mirror of
https://codeberg.org/PGPainless/cert-d-pgpainless.git
synced 2024-11-15 20:22:06 +01:00
Compare commits
No commits in common. "main" and "0.1.0" have entirely different histories.
50 changed files with 613 additions and 1513 deletions
|
@ -14,7 +14,3 @@ Files: gradle*
|
||||||
Copyright: 2015 the original author or authors.
|
Copyright: 2015 the original author or authors.
|
||||||
License: Apache-2.0
|
License: Apache-2.0
|
||||||
|
|
||||||
# Woodpecker build files
|
|
||||||
Files: .woodpecker/*
|
|
||||||
Copyright: 2022 the original author or authors.
|
|
||||||
License: Apache-2.0
|
|
||||||
|
|
|
@ -1,12 +0,0 @@
|
||||||
pipeline:
|
|
||||||
run:
|
|
||||||
image: gradle:7.5-jdk8
|
|
||||||
commands:
|
|
||||||
- git checkout $CI_COMMIT_BRANCH
|
|
||||||
# Code works
|
|
||||||
- gradle test
|
|
||||||
# Code is clean
|
|
||||||
- gradle check javadocAll
|
|
||||||
# Code has coverage
|
|
||||||
- gradle jacocoRootReport coveralls
|
|
||||||
secrets: [COVERALLS_REPO_TOKEN]
|
|
|
@ -1,7 +0,0 @@
|
||||||
# Code is licensed properly
|
|
||||||
# See https://reuse.software/
|
|
||||||
pipeline:
|
|
||||||
reuse:
|
|
||||||
image: fsfe/reuse:latest
|
|
||||||
commands:
|
|
||||||
- reuse lint
|
|
35
CHANGELOG.md
35
CHANGELOG.md
|
@ -5,38 +5,5 @@ SPDX-License-Identifier: CC0-1.0
|
||||||
|
|
||||||
# Cert-D-PGPainless Changelog
|
# Cert-D-PGPainless Changelog
|
||||||
|
|
||||||
## 0.2.2
|
# 0.1.0
|
||||||
- Bump `pgpainless-core` to `1.5.6`
|
|
||||||
- Bump `cert-d-java` to `0.2.2`
|
|
||||||
|
|
||||||
## 0.2.1
|
|
||||||
- Bump `pgpainless-core` to `1.3.12`
|
|
||||||
|
|
||||||
## 0.2.0
|
|
||||||
- `get`: Apply `toLowerCase()` to fingerprints
|
|
||||||
- Use BCs `PGPPublicKeyRing.join(first, second)` method to properly merge certificates
|
|
||||||
- Implement storing of `trust-root` key
|
|
||||||
- Bump `cert-d-java` to `0.2.1`
|
|
||||||
- Changes to CLI
|
|
||||||
- Add support for i18n using resource bundles
|
|
||||||
- Rename `import` command to `insert`
|
|
||||||
- Rename `multi-import` command to `import`
|
|
||||||
- Add `export` command
|
|
||||||
- Add basic `list` command
|
|
||||||
- `get` command: Allow querying by special name
|
|
||||||
- Add armor headers to output of `get` command
|
|
||||||
|
|
||||||
## 0.1.2
|
|
||||||
- Add name and description to main command
|
|
||||||
- Bump `pgpainless-core` to `1.2.1`
|
|
||||||
- Bump `cert-d-java` to `0.1.1`
|
|
||||||
- Bump `slf4j` to `1.7.36`
|
|
||||||
- Bump `logback` to `1.2.11`
|
|
||||||
- Bump `mockito` to `4.5.1`
|
|
||||||
- Bump `picocli` to `4.6.3`
|
|
||||||
|
|
||||||
## 0.1.1
|
|
||||||
- Bump `pgpainless-core` to 1.1.3
|
|
||||||
|
|
||||||
## 0.1.0
|
|
||||||
- Initial Release
|
- Initial Release
|
||||||
|
|
12
README.md
12
README.md
|
@ -1,16 +1,6 @@
|
||||||
<!--
|
|
||||||
SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
|
|
||||||
|
|
||||||
SPDX-License-Identifier: Apache-2.0
|
|
||||||
-->
|
|
||||||
# Shared PGP Certificate Directory for Java
|
# Shared PGP Certificate Directory for Java
|
||||||
|
|
||||||
[![status-badge](https://ci.codeberg.org/api/badges/PGPainless/cert-d-pgpainless/status.svg)](https://ci.codeberg.org/PGPainless/cert-d-pgpainless)
|
This repository contains implementations of the [Shared PGP Certificate Directory](https://sequoia-pgp.gitlab.io/pgp-cert-d/) specification using [PGPainless](https://pgpainless.org) as backend.
|
||||||
[![Coverage Status](https://coveralls.io/repos/github/pgpainless/cert-d-pgpainless/badge.svg?branch=main)](https://coveralls.io/github/pgpainless/cert-d-pgpainless?branch=main)
|
|
||||||
[![REUSE status](https://api.reuse.software/badge/github.com/pgpainless/cert-d-pgpainless)](https://api.reuse.software/info/github.com/pgpainless/cert-d-pgpainless)
|
|
||||||
|
|
||||||
This repository contains implementations of the [Shared PGP Certificate Directory](https://sequoia-pgp.gitlab.io/pgp-cert-d/)
|
|
||||||
specification using [PGPainless](https://pgpainless.org) as backend.
|
|
||||||
|
|
||||||
The module `pgpainless-cert-d` can be used as a drop-in implementation of
|
The module `pgpainless-cert-d` can be used as a drop-in implementation of
|
||||||
`pgp-certificate-store`.
|
`pgp-certificate-store`.
|
||||||
|
|
|
@ -49,7 +49,6 @@ allprojects {
|
||||||
|
|
||||||
repositories {
|
repositories {
|
||||||
mavenCentral()
|
mavenCentral()
|
||||||
mavenLocal()
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Reproducible Builds
|
// Reproducible Builds
|
||||||
|
@ -59,6 +58,12 @@ allprojects {
|
||||||
}
|
}
|
||||||
|
|
||||||
project.ext {
|
project.ext {
|
||||||
|
slf4jVersion = '1.7.32'
|
||||||
|
logbackVersion = '1.2.9'
|
||||||
|
junitVersion = '5.8.2'
|
||||||
|
mockitoVersion = '4.2.0'
|
||||||
|
pgpainlessVersion = '1.1.1'
|
||||||
|
pgpCertDJavaVersion = '0.1.0'
|
||||||
rootConfigDir = new File(rootDir, 'config')
|
rootConfigDir = new File(rootDir, 'config')
|
||||||
gitCommit = getGitCommit()
|
gitCommit = getGitCommit()
|
||||||
isContinuousIntegrationEnvironment = Boolean.parseBoolean(System.getenv('CI'))
|
isContinuousIntegrationEnvironment = Boolean.parseBoolean(System.getenv('CI'))
|
||||||
|
|
|
@ -6,8 +6,5 @@ SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
# Command Line Interface for pgpainless-cert-d
|
# Command Line Interface for pgpainless-cert-d
|
||||||
|
|
||||||
[![javadoc](https://javadoc.io/badge2/org.pgpainless/pgpainless-cert-d-cli/javadoc.svg)](https://javadoc.io/doc/org.pgpainless/pgpainless-cert-d-cli)
|
|
||||||
[![Maven Central](https://badgen.net/maven/v/maven-central/org.pgpainless/pgpainless-cert-d-cli)](https://search.maven.org/artifact/org.pgpainless/pgpainless-cert-d-cli)
|
|
||||||
|
|
||||||
This module utilizes [picocli](https://picocli.info) to provide a CLI application for use with the
|
This module utilizes [picocli](https://picocli.info) to provide a CLI application for use with the
|
||||||
[Shared PGP Certificate Directory](https://sequoia-pgp.gitlab.io/pgp-cert-d/).
|
[Shared PGP Certificate Directory](https://sequoia-pgp.gitlab.io/pgp-cert-d/).
|
||||||
|
|
|
@ -4,7 +4,6 @@
|
||||||
|
|
||||||
plugins {
|
plugins {
|
||||||
id 'application'
|
id 'application'
|
||||||
id "com.github.johnrengelman.shadow" version "6.1.0"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
group 'org.pgpainless'
|
group 'org.pgpainless'
|
||||||
|
@ -14,21 +13,17 @@ repositories {
|
||||||
}
|
}
|
||||||
|
|
||||||
dependencies {
|
dependencies {
|
||||||
// Junit
|
|
||||||
testImplementation "org.junit.jupiter:junit-jupiter-api:$junitVersion"
|
testImplementation "org.junit.jupiter:junit-jupiter-api:$junitVersion"
|
||||||
testRuntimeOnly "org.junit.jupiter:junit-jupiter-engine:$junitVersion"
|
testRuntimeOnly "org.junit.jupiter:junit-jupiter-engine:$junitVersion"
|
||||||
|
|
||||||
// Logging
|
// Logging
|
||||||
implementation ("org.slf4j:slf4j-nop:$slf4jVersion")
|
testImplementation "ch.qos.logback:logback-classic:$logbackVersion"
|
||||||
|
|
||||||
// pgp.cert.d using PGPainless
|
|
||||||
implementation project(":pgpainless-cert-d")
|
implementation project(":pgpainless-cert-d")
|
||||||
|
|
||||||
// SQL subkey table
|
|
||||||
implementation "org.pgpainless:pgp-cert-d-java-jdbc-sqlite-lookup:$pgpCertDJavaVersion"
|
implementation "org.pgpainless:pgp-cert-d-java-jdbc-sqlite-lookup:$pgpCertDJavaVersion"
|
||||||
|
|
||||||
// picocli for cli
|
// picocli for cli
|
||||||
implementation "info.picocli:picocli:$picocliVersion"
|
implementation "info.picocli:picocli:4.6.2"
|
||||||
}
|
}
|
||||||
|
|
||||||
test {
|
test {
|
||||||
|
@ -37,13 +32,8 @@ test {
|
||||||
|
|
||||||
mainClassName = 'pgp.cert_d.cli.PGPCertDCli'
|
mainClassName = 'pgp.cert_d.cli.PGPCertDCli'
|
||||||
|
|
||||||
application {
|
|
||||||
mainClass = mainClassName
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
jar {
|
jar {
|
||||||
dependsOn(":pgpainless-cert-d:jar")
|
dependsOn(":pgpainless-cert-d:assemble")
|
||||||
manifest {
|
manifest {
|
||||||
attributes 'Main-Class': "$mainClassName"
|
attributes 'Main-Class': "$mainClassName"
|
||||||
}
|
}
|
||||||
|
@ -58,5 +48,4 @@ jar {
|
||||||
exclude "META-INF/*.RSA"
|
exclude "META-INF/*.RSA"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
|
@ -4,66 +4,60 @@
|
||||||
|
|
||||||
package pgp.cert_d.cli;
|
package pgp.cert_d.cli;
|
||||||
|
|
||||||
import org.pgpainless.certificate_store.PGPainlessCertD;
|
import org.pgpainless.certificate_store.CertificateReader;
|
||||||
|
import org.pgpainless.certificate_store.SharedPGPCertificateDirectoryAdapter;
|
||||||
import pgp.cert_d.BaseDirectoryProvider;
|
import pgp.cert_d.BaseDirectoryProvider;
|
||||||
import pgp.cert_d.cli.commands.Export;
|
import pgp.cert_d.SharedPGPCertificateDirectoryImpl;
|
||||||
import pgp.cert_d.cli.commands.Find;
|
|
||||||
import pgp.cert_d.cli.commands.Get;
|
import pgp.cert_d.cli.commands.Get;
|
||||||
import pgp.cert_d.cli.commands.Insert;
|
|
||||||
import pgp.cert_d.cli.commands.Import;
|
import pgp.cert_d.cli.commands.Import;
|
||||||
import pgp.cert_d.cli.commands.List;
|
import pgp.cert_d.cli.commands.MultiImport;
|
||||||
import pgp.cert_d.cli.commands.Setup;
|
import pgp.cert_d.jdbc.sqlite.DatabaseSubkeyLookup;
|
||||||
import pgp.cert_d.jdbc.sqlite.DatabaseSubkeyLookupFactory;
|
import pgp.cert_d.jdbc.sqlite.SqliteSubkeyLookupDaoImpl;
|
||||||
|
import pgp.certificate_store.SubkeyLookup;
|
||||||
import pgp.certificate_store.exception.NotAStoreException;
|
import pgp.certificate_store.exception.NotAStoreException;
|
||||||
|
import pgp.certificate_store.CertificateDirectory;
|
||||||
import picocli.CommandLine;
|
import picocli.CommandLine;
|
||||||
|
|
||||||
import java.io.File;
|
import java.io.File;
|
||||||
import java.sql.SQLException;
|
import java.sql.SQLException;
|
||||||
|
|
||||||
@CommandLine.Command(
|
@CommandLine.Command(
|
||||||
name = "certificate-store",
|
|
||||||
resourceBundle = "msg_pgp-cert-d",
|
|
||||||
subcommands = {
|
subcommands = {
|
||||||
CommandLine.HelpCommand.class,
|
|
||||||
Export.class,
|
|
||||||
Insert.class,
|
|
||||||
Import.class,
|
Import.class,
|
||||||
|
MultiImport.class,
|
||||||
Get.class,
|
Get.class,
|
||||||
Setup.class,
|
|
||||||
List.class,
|
|
||||||
Find.class
|
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
public class PGPCertDCli {
|
public class PGPCertDCli {
|
||||||
|
|
||||||
@CommandLine.Option(names = {"-s", "--store"}, paramLabel = "DIRECTORY",
|
@CommandLine.Option(names = "--base-directory", paramLabel = "DIRECTORY", description = "Overwrite the default certificate directory")
|
||||||
scope = CommandLine.ScopeType.INHERIT)
|
|
||||||
File baseDirectory;
|
File baseDirectory;
|
||||||
|
|
||||||
static PGPainlessCertD certificateDirectory;
|
private static CertificateDirectory certificateDirectory;
|
||||||
|
|
||||||
// https://www.cyberciti.biz/faq/linux-bash-exit-status-set-exit-statusin-bash/
|
|
||||||
public static final int EXIT_CODE_NOT_A_STORE = 30;
|
|
||||||
|
|
||||||
private int executionStrategy(CommandLine.ParseResult parseResult) {
|
private int executionStrategy(CommandLine.ParseResult parseResult) {
|
||||||
try {
|
try {
|
||||||
initStore();
|
initStore();
|
||||||
} catch (NotAStoreException | SQLException e) {
|
} catch (NotAStoreException | SQLException e) {
|
||||||
return EXIT_CODE_NOT_A_STORE;
|
return -1;
|
||||||
}
|
}
|
||||||
return new CommandLine.RunLast().execute(parseResult);
|
return new CommandLine.RunLast().execute(parseResult);
|
||||||
}
|
}
|
||||||
|
|
||||||
private void initStore() throws NotAStoreException, SQLException {
|
private void initStore() throws NotAStoreException, SQLException {
|
||||||
if (certificateDirectory != null) {
|
SharedPGPCertificateDirectoryImpl certificateDirectory;
|
||||||
return;
|
SubkeyLookup subkeyLookup;
|
||||||
}
|
|
||||||
|
|
||||||
if (baseDirectory == null) {
|
if (baseDirectory == null) {
|
||||||
baseDirectory = BaseDirectoryProvider.getDefaultBaseDir();
|
baseDirectory = BaseDirectoryProvider.getDefaultBaseDir();
|
||||||
}
|
}
|
||||||
|
|
||||||
PGPCertDCli.certificateDirectory = PGPainlessCertD.fileBased(baseDirectory, new DatabaseSubkeyLookupFactory());
|
certificateDirectory = new SharedPGPCertificateDirectoryImpl(
|
||||||
|
baseDirectory,
|
||||||
|
new CertificateReader());
|
||||||
|
subkeyLookup = new DatabaseSubkeyLookup(
|
||||||
|
SqliteSubkeyLookupDaoImpl.forDatabaseFile(new File(baseDirectory, "_pgpainless_subkey_map.db")));
|
||||||
|
|
||||||
|
PGPCertDCli.certificateDirectory = new SharedPGPCertificateDirectoryAdapter(certificateDirectory, subkeyLookup);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static void main(String[] args) {
|
public static void main(String[] args) {
|
||||||
|
@ -73,7 +67,7 @@ public class PGPCertDCli {
|
||||||
.execute(args);
|
.execute(args);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static PGPainlessCertD getCertificateDirectory() {
|
public static CertificateDirectory getCertificateDirectory() {
|
||||||
return certificateDirectory;
|
return certificateDirectory;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,53 +0,0 @@
|
||||||
// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
|
|
||||||
//
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package pgp.cert_d.cli.commands;
|
|
||||||
|
|
||||||
import org.bouncycastle.bcpg.ArmoredOutputStream;
|
|
||||||
import org.bouncycastle.util.io.Streams;
|
|
||||||
import org.slf4j.Logger;
|
|
||||||
import org.slf4j.LoggerFactory;
|
|
||||||
import pgp.cert_d.cli.PGPCertDCli;
|
|
||||||
import pgp.certificate_store.certificate.Certificate;
|
|
||||||
import picocli.CommandLine;
|
|
||||||
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.io.InputStream;
|
|
||||||
import java.io.OutputStream;
|
|
||||||
import java.util.Iterator;
|
|
||||||
|
|
||||||
@CommandLine.Command(name = "export",
|
|
||||||
resourceBundle = "msg_export")
|
|
||||||
public class Export implements Runnable {
|
|
||||||
|
|
||||||
private static final Logger LOGGER = LoggerFactory.getLogger(Export.class);
|
|
||||||
|
|
||||||
@CommandLine.Option(names = {"-a", "--armor"})
|
|
||||||
boolean armor = false;
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void run() {
|
|
||||||
Iterator<Certificate> certificates = PGPCertDCli.getCertificateDirectory()
|
|
||||||
.items();
|
|
||||||
OutputStream out = armor ? new ArmoredOutputStream(System.out) : System.out;
|
|
||||||
while (certificates.hasNext()) {
|
|
||||||
try {
|
|
||||||
Certificate certificate = certificates.next();
|
|
||||||
InputStream inputStream = certificate.getInputStream();
|
|
||||||
Streams.pipeAll(inputStream, out);
|
|
||||||
inputStream.close();
|
|
||||||
} catch (IOException e) {
|
|
||||||
LOGGER.error("IO Error", e);
|
|
||||||
System.exit(-1);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (armor) {
|
|
||||||
try {
|
|
||||||
out.close();
|
|
||||||
} catch (IOException e) {
|
|
||||||
throw new RuntimeException(e);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,57 +0,0 @@
|
||||||
// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
|
|
||||||
//
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package pgp.cert_d.cli.commands;
|
|
||||||
|
|
||||||
import org.pgpainless.key.OpenPgpFingerprint;
|
|
||||||
import pgp.cert_d.cli.PGPCertDCli;
|
|
||||||
import picocli.CommandLine;
|
|
||||||
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.math.BigInteger;
|
|
||||||
import java.util.Set;
|
|
||||||
import java.util.regex.Pattern;
|
|
||||||
|
|
||||||
@CommandLine.Command(name = "find",
|
|
||||||
resourceBundle = "msg_find")
|
|
||||||
public class Find implements Runnable {
|
|
||||||
|
|
||||||
private static final Pattern LONG_KEY_ID = Pattern.compile("^[0-9A-Fa-f]{16}$");
|
|
||||||
|
|
||||||
@CommandLine.Parameters(
|
|
||||||
paramLabel = "IDENTIFIER",
|
|
||||||
arity = "1")
|
|
||||||
String identifier;
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void run() {
|
|
||||||
if (identifier == null) {
|
|
||||||
throw new IllegalArgumentException("No subkey ID provided.");
|
|
||||||
}
|
|
||||||
identifier = identifier.trim();
|
|
||||||
long subkeyId = 0;
|
|
||||||
try {
|
|
||||||
OpenPgpFingerprint fingerprint = OpenPgpFingerprint.parse(identifier);
|
|
||||||
subkeyId = fingerprint.getKeyId();
|
|
||||||
} catch (IllegalArgumentException e) {
|
|
||||||
if (!LONG_KEY_ID.matcher(identifier).matches()) {
|
|
||||||
throw new IllegalArgumentException("Provided long key-id does not match expected format. " +
|
|
||||||
"A long key-id consists of 16 hexadecimal characters.");
|
|
||||||
}
|
|
||||||
subkeyId = new BigInteger(identifier, 16).longValue();
|
|
||||||
}
|
|
||||||
|
|
||||||
try {
|
|
||||||
Set<String> fingerprints = PGPCertDCli.getCertificateDirectory()
|
|
||||||
.getCertificateFingerprintsForSubkeyId(subkeyId);
|
|
||||||
for (String fingerprint : fingerprints) {
|
|
||||||
// CHECKSTYLE:OFF
|
|
||||||
System.out.println(fingerprint);
|
|
||||||
// CHECKSTYLE:ON
|
|
||||||
}
|
|
||||||
} catch (IOException e) {
|
|
||||||
throw new RuntimeException(e);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -4,70 +4,42 @@
|
||||||
|
|
||||||
package pgp.cert_d.cli.commands;
|
package pgp.cert_d.cli.commands;
|
||||||
|
|
||||||
import org.bouncycastle.bcpg.ArmoredOutputStream;
|
import java.io.IOException;
|
||||||
import org.bouncycastle.openpgp.PGPKeyRing;
|
|
||||||
import org.bouncycastle.util.io.Streams;
|
import org.bouncycastle.util.io.Streams;
|
||||||
import org.pgpainless.PGPainless;
|
|
||||||
import org.pgpainless.util.ArmorUtils;
|
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
import pgp.cert_d.SpecialNames;
|
|
||||||
import pgp.cert_d.cli.PGPCertDCli;
|
import pgp.cert_d.cli.PGPCertDCli;
|
||||||
import pgp.certificate_store.certificate.KeyMaterial;
|
import pgp.certificate_store.Certificate;
|
||||||
import pgp.certificate_store.exception.BadDataException;
|
import pgp.certificate_store.exception.BadDataException;
|
||||||
import pgp.certificate_store.exception.BadNameException;
|
import pgp.certificate_store.exception.BadNameException;
|
||||||
import picocli.CommandLine;
|
import picocli.CommandLine;
|
||||||
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.util.NoSuchElementException;
|
|
||||||
|
|
||||||
@CommandLine.Command(name = "get",
|
@CommandLine.Command(name = "get",
|
||||||
resourceBundle = "msg_get")
|
description = "Retrieve certificates from the store")
|
||||||
public class Get implements Runnable {
|
public class Get implements Runnable {
|
||||||
|
|
||||||
private static final Logger LOGGER = LoggerFactory.getLogger(Get.class);
|
private static final Logger LOGGER = LoggerFactory.getLogger(Get.class);
|
||||||
|
|
||||||
// https://www.cyberciti.biz/faq/linux-bash-exit-status-set-exit-statusin-bash/
|
|
||||||
public static final int EXIT_CODE_NO_SUCH_ELEMENT = 2;
|
|
||||||
public static final int EXIT_CODE_IO_ERROR = 5;
|
|
||||||
|
|
||||||
@CommandLine.Option(names = {"-a", "--armor"})
|
|
||||||
boolean armor = false;
|
|
||||||
|
|
||||||
@CommandLine.Parameters(
|
@CommandLine.Parameters(
|
||||||
paramLabel = "IDENTIFIER",
|
paramLabel = "IDENTIFIER",
|
||||||
arity = "1"
|
arity = "1",
|
||||||
|
description = "Certificate identifier (fingerprint or special name)"
|
||||||
)
|
)
|
||||||
String identifier;
|
String identifer;
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void run() {
|
public void run() {
|
||||||
try {
|
try {
|
||||||
KeyMaterial record;
|
Certificate certificate = PGPCertDCli.getCertificateDirectory()
|
||||||
if (SpecialNames.lookupSpecialName(identifier) != null) {
|
.getCertificate(identifer);
|
||||||
record = PGPCertDCli.getCertificateDirectory().getBySpecialName(identifier);
|
if (certificate == null) {
|
||||||
} else {
|
|
||||||
record = PGPCertDCli.getCertificateDirectory().getByFingerprint(identifier.toLowerCase());
|
|
||||||
}
|
|
||||||
if (record == null) {
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
Streams.pipeAll(certificate.getInputStream(), System.out);
|
||||||
if (armor) {
|
|
||||||
PGPKeyRing keyRing = PGPainless.readKeyRing().keyRing(record.getInputStream());
|
|
||||||
ArmoredOutputStream armorOut = ArmorUtils.toAsciiArmoredStream(keyRing, System.out);
|
|
||||||
Streams.pipeAll(record.getInputStream(), armorOut);
|
|
||||||
armorOut.close();
|
|
||||||
} else {
|
|
||||||
Streams.pipeAll(record.getInputStream(), System.out);
|
|
||||||
}
|
|
||||||
|
|
||||||
} catch (NoSuchElementException e) {
|
|
||||||
LOGGER.debug("Certificate not found.", e);
|
|
||||||
System.exit(EXIT_CODE_NO_SUCH_ELEMENT);
|
|
||||||
} catch (IOException e) {
|
} catch (IOException e) {
|
||||||
LOGGER.error("IO Error", e);
|
LOGGER.error("IO Error", e);
|
||||||
System.exit(EXIT_CODE_IO_ERROR);
|
System.exit(-1);
|
||||||
} catch (BadDataException e) {
|
} catch (BadDataException e) {
|
||||||
LOGGER.error("Certificate file contains bad data.", e);
|
LOGGER.error("Certificate file contains bad data.", e);
|
||||||
System.exit(-1);
|
System.exit(-1);
|
||||||
|
|
|
@ -4,38 +4,37 @@
|
||||||
|
|
||||||
package pgp.cert_d.cli.commands;
|
package pgp.cert_d.cli.commands;
|
||||||
|
|
||||||
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
import java.io.IOException;
|
||||||
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
|
|
||||||
import org.pgpainless.PGPainless;
|
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
import org.pgpainless.certificate_store.MergeCallbacks;
|
|
||||||
import pgp.cert_d.cli.PGPCertDCli;
|
import pgp.cert_d.cli.PGPCertDCli;
|
||||||
import pgp.certificate_store.certificate.Certificate;
|
import pgp.certificate_store.Certificate;
|
||||||
|
import pgp.certificate_store.MergeCallback;
|
||||||
import pgp.certificate_store.exception.BadDataException;
|
import pgp.certificate_store.exception.BadDataException;
|
||||||
import picocli.CommandLine;
|
import picocli.CommandLine;
|
||||||
|
|
||||||
import java.io.ByteArrayInputStream;
|
|
||||||
import java.io.IOException;
|
|
||||||
|
|
||||||
@CommandLine.Command(name = "import",
|
@CommandLine.Command(name = "import",
|
||||||
resourceBundle = "msg_import")
|
description = "Import or update a certificate")
|
||||||
public class Import implements Runnable {
|
public class Import implements Runnable {
|
||||||
|
|
||||||
private static final Logger LOGGER = LoggerFactory.getLogger(Import.class);
|
private static final Logger LOGGER = LoggerFactory.getLogger(Import.class);
|
||||||
|
|
||||||
|
// TODO: Replace with proper merge callback
|
||||||
|
private final MergeCallback dummyMerge = new MergeCallback() {
|
||||||
|
@Override
|
||||||
|
public Certificate merge(Certificate data, Certificate existing) throws IOException {
|
||||||
|
return data;
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void run() {
|
public void run() {
|
||||||
try {
|
try {
|
||||||
PGPPublicKeyRingCollection certificates = PGPainless.readKeyRing().publicKeyRingCollection(System.in);
|
Certificate certificate = PGPCertDCli.getCertificateDirectory().insertCertificate(System.in, dummyMerge);
|
||||||
for (PGPPublicKeyRing cert : certificates) {
|
|
||||||
ByteArrayInputStream certIn = new ByteArrayInputStream(cert.getEncoded());
|
|
||||||
Certificate certificate = PGPCertDCli.getCertificateDirectory()
|
|
||||||
.insert(certIn, MergeCallbacks.mergeWithExisting());
|
|
||||||
// CHECKSTYLE:OFF
|
// CHECKSTYLE:OFF
|
||||||
System.out.println(certificate.getFingerprint());
|
System.out.println(certificate.getFingerprint());
|
||||||
// CHECKSTYLE:ON
|
// CHECKSTYLE:ON
|
||||||
}
|
|
||||||
} catch (IOException e) {
|
} catch (IOException e) {
|
||||||
LOGGER.error("IO-Error.", e);
|
LOGGER.error("IO-Error.", e);
|
||||||
System.exit(-1);
|
System.exit(-1);
|
||||||
|
|
|
@ -1,42 +0,0 @@
|
||||||
// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
|
|
||||||
//
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package pgp.cert_d.cli.commands;
|
|
||||||
|
|
||||||
import org.slf4j.Logger;
|
|
||||||
import org.slf4j.LoggerFactory;
|
|
||||||
import org.pgpainless.certificate_store.MergeCallbacks;
|
|
||||||
import pgp.cert_d.cli.PGPCertDCli;
|
|
||||||
import pgp.certificate_store.certificate.Certificate;
|
|
||||||
import pgp.certificate_store.exception.BadDataException;
|
|
||||||
import picocli.CommandLine;
|
|
||||||
|
|
||||||
import java.io.IOException;
|
|
||||||
|
|
||||||
@CommandLine.Command(name = "insert",
|
|
||||||
resourceBundle = "msg_insert")
|
|
||||||
public class Insert implements Runnable {
|
|
||||||
|
|
||||||
private static final Logger LOGGER = LoggerFactory.getLogger(Insert.class);
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void run() {
|
|
||||||
try {
|
|
||||||
Certificate certificate = PGPCertDCli.getCertificateDirectory()
|
|
||||||
.insert(System.in, MergeCallbacks.mergeWithExisting());
|
|
||||||
// CHECKSTYLE:OFF
|
|
||||||
System.out.println(certificate.getFingerprint());
|
|
||||||
// CHECKSTYLE:ON
|
|
||||||
} catch (IOException e) {
|
|
||||||
LOGGER.error("IO-Error.", e);
|
|
||||||
System.exit(-1);
|
|
||||||
} catch (InterruptedException e) {
|
|
||||||
LOGGER.error("Thread interrupted.", e);
|
|
||||||
System.exit(-1);
|
|
||||||
} catch (BadDataException e) {
|
|
||||||
LOGGER.error("Certificate contains bad data.", e);
|
|
||||||
System.exit(-1);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,29 +0,0 @@
|
||||||
// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
|
|
||||||
//
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package pgp.cert_d.cli.commands;
|
|
||||||
|
|
||||||
import pgp.cert_d.cli.PGPCertDCli;
|
|
||||||
import pgp.certificate_store.certificate.Certificate;
|
|
||||||
import picocli.CommandLine;
|
|
||||||
|
|
||||||
import java.util.Iterator;
|
|
||||||
|
|
||||||
@CommandLine.Command(name = "list",
|
|
||||||
resourceBundle = "msg_list"
|
|
||||||
)
|
|
||||||
public class List implements Runnable {
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void run() {
|
|
||||||
Iterator<Certificate> certificates = PGPCertDCli.getCertificateDirectory()
|
|
||||||
.items();
|
|
||||||
while (certificates.hasNext()) {
|
|
||||||
Certificate certificate = certificates.next();
|
|
||||||
// CHECKSTYLE:OFF
|
|
||||||
System.out.println(certificate.getFingerprint());
|
|
||||||
// CHECKSTYLE:ON
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -0,0 +1,62 @@
|
||||||
|
// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
|
||||||
|
//
|
||||||
|
// SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
|
package pgp.cert_d.cli.commands;
|
||||||
|
|
||||||
|
import org.bouncycastle.openpgp.PGPException;
|
||||||
|
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
||||||
|
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
|
||||||
|
import org.pgpainless.PGPainless;
|
||||||
|
import org.slf4j.Logger;
|
||||||
|
import org.slf4j.LoggerFactory;
|
||||||
|
import pgp.cert_d.cli.PGPCertDCli;
|
||||||
|
import pgp.certificate_store.Certificate;
|
||||||
|
import pgp.certificate_store.MergeCallback;
|
||||||
|
import pgp.certificate_store.exception.BadDataException;
|
||||||
|
import picocli.CommandLine;
|
||||||
|
|
||||||
|
import java.io.ByteArrayInputStream;
|
||||||
|
import java.io.IOException;
|
||||||
|
|
||||||
|
@CommandLine.Command(name = "multi-import",
|
||||||
|
description = "Import or update multiple certificates")
|
||||||
|
public class MultiImport implements Runnable {
|
||||||
|
|
||||||
|
private static final Logger LOGGER = LoggerFactory.getLogger(MultiImport.class);
|
||||||
|
|
||||||
|
// TODO: Replace with proper merge callback
|
||||||
|
private final MergeCallback dummyMerge = new MergeCallback() {
|
||||||
|
@Override
|
||||||
|
public Certificate merge(Certificate data, Certificate existing) throws IOException {
|
||||||
|
return data;
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void run() {
|
||||||
|
try {
|
||||||
|
PGPPublicKeyRingCollection certificates = PGPainless.readKeyRing().publicKeyRingCollection(System.in);
|
||||||
|
for (PGPPublicKeyRing cert : certificates) {
|
||||||
|
ByteArrayInputStream certIn = new ByteArrayInputStream(cert.getEncoded());
|
||||||
|
Certificate certificate = PGPCertDCli.getCertificateDirectory()
|
||||||
|
.insertCertificate(certIn, dummyMerge);
|
||||||
|
// CHECKSTYLE:OFF
|
||||||
|
System.out.println(certificate.getFingerprint());
|
||||||
|
// CHECKSTYLE:ON
|
||||||
|
}
|
||||||
|
} catch (IOException e) {
|
||||||
|
LOGGER.error("IO-Error.", e);
|
||||||
|
System.exit(-1);
|
||||||
|
} catch (InterruptedException e) {
|
||||||
|
LOGGER.error("Thread interrupted.", e);
|
||||||
|
System.exit(-1);
|
||||||
|
} catch (BadDataException e) {
|
||||||
|
LOGGER.error("Certificate contains bad data.", e);
|
||||||
|
System.exit(-1);
|
||||||
|
} catch (PGPException e) {
|
||||||
|
LOGGER.error("PGP Exception.", e);
|
||||||
|
System.exit(-1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -1,111 +0,0 @@
|
||||||
// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
|
|
||||||
//
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package pgp.cert_d.cli.commands;
|
|
||||||
|
|
||||||
import org.bouncycastle.openpgp.PGPException;
|
|
||||||
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
|
||||||
import org.pgpainless.PGPainless;
|
|
||||||
import org.pgpainless.algorithm.KeyFlag;
|
|
||||||
import org.pgpainless.key.generation.KeyRingBuilder;
|
|
||||||
import org.pgpainless.key.generation.KeySpec;
|
|
||||||
import org.pgpainless.key.generation.type.KeyType;
|
|
||||||
import org.pgpainless.key.generation.type.eddsa.EdDSACurve;
|
|
||||||
import org.pgpainless.util.Passphrase;
|
|
||||||
import org.slf4j.Logger;
|
|
||||||
import org.slf4j.LoggerFactory;
|
|
||||||
import org.pgpainless.certificate_store.MergeCallbacks;
|
|
||||||
import pgp.cert_d.cli.PGPCertDCli;
|
|
||||||
import pgp.certificate_store.certificate.KeyMaterial;
|
|
||||||
import pgp.certificate_store.exception.BadDataException;
|
|
||||||
import picocli.CommandLine;
|
|
||||||
|
|
||||||
import java.io.ByteArrayInputStream;
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.io.InputStream;
|
|
||||||
import java.security.InvalidAlgorithmParameterException;
|
|
||||||
import java.security.NoSuchAlgorithmException;
|
|
||||||
|
|
||||||
@CommandLine.Command(name = "setup",
|
|
||||||
resourceBundle = "msg_setup")
|
|
||||||
public class Setup implements Runnable {
|
|
||||||
|
|
||||||
public static final Logger LOGGER = LoggerFactory.getLogger(Setup.class);
|
|
||||||
|
|
||||||
@CommandLine.ArgGroup()
|
|
||||||
Exclusive exclusive;
|
|
||||||
|
|
||||||
static class Exclusive {
|
|
||||||
@CommandLine.Option(names = "--with-password",
|
|
||||||
paramLabel = "PASSWORD")
|
|
||||||
String password;
|
|
||||||
|
|
||||||
@CommandLine.Option(names = "--import-from-stdin",
|
|
||||||
description = "Import trust-root from stdin")
|
|
||||||
boolean importFromStdin;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void run() {
|
|
||||||
PGPSecretKeyRing trustRoot;
|
|
||||||
if (exclusive == null) {
|
|
||||||
trustRoot = generateTrustRoot(Passphrase.emptyPassphrase());
|
|
||||||
} else {
|
|
||||||
if (exclusive.importFromStdin) {
|
|
||||||
trustRoot = readTrustRoot(System.in);
|
|
||||||
} else {
|
|
||||||
trustRoot = generateTrustRoot(Passphrase.fromPassword(exclusive.password.trim()));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
try {
|
|
||||||
InputStream inputStream = new ByteArrayInputStream(trustRoot.getEncoded());
|
|
||||||
KeyMaterial inserted = PGPCertDCli.getCertificateDirectory()
|
|
||||||
.insertTrustRoot(inputStream, MergeCallbacks.overrideExisting());
|
|
||||||
// CHECKSTYLE:OFF
|
|
||||||
System.out.println(inserted.getFingerprint());
|
|
||||||
// CHECKSTYLE:ON
|
|
||||||
|
|
||||||
} catch (BadDataException e) {
|
|
||||||
throw new RuntimeException(e);
|
|
||||||
} catch (IOException e) {
|
|
||||||
LOGGER.error("IO error.", e);
|
|
||||||
System.exit(-1);
|
|
||||||
} catch (InterruptedException e) {
|
|
||||||
LOGGER.error("Thread interrupted.", e);
|
|
||||||
System.exit(-1);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private PGPSecretKeyRing generateTrustRoot(Passphrase passphrase) {
|
|
||||||
PGPSecretKeyRing trustRoot;
|
|
||||||
KeyRingBuilder builder = PGPainless.buildKeyRing()
|
|
||||||
.addUserId("trust-root");
|
|
||||||
if (passphrase != null) {
|
|
||||||
builder.setPassphrase(passphrase);
|
|
||||||
}
|
|
||||||
builder.setPrimaryKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519), KeyFlag.CERTIFY_OTHER));
|
|
||||||
try {
|
|
||||||
trustRoot = builder.build();
|
|
||||||
} catch (NoSuchAlgorithmException | PGPException | InvalidAlgorithmParameterException e) {
|
|
||||||
throw new RuntimeException("Cannot generate trust-root OpenPGP key", e);
|
|
||||||
}
|
|
||||||
return trustRoot;
|
|
||||||
}
|
|
||||||
|
|
||||||
private PGPSecretKeyRing readTrustRoot(InputStream inputStream) {
|
|
||||||
try {
|
|
||||||
PGPSecretKeyRing secretKeys = PGPainless.readKeyRing().secretKeyRing(inputStream);
|
|
||||||
if (secretKeys == null) {
|
|
||||||
throw new BadDataException();
|
|
||||||
}
|
|
||||||
return secretKeys;
|
|
||||||
} catch (IOException e) {
|
|
||||||
throw new RuntimeException("Cannot read trust-root OpenPGP key", e);
|
|
||||||
} catch (BadDataException e) {
|
|
||||||
throw new RuntimeException("trust-root does not contain OpenPGP key", e);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,12 +0,0 @@
|
||||||
# SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
|
|
||||||
#
|
|
||||||
# SPDX-License-Identifier: Apache-2.0
|
|
||||||
usage.header=Export all certificates in the store to Standard Output
|
|
||||||
armor=Wrap the output in ASCII armor
|
|
||||||
|
|
||||||
# Generic TODO: Remove when bumping picocli to 4.7.0
|
|
||||||
usage.synopsisHeading=Usage:\u0020
|
|
||||||
usage.commandListHeading = %nCommands:%n
|
|
||||||
usage.optionListHeading = %nOptions:%n
|
|
||||||
usage.footerHeading=Powered by picocli%n
|
|
||||||
store=Overwrite the default certificate directory path
|
|
|
@ -1,12 +0,0 @@
|
||||||
# SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
|
|
||||||
#
|
|
||||||
# SPDX-License-Identifier: Apache-2.0
|
|
||||||
usage.header=Exportiere alle gespeicherten Zertifikate zur Standardausgabe
|
|
||||||
armor=Verpacke the Ausgabe in ASCII Armor
|
|
||||||
|
|
||||||
# Generic TODO: Remove when bumping picocli to 4.7.0
|
|
||||||
usage.synopsisHeading=Aufruf:\u0020
|
|
||||||
usage.commandListHeading=%nBefehle:%n
|
|
||||||
usage.optionListHeading = %nOptionen:%n
|
|
||||||
usage.footerHeading=Powered by Picocli%n
|
|
||||||
store=Überschreibe den Standardpfad des Zertifikatsverzeichnisses
|
|
|
@ -1,11 +0,0 @@
|
||||||
# SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
|
|
||||||
#
|
|
||||||
# SPDX-License-Identifier: Apache-2.0
|
|
||||||
usage.header=Lookup primary certificate fingerprints by subkey ids or fingerprints
|
|
||||||
|
|
||||||
# Generic TODO: Remove when bumping picocli to 4.7.0
|
|
||||||
usage.synopsisHeading=Usage:\u0020
|
|
||||||
usage.commandListHeading = %nCommands:%n
|
|
||||||
usage.optionListHeading = %nOptions:%n
|
|
||||||
usage.footerHeading=Powered by picocli%n
|
|
||||||
store=Overwrite the default certificate directory path
|
|
|
@ -1,11 +0,0 @@
|
||||||
# SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
|
|
||||||
#
|
|
||||||
# SPDX-License-Identifier: Apache-2.0
|
|
||||||
usage.header=Schlage primäre Fingerabdrücke von Zertifikaten per ID oder Fingerabdruck von Unterschlüsseln nach
|
|
||||||
|
|
||||||
# Generic TODO: Remove when bumping picocli to 4.7.0
|
|
||||||
usage.synopsisHeading=Aufruf:\u0020
|
|
||||||
usage.commandListHeading=%nBefehle:%n
|
|
||||||
usage.optionListHeading = %nOptionen:%n
|
|
||||||
usage.footerHeading=Powered by Picocli%n
|
|
||||||
store=Überschreibe den Standardpfad des Zertifikatsverzeichnisses
|
|
|
@ -1,13 +0,0 @@
|
||||||
# SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
|
|
||||||
#
|
|
||||||
# SPDX-License-Identifier: Apache-2.0
|
|
||||||
usage.header=Retrieve certificates from the store
|
|
||||||
IDENTIFIER[0]=Certificate identifier (fingerprint or special name)
|
|
||||||
armor=Wrap the output in ASCII armor
|
|
||||||
|
|
||||||
# Generic TODO: Remove when bumping picocli to 4.7.0
|
|
||||||
usage.synopsisHeading=Usage:\u0020
|
|
||||||
usage.commandListHeading = %nCommands:%n
|
|
||||||
usage.optionListHeading = %nOptions:%n
|
|
||||||
usage.footerHeading=Powered by picocli%n
|
|
||||||
store=Overwrite the default certificate directory path
|
|
|
@ -1,13 +0,0 @@
|
||||||
# SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
|
|
||||||
#
|
|
||||||
# SPDX-License-Identifier: Apache-2.0
|
|
||||||
usage.header=Frage Zertifikate aus dem Speicher ab
|
|
||||||
IDENTIFIER[0]=Zertifikatskennung (Fingerabdruck oder Spezialname)
|
|
||||||
armor=Verpacke the Ausgabe in ASCII Armor
|
|
||||||
|
|
||||||
# Generic TODO: Remove when bumping picocli to 4.7.0
|
|
||||||
usage.synopsisHeading=Aufruf:\u0020
|
|
||||||
usage.commandListHeading=%nBefehle:%n
|
|
||||||
usage.optionListHeading = %nOptionen:%n
|
|
||||||
usage.footerHeading=Powered by Picocli%n
|
|
||||||
store=Überschreibe den Standardpfad des Zertifikatsverzeichnisses
|
|
|
@ -1,11 +0,0 @@
|
||||||
# SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
|
|
||||||
#
|
|
||||||
# SPDX-License-Identifier: Apache-2.0
|
|
||||||
usage.header=Import certificates into the store from Standard Input
|
|
||||||
|
|
||||||
# Generic TODO: Remove when bumping picocli to 4.7.0
|
|
||||||
usage.synopsisHeading=Usage:\u0020
|
|
||||||
usage.commandListHeading = %nCommands:%n
|
|
||||||
usage.optionListHeading = %nOptions:%n
|
|
||||||
usage.footerHeading=Powered by picocli%n
|
|
||||||
store=Overwrite the default certificate directory path
|
|
|
@ -1,11 +0,0 @@
|
||||||
# SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
|
|
||||||
#
|
|
||||||
# SPDX-License-Identifier: Apache-2.0
|
|
||||||
usage.header=Importiere Zertifikate von der Standardeingabe in den Speicher
|
|
||||||
|
|
||||||
# Generic TODO: Remove when bumping picocli to 4.7.0
|
|
||||||
usage.synopsisHeading=Aufruf:\u0020
|
|
||||||
usage.commandListHeading=%nBefehle:%n
|
|
||||||
usage.optionListHeading = %nOptionen:%n
|
|
||||||
usage.footerHeading=Powered by Picocli%n
|
|
||||||
store=Überschreibe den Standardpfad des Zertifikatsverzeichnisses
|
|
|
@ -1,11 +0,0 @@
|
||||||
# SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
|
|
||||||
#
|
|
||||||
# SPDX-License-Identifier: Apache-2.0
|
|
||||||
usage.header=Insert or update a certificate
|
|
||||||
|
|
||||||
# Generic TODO: Remove when bumping picocli to 4.7.0
|
|
||||||
usage.synopsisHeading=Usage:\u0020
|
|
||||||
usage.commandListHeading = %nCommands:%n
|
|
||||||
usage.optionListHeading = %nOptions:%n
|
|
||||||
usage.footerHeading=Powered by picocli%n
|
|
||||||
store=Overwrite the default certificate directory path
|
|
|
@ -1,11 +0,0 @@
|
||||||
# SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
|
|
||||||
#
|
|
||||||
# SPDX-License-Identifier: Apache-2.0
|
|
||||||
usage.header=Aktualisiere oder importiere ein Zertifikat
|
|
||||||
|
|
||||||
# Generic TODO: Remove when bumping picocli to 4.7.0
|
|
||||||
usage.synopsisHeading=Aufruf:\u0020
|
|
||||||
usage.commandListHeading=%nBefehle:%n
|
|
||||||
usage.optionListHeading = %nOptionen:%n
|
|
||||||
usage.footerHeading=Powered by Picocli%n
|
|
||||||
store=Überschreibe den Standardpfad des Zertifikatsverzeichnisses
|
|
|
@ -1,11 +0,0 @@
|
||||||
# SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
|
|
||||||
#
|
|
||||||
# SPDX-License-Identifier: Apache-2.0
|
|
||||||
usage.header=List all certificates in the directory
|
|
||||||
store=Overwrite the default certificate directory path
|
|
||||||
|
|
||||||
# Generic TODO: Remove when bumping picocli to 4.7.0
|
|
||||||
usage.synopsisHeading=Usage:\u0020
|
|
||||||
usage.commandListHeading = %nCommands:%n
|
|
||||||
usage.optionListHeading = %nOptions:%n
|
|
||||||
usage.footerHeading=Powered by picocli%n
|
|
|
@ -1,11 +0,0 @@
|
||||||
# SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
|
|
||||||
#
|
|
||||||
# SPDX-License-Identifier: Apache-2.0
|
|
||||||
usage.header=Liste alle Zertifikate im Verzeichnis auf
|
|
||||||
store=Überschreibe den Standardpfad des Zertifikatsverzeichnisses
|
|
||||||
|
|
||||||
# Generic TODO: Remove when bumping picocli to 4.7.0
|
|
||||||
usage.synopsisHeading=Aufruf:\u0020
|
|
||||||
usage.commandListHeading=%nBefehle:%n
|
|
||||||
usage.optionListHeading = %nOptionen:%n
|
|
||||||
usage.footerHeading=Powered by Picocli%n
|
|
|
@ -1,11 +0,0 @@
|
||||||
# SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
|
|
||||||
#
|
|
||||||
# SPDX-License-Identifier: Apache-2.0
|
|
||||||
usage.header=Store and manage public OpenPGP certificates
|
|
||||||
store=Overwrite the default certificate directory path
|
|
||||||
|
|
||||||
# Generic TODO: Remove when bumping picocli to 4.7.0
|
|
||||||
usage.synopsisHeading=Usage:\u0020
|
|
||||||
usage.commandListHeading = %nCommands:%n
|
|
||||||
usage.optionListHeading = %nOptions:%n
|
|
||||||
usage.footerHeading=Powered by picocli%n
|
|
|
@ -1,11 +0,0 @@
|
||||||
# SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
|
|
||||||
#
|
|
||||||
# SPDX-License-Identifier: Apache-2.0
|
|
||||||
usage.header=Speichere und verwalte öffentliche OpenPGP Zertifikate
|
|
||||||
store=Überschreibe den Standardpfad des Zertifikatsverzeichnisses
|
|
||||||
|
|
||||||
# Generic TODO: Remove when bumping picocli to 4.7.0
|
|
||||||
usage.synopsisHeading=Aufruf:\u0020
|
|
||||||
usage.commandListHeading=%nBefehle:%n
|
|
||||||
usage.optionListHeading = %nOptionen:%n
|
|
||||||
usage.footerHeading=Powered by Picocli%n
|
|
|
@ -1,13 +0,0 @@
|
||||||
# SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
|
|
||||||
#
|
|
||||||
# SPDX-License-Identifier: Apache-2.0
|
|
||||||
usage.header=Setup a new certificate directory
|
|
||||||
with-password=Ask for a password for the trust-root key
|
|
||||||
import-from-stdin=Import trust-root from stdin
|
|
||||||
|
|
||||||
# Generic TODO: Remove when bumping picocli to 4.7.0
|
|
||||||
usage.synopsisHeading=Usage:\u0020
|
|
||||||
usage.commandListHeading = %nCommands:%n
|
|
||||||
usage.optionListHeading = %nOptions:%n
|
|
||||||
usage.footerHeading=Powered by picocli%n
|
|
||||||
store=Overwrite the default certificate directory path
|
|
|
@ -1,13 +0,0 @@
|
||||||
# SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
|
|
||||||
#
|
|
||||||
# SPDX-License-Identifier: Apache-2.0
|
|
||||||
usage.header=Richte ein neues Zertifikatsverzeichnis ein
|
|
||||||
with-password=Frage nach einem Passwort für den trust-root Schlüssel
|
|
||||||
import-from-stdin=Importiere trust-root Schlüssel von Standardeingabe
|
|
||||||
|
|
||||||
# Generic TODO: Remove when bumping picocli to 4.7.0
|
|
||||||
usage.synopsisHeading=Aufruf:\u0020
|
|
||||||
usage.commandListHeading=%nBefehle:%n
|
|
||||||
usage.optionListHeading = %nOptionen:%n
|
|
||||||
usage.footerHeading=Powered by Picocli%n
|
|
||||||
store=Überschreibe den Standardpfad des Zertifikatsverzeichnisses
|
|
|
@ -0,0 +1,17 @@
|
||||||
|
// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
|
||||||
|
//
|
||||||
|
// SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
|
package pgp.cert_d.cli;
|
||||||
|
|
||||||
|
import org.junit.jupiter.api.Test;
|
||||||
|
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||||
|
|
||||||
|
public class DummyTest {
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void test() {
|
||||||
|
assertTrue(true);
|
||||||
|
}
|
||||||
|
}
|
|
@ -1,18 +0,0 @@
|
||||||
// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
|
|
||||||
//
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package pgp.cert_d.cli;
|
|
||||||
|
|
||||||
import org.pgpainless.certificate_store.PGPainlessCertD;
|
|
||||||
|
|
||||||
public class InstantiateCLI {
|
|
||||||
|
|
||||||
public static void resetStore() {
|
|
||||||
PGPCertDCli.certificateDirectory = null;
|
|
||||||
}
|
|
||||||
|
|
||||||
public static void setInMemoryStore() {
|
|
||||||
PGPCertDCli.certificateDirectory = PGPainlessCertD.inMemory();
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,126 +0,0 @@
|
||||||
// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
|
|
||||||
//
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package pgp.cert_d.cli.commands;
|
|
||||||
|
|
||||||
import org.bouncycastle.openpgp.PGPException;
|
|
||||||
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
|
||||||
import org.junit.jupiter.api.AfterEach;
|
|
||||||
import org.junit.jupiter.api.BeforeEach;
|
|
||||||
import org.junit.jupiter.api.Test;
|
|
||||||
import org.pgpainless.PGPainless;
|
|
||||||
import org.pgpainless.certificate_store.PGPainlessCertD;
|
|
||||||
import org.pgpainless.key.OpenPgpFingerprint;
|
|
||||||
import org.pgpainless.key.info.KeyInfo;
|
|
||||||
import org.pgpainless.key.protection.UnlockSecretKey;
|
|
||||||
import org.pgpainless.util.Passphrase;
|
|
||||||
import pgp.cert_d.cli.InstantiateCLI;
|
|
||||||
import pgp.cert_d.cli.PGPCertDCli;
|
|
||||||
import pgp.certificate_store.certificate.Key;
|
|
||||||
import pgp.certificate_store.certificate.KeyMaterial;
|
|
||||||
import pgp.certificate_store.exception.BadDataException;
|
|
||||||
|
|
||||||
import java.io.ByteArrayInputStream;
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.io.InputStream;
|
|
||||||
import java.nio.charset.Charset;
|
|
||||||
import java.security.InvalidAlgorithmParameterException;
|
|
||||||
import java.security.NoSuchAlgorithmException;
|
|
||||||
import java.util.NoSuchElementException;
|
|
||||||
|
|
||||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
|
||||||
import static org.junit.jupiter.api.Assertions.assertNotEquals;
|
|
||||||
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
|
||||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
|
||||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
|
||||||
|
|
||||||
public class SetupTest {
|
|
||||||
|
|
||||||
private PGPainlessCertD store;
|
|
||||||
|
|
||||||
@BeforeEach
|
|
||||||
public void setup() {
|
|
||||||
InstantiateCLI.setInMemoryStore();
|
|
||||||
store = PGPCertDCli.getCertificateDirectory();
|
|
||||||
}
|
|
||||||
|
|
||||||
@AfterEach
|
|
||||||
public void teardown() {
|
|
||||||
InstantiateCLI.resetStore();
|
|
||||||
store = null;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testSetupGeneratesTrustRoot()
|
|
||||||
throws BadDataException, IOException {
|
|
||||||
assertThrows(NoSuchElementException.class, () -> store.getTrustRoot());
|
|
||||||
|
|
||||||
PGPCertDCli.main(new String[] {"setup"});
|
|
||||||
KeyMaterial trustRoot = store.getTrustRoot();
|
|
||||||
assertNotNull(trustRoot);
|
|
||||||
assertTrue(trustRoot instanceof Key);
|
|
||||||
|
|
||||||
// Check that key has no password
|
|
||||||
PGPSecretKeyRing secretKeys = PGPainless.readKeyRing().secretKeyRing(trustRoot.getInputStream());
|
|
||||||
assertTrue(KeyInfo.isDecrypted(secretKeys.getSecretKey()));
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testSetupWithPassword()
|
|
||||||
throws BadDataException, IOException, PGPException {
|
|
||||||
assertThrows(NoSuchElementException.class, () -> store.getTrustRoot());
|
|
||||||
|
|
||||||
PGPCertDCli.main(new String[] {"setup", "--with-password", "sw0rdf1sh"});
|
|
||||||
KeyMaterial trustRoot = store.getTrustRoot();
|
|
||||||
assertNotNull(trustRoot);
|
|
||||||
assertTrue(trustRoot instanceof Key);
|
|
||||||
|
|
||||||
// Check that key is encrypted
|
|
||||||
PGPSecretKeyRing secretKeys = PGPainless.readKeyRing().secretKeyRing(trustRoot.getInputStream());
|
|
||||||
assertTrue(KeyInfo.isEncrypted(secretKeys.getSecretKey()));
|
|
||||||
// Check that password matches
|
|
||||||
assertNotNull(UnlockSecretKey.unlockSecretKey(
|
|
||||||
secretKeys.getSecretKey(), Passphrase.fromPassword("sw0rdf1sh")));
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testSetupImportFromStdin()
|
|
||||||
throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException,
|
|
||||||
BadDataException, IOException {
|
|
||||||
assertThrows(NoSuchElementException.class, () -> store.getTrustRoot());
|
|
||||||
|
|
||||||
PGPSecretKeyRing trustRoot = PGPainless.generateKeyRing()
|
|
||||||
.modernKeyRing("trust-root");
|
|
||||||
OpenPgpFingerprint fingerprint = OpenPgpFingerprint.of(trustRoot);
|
|
||||||
String armored = PGPainless.asciiArmor(trustRoot);
|
|
||||||
ByteArrayInputStream trustRootIn = new ByteArrayInputStream(
|
|
||||||
armored.getBytes(Charset.forName("UTF8")));
|
|
||||||
|
|
||||||
InputStream originalStdin = System.in;
|
|
||||||
System.setIn(trustRootIn);
|
|
||||||
PGPCertDCli.main(new String[] {"setup", "--import-from-stdin"});
|
|
||||||
System.setIn(originalStdin);
|
|
||||||
|
|
||||||
KeyMaterial importedTrustRoot = store.getTrustRoot();
|
|
||||||
assertEquals(fingerprint.toString().toLowerCase(), importedTrustRoot.getFingerprint());
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testSetupOverridesExistingTrustRoot()
|
|
||||||
throws BadDataException, IOException {
|
|
||||||
assertThrows(NoSuchElementException.class, () -> store.getTrustRoot());
|
|
||||||
|
|
||||||
PGPCertDCli.main(new String[] {"setup"});
|
|
||||||
KeyMaterial trustRoot = store.getTrustRoot();
|
|
||||||
assertNotNull(trustRoot);
|
|
||||||
String fingerprint = trustRoot.getFingerprint();
|
|
||||||
|
|
||||||
// Override trust-root by calling setup again
|
|
||||||
PGPCertDCli.main(new String[] {"setup"});
|
|
||||||
trustRoot = store.getTrustRoot();
|
|
||||||
assertNotNull(trustRoot);
|
|
||||||
|
|
||||||
assertNotEquals(fingerprint, trustRoot.getFingerprint());
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -6,9 +6,4 @@ SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
# Shared PGP Certificate Directory + PGPainless
|
# Shared PGP Certificate Directory + PGPainless
|
||||||
|
|
||||||
[![javadoc](https://javadoc.io/badge2/org.pgpainless/pgpainless-cert-d/javadoc.svg)](https://javadoc.io/doc/org.pgpainless/pgpainless-cert-d)
|
This module makes use of `pgpainless-core` to provide backend implementations of classes required by `pgp-cert-d-java`.
|
||||||
[![Maven Central](https://badgen.net/maven/v/maven-central/org.pgpainless/pgpainless-cert-d)](https://search.maven.org/artifact/org.pgpainless/pgpainless-cert-d)
|
|
||||||
|
|
||||||
This module makes use of [pgpainless-core](https://github.com/pgpainless/pgpainless)
|
|
||||||
to provide backend implementations of classes required by
|
|
||||||
[pgp-cert-d-java](https://github.com/pgpainless/cert-d-java).
|
|
|
@ -15,26 +15,20 @@ repositories {
|
||||||
apply plugin: 'ru.vyarus.animalsniffer'
|
apply plugin: 'ru.vyarus.animalsniffer'
|
||||||
|
|
||||||
dependencies {
|
dependencies {
|
||||||
// animal sniffer for ensuring Android API compatibility
|
// animal sniffer
|
||||||
signature "net.sf.androidscents.signature:android-api-level-${minAndroidSdk}:2.3.3_r2@signature"
|
signature "net.sf.androidscents.signature:android-api-level-${minAndroidSdk}:2.3.3_r2@signature"
|
||||||
|
|
||||||
// JUnit
|
|
||||||
testImplementation "org.junit.jupiter:junit-jupiter-api:$junitVersion"
|
testImplementation "org.junit.jupiter:junit-jupiter-api:$junitVersion"
|
||||||
testImplementation "org.junit.jupiter:junit-jupiter-params:$junitVersion"
|
testImplementation "org.junit.jupiter:junit-jupiter-params:$junitVersion"
|
||||||
testRuntimeOnly "org.junit.jupiter:junit-jupiter-engine:$junitVersion"
|
testRuntimeOnly "org.junit.jupiter:junit-jupiter-engine:$junitVersion"
|
||||||
|
|
||||||
// Mockito for mocking during tests
|
|
||||||
testImplementation "org.mockito:mockito-core:$mockitoVersion"
|
testImplementation "org.mockito:mockito-core:$mockitoVersion"
|
||||||
|
|
||||||
// Logging
|
// Logging
|
||||||
testImplementation "ch.qos.logback:logback-classic:$logbackVersion"
|
testImplementation "ch.qos.logback:logback-classic:$logbackVersion"
|
||||||
|
|
||||||
// PGPainless for OpenPGP
|
|
||||||
api "org.pgpainless:pgpainless-core:$pgpainlessVersion"
|
api "org.pgpainless:pgpainless-core:$pgpainlessVersion"
|
||||||
|
|
||||||
// pgp.cert.d
|
|
||||||
api "org.pgpainless:pgp-cert-d-java:$pgpCertDJavaVersion"
|
api "org.pgpainless:pgp-cert-d-java:$pgpCertDJavaVersion"
|
||||||
api "org.pgpainless:pgp-certificate-store:$pgpCertDJavaVersion"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
animalsniffer {
|
animalsniffer {
|
||||||
|
|
|
@ -6,26 +6,54 @@ package org.pgpainless.certificate_store;
|
||||||
|
|
||||||
import org.bouncycastle.openpgp.PGPPublicKey;
|
import org.bouncycastle.openpgp.PGPPublicKey;
|
||||||
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
||||||
|
import org.bouncycastle.util.encoders.Base64;
|
||||||
import org.pgpainless.key.OpenPgpFingerprint;
|
import org.pgpainless.key.OpenPgpFingerprint;
|
||||||
import pgp.certificate_store.certificate.Certificate;
|
import pgp.certificate_store.Certificate;
|
||||||
|
|
||||||
|
import java.io.ByteArrayInputStream;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.util.ArrayList;
|
import java.io.InputStream;
|
||||||
|
import java.security.MessageDigest;
|
||||||
|
import java.security.NoSuchAlgorithmException;
|
||||||
|
import java.util.HashSet;
|
||||||
import java.util.Iterator;
|
import java.util.Iterator;
|
||||||
import java.util.List;
|
import java.util.Set;
|
||||||
|
|
||||||
public class CertificateFactory {
|
public class CertificateFactory {
|
||||||
|
|
||||||
public static Certificate certificateFromPublicKeyRing(PGPPublicKeyRing publicKeyRing, Long tag)
|
public static Certificate certificateFromPublicKeyRing(PGPPublicKeyRing publicKeyRing) {
|
||||||
throws IOException {
|
return new Certificate() {
|
||||||
byte[] bytes = publicKeyRing.getEncoded();
|
@Override
|
||||||
String fingerprint = OpenPgpFingerprint.of(publicKeyRing).toString().toLowerCase();
|
public String getFingerprint() {
|
||||||
List<Long> subkeyIds = new ArrayList<>();
|
return OpenPgpFingerprint.of(publicKeyRing).toString().toLowerCase();
|
||||||
Iterator<PGPPublicKey> keys = publicKeyRing.getPublicKeys();
|
|
||||||
while (keys.hasNext()) {
|
|
||||||
subkeyIds.add(keys.next().getKeyID());
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return new Certificate(bytes, fingerprint, subkeyIds, tag);
|
@Override
|
||||||
|
public InputStream getInputStream() throws IOException {
|
||||||
|
return new ByteArrayInputStream(publicKeyRing.getEncoded());
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getTag() throws IOException {
|
||||||
|
MessageDigest digest;
|
||||||
|
try {
|
||||||
|
digest = MessageDigest.getInstance("SHA-256");
|
||||||
|
} catch (NoSuchAlgorithmException e) {
|
||||||
|
throw new AssertionError("No MessageDigest for SHA-256 instantiated, although BC is on the classpath: " + e.getMessage());
|
||||||
|
}
|
||||||
|
digest.update(publicKeyRing.getEncoded());
|
||||||
|
return Base64.toBase64String(digest.digest());
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Set<Long> getSubkeyIds() throws IOException {
|
||||||
|
Set<Long> keyIds = new HashSet<>();
|
||||||
|
Iterator<PGPPublicKey> keys = publicKeyRing.getPublicKeys();
|
||||||
|
while (keys.hasNext()) {
|
||||||
|
keyIds.add(keys.next().getKeyID());
|
||||||
|
}
|
||||||
|
return keyIds;
|
||||||
|
}
|
||||||
|
};
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,22 @@
|
||||||
|
// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
|
||||||
|
//
|
||||||
|
// SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
|
package org.pgpainless.certificate_store;
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.io.InputStream;
|
||||||
|
|
||||||
|
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
||||||
|
import org.pgpainless.PGPainless;
|
||||||
|
import pgp.certificate_store.Certificate;
|
||||||
|
import pgp.certificate_store.CertificateReaderBackend;
|
||||||
|
|
||||||
|
public class CertificateReader implements CertificateReaderBackend {
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Certificate readCertificate(InputStream inputStream) throws IOException {
|
||||||
|
final PGPPublicKeyRing certificate = PGPainless.readKeyRing().publicKeyRing(inputStream);
|
||||||
|
return CertificateFactory.certificateFromPublicKeyRing(certificate);
|
||||||
|
}
|
||||||
|
}
|
|
@ -1,23 +0,0 @@
|
||||||
// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
|
|
||||||
//
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package org.pgpainless.certificate_store;
|
|
||||||
|
|
||||||
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
|
||||||
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
|
||||||
import org.pgpainless.PGPainless;
|
|
||||||
import pgp.certificate_store.certificate.Certificate;
|
|
||||||
import pgp.certificate_store.certificate.Key;
|
|
||||||
|
|
||||||
import java.io.IOException;
|
|
||||||
|
|
||||||
public class KeyFactory {
|
|
||||||
|
|
||||||
public static Key keyFromSecretKeyRing(PGPSecretKeyRing secretKeyRing, Long tag) throws IOException {
|
|
||||||
byte[] bytes = secretKeyRing.getEncoded();
|
|
||||||
PGPPublicKeyRing publicKeyRing = PGPainless.extractCertificate(secretKeyRing);
|
|
||||||
Certificate certificate = CertificateFactory.certificateFromPublicKeyRing(publicKeyRing, tag);
|
|
||||||
return new Key(bytes, certificate, tag);
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,46 +0,0 @@
|
||||||
// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
|
|
||||||
//
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package org.pgpainless.certificate_store;
|
|
||||||
|
|
||||||
import org.bouncycastle.openpgp.PGPKeyRing;
|
|
||||||
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
|
||||||
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
|
||||||
import org.pgpainless.PGPainless;
|
|
||||||
import pgp.certificate_store.certificate.KeyMaterial;
|
|
||||||
import pgp.certificate_store.certificate.KeyMaterialReaderBackend;
|
|
||||||
import pgp.certificate_store.exception.BadDataException;
|
|
||||||
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.io.InputStream;
|
|
||||||
|
|
||||||
public class KeyMaterialReader implements KeyMaterialReaderBackend {
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public KeyMaterial read(InputStream data, Long tag) throws IOException, BadDataException {
|
|
||||||
PGPKeyRing keyMaterial;
|
|
||||||
try {
|
|
||||||
keyMaterial = PGPainless.readKeyRing().keyRing(data);
|
|
||||||
} catch (IOException e) {
|
|
||||||
String msg = e.getMessage();
|
|
||||||
if (msg == null) {
|
|
||||||
throw e;
|
|
||||||
}
|
|
||||||
if (msg.contains("unknown object in stream") ||
|
|
||||||
msg.contains("unexpected end of file in armored stream.") ||
|
|
||||||
msg.contains("invalid header encountered")) {
|
|
||||||
throw new BadDataException();
|
|
||||||
} else {
|
|
||||||
throw e;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (keyMaterial instanceof PGPSecretKeyRing) {
|
|
||||||
return KeyFactory.keyFromSecretKeyRing((PGPSecretKeyRing) keyMaterial, tag);
|
|
||||||
} else if (keyMaterial instanceof PGPPublicKeyRing) {
|
|
||||||
return CertificateFactory.certificateFromPublicKeyRing((PGPPublicKeyRing) keyMaterial, tag);
|
|
||||||
} else {
|
|
||||||
throw new BadDataException();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,174 +0,0 @@
|
||||||
// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
|
|
||||||
//
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package org.pgpainless.certificate_store;
|
|
||||||
|
|
||||||
import org.bouncycastle.openpgp.PGPException;
|
|
||||||
import org.bouncycastle.openpgp.PGPKeyRing;
|
|
||||||
import org.bouncycastle.openpgp.PGPPublicKey;
|
|
||||||
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
|
||||||
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
|
||||||
import org.pgpainless.PGPainless;
|
|
||||||
import org.pgpainless.key.OpenPgpFingerprint;
|
|
||||||
import pgp.certificate_store.certificate.KeyMaterial;
|
|
||||||
import pgp.certificate_store.certificate.KeyMaterialMerger;
|
|
||||||
import pgp.certificate_store.exception.BadDataException;
|
|
||||||
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.util.Arrays;
|
|
||||||
import java.util.Iterator;
|
|
||||||
|
|
||||||
public class MergeCallbacks {
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Return a {@link KeyMaterialMerger} that merges the two copies of the same certificate (same primary key) into one
|
|
||||||
* combined certificate.
|
|
||||||
*
|
|
||||||
* @return merging callback
|
|
||||||
*/
|
|
||||||
public static KeyMaterialMerger mergeWithExisting() {
|
|
||||||
return new KeyMaterialMerger() {
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public KeyMaterial merge(KeyMaterial data, KeyMaterial existing)
|
|
||||||
throws IOException {
|
|
||||||
// Simple cases: one is null -> return other
|
|
||||||
if (data == null) {
|
|
||||||
return existing;
|
|
||||||
}
|
|
||||||
if (existing == null) {
|
|
||||||
return data;
|
|
||||||
}
|
|
||||||
|
|
||||||
try {
|
|
||||||
PGPKeyRing existingKeyRing = PGPainless.readKeyRing().keyRing(existing.getInputStream());
|
|
||||||
PGPKeyRing updatedKeyRing = PGPainless.readKeyRing().keyRing(data.getInputStream());
|
|
||||||
|
|
||||||
PGPKeyRing mergedKeyRing;
|
|
||||||
|
|
||||||
if (existingKeyRing instanceof PGPPublicKeyRing) {
|
|
||||||
mergedKeyRing = mergeWithCert((PGPPublicKeyRing) existingKeyRing, updatedKeyRing);
|
|
||||||
} else if (existingKeyRing instanceof PGPSecretKeyRing) {
|
|
||||||
mergedKeyRing = mergeWithKey(existingKeyRing, updatedKeyRing);
|
|
||||||
} else {
|
|
||||||
throw new IOException(new BadDataException());
|
|
||||||
}
|
|
||||||
|
|
||||||
printOutDifferences(existingKeyRing, mergedKeyRing);
|
|
||||||
|
|
||||||
return toKeyMaterial(mergedKeyRing);
|
|
||||||
|
|
||||||
} catch (PGPException e) {
|
|
||||||
throw new RuntimeException(e);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private PGPKeyRing mergeWithCert(PGPPublicKeyRing existingKeyRing, PGPKeyRing updatedKeyRing)
|
|
||||||
throws PGPException, IOException {
|
|
||||||
PGPKeyRing mergedKeyRing;
|
|
||||||
PGPPublicKeyRing existingCert = existingKeyRing;
|
|
||||||
if (updatedKeyRing instanceof PGPPublicKeyRing) {
|
|
||||||
mergedKeyRing = PGPPublicKeyRing.join(existingCert, (PGPPublicKeyRing) updatedKeyRing);
|
|
||||||
} else if (updatedKeyRing instanceof PGPSecretKeyRing) {
|
|
||||||
PGPPublicKeyRing updatedPublicKeys = PGPainless.extractCertificate((PGPSecretKeyRing) updatedKeyRing);
|
|
||||||
PGPPublicKeyRing mergedPublicKeys = PGPPublicKeyRing.join(existingCert, updatedPublicKeys);
|
|
||||||
updatedKeyRing = PGPSecretKeyRing.replacePublicKeys((PGPSecretKeyRing) updatedKeyRing, mergedPublicKeys);
|
|
||||||
mergedKeyRing = updatedKeyRing;
|
|
||||||
} else {
|
|
||||||
throw new IOException(new BadDataException());
|
|
||||||
}
|
|
||||||
return mergedKeyRing;
|
|
||||||
}
|
|
||||||
|
|
||||||
private PGPKeyRing mergeWithKey(PGPKeyRing existingKeyRing, PGPKeyRing updatedKeyRing)
|
|
||||||
throws PGPException, IOException {
|
|
||||||
PGPKeyRing mergedKeyRing;
|
|
||||||
PGPSecretKeyRing existingKey = (PGPSecretKeyRing) existingKeyRing;
|
|
||||||
PGPPublicKeyRing existingCert = PGPainless.extractCertificate(existingKey);
|
|
||||||
if (updatedKeyRing instanceof PGPPublicKeyRing) {
|
|
||||||
PGPPublicKeyRing updatedCert = (PGPPublicKeyRing) updatedKeyRing;
|
|
||||||
PGPPublicKeyRing mergedCert = PGPPublicKeyRing.join(existingCert, updatedCert);
|
|
||||||
mergedKeyRing = PGPSecretKeyRing.replacePublicKeys(existingKey, mergedCert);
|
|
||||||
} else if (updatedKeyRing instanceof PGPSecretKeyRing) {
|
|
||||||
// Merging keys is not supported
|
|
||||||
mergedKeyRing = existingKeyRing;
|
|
||||||
} else {
|
|
||||||
throw new IOException(new BadDataException());
|
|
||||||
}
|
|
||||||
return mergedKeyRing;
|
|
||||||
}
|
|
||||||
|
|
||||||
private KeyMaterial toKeyMaterial(PGPKeyRing mergedKeyRing)
|
|
||||||
throws IOException {
|
|
||||||
if (mergedKeyRing instanceof PGPPublicKeyRing) {
|
|
||||||
return CertificateFactory.certificateFromPublicKeyRing((PGPPublicKeyRing) mergedKeyRing, null);
|
|
||||||
} else {
|
|
||||||
return KeyFactory.keyFromSecretKeyRing((PGPSecretKeyRing) mergedKeyRing, null);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private void printOutDifferences(PGPKeyRing existingCert, PGPKeyRing mergedCert) throws IOException {
|
|
||||||
int numSigsBefore = countSigs(existingCert);
|
|
||||||
int numSigsAfter = countSigs(mergedCert);
|
|
||||||
int newSigs = numSigsAfter - numSigsBefore;
|
|
||||||
int numUidsBefore = count(existingCert.getPublicKey().getUserIDs());
|
|
||||||
int numUidsAfter = count(mergedCert.getPublicKey().getUserIDs());
|
|
||||||
int newUids = numUidsAfter - numUidsBefore;
|
|
||||||
|
|
||||||
if (!Arrays.equals(existingCert.getEncoded(), mergedCert.getEncoded())) {
|
|
||||||
OpenPgpFingerprint fingerprint = OpenPgpFingerprint.of(mergedCert);
|
|
||||||
StringBuilder sb = new StringBuilder();
|
|
||||||
sb.append(String.format("Certificate %s has", fingerprint));
|
|
||||||
if (newSigs != 0) {
|
|
||||||
sb.append(String.format(" %d new signatures", newSigs));
|
|
||||||
}
|
|
||||||
if (newUids != 0) {
|
|
||||||
if (newSigs != 0) {
|
|
||||||
sb.append(" and");
|
|
||||||
}
|
|
||||||
sb.append(String.format(" %d new UIDs", newUids));
|
|
||||||
}
|
|
||||||
if (newSigs == 0 && newUids == 0) {
|
|
||||||
sb.append(" changed");
|
|
||||||
}
|
|
||||||
|
|
||||||
// In this case it is okay to print to stdout, since we are a CLI app
|
|
||||||
// CHECKSTYLE:OFF
|
|
||||||
System.out.println(sb);
|
|
||||||
// CHECKSTYLE:ON
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private int countSigs(PGPKeyRing keys) {
|
|
||||||
int numSigs = 0;
|
|
||||||
Iterator<PGPPublicKey> iterator = keys.getPublicKeys();
|
|
||||||
while (iterator.hasNext()) {
|
|
||||||
PGPPublicKey key = iterator.next();
|
|
||||||
numSigs += count(key.getSignatures());
|
|
||||||
}
|
|
||||||
return numSigs;
|
|
||||||
}
|
|
||||||
|
|
||||||
// TODO: Use CollectionUtils.count() once available
|
|
||||||
private int count(Iterator<?> iterator) {
|
|
||||||
int num = 0;
|
|
||||||
while (iterator.hasNext()) {
|
|
||||||
iterator.next();
|
|
||||||
num++;
|
|
||||||
}
|
|
||||||
return num;
|
|
||||||
}
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
||||||
public static KeyMaterialMerger overrideExisting() {
|
|
||||||
// noinspection Convert2Lambda
|
|
||||||
return new KeyMaterialMerger() {
|
|
||||||
@Override
|
|
||||||
public KeyMaterial merge(KeyMaterial data, KeyMaterial existing) {
|
|
||||||
return data;
|
|
||||||
}
|
|
||||||
};
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,43 +0,0 @@
|
||||||
// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
|
|
||||||
//
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package org.pgpainless.certificate_store;
|
|
||||||
|
|
||||||
import pgp.cert_d.BaseDirectoryProvider;
|
|
||||||
import pgp.cert_d.backend.FileBasedCertificateDirectoryBackend;
|
|
||||||
import pgp.cert_d.backend.InMemoryCertificateDirectoryBackend;
|
|
||||||
import pgp.cert_d.PGPCertificateDirectory;
|
|
||||||
import pgp.cert_d.subkey_lookup.InMemorySubkeyLookup;
|
|
||||||
import pgp.cert_d.subkey_lookup.SubkeyLookup;
|
|
||||||
import pgp.cert_d.subkey_lookup.SubkeyLookupFactory;
|
|
||||||
import pgp.certificate_store.exception.NotAStoreException;
|
|
||||||
|
|
||||||
import java.io.File;
|
|
||||||
|
|
||||||
public class PGPainlessCertD extends PGPCertificateDirectory {
|
|
||||||
|
|
||||||
private static final KeyMaterialReader keyMaterialReader = new KeyMaterialReader();
|
|
||||||
|
|
||||||
public PGPainlessCertD(Backend backend, SubkeyLookup subkeyLookup) {
|
|
||||||
super(backend, subkeyLookup);
|
|
||||||
}
|
|
||||||
|
|
||||||
public static PGPainlessCertD inMemory() {
|
|
||||||
Backend backend = new InMemoryCertificateDirectoryBackend(keyMaterialReader);
|
|
||||||
SubkeyLookup subkeyLookup = new InMemorySubkeyLookup();
|
|
||||||
return new PGPainlessCertD(backend, subkeyLookup);
|
|
||||||
}
|
|
||||||
|
|
||||||
public static PGPainlessCertD fileBased(SubkeyLookupFactory subkeyLookupFactory)
|
|
||||||
throws NotAStoreException {
|
|
||||||
return fileBased(BaseDirectoryProvider.getDefaultBaseDir(), subkeyLookupFactory);
|
|
||||||
}
|
|
||||||
|
|
||||||
public static PGPainlessCertD fileBased(File baseDirectory, SubkeyLookupFactory subkeyLookupFactory)
|
|
||||||
throws NotAStoreException {
|
|
||||||
Backend backend = new FileBasedCertificateDirectoryBackend(baseDirectory, keyMaterialReader);
|
|
||||||
SubkeyLookup subkeyLookup = subkeyLookupFactory.createFileBasedInstance(baseDirectory);
|
|
||||||
return new PGPainlessCertD(backend, subkeyLookup);
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -0,0 +1,123 @@
|
||||||
|
// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
|
||||||
|
//
|
||||||
|
// SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
|
package org.pgpainless.certificate_store;
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.io.InputStream;
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.Iterator;
|
||||||
|
import java.util.List;
|
||||||
|
import java.util.Set;
|
||||||
|
|
||||||
|
import pgp.cert_d.SharedPGPCertificateDirectory;
|
||||||
|
import pgp.cert_d.SpecialNames;
|
||||||
|
import pgp.certificate_store.Certificate;
|
||||||
|
import pgp.certificate_store.CertificateDirectory;
|
||||||
|
import pgp.certificate_store.CertificateStore;
|
||||||
|
import pgp.certificate_store.MergeCallback;
|
||||||
|
import pgp.certificate_store.SubkeyLookup;
|
||||||
|
import pgp.certificate_store.exception.BadDataException;
|
||||||
|
import pgp.certificate_store.exception.BadNameException;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Adapter class used to adapt the {@link SharedPGPCertificateDirectory} for use with
|
||||||
|
* {@link CertificateDirectory}.
|
||||||
|
*/
|
||||||
|
public class SharedPGPCertificateDirectoryAdapter
|
||||||
|
implements CertificateStore {
|
||||||
|
|
||||||
|
private final SharedPGPCertificateDirectory directory;
|
||||||
|
private final SubkeyLookup subkeyLookup;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Create an adapter to use {@link SharedPGPCertificateDirectory} objects as {@link CertificateDirectory CertificateStores}.
|
||||||
|
*
|
||||||
|
* @param directory directory instance
|
||||||
|
*/
|
||||||
|
public SharedPGPCertificateDirectoryAdapter(SharedPGPCertificateDirectory directory, SubkeyLookup subkeyLookup) {
|
||||||
|
this.directory = directory;
|
||||||
|
this.subkeyLookup = subkeyLookup;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Certificate getCertificate(String identifier)
|
||||||
|
throws IOException, BadDataException, BadNameException {
|
||||||
|
String specialName = SpecialNames.lookupSpecialName(identifier);
|
||||||
|
if (specialName != null) {
|
||||||
|
return directory.getBySpecialName(specialName);
|
||||||
|
}
|
||||||
|
|
||||||
|
return directory.getByFingerprint(identifier);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Certificate getCertificateIfChanged(String identifier, String tag)
|
||||||
|
throws IOException, BadDataException, BadNameException {
|
||||||
|
String specialName = SpecialNames.lookupSpecialName(identifier);
|
||||||
|
if (specialName != null) {
|
||||||
|
return directory.getBySpecialNameIfChanged(specialName, tag);
|
||||||
|
}
|
||||||
|
|
||||||
|
return directory.getByFingerprintIfChanged(identifier, tag);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Certificate insertCertificate(InputStream data, MergeCallback merge)
|
||||||
|
throws IOException, InterruptedException, BadDataException {
|
||||||
|
Certificate certificate = directory.insert(data, merge);
|
||||||
|
storeIdentifierForSubkeys(certificate);
|
||||||
|
return certificate;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Certificate tryInsertCertificate(InputStream data, MergeCallback merge)
|
||||||
|
throws IOException, BadDataException {
|
||||||
|
Certificate certificate = directory.tryInsert(data, merge);
|
||||||
|
storeIdentifierForSubkeys(certificate);
|
||||||
|
return certificate;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Certificate insertCertificateBySpecialName(String specialName, InputStream data, MergeCallback merge)
|
||||||
|
throws IOException, InterruptedException, BadDataException, BadNameException {
|
||||||
|
return directory.insertWithSpecialName(specialName, data, merge);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Certificate tryInsertCertificateBySpecialName(String specialName, InputStream data, MergeCallback merge)
|
||||||
|
throws IOException, BadDataException, BadNameException {
|
||||||
|
return directory.tryInsertWithSpecialName(specialName, data, merge);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Iterator<Certificate> getCertificates() {
|
||||||
|
return directory.items();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Iterator<String> getFingerprints() {
|
||||||
|
return directory.fingerprints();
|
||||||
|
}
|
||||||
|
|
||||||
|
private void storeIdentifierForSubkeys(Certificate certificate) throws IOException {
|
||||||
|
if (certificate == null) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
String fingerprint = certificate.getFingerprint();
|
||||||
|
storeCertificateSubkeyIds(fingerprint, new ArrayList<>(certificate.getSubkeyIds()));
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Set<String> getCertificateFingerprintsForSubkeyId(long subkeyId) throws IOException {
|
||||||
|
return subkeyLookup.getCertificateFingerprintsForSubkeyId(subkeyId);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void storeCertificateSubkeyIds(String certificate, List<Long> subkeyIds) throws IOException {
|
||||||
|
subkeyLookup.storeCertificateSubkeyIds(certificate, subkeyIds);
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,230 @@
|
||||||
|
// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
|
||||||
|
//
|
||||||
|
// SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
|
package org.pgpainless.cert_d;
|
||||||
|
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertFalse;
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertNull;
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||||
|
|
||||||
|
import java.io.ByteArrayInputStream;
|
||||||
|
import java.io.ByteArrayOutputStream;
|
||||||
|
import java.io.File;
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.nio.file.Files;
|
||||||
|
import java.util.Arrays;
|
||||||
|
import java.util.Collections;
|
||||||
|
import java.util.HashSet;
|
||||||
|
import java.util.Iterator;
|
||||||
|
import java.util.Set;
|
||||||
|
|
||||||
|
import org.bouncycastle.util.encoders.Hex;
|
||||||
|
import org.bouncycastle.util.io.Streams;
|
||||||
|
import org.junit.jupiter.api.BeforeEach;
|
||||||
|
import org.junit.jupiter.api.Test;
|
||||||
|
import org.pgpainless.certificate_store.CertificateReader;
|
||||||
|
import org.pgpainless.certificate_store.SharedPGPCertificateDirectoryAdapter;
|
||||||
|
import pgp.cert_d.InMemorySubkeyLookup;
|
||||||
|
import pgp.cert_d.SharedPGPCertificateDirectoryImpl;
|
||||||
|
import pgp.certificate_store.CertificateStore;
|
||||||
|
import pgp.certificate_store.exception.BadDataException;
|
||||||
|
import pgp.certificate_store.exception.BadNameException;
|
||||||
|
import pgp.certificate_store.exception.NotAStoreException;
|
||||||
|
import pgp.certificate_store.Certificate;
|
||||||
|
|
||||||
|
public class SharedPGPCertificateDirectoryAdapterTest {
|
||||||
|
|
||||||
|
private static final String testCertificate = "98330462069cc616092b06010401da470f010107400db5906b09f701ab1f7f96087eedab6ba44c02fcbd2470137cfeacac5a2d032db405416c696365888f0413160a0041050262069cc609906f054e826378552516a104505b134a7e62f0f154ec3d036f054e8263785525029e01029b01059602030100048b09080705950a09080b0299010000a12600fd117925c0f2192ef5b2a44e3d3038e2a7ce5ba0343fc2dfb661a3a46d1276fb380100bf2872e7e36b63f61ae3556464c4a04344e7d36e0d7313e623effb0290ce0b0fb8380462069cc6120a2b06010401975501050101074034ffd523242385fe92034a5e326a82f4edff614516cc1028ca91fb653557f25b0301080788750418160a001d050262069cc6029e01029b0c059602030100048b09080705950a09080b000a09106f054e8263785525391400ff4eb85df8ddfc15e94c9cf28bc0aa9d0426b571ca64c5421be5889d5410d8632f00fd1ac5e9aed683e711282489d8980222d2ceff15c5ce0499fcb36716d850749406b8330462069cc616092b06010401da470f0101074058f296fb7ce456039856144db677f14018963a8bfd281c84aaeebe7e14df8f1c88d50418160a007d050262069cc6029e01029b02059602030100048b09080705950a09080b5f200419160a0006050262069cc6000a09108119c86e0a4c6dc73a7600ff5e25427da84d824cc3f8890bc6bd037f423f610006e1249b1aad3d7f70ac47a100fc08e67a6a945c1feec301df9dc27e7ea4e61d107d0720e814eea1dc4f1da20a08000a09106f054e8263785525359700ff4ce78cf267c261468322de906118d4f003ceefa72fa3b86119e26f99be3727fc00fe3895207c4aac814549f0189d2f494f5b1fcee7f6da344e63a0c32743b216b406";
|
||||||
|
private static final String testCertFingerprint = "505b134a7e62f0f154ec3d036f054e8263785525";
|
||||||
|
private static final long testCertificateSubkey1 = 7999886635015099685L;
|
||||||
|
private static final long testCertificateSubkey2 = -5375724347241457298L;
|
||||||
|
private static final long testCertificateSubkey3 = -9144057193454342713L;
|
||||||
|
|
||||||
|
private SharedPGPCertificateDirectoryAdapter adapter;
|
||||||
|
private CertificateStore store;
|
||||||
|
|
||||||
|
@BeforeEach
|
||||||
|
public void setupInstance() throws IOException, NotAStoreException {
|
||||||
|
adapter = new SharedPGPCertificateDirectoryAdapter(
|
||||||
|
new SharedPGPCertificateDirectoryImpl(tempDir(), new CertificateReader()),
|
||||||
|
new InMemorySubkeyLookup());
|
||||||
|
store = adapter;
|
||||||
|
}
|
||||||
|
|
||||||
|
private static File tempDir() throws IOException {
|
||||||
|
File tempDir = Files.createTempDirectory("pgp.cert.d-").toFile();
|
||||||
|
tempDir.deleteOnExit();
|
||||||
|
return tempDir;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void getNonExistentCertIsNull() throws IOException, BadDataException, BadNameException {
|
||||||
|
assertNull(store.getCertificate("eb85bb5fa33a75e15e944e63f231550c4f47e38e"));
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void getInvalidIdentifierThrows() {
|
||||||
|
assertThrows(BadNameException.class, () -> store.getCertificate("invalid"));
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void insertAndGet() throws IOException, InterruptedException, BadDataException, BadNameException {
|
||||||
|
byte[] bytes = Hex.decode(testCertificate);
|
||||||
|
ByteArrayInputStream byteIn = new ByteArrayInputStream(bytes);
|
||||||
|
String fingerprint = testCertFingerprint;
|
||||||
|
|
||||||
|
Certificate certificate = store.insertCertificate(byteIn, (data, existing) -> data);
|
||||||
|
|
||||||
|
assertEquals(fingerprint, certificate.getFingerprint());
|
||||||
|
Set<Long> expectedSubkeys = new HashSet<>(Arrays.asList(testCertificateSubkey1, testCertificateSubkey2, testCertificateSubkey3));
|
||||||
|
Set<Long> subkeys = certificate.getSubkeyIds();
|
||||||
|
assertEquals(expectedSubkeys, subkeys);
|
||||||
|
for (long subkey : subkeys) {
|
||||||
|
assertEquals(Collections.singleton(fingerprint), store.getCertificateFingerprintsForSubkeyId(subkey));
|
||||||
|
}
|
||||||
|
|
||||||
|
Certificate retrieved = store.getCertificate(fingerprint);
|
||||||
|
assertNotNull(retrieved);
|
||||||
|
ByteArrayOutputStream retrievedOut = new ByteArrayOutputStream();
|
||||||
|
Streams.pipeAll(retrieved.getInputStream(), retrievedOut);
|
||||||
|
|
||||||
|
assertArrayEquals(bytes, retrievedOut.toByteArray());
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void tryInsertAndGet() throws IOException, BadDataException, BadNameException {
|
||||||
|
byte[] bytes = Hex.decode(testCertificate);
|
||||||
|
ByteArrayInputStream byteIn = new ByteArrayInputStream(bytes);
|
||||||
|
String fingerprint = testCertFingerprint;
|
||||||
|
|
||||||
|
Certificate certificate = store.tryInsertCertificate(byteIn, (data, existing) -> data);
|
||||||
|
|
||||||
|
assertEquals(fingerprint, certificate.getFingerprint());
|
||||||
|
Set<Long> subkeys = certificate.getSubkeyIds();
|
||||||
|
assertEquals(3, subkeys.size());
|
||||||
|
for (long subkey : subkeys) {
|
||||||
|
assertEquals(Collections.singleton(fingerprint), store.getCertificateFingerprintsForSubkeyId(subkey));
|
||||||
|
}
|
||||||
|
|
||||||
|
Certificate retrieved = store.getCertificate(fingerprint);
|
||||||
|
assertNotNull(retrieved);
|
||||||
|
ByteArrayOutputStream retrievedOut = new ByteArrayOutputStream();
|
||||||
|
Streams.pipeAll(retrieved.getInputStream(), retrievedOut);
|
||||||
|
|
||||||
|
assertArrayEquals(bytes, retrievedOut.toByteArray());
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void insertAndGetIfChanged() throws IOException, InterruptedException, BadDataException, BadNameException {
|
||||||
|
byte[] bytes = Hex.decode(testCertificate);
|
||||||
|
ByteArrayInputStream byteIn = new ByteArrayInputStream(bytes);
|
||||||
|
String fingerprint = testCertFingerprint;
|
||||||
|
|
||||||
|
Certificate certificate = store.insertCertificate(byteIn, (data, existing) -> data);
|
||||||
|
String tag = certificate.getTag();
|
||||||
|
|
||||||
|
assertNull(store.getCertificateIfChanged(fingerprint, tag));
|
||||||
|
assertNotNull(store.getCertificateIfChanged(fingerprint, "invalid"));
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void insertBySpecialNameAndGet() throws IOException, InterruptedException, BadDataException, BadNameException {
|
||||||
|
byte[] bytes = Hex.decode(testCertificate);
|
||||||
|
ByteArrayInputStream byteIn = new ByteArrayInputStream(bytes);
|
||||||
|
String fingerprint = testCertFingerprint;
|
||||||
|
String identifier = "trust-root";
|
||||||
|
|
||||||
|
Certificate certificate = store.insertCertificateBySpecialName(identifier, byteIn, (data, existing) -> data);
|
||||||
|
|
||||||
|
assertEquals(fingerprint, certificate.getFingerprint());
|
||||||
|
|
||||||
|
Certificate retrieved = store.getCertificate(identifier);
|
||||||
|
assertNotNull(retrieved);
|
||||||
|
ByteArrayOutputStream retrievedOut = new ByteArrayOutputStream();
|
||||||
|
Streams.pipeAll(retrieved.getInputStream(), retrievedOut);
|
||||||
|
|
||||||
|
assertArrayEquals(bytes, retrievedOut.toByteArray());
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void tryInsertBySpecialNameAndGet() throws IOException, BadDataException, BadNameException {
|
||||||
|
byte[] bytes = Hex.decode(testCertificate);
|
||||||
|
ByteArrayInputStream byteIn = new ByteArrayInputStream(bytes);
|
||||||
|
String fingerprint = testCertFingerprint;
|
||||||
|
String identifier = "trust-root";
|
||||||
|
|
||||||
|
Certificate certificate = store.tryInsertCertificateBySpecialName(identifier, byteIn, (data, existing) -> data);
|
||||||
|
|
||||||
|
assertEquals(fingerprint, certificate.getFingerprint());
|
||||||
|
|
||||||
|
Certificate retrieved = store.getCertificate(identifier);
|
||||||
|
assertNotNull(retrieved);
|
||||||
|
ByteArrayOutputStream retrievedOut = new ByteArrayOutputStream();
|
||||||
|
Streams.pipeAll(retrieved.getInputStream(), retrievedOut);
|
||||||
|
|
||||||
|
assertArrayEquals(bytes, retrievedOut.toByteArray());
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void insertBySpecialNameAndGetIfChanged() throws IOException, InterruptedException, BadDataException, BadNameException {
|
||||||
|
byte[] bytes = Hex.decode(testCertificate);
|
||||||
|
ByteArrayInputStream byteIn = new ByteArrayInputStream(bytes);
|
||||||
|
String fingerprint = testCertFingerprint;
|
||||||
|
String identifier = "trust-root";
|
||||||
|
|
||||||
|
Certificate certificate = store.insertCertificateBySpecialName(identifier, byteIn, (data, existing) -> data);
|
||||||
|
String tag = certificate.getTag();
|
||||||
|
|
||||||
|
certificate = store.getCertificateIfChanged(identifier, tag);
|
||||||
|
assertNull(certificate);
|
||||||
|
certificate = store.getCertificateIfChanged(identifier, "invalid");
|
||||||
|
assertNotNull(certificate);
|
||||||
|
assertEquals(fingerprint, certificate.getFingerprint());
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void getItemsAndFingerprints() throws IOException, InterruptedException, BadDataException, BadNameException {
|
||||||
|
byte[] bytes1 = Hex.decode(testCertificate);
|
||||||
|
ByteArrayInputStream byteIn1 = new ByteArrayInputStream(bytes1);
|
||||||
|
Certificate firstCert = store.insertCertificate(byteIn1, (data, existing) -> data);
|
||||||
|
|
||||||
|
byte[] bytes2 = Hex.decode("9833046206a37516092b06010401da470f010107409f55baab1599044096ba901d69854cf5307b84b0542871b15db3dd4c62664f37b403426f62888f0413160a004105026206a3750990ba01b5a9eea7e76716a104f1d47fb85ad74549a37974f3ba01b5a9eea7e767029e01029b01059602030100048b09080705950a09080b0299010000e6170100e08374a6fd32d0b4be2d3f7c75d3f6c13cb47b1b73589aa452a1b2a16b888b5000fe274e6565ab9faa34338cf4d805663f8775fdee4ec6a0fdf1ec2cf84b72907f05b838046206a375120a2b0601040197550105010107405641e74d2dda92003ce200422c3ab6f3562fc49a8ecc67ea02593988442b23780301080788750418160a001d05026206a375029e01029b0c059602030100048b09080705950a09080b000a0910ba01b5a9eea7e76732850100910a6049779773f455226cd91645884842b91017796287a634104ab5364a0c0d00fe20b5febb17de271394f31128f709c307c0bbca4f9502570744bd54e6dc9c2209b833046206a37516092b06010401da470f0101074059f008928cb69b48bed07a639f03f43a48808aade67109cd658f54bddefa5ec288d50418160a007d05026206a375029e01029b02059602030100048b09080705950a09080b5f200419160a000605026206a375000a0910dcdb34f4068368c0dffb010095fb1f6daac239bf3221d9d2ecc81b6cb258c2b058a300a7e103f7f36a58bf1900fe273a9eaaa03b613236df22bebcbbd69d7c02caf1b7af4fa29320c8d96d32310f000a0910ba01b5a9eea7e7671de20100a5044d24a9d860f9af7e8b9a095d4eac8820fad8b045e70be1ae5607fa4d6b4f010097b53d1527f3b3e3d3b78367c8269c999ee37575a51ffc582f73d2cba4df080f");
|
||||||
|
ByteArrayInputStream byteIn2 = new ByteArrayInputStream(bytes2);
|
||||||
|
Certificate secondCert = store.insertCertificate(byteIn2, ((data, existing) -> data));
|
||||||
|
|
||||||
|
String trustRootHex = "9833046206a57e16092b06010401da470f010107401ad7351d9766843bf11a8414f68790df0649fad8b01c244323f47e4ebc87fc35b40a74727573742d726f6f74888f0413160a004105026206a57f09907c619691ddee5fc216a10489e1e05cb458758d0729eb0c7c619691ddee5fc2029e01029b01059602030100048b09080705950a09080b029901000080c100ff45d97dda133895e337416266f1ff2c38ff3947ecfbfe21328d51bc877ccba367010096698a5fbac9444b7b28b96389c66ca405821f04871f1bbbf5b5bf8b800f9104b838046206a57f120a2b06010401975501050101074074ff41705c50e8f27b18df40a53aded6cacd2ce4f88b471c7130036010ca60240301080788750418160a001d05026206a57f029e01029b0c059602030100048b09080705950a09080b000a09107c619691ddee5fc27b3c0100fba12230adf80a6a7a376b9568481ab4ae86628274db67412074cb4a846011a200ff437e4047bbafec42b41594b296f8be93fc03482b2d35ac92e87ce632b86bc900b833046206a57f16092b06010401da470f01010740ce99f97d1f0b5aa2f4e6f2a7a2aa231da8c2a2f489a593b747983a750f3928ae88d50418160a007d05026206a57f029e01029b02059602030100048b09080705950a09080b5f200419160a000605026206a57f000a0910b905cb706dec67e3f6050100a7ae51ea07f3d0d493fd1fdfbcbbe112c19de8dbbd29e03ba5e755345444402300fe2663252eeca21772012c5dc4eb9efa4e01566dffbb44e7d1536181eb3f8b420e000a09107c619691ddee5fc2a4190100fdbedf9defd5d30bad77937a5589441ef336028613a6fcfc4a959bee51de134e00fd128628567b66fa03ef099d6936324f7593e2060608b433828d336dda552e2c04";
|
||||||
|
byte[] trustRootBytes = Hex.decode(trustRootHex);
|
||||||
|
ByteArrayInputStream trustRootIn = new ByteArrayInputStream(trustRootBytes);
|
||||||
|
Certificate trustRoot = store.insertCertificateBySpecialName("trust-root", trustRootIn, (data, existing) -> data);
|
||||||
|
|
||||||
|
Set<String> expectedFingerprints = new HashSet<>();
|
||||||
|
expectedFingerprints.add(firstCert.getFingerprint());
|
||||||
|
expectedFingerprints.add(secondCert.getFingerprint());
|
||||||
|
|
||||||
|
Iterator<Certificate> certificateIterator = store.getCertificates();
|
||||||
|
Set<String> actualFingerprints = new HashSet<>();
|
||||||
|
Certificate c = certificateIterator.next();
|
||||||
|
actualFingerprints.add(c.getFingerprint());
|
||||||
|
c = certificateIterator.next();
|
||||||
|
actualFingerprints.add(c.getFingerprint());
|
||||||
|
assertFalse(certificateIterator.hasNext());
|
||||||
|
|
||||||
|
assertEquals(expectedFingerprints, actualFingerprints);
|
||||||
|
assertFalse(actualFingerprints.contains(trustRoot.getFingerprint()));
|
||||||
|
|
||||||
|
Iterator<String> fingerprintIterator = store.getFingerprints();
|
||||||
|
actualFingerprints = new HashSet<>();
|
||||||
|
actualFingerprints.add(fingerprintIterator.next());
|
||||||
|
actualFingerprints.add(fingerprintIterator.next());
|
||||||
|
assertFalse(fingerprintIterator.hasNext());
|
||||||
|
|
||||||
|
assertEquals(expectedFingerprints, actualFingerprints);
|
||||||
|
assertFalse(actualFingerprints.contains(trustRoot.getFingerprint()));
|
||||||
|
}
|
||||||
|
}
|
|
@ -7,7 +7,8 @@ package org.pgpainless.cert_d;
|
||||||
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
|
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
|
||||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||||
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
||||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
import static org.junit.jupiter.api.Assertions.assertNull;
|
||||||
|
import static org.junit.jupiter.api.Assumptions.assumeTrue;
|
||||||
|
|
||||||
import java.io.ByteArrayInputStream;
|
import java.io.ByteArrayInputStream;
|
||||||
import java.io.ByteArrayOutputStream;
|
import java.io.ByteArrayOutputStream;
|
||||||
|
@ -20,7 +21,6 @@ import java.util.HashMap;
|
||||||
import java.util.HashSet;
|
import java.util.HashSet;
|
||||||
import java.util.Iterator;
|
import java.util.Iterator;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.NoSuchElementException;
|
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
import java.util.stream.Stream;
|
import java.util.stream.Stream;
|
||||||
|
|
||||||
|
@ -32,31 +32,36 @@ import org.junit.jupiter.params.ParameterizedTest;
|
||||||
import org.junit.jupiter.params.provider.MethodSource;
|
import org.junit.jupiter.params.provider.MethodSource;
|
||||||
import org.pgpainless.PGPainless;
|
import org.pgpainless.PGPainless;
|
||||||
import org.pgpainless.algorithm.KeyFlag;
|
import org.pgpainless.algorithm.KeyFlag;
|
||||||
import org.pgpainless.certificate_store.PGPainlessCertD;
|
import org.pgpainless.certificate_store.CertificateReader;
|
||||||
import org.pgpainless.key.OpenPgpFingerprint;
|
import org.pgpainless.key.OpenPgpFingerprint;
|
||||||
import org.pgpainless.key.generation.KeySpec;
|
import org.pgpainless.key.generation.KeySpec;
|
||||||
import org.pgpainless.key.generation.type.KeyType;
|
import org.pgpainless.key.generation.type.KeyType;
|
||||||
import org.pgpainless.key.generation.type.eddsa.EdDSACurve;
|
import org.pgpainless.key.generation.type.eddsa.EdDSACurve;
|
||||||
import pgp.cert_d.subkey_lookup.InMemorySubkeyLookupFactory;
|
import pgp.cert_d.CachingSharedPGPCertificateDirectoryWrapper;
|
||||||
import pgp.certificate_store.certificate.Certificate;
|
import pgp.cert_d.FileLockingMechanism;
|
||||||
import pgp.certificate_store.certificate.KeyMaterial;
|
import pgp.cert_d.SharedPGPCertificateDirectory;
|
||||||
import pgp.certificate_store.certificate.KeyMaterialMerger;
|
import pgp.cert_d.SharedPGPCertificateDirectoryImpl;
|
||||||
import pgp.certificate_store.exception.BadDataException;
|
import pgp.certificate_store.exception.BadDataException;
|
||||||
import pgp.certificate_store.exception.BadNameException;
|
import pgp.certificate_store.exception.BadNameException;
|
||||||
import pgp.certificate_store.exception.NotAStoreException;
|
import pgp.certificate_store.exception.NotAStoreException;
|
||||||
|
import pgp.certificate_store.Certificate;
|
||||||
|
import pgp.certificate_store.MergeCallback;
|
||||||
|
|
||||||
public class SharedPGPCertificateDirectoryTest {
|
public class SharedPGPCertificateDirectoryTest {
|
||||||
|
|
||||||
private static KeyMaterialMerger dummyMerge = new KeyMaterialMerger() {
|
private static MergeCallback dummyMerge = new MergeCallback() {
|
||||||
@Override
|
@Override
|
||||||
public KeyMaterial merge(KeyMaterial data, KeyMaterial existing) {
|
public Certificate merge(Certificate data, Certificate existing) {
|
||||||
return data;
|
return data;
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
private static Stream<PGPainlessCertD> provideTestSubjects() throws IOException, NotAStoreException {
|
private static Stream<SharedPGPCertificateDirectory> provideTestSubjects() throws IOException, NotAStoreException {
|
||||||
return Stream.of(
|
return Stream.of(
|
||||||
PGPainlessCertD.fileBased(tempDir(), new InMemorySubkeyLookupFactory()));
|
new SharedPGPCertificateDirectoryImpl(tempDir(), new CertificateReader()),
|
||||||
|
new CachingSharedPGPCertificateDirectoryWrapper(
|
||||||
|
new SharedPGPCertificateDirectoryImpl(tempDir(), new CertificateReader()))
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
private static File tempDir() throws IOException {
|
private static File tempDir() throws IOException {
|
||||||
|
@ -67,21 +72,25 @@ public class SharedPGPCertificateDirectoryTest {
|
||||||
|
|
||||||
@ParameterizedTest
|
@ParameterizedTest
|
||||||
@MethodSource("provideTestSubjects")
|
@MethodSource("provideTestSubjects")
|
||||||
public void simpleInsertGet(PGPainlessCertD directory)
|
public void simpleInsertGet(SharedPGPCertificateDirectory directory)
|
||||||
throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException,
|
throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException,
|
||||||
BadDataException, InterruptedException, BadNameException {
|
BadDataException, InterruptedException, BadNameException {
|
||||||
PGPSecretKeyRing key = PGPainless.generateKeyRing().modernKeyRing("Alice");
|
PGPSecretKeyRing key = PGPainless.generateKeyRing().modernKeyRing("Alice", null);
|
||||||
PGPPublicKeyRing cert = PGPainless.extractCertificate(key);
|
PGPPublicKeyRing cert = PGPainless.extractCertificate(key);
|
||||||
OpenPgpFingerprint fingerprint = OpenPgpFingerprint.of(cert);
|
OpenPgpFingerprint fingerprint = OpenPgpFingerprint.of(cert);
|
||||||
ByteArrayInputStream certIn = new ByteArrayInputStream(cert.getEncoded());
|
ByteArrayInputStream certIn = new ByteArrayInputStream(cert.getEncoded());
|
||||||
|
|
||||||
// standard case: no cert found
|
// standard case: get() is null
|
||||||
assertThrows(NoSuchElementException.class, () -> directory.getByFingerprint(fingerprint.toString().toLowerCase()));
|
assertNull(directory.getByFingerprint(fingerprint.toString().toLowerCase()));
|
||||||
|
|
||||||
// insert and check returned certs fingerprint
|
// insert and check returned certs fingerprint
|
||||||
Certificate certificate = directory.insert(certIn, dummyMerge);
|
Certificate certificate = directory.insert(certIn, dummyMerge);
|
||||||
assertEquals(fingerprint.toString().toLowerCase(), certificate.getFingerprint());
|
assertEquals(fingerprint.toString().toLowerCase(), certificate.getFingerprint());
|
||||||
|
|
||||||
|
// getIfChanged
|
||||||
|
assertNull(directory.getByFingerprintIfChanged(certificate.getFingerprint(), certificate.getTag()));
|
||||||
|
assertNotNull(directory.getByFingerprintIfChanged(certificate.getFingerprint(), "invalidTag"));
|
||||||
|
|
||||||
// tryInsert
|
// tryInsert
|
||||||
certIn = new ByteArrayInputStream(cert.getEncoded());
|
certIn = new ByteArrayInputStream(cert.getEncoded());
|
||||||
assertNotNull(directory.tryInsert(certIn, dummyMerge));
|
assertNotNull(directory.tryInsert(certIn, dummyMerge));
|
||||||
|
@ -89,7 +98,7 @@ public class SharedPGPCertificateDirectoryTest {
|
||||||
|
|
||||||
@ParameterizedTest
|
@ParameterizedTest
|
||||||
@MethodSource("provideTestSubjects")
|
@MethodSource("provideTestSubjects")
|
||||||
public void simpleInsertGetBySpecialName(PGPainlessCertD directory)
|
public void simpleInsertGetBySpecialName(SharedPGPCertificateDirectory directory)
|
||||||
throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException,
|
throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException,
|
||||||
BadDataException, InterruptedException, BadNameException {
|
BadDataException, InterruptedException, BadNameException {
|
||||||
PGPSecretKeyRing key = PGPainless.buildKeyRing()
|
PGPSecretKeyRing key = PGPainless.buildKeyRing()
|
||||||
|
@ -100,13 +109,17 @@ public class SharedPGPCertificateDirectoryTest {
|
||||||
OpenPgpFingerprint fingerprint = OpenPgpFingerprint.of(trustRoot);
|
OpenPgpFingerprint fingerprint = OpenPgpFingerprint.of(trustRoot);
|
||||||
ByteArrayInputStream certIn = new ByteArrayInputStream(trustRoot.getEncoded());
|
ByteArrayInputStream certIn = new ByteArrayInputStream(trustRoot.getEncoded());
|
||||||
|
|
||||||
// standard case: no cert found
|
// standard case: get() is null
|
||||||
assertThrows(NoSuchElementException.class, () -> directory.getBySpecialName("trust-root"));
|
assertNull(directory.getBySpecialName("trust-root"));
|
||||||
|
|
||||||
// insert and check returned certs fingerprint
|
// insert and check returned certs fingerprint
|
||||||
Certificate certificate = directory.insertWithSpecialName("trust-root", certIn, dummyMerge);
|
Certificate certificate = directory.insertWithSpecialName("trust-root", certIn, dummyMerge);
|
||||||
assertEquals(fingerprint.toString().toLowerCase(), certificate.getFingerprint());
|
assertEquals(fingerprint.toString().toLowerCase(), certificate.getFingerprint());
|
||||||
|
|
||||||
|
// getIfChanged
|
||||||
|
assertNull(directory.getBySpecialNameIfChanged("trust-root", certificate.getTag()));
|
||||||
|
assertNotNull(directory.getBySpecialNameIfChanged("trust-root", "invalidTag"));
|
||||||
|
|
||||||
// tryInsert
|
// tryInsert
|
||||||
certIn = new ByteArrayInputStream(trustRoot.getEncoded());
|
certIn = new ByteArrayInputStream(trustRoot.getEncoded());
|
||||||
assertNotNull(directory.tryInsertWithSpecialName("trust-root", certIn, dummyMerge));
|
assertNotNull(directory.tryInsertWithSpecialName("trust-root", certIn, dummyMerge));
|
||||||
|
@ -114,11 +127,29 @@ public class SharedPGPCertificateDirectoryTest {
|
||||||
|
|
||||||
@ParameterizedTest
|
@ParameterizedTest
|
||||||
@MethodSource("provideTestSubjects")
|
@MethodSource("provideTestSubjects")
|
||||||
public void testGetItemsAndFingerprints(PGPainlessCertD directory)
|
public void tryInsertFailsWithLockedStore(SharedPGPCertificateDirectory directory)
|
||||||
|
throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException,
|
||||||
|
BadDataException, InterruptedException {
|
||||||
|
assumeTrue(directory.getLock() instanceof FileLockingMechanism);
|
||||||
|
|
||||||
|
PGPSecretKeyRing key = PGPainless.generateKeyRing().modernKeyRing("Alice", null);
|
||||||
|
PGPPublicKeyRing cert = PGPainless.extractCertificate(key);
|
||||||
|
ByteArrayInputStream certIn = new ByteArrayInputStream(cert.getEncoded());
|
||||||
|
|
||||||
|
directory.getLock().lockDirectory();
|
||||||
|
assertNull(directory.tryInsert(certIn, dummyMerge));
|
||||||
|
|
||||||
|
directory.getLock().releaseDirectory();
|
||||||
|
assertNotNull(directory.tryInsert(certIn, dummyMerge));
|
||||||
|
}
|
||||||
|
|
||||||
|
@ParameterizedTest
|
||||||
|
@MethodSource("provideTestSubjects")
|
||||||
|
public void testGetItemsAndFingerprints(SharedPGPCertificateDirectory directory)
|
||||||
throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException,
|
throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, IOException,
|
||||||
BadDataException, InterruptedException, BadNameException {
|
BadDataException, InterruptedException, BadNameException {
|
||||||
|
|
||||||
PGPSecretKeyRing trustRootKey = PGPainless.generateKeyRing().modernKeyRing("Alice");
|
PGPSecretKeyRing trustRootKey = PGPainless.generateKeyRing().modernKeyRing("Alice", null);
|
||||||
PGPPublicKeyRing trustRootCert = PGPainless.extractCertificate(trustRootKey);
|
PGPPublicKeyRing trustRootCert = PGPainless.extractCertificate(trustRootKey);
|
||||||
OpenPgpFingerprint trustRootFingerprint = OpenPgpFingerprint.of(trustRootCert);
|
OpenPgpFingerprint trustRootFingerprint = OpenPgpFingerprint.of(trustRootCert);
|
||||||
ByteArrayInputStream trustRootCertIn = new ByteArrayInputStream(trustRootCert.getEncoded());
|
ByteArrayInputStream trustRootCertIn = new ByteArrayInputStream(trustRootCert.getEncoded());
|
||||||
|
@ -127,7 +158,7 @@ public class SharedPGPCertificateDirectoryTest {
|
||||||
final int certificateCount = 3;
|
final int certificateCount = 3;
|
||||||
Map<String, PGPPublicKeyRing> certificateMap = new HashMap<>();
|
Map<String, PGPPublicKeyRing> certificateMap = new HashMap<>();
|
||||||
for (int i = 0; i < certificateCount; i++) {
|
for (int i = 0; i < certificateCount; i++) {
|
||||||
PGPSecretKeyRing key = PGPainless.generateKeyRing().modernKeyRing("Alice");
|
PGPSecretKeyRing key = PGPainless.generateKeyRing().modernKeyRing("Alice", null);
|
||||||
PGPPublicKeyRing cert = PGPainless.extractCertificate(key);
|
PGPPublicKeyRing cert = PGPainless.extractCertificate(key);
|
||||||
OpenPgpFingerprint fingerprint = OpenPgpFingerprint.of(cert);
|
OpenPgpFingerprint fingerprint = OpenPgpFingerprint.of(cert);
|
||||||
certificateMap.put(fingerprint.toString().toLowerCase(), cert);
|
certificateMap.put(fingerprint.toString().toLowerCase(), cert);
|
||||||
|
|
|
@ -1,133 +0,0 @@
|
||||||
// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
|
|
||||||
//
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package org.pgpainless.certificate_store;
|
|
||||||
|
|
||||||
import org.junit.jupiter.api.Test;
|
|
||||||
import pgp.certificate_store.certificate.Certificate;
|
|
||||||
import pgp.certificate_store.certificate.Key;
|
|
||||||
import pgp.certificate_store.certificate.KeyMaterial;
|
|
||||||
import pgp.certificate_store.exception.BadDataException;
|
|
||||||
|
|
||||||
import java.io.ByteArrayInputStream;
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.nio.charset.Charset;
|
|
||||||
|
|
||||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
|
||||||
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
|
||||||
import static org.junit.jupiter.api.Assertions.assertNull;
|
|
||||||
import static org.junit.jupiter.api.Assertions.assertSame;
|
|
||||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
|
||||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
|
||||||
|
|
||||||
public class KeyMaterialReaderTest {
|
|
||||||
|
|
||||||
private static final String KEY = "-----BEGIN PGP PRIVATE KEY BLOCK-----\n" +
|
|
||||||
"Comment: B21A ABBF 15DF 0FDA 3742 4DE9 AD00 8384 AD0A 064C\n" +
|
|
||||||
"Comment: Volodymyr Zelenskyy <zelenskyy@gov.ua>\n" +
|
|
||||||
"\n" +
|
|
||||||
"xVgEYwdKchYJKwYBBAHaRw8BAQdARSvx9BDpV0AoNYTmN/wrZXQAB7VzOV0rKEQc\n" +
|
|
||||||
"OkhbP5wAAP0QE5FCIOvzea7wu3Yw3LDMmOOgMaWXngYp0948VPP2+xM7wsARBB8W\n" +
|
|
||||||
"CgCDBYJjB0pyBYkFn6YAAwsJBwkQrQCDhK0KBkxHFAAAAAAAHgAgc2FsdEBub3Rh\n" +
|
|
||||||
"dGlvbnMuc2VxdW9pYS1wZ3Aub3JnpqJFBi2xLa0V4D9k4rlmibhIsMRlcvK/MK83\n" +
|
|
||||||
"Hjfh2CIDFQoIApsBAh4BFiEEshqrvxXfD9o3Qk3prQCDhK0KBkwAAIwNAP41uywA\n" +
|
|
||||||
"z+qaRhWoj0stYmmefok4WHXk34jfameTopO1LAEA6L6/crPYzIcAZraaz0s5AM/2\n" +
|
|
||||||
"OvJZR8LaBSj92uBDbAzNJlZvbG9keW15ciBaZWxlbnNreXkgPHplbGVuc2t5eUBn\n" +
|
|
||||||
"b3YudWE+wsAUBBMWCgCGBYJjB0pyBYkFn6YAAwsJBwkQrQCDhK0KBkxHFAAAAAAA\n" +
|
|
||||||
"HgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnuD/qrSefYHLBUQ70qQhb\n" +
|
|
||||||
"cClzXkMQCoGO4S3WJzib/IADFQoIApkBApsBAh4BFiEEshqrvxXfD9o3Qk3prQCD\n" +
|
|
||||||
"hK0KBkwAAL8DAP42+z1sDJlv64PW4iq2ODYcdY1NSptjzfiQ2hyodNBFpgD+Mkiv\n" +
|
|
||||||
"9e2bFvlRj2Q5Brypy3ZwKvGtikUe3s+NlKMPlgTHWARjB0pyFgkrBgEEAdpHDwEB\n" +
|
|
||||||
"B0BNjMb280vf8zNJ/YAtcc6nLe8uCSTtxKKHF0Go9kU+VgABAKTAn5oiixsRxfEb\n" +
|
|
||||||
"k1I6WQbIGk/XNPZ241k65WRdg1qODvXCwMUEGBYKATcFgmMHSnIFiQWfpgAJEK0A\n" +
|
|
||||||
"g4StCgZMRxQAAAAAAB4AIHNhbHRAbm90YXRpb25zLnNlcXVvaWEtcGdwLm9yZ9el\n" +
|
|
||||||
"oLUj9wUjbwI91PYFiLbcIMYw+G2w85rw5nLaXzHEApsCvqAEGRYKAG8FgmMHSnIJ\n" +
|
|
||||||
"EDWWq2wLl0UaRxQAAAAAAB4AIHNhbHRAbm90YXRpb25zLnNlcXVvaWEtcGdwLm9y\n" +
|
|
||||||
"Z622EwAZW4CP32L2ysCphw7DasyPOdBpDsiMv2LB7dz8FiEEZQkoZquL7+v7NBoA\n" +
|
|
||||||
"NZarbAuXRRoAAOu3AP0X6dEVabI84d7t4AwRpmEiShSum9CJiODSs580lzkjlAD/\n" +
|
|
||||||
"QOGSIE5iO155kPudwi8ubif+v4tXe4Ro++tIP85bTQ8WIQSyGqu/Fd8P2jdCTemt\n" +
|
|
||||||
"AIOErQoGTAAAScwBAJ2A8vuK0wEMQHhVJR1lcjUaUm7EoBVuplF85dFipXjuAP40\n" +
|
|
||||||
"bwvHajjg8wFLo8pwAATBd2gnNYXXDK7J2WwiZPAKAcddBGMHSnISCisGAQQBl1UB\n" +
|
|
||||||
"BQEBB0DG0ue4giLkEecm/qz1wPQQBIl5v18/9M0SrMUk/M16agMBCAcAAP9Z4R+9\n" +
|
|
||||||
"tmG3aUKOB9nwN1t4N1GnbYCmaZzTn3uJXLetYBFTwsAGBBgWCgB4BYJjB0pyBYkF\n" +
|
|
||||||
"n6YACRCtAIOErQoGTEcUAAAAAAAeACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBn\n" +
|
|
||||||
"cC5vcmfZNJZA/uU2jCW1zQzCT9oK5hj0sL2taNvDFlLtkMCNqwKbDBYhBLIaq78V\n" +
|
|
||||||
"3w/aN0JN6a0Ag4StCgZMAAAlKwD/eUEbC8MoIitKulDZawtlC0rSITXtQJqUkGNc\n" +
|
|
||||||
"ujTPgIAA/1p/Y3sHn4nhmYcVX902BRXBp8YMD/cHQWZkWPhvM9YF\n" +
|
|
||||||
"=3nhb\n" +
|
|
||||||
"-----END PGP PRIVATE KEY BLOCK-----\n";
|
|
||||||
|
|
||||||
private static final String CERT = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
|
||||||
"Comment: B21A ABBF 15DF 0FDA 3742 4DE9 AD00 8384 AD0A 064C\n" +
|
|
||||||
"Comment: Volodymyr Zelenskyy <zelenskyy@gov.ua>\n" +
|
|
||||||
"\n" +
|
|
||||||
"xjMEYwdKchYJKwYBBAHaRw8BAQdARSvx9BDpV0AoNYTmN/wrZXQAB7VzOV0rKEQc\n" +
|
|
||||||
"OkhbP5zCwBEEHxYKAIMFgmMHSnIFiQWfpgADCwkHCRCtAIOErQoGTEcUAAAAAAAe\n" +
|
|
||||||
"ACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmemokUGLbEtrRXgP2TiuWaJ\n" +
|
|
||||||
"uEiwxGVy8r8wrzceN+HYIgMVCggCmwECHgEWIQSyGqu/Fd8P2jdCTemtAIOErQoG\n" +
|
|
||||||
"TAAAjA0A/jW7LADP6ppGFaiPSy1iaZ5+iThYdeTfiN9qZ5Oik7UsAQDovr9ys9jM\n" +
|
|
||||||
"hwBmtprPSzkAz/Y68llHwtoFKP3a4ENsDM0mVm9sb2R5bXlyIFplbGVuc2t5eSA8\n" +
|
|
||||||
"emVsZW5za3l5QGdvdi51YT7CwBQEExYKAIYFgmMHSnIFiQWfpgADCwkHCRCtAIOE\n" +
|
|
||||||
"rQoGTEcUAAAAAAAeACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcme4P+qt\n" +
|
|
||||||
"J59gcsFRDvSpCFtwKXNeQxAKgY7hLdYnOJv8gAMVCggCmQECmwECHgEWIQSyGqu/\n" +
|
|
||||||
"Fd8P2jdCTemtAIOErQoGTAAAvwMA/jb7PWwMmW/rg9biKrY4Nhx1jU1Km2PN+JDa\n" +
|
|
||||||
"HKh00EWmAP4ySK/17ZsW+VGPZDkGvKnLdnAq8a2KRR7ez42Uow+WBM4zBGMHSnIW\n" +
|
|
||||||
"CSsGAQQB2kcPAQEHQE2MxvbzS9/zM0n9gC1xzqct7y4JJO3EoocXQaj2RT5WwsDF\n" +
|
|
||||||
"BBgWCgE3BYJjB0pyBYkFn6YACRCtAIOErQoGTEcUAAAAAAAeACBzYWx0QG5vdGF0\n" +
|
|
||||||
"aW9ucy5zZXF1b2lhLXBncC5vcmfXpaC1I/cFI28CPdT2BYi23CDGMPhtsPOa8OZy\n" +
|
|
||||||
"2l8xxAKbAr6gBBkWCgBvBYJjB0pyCRA1lqtsC5dFGkcUAAAAAAAeACBzYWx0QG5v\n" +
|
|
||||||
"dGF0aW9ucy5zZXF1b2lhLXBncC5vcmetthMAGVuAj99i9srAqYcOw2rMjznQaQ7I\n" +
|
|
||||||
"jL9iwe3c/BYhBGUJKGari+/r+zQaADWWq2wLl0UaAADrtwD9F+nRFWmyPOHe7eAM\n" +
|
|
||||||
"EaZhIkoUrpvQiYjg0rOfNJc5I5QA/0DhkiBOYjteeZD7ncIvLm4n/r+LV3uEaPvr\n" +
|
|
||||||
"SD/OW00PFiEEshqrvxXfD9o3Qk3prQCDhK0KBkwAAEnMAQCdgPL7itMBDEB4VSUd\n" +
|
|
||||||
"ZXI1GlJuxKAVbqZRfOXRYqV47gD+NG8Lx2o44PMBS6PKcAAEwXdoJzWF1wyuydls\n" +
|
|
||||||
"ImTwCgHOOARjB0pyEgorBgEEAZdVAQUBAQdAxtLnuIIi5BHnJv6s9cD0EASJeb9f\n" +
|
|
||||||
"P/TNEqzFJPzNemoDAQgHwsAGBBgWCgB4BYJjB0pyBYkFn6YACRCtAIOErQoGTEcU\n" +
|
|
||||||
"AAAAAAAeACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmfZNJZA/uU2jCW1\n" +
|
|
||||||
"zQzCT9oK5hj0sL2taNvDFlLtkMCNqwKbDBYhBLIaq78V3w/aN0JN6a0Ag4StCgZM\n" +
|
|
||||||
"AAAlKwD/eUEbC8MoIitKulDZawtlC0rSITXtQJqUkGNcujTPgIAA/1p/Y3sHn4nh\n" +
|
|
||||||
"mYcVX902BRXBp8YMD/cHQWZkWPhvM9YF\n" +
|
|
||||||
"=o64m\n" +
|
|
||||||
"-----END PGP PUBLIC KEY BLOCK-----";
|
|
||||||
|
|
||||||
private final KeyMaterialReader reader = new KeyMaterialReader();
|
|
||||||
private final Charset UTF8 = Charset.forName("UTF8");
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void readBadDataTest() {
|
|
||||||
assertThrows(BadDataException.class, () -> reader.read(
|
|
||||||
new ByteArrayInputStream(CERT.substring(0, CERT.length() - 100).getBytes(UTF8)), null));
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void readIncompleteDataTest() {
|
|
||||||
assertThrows(BadDataException.class, () -> reader.read(
|
|
||||||
new ByteArrayInputStream("ThisIsNotOpenPGPDataAtAllLol".getBytes(UTF8)), null));
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void readKeyTest() throws BadDataException, IOException {
|
|
||||||
KeyMaterial keyMaterial = reader.read(new ByteArrayInputStream(KEY.getBytes(UTF8)), 12L);
|
|
||||||
assertNotNull(keyMaterial);
|
|
||||||
assertTrue(keyMaterial instanceof Key);
|
|
||||||
Key key = (Key) keyMaterial;
|
|
||||||
assertEquals("b21aabbf15df0fda37424de9ad008384ad0a064c", key.getFingerprint());
|
|
||||||
assertEquals(12L, key.getTag());
|
|
||||||
Certificate certificate = key.getCertificate();
|
|
||||||
assertEquals(key.getFingerprint(), certificate.getFingerprint());
|
|
||||||
assertEquals(key.getTag(), certificate.getTag());
|
|
||||||
assertEquals(key.getSubkeyIds(), certificate.getSubkeyIds());
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void readCertTest() throws BadDataException, IOException {
|
|
||||||
KeyMaterial keyMaterial = reader.read(new ByteArrayInputStream(CERT.getBytes(UTF8)), null);
|
|
||||||
assertNotNull(keyMaterial);
|
|
||||||
assertTrue(keyMaterial instanceof Certificate);
|
|
||||||
Certificate certificate = (Certificate) keyMaterial;
|
|
||||||
assertEquals("b21aabbf15df0fda37424de9ad008384ad0a064c", certificate.getFingerprint());
|
|
||||||
assertNull(certificate.getTag());
|
|
||||||
assertSame(certificate, certificate.asCertificate());
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,244 +0,0 @@
|
||||||
// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
|
|
||||||
//
|
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
|
||||||
|
|
||||||
package org.pgpainless.certificate_store;
|
|
||||||
|
|
||||||
import org.bouncycastle.util.io.Streams;
|
|
||||||
import org.junit.jupiter.api.Test;
|
|
||||||
import pgp.certificate_store.certificate.KeyMaterial;
|
|
||||||
import pgp.certificate_store.certificate.KeyMaterialMerger;
|
|
||||||
import pgp.certificate_store.exception.BadDataException;
|
|
||||||
|
|
||||||
import java.io.ByteArrayInputStream;
|
|
||||||
import java.io.ByteArrayOutputStream;
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.nio.charset.Charset;
|
|
||||||
|
|
||||||
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
|
|
||||||
import static org.junit.jupiter.api.Assertions.assertNull;
|
|
||||||
import static org.junit.jupiter.api.Assertions.assertSame;
|
|
||||||
|
|
||||||
public class MergeCallbacksTest {
|
|
||||||
|
|
||||||
private static final String KEY = "-----BEGIN PGP PRIVATE KEY BLOCK-----\n" +
|
|
||||||
"Version: PGPainless\n" +
|
|
||||||
"Comment: 8E0F C503 D081 002A 2BC8 60A1 1CFC 3439 106D 1DD1\n" +
|
|
||||||
"Comment: Marge Simpson <marge@simpson.tv>\n" +
|
|
||||||
"\n" +
|
|
||||||
"lFgEYwdeTxYJKwYBBAHaRw8BAQdA/culAZNfjpo8NyfJv9ggwUJBY/9Ps27wRzj1\n" +
|
|
||||||
"3i5Y/akAAQCel3XRH2ERU2+6C4kJEb3YXNtbH3CHJhkP+co3JQBJygz0tCBNYXJn\n" +
|
|
||||||
"ZSBTaW1wc29uIDxtYXJnZUBzaW1wc29uLnR2PoiPBBMWCgBBBQJjB15QCRAc/DQ5\n" +
|
|
||||||
"EG0d0RYhBI4PxQPQgQAqK8hgoRz8NDkQbR3RAp4BApsBBRYCAwEABAsJCAcFFQoJ\n" +
|
|
||||||
"CAsCmQEAAC34AP9jqFThNA0FeNxEEh+BKA/diGkxsAZaI0HscLeuoECOoAD9FjcO\n" +
|
|
||||||
"1TtI0UjF1wvRAGuoL6PrgNQ/kAE++zyzaXlbDAKcXQRjB15QEgorBgEEAZdVAQUB\n" +
|
|
||||||
"AQdAHQPnqtZwENOdLiD19wgjUpo/U0pJ4s/HCjgUQrFro38DAQgHAAD/VrXgi8fE\n" +
|
|
||||||
"UUAVLn+C3GXCJV0CBnCvLvMn6QwDUIbi1sgQF4h1BBgWCgAdBQJjB15QAp4BApsM\n" +
|
|
||||||
"BRYCAwEABAsJCAcFFQoJCAsACgkQHPw0ORBtHdGDdgD8DS1IyA0j4mnKPw93BLLn\n" +
|
|
||||||
"Wkt6Tc8tEc1Yy3fddhaGXXMBAIMu6ww43TM2EdQM/2orh8MhDZaBdDnD4egQ1ES4\n" +
|
|
||||||
"zxYJnFgEYwdeUBYJKwYBBAHaRw8BAQdAw/Pfecs1QEMAuTY8wGqEgpigYFx6GLHS\n" +
|
|
||||||
"qpgJkVds4hsAAP9JZ3XgkUguI4tUO9CyGCwxfBoUv1+F+XlYoxlyZV0M2A4qiNUE\n" +
|
|
||||||
"GBYKAH0FAmMHXlACngECmwIFFgIDAQAECwkIBwUVCgkIC18gBBkWCgAGBQJjB15Q\n" +
|
|
||||||
"AAoJEO8Ou9qRn4/Lk4ABAOTUMLOTPL9svmyoHmeVKYh4pL92/+zrsNL2Kh8BX7/F\n" +
|
|
||||||
"APsE3/N3J5MB2ZEyzNSU84STG3Aqa+2I2u4w58CeL8eRCAAKCRAc/DQ5EG0d0QBm\n" +
|
|
||||||
"AQDvHR1I/B4VBqMu44wcw1czqqFojv1KQMETnLCfU5Q4cwD+Mt6mNoXADACcnw2P\n" +
|
|
||||||
"3u5u3NoFQ0v2vFSaCoBxVzUQrgo=\n" +
|
|
||||||
"=OKv0\n" +
|
|
||||||
"-----END PGP PRIVATE KEY BLOCK-----";
|
|
||||||
private static final String KEY_WITH_SIG = "-----BEGIN PGP PRIVATE KEY BLOCK-----\n" +
|
|
||||||
"Version: PGPainless\n" +
|
|
||||||
"Comment: 8E0F C503 D081 002A 2BC8 60A1 1CFC 3439 106D 1DD1\n" +
|
|
||||||
"Comment: Marge Simpson <marge@simpson.tv>\n" +
|
|
||||||
"\n" +
|
|
||||||
"lFgEYwdeTxYJKwYBBAHaRw8BAQdA/culAZNfjpo8NyfJv9ggwUJBY/9Ps27wRzj1\n" +
|
|
||||||
"3i5Y/akAAQCel3XRH2ERU2+6C4kJEb3YXNtbH3CHJhkP+co3JQBJygz0iHUEHxYK\n" +
|
|
||||||
"ACcFAmMHXlAJEBz8NDkQbR3RFiEEjg/FA9CBACoryGChHPw0ORBtHdEAAEI4AP4w\n" +
|
|
||||||
"H667enh2czzfH8n4NeluivHQIavx6THn40MELAiBQQD/T3IdrTn0YDVmfdAGmCPL\n" +
|
|
||||||
"lNjOxPDus5SESpLuS6A7IAi0IE1hcmdlIFNpbXBzb24gPG1hcmdlQHNpbXBzb24u\n" +
|
|
||||||
"dHY+iI8EExYKAEEFAmMHXlAJEBz8NDkQbR3RFiEEjg/FA9CBACoryGChHPw0ORBt\n" +
|
|
||||||
"HdECngECmwEFFgIDAQAECwkIBwUVCgkICwKZAQAALfgA/2OoVOE0DQV43EQSH4Eo\n" +
|
|
||||||
"D92IaTGwBlojQexwt66gQI6gAP0WNw7VO0jRSMXXC9EAa6gvo+uA1D+QAT77PLNp\n" +
|
|
||||||
"eVsMApxdBGMHXlASCisGAQQBl1UBBQEBB0AdA+eq1nAQ050uIPX3CCNSmj9TSkni\n" +
|
|
||||||
"z8cKOBRCsWujfwMBCAcAAP9WteCLx8RRQBUuf4LcZcIlXQIGcK8u8yfpDANQhuLW\n" +
|
|
||||||
"yBAXiHUEGBYKAB0FAmMHXlACngECmwwFFgIDAQAECwkIBwUVCgkICwAKCRAc/DQ5\n" +
|
|
||||||
"EG0d0YN2APwNLUjIDSPiaco/D3cEsudaS3pNzy0RzVjLd912FoZdcwEAgy7rDDjd\n" +
|
|
||||||
"MzYR1Az/aiuHwyENloF0OcPh6BDURLjPFgmcWARjB15QFgkrBgEEAdpHDwEBB0DD\n" +
|
|
||||||
"8995yzVAQwC5NjzAaoSCmKBgXHoYsdKqmAmRV2ziGwAA/0lndeCRSC4ji1Q70LIY\n" +
|
|
||||||
"LDF8GhS/X4X5eVijGXJlXQzYDiqI1QQYFgoAfQUCYwdeUAKeAQKbAgUWAgMBAAQL\n" +
|
|
||||||
"CQgHBRUKCQgLXyAEGRYKAAYFAmMHXlAACgkQ7w672pGfj8uTgAEA5NQws5M8v2y+\n" +
|
|
||||||
"bKgeZ5UpiHikv3b/7Ouw0vYqHwFfv8UA+wTf83cnkwHZkTLM1JTzhJMbcCpr7Yja\n" +
|
|
||||||
"7jDnwJ4vx5EIAAoJEBz8NDkQbR3RAGYBAO8dHUj8HhUGoy7jjBzDVzOqoWiO/UpA\n" +
|
|
||||||
"wROcsJ9TlDhzAP4y3qY2hcAMAJyfDY/e7m7c2gVDS/a8VJoKgHFXNRCuCg==\n" +
|
|
||||||
"=WrKH\n" +
|
|
||||||
"-----END PGP PRIVATE KEY BLOCK-----";
|
|
||||||
private static final String CERT = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
|
||||||
"Version: PGPainless\n" +
|
|
||||||
"Comment: 8E0F C503 D081 002A 2BC8 60A1 1CFC 3439 106D 1DD1\n" +
|
|
||||||
"Comment: Marge Simpson <marge@simpson.tv>\n" +
|
|
||||||
"\n" +
|
|
||||||
"mDMEYwdeTxYJKwYBBAHaRw8BAQdA/culAZNfjpo8NyfJv9ggwUJBY/9Ps27wRzj1\n" +
|
|
||||||
"3i5Y/am0IE1hcmdlIFNpbXBzb24gPG1hcmdlQHNpbXBzb24udHY+iI8EExYKAEEF\n" +
|
|
||||||
"AmMHXlAJEBz8NDkQbR3RFiEEjg/FA9CBACoryGChHPw0ORBtHdECngECmwEFFgID\n" +
|
|
||||||
"AQAECwkIBwUVCgkICwKZAQAALfgA/2OoVOE0DQV43EQSH4EoD92IaTGwBlojQexw\n" +
|
|
||||||
"t66gQI6gAP0WNw7VO0jRSMXXC9EAa6gvo+uA1D+QAT77PLNpeVsMArg4BGMHXlAS\n" +
|
|
||||||
"CisGAQQBl1UBBQEBB0AdA+eq1nAQ050uIPX3CCNSmj9TSkniz8cKOBRCsWujfwMB\n" +
|
|
||||||
"CAeIdQQYFgoAHQUCYwdeUAKeAQKbDAUWAgMBAAQLCQgHBRUKCQgLAAoJEBz8NDkQ\n" +
|
|
||||||
"bR3Rg3YA/A0tSMgNI+Jpyj8PdwSy51pLek3PLRHNWMt33XYWhl1zAQCDLusMON0z\n" +
|
|
||||||
"NhHUDP9qK4fDIQ2WgXQ5w+HoENREuM8WCbgzBGMHXlAWCSsGAQQB2kcPAQEHQMPz\n" +
|
|
||||||
"33nLNUBDALk2PMBqhIKYoGBcehix0qqYCZFXbOIbiNUEGBYKAH0FAmMHXlACngEC\n" +
|
|
||||||
"mwIFFgIDAQAECwkIBwUVCgkIC18gBBkWCgAGBQJjB15QAAoJEO8Ou9qRn4/Lk4AB\n" +
|
|
||||||
"AOTUMLOTPL9svmyoHmeVKYh4pL92/+zrsNL2Kh8BX7/FAPsE3/N3J5MB2ZEyzNSU\n" +
|
|
||||||
"84STG3Aqa+2I2u4w58CeL8eRCAAKCRAc/DQ5EG0d0QBmAQDvHR1I/B4VBqMu44wc\n" +
|
|
||||||
"w1czqqFojv1KQMETnLCfU5Q4cwD+Mt6mNoXADACcnw2P3u5u3NoFQ0v2vFSaCoBx\n" +
|
|
||||||
"VzUQrgo=\n" +
|
|
||||||
"=mKjW\n" +
|
|
||||||
"-----END PGP PUBLIC KEY BLOCK-----";
|
|
||||||
private static final String CERT_WITH_SIG = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
|
||||||
"Version: PGPainless\n" +
|
|
||||||
"Comment: 8E0F C503 D081 002A 2BC8 60A1 1CFC 3439 106D 1DD1\n" +
|
|
||||||
"Comment: Marge Simpson <marge@simpson.tv>\n" +
|
|
||||||
"\n" +
|
|
||||||
"mDMEYwdeTxYJKwYBBAHaRw8BAQdA/culAZNfjpo8NyfJv9ggwUJBY/9Ps27wRzj1\n" +
|
|
||||||
"3i5Y/amIdQQfFgoAJwUCYwdeUAkQHPw0ORBtHdEWIQSOD8UD0IEAKivIYKEc/DQ5\n" +
|
|
||||||
"EG0d0QAAQjgA/jAfrrt6eHZzPN8fyfg16W6K8dAhq/HpMefjQwQsCIFBAP9Pch2t\n" +
|
|
||||||
"OfRgNWZ90AaYI8uU2M7E8O6zlIRKku5LoDsgCLQgTWFyZ2UgU2ltcHNvbiA8bWFy\n" +
|
|
||||||
"Z2VAc2ltcHNvbi50dj6IjwQTFgoAQQUCYwdeUAkQHPw0ORBtHdEWIQSOD8UD0IEA\n" +
|
|
||||||
"KivIYKEc/DQ5EG0d0QKeAQKbAQUWAgMBAAQLCQgHBRUKCQgLApkBAAAt+AD/Y6hU\n" +
|
|
||||||
"4TQNBXjcRBIfgSgP3YhpMbAGWiNB7HC3rqBAjqAA/RY3DtU7SNFIxdcL0QBrqC+j\n" +
|
|
||||||
"64DUP5ABPvs8s2l5WwwCuDgEYwdeUBIKKwYBBAGXVQEFAQEHQB0D56rWcBDTnS4g\n" +
|
|
||||||
"9fcII1KaP1NKSeLPxwo4FEKxa6N/AwEIB4h1BBgWCgAdBQJjB15QAp4BApsMBRYC\n" +
|
|
||||||
"AwEABAsJCAcFFQoJCAsACgkQHPw0ORBtHdGDdgD8DS1IyA0j4mnKPw93BLLnWkt6\n" +
|
|
||||||
"Tc8tEc1Yy3fddhaGXXMBAIMu6ww43TM2EdQM/2orh8MhDZaBdDnD4egQ1ES4zxYJ\n" +
|
|
||||||
"uDMEYwdeUBYJKwYBBAHaRw8BAQdAw/Pfecs1QEMAuTY8wGqEgpigYFx6GLHSqpgJ\n" +
|
|
||||||
"kVds4huI1QQYFgoAfQUCYwdeUAKeAQKbAgUWAgMBAAQLCQgHBRUKCQgLXyAEGRYK\n" +
|
|
||||||
"AAYFAmMHXlAACgkQ7w672pGfj8uTgAEA5NQws5M8v2y+bKgeZ5UpiHikv3b/7Ouw\n" +
|
|
||||||
"0vYqHwFfv8UA+wTf83cnkwHZkTLM1JTzhJMbcCpr7Yja7jDnwJ4vx5EIAAoJEBz8\n" +
|
|
||||||
"NDkQbR3RAGYBAO8dHUj8HhUGoy7jjBzDVzOqoWiO/UpAwROcsJ9TlDhzAP4y3qY2\n" +
|
|
||||||
"hcAMAJyfDY/e7m7c2gVDS/a8VJoKgHFXNRCuCg==\n" +
|
|
||||||
"=H6OY\n" +
|
|
||||||
"-----END PGP PUBLIC KEY BLOCK-----";
|
|
||||||
|
|
||||||
private static final KeyMaterialReader reader = new KeyMaterialReader();
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testOverrideExisting() throws IOException, BadDataException {
|
|
||||||
KeyMaterialMerger merger = MergeCallbacks.overrideExisting();
|
|
||||||
KeyMaterial existing = parse(CERT);
|
|
||||||
KeyMaterial update = parse(KEY);
|
|
||||||
|
|
||||||
assertSame(update, merger.merge(update, existing));
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testOverrideExistingNull() throws IOException, BadDataException {
|
|
||||||
KeyMaterialMerger merger = MergeCallbacks.overrideExisting();
|
|
||||||
KeyMaterial existing = null;
|
|
||||||
KeyMaterial update = parse(KEY);
|
|
||||||
|
|
||||||
assertSame(update, merger.merge(update, existing));
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testOverrideExistingWithNull() throws IOException, BadDataException {
|
|
||||||
KeyMaterialMerger merger = MergeCallbacks.overrideExisting();
|
|
||||||
KeyMaterial existing = parse(CERT);
|
|
||||||
KeyMaterial update = null;
|
|
||||||
|
|
||||||
assertNull(merger.merge(update, existing));
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testMergeExistingCertWithSelf() throws BadDataException, IOException {
|
|
||||||
KeyMaterialMerger merger = MergeCallbacks.mergeWithExisting();
|
|
||||||
KeyMaterial existing = parse(CERT);
|
|
||||||
KeyMaterial update = parse(CERT);
|
|
||||||
|
|
||||||
assertEncodingEquals(existing, merger.merge(update, existing));
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testMergeExistingCertWithNull() throws BadDataException, IOException {
|
|
||||||
KeyMaterialMerger merger = MergeCallbacks.mergeWithExisting();
|
|
||||||
KeyMaterial existing = parse(CERT);
|
|
||||||
|
|
||||||
assertEncodingEquals(existing, merger.merge(null, existing));
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testMergeNullWithCert() throws BadDataException, IOException {
|
|
||||||
KeyMaterialMerger merger = MergeCallbacks.mergeWithExisting();
|
|
||||||
KeyMaterial update = parse(CERT);
|
|
||||||
|
|
||||||
assertEncodingEquals(update, merger.merge(update, null));
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testMergeCertWithUpdate() throws BadDataException, IOException {
|
|
||||||
KeyMaterialMerger merger = MergeCallbacks.mergeWithExisting();
|
|
||||||
KeyMaterial existing = parse(CERT);
|
|
||||||
KeyMaterial update = parse(CERT_WITH_SIG);
|
|
||||||
|
|
||||||
assertEncodingEquals(update, merger.merge(update, existing));
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testMergeUpdateWithCert() throws BadDataException, IOException {
|
|
||||||
KeyMaterialMerger merger = MergeCallbacks.mergeWithExisting();
|
|
||||||
KeyMaterial existing = parse(CERT_WITH_SIG);
|
|
||||||
KeyMaterial update = parse(CERT);
|
|
||||||
|
|
||||||
assertEncodingEquals(existing, merger.merge(update, existing));
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testMergeKeyWithCert() throws BadDataException, IOException {
|
|
||||||
KeyMaterialMerger merger = MergeCallbacks.mergeWithExisting();
|
|
||||||
KeyMaterial existing = parse(KEY);
|
|
||||||
KeyMaterial update = parse(CERT);
|
|
||||||
|
|
||||||
assertEncodingEquals(existing, merger.merge(update, existing));
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testMergeCertWithKey() throws BadDataException, IOException {
|
|
||||||
KeyMaterialMerger merger = MergeCallbacks.mergeWithExisting();
|
|
||||||
KeyMaterial existing = parse(CERT);
|
|
||||||
KeyMaterial update = parse(KEY);
|
|
||||||
|
|
||||||
assertEncodingEquals(update, merger.merge(update, existing));
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testMergeKeyWithUpdateCert() throws BadDataException, IOException {
|
|
||||||
KeyMaterialMerger merger = MergeCallbacks.mergeWithExisting();
|
|
||||||
KeyMaterial existing = parse(KEY);
|
|
||||||
KeyMaterial update = parse(CERT_WITH_SIG);
|
|
||||||
KeyMaterial expected = parse(KEY_WITH_SIG);
|
|
||||||
assertEncodingEquals(expected, merger.merge(update, existing));
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testMergeUpdateCertWithKey() throws BadDataException, IOException {
|
|
||||||
KeyMaterialMerger merger = MergeCallbacks.mergeWithExisting();
|
|
||||||
KeyMaterial existing = parse(CERT_WITH_SIG);
|
|
||||||
KeyMaterial update = parse(KEY);
|
|
||||||
KeyMaterial expected = parse(KEY_WITH_SIG);
|
|
||||||
|
|
||||||
assertEncodingEquals(expected, merger.merge(update, existing));
|
|
||||||
}
|
|
||||||
|
|
||||||
private static KeyMaterial parse(String encoding) throws BadDataException, IOException {
|
|
||||||
return reader.read(new ByteArrayInputStream(encoding.getBytes(Charset.forName("UTF8"))), null);
|
|
||||||
}
|
|
||||||
|
|
||||||
private static void assertEncodingEquals(KeyMaterial one, KeyMaterial two) throws IOException {
|
|
||||||
ByteArrayOutputStream oneOut = new ByteArrayOutputStream();
|
|
||||||
ByteArrayOutputStream twoOut = new ByteArrayOutputStream();
|
|
||||||
|
|
||||||
Streams.pipeAll(one.getInputStream(), oneOut);
|
|
||||||
Streams.pipeAll(two.getInputStream(), twoOut);
|
|
||||||
|
|
||||||
assertArrayEquals(oneOut.toByteArray(), twoOut.toByteArray());
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -4,16 +4,9 @@
|
||||||
|
|
||||||
allprojects {
|
allprojects {
|
||||||
ext {
|
ext {
|
||||||
shortVersion = '0.2.3'
|
shortVersion = '0.1.0'
|
||||||
isSnapshot = true
|
isSnapshot = false
|
||||||
minAndroidSdk = 10
|
minAndroidSdk = 10
|
||||||
javaSourceCompatibility = 1.8
|
javaSourceCompatibility = 1.8
|
||||||
slf4jVersion = '1.7.36'
|
|
||||||
logbackVersion = '1.2.11'
|
|
||||||
junitVersion = '5.8.2'
|
|
||||||
mockitoVersion = '4.5.1'
|
|
||||||
pgpainlessVersion = '1.5.6'
|
|
||||||
pgpCertDJavaVersion = '0.2.2'
|
|
||||||
picocliVersion = '4.6.3'
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue