mirror of
https://github.com/pgpainless/pgpainless.git
synced 2024-12-23 03:17:58 +01:00
Restructured API
This commit is contained in:
parent
b8a376f86a
commit
3438b7259a
6 changed files with 97 additions and 58 deletions
|
@ -14,36 +14,60 @@ import org.bouncycastle.openpgp.PGPSignature;
|
|||
import org.pgpainless.algorithm.KeyFlag;
|
||||
import org.pgpainless.exception.WrongPassphraseException;
|
||||
import org.pgpainless.key.protection.SecretKeyRingProtector;
|
||||
import org.pgpainless.signature.subpackets.BindingSignatureCallback;
|
||||
import org.pgpainless.signature.subpackets.SelfSignatureCallback;
|
||||
import org.pgpainless.signature.subpackets.SelfSignatureSubpackets;
|
||||
|
||||
public class SignatureBuilder {
|
||||
public final class SignatureBuilder {
|
||||
|
||||
public SubkeyBindingSignatureBuilder bindSubkey(
|
||||
private SignatureBuilder() {
|
||||
|
||||
}
|
||||
|
||||
public static SubkeyBindingSignatureBuilder bindNonSigningSubkey(
|
||||
PGPSecretKey primaryKey,
|
||||
SecretKeyRingProtector primaryKeyProtector,
|
||||
@Nullable SelfSignatureSubpackets.Callback subkeyBindingSubpacketsCallback,
|
||||
KeyFlag... flags) throws WrongPassphraseException {
|
||||
if (hasSignDataFlag(flags)) {
|
||||
throw new IllegalArgumentException("Binding a subkey with SIGN_DATA flag requires primary key backsig." +
|
||||
"Please use the method bindSigningSubkey().");
|
||||
}
|
||||
|
||||
return bindSubkey(primaryKey, primaryKeyProtector, subkeyBindingSubpacketsCallback, flags);
|
||||
}
|
||||
|
||||
public static SubkeyBindingSignatureBuilder bindSigningSubkey(
|
||||
PGPSecretKey primaryKey,
|
||||
SecretKeyRingProtector primaryKeyProtector,
|
||||
PGPSecretKey subkey,
|
||||
SecretKeyRingProtector subkeyProtector,
|
||||
@Nullable BindingSignatureCallback subkeyBindingSubpacketsCallback,
|
||||
@Nullable BindingSignatureCallback primaryKeyBindingSubpacketsCallback,
|
||||
@Nullable SelfSignatureSubpackets.Callback subkeyBindingSubpacketsCallback,
|
||||
@Nullable SelfSignatureSubpackets.Callback primaryKeyBindingSubpacketsCallback,
|
||||
KeyFlag... flags)
|
||||
throws PGPException, IOException {
|
||||
if (flags.length == 0) {
|
||||
throw new IllegalArgumentException("Keyflags for subkey binding cannot be empty.");
|
||||
}
|
||||
SubkeyBindingSignatureBuilder subkeyBinder = new SubkeyBindingSignatureBuilder(primaryKey, primaryKeyProtector);
|
||||
|
||||
SelfSignatureSubpackets hashedSubpackets = subkeyBinder.getHashedSubpackets();
|
||||
SelfSignatureSubpackets unhashedSubpackets = subkeyBinder.getUnhashedSubpackets();
|
||||
hashedSubpackets.setKeyFlags(flags);
|
||||
SubkeyBindingSignatureBuilder subkeyBinder = bindSubkey(primaryKey, primaryKeyProtector, subkeyBindingSubpacketsCallback, flags);
|
||||
|
||||
if (hasSignDataFlag(flags)) {
|
||||
PGPSignature backsig = createPrimaryKeyBinding(
|
||||
subkey, subkeyProtector, primaryKeyBindingSubpacketsCallback, primaryKey.getPublicKey());
|
||||
hashedSubpackets.addEmbeddedSignature(backsig);
|
||||
subkeyBinder.getHashedSubpackets().addEmbeddedSignature(backsig);
|
||||
}
|
||||
|
||||
return subkeyBinder;
|
||||
}
|
||||
|
||||
private static SubkeyBindingSignatureBuilder bindSubkey(PGPSecretKey primaryKey,
|
||||
SecretKeyRingProtector primaryKeyProtector,
|
||||
@Nullable SelfSignatureSubpackets.Callback subkeyBindingSubpacketsCallback,
|
||||
KeyFlag... flags) throws WrongPassphraseException {
|
||||
if (flags.length == 0) {
|
||||
throw new IllegalArgumentException("Keyflags for subkey binding cannot be empty.");
|
||||
}
|
||||
SubkeyBindingSignatureBuilder subkeyBinder = new SubkeyBindingSignatureBuilder(primaryKey, primaryKeyProtector);
|
||||
SelfSignatureSubpackets hashedSubpackets = subkeyBinder.getHashedSubpackets();
|
||||
SelfSignatureSubpackets unhashedSubpackets = subkeyBinder.getUnhashedSubpackets();
|
||||
hashedSubpackets.setKeyFlags(flags);
|
||||
|
||||
if (subkeyBindingSubpacketsCallback != null) {
|
||||
subkeyBindingSubpacketsCallback.modifyHashedSubpackets(hashedSubpackets);
|
||||
subkeyBindingSubpacketsCallback.modifyUnhashedSubpackets(unhashedSubpackets);
|
||||
|
@ -52,10 +76,10 @@ public class SignatureBuilder {
|
|||
return subkeyBinder;
|
||||
}
|
||||
|
||||
public PrimaryKeyBindingSignatureBuilder bindPrimaryKey(
|
||||
public static PrimaryKeyBindingSignatureBuilder bindPrimaryKey(
|
||||
PGPSecretKey subkey,
|
||||
SecretKeyRingProtector subkeyProtector,
|
||||
@Nullable BindingSignatureCallback primaryKeyBindingSubpacketsCallback) throws WrongPassphraseException {
|
||||
@Nullable SelfSignatureSubpackets.Callback primaryKeyBindingSubpacketsCallback) throws WrongPassphraseException {
|
||||
PrimaryKeyBindingSignatureBuilder primaryKeyBinder = new PrimaryKeyBindingSignatureBuilder(subkey, subkeyProtector);
|
||||
|
||||
if (primaryKeyBindingSubpacketsCallback != null) {
|
||||
|
@ -66,20 +90,20 @@ public class SignatureBuilder {
|
|||
return primaryKeyBinder;
|
||||
}
|
||||
|
||||
public PGPSignature createPrimaryKeyBinding(
|
||||
public static PGPSignature createPrimaryKeyBinding(
|
||||
PGPSecretKey subkey,
|
||||
SecretKeyRingProtector subkeyProtector,
|
||||
@Nullable BindingSignatureCallback primaryKeyBindingSubpacketsCallback,
|
||||
@Nullable SelfSignatureSubpackets.Callback primaryKeyBindingSubpacketsCallback,
|
||||
PGPPublicKey primaryKey)
|
||||
throws PGPException {
|
||||
return bindPrimaryKey(subkey, subkeyProtector, primaryKeyBindingSubpacketsCallback)
|
||||
.build(primaryKey);
|
||||
}
|
||||
|
||||
public CertificationSignatureBuilder selfCertifyUserId(
|
||||
public static CertificationSignatureBuilder selfCertifyUserId(
|
||||
PGPSecretKey primaryKey,
|
||||
SecretKeyRingProtector primaryKeyProtector,
|
||||
@Nullable SelfSignatureCallback selfSignatureCallback,
|
||||
@Nullable SelfSignatureSubpackets.Callback selfSignatureCallback,
|
||||
KeyFlag... flags) throws WrongPassphraseException {
|
||||
|
||||
CertificationSignatureBuilder certifier = new CertificationSignatureBuilder(primaryKey, primaryKeyProtector);
|
||||
|
@ -91,10 +115,10 @@ public class SignatureBuilder {
|
|||
return certifier;
|
||||
}
|
||||
|
||||
public CertificationSignatureBuilder renewSelfCertification(
|
||||
public static CertificationSignatureBuilder renewSelfCertification(
|
||||
PGPSecretKey primaryKey,
|
||||
SecretKeyRingProtector primaryKeyProtector,
|
||||
@Nullable SelfSignatureCallback selfSignatureCallback,
|
||||
@Nullable SelfSignatureSubpackets.Callback selfSignatureCallback,
|
||||
PGPSignature oldCertification) throws WrongPassphraseException {
|
||||
CertificationSignatureBuilder certifier =
|
||||
new CertificationSignatureBuilder(primaryKey, primaryKeyProtector, oldCertification);
|
||||
|
@ -103,11 +127,11 @@ public class SignatureBuilder {
|
|||
return null;
|
||||
}
|
||||
|
||||
public PGPSignature createUserIdSelfCertification(
|
||||
public static PGPSignature createUserIdSelfCertification(
|
||||
String userId,
|
||||
PGPSecretKey primaryKey,
|
||||
SecretKeyRingProtector primaryKeyProtector,
|
||||
@Nullable SelfSignatureCallback selfSignatureCallback,
|
||||
@Nullable SelfSignatureSubpackets.Callback selfSignatureCallback,
|
||||
KeyFlag... flags)
|
||||
throws PGPException {
|
||||
return selfCertifyUserId(primaryKey, primaryKeyProtector, selfSignatureCallback, flags)
|
||||
|
|
|
@ -1,12 +0,0 @@
|
|||
// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
|
||||
//
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package org.pgpainless.signature.subpackets;
|
||||
|
||||
public interface BindingSignatureCallback {
|
||||
|
||||
void modifyHashedSubpackets(SelfSignatureSubpackets subpackets);
|
||||
|
||||
void modifyUnhashedSubpackets(SelfSignatureSubpackets subpackets);
|
||||
}
|
|
@ -12,6 +12,16 @@ import org.pgpainless.key.util.RevocationAttributes;
|
|||
|
||||
public interface RevocationSignatureSubpackets extends BaseSignatureSubpackets {
|
||||
|
||||
interface Callback {
|
||||
default void modifyHashedSubpackets(RevocationSignatureSubpackets subpackets) {
|
||||
|
||||
}
|
||||
|
||||
default void modifyUnhashedSubpackets(RevocationSignatureSubpackets subpackets) {
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
SignatureSubpacketGeneratorWrapper setRevocationReason(RevocationAttributes revocationAttributes);
|
||||
|
||||
SignatureSubpacketGeneratorWrapper setRevocationReason(boolean isCritical, RevocationAttributes revocationAttributes);
|
||||
|
|
|
@ -1,13 +0,0 @@
|
|||
// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
|
||||
//
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package org.pgpainless.signature.subpackets;
|
||||
|
||||
public interface SelfSignatureCallback {
|
||||
|
||||
void modifyHashedSubpackets(SelfSignatureSubpackets subpackets);
|
||||
|
||||
void modifyUnhashedSubpackets(SelfSignatureSubpackets subpackets);
|
||||
|
||||
}
|
|
@ -24,6 +24,16 @@ import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
|
|||
|
||||
public interface SelfSignatureSubpackets extends BaseSignatureSubpackets {
|
||||
|
||||
interface Callback {
|
||||
default void modifyHashedSubpackets(SelfSignatureSubpackets subpackets) {
|
||||
|
||||
}
|
||||
|
||||
default void modifyUnhashedSubpackets(SelfSignatureSubpackets subpackets) {
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
SignatureSubpacketGeneratorWrapper setKeyFlags(KeyFlag... keyFlags);
|
||||
|
||||
SignatureSubpacketGeneratorWrapper setKeyFlags(boolean isCritical, KeyFlag... keyFlags);
|
||||
|
|
|
@ -5,12 +5,15 @@
|
|||
package org.pgpainless.signature.builder;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.security.InvalidAlgorithmParameterException;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
|
||||
import org.bouncycastle.bcpg.sig.NotationData;
|
||||
import org.bouncycastle.openpgp.PGPException;
|
||||
import org.bouncycastle.openpgp.PGPPublicKey;
|
||||
import org.bouncycastle.openpgp.PGPSecretKey;
|
||||
|
@ -22,6 +25,8 @@ import org.pgpainless.algorithm.EncryptionPurpose;
|
|||
import org.pgpainless.algorithm.KeyFlag;
|
||||
import org.pgpainless.key.info.KeyRingInfo;
|
||||
import org.pgpainless.key.protection.SecretKeyRingProtector;
|
||||
import org.pgpainless.signature.subpackets.SelfSignatureSubpackets;
|
||||
import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil;
|
||||
import org.pgpainless.util.Passphrase;
|
||||
|
||||
public class SubkeyBindingSignatureBuilderTest {
|
||||
|
@ -36,20 +41,35 @@ public class SubkeyBindingSignatureBuilderTest {
|
|||
|
||||
PGPSecretKeyRing tempSubkeyRing = PGPainless.generateKeyRing()
|
||||
.modernKeyRing("Subkeys", null);
|
||||
PGPPublicKey subkey = PGPainless.inspectKeyRing(tempSubkeyRing)
|
||||
PGPPublicKey subkeyPub = PGPainless.inspectKeyRing(tempSubkeyRing)
|
||||
.getEncryptionSubkeys(EncryptionPurpose.ANY).get(0);
|
||||
PGPSecretKey subkeySec = tempSubkeyRing.getSecretKey(subkeyPub.getKeyID());
|
||||
|
||||
SubkeyBindingSignatureBuilder skbb = new SubkeyBindingSignatureBuilder(secretKey.getSecretKey(), protector);
|
||||
skbb.getHashedSubpackets().addNotationData(false, "testnotation@pgpainless.org", "hello-world");
|
||||
skbb.getHashedSubpackets().setKeyFlags(KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE);
|
||||
PGPSignature binding = skbb.build(subkey);
|
||||
subkey = PGPPublicKey.addCertification(subkey, binding);
|
||||
PGPSecretKey secSubkey = tempSubkeyRing.getSecretKey(subkey.getKeyID());
|
||||
secSubkey = PGPSecretKey.replacePublicKey(secSubkey, subkey);
|
||||
secretKey = PGPSecretKeyRing.insertSecretKey(secretKey, secSubkey);
|
||||
PGPSignature binding = SignatureBuilder.bindNonSigningSubkey(
|
||||
secretKey.getSecretKey(), protector,
|
||||
new SelfSignatureSubpackets.Callback() {
|
||||
@Override
|
||||
public void modifyHashedSubpackets(SelfSignatureSubpackets subpackets) {
|
||||
subpackets.addNotationData(false, "testnotation@pgpainless.org", "hello-world");
|
||||
}
|
||||
}, KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE)
|
||||
.build(subkeyPub);
|
||||
|
||||
subkeyPub = PGPPublicKey.addCertification(subkeyPub, binding);
|
||||
subkeySec = PGPSecretKey.replacePublicKey(subkeySec, subkeyPub);
|
||||
secretKey = PGPSecretKeyRing.insertSecretKey(secretKey, subkeySec);
|
||||
|
||||
info = PGPainless.inspectKeyRing(secretKey);
|
||||
List<PGPPublicKey> nextSubkeys = info.getEncryptionSubkeys(EncryptionPurpose.ANY);
|
||||
assertEquals(previousSubkeys.size() + 1, nextSubkeys.size());
|
||||
subkeyPub = secretKey.getPublicKey(subkeyPub.getKeyID());
|
||||
Iterator<PGPSignature> newBindingSigs = subkeyPub.getSignaturesForKeyID(secretKey.getPublicKey().getKeyID());
|
||||
PGPSignature bindingSig = newBindingSigs.next();
|
||||
assertNotNull(bindingSig);
|
||||
List<NotationData> notations = SignatureSubpacketsUtil.getHashedNotationData(bindingSig);
|
||||
|
||||
assertEquals(1, notations.size());
|
||||
assertEquals("testnotation@pgpainless.org", notations.get(0).getNotationName());
|
||||
assertEquals("hello-world", notations.get(0).getNotationValue());
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue