commit d18dfb1ca5fdf3e4a6bb9318f75e134a06f70928 Author: Paul Schaub Date: Tue Mar 1 15:53:24 2022 +0100 Initial commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..84123d9 --- /dev/null +++ b/.gitignore @@ -0,0 +1,31 @@ +# SPDX-FileCopyrightText: 2021 Paul Schaub +# +# SPDX-License-Identifier: CC0-1.0 + +.idea +.gradle + +out/ +build/ +bin/ +libs/ + +*.iws +*.iml +*.ipr +*.class +*.log +*.jar + +gradle.properties +!gradle-wrapper.jar + +.classpath +.project +.settings/ + +pgpainless-core/.classpath +pgpainless-core/.project +pgpainless-core/.settings/ + +push_html.sh diff --git a/build.gradle b/build.gradle new file mode 100644 index 0000000..e414e12 --- /dev/null +++ b/build.gradle @@ -0,0 +1,246 @@ +// SPDX-FileCopyrightText: 2021 Paul Schaub +// +// SPDX-License-Identifier: Apache-2.0 + +buildscript { + + repositories { + + maven { + url "https://plugins.gradle.org/m2/" + } + mavenLocal() + mavenCentral() + } + dependencies { + classpath "gradle.plugin.org.kt3k.gradle.plugin:coveralls-gradle-plugin:2.12.0" + } +} + +plugins { + id 'ru.vyarus.animalsniffer' version '1.5.3' +} + +apply from: 'version.gradle' + +allprojects { + apply plugin: 'java' + apply plugin: 'idea' + apply plugin: 'eclipse' + apply plugin: 'jacoco' + apply plugin: 'checkstyle' + + // Only generate jar for submodules + // without this we would generate an empty .jar for the project root + // https://stackoverflow.com/a/25445035 + jar { + onlyIf { !sourceSets.main.allSource.files.isEmpty() } + } + + // checkstyle + checkstyle { + toolVersion = '8.18' + } + + group 'org.pgpainless' + description = "Shared PGP Certificate Directory for Java" + version = shortVersion + + sourceCompatibility = javaSourceCompatibility + + repositories { + mavenCentral() + } + + // Reproducible Builds + tasks.withType(AbstractArchiveTask) { + preserveFileTimestamps = false + reproducibleFileOrder = true + } + + project.ext { + slf4jVersion = '1.7.32' + logbackVersion = '1.2.9' + junitVersion = '5.8.2' + rootConfigDir = new File(rootDir, 'config') + gitCommit = getGitCommit() + isContinuousIntegrationEnvironment = Boolean.parseBoolean(System.getenv('CI')) + isReleaseVersion = !isSnapshot + signingRequired = !(isSnapshot || isContinuousIntegrationEnvironment) + sonatypeCredentialsAvailable = project.hasProperty('sonatypeUsername') && project.hasProperty('sonatypePassword') + sonatypeSnapshotUrl = 'https://oss.sonatype.org/content/repositories/snapshots' + sonatypeStagingUrl = 'https://oss.sonatype.org/service/local/staging/deploy/maven2' + } + + if (isSnapshot) { + version = version + '-SNAPSHOT' + } + def projectDirFile = new File("$projectDir") + if (!project.ext.isSnapshot && !'git describe --exact-match HEAD'.execute(null, projectDirFile).text.trim().equals(ext.shortVersion)) { + throw new InvalidUserDataException('Untagged version detected! Please tag every release.') + } + if (!version.endsWith('-SNAPSHOT') && version != 'git tag --points-at HEAD'.execute(null, projectDirFile).text.trim()) { + throw new InvalidUserDataException( + 'Tag mismatch detected, version is ' + version + ' but should be ' + + 'git tag --points-at HEAD'.execute(null, projectDirFile).text.trim()) + } + + jacoco { + toolVersion = "0.8.7" + } + + jacocoTestReport { + dependsOn test + sourceDirectories.setFrom(project.files(sourceSets.main.allSource.srcDirs)) + classDirectories.setFrom(project.files(sourceSets.main.output)) + reports { + xml.enabled true + } + } + + test { + useJUnitPlatform() + testLogging { + events "passed", "skipped", "failed" + exceptionFormat "full" + } + } +} + +subprojects { + apply plugin: 'maven-publish' + apply plugin: 'signing' + + task sourcesJar(type: Jar, dependsOn: classes) { + classifier = 'sources' + from sourceSets.main.allSource + } + task javadocJar(type: Jar, dependsOn: javadoc) { + classifier = 'javadoc' + from javadoc.destinationDir + } + task testsJar(type: Jar, dependsOn: testClasses) { + classifier = 'tests' + from sourceSets.test.output + } + + publishing { + publications { + mavenJava(MavenPublication) { + from components.java + artifact sourcesJar + artifact javadocJar + artifact testsJar + pom { + name = 'Cert-D-Java' + description = 'Shared PGP Certificate Directory for Java' + url = 'https://github.com/pgpainless/cert-d-java' + inceptionYear = '2022' + + scm { + url = 'https://github.com/pgpainless/cert-d-java' + connection = 'scm:https://github.com/pgpainless/cert-d-java' + developerConnection = 'scm:git://github.com/pgpainless/cert-d-java.git' + } + + licenses { + license { + name = 'The Apache Software License, Version 2.0' + url = 'http://www.apache.org/licenses/LICENSE-2.0.txt' + distribution = 'repo' + } + } + + developers { + developer { + id = 'vanitasvitae' + name = 'Paul Schaub' + email = 'vanitasvitae@fsfe.org' + } + } + } + } + } + repositories { + if (sonatypeCredentialsAvailable) { + maven { + url isSnapshot ? sonatypeSnapshotUrl : sonatypeStagingUrl + credentials { + username = sonatypeUsername + password = sonatypePassword + } + } + } + } + } + + signing { + useGpgCmd() + required { signingRequired } + sign publishing.publications.mavenJava + } +} + +def getGitCommit() { + def projectDirFile = new File("$projectDir") + def dotGit = new File("$projectDir/.git") + if (!dotGit.isDirectory()) return 'non-git build' + + def cmd = 'git describe --always --tags --dirty=+' + def proc = cmd.execute(null, projectDirFile) + def gitCommit = proc.text.trim() + assert !gitCommit.isEmpty() + + def srCmd = 'git symbolic-ref --short HEAD' + def srProc = srCmd.execute(null, projectDirFile) + srProc.waitForOrKill(10 * 1000) + if (srProc.exitValue() == 0) { + // Only add the information if the git command was + // successful. There may be no symbolic reference for HEAD if + // e.g. in detached mode. + def symbolicReference = srProc.text.trim() + assert !symbolicReference.isEmpty() + gitCommit += "-$symbolicReference" + } + + gitCommit +} + +apply plugin: "com.github.kt3k.coveralls" +coveralls { + sourceDirs = files(subprojects.sourceSets.main.allSource.srcDirs).files.absolutePath +} + +task jacocoRootReport(type: JacocoReport) { + dependsOn = subprojects.jacocoTestReport + sourceDirectories.setFrom(files(subprojects.sourceSets.main.allSource.srcDirs)) + classDirectories.setFrom(files(subprojects.sourceSets.main.output)) + executionData.setFrom(files(subprojects.jacocoTestReport.executionData)) + reports { + xml.enabled true + xml.destination file("${buildDir}/reports/jacoco/test/jacocoTestReport.xml") + } + // We could remove the following setOnlyIf line, but then + // jacocoRootReport would silently be SKIPPED if something with + // the projectsWithUnitTests is wrong (e.g. a project is missing + // in there). + setOnlyIf { true } +} + +task javadocAll(type: Javadoc) { + def currentJavaVersion = JavaVersion.current() + if (currentJavaVersion.compareTo(JavaVersion.VERSION_1_9) >= 0) { + options.addStringOption("-release", "8"); + } + source subprojects.collect {project -> + project.sourceSets.main.allJava } + destinationDir = new File(buildDir, 'javadoc') + // Might need a classpath + classpath = files(subprojects.collect {project -> + project.sourceSets.main.compileClasspath}) + options.linkSource = true + options.use = true + options.links = [ + "https://docs.oracle.com/javase/${sourceCompatibility.getMajorVersion()}/docs/api/", + ] as String[] +} diff --git a/pgpainless-cert-d-cli/README.md b/pgpainless-cert-d-cli/README.md new file mode 100644 index 0000000..86735bb --- /dev/null +++ b/pgpainless-cert-d-cli/README.md @@ -0,0 +1,10 @@ + + +# Command Line Interface for pgpainless-cert-d + +This module utilizes [picocli](https://picocli.info) to provide a CLI application for use with the +[Shared PGP Certificate Directory](https://sequoia-pgp.gitlab.io/pgp-cert-d/). diff --git a/pgpainless-cert-d-cli/build.gradle b/pgpainless-cert-d-cli/build.gradle new file mode 100644 index 0000000..1df0ff1 --- /dev/null +++ b/pgpainless-cert-d-cli/build.gradle @@ -0,0 +1,51 @@ +// SPDX-FileCopyrightText: 2021 Paul Schaub +// +// SPDX-License-Identifier: Apache-2.0 + +plugins { + id 'application' +} + +group 'org.pgpainless' + +repositories { + mavenCentral() +} + +dependencies { + testImplementation "org.junit.jupiter:junit-jupiter-api:$junitVersion" + testRuntimeOnly "org.junit.jupiter:junit-jupiter-engine:$junitVersion" + + // Logging + testImplementation "ch.qos.logback:logback-classic:$logbackVersion" + + implementation project(":pgpainless-cert-d") + implementation project(":pgp-cert-d-java-jdbc-sqlite-lookup") + + // picocli for cli + implementation "info.picocli:picocli:4.6.2" +} + +test { + useJUnitPlatform() +} + +mainClassName = 'pgp.cert_d.cli.PGPCertDCli' + +jar { + dependsOn(":pgpainless-cert-d:assemble", ":pgp-certificate-store:assemble", ":pgp-cert-d-java:assemble", ":pgpainless-core:assemble") + manifest { + attributes 'Main-Class': "$mainClassName" + } + + duplicatesStrategy(DuplicatesStrategy.EXCLUDE) + + from { + configurations.runtimeClasspath.collect { it.isDirectory() ? it : zipTree(it) } + } { + exclude "META-INF/*.SF" + exclude "META-INF/*.DSA" + exclude "META-INF/*.RSA" + } +} + diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java new file mode 100644 index 0000000..859dd2f --- /dev/null +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java @@ -0,0 +1,73 @@ +// SPDX-FileCopyrightText: 2022 Paul Schaub +// +// SPDX-License-Identifier: Apache-2.0 + +package pgp.cert_d.cli; + +import org.pgpainless.certificate_store.CertificateReader; +import org.pgpainless.certificate_store.SharedPGPCertificateDirectoryAdapter; +import pgp.cert_d.BaseDirectoryProvider; +import pgp.cert_d.SharedPGPCertificateDirectoryImpl; +import pgp.cert_d.cli.commands.Get; +import pgp.cert_d.cli.commands.Import; +import pgp.cert_d.cli.commands.MultiImport; +import pgp.cert_d.jdbc.sqlite.DatabaseSubkeyLookup; +import pgp.cert_d.jdbc.sqlite.SqliteSubkeyLookupDaoImpl; +import pgp.certificate_store.SubkeyLookup; +import pgp.certificate_store.exception.NotAStoreException; +import pgp.certificate_store.CertificateDirectory; +import picocli.CommandLine; + +import java.io.File; +import java.sql.SQLException; + +@CommandLine.Command( + subcommands = { + Import.class, + MultiImport.class, + Get.class, + } +) +public class PGPCertDCli { + + @CommandLine.Option(names = "--base-directory", paramLabel = "DIRECTORY", description = "Overwrite the default certificate directory") + File baseDirectory; + + private static CertificateDirectory certificateDirectory; + + private int executionStrategy(CommandLine.ParseResult parseResult) { + try { + initStore(); + } catch (NotAStoreException | SQLException e) { + return -1; + } + return new CommandLine.RunLast().execute(parseResult); + } + + private void initStore() throws NotAStoreException, SQLException { + SharedPGPCertificateDirectoryImpl certificateDirectory; + SubkeyLookup subkeyLookup; + if (baseDirectory == null) { + baseDirectory = BaseDirectoryProvider.getDefaultBaseDir(); + } + + certificateDirectory = new SharedPGPCertificateDirectoryImpl( + baseDirectory, + new CertificateReader()); + subkeyLookup = new DatabaseSubkeyLookup( + SqliteSubkeyLookupDaoImpl.forDatabaseFile(new File(baseDirectory, "_pgpainless_subkey_map.db"))); + + PGPCertDCli.certificateDirectory = new SharedPGPCertificateDirectoryAdapter(certificateDirectory, subkeyLookup); + } + + public static void main(String[] args) { + PGPCertDCli cli = new PGPCertDCli(); + new CommandLine(cli) + .setExecutionStrategy(parserResult -> cli.executionStrategy(parserResult)) + .execute(args); + } + + public static CertificateDirectory getCertificateDirectory() { + return certificateDirectory; + } +} diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java new file mode 100644 index 0000000..bbcbe0d --- /dev/null +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java @@ -0,0 +1,51 @@ +// SPDX-FileCopyrightText: 2022 Paul Schaub +// +// SPDX-License-Identifier: Apache-2.0 + +package pgp.cert_d.cli.commands; + +import java.io.IOException; + +import org.bouncycastle.util.io.Streams; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import pgp.cert_d.cli.PGPCertDCli; +import pgp.certificate_store.Certificate; +import pgp.certificate_store.exception.BadDataException; +import pgp.certificate_store.exception.BadNameException; +import picocli.CommandLine; + +@CommandLine.Command(name = "get", + description = "Retrieve certificates from the store") +public class Get implements Runnable { + + private static final Logger LOGGER = LoggerFactory.getLogger(Get.class); + + @CommandLine.Parameters( + paramLabel = "IDENTIFIER", + arity = "1", + description = "Certificate identifier (fingerprint or special name)" + ) + String identifer; + + @Override + public void run() { + try { + Certificate certificate = PGPCertDCli.getCertificateDirectory() + .getCertificate(identifer); + if (certificate == null) { + return; + } + Streams.pipeAll(certificate.getInputStream(), System.out); + } catch (IOException e) { + LOGGER.error("IO Error", e); + System.exit(-1); + } catch (BadDataException e) { + LOGGER.error("Certificate file contains bad data.", e); + System.exit(-1); + } catch (BadNameException e) { + LOGGER.error("Certificate fingerprint mismatch.", e); + System.exit(-1); + } + } +} diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java new file mode 100644 index 0000000..de2cbcd --- /dev/null +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java @@ -0,0 +1,49 @@ +// SPDX-FileCopyrightText: 2022 Paul Schaub +// +// SPDX-License-Identifier: Apache-2.0 + +package pgp.cert_d.cli.commands; + +import java.io.IOException; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import pgp.cert_d.cli.PGPCertDCli; +import pgp.certificate_store.Certificate; +import pgp.certificate_store.MergeCallback; +import pgp.certificate_store.exception.BadDataException; +import picocli.CommandLine; + +@CommandLine.Command(name = "import", + description = "Import or update a certificate") +public class Import implements Runnable { + + private static final Logger LOGGER = LoggerFactory.getLogger(Import.class); + + // TODO: Replace with proper merge callback + private final MergeCallback dummyMerge = new MergeCallback() { + @Override + public Certificate merge(Certificate data, Certificate existing) throws IOException { + return data; + } + }; + + @Override + public void run() { + try { + Certificate certificate = PGPCertDCli.getCertificateDirectory().insertCertificate(System.in, dummyMerge); + // CHECKSTYLE:OFF + System.out.println(certificate.getFingerprint()); + // CHECKSTYLE:ON + } catch (IOException e) { + LOGGER.error("IO-Error.", e); + System.exit(-1); + } catch (InterruptedException e) { + LOGGER.error("Thread interrupted.", e); + System.exit(-1); + } catch (BadDataException e) { + LOGGER.error("Certificate contains bad data.", e); + System.exit(-1); + } + } +} diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/MultiImport.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/MultiImport.java new file mode 100644 index 0000000..112403d --- /dev/null +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/MultiImport.java @@ -0,0 +1,62 @@ +// SPDX-FileCopyrightText: 2022 Paul Schaub +// +// SPDX-License-Identifier: Apache-2.0 + +package pgp.cert_d.cli.commands; + +import org.bouncycastle.openpgp.PGPException; +import org.bouncycastle.openpgp.PGPPublicKeyRing; +import org.bouncycastle.openpgp.PGPPublicKeyRingCollection; +import org.pgpainless.PGPainless; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import pgp.cert_d.cli.PGPCertDCli; +import pgp.certificate_store.Certificate; +import pgp.certificate_store.MergeCallback; +import pgp.certificate_store.exception.BadDataException; +import picocli.CommandLine; + +import java.io.ByteArrayInputStream; +import java.io.IOException; + +@CommandLine.Command(name = "multi-import", + description = "Import or update multiple certificates") +public class MultiImport implements Runnable { + + private static final Logger LOGGER = LoggerFactory.getLogger(MultiImport.class); + + // TODO: Replace with proper merge callback + private final MergeCallback dummyMerge = new MergeCallback() { + @Override + public Certificate merge(Certificate data, Certificate existing) throws IOException { + return data; + } + }; + + @Override + public void run() { + try { + PGPPublicKeyRingCollection certificates = PGPainless.readKeyRing().publicKeyRingCollection(System.in); + for (PGPPublicKeyRing cert : certificates) { + ByteArrayInputStream certIn = new ByteArrayInputStream(cert.getEncoded()); + Certificate certificate = PGPCertDCli.getCertificateDirectory() + .insertCertificate(certIn, dummyMerge); + // CHECKSTYLE:OFF + System.out.println(certificate.getFingerprint()); + // CHECKSTYLE:ON + } + } catch (IOException e) { + LOGGER.error("IO-Error.", e); + System.exit(-1); + } catch (InterruptedException e) { + LOGGER.error("Thread interrupted.", e); + System.exit(-1); + } catch (BadDataException e) { + LOGGER.error("Certificate contains bad data.", e); + System.exit(-1); + } catch (PGPException e) { + LOGGER.error("PGP Exception.", e); + System.exit(-1); + } + } +} diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/package-info.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/package-info.java new file mode 100644 index 0000000..1a76e60 --- /dev/null +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/package-info.java @@ -0,0 +1,8 @@ +// SPDX-FileCopyrightText: 2018 Paul Schaub +// +// SPDX-License-Identifier: Apache-2.0 + +/** + * Subcommands. + */ +package pgp.cert_d.cli.commands; diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/package-info.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/package-info.java new file mode 100644 index 0000000..c66aad5 --- /dev/null +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/package-info.java @@ -0,0 +1,8 @@ +// SPDX-FileCopyrightText: 2018 Paul Schaub +// +// SPDX-License-Identifier: Apache-2.0 + +/** + * Command Line Interface for the Shared PGP Certificate Directory. + */ +package pgp.cert_d.cli; diff --git a/pgpainless-cert-d-cli/src/test/java/pgp/cert_d/cli/DummyTest.java b/pgpainless-cert-d-cli/src/test/java/pgp/cert_d/cli/DummyTest.java new file mode 100644 index 0000000..0d3c58d --- /dev/null +++ b/pgpainless-cert-d-cli/src/test/java/pgp/cert_d/cli/DummyTest.java @@ -0,0 +1,17 @@ +// SPDX-FileCopyrightText: 2022 Paul Schaub +// +// SPDX-License-Identifier: Apache-2.0 + +package pgp.cert_d.cli; + +import org.junit.jupiter.api.Test; + +import static org.junit.jupiter.api.Assertions.assertTrue; + +public class DummyTest { + + @Test + public void test() { + assertTrue(true); + } +} diff --git a/pgpainless-cert-d/README.md b/pgpainless-cert-d/README.md new file mode 100644 index 0000000..c0ceb09 --- /dev/null +++ b/pgpainless-cert-d/README.md @@ -0,0 +1,9 @@ + + +# Shared PGP Certificate Directory + PGPainless + +This module makes use of `pgpainless-core` to provide backend implementations of classes required by `pgp-cert-d-java`. \ No newline at end of file diff --git a/pgpainless-cert-d/build.gradle b/pgpainless-cert-d/build.gradle new file mode 100644 index 0000000..49030c2 --- /dev/null +++ b/pgpainless-cert-d/build.gradle @@ -0,0 +1,31 @@ +// SPDX-FileCopyrightText: 2021 Paul Schaub +// +// SPDX-License-Identifier: Apache-2.0 + +plugins { + id 'java-library' +} + +group 'org.pgpainless' + +repositories { + mavenCentral() +} + +dependencies { + testImplementation "org.junit.jupiter:junit-jupiter-api:$junitVersion" + testImplementation "org.junit.jupiter:junit-jupiter-params:$junitVersion" + testRuntimeOnly "org.junit.jupiter:junit-jupiter-engine:$junitVersion" + + testImplementation "org.mockito:mockito-core:$mockitoVersion" + + // Logging + testImplementation "ch.qos.logback:logback-classic:$logbackVersion" + + api project(":pgpainless-core") + api project(":pgp-cert-d-java") +} + +test { + useJUnitPlatform() +} diff --git a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/CertificateFactory.java b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/CertificateFactory.java new file mode 100644 index 0000000..e4b40c1 --- /dev/null +++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/CertificateFactory.java @@ -0,0 +1,59 @@ +// SPDX-FileCopyrightText: 2022 Paul Schaub +// +// SPDX-License-Identifier: Apache-2.0 + +package org.pgpainless.certificate_store; + +import org.bouncycastle.openpgp.PGPPublicKey; +import org.bouncycastle.openpgp.PGPPublicKeyRing; +import org.bouncycastle.util.encoders.Base64; +import org.pgpainless.key.OpenPgpFingerprint; +import pgp.certificate_store.Certificate; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.util.HashSet; +import java.util.Iterator; +import java.util.Set; + +public class CertificateFactory { + + public static Certificate certificateFromPublicKeyRing(PGPPublicKeyRing publicKeyRing) { + return new Certificate() { + @Override + public String getFingerprint() { + return OpenPgpFingerprint.of(publicKeyRing).toString().toLowerCase(); + } + + @Override + public InputStream getInputStream() throws IOException { + return new ByteArrayInputStream(publicKeyRing.getEncoded()); + } + + @Override + public String getTag() throws IOException { + MessageDigest digest; + try { + digest = MessageDigest.getInstance("SHA-256"); + } catch (NoSuchAlgorithmException e) { + throw new AssertionError("No MessageDigest for SHA-256 instantiated, although BC is on the classpath: " + e.getMessage()); + } + digest.update(publicKeyRing.getEncoded()); + return Base64.toBase64String(digest.digest()); + } + + @Override + public Set getSubkeyIds() throws IOException { + Set keyIds = new HashSet<>(); + Iterator keys = publicKeyRing.getPublicKeys(); + while (keys.hasNext()) { + keyIds.add(keys.next().getKeyID()); + } + return keyIds; + } + }; + } +} diff --git a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/CertificateReader.java b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/CertificateReader.java new file mode 100644 index 0000000..5e3068a --- /dev/null +++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/CertificateReader.java @@ -0,0 +1,22 @@ +// SPDX-FileCopyrightText: 2022 Paul Schaub +// +// SPDX-License-Identifier: Apache-2.0 + +package org.pgpainless.certificate_store; + +import java.io.IOException; +import java.io.InputStream; + +import org.bouncycastle.openpgp.PGPPublicKeyRing; +import org.pgpainless.PGPainless; +import pgp.certificate_store.Certificate; +import pgp.certificate_store.CertificateReaderBackend; + +public class CertificateReader implements CertificateReaderBackend { + + @Override + public Certificate readCertificate(InputStream inputStream) throws IOException { + final PGPPublicKeyRing certificate = PGPainless.readKeyRing().publicKeyRing(inputStream); + return CertificateFactory.certificateFromPublicKeyRing(certificate); + } +} diff --git a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/SharedPGPCertificateDirectoryAdapter.java b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/SharedPGPCertificateDirectoryAdapter.java new file mode 100644 index 0000000..e7b2d81 --- /dev/null +++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/SharedPGPCertificateDirectoryAdapter.java @@ -0,0 +1,123 @@ +// SPDX-FileCopyrightText: 2022 Paul Schaub +// +// SPDX-License-Identifier: Apache-2.0 + +package org.pgpainless.certificate_store; + +import java.io.IOException; +import java.io.InputStream; +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; +import java.util.Set; + +import pgp.cert_d.SharedPGPCertificateDirectory; +import pgp.cert_d.SpecialNames; +import pgp.certificate_store.Certificate; +import pgp.certificate_store.CertificateDirectory; +import pgp.certificate_store.CertificateStore; +import pgp.certificate_store.MergeCallback; +import pgp.certificate_store.SubkeyLookup; +import pgp.certificate_store.exception.BadDataException; +import pgp.certificate_store.exception.BadNameException; + +/** + * Adapter class used to adapt the {@link SharedPGPCertificateDirectory} for use with + * {@link CertificateDirectory}. + */ +public class SharedPGPCertificateDirectoryAdapter + implements CertificateStore { + + private final SharedPGPCertificateDirectory directory; + private final SubkeyLookup subkeyLookup; + + /** + * Create an adapter to use {@link SharedPGPCertificateDirectory} objects as {@link CertificateDirectory CertificateStores}. + * + * @param directory directory instance + */ + public SharedPGPCertificateDirectoryAdapter(SharedPGPCertificateDirectory directory, SubkeyLookup subkeyLookup) { + this.directory = directory; + this.subkeyLookup = subkeyLookup; + } + + @Override + public Certificate getCertificate(String identifier) + throws IOException, BadDataException, BadNameException { + String specialName = SpecialNames.lookupSpecialName(identifier); + if (specialName != null) { + return directory.getBySpecialName(specialName); + } + + return directory.getByFingerprint(identifier); + + } + + @Override + public Certificate getCertificateIfChanged(String identifier, String tag) + throws IOException, BadDataException, BadNameException { + String specialName = SpecialNames.lookupSpecialName(identifier); + if (specialName != null) { + return directory.getBySpecialNameIfChanged(specialName, tag); + } + + return directory.getByFingerprintIfChanged(identifier, tag); + + } + + @Override + public Certificate insertCertificate(InputStream data, MergeCallback merge) + throws IOException, InterruptedException, BadDataException { + Certificate certificate = directory.insert(data, merge); + storeIdentifierForSubkeys(certificate); + return certificate; + } + + @Override + public Certificate tryInsertCertificate(InputStream data, MergeCallback merge) + throws IOException, BadDataException { + Certificate certificate = directory.tryInsert(data, merge); + storeIdentifierForSubkeys(certificate); + return certificate; + } + + @Override + public Certificate insertCertificateBySpecialName(String specialName, InputStream data, MergeCallback merge) + throws IOException, InterruptedException, BadDataException, BadNameException { + return directory.insertWithSpecialName(specialName, data, merge); + } + + @Override + public Certificate tryInsertCertificateBySpecialName(String specialName, InputStream data, MergeCallback merge) + throws IOException, BadDataException, BadNameException { + return directory.tryInsertWithSpecialName(specialName, data, merge); + } + + @Override + public Iterator getCertificates() { + return directory.items(); + } + + @Override + public Iterator getFingerprints() { + return directory.fingerprints(); + } + + private void storeIdentifierForSubkeys(Certificate certificate) throws IOException { + if (certificate == null) { + return; + } + String fingerprint = certificate.getFingerprint(); + storeCertificateSubkeyIds(fingerprint, new ArrayList<>(certificate.getSubkeyIds())); + } + + @Override + public Set getCertificateFingerprintsForSubkeyId(long subkeyId) throws IOException { + return subkeyLookup.getCertificateFingerprintsForSubkeyId(subkeyId); + } + + @Override + public void storeCertificateSubkeyIds(String certificate, List subkeyIds) throws IOException { + subkeyLookup.storeCertificateSubkeyIds(certificate, subkeyIds); + } +} diff --git a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/package-info.java b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/package-info.java new file mode 100644 index 0000000..96d0094 --- /dev/null +++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/package-info.java @@ -0,0 +1,8 @@ +// SPDX-FileCopyrightText: 2018 Paul Schaub +// +// SPDX-License-Identifier: Apache-2.0 + +/** + * PGPainless + Certificate Store. + */ +package org.pgpainless.certificate_store; diff --git a/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryAdapterTest.java b/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryAdapterTest.java new file mode 100644 index 0000000..b82f151 --- /dev/null +++ b/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryAdapterTest.java @@ -0,0 +1,230 @@ +// SPDX-FileCopyrightText: 2022 Paul Schaub +// +// SPDX-License-Identifier: Apache-2.0 + +package org.pgpainless.cert_d; + +import static org.junit.jupiter.api.Assertions.assertArrayEquals; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertThrows; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.File; +import java.io.IOException; +import java.nio.file.Files; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashSet; +import java.util.Iterator; +import java.util.Set; + +import org.bouncycastle.util.encoders.Hex; +import org.bouncycastle.util.io.Streams; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.pgpainless.certificate_store.CertificateReader; +import org.pgpainless.certificate_store.SharedPGPCertificateDirectoryAdapter; +import pgp.cert_d.InMemorySubkeyLookup; +import pgp.cert_d.SharedPGPCertificateDirectoryImpl; +import pgp.certificate_store.CertificateStore; +import pgp.certificate_store.exception.BadDataException; +import pgp.certificate_store.exception.BadNameException; +import pgp.certificate_store.exception.NotAStoreException; +import pgp.certificate_store.Certificate; + +public class SharedPGPCertificateDirectoryAdapterTest { + + private static final String testCertificate = "98330462069cc616092b06010401da470f010107400db5906b09f701ab1f7f96087eedab6ba44c02fcbd2470137cfeacac5a2d032db405416c696365888f0413160a0041050262069cc609906f054e826378552516a104505b134a7e62f0f154ec3d036f054e8263785525029e01029b01059602030100048b09080705950a09080b0299010000a12600fd117925c0f2192ef5b2a44e3d3038e2a7ce5ba0343fc2dfb661a3a46d1276fb380100bf2872e7e36b63f61ae3556464c4a04344e7d36e0d7313e623effb0290ce0b0fb8380462069cc6120a2b06010401975501050101074034ffd523242385fe92034a5e326a82f4edff614516cc1028ca91fb653557f25b0301080788750418160a001d050262069cc6029e01029b0c059602030100048b09080705950a09080b000a09106f054e8263785525391400ff4eb85df8ddfc15e94c9cf28bc0aa9d0426b571ca64c5421be5889d5410d8632f00fd1ac5e9aed683e711282489d8980222d2ceff15c5ce0499fcb36716d850749406b8330462069cc616092b06010401da470f0101074058f296fb7ce456039856144db677f14018963a8bfd281c84aaeebe7e14df8f1c88d50418160a007d050262069cc6029e01029b02059602030100048b09080705950a09080b5f200419160a0006050262069cc6000a09108119c86e0a4c6dc73a7600ff5e25427da84d824cc3f8890bc6bd037f423f610006e1249b1aad3d7f70ac47a100fc08e67a6a945c1feec301df9dc27e7ea4e61d107d0720e814eea1dc4f1da20a08000a09106f054e8263785525359700ff4ce78cf267c261468322de906118d4f003ceefa72fa3b86119e26f99be3727fc00fe3895207c4aac814549f0189d2f494f5b1fcee7f6da344e63a0c32743b216b406"; + private static final String testCertFingerprint = "505b134a7e62f0f154ec3d036f054e8263785525"; + private static final long testCertificateSubkey1 = 7999886635015099685L; + private static final long testCertificateSubkey2 = -5375724347241457298L; + private static final long testCertificateSubkey3 = -9144057193454342713L; + + private SharedPGPCertificateDirectoryAdapter adapter; + private CertificateStore store; + + @BeforeEach + public void setupInstance() throws IOException, NotAStoreException { + adapter = new SharedPGPCertificateDirectoryAdapter( + new SharedPGPCertificateDirectoryImpl(tempDir(), new CertificateReader()), + new InMemorySubkeyLookup()); + store = adapter; + } + + private static File tempDir() throws IOException { + File tempDir = Files.createTempDirectory("pgp.cert.d-").toFile(); + tempDir.deleteOnExit(); + return tempDir; + } + + @Test + public void getNonExistentCertIsNull() throws IOException, BadDataException, BadNameException { + assertNull(store.getCertificate("eb85bb5fa33a75e15e944e63f231550c4f47e38e")); + } + + @Test + public void getInvalidIdentifierThrows() { + assertThrows(BadNameException.class, () -> store.getCertificate("invalid")); + } + + @Test + public void insertAndGet() throws IOException, InterruptedException, BadDataException, BadNameException { + byte[] bytes = Hex.decode(testCertificate); + ByteArrayInputStream byteIn = new ByteArrayInputStream(bytes); + String fingerprint = testCertFingerprint; + + Certificate certificate = store.insertCertificate(byteIn, (data, existing) -> data); + + assertEquals(fingerprint, certificate.getFingerprint()); + Set expectedSubkeys = new HashSet<>(Arrays.asList(testCertificateSubkey1, testCertificateSubkey2, testCertificateSubkey3)); + Set subkeys = certificate.getSubkeyIds(); + assertEquals(expectedSubkeys, subkeys); + for (long subkey : subkeys) { + assertEquals(Collections.singleton(fingerprint), store.getCertificateFingerprintsForSubkeyId(subkey)); + } + + Certificate retrieved = store.getCertificate(fingerprint); + assertNotNull(retrieved); + ByteArrayOutputStream retrievedOut = new ByteArrayOutputStream(); + Streams.pipeAll(retrieved.getInputStream(), retrievedOut); + + assertArrayEquals(bytes, retrievedOut.toByteArray()); + } + + + @Test + public void tryInsertAndGet() throws IOException, BadDataException, BadNameException { + byte[] bytes = Hex.decode(testCertificate); + ByteArrayInputStream byteIn = new ByteArrayInputStream(bytes); + String fingerprint = testCertFingerprint; + + Certificate certificate = store.tryInsertCertificate(byteIn, (data, existing) -> data); + + assertEquals(fingerprint, certificate.getFingerprint()); + Set subkeys = certificate.getSubkeyIds(); + assertEquals(3, subkeys.size()); + for (long subkey : subkeys) { + assertEquals(Collections.singleton(fingerprint), store.getCertificateFingerprintsForSubkeyId(subkey)); + } + + Certificate retrieved = store.getCertificate(fingerprint); + assertNotNull(retrieved); + ByteArrayOutputStream retrievedOut = new ByteArrayOutputStream(); + Streams.pipeAll(retrieved.getInputStream(), retrievedOut); + + assertArrayEquals(bytes, retrievedOut.toByteArray()); + } + + + @Test + public void insertAndGetIfChanged() throws IOException, InterruptedException, BadDataException, BadNameException { + byte[] bytes = Hex.decode(testCertificate); + ByteArrayInputStream byteIn = new ByteArrayInputStream(bytes); + String fingerprint = testCertFingerprint; + + Certificate certificate = store.insertCertificate(byteIn, (data, existing) -> data); + String tag = certificate.getTag(); + + assertNull(store.getCertificateIfChanged(fingerprint, tag)); + assertNotNull(store.getCertificateIfChanged(fingerprint, "invalid")); + } + + @Test + public void insertBySpecialNameAndGet() throws IOException, InterruptedException, BadDataException, BadNameException { + byte[] bytes = Hex.decode(testCertificate); + ByteArrayInputStream byteIn = new ByteArrayInputStream(bytes); + String fingerprint = testCertFingerprint; + String identifier = "trust-root"; + + Certificate certificate = store.insertCertificateBySpecialName(identifier, byteIn, (data, existing) -> data); + + assertEquals(fingerprint, certificate.getFingerprint()); + + Certificate retrieved = store.getCertificate(identifier); + assertNotNull(retrieved); + ByteArrayOutputStream retrievedOut = new ByteArrayOutputStream(); + Streams.pipeAll(retrieved.getInputStream(), retrievedOut); + + assertArrayEquals(bytes, retrievedOut.toByteArray()); + } + + @Test + public void tryInsertBySpecialNameAndGet() throws IOException, BadDataException, BadNameException { + byte[] bytes = Hex.decode(testCertificate); + ByteArrayInputStream byteIn = new ByteArrayInputStream(bytes); + String fingerprint = testCertFingerprint; + String identifier = "trust-root"; + + Certificate certificate = store.tryInsertCertificateBySpecialName(identifier, byteIn, (data, existing) -> data); + + assertEquals(fingerprint, certificate.getFingerprint()); + + Certificate retrieved = store.getCertificate(identifier); + assertNotNull(retrieved); + ByteArrayOutputStream retrievedOut = new ByteArrayOutputStream(); + Streams.pipeAll(retrieved.getInputStream(), retrievedOut); + + assertArrayEquals(bytes, retrievedOut.toByteArray()); + } + + @Test + public void insertBySpecialNameAndGetIfChanged() throws IOException, InterruptedException, BadDataException, BadNameException { + byte[] bytes = Hex.decode(testCertificate); + ByteArrayInputStream byteIn = new ByteArrayInputStream(bytes); + String fingerprint = testCertFingerprint; + String identifier = "trust-root"; + + Certificate certificate = store.insertCertificateBySpecialName(identifier, byteIn, (data, existing) -> data); + String tag = certificate.getTag(); + + certificate = store.getCertificateIfChanged(identifier, tag); + assertNull(certificate); + certificate = store.getCertificateIfChanged(identifier, "invalid"); + assertNotNull(certificate); + assertEquals(fingerprint, certificate.getFingerprint()); + } + + @Test + public void getItemsAndFingerprints() throws IOException, InterruptedException, BadDataException, BadNameException { + byte[] bytes1 = Hex.decode(testCertificate); + ByteArrayInputStream byteIn1 = new ByteArrayInputStream(bytes1); + Certificate firstCert = store.insertCertificate(byteIn1, (data, existing) -> data); + + byte[] bytes2 = Hex.decode("9833046206a37516092b06010401da470f010107409f55baab1599044096ba901d69854cf5307b84b0542871b15db3dd4c62664f37b403426f62888f0413160a004105026206a3750990ba01b5a9eea7e76716a104f1d47fb85ad74549a37974f3ba01b5a9eea7e767029e01029b01059602030100048b09080705950a09080b0299010000e6170100e08374a6fd32d0b4be2d3f7c75d3f6c13cb47b1b73589aa452a1b2a16b888b5000fe274e6565ab9faa34338cf4d805663f8775fdee4ec6a0fdf1ec2cf84b72907f05b838046206a375120a2b0601040197550105010107405641e74d2dda92003ce200422c3ab6f3562fc49a8ecc67ea02593988442b23780301080788750418160a001d05026206a375029e01029b0c059602030100048b09080705950a09080b000a0910ba01b5a9eea7e76732850100910a6049779773f455226cd91645884842b91017796287a634104ab5364a0c0d00fe20b5febb17de271394f31128f709c307c0bbca4f9502570744bd54e6dc9c2209b833046206a37516092b06010401da470f0101074059f008928cb69b48bed07a639f03f43a48808aade67109cd658f54bddefa5ec288d50418160a007d05026206a375029e01029b02059602030100048b09080705950a09080b5f200419160a000605026206a375000a0910dcdb34f4068368c0dffb010095fb1f6daac239bf3221d9d2ecc81b6cb258c2b058a300a7e103f7f36a58bf1900fe273a9eaaa03b613236df22bebcbbd69d7c02caf1b7af4fa29320c8d96d32310f000a0910ba01b5a9eea7e7671de20100a5044d24a9d860f9af7e8b9a095d4eac8820fad8b045e70be1ae5607fa4d6b4f010097b53d1527f3b3e3d3b78367c8269c999ee37575a51ffc582f73d2cba4df080f"); + ByteArrayInputStream byteIn2 = new ByteArrayInputStream(bytes2); + Certificate secondCert = store.insertCertificate(byteIn2, ((data, existing) -> data)); + + String trustRootHex = "9833046206a57e16092b06010401da470f010107401ad7351d9766843bf11a8414f68790df0649fad8b01c244323f47e4ebc87fc35b40a74727573742d726f6f74888f0413160a004105026206a57f09907c619691ddee5fc216a10489e1e05cb458758d0729eb0c7c619691ddee5fc2029e01029b01059602030100048b09080705950a09080b029901000080c100ff45d97dda133895e337416266f1ff2c38ff3947ecfbfe21328d51bc877ccba367010096698a5fbac9444b7b28b96389c66ca405821f04871f1bbbf5b5bf8b800f9104b838046206a57f120a2b06010401975501050101074074ff41705c50e8f27b18df40a53aded6cacd2ce4f88b471c7130036010ca60240301080788750418160a001d05026206a57f029e01029b0c059602030100048b09080705950a09080b000a09107c619691ddee5fc27b3c0100fba12230adf80a6a7a376b9568481ab4ae86628274db67412074cb4a846011a200ff437e4047bbafec42b41594b296f8be93fc03482b2d35ac92e87ce632b86bc900b833046206a57f16092b06010401da470f01010740ce99f97d1f0b5aa2f4e6f2a7a2aa231da8c2a2f489a593b747983a750f3928ae88d50418160a007d05026206a57f029e01029b02059602030100048b09080705950a09080b5f200419160a000605026206a57f000a0910b905cb706dec67e3f6050100a7ae51ea07f3d0d493fd1fdfbcbbe112c19de8dbbd29e03ba5e755345444402300fe2663252eeca21772012c5dc4eb9efa4e01566dffbb44e7d1536181eb3f8b420e000a09107c619691ddee5fc2a4190100fdbedf9defd5d30bad77937a5589441ef336028613a6fcfc4a959bee51de134e00fd128628567b66fa03ef099d6936324f7593e2060608b433828d336dda552e2c04"; + byte[] trustRootBytes = Hex.decode(trustRootHex); + ByteArrayInputStream trustRootIn = new ByteArrayInputStream(trustRootBytes); + Certificate trustRoot = store.insertCertificateBySpecialName("trust-root", trustRootIn, (data, existing) -> data); + + Set expectedFingerprints = new HashSet<>(); + expectedFingerprints.add(firstCert.getFingerprint()); + expectedFingerprints.add(secondCert.getFingerprint()); + + Iterator certificateIterator = store.getCertificates(); + Set actualFingerprints = new HashSet<>(); + Certificate c = certificateIterator.next(); + actualFingerprints.add(c.getFingerprint()); + c = certificateIterator.next(); + actualFingerprints.add(c.getFingerprint()); + assertFalse(certificateIterator.hasNext()); + + assertEquals(expectedFingerprints, actualFingerprints); + assertFalse(actualFingerprints.contains(trustRoot.getFingerprint())); + + Iterator fingerprintIterator = store.getFingerprints(); + actualFingerprints = new HashSet<>(); + actualFingerprints.add(fingerprintIterator.next()); + actualFingerprints.add(fingerprintIterator.next()); + assertFalse(fingerprintIterator.hasNext()); + + assertEquals(expectedFingerprints, actualFingerprints); + assertFalse(actualFingerprints.contains(trustRoot.getFingerprint())); + } +} diff --git a/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryTest.java b/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryTest.java new file mode 100644 index 0000000..7826746 --- /dev/null +++ b/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryTest.java @@ -0,0 +1,194 @@ +// SPDX-FileCopyrightText: 2022 Paul Schaub +// +// SPDX-License-Identifier: Apache-2.0 + +package org.pgpainless.cert_d; + +import static org.junit.jupiter.api.Assertions.assertArrayEquals; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assumptions.assumeTrue; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.File; +import java.io.IOException; +import java.nio.file.Files; +import java.security.InvalidAlgorithmParameterException; +import java.security.NoSuchAlgorithmException; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Iterator; +import java.util.Map; +import java.util.Set; +import java.util.stream.Stream; + +import org.bouncycastle.openpgp.PGPException; +import org.bouncycastle.openpgp.PGPPublicKeyRing; +import org.bouncycastle.openpgp.PGPSecretKeyRing; +import org.bouncycastle.util.io.Streams; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.MethodSource; +import org.pgpainless.PGPainless; +import org.pgpainless.algorithm.KeyFlag; +import org.pgpainless.certificate_store.CertificateReader; +import org.pgpainless.key.OpenPgpFingerprint; +import org.pgpainless.key.generation.KeySpec; +import org.pgpainless.key.generation.type.KeyType; +import org.pgpainless.key.generation.type.eddsa.EdDSACurve; +import pgp.cert_d.CachingSharedPGPCertificateDirectoryWrapper; +import pgp.cert_d.FileLockingMechanism; +import pgp.cert_d.SharedPGPCertificateDirectory; +import pgp.cert_d.SharedPGPCertificateDirectoryImpl; +import pgp.certificate_store.exception.BadDataException; +import pgp.certificate_store.exception.BadNameException; +import pgp.certificate_store.exception.NotAStoreException; +import pgp.certificate_store.Certificate; +import pgp.certificate_store.MergeCallback; + +public class SharedPGPCertificateDirectoryTest { + + private static MergeCallback dummyMerge = new MergeCallback() { + @Override + public Certificate merge(Certificate data, Certificate existing) { + return data; + } + }; + + private static Stream provideTestSubjects() throws IOException, NotAStoreException { + return Stream.of( + new SharedPGPCertificateDirectoryImpl(tempDir(), new CertificateReader()), + new CachingSharedPGPCertificateDirectoryWrapper( + new SharedPGPCertificateDirectoryImpl(tempDir(), new CertificateReader())) + ); + } + + private static File tempDir() throws IOException { + File tempDir = Files.createTempDirectory("pgp.cert.d-").toFile(); + tempDir.deleteOnExit(); + return tempDir; + } + + @ParameterizedTest + @MethodSource("provideTestSubjects") + public void simpleInsertGet(SharedPGPCertificateDirectory directory) + throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException, + BadDataException, InterruptedException, BadNameException { + PGPSecretKeyRing key = PGPainless.generateKeyRing().modernKeyRing("Alice", null); + PGPPublicKeyRing cert = PGPainless.extractCertificate(key); + OpenPgpFingerprint fingerprint = OpenPgpFingerprint.of(cert); + ByteArrayInputStream certIn = new ByteArrayInputStream(cert.getEncoded()); + + // standard case: get() is null + assertNull(directory.getByFingerprint(fingerprint.toString().toLowerCase())); + + // insert and check returned certs fingerprint + Certificate certificate = directory.insert(certIn, dummyMerge); + assertEquals(fingerprint.toString().toLowerCase(), certificate.getFingerprint()); + + // getIfChanged + assertNull(directory.getByFingerprintIfChanged(certificate.getFingerprint(), certificate.getTag())); + assertNotNull(directory.getByFingerprintIfChanged(certificate.getFingerprint(), "invalidTag")); + + // tryInsert + certIn = new ByteArrayInputStream(cert.getEncoded()); + assertNotNull(directory.tryInsert(certIn, dummyMerge)); + } + + @ParameterizedTest + @MethodSource("provideTestSubjects") + public void simpleInsertGetBySpecialName(SharedPGPCertificateDirectory directory) + throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException, + BadDataException, InterruptedException, BadNameException { + PGPSecretKeyRing key = PGPainless.buildKeyRing() + .addUserId("trust-root") + .setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.CERTIFY_OTHER)) + .build(); + PGPPublicKeyRing trustRoot = PGPainless.extractCertificate(key); + OpenPgpFingerprint fingerprint = OpenPgpFingerprint.of(trustRoot); + ByteArrayInputStream certIn = new ByteArrayInputStream(trustRoot.getEncoded()); + + // standard case: get() is null + assertNull(directory.getBySpecialName("trust-root")); + + // insert and check returned certs fingerprint + Certificate certificate = directory.insertWithSpecialName("trust-root", certIn, dummyMerge); + assertEquals(fingerprint.toString().toLowerCase(), certificate.getFingerprint()); + + // getIfChanged + assertNull(directory.getBySpecialNameIfChanged("trust-root", certificate.getTag())); + assertNotNull(directory.getBySpecialNameIfChanged("trust-root", "invalidTag")); + + // tryInsert + certIn = new ByteArrayInputStream(trustRoot.getEncoded()); + assertNotNull(directory.tryInsertWithSpecialName("trust-root", certIn, dummyMerge)); + } + + @ParameterizedTest + @MethodSource("provideTestSubjects") + public void tryInsertFailsWithLockedStore(SharedPGPCertificateDirectory directory) + throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException, + BadDataException, InterruptedException { + assumeTrue(directory.getLock() instanceof FileLockingMechanism); + + PGPSecretKeyRing key = PGPainless.generateKeyRing().modernKeyRing("Alice", null); + PGPPublicKeyRing cert = PGPainless.extractCertificate(key); + ByteArrayInputStream certIn = new ByteArrayInputStream(cert.getEncoded()); + + directory.getLock().lockDirectory(); + assertNull(directory.tryInsert(certIn, dummyMerge)); + + directory.getLock().releaseDirectory(); + assertNotNull(directory.tryInsert(certIn, dummyMerge)); + } + + @ParameterizedTest + @MethodSource("provideTestSubjects") + public void testGetItemsAndFingerprints(SharedPGPCertificateDirectory directory) + throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException, + BadDataException, InterruptedException, BadNameException { + + PGPSecretKeyRing trustRootKey = PGPainless.generateKeyRing().modernKeyRing("Alice", null); + PGPPublicKeyRing trustRootCert = PGPainless.extractCertificate(trustRootKey); + OpenPgpFingerprint trustRootFingerprint = OpenPgpFingerprint.of(trustRootCert); + ByteArrayInputStream trustRootCertIn = new ByteArrayInputStream(trustRootCert.getEncoded()); + directory.insertWithSpecialName("trust-root", trustRootCertIn, dummyMerge); + + final int certificateCount = 3; + Map certificateMap = new HashMap<>(); + for (int i = 0; i < certificateCount; i++) { + PGPSecretKeyRing key = PGPainless.generateKeyRing().modernKeyRing("Alice", null); + PGPPublicKeyRing cert = PGPainless.extractCertificate(key); + OpenPgpFingerprint fingerprint = OpenPgpFingerprint.of(cert); + certificateMap.put(fingerprint.toString().toLowerCase(), cert); + + ByteArrayInputStream certIn = new ByteArrayInputStream(cert.getEncoded()); + directory.insert(certIn, dummyMerge); + } + + Iterator certificates = directory.items(); + int count = 0; + while (certificates.hasNext()) { + count++; + Certificate certificate = certificates.next(); + String fingerprint = certificate.getFingerprint(); + assertNotNull(certificateMap.get(fingerprint)); + ByteArrayOutputStream out = new ByteArrayOutputStream(); + Streams.pipeAll(certificate.getInputStream(), out); + assertArrayEquals(certificateMap.get(fingerprint).getEncoded(), out.toByteArray()); + } + + assertEquals(certificateCount, count); + + Iterator fingerprints = directory.fingerprints(); + Set fingerprintSet = new HashSet<>(); + while (fingerprints.hasNext()) { + String fingerprint = fingerprints.next(); + fingerprintSet.add(fingerprint); + assertNotNull(certificateMap.get(fingerprint)); + } + + assertEquals(certificateCount, fingerprintSet.size()); + } +} diff --git a/settings.gradle b/settings.gradle new file mode 100644 index 0000000..d15382e --- /dev/null +++ b/settings.gradle @@ -0,0 +1,9 @@ +// SPDX-FileCopyrightText: 2022 Paul Schaub +// +// SPDX-License-Identifier: CC0-1.0 + +rootProject.name = 'cert-d-pgpainless' + +include 'pgpainless-cert-d', + 'pgpainless-cert-d-cli' + diff --git a/version.gradle b/version.gradle new file mode 100644 index 0000000..64b1606 --- /dev/null +++ b/version.gradle @@ -0,0 +1,12 @@ +// SPDX-FileCopyrightText: 2021 Paul Schaub +// +// SPDX-License-Identifier: CC0-1.0 + +allprojects { + ext { + shortVersion = '0.1.0' + isSnapshot = true + minAndroidSdk = 10 + javaSourceCompatibility = 1.8 + } +}