mirror of
https://github.com/pgpainless/pgpainless.git
synced 2024-12-23 03:17:58 +01:00
Rework user-id revocation to use subpackets callback API
This commit is contained in:
parent
24aebfaf63
commit
25c95804ce
3 changed files with 51 additions and 26 deletions
|
@ -315,7 +315,33 @@ public class SecretKeyRingEditor implements SecretKeyRingEditorInterface {
|
|||
@Override
|
||||
public SecretKeyRingEditorInterface revokeUserId(String userId,
|
||||
SecretKeyRingProtector secretKeyRingProtector,
|
||||
RevocationAttributes revocationAttributes)
|
||||
@Nullable RevocationAttributes revocationAttributes)
|
||||
throws PGPException {
|
||||
if (revocationAttributes != null) {
|
||||
RevocationAttributes.Reason reason = revocationAttributes.getReason();
|
||||
if (reason != RevocationAttributes.Reason.NO_REASON
|
||||
&& reason != RevocationAttributes.Reason.USER_ID_NO_LONGER_VALID) {
|
||||
throw new IllegalArgumentException("Revocation reason must either be NO_REASON or USER_ID_NO_LONGER_VALID");
|
||||
}
|
||||
}
|
||||
|
||||
RevocationSignatureSubpackets.Callback callback = new RevocationSignatureSubpackets.Callback() {
|
||||
@Override
|
||||
public void modifyHashedSubpackets(RevocationSignatureSubpackets hashedSubpackets) {
|
||||
if (revocationAttributes != null) {
|
||||
hashedSubpackets.setRevocationReason(false, revocationAttributes);
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
return revokeUserId(userId, secretKeyRingProtector, callback);
|
||||
}
|
||||
|
||||
@Override
|
||||
public SecretKeyRingEditorInterface revokeUserId(
|
||||
String userId,
|
||||
SecretKeyRingProtector secretKeyRingProtector,
|
||||
@Nullable RevocationSignatureSubpackets.Callback subpacketCallback)
|
||||
throws PGPException {
|
||||
Iterator<String> userIds = secretKeyRing.getPublicKey().getUserIDs();
|
||||
boolean found = false;
|
||||
|
@ -328,38 +354,23 @@ public class SecretKeyRingEditor implements SecretKeyRingEditorInterface {
|
|||
if (!found) {
|
||||
throw new NoSuchElementException("No user-id '" + userId + "' found on the key.");
|
||||
}
|
||||
return doRevokeUserId(userId, secretKeyRingProtector, revocationAttributes);
|
||||
return doRevokeUserId(userId, secretKeyRingProtector, subpacketCallback);
|
||||
}
|
||||
|
||||
private SecretKeyRingEditorInterface doRevokeUserId(String userId,
|
||||
SecretKeyRingProtector protector,
|
||||
RevocationAttributes revocationAttributes)
|
||||
@Nullable RevocationSignatureSubpackets.Callback callback)
|
||||
throws PGPException {
|
||||
PGPSecretKey primarySecretKey = secretKeyRing.getSecretKey();
|
||||
PGPPublicKey primaryPublicKey = primarySecretKey.getPublicKey();
|
||||
PGPPrivateKey privateKey = UnlockSecretKey.unlockSecretKey(primarySecretKey, protector);
|
||||
RevocationSignatureBuilder signatureBuilder = new RevocationSignatureBuilder(
|
||||
SignatureType.CERTIFICATION_REVOCATION,
|
||||
primarySecretKey,
|
||||
protector);
|
||||
|
||||
PGPSignatureSubpacketGenerator subpacketGenerator = new PGPSignatureSubpacketGenerator();
|
||||
subpacketGenerator.setSignatureCreationTime(false, new Date());
|
||||
subpacketGenerator.setRevocable(false, false);
|
||||
subpacketGenerator.setIssuerFingerprint(false, primarySecretKey);
|
||||
if (revocationAttributes != null) {
|
||||
RevocationAttributes.Reason reason = revocationAttributes.getReason();
|
||||
if (reason != RevocationAttributes.Reason.NO_REASON
|
||||
&& reason != RevocationAttributes.Reason.USER_ID_NO_LONGER_VALID) {
|
||||
throw new IllegalArgumentException("Revocation reason must either be NO_REASON or USER_ID_NO_LONGER_VALID");
|
||||
}
|
||||
subpacketGenerator.setRevocationReason(
|
||||
false,
|
||||
revocationAttributes.getReason().code(),
|
||||
revocationAttributes.getDescription());
|
||||
}
|
||||
signatureBuilder.applyCallback(callback);
|
||||
|
||||
PGPSignatureGenerator signatureGenerator = SignatureUtils.getSignatureGeneratorFor(primarySecretKey);
|
||||
signatureGenerator.setHashedSubpackets(subpacketGenerator.generate());
|
||||
signatureGenerator.init(SignatureType.CERTIFICATION_REVOCATION.getCode(), privateKey);
|
||||
|
||||
PGPSignature revocationSignature = signatureGenerator.generateCertification(userId, primaryPublicKey);
|
||||
PGPSignature revocationSignature = signatureBuilder.build(userId);
|
||||
primaryPublicKey = PGPPublicKey.addCertification(primaryPublicKey, userId, revocationSignature);
|
||||
|
||||
PGPPublicKeyRing publicKeyRing = KeyRingUtils.publicKeyRingFrom(secretKeyRing);
|
||||
|
|
|
@ -190,7 +190,7 @@ public interface SecretKeyRingEditorInterface {
|
|||
default SecretKeyRingEditorInterface revokeUserId(String userId,
|
||||
SecretKeyRingProtector secretKeyRingProtector)
|
||||
throws PGPException {
|
||||
return revokeUserId(userId, secretKeyRingProtector, null);
|
||||
return revokeUserId(userId, secretKeyRingProtector, (RevocationAttributes) null);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -203,9 +203,14 @@ public interface SecretKeyRingEditorInterface {
|
|||
*/
|
||||
SecretKeyRingEditorInterface revokeUserId(String userId,
|
||||
SecretKeyRingProtector secretKeyRingProtector,
|
||||
RevocationAttributes revocationAttributes)
|
||||
@Nullable RevocationAttributes revocationAttributes)
|
||||
throws PGPException;
|
||||
|
||||
SecretKeyRingEditorInterface revokeUserId(String userId,
|
||||
SecretKeyRingProtector secretKeyRingProtector,
|
||||
@Nullable RevocationSignatureSubpackets.Callback subpacketCallback)
|
||||
throws PGPException;
|
||||
|
||||
/**
|
||||
* Set the expiration date for the primary key of the key ring.
|
||||
* If the key is supposed to never expire, then an expiration date of null is expected.
|
||||
|
|
|
@ -20,6 +20,7 @@ public class RevocationSignatureBuilder extends AbstractSignatureBuilder<Revocat
|
|||
|
||||
public RevocationSignatureBuilder(SignatureType signatureType, PGPSecretKey signingKey, SecretKeyRingProtector protector) throws WrongPassphraseException {
|
||||
super(signatureType, signingKey, protector);
|
||||
getHashedSubpackets().setRevocable(true, false);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -60,4 +61,12 @@ public class RevocationSignatureBuilder extends AbstractSignatureBuilder<Revocat
|
|||
return signatureGenerator.generateCertification(publicSigningKey, revokeeSubkey);
|
||||
}
|
||||
}
|
||||
|
||||
public PGPSignature build(String revokeeUserId) throws PGPException {
|
||||
PGPSignatureGenerator signatureGenerator = buildAndInitSignatureGenerator();
|
||||
if (signatureType != SignatureType.CERTIFICATION_REVOCATION) {
|
||||
throw new IllegalArgumentException("Signature type is != CERTIFICATION_REVOCATION.");
|
||||
}
|
||||
return signatureGenerator.generateCertification(revokeeUserId, publicSigningKey);
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue