diff --git a/pgpainless-core/src/main/kotlin/org/pgpainless/decryption_verification/OpenPgpMessageInputStream.kt b/pgpainless-core/src/main/kotlin/org/pgpainless/decryption_verification/OpenPgpMessageInputStream.kt index 7e059b48..b823fdaf 100644 --- a/pgpainless-core/src/main/kotlin/org/pgpainless/decryption_verification/OpenPgpMessageInputStream.kt +++ b/pgpainless-core/src/main/kotlin/org/pgpainless/decryption_verification/OpenPgpMessageInputStream.kt @@ -9,6 +9,7 @@ import org.bouncycastle.bcpg.BCPGInputStream import org.bouncycastle.bcpg.UnsupportedPacketVersionException import org.bouncycastle.extensions.getPublicKeyFor import org.bouncycastle.extensions.getSecretKeyFor +import org.bouncycastle.extensions.issuerKeyId import org.bouncycastle.extensions.unlock import org.bouncycastle.openpgp.* import org.bouncycastle.openpgp.operator.PBEDataDecryptorFactory @@ -26,7 +27,6 @@ import org.pgpainless.implementation.ImplementationFactory import org.pgpainless.key.SubkeyIdentifier import org.pgpainless.key.util.KeyRingUtils import org.pgpainless.policy.Policy -import org.pgpainless.signature.SignatureUtils import org.pgpainless.signature.consumer.CertificateValidator import org.pgpainless.signature.consumer.OnePassSignatureCheck import org.pgpainless.signature.consumer.SignatureCheck @@ -197,7 +197,7 @@ class OpenPgpMessageInputStream( return } - val keyId = SignatureUtils.determineIssuerKeyId(signature) + val keyId = signature.issuerKeyId if (isSigForOps) { LOGGER.debug("Signature Packet corresponding to One-Pass-Signature by key ${keyId.openPgpKeyId()} at depth ${layerMetadata.depth} encountered.") signatures.leaveNesting() // TODO: Only leave nesting if all OPSs of the nesting layer are dealt with @@ -632,7 +632,7 @@ class OpenPgpMessageInputStream( fun addDetachedSignature(signature: PGPSignature) { val check = initializeSignature(signature) - val keyId = SignatureUtils.determineIssuerKeyId(signature) + val keyId = signature.issuerKeyId if (check != null) { detachedSignatures.add(check) } else { @@ -644,7 +644,7 @@ class OpenPgpMessageInputStream( fun addPrependedSignature(signature: PGPSignature) { val check = initializeSignature(signature) - val keyId = SignatureUtils.determineIssuerKeyId(signature) + val keyId = signature.issuerKeyId if (check != null) { prependedSignatures.add(check) } else { @@ -682,7 +682,7 @@ class OpenPgpMessageInputStream( fun addCorrespondingOnePassSignature(signature: PGPSignature, layer: Layer, policy: Policy) { var found = false - val keyId = SignatureUtils.determineIssuerKeyId(signature) + val keyId = signature.issuerKeyId for ((i, check) in onePassSignatures.withIndex().reversed()) { if (check.onePassSignature.keyID != keyId) { continue diff --git a/pgpainless-core/src/main/kotlin/org/pgpainless/key/info/KeyRingInfo.kt b/pgpainless-core/src/main/kotlin/org/pgpainless/key/info/KeyRingInfo.kt index df6023c4..6ccdc81d 100644 --- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/info/KeyRingInfo.kt +++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/info/KeyRingInfo.kt @@ -14,17 +14,12 @@ import org.pgpainless.key.OpenPgpFingerprint import org.pgpainless.key.SubkeyIdentifier import org.pgpainless.key.util.KeyRingUtils import org.pgpainless.policy.Policy -import org.pgpainless.signature.SignatureUtils -import org.pgpainless.signature.SignatureUtils.Companion.isHardRevocation -import org.pgpainless.signature.SignatureUtils.Companion.isSignatureExpired import org.pgpainless.signature.consumer.SignaturePicker import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil.Companion.getKeyExpirationTimeAsDate import org.pgpainless.util.DateUtil import org.slf4j.LoggerFactory -import java.security.Key import java.util.* -import kotlin.NoSuchElementException class KeyRingInfo( val keys: PGPKeyRing, @@ -237,7 +232,7 @@ class KeyRingInfo( if (publicKey.keyID == keyId) return primaryKeyExpirationDate val subkey = getPublicKey(keyId) ?: throw NoSuchElementException("No subkey with key-ID ${keyId.openPgpKeyId()} found.") val bindingSig = getCurrentSubkeyBindingSignature(keyId) ?: throw AssertionError("Subkey has no valid binding signature.") - return SignatureUtils.getKeyExpirationDate(subkey.creationTime, bindingSig) + return bindingSig.getKeyExpirationDate(subkey.creationTime) } /** @@ -560,7 +555,7 @@ class KeyRingInfo( // Primary key -> Check Primary Key Revocation if (publicKey.keyID == this.publicKey.keyID) { - return if (signatures.primaryKeyRevocation != null && isHardRevocation(signatures.primaryKeyRevocation)) { + return if (signatures.primaryKeyRevocation != null && signatures.primaryKeyRevocation.isHardRevocation) { false } else signatures.primaryKeyRevocation == null } @@ -570,18 +565,18 @@ class KeyRingInfo( val revocation = signatures.subkeyRevocations[keyId] // No valid binding - if (binding == null || isSignatureExpired(binding)) { + if (binding == null || binding.isExpired(referenceDate)) { return false } // Revocation return if (revocation != null) { - if (isHardRevocation(revocation)) { + if (revocation.isHardRevocation) { // Subkey is hard revoked false } else { // Key is soft-revoked, not yet re-bound - (isSignatureExpired(revocation) || !revocation.creationTime.after(binding.creationTime)) + (revocation.isExpired(referenceDate) || !revocation.creationTime.after(binding.creationTime)) } } else true } diff --git a/pgpainless-core/src/main/kotlin/org/pgpainless/signature/SignatureUtils.kt b/pgpainless-core/src/main/kotlin/org/pgpainless/signature/SignatureUtils.kt index 0edb6d71..492c4fe4 100644 --- a/pgpainless-core/src/main/kotlin/org/pgpainless/signature/SignatureUtils.kt +++ b/pgpainless-core/src/main/kotlin/org/pgpainless/signature/SignatureUtils.kt @@ -10,16 +10,13 @@ import org.bouncycastle.extensions.* import org.bouncycastle.openpgp.* import org.bouncycastle.util.encoders.Hex import org.bouncycastle.util.io.Streams -import org.pgpainless.algorithm.SignatureType import org.pgpainless.implementation.ImplementationFactory import org.pgpainless.key.OpenPgpFingerprint import org.pgpainless.key.util.RevocationAttributes.Reason -import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil import org.pgpainless.util.ArmorUtils import java.io.IOException import java.io.InputStream import java.util.* -import kotlin.math.sign const val MAX_ITERATIONS = 10000 @@ -36,21 +33,21 @@ class SignatureUtils { */ @JvmStatic @Deprecated("Deprecated in favor of PGPSignature extension method.", - ReplaceWith("signature.getKeyExpirationDate(keyCreationDate)")) + ReplaceWith("signature.getKeyExpirationDate(keyCreationDate)", "org.bouncycastle.extensions.getKeyExpirationDate")) fun getKeyExpirationDate(keyCreationDate: Date, signature: PGPSignature): Date? { return signature.getKeyExpirationDate(keyCreationDate) } /** * Return the expiration date of the signature. - * If the signature has no expiration date, [datePlusSeconds] will return null. + * If the signature has no expiration date, this will return null. * * @param signature signature * @return expiration date of the signature, or null if it does not expire. */ @JvmStatic @Deprecated("Deprecated in favor of PGPSignature extension method.", - ReplaceWith("signature.signatureExpirationDate")) + ReplaceWith("signature.signatureExpirationDate", "org.bouncycastle.extensions.signatureExpirationDate")) fun getSignatureExpirationDate(signature: PGPSignature): Date? = signature.signatureExpirationDate /** @@ -65,7 +62,7 @@ class SignatureUtils { */ @JvmStatic @Deprecated("Deprecated in favor of Date extension method.", - ReplaceWith("date.plusSeconds(seconds)")) + ReplaceWith("date.plusSeconds(seconds)", "openpgp.plusSeconds")) fun datePlusSeconds(date: Date, seconds: Long): Date? { return date.plusSeconds(seconds) } @@ -79,7 +76,7 @@ class SignatureUtils { */ @JvmStatic @Deprecated("Deprecated in favor of PGPSignature extension method.", - ReplaceWith("signature.isExpired()")) + ReplaceWith("signature.isExpired()", "org.bouncycastle.extensions.isExpired")) fun isSignatureExpired(signature: PGPSignature): Boolean { return signature.isExpired() } @@ -94,7 +91,7 @@ class SignatureUtils { */ @JvmStatic @Deprecated("Deprecated in favor of PGPSignature extension method.", - ReplaceWith("signature.isExpired(referenceTime)")) + ReplaceWith("signature.isExpired(referenceTime)", "org.bouncycastle.extensions.isExpired")) fun isSignatureExpired(signature: PGPSignature, referenceTime: Date): Boolean { return signature.isExpired(referenceTime) } @@ -109,7 +106,7 @@ class SignatureUtils { */ @JvmStatic @Deprecated("Deprecated in favor of PGPSignature extension function.", - ReplaceWith("signature.isHardRevocation()")) + ReplaceWith("signature.isHardRevocation", "org.bouncycastle.extensions.isHardRevocation")) fun isHardRevocation(signature: PGPSignature): Boolean { return signature.isHardRevocation } @@ -179,7 +176,7 @@ class SignatureUtils { */ @JvmStatic @Deprecated("Deprecated in favor of PGPSignature extension method.", - ReplaceWith("signature.issuerKeyId")) + ReplaceWith("signature.issuerKeyId", "org.bouncycastle.extensions.issuerKeyId")) fun determineIssuerKeyId(signature: PGPSignature): Long { return signature.issuerKeyId } @@ -197,14 +194,14 @@ class SignatureUtils { @JvmStatic @Deprecated("Deprecated in favor of PGPSignature extension method", - ReplaceWith("signature.wasIssuedBy(fingerprint)")) + ReplaceWith("signature.wasIssuedBy(fingerprint)", "org.bouncycastle.extensions.wasIssuedBy")) fun wasIssuedBy(fingerprint: ByteArray, signature: PGPSignature): Boolean { return signature.wasIssuedBy(fingerprint) } @JvmStatic @Deprecated("Deprecated in favor of PGPSignature extension method", - ReplaceWith("signature.wasIssuedBy(fingerprint)")) + ReplaceWith("signature.wasIssuedBy(fingerprint)", "org.bouncycastle.extensions.wasIssuedBy")) fun wasIssuedBy(fingerprint: OpenPgpFingerprint, signature: PGPSignature): Boolean { return signature.wasIssuedBy(fingerprint) } diff --git a/pgpainless-core/src/main/kotlin/org/pgpainless/signature/subpackets/SignatureSubpacketsUtil.kt b/pgpainless-core/src/main/kotlin/org/pgpainless/signature/subpackets/SignatureSubpacketsUtil.kt index 172ef32f..2cf79d72 100644 --- a/pgpainless-core/src/main/kotlin/org/pgpainless/signature/subpackets/SignatureSubpacketsUtil.kt +++ b/pgpainless-core/src/main/kotlin/org/pgpainless/signature/subpackets/SignatureSubpacketsUtil.kt @@ -5,6 +5,7 @@ package org.pgpainless.signature.subpackets import openpgp.openPgpKeyId +import openpgp.plusSeconds import org.bouncycastle.bcpg.sig.* import org.bouncycastle.openpgp.PGPPublicKey import org.bouncycastle.openpgp.PGPSignature @@ -116,7 +117,7 @@ class SignatureSubpacketsUtil { @JvmStatic fun getSignatureExpirationTimeAsDate(signature: PGPSignature): Date? = getSignatureExpirationTime(signature)?.let { - SignatureUtils.datePlusSeconds(signature.creationTime, it.time) + signature.creationTime.plusSeconds(it.time) } /** @@ -146,7 +147,7 @@ class SignatureSubpacketsUtil { "Provided key (${signingKey.keyID.openPgpKeyId()}) did not create the signature (${signature.keyID.openPgpKeyId()})" }.run { getKeyExpirationTime(signature)?.let { - SignatureUtils.datePlusSeconds(signingKey.creationTime, it.time) + signingKey.creationTime.plusSeconds(it.time) } }