:%n
usage.footerHeading=Powered by picocli%n
store=Overwrite the default certificate directory path

View file

@ -0,0 +1,11 @@
# SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
#
# SPDX-License-Identifier: Apache-2.0
usage.header=Schlage primäre Fingerabdrücke von Zertifikaten per ID oder Fingerabdruck von Unterschlüsseln nach
# Generic TODO: Remove when bumping picocli to 4.7.0
usage.synopsisHeading=Aufruf:\u0020
usage.commandListHeading=%nBefehle:%n
usage.optionListHeading = %nOptionen:%n
usage.footerHeading=Powered by Picocli%n
store=Überschreibe den Standardpfad des Zertifikatsverzeichnisses

View file

@ -3,6 +3,7 @@
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
usage.header=Retrieve certificates from the store usage.header=Retrieve certificates from the store
IDENTIFIER[0]=Certificate identifier (fingerprint or special name) IDENTIFIER[0]=Certificate identifier (fingerprint or special name)
armor=Wrap the output in ASCII armor
# Generic TODO: Remove when bumping picocli to 4.7.0 # Generic TODO: Remove when bumping picocli to 4.7.0
usage.synopsisHeading=Usage:\u0020 usage.synopsisHeading=Usage:\u0020

View file

@ -3,6 +3,7 @@
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
usage.header=Frage Zertifikate aus dem Speicher ab usage.header=Frage Zertifikate aus dem Speicher ab
IDENTIFIER[0]=Zertifikatskennung (Fingerabdruck oder Spezialname) IDENTIFIER[0]=Zertifikatskennung (Fingerabdruck oder Spezialname)
armor=Verpacke the Ausgabe in ASCII Armor
# Generic TODO: Remove when bumping picocli to 4.7.0 # Generic TODO: Remove when bumping picocli to 4.7.0
usage.synopsisHeading=Aufruf:\u0020 usage.synopsisHeading=Aufruf:\u0020

View file

@ -34,6 +34,7 @@ dependencies {
// pgp.cert.d // pgp.cert.d
api "org.pgpainless:pgp-cert-d-java:$pgpCertDJavaVersion" api "org.pgpainless:pgp-cert-d-java:$pgpCertDJavaVersion"
api "org.pgpainless:pgp-certificate-store:$pgpCertDJavaVersion"
} }
animalsniffer { animalsniffer {

View file

@ -6,54 +6,26 @@ package org.pgpainless.certificate_store;
import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.util.encoders.Base64;
import org.pgpainless.key.OpenPgpFingerprint; import org.pgpainless.key.OpenPgpFingerprint;
import pgp.certificate_store.Certificate; import pgp.certificate_store.certificate.Certificate;
import java.io.ByteArrayInputStream;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.util.ArrayList;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.HashSet;
import java.util.Iterator; import java.util.Iterator;
import java.util.Set; import java.util.List;
public class CertificateFactory { public class CertificateFactory {
public static Certificate certificateFromPublicKeyRing(PGPPublicKeyRing publicKeyRing) { public static Certificate certificateFromPublicKeyRing(PGPPublicKeyRing publicKeyRing, Long tag)
return new Certificate() { throws IOException {
@Override byte[] bytes = publicKeyRing.getEncoded();
public String getFingerprint() { String fingerprint = OpenPgpFingerprint.of(publicKeyRing).toString().toLowerCase();
return OpenPgpFingerprint.of(publicKeyRing).toString().toLowerCase(); List<Long> subkeyIds = new ArrayList<>();
}
@Override
public InputStream getInputStream() throws IOException {
return new ByteArrayInputStream(publicKeyRing.getEncoded());
}
@Override
public String getTag() throws IOException {
MessageDigest digest;
try {
digest = MessageDigest.getInstance("SHA-256");
} catch (NoSuchAlgorithmException e) {
throw new AssertionError("No MessageDigest for SHA-256 instantiated, although BC is on the classpath: " + e.getMessage());
}
digest.update(publicKeyRing.getEncoded());
return Base64.toBase64String(digest.digest());
}
@Override
public Set<Long> getSubkeyIds() throws IOException {
Set<Long> keyIds = new HashSet<>();
Iterator<PGPPublicKey> keys = publicKeyRing.getPublicKeys(); Iterator<PGPPublicKey> keys = publicKeyRing.getPublicKeys();
while (keys.hasNext()) { while (keys.hasNext()) {
keyIds.add(keys.next().getKeyID()); subkeyIds.add(keys.next().getKeyID());
} }
return keyIds;
} return new Certificate(bytes, fingerprint, subkeyIds, tag);
};
} }
} }

View file

@ -6,49 +6,18 @@ package org.pgpainless.certificate_store;
import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRing; import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.util.encoders.Base64;
import org.pgpainless.PGPainless; import org.pgpainless.PGPainless;
import pgp.certificate_store.Certificate; import pgp.certificate_store.certificate.Certificate;
import pgp.certificate_store.Key; import pgp.certificate_store.certificate.Key;
import java.io.ByteArrayInputStream;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
public class KeyFactory { public class KeyFactory {
public static Key keyFromSecretKeyRing(PGPSecretKeyRing secretKeyRing) { public static Key keyFromSecretKeyRing(PGPSecretKeyRing secretKeyRing, Long tag) throws IOException {
byte[] bytes = secretKeyRing.getEncoded();
return new Key() { PGPPublicKeyRing publicKeyRing = PGPainless.extractCertificate(secretKeyRing);
@Override Certificate certificate = CertificateFactory.certificateFromPublicKeyRing(publicKeyRing, tag);
public String getFingerprint() { return new Key(bytes, certificate, tag);
return getCertificate().getFingerprint();
}
@Override
public Certificate getCertificate() {
PGPPublicKeyRing publicKeys = PGPainless.extractCertificate(secretKeyRing);
return CertificateFactory.certificateFromPublicKeyRing(publicKeys);
}
@Override
public InputStream getInputStream() throws IOException {
return new ByteArrayInputStream(secretKeyRing.getEncoded());
}
@Override
public String getTag() throws IOException {
MessageDigest digest;
try {
digest = MessageDigest.getInstance("SHA-256");
} catch (NoSuchAlgorithmException e) {
throw new AssertionError("No MessageDigest for SHA-256 instantiated, although BC is on the classpath: " + e.getMessage());
}
digest.update(secretKeyRing.getEncoded());
return Base64.toBase64String(digest.digest());
}
};
} }
} }

View file

@ -8,22 +8,22 @@ import org.bouncycastle.openpgp.PGPKeyRing;
import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRing; import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.pgpainless.PGPainless; import org.pgpainless.PGPainless;
import pgp.certificate_store.KeyMaterial; import pgp.certificate_store.certificate.KeyMaterial;
import pgp.certificate_store.KeyReaderBackend; import pgp.certificate_store.certificate.KeyMaterialReaderBackend;
import pgp.certificate_store.exception.BadDataException; import pgp.certificate_store.exception.BadDataException;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
public class KeyReader implements KeyReaderBackend { public class KeyMaterialReader implements KeyMaterialReaderBackend {
@Override @Override
public KeyMaterial read(InputStream data) throws IOException, BadDataException { public KeyMaterial read(InputStream data, Long tag) throws IOException, BadDataException {
final PGPKeyRing keyRing = PGPainless.readKeyRing().keyRing(data); PGPKeyRing keyMaterial = PGPainless.readKeyRing().keyRing(data);
if (keyRing instanceof PGPPublicKeyRing) { if (keyMaterial instanceof PGPSecretKeyRing) {
return CertificateFactory.certificateFromPublicKeyRing((PGPPublicKeyRing) keyRing); return KeyFactory.keyFromSecretKeyRing((PGPSecretKeyRing) keyMaterial, tag);
} else if (keyRing instanceof PGPSecretKeyRing) { } else if (keyMaterial instanceof PGPPublicKeyRing) {
return KeyFactory.keyFromSecretKeyRing((PGPSecretKeyRing) keyRing); return CertificateFactory.certificateFromPublicKeyRing((PGPPublicKeyRing) keyMaterial, tag);
} else { } else {
throw new BadDataException(); throw new BadDataException();
} }

View file

@ -0,0 +1,173 @@
// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
//
// SPDX-License-Identifier: Apache-2.0
package org.pgpainless.certificate_store;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPKeyRing;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.pgpainless.PGPainless;
import org.pgpainless.key.OpenPgpFingerprint;
import pgp.certificate_store.certificate.KeyMaterial;
import pgp.certificate_store.certificate.KeyMaterialMerger;
import pgp.certificate_store.exception.BadDataException;
import java.io.IOException;
import java.util.Arrays;
import java.util.Iterator;
public class MergeCallbacks {
/**
* Return a {@link KeyMaterialMerger} that merges the two copies of the same certificate (same primary key) into one
* combined certificate.
*
* @return merging callback
*/
public static KeyMaterialMerger mergeCertificates() {
return new KeyMaterialMerger() {
@Override
public KeyMaterial merge(KeyMaterial data, KeyMaterial existing) throws IOException {
if (data == null) {
return existing;
}
if (existing == null) {
return data;
}
try {
PGPKeyRing existingKeyRing = PGPainless.readKeyRing().keyRing(existing.getInputStream());
PGPKeyRing updatedKeyRing = PGPainless.readKeyRing().keyRing(data.getInputStream());
PGPKeyRing mergedKeyRing;
if (existingKeyRing instanceof PGPPublicKeyRing) {
PGPPublicKeyRing existingCert = (PGPPublicKeyRing) existingKeyRing;
if (updatedKeyRing instanceof PGPPublicKeyRing) {
mergedKeyRing = PGPPublicKeyRing.join(existingCert, (PGPPublicKeyRing) updatedKeyRing);
} else if (updatedKeyRing instanceof PGPSecretKeyRing) {
PGPPublicKeyRing updatedPublicKeys = PGPainless.extractCertificate((PGPSecretKeyRing) updatedKeyRing);
PGPPublicKeyRing mergedPublicKeys = PGPPublicKeyRing.join(existingCert, updatedPublicKeys);
updatedKeyRing = PGPSecretKeyRing.replacePublicKeys((PGPSecretKeyRing) updatedKeyRing, mergedPublicKeys);
mergedKeyRing = updatedKeyRing;
} else {
throw new IOException(new BadDataException());
}
} else if (existingKeyRing instanceof PGPSecretKeyRing) {
PGPSecretKeyRing existingKey = (PGPSecretKeyRing) existingKeyRing;
PGPPublicKeyRing existingCert = PGPainless.extractCertificate(existingKey);
if (updatedKeyRing instanceof PGPPublicKeyRing) {
PGPPublicKeyRing updatedCert = (PGPPublicKeyRing) updatedKeyRing;
PGPPublicKeyRing mergedCert = PGPPublicKeyRing.join(existingCert, updatedCert);
mergedKeyRing = PGPSecretKeyRing.replacePublicKeys(existingKey, mergedCert);
} else if (updatedKeyRing instanceof PGPSecretKeyRing) {
PGPSecretKeyRing updatedKey = (PGPSecretKeyRing) updatedKeyRing;
if (!Arrays.equals(existingKey.getEncoded(), updatedKey.getEncoded())) {
// Merging secret keys is not supported.
return existing;
}
mergedKeyRing = existingKeyRing;
} else {
throw new IOException(new BadDataException());
}
} else {
throw new IOException(new BadDataException());
}
printOutDifferences(existingKeyRing, mergedKeyRing);
if (mergedKeyRing instanceof PGPPublicKeyRing) {
return CertificateFactory.certificateFromPublicKeyRing((PGPPublicKeyRing) mergedKeyRing, null);
} else {
return KeyFactory.keyFromSecretKeyRing((PGPSecretKeyRing) mergedKeyRing, null);
}
} catch (PGPException e) {
throw new RuntimeException(e);
}
}
private void printOutDifferences(PGPKeyRing existingCert, PGPKeyRing mergedCert) {
int numSigsBefore = countSigs(existingCert);
int numSigsAfter = countSigs(mergedCert);
int newSigs = numSigsAfter - numSigsBefore;
int numUidsBefore = count(existingCert.getPublicKey().getUserIDs());
int numUidsAfter = count(mergedCert.getPublicKey().getUserIDs());
int newUids = numUidsAfter - numUidsBefore;
if (!existingCert.equals(mergedCert)) {
OpenPgpFingerprint fingerprint = OpenPgpFingerprint.of(mergedCert);
StringBuilder sb = new StringBuilder();
sb.append(String.format("Certificate %s has", fingerprint));
if (newSigs != 0) {
sb.append(String.format(" %d new signatures", newSigs));
}
if (newUids != 0) {
if (newSigs != 0) {
sb.append(" and");
}
sb.append(String.format(" %d new UIDs", newUids));
}
if (newSigs == 0 && newUids == 0) {
sb.append(" changed");
}
// In this case it is okay to print to stdout, since we are a CLI app
// CHECKSTYLE:OFF
System.out.println(sb);
// CHECKSTYLE:ON
}
}
private int countSigs(PGPKeyRing keys) {
int numSigs = 0;
Iterator<PGPPublicKey> iterator = keys.getPublicKeys();
while (iterator.hasNext()) {
PGPPublicKey key = iterator.next();
numSigs += count(key.getSignatures());
}
return numSigs;
}
// TODO: Use CollectionUtils.count() once available
private int count(Iterator<?> iterator) {
int num = 0;
while (iterator.hasNext()) {
iterator.next();
num++;
}
return num;
}
};
}
/**
* Return an implementation of {@link KeyMaterialMerger} that ignores the existing certificate and instead
* returns the first instance.
*
* @return overriding callback
*/
public static KeyMaterialMerger overrideCertificate() {
// noinspection Convert2Lambda
return new KeyMaterialMerger() {
@Override
public KeyMaterial merge(KeyMaterial data, KeyMaterial existing) {
return data;
}
};
}
public static KeyMaterialMerger overrideKey() {
// noinspection Convert2Lambda
return new KeyMaterialMerger() {
@Override
public KeyMaterial merge(KeyMaterial data, KeyMaterial existing) {
return data;
}
};
}
}

View file

@ -0,0 +1,43 @@
// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
//
// SPDX-License-Identifier: Apache-2.0
package org.pgpainless.certificate_store;
import pgp.cert_d.BaseDirectoryProvider;
import pgp.cert_d.backend.FileBasedCertificateDirectoryBackend;
import pgp.cert_d.backend.InMemoryCertificateDirectoryBackend;
import pgp.cert_d.PGPCertificateDirectory;
import pgp.cert_d.subkey_lookup.InMemorySubkeyLookup;
import pgp.cert_d.subkey_lookup.SubkeyLookup;
import pgp.cert_d.subkey_lookup.SubkeyLookupFactory;
import pgp.certificate_store.exception.NotAStoreException;
import java.io.File;
public class PGPainlessCertD extends PGPCertificateDirectory {
private static final KeyMaterialReader keyMaterialReader = new KeyMaterialReader();
public PGPainlessCertD(Backend backend, SubkeyLookup subkeyLookup) {
super(backend, subkeyLookup);
}
public static PGPainlessCertD inMemory() {
Backend backend = new InMemoryCertificateDirectoryBackend(keyMaterialReader);
SubkeyLookup subkeyLookup = new InMemorySubkeyLookup();
return new PGPainlessCertD(backend, subkeyLookup);
}
public static PGPainlessCertD fileBased(SubkeyLookupFactory subkeyLookupFactory)
throws NotAStoreException {
return fileBased(BaseDirectoryProvider.getDefaultBaseDir(), subkeyLookupFactory);
}
public static PGPainlessCertD fileBased(File baseDirectory, SubkeyLookupFactory subkeyLookupFactory)
throws NotAStoreException {
Backend backend = new FileBasedCertificateDirectoryBackend(baseDirectory, keyMaterialReader);
SubkeyLookup subkeyLookup = subkeyLookupFactory.createFileBasedInstance(baseDirectory);
return new PGPainlessCertD(backend, subkeyLookup);
}
}

View file

@ -1,145 +0,0 @@
// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
//
// SPDX-License-Identifier: Apache-2.0
package org.pgpainless.certificate_store;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import pgp.cert_d.SharedPGPCertificateDirectory;
import pgp.cert_d.SpecialNames;
import pgp.certificate_store.Certificate;
import pgp.certificate_store.CertificateDirectory;
import pgp.certificate_store.CertificateMerger;
import pgp.certificate_store.CertificateStore;
import pgp.certificate_store.Key;
import pgp.certificate_store.KeyMerger;
import pgp.certificate_store.SubkeyLookup;
import pgp.certificate_store.exception.BadDataException;
import pgp.certificate_store.exception.BadNameException;
/**
* Adapter class used to adapt the {@link SharedPGPCertificateDirectory} for use with
* {@link CertificateDirectory}.
*/
public class SharedPGPCertificateDirectoryAdapter
implements CertificateStore {
private final SharedPGPCertificateDirectory directory;
private final SubkeyLookup subkeyLookup;
/**
* Create an adapter to use {@link SharedPGPCertificateDirectory} objects as {@link CertificateDirectory CertificateStores}.
*
* @param directory directory instance
*/
public SharedPGPCertificateDirectoryAdapter(SharedPGPCertificateDirectory directory, SubkeyLookup subkeyLookup) {
this.directory = directory;
this.subkeyLookup = subkeyLookup;
}
@Override
public Certificate getCertificate(String identifier)
throws IOException, BadDataException, BadNameException {
String specialName = SpecialNames.lookupSpecialName(identifier);
if (specialName != null) {
return directory.getBySpecialName(specialName);
}
return directory.getByFingerprint(identifier.toLowerCase());
}
@Override
public Certificate getCertificateIfChanged(String identifier, String tag)
throws IOException, BadDataException, BadNameException {
String specialName = SpecialNames.lookupSpecialName(identifier);
if (specialName != null) {
return directory.getBySpecialNameIfChanged(specialName, tag);
}
return directory.getByFingerprintIfChanged(identifier.toLowerCase(), tag);
}
@Override
public Certificate insertCertificate(InputStream data, CertificateMerger merge)
throws IOException, InterruptedException, BadDataException {
Certificate certificate = directory.insert(data, merge);
storeIdentifierForSubkeys(certificate);
return certificate;
}
@Override
public Certificate tryInsertCertificate(InputStream data, CertificateMerger merge)
throws IOException, BadDataException {
Certificate certificate = directory.tryInsert(data, merge);
storeIdentifierForSubkeys(certificate);
return certificate;
}
@Override
public Certificate insertCertificateBySpecialName(String specialName, InputStream data, CertificateMerger merge)
throws IOException, InterruptedException, BadDataException, BadNameException {
return directory.insertWithSpecialName(specialName, data, merge);
}
@Override
public Certificate tryInsertCertificateBySpecialName(String specialName, InputStream data, CertificateMerger merge)
throws IOException, BadDataException, BadNameException {
return directory.tryInsertWithSpecialName(specialName, data, merge);
}
@Override
public Iterator<Certificate> getCertificates() {
return directory.items();
}
@Override
public Iterator<String> getFingerprints() {
return directory.fingerprints();
}
private void storeIdentifierForSubkeys(Certificate certificate) throws IOException {
if (certificate == null) {
return;
}
String fingerprint = certificate.getFingerprint();
storeCertificateSubkeyIds(fingerprint, new ArrayList<>(certificate.getSubkeyIds()));
}
@Override
public Set<String> getCertificateFingerprintsForSubkeyId(long subkeyId) throws IOException {
return subkeyLookup.getCertificateFingerprintsForSubkeyId(subkeyId);
}
@Override
public void storeCertificateSubkeyIds(String certificate, List<Long> subkeyIds) throws IOException {
subkeyLookup.storeCertificateSubkeyIds(certificate, subkeyIds);
}
@Override
public Key getTrustRoot() throws IOException, BadDataException {
return directory.getTrustRoot();
}
@Override
public Key getTrustRootIfChanged(String tag) throws IOException, BadDataException {
return directory.getTrustRootIfChanged(tag);
}
@Override
public Key insertTrustRoot(InputStream data, KeyMerger keyMerger) throws IOException, InterruptedException, BadDataException {
return directory.insertTrustRoot(data, keyMerger);
}
@Override
public Key tryInsertTrustRoot(InputStream data, KeyMerger keyMerger) throws IOException, BadDataException {
return directory.tryInsertTrustRoot(data, keyMerger);
}
}

View file

@ -1,230 +0,0 @@
// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
//
// SPDX-License-Identifier: Apache-2.0
package org.pgpainless.cert_d;
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertNull;
import static org.junit.jupiter.api.Assertions.assertThrows;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.nio.file.Files;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.bouncycastle.util.encoders.Hex;
import org.bouncycastle.util.io.Streams;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.pgpainless.certificate_store.KeyReader;
import org.pgpainless.certificate_store.SharedPGPCertificateDirectoryAdapter;
import pgp.cert_d.InMemorySubkeyLookup;
import pgp.cert_d.SharedPGPCertificateDirectoryImpl;
import pgp.certificate_store.CertificateStore;
import pgp.certificate_store.exception.BadDataException;
import pgp.certificate_store.exception.BadNameException;
import pgp.certificate_store.exception.NotAStoreException;
import pgp.certificate_store.Certificate;
public class SharedPGPCertificateDirectoryAdapterTest {
private static final String testCertificate = "98330462069cc616092b06010401da470f010107400db5906b09f701ab1f7f96087eedab6ba44c02fcbd2470137cfeacac5a2d032db405416c696365888f0413160a0041050262069cc609906f054e826378552516a104505b134a7e62f0f154ec3d036f054e8263785525029e01029b01059602030100048b09080705950a09080b0299010000a12600fd117925c0f2192ef5b2a44e3d3038e2a7ce5ba0343fc2dfb661a3a46d1276fb380100bf2872e7e36b63f61ae3556464c4a04344e7d36e0d7313e623effb0290ce0b0fb8380462069cc6120a2b06010401975501050101074034ffd523242385fe92034a5e326a82f4edff614516cc1028ca91fb653557f25b0301080788750418160a001d050262069cc6029e01029b0c059602030100048b09080705950a09080b000a09106f054e8263785525391400ff4eb85df8ddfc15e94c9cf28bc0aa9d0426b571ca64c5421be5889d5410d8632f00fd1ac5e9aed683e711282489d8980222d2ceff15c5ce0499fcb36716d850749406b8330462069cc616092b06010401da470f0101074058f296fb7ce456039856144db677f14018963a8bfd281c84aaeebe7e14df8f1c88d50418160a007d050262069cc6029e01029b02059602030100048b09080705950a09080b5f200419160a0006050262069cc6000a09108119c86e0a4c6dc73a7600ff5e25427da84d824cc3f8890bc6bd037f423f610006e1249b1aad3d7f70ac47a100fc08e67a6a945c1feec301df9dc27e7ea4e61d107d0720e814eea1dc4f1da20a08000a09106f054e8263785525359700ff4ce78cf267c261468322de906118d4f003ceefa72fa3b86119e26f99be3727fc00fe3895207c4aac814549f0189d2f494f5b1fcee7f6da344e63a0c32743b216b406";
private static final String testCertFingerprint = "505b134a7e62f0f154ec3d036f054e8263785525";
private static final long testCertificateSubkey1 = 7999886635015099685L;
private static final long testCertificateSubkey2 = -5375724347241457298L;
private static final long testCertificateSubkey3 = -9144057193454342713L;
private SharedPGPCertificateDirectoryAdapter adapter;
private CertificateStore store;
@BeforeEach
public void setupInstance() throws IOException, NotAStoreException {
adapter = new SharedPGPCertificateDirectoryAdapter(
new SharedPGPCertificateDirectoryImpl(tempDir(), new KeyReader()),
new InMemorySubkeyLookup());
store = adapter;
}
private static File tempDir() throws IOException {
File tempDir = Files.createTempDirectory("pgp.cert.d-").toFile();
tempDir.deleteOnExit();
return tempDir;
}
@Test
public void getNonExistentCertIsNull() throws IOException, BadDataException, BadNameException {
assertNull(store.getCertificate("eb85bb5fa33a75e15e944e63f231550c4f47e38e"));
}
@Test
public void getInvalidIdentifierThrows() {
assertThrows(BadNameException.class, () -> store.getCertificate("invalid"));
}
@Test
public void insertAndGet() throws IOException, InterruptedException, BadDataException, BadNameException {
byte[] bytes = Hex.decode(testCertificate);
ByteArrayInputStream byteIn = new ByteArrayInputStream(bytes);
String fingerprint = testCertFingerprint;
Certificate certificate = store.insertCertificate(byteIn, (data, existing) -> data);
assertEquals(fingerprint, certificate.getFingerprint());
Set<Long> expectedSubkeys = new HashSet<>(Arrays.asList(testCertificateSubkey1, testCertificateSubkey2, testCertificateSubkey3));
Set<Long> subkeys = certificate.getSubkeyIds();
assertEquals(expectedSubkeys, subkeys);
for (long subkey : subkeys) {
assertEquals(Collections.singleton(fingerprint), store.getCertificateFingerprintsForSubkeyId(subkey));
}
Certificate retrieved = store.getCertificate(fingerprint);
assertNotNull(retrieved);
ByteArrayOutputStream retrievedOut = new ByteArrayOutputStream();
Streams.pipeAll(retrieved.getInputStream(), retrievedOut);
assertArrayEquals(bytes, retrievedOut.toByteArray());
}
@Test
public void tryInsertAndGet() throws IOException, BadDataException, BadNameException {
byte[] bytes = Hex.decode(testCertificate);
ByteArrayInputStream byteIn = new ByteArrayInputStream(bytes);
String fingerprint = testCertFingerprint;
Certificate certificate = store.tryInsertCertificate(byteIn, (data, existing) -> data);
assertEquals(fingerprint, certificate.getFingerprint());
Set<Long> subkeys = certificate.getSubkeyIds();
assertEquals(3, subkeys.size());
for (long subkey : subkeys) {
assertEquals(Collections.singleton(fingerprint), store.getCertificateFingerprintsForSubkeyId(subkey));
}
Certificate retrieved = store.getCertificate(fingerprint);
assertNotNull(retrieved);
ByteArrayOutputStream retrievedOut = new ByteArrayOutputStream();
Streams.pipeAll(retrieved.getInputStream(), retrievedOut);
assertArrayEquals(bytes, retrievedOut.toByteArray());
}
@Test
public void insertAndGetIfChanged() throws IOException, InterruptedException, BadDataException, BadNameException {
byte[] bytes = Hex.decode(testCertificate);
ByteArrayInputStream byteIn = new ByteArrayInputStream(bytes);
String fingerprint = testCertFingerprint;
Certificate certificate = store.insertCertificate(byteIn, (data, existing) -> data);
String tag = certificate.getTag();
assertNull(store.getCertificateIfChanged(fingerprint, tag));
assertNotNull(store.getCertificateIfChanged(fingerprint, "invalid"));
}
@Test
public void insertBySpecialNameAndGet() throws IOException, InterruptedException, BadDataException, BadNameException {
byte[] bytes = Hex.decode(testCertificate);
ByteArrayInputStream byteIn = new ByteArrayInputStream(bytes);
String fingerprint = testCertFingerprint;
String identifier = "trust-root";
Certificate certificate = store.insertCertificateBySpecialName(identifier, byteIn, (data, existing) -> data);
assertEquals(fingerprint, certificate.getFingerprint());
Certificate retrieved = store.getCertificate(identifier);
assertNotNull(retrieved);
ByteArrayOutputStream retrievedOut = new ByteArrayOutputStream();
Streams.pipeAll(retrieved.getInputStream(), retrievedOut);
assertArrayEquals(bytes, retrievedOut.toByteArray());
}
@Test
public void tryInsertBySpecialNameAndGet() throws IOException, BadDataException, BadNameException {
byte[] bytes = Hex.decode(testCertificate);
ByteArrayInputStream byteIn = new ByteArrayInputStream(bytes);
String fingerprint = testCertFingerprint;
String identifier = "trust-root";
Certificate certificate = store.tryInsertCertificateBySpecialName(identifier, byteIn, (data, existing) -> data);
assertEquals(fingerprint, certificate.getFingerprint());
Certificate retrieved = store.getCertificate(identifier);
assertNotNull(retrieved);
ByteArrayOutputStream retrievedOut = new ByteArrayOutputStream();
Streams.pipeAll(retrieved.getInputStream(), retrievedOut);
assertArrayEquals(bytes, retrievedOut.toByteArray());
}
@Test
public void insertBySpecialNameAndGetIfChanged() throws IOException, InterruptedException, BadDataException, BadNameException {
byte[] bytes = Hex.decode(testCertificate);
ByteArrayInputStream byteIn = new ByteArrayInputStream(bytes);
String fingerprint = testCertFingerprint;
String identifier = "trust-root";
Certificate certificate = store.insertCertificateBySpecialName(identifier, byteIn, (data, existing) -> data);
String tag = certificate.getTag();
certificate = store.getCertificateIfChanged(identifier, tag);
assertNull(certificate);
certificate = store.getCertificateIfChanged(identifier, "invalid");
assertNotNull(certificate);
assertEquals(fingerprint, certificate.getFingerprint());
}
@Test
public void getItemsAndFingerprints() throws IOException, InterruptedException, BadDataException, BadNameException {
byte[] bytes1 = Hex.decode(testCertificate);
ByteArrayInputStream byteIn1 = new ByteArrayInputStream(bytes1);
Certificate firstCert = store.insertCertificate(byteIn1, (data, existing) -> data);
byte[] bytes2 = Hex.decode("9833046206a37516092b06010401da470f010107409f55baab1599044096ba901d69854cf5307b84b0542871b15db3dd4c62664f37b403426f62888f0413160a004105026206a3750990ba01b5a9eea7e76716a104f1d47fb85ad74549a37974f3ba01b5a9eea7e767029e01029b01059602030100048b09080705950a09080b0299010000e6170100e08374a6fd32d0b4be2d3f7c75d3f6c13cb47b1b73589aa452a1b2a16b888b5000fe274e6565ab9faa34338cf4d805663f8775fdee4ec6a0fdf1ec2cf84b72907f05b838046206a375120a2b0601040197550105010107405641e74d2dda92003ce200422c3ab6f3562fc49a8ecc67ea02593988442b23780301080788750418160a001d05026206a375029e01029b0c059602030100048b09080705950a09080b000a0910ba01b5a9eea7e76732850100910a6049779773f455226cd91645884842b91017796287a634104ab5364a0c0d00fe20b5febb17de271394f31128f709c307c0bbca4f9502570744bd54e6dc9c2209b833046206a37516092b06010401da470f0101074059f008928cb69b48bed07a639f03f43a48808aade67109cd658f54bddefa5ec288d50418160a007d05026206a375029e01029b02059602030100048b09080705950a09080b5f200419160a000605026206a375000a0910dcdb34f4068368c0dffb010095fb1f6daac239bf3221d9d2ecc81b6cb258c2b058a300a7e103f7f36a58bf1900fe273a9eaaa03b613236df22bebcbbd69d7c02caf1b7af4fa29320c8d96d32310f000a0910ba01b5a9eea7e7671de20100a5044d24a9d860f9af7e8b9a095d4eac8820fad8b045e70be1ae5607fa4d6b4f010097b53d1527f3b3e3d3b78367c8269c999ee37575a51ffc582f73d2cba4df080f");
ByteArrayInputStream byteIn2 = new ByteArrayInputStream(bytes2);
Certificate secondCert = store.insertCertificate(byteIn2, ((data, existing) -> data));
String trustRootHex = "9833046206a57e16092b06010401da470f010107401ad7351d9766843bf11a8414f68790df0649fad8b01c244323f47e4ebc87fc35b40a74727573742d726f6f74888f0413160a004105026206a57f09907c619691ddee5fc216a10489e1e05cb458758d0729eb0c7c619691ddee5fc2029e01029b01059602030100048b09080705950a09080b029901000080c100ff45d97dda133895e337416266f1ff2c38ff3947ecfbfe21328d51bc877ccba367010096698a5fbac9444b7b28b96389c66ca405821f04871f1bbbf5b5bf8b800f9104b838046206a57f120a2b06010401975501050101074074ff41705c50e8f27b18df40a53aded6cacd2ce4f88b471c7130036010ca60240301080788750418160a001d05026206a57f029e01029b0c059602030100048b09080705950a09080b000a09107c619691ddee5fc27b3c0100fba12230adf80a6a7a376b9568481ab4ae86628274db67412074cb4a846011a200ff437e4047bbafec42b41594b296f8be93fc03482b2d35ac92e87ce632b86bc900b833046206a57f16092b06010401da470f01010740ce99f97d1f0b5aa2f4e6f2a7a2aa231da8c2a2f489a593b747983a750f3928ae88d50418160a007d05026206a57f029e01029b02059602030100048b09080705950a09080b5f200419160a000605026206a57f000a0910b905cb706dec67e3f6050100a7ae51ea07f3d0d493fd1fdfbcbbe112c19de8dbbd29e03ba5e755345444402300fe2663252eeca21772012c5dc4eb9efa4e01566dffbb44e7d1536181eb3f8b420e000a09107c619691ddee5fc2a4190100fdbedf9defd5d30bad77937a5589441ef336028613a6fcfc4a959bee51de134e00fd128628567b66fa03ef099d6936324f7593e2060608b433828d336dda552e2c04";
byte[] trustRootBytes = Hex.decode(trustRootHex);
ByteArrayInputStream trustRootIn = new ByteArrayInputStream(trustRootBytes);
Certificate trustRoot = store.insertCertificateBySpecialName("trust-root", trustRootIn, (data, existing) -> data);
Set<String> expectedFingerprints = new HashSet<>();
expectedFingerprints.add(firstCert.getFingerprint());
expectedFingerprints.add(secondCert.getFingerprint());
Iterator<Certificate> certificateIterator = store.getCertificates();
Set<String> actualFingerprints = new HashSet<>();
Certificate c = certificateIterator.next();
actualFingerprints.add(c.getFingerprint());
c = certificateIterator.next();
actualFingerprints.add(c.getFingerprint());
assertFalse(certificateIterator.hasNext());
assertEquals(expectedFingerprints, actualFingerprints);
assertFalse(actualFingerprints.contains(trustRoot.getFingerprint()));
Iterator<String> fingerprintIterator = store.getFingerprints();
actualFingerprints = new HashSet<>();
actualFingerprints.add(fingerprintIterator.next());
actualFingerprints.add(fingerprintIterator.next());
assertFalse(fingerprintIterator.hasNext());
assertEquals(expectedFingerprints, actualFingerprints);
assertFalse(actualFingerprints.contains(trustRoot.getFingerprint()));
}
}

View file

@ -8,7 +8,6 @@ import static org.junit.jupiter.api.Assertions.assertArrayEquals;
import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertNull; import static org.junit.jupiter.api.Assertions.assertNull;
import static org.junit.jupiter.api.Assumptions.assumeTrue;
import java.io.ByteArrayInputStream; import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream; import java.io.ByteArrayOutputStream;
@ -32,36 +31,31 @@ import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.MethodSource; import org.junit.jupiter.params.provider.MethodSource;
import org.pgpainless.PGPainless; import org.pgpainless.PGPainless;
import org.pgpainless.algorithm.KeyFlag; import org.pgpainless.algorithm.KeyFlag;
import org.pgpainless.certificate_store.KeyReader; import org.pgpainless.certificate_store.PGPainlessCertD;
import org.pgpainless.key.OpenPgpFingerprint; import org.pgpainless.key.OpenPgpFingerprint;
import org.pgpainless.key.generation.KeySpec; import org.pgpainless.key.generation.KeySpec;
import org.pgpainless.key.generation.type.KeyType; import org.pgpainless.key.generation.type.KeyType;
import org.pgpainless.key.generation.type.eddsa.EdDSACurve; import org.pgpainless.key.generation.type.eddsa.EdDSACurve;
import pgp.cert_d.CachingSharedPGPCertificateDirectoryWrapper; import pgp.cert_d.subkey_lookup.InMemorySubkeyLookupFactory;
import pgp.cert_d.FileLockingMechanism; import pgp.certificate_store.certificate.Certificate;
import pgp.cert_d.SharedPGPCertificateDirectory; import pgp.certificate_store.certificate.KeyMaterial;
import pgp.cert_d.SharedPGPCertificateDirectoryImpl; import pgp.certificate_store.certificate.KeyMaterialMerger;
import pgp.certificate_store.CertificateMerger;
import pgp.certificate_store.exception.BadDataException; import pgp.certificate_store.exception.BadDataException;
import pgp.certificate_store.exception.BadNameException; import pgp.certificate_store.exception.BadNameException;
import pgp.certificate_store.exception.NotAStoreException; import pgp.certificate_store.exception.NotAStoreException;
import pgp.certificate_store.Certificate;
public class SharedPGPCertificateDirectoryTest { public class SharedPGPCertificateDirectoryTest {
private static CertificateMerger dummyMerge = new CertificateMerger() { private static KeyMaterialMerger dummyMerge = new KeyMaterialMerger() {
@Override @Override
public Certificate merge(Certificate data, Certificate existing) { public KeyMaterial merge(KeyMaterial data, KeyMaterial existing) {
return data; return data;
} }
}; };
private static Stream<SharedPGPCertificateDirectory> provideTestSubjects() throws IOException, NotAStoreException { private static Stream<PGPainlessCertD> provideTestSubjects() throws IOException, NotAStoreException {
return Stream.of( return Stream.of(
new SharedPGPCertificateDirectoryImpl(tempDir(), new KeyReader()), PGPainlessCertD.fileBased(tempDir(), new InMemorySubkeyLookupFactory()));
new CachingSharedPGPCertificateDirectoryWrapper(
new SharedPGPCertificateDirectoryImpl(tempDir(), new KeyReader()))
);
} }
private static File tempDir() throws IOException { private static File tempDir() throws IOException {
@ -72,7 +66,7 @@ public class SharedPGPCertificateDirectoryTest {
@ParameterizedTest @ParameterizedTest
@MethodSource("provideTestSubjects") @MethodSource("provideTestSubjects")
public void simpleInsertGet(SharedPGPCertificateDirectory directory) public void simpleInsertGet(PGPainlessCertD directory)
throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException, throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException,
BadDataException, InterruptedException, BadNameException { BadDataException, InterruptedException, BadNameException {
PGPSecretKeyRing key = PGPainless.generateKeyRing().modernKeyRing("Alice"); PGPSecretKeyRing key = PGPainless.generateKeyRing().modernKeyRing("Alice");
@ -87,10 +81,6 @@ public class SharedPGPCertificateDirectoryTest {
Certificate certificate = directory.insert(certIn, dummyMerge); Certificate certificate = directory.insert(certIn, dummyMerge);
assertEquals(fingerprint.toString().toLowerCase(), certificate.getFingerprint()); assertEquals(fingerprint.toString().toLowerCase(), certificate.getFingerprint());
// getIfChanged
assertNull(directory.getByFingerprintIfChanged(certificate.getFingerprint(), certificate.getTag()));
assertNotNull(directory.getByFingerprintIfChanged(certificate.getFingerprint(), "invalidTag"));
// tryInsert // tryInsert
certIn = new ByteArrayInputStream(cert.getEncoded()); certIn = new ByteArrayInputStream(cert.getEncoded());
assertNotNull(directory.tryInsert(certIn, dummyMerge)); assertNotNull(directory.tryInsert(certIn, dummyMerge));
@ -98,7 +88,7 @@ public class SharedPGPCertificateDirectoryTest {
@ParameterizedTest @ParameterizedTest
@MethodSource("provideTestSubjects") @MethodSource("provideTestSubjects")
public void simpleInsertGetBySpecialName(SharedPGPCertificateDirectory directory) public void simpleInsertGetBySpecialName(PGPainlessCertD directory)
throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException, throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException,
BadDataException, InterruptedException, BadNameException { BadDataException, InterruptedException, BadNameException {
PGPSecretKeyRing key = PGPainless.buildKeyRing() PGPSecretKeyRing key = PGPainless.buildKeyRing()
@ -116,10 +106,6 @@ public class SharedPGPCertificateDirectoryTest {
Certificate certificate = directory.insertWithSpecialName("trust-root", certIn, dummyMerge); Certificate certificate = directory.insertWithSpecialName("trust-root", certIn, dummyMerge);
assertEquals(fingerprint.toString().toLowerCase(), certificate.getFingerprint()); assertEquals(fingerprint.toString().toLowerCase(), certificate.getFingerprint());
// getIfChanged
assertNull(directory.getBySpecialNameIfChanged("trust-root", certificate.getTag()));
assertNotNull(directory.getBySpecialNameIfChanged("trust-root", "invalidTag"));
// tryInsert // tryInsert
certIn = new ByteArrayInputStream(trustRoot.getEncoded()); certIn = new ByteArrayInputStream(trustRoot.getEncoded());
assertNotNull(directory.tryInsertWithSpecialName("trust-root", certIn, dummyMerge)); assertNotNull(directory.tryInsertWithSpecialName("trust-root", certIn, dummyMerge));
@ -127,25 +113,7 @@ public class SharedPGPCertificateDirectoryTest {
@ParameterizedTest @ParameterizedTest
@MethodSource("provideTestSubjects") @MethodSource("provideTestSubjects")
public void tryInsertFailsWithLockedStore(SharedPGPCertificateDirectory directory) public void testGetItemsAndFingerprints(PGPainlessCertD directory)
throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException,
BadDataException, InterruptedException {
assumeTrue(directory.getLock() instanceof FileLockingMechanism);
PGPSecretKeyRing key = PGPainless.generateKeyRing().modernKeyRing("Alice");
PGPPublicKeyRing cert = PGPainless.extractCertificate(key);
ByteArrayInputStream certIn = new ByteArrayInputStream(cert.getEncoded());
directory.getLock().lockDirectory();
assertNull(directory.tryInsert(certIn, dummyMerge));
directory.getLock().releaseDirectory();
assertNotNull(directory.tryInsert(certIn, dummyMerge));
}
@ParameterizedTest
@MethodSource("provideTestSubjects")
public void testGetItemsAndFingerprints(SharedPGPCertificateDirectory directory)
throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException, throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException,
BadDataException, InterruptedException, BadNameException { BadDataException, InterruptedException, BadNameException {

View file

@ -12,7 +12,7 @@ allprojects {
logbackVersion = '1.2.11' logbackVersion = '1.2.11'
junitVersion = '5.8.2' junitVersion = '5.8.2'
mockitoVersion = '4.5.1' mockitoVersion = '4.5.1'
pgpainlessVersion = '1.3.5-SNAPSHOT' pgpainlessVersion = '1.3.5'
pgpCertDJavaVersion = '0.1.2-SNAPSHOT' pgpCertDJavaVersion = '0.1.2-SNAPSHOT'
picocliVersion = '4.6.3' picocliVersion = '4.6.3'
} }