1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-12-23 03:17:58 +01:00

Migrate further to extension methods

This commit is contained in:
Paul Schaub 2023-09-12 22:07:17 +02:00
parent 68af0a4f0e
commit 4719d6ccea
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
4 changed files with 23 additions and 30 deletions

View file

@ -9,6 +9,7 @@ import org.bouncycastle.bcpg.BCPGInputStream
import org.bouncycastle.bcpg.UnsupportedPacketVersionException import org.bouncycastle.bcpg.UnsupportedPacketVersionException
import org.bouncycastle.extensions.getPublicKeyFor import org.bouncycastle.extensions.getPublicKeyFor
import org.bouncycastle.extensions.getSecretKeyFor import org.bouncycastle.extensions.getSecretKeyFor
import org.bouncycastle.extensions.issuerKeyId
import org.bouncycastle.extensions.unlock import org.bouncycastle.extensions.unlock
import org.bouncycastle.openpgp.* import org.bouncycastle.openpgp.*
import org.bouncycastle.openpgp.operator.PBEDataDecryptorFactory import org.bouncycastle.openpgp.operator.PBEDataDecryptorFactory
@ -26,7 +27,6 @@ import org.pgpainless.implementation.ImplementationFactory
import org.pgpainless.key.SubkeyIdentifier import org.pgpainless.key.SubkeyIdentifier
import org.pgpainless.key.util.KeyRingUtils import org.pgpainless.key.util.KeyRingUtils
import org.pgpainless.policy.Policy import org.pgpainless.policy.Policy
import org.pgpainless.signature.SignatureUtils
import org.pgpainless.signature.consumer.CertificateValidator import org.pgpainless.signature.consumer.CertificateValidator
import org.pgpainless.signature.consumer.OnePassSignatureCheck import org.pgpainless.signature.consumer.OnePassSignatureCheck
import org.pgpainless.signature.consumer.SignatureCheck import org.pgpainless.signature.consumer.SignatureCheck
@ -197,7 +197,7 @@ class OpenPgpMessageInputStream(
return return
} }
val keyId = SignatureUtils.determineIssuerKeyId(signature) val keyId = signature.issuerKeyId
if (isSigForOps) { if (isSigForOps) {
LOGGER.debug("Signature Packet corresponding to One-Pass-Signature by key ${keyId.openPgpKeyId()} at depth ${layerMetadata.depth} encountered.") LOGGER.debug("Signature Packet corresponding to One-Pass-Signature by key ${keyId.openPgpKeyId()} at depth ${layerMetadata.depth} encountered.")
signatures.leaveNesting() // TODO: Only leave nesting if all OPSs of the nesting layer are dealt with signatures.leaveNesting() // TODO: Only leave nesting if all OPSs of the nesting layer are dealt with
@ -632,7 +632,7 @@ class OpenPgpMessageInputStream(
fun addDetachedSignature(signature: PGPSignature) { fun addDetachedSignature(signature: PGPSignature) {
val check = initializeSignature(signature) val check = initializeSignature(signature)
val keyId = SignatureUtils.determineIssuerKeyId(signature) val keyId = signature.issuerKeyId
if (check != null) { if (check != null) {
detachedSignatures.add(check) detachedSignatures.add(check)
} else { } else {
@ -644,7 +644,7 @@ class OpenPgpMessageInputStream(
fun addPrependedSignature(signature: PGPSignature) { fun addPrependedSignature(signature: PGPSignature) {
val check = initializeSignature(signature) val check = initializeSignature(signature)
val keyId = SignatureUtils.determineIssuerKeyId(signature) val keyId = signature.issuerKeyId
if (check != null) { if (check != null) {
prependedSignatures.add(check) prependedSignatures.add(check)
} else { } else {
@ -682,7 +682,7 @@ class OpenPgpMessageInputStream(
fun addCorrespondingOnePassSignature(signature: PGPSignature, layer: Layer, policy: Policy) { fun addCorrespondingOnePassSignature(signature: PGPSignature, layer: Layer, policy: Policy) {
var found = false var found = false
val keyId = SignatureUtils.determineIssuerKeyId(signature) val keyId = signature.issuerKeyId
for ((i, check) in onePassSignatures.withIndex().reversed()) { for ((i, check) in onePassSignatures.withIndex().reversed()) {
if (check.onePassSignature.keyID != keyId) { if (check.onePassSignature.keyID != keyId) {
continue continue

View file

@ -14,17 +14,12 @@ import org.pgpainless.key.OpenPgpFingerprint
import org.pgpainless.key.SubkeyIdentifier import org.pgpainless.key.SubkeyIdentifier
import org.pgpainless.key.util.KeyRingUtils import org.pgpainless.key.util.KeyRingUtils
import org.pgpainless.policy.Policy import org.pgpainless.policy.Policy
import org.pgpainless.signature.SignatureUtils
import org.pgpainless.signature.SignatureUtils.Companion.isHardRevocation
import org.pgpainless.signature.SignatureUtils.Companion.isSignatureExpired
import org.pgpainless.signature.consumer.SignaturePicker import org.pgpainless.signature.consumer.SignaturePicker
import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil
import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil.Companion.getKeyExpirationTimeAsDate import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil.Companion.getKeyExpirationTimeAsDate
import org.pgpainless.util.DateUtil import org.pgpainless.util.DateUtil
import org.slf4j.LoggerFactory import org.slf4j.LoggerFactory
import java.security.Key
import java.util.* import java.util.*
import kotlin.NoSuchElementException
class KeyRingInfo( class KeyRingInfo(
val keys: PGPKeyRing, val keys: PGPKeyRing,
@ -237,7 +232,7 @@ class KeyRingInfo(
if (publicKey.keyID == keyId) return primaryKeyExpirationDate if (publicKey.keyID == keyId) return primaryKeyExpirationDate
val subkey = getPublicKey(keyId) ?: throw NoSuchElementException("No subkey with key-ID ${keyId.openPgpKeyId()} found.") val subkey = getPublicKey(keyId) ?: throw NoSuchElementException("No subkey with key-ID ${keyId.openPgpKeyId()} found.")
val bindingSig = getCurrentSubkeyBindingSignature(keyId) ?: throw AssertionError("Subkey has no valid binding signature.") val bindingSig = getCurrentSubkeyBindingSignature(keyId) ?: throw AssertionError("Subkey has no valid binding signature.")
return SignatureUtils.getKeyExpirationDate(subkey.creationTime, bindingSig) return bindingSig.getKeyExpirationDate(subkey.creationTime)
} }
/** /**
@ -560,7 +555,7 @@ class KeyRingInfo(
// Primary key -> Check Primary Key Revocation // Primary key -> Check Primary Key Revocation
if (publicKey.keyID == this.publicKey.keyID) { if (publicKey.keyID == this.publicKey.keyID) {
return if (signatures.primaryKeyRevocation != null && isHardRevocation(signatures.primaryKeyRevocation)) { return if (signatures.primaryKeyRevocation != null && signatures.primaryKeyRevocation.isHardRevocation) {
false false
} else signatures.primaryKeyRevocation == null } else signatures.primaryKeyRevocation == null
} }
@ -570,18 +565,18 @@ class KeyRingInfo(
val revocation = signatures.subkeyRevocations[keyId] val revocation = signatures.subkeyRevocations[keyId]
// No valid binding // No valid binding
if (binding == null || isSignatureExpired(binding)) { if (binding == null || binding.isExpired(referenceDate)) {
return false return false
} }
// Revocation // Revocation
return if (revocation != null) { return if (revocation != null) {
if (isHardRevocation(revocation)) { if (revocation.isHardRevocation) {
// Subkey is hard revoked // Subkey is hard revoked
false false
} else { } else {
// Key is soft-revoked, not yet re-bound // Key is soft-revoked, not yet re-bound
(isSignatureExpired(revocation) || !revocation.creationTime.after(binding.creationTime)) (revocation.isExpired(referenceDate) || !revocation.creationTime.after(binding.creationTime))
} }
} else true } else true
} }

View file

@ -10,16 +10,13 @@ import org.bouncycastle.extensions.*
import org.bouncycastle.openpgp.* import org.bouncycastle.openpgp.*
import org.bouncycastle.util.encoders.Hex import org.bouncycastle.util.encoders.Hex
import org.bouncycastle.util.io.Streams import org.bouncycastle.util.io.Streams
import org.pgpainless.algorithm.SignatureType
import org.pgpainless.implementation.ImplementationFactory import org.pgpainless.implementation.ImplementationFactory
import org.pgpainless.key.OpenPgpFingerprint import org.pgpainless.key.OpenPgpFingerprint
import org.pgpainless.key.util.RevocationAttributes.Reason import org.pgpainless.key.util.RevocationAttributes.Reason
import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil
import org.pgpainless.util.ArmorUtils import org.pgpainless.util.ArmorUtils
import java.io.IOException import java.io.IOException
import java.io.InputStream import java.io.InputStream
import java.util.* import java.util.*
import kotlin.math.sign
const val MAX_ITERATIONS = 10000 const val MAX_ITERATIONS = 10000
@ -36,21 +33,21 @@ class SignatureUtils {
*/ */
@JvmStatic @JvmStatic
@Deprecated("Deprecated in favor of PGPSignature extension method.", @Deprecated("Deprecated in favor of PGPSignature extension method.",
ReplaceWith("signature.getKeyExpirationDate(keyCreationDate)")) ReplaceWith("signature.getKeyExpirationDate(keyCreationDate)", "org.bouncycastle.extensions.getKeyExpirationDate"))
fun getKeyExpirationDate(keyCreationDate: Date, signature: PGPSignature): Date? { fun getKeyExpirationDate(keyCreationDate: Date, signature: PGPSignature): Date? {
return signature.getKeyExpirationDate(keyCreationDate) return signature.getKeyExpirationDate(keyCreationDate)
} }
/** /**
* Return the expiration date of the signature. * Return the expiration date of the signature.
* If the signature has no expiration date, [datePlusSeconds] will return null. * If the signature has no expiration date, this will return null.
* *
* @param signature signature * @param signature signature
* @return expiration date of the signature, or null if it does not expire. * @return expiration date of the signature, or null if it does not expire.
*/ */
@JvmStatic @JvmStatic
@Deprecated("Deprecated in favor of PGPSignature extension method.", @Deprecated("Deprecated in favor of PGPSignature extension method.",
ReplaceWith("signature.signatureExpirationDate")) ReplaceWith("signature.signatureExpirationDate", "org.bouncycastle.extensions.signatureExpirationDate"))
fun getSignatureExpirationDate(signature: PGPSignature): Date? = signature.signatureExpirationDate fun getSignatureExpirationDate(signature: PGPSignature): Date? = signature.signatureExpirationDate
/** /**
@ -65,7 +62,7 @@ class SignatureUtils {
*/ */
@JvmStatic @JvmStatic
@Deprecated("Deprecated in favor of Date extension method.", @Deprecated("Deprecated in favor of Date extension method.",
ReplaceWith("date.plusSeconds(seconds)")) ReplaceWith("date.plusSeconds(seconds)", "openpgp.plusSeconds"))
fun datePlusSeconds(date: Date, seconds: Long): Date? { fun datePlusSeconds(date: Date, seconds: Long): Date? {
return date.plusSeconds(seconds) return date.plusSeconds(seconds)
} }
@ -79,7 +76,7 @@ class SignatureUtils {
*/ */
@JvmStatic @JvmStatic
@Deprecated("Deprecated in favor of PGPSignature extension method.", @Deprecated("Deprecated in favor of PGPSignature extension method.",
ReplaceWith("signature.isExpired()")) ReplaceWith("signature.isExpired()", "org.bouncycastle.extensions.isExpired"))
fun isSignatureExpired(signature: PGPSignature): Boolean { fun isSignatureExpired(signature: PGPSignature): Boolean {
return signature.isExpired() return signature.isExpired()
} }
@ -94,7 +91,7 @@ class SignatureUtils {
*/ */
@JvmStatic @JvmStatic
@Deprecated("Deprecated in favor of PGPSignature extension method.", @Deprecated("Deprecated in favor of PGPSignature extension method.",
ReplaceWith("signature.isExpired(referenceTime)")) ReplaceWith("signature.isExpired(referenceTime)", "org.bouncycastle.extensions.isExpired"))
fun isSignatureExpired(signature: PGPSignature, referenceTime: Date): Boolean { fun isSignatureExpired(signature: PGPSignature, referenceTime: Date): Boolean {
return signature.isExpired(referenceTime) return signature.isExpired(referenceTime)
} }
@ -109,7 +106,7 @@ class SignatureUtils {
*/ */
@JvmStatic @JvmStatic
@Deprecated("Deprecated in favor of PGPSignature extension function.", @Deprecated("Deprecated in favor of PGPSignature extension function.",
ReplaceWith("signature.isHardRevocation()")) ReplaceWith("signature.isHardRevocation", "org.bouncycastle.extensions.isHardRevocation"))
fun isHardRevocation(signature: PGPSignature): Boolean { fun isHardRevocation(signature: PGPSignature): Boolean {
return signature.isHardRevocation return signature.isHardRevocation
} }
@ -179,7 +176,7 @@ class SignatureUtils {
*/ */
@JvmStatic @JvmStatic
@Deprecated("Deprecated in favor of PGPSignature extension method.", @Deprecated("Deprecated in favor of PGPSignature extension method.",
ReplaceWith("signature.issuerKeyId")) ReplaceWith("signature.issuerKeyId", "org.bouncycastle.extensions.issuerKeyId"))
fun determineIssuerKeyId(signature: PGPSignature): Long { fun determineIssuerKeyId(signature: PGPSignature): Long {
return signature.issuerKeyId return signature.issuerKeyId
} }
@ -197,14 +194,14 @@ class SignatureUtils {
@JvmStatic @JvmStatic
@Deprecated("Deprecated in favor of PGPSignature extension method", @Deprecated("Deprecated in favor of PGPSignature extension method",
ReplaceWith("signature.wasIssuedBy(fingerprint)")) ReplaceWith("signature.wasIssuedBy(fingerprint)", "org.bouncycastle.extensions.wasIssuedBy"))
fun wasIssuedBy(fingerprint: ByteArray, signature: PGPSignature): Boolean { fun wasIssuedBy(fingerprint: ByteArray, signature: PGPSignature): Boolean {
return signature.wasIssuedBy(fingerprint) return signature.wasIssuedBy(fingerprint)
} }
@JvmStatic @JvmStatic
@Deprecated("Deprecated in favor of PGPSignature extension method", @Deprecated("Deprecated in favor of PGPSignature extension method",
ReplaceWith("signature.wasIssuedBy(fingerprint)")) ReplaceWith("signature.wasIssuedBy(fingerprint)", "org.bouncycastle.extensions.wasIssuedBy"))
fun wasIssuedBy(fingerprint: OpenPgpFingerprint, signature: PGPSignature): Boolean { fun wasIssuedBy(fingerprint: OpenPgpFingerprint, signature: PGPSignature): Boolean {
return signature.wasIssuedBy(fingerprint) return signature.wasIssuedBy(fingerprint)
} }

View file

@ -5,6 +5,7 @@
package org.pgpainless.signature.subpackets package org.pgpainless.signature.subpackets
import openpgp.openPgpKeyId import openpgp.openPgpKeyId
import openpgp.plusSeconds
import org.bouncycastle.bcpg.sig.* import org.bouncycastle.bcpg.sig.*
import org.bouncycastle.openpgp.PGPPublicKey import org.bouncycastle.openpgp.PGPPublicKey
import org.bouncycastle.openpgp.PGPSignature import org.bouncycastle.openpgp.PGPSignature
@ -116,7 +117,7 @@ class SignatureSubpacketsUtil {
@JvmStatic @JvmStatic
fun getSignatureExpirationTimeAsDate(signature: PGPSignature): Date? = fun getSignatureExpirationTimeAsDate(signature: PGPSignature): Date? =
getSignatureExpirationTime(signature)?.let { getSignatureExpirationTime(signature)?.let {
SignatureUtils.datePlusSeconds(signature.creationTime, it.time) signature.creationTime.plusSeconds(it.time)
} }
/** /**
@ -146,7 +147,7 @@ class SignatureSubpacketsUtil {
"Provided key (${signingKey.keyID.openPgpKeyId()}) did not create the signature (${signature.keyID.openPgpKeyId()})" "Provided key (${signingKey.keyID.openPgpKeyId()}) did not create the signature (${signature.keyID.openPgpKeyId()})"
}.run { }.run {
getKeyExpirationTime(signature)?.let { getKeyExpirationTime(signature)?.let {
SignatureUtils.datePlusSeconds(signingKey.creationTime, it.time) signingKey.creationTime.plusSeconds(it.time)
} }
} }