mirror of
https://github.com/pgpainless/pgpainless.git
synced 2024-12-02 01:02:08 +01:00
Deprecate Policy.*.default*Policy() methods in favor of methods with more expressive names
You cannot tell, what defaultHashAlgorithmPolicy() really means. Therefore the default methods were deprecated in favor for more expressive methods
This commit is contained in:
parent
b980fcd7b1
commit
2b37c4c9cb
1 changed files with 65 additions and 8 deletions
|
@ -31,17 +31,17 @@ public final class Policy {
|
||||||
private static Policy INSTANCE;
|
private static Policy INSTANCE;
|
||||||
|
|
||||||
private HashAlgorithmPolicy signatureHashAlgorithmPolicy =
|
private HashAlgorithmPolicy signatureHashAlgorithmPolicy =
|
||||||
HashAlgorithmPolicy.defaultSignatureAlgorithmPolicy();
|
HashAlgorithmPolicy.smartSignatureHashAlgorithmPolicy();
|
||||||
private HashAlgorithmPolicy revocationSignatureHashAlgorithmPolicy =
|
private HashAlgorithmPolicy revocationSignatureHashAlgorithmPolicy =
|
||||||
HashAlgorithmPolicy.defaultRevocationSignatureHashAlgorithmPolicy();
|
HashAlgorithmPolicy.smartSignatureHashAlgorithmPolicy();
|
||||||
private SymmetricKeyAlgorithmPolicy symmetricKeyEncryptionAlgorithmPolicy =
|
private SymmetricKeyAlgorithmPolicy symmetricKeyEncryptionAlgorithmPolicy =
|
||||||
SymmetricKeyAlgorithmPolicy.defaultSymmetricKeyEncryptionAlgorithmPolicy();
|
SymmetricKeyAlgorithmPolicy.symmetricKeyEncryptionPolicy2022();
|
||||||
private SymmetricKeyAlgorithmPolicy symmetricKeyDecryptionAlgorithmPolicy =
|
private SymmetricKeyAlgorithmPolicy symmetricKeyDecryptionAlgorithmPolicy =
|
||||||
SymmetricKeyAlgorithmPolicy.defaultSymmetricKeyDecryptionAlgorithmPolicy();
|
SymmetricKeyAlgorithmPolicy.symmetricKeyDecryptionPolicy2022();
|
||||||
private CompressionAlgorithmPolicy compressionAlgorithmPolicy =
|
private CompressionAlgorithmPolicy compressionAlgorithmPolicy =
|
||||||
CompressionAlgorithmPolicy.defaultCompressionAlgorithmPolicy();
|
CompressionAlgorithmPolicy.anyCompressionAlgorithmPolicy();
|
||||||
private PublicKeyAlgorithmPolicy publicKeyAlgorithmPolicy =
|
private PublicKeyAlgorithmPolicy publicKeyAlgorithmPolicy =
|
||||||
PublicKeyAlgorithmPolicy.defaultPublicKeyAlgorithmPolicy();
|
PublicKeyAlgorithmPolicy.bsi2021PublicKeyAlgorithmPolicy();
|
||||||
private final NotationRegistry notationRegistry = new NotationRegistry();
|
private final NotationRegistry notationRegistry = new NotationRegistry();
|
||||||
|
|
||||||
private AlgorithmSuite keyGenerationAlgorithmSuite = AlgorithmSuite.getDefaultAlgorithmSuite();
|
private AlgorithmSuite keyGenerationAlgorithmSuite = AlgorithmSuite.getDefaultAlgorithmSuite();
|
||||||
|
@ -249,8 +249,20 @@ public final class Policy {
|
||||||
* The default symmetric encryption algorithm policy of PGPainless.
|
* The default symmetric encryption algorithm policy of PGPainless.
|
||||||
*
|
*
|
||||||
* @return default symmetric encryption algorithm policy
|
* @return default symmetric encryption algorithm policy
|
||||||
|
* @deprecated not expressive - will be removed in a future release
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public static SymmetricKeyAlgorithmPolicy defaultSymmetricKeyEncryptionAlgorithmPolicy() {
|
public static SymmetricKeyAlgorithmPolicy defaultSymmetricKeyEncryptionAlgorithmPolicy() {
|
||||||
|
return symmetricKeyEncryptionPolicy2022();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Policy for symmetric encryption algorithms in the context of message production (encryption).
|
||||||
|
* This suite contains algorithms that are deemed safe to use in 2022.
|
||||||
|
*
|
||||||
|
* @return 2022 symmetric key encryption algorithm policy
|
||||||
|
*/
|
||||||
|
public static SymmetricKeyAlgorithmPolicy symmetricKeyEncryptionPolicy2022() {
|
||||||
return new SymmetricKeyAlgorithmPolicy(SymmetricKeyAlgorithm.AES_256, Arrays.asList(
|
return new SymmetricKeyAlgorithmPolicy(SymmetricKeyAlgorithm.AES_256, Arrays.asList(
|
||||||
// Reject: Unencrypted, IDEA, TripleDES, CAST5, Blowfish
|
// Reject: Unencrypted, IDEA, TripleDES, CAST5, Blowfish
|
||||||
SymmetricKeyAlgorithm.AES_256,
|
SymmetricKeyAlgorithm.AES_256,
|
||||||
|
@ -267,8 +279,20 @@ public final class Policy {
|
||||||
* The default symmetric decryption algorithm policy of PGPainless.
|
* The default symmetric decryption algorithm policy of PGPainless.
|
||||||
*
|
*
|
||||||
* @return default symmetric decryption algorithm policy
|
* @return default symmetric decryption algorithm policy
|
||||||
|
* @deprecated not expressive - will be removed in a future update
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public static SymmetricKeyAlgorithmPolicy defaultSymmetricKeyDecryptionAlgorithmPolicy() {
|
public static SymmetricKeyAlgorithmPolicy defaultSymmetricKeyDecryptionAlgorithmPolicy() {
|
||||||
|
return symmetricKeyDecryptionPolicy2022();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Policy for symmetric key encryption algorithms in the context of message consumption (decryption).
|
||||||
|
* This suite contains algorithms that are deemed safe to use in 2022.
|
||||||
|
*
|
||||||
|
* @return 2022 symmetric key decryption algorithm policy
|
||||||
|
*/
|
||||||
|
public static SymmetricKeyAlgorithmPolicy symmetricKeyDecryptionPolicy2022() {
|
||||||
return new SymmetricKeyAlgorithmPolicy(SymmetricKeyAlgorithm.AES_256, Arrays.asList(
|
return new SymmetricKeyAlgorithmPolicy(SymmetricKeyAlgorithm.AES_256, Arrays.asList(
|
||||||
// Reject: Unencrypted, IDEA, TripleDES, Blowfish
|
// Reject: Unencrypted, IDEA, TripleDES, Blowfish
|
||||||
SymmetricKeyAlgorithm.CAST5,
|
SymmetricKeyAlgorithm.CAST5,
|
||||||
|
@ -414,7 +438,9 @@ public final class Policy {
|
||||||
* For revocation signatures {@link #defaultRevocationSignatureHashAlgorithmPolicy()} is used instead.
|
* For revocation signatures {@link #defaultRevocationSignatureHashAlgorithmPolicy()} is used instead.
|
||||||
*
|
*
|
||||||
* @return default signature hash algorithm policy
|
* @return default signature hash algorithm policy
|
||||||
|
* @deprecated not expressive - will be removed in an upcoming release
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public static HashAlgorithmPolicy defaultSignatureAlgorithmPolicy() {
|
public static HashAlgorithmPolicy defaultSignatureAlgorithmPolicy() {
|
||||||
return smartSignatureHashAlgorithmPolicy();
|
return smartSignatureHashAlgorithmPolicy();
|
||||||
}
|
}
|
||||||
|
@ -453,7 +479,7 @@ public final class Policy {
|
||||||
*
|
*
|
||||||
* @return static signature algorithm policy
|
* @return static signature algorithm policy
|
||||||
*/
|
*/
|
||||||
public static HashAlgorithmPolicy static2022SignatureAlgorithmPolicy() {
|
public static HashAlgorithmPolicy static2022SignatureHashAlgorithmPolicy() {
|
||||||
return new HashAlgorithmPolicy(HashAlgorithm.SHA512, Arrays.asList(
|
return new HashAlgorithmPolicy(HashAlgorithm.SHA512, Arrays.asList(
|
||||||
HashAlgorithm.SHA224,
|
HashAlgorithm.SHA224,
|
||||||
HashAlgorithm.SHA256,
|
HashAlgorithm.SHA256,
|
||||||
|
@ -466,7 +492,9 @@ public final class Policy {
|
||||||
* The default revocation signature hash algorithm policy of PGPainless.
|
* The default revocation signature hash algorithm policy of PGPainless.
|
||||||
*
|
*
|
||||||
* @return default revocation signature hash algorithm policy
|
* @return default revocation signature hash algorithm policy
|
||||||
|
* @deprecated not expressive - will be removed in an upcoming release
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public static HashAlgorithmPolicy defaultRevocationSignatureHashAlgorithmPolicy() {
|
public static HashAlgorithmPolicy defaultRevocationSignatureHashAlgorithmPolicy() {
|
||||||
return smartSignatureHashAlgorithmPolicy();
|
return smartSignatureHashAlgorithmPolicy();
|
||||||
}
|
}
|
||||||
|
@ -517,7 +545,25 @@ public final class Policy {
|
||||||
return acceptableCompressionAlgorithms.contains(compressionAlgorithm);
|
return acceptableCompressionAlgorithms.contains(compressionAlgorithm);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Default {@link CompressionAlgorithmPolicy} of PGPainless.
|
||||||
|
* The default compression algorithm policy accepts any compression algorithm.
|
||||||
|
*
|
||||||
|
* @return default algorithm policy
|
||||||
|
* @deprecated not expressive - might be removed in a future release
|
||||||
|
*/
|
||||||
|
@Deprecated
|
||||||
public static CompressionAlgorithmPolicy defaultCompressionAlgorithmPolicy() {
|
public static CompressionAlgorithmPolicy defaultCompressionAlgorithmPolicy() {
|
||||||
|
return anyCompressionAlgorithmPolicy();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Policy that accepts any known compression algorithm and offers {@link CompressionAlgorithm#ZIP} as
|
||||||
|
* default algorithm.
|
||||||
|
*
|
||||||
|
* @return compression algorithm policy
|
||||||
|
*/
|
||||||
|
public static CompressionAlgorithmPolicy anyCompressionAlgorithmPolicy() {
|
||||||
return new CompressionAlgorithmPolicy(CompressionAlgorithm.ZIP, Arrays.asList(
|
return new CompressionAlgorithmPolicy(CompressionAlgorithm.ZIP, Arrays.asList(
|
||||||
CompressionAlgorithm.UNCOMPRESSED,
|
CompressionAlgorithm.UNCOMPRESSED,
|
||||||
CompressionAlgorithm.ZIP,
|
CompressionAlgorithm.ZIP,
|
||||||
|
@ -556,6 +602,17 @@ public final class Policy {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Return PGPainless' default public key algorithm policy.
|
* Return PGPainless' default public key algorithm policy.
|
||||||
|
* This policy is based upon recommendations made by the German Federal Office for Information Security (BSI).
|
||||||
|
*
|
||||||
|
* @return default algorithm policy
|
||||||
|
* @deprecated not expressive - might be removed in a future release
|
||||||
|
*/
|
||||||
|
@Deprecated
|
||||||
|
public static PublicKeyAlgorithmPolicy defaultPublicKeyAlgorithmPolicy() {
|
||||||
|
return bsi2021PublicKeyAlgorithmPolicy();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
* This policy is based upon recommendations made by the German Federal Office for Information Security (BSI).
|
* This policy is based upon recommendations made by the German Federal Office for Information Security (BSI).
|
||||||
*
|
*
|
||||||
* Basically this policy requires keys based on elliptic curves to have a bit strength of at least 250,
|
* Basically this policy requires keys based on elliptic curves to have a bit strength of at least 250,
|
||||||
|
@ -567,7 +624,7 @@ public final class Policy {
|
||||||
*
|
*
|
||||||
* @return default algorithm policy
|
* @return default algorithm policy
|
||||||
*/
|
*/
|
||||||
public static PublicKeyAlgorithmPolicy defaultPublicKeyAlgorithmPolicy() {
|
public static PublicKeyAlgorithmPolicy bsi2021PublicKeyAlgorithmPolicy() {
|
||||||
Map<PublicKeyAlgorithm, Integer> minimalBitStrengths = new EnumMap<>(PublicKeyAlgorithm.class);
|
Map<PublicKeyAlgorithm, Integer> minimalBitStrengths = new EnumMap<>(PublicKeyAlgorithm.class);
|
||||||
// §5.4.1
|
// §5.4.1
|
||||||
minimalBitStrengths.put(PublicKeyAlgorithm.RSA_GENERAL, 2000);
|
minimalBitStrengths.put(PublicKeyAlgorithm.RSA_GENERAL, 2000);
|
||||||
|
|
Loading…
Reference in a new issue