mirror of
https://github.com/pgpainless/pgpainless.git
synced 2024-12-23 03:17:58 +01:00
Migrate further to extension methods
This commit is contained in:
parent
68af0a4f0e
commit
4719d6ccea
4 changed files with 23 additions and 30 deletions
|
@ -9,6 +9,7 @@ import org.bouncycastle.bcpg.BCPGInputStream
|
||||||
import org.bouncycastle.bcpg.UnsupportedPacketVersionException
|
import org.bouncycastle.bcpg.UnsupportedPacketVersionException
|
||||||
import org.bouncycastle.extensions.getPublicKeyFor
|
import org.bouncycastle.extensions.getPublicKeyFor
|
||||||
import org.bouncycastle.extensions.getSecretKeyFor
|
import org.bouncycastle.extensions.getSecretKeyFor
|
||||||
|
import org.bouncycastle.extensions.issuerKeyId
|
||||||
import org.bouncycastle.extensions.unlock
|
import org.bouncycastle.extensions.unlock
|
||||||
import org.bouncycastle.openpgp.*
|
import org.bouncycastle.openpgp.*
|
||||||
import org.bouncycastle.openpgp.operator.PBEDataDecryptorFactory
|
import org.bouncycastle.openpgp.operator.PBEDataDecryptorFactory
|
||||||
|
@ -26,7 +27,6 @@ import org.pgpainless.implementation.ImplementationFactory
|
||||||
import org.pgpainless.key.SubkeyIdentifier
|
import org.pgpainless.key.SubkeyIdentifier
|
||||||
import org.pgpainless.key.util.KeyRingUtils
|
import org.pgpainless.key.util.KeyRingUtils
|
||||||
import org.pgpainless.policy.Policy
|
import org.pgpainless.policy.Policy
|
||||||
import org.pgpainless.signature.SignatureUtils
|
|
||||||
import org.pgpainless.signature.consumer.CertificateValidator
|
import org.pgpainless.signature.consumer.CertificateValidator
|
||||||
import org.pgpainless.signature.consumer.OnePassSignatureCheck
|
import org.pgpainless.signature.consumer.OnePassSignatureCheck
|
||||||
import org.pgpainless.signature.consumer.SignatureCheck
|
import org.pgpainless.signature.consumer.SignatureCheck
|
||||||
|
@ -197,7 +197,7 @@ class OpenPgpMessageInputStream(
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
val keyId = SignatureUtils.determineIssuerKeyId(signature)
|
val keyId = signature.issuerKeyId
|
||||||
if (isSigForOps) {
|
if (isSigForOps) {
|
||||||
LOGGER.debug("Signature Packet corresponding to One-Pass-Signature by key ${keyId.openPgpKeyId()} at depth ${layerMetadata.depth} encountered.")
|
LOGGER.debug("Signature Packet corresponding to One-Pass-Signature by key ${keyId.openPgpKeyId()} at depth ${layerMetadata.depth} encountered.")
|
||||||
signatures.leaveNesting() // TODO: Only leave nesting if all OPSs of the nesting layer are dealt with
|
signatures.leaveNesting() // TODO: Only leave nesting if all OPSs of the nesting layer are dealt with
|
||||||
|
@ -632,7 +632,7 @@ class OpenPgpMessageInputStream(
|
||||||
|
|
||||||
fun addDetachedSignature(signature: PGPSignature) {
|
fun addDetachedSignature(signature: PGPSignature) {
|
||||||
val check = initializeSignature(signature)
|
val check = initializeSignature(signature)
|
||||||
val keyId = SignatureUtils.determineIssuerKeyId(signature)
|
val keyId = signature.issuerKeyId
|
||||||
if (check != null) {
|
if (check != null) {
|
||||||
detachedSignatures.add(check)
|
detachedSignatures.add(check)
|
||||||
} else {
|
} else {
|
||||||
|
@ -644,7 +644,7 @@ class OpenPgpMessageInputStream(
|
||||||
|
|
||||||
fun addPrependedSignature(signature: PGPSignature) {
|
fun addPrependedSignature(signature: PGPSignature) {
|
||||||
val check = initializeSignature(signature)
|
val check = initializeSignature(signature)
|
||||||
val keyId = SignatureUtils.determineIssuerKeyId(signature)
|
val keyId = signature.issuerKeyId
|
||||||
if (check != null) {
|
if (check != null) {
|
||||||
prependedSignatures.add(check)
|
prependedSignatures.add(check)
|
||||||
} else {
|
} else {
|
||||||
|
@ -682,7 +682,7 @@ class OpenPgpMessageInputStream(
|
||||||
|
|
||||||
fun addCorrespondingOnePassSignature(signature: PGPSignature, layer: Layer, policy: Policy) {
|
fun addCorrespondingOnePassSignature(signature: PGPSignature, layer: Layer, policy: Policy) {
|
||||||
var found = false
|
var found = false
|
||||||
val keyId = SignatureUtils.determineIssuerKeyId(signature)
|
val keyId = signature.issuerKeyId
|
||||||
for ((i, check) in onePassSignatures.withIndex().reversed()) {
|
for ((i, check) in onePassSignatures.withIndex().reversed()) {
|
||||||
if (check.onePassSignature.keyID != keyId) {
|
if (check.onePassSignature.keyID != keyId) {
|
||||||
continue
|
continue
|
||||||
|
|
|
@ -14,17 +14,12 @@ import org.pgpainless.key.OpenPgpFingerprint
|
||||||
import org.pgpainless.key.SubkeyIdentifier
|
import org.pgpainless.key.SubkeyIdentifier
|
||||||
import org.pgpainless.key.util.KeyRingUtils
|
import org.pgpainless.key.util.KeyRingUtils
|
||||||
import org.pgpainless.policy.Policy
|
import org.pgpainless.policy.Policy
|
||||||
import org.pgpainless.signature.SignatureUtils
|
|
||||||
import org.pgpainless.signature.SignatureUtils.Companion.isHardRevocation
|
|
||||||
import org.pgpainless.signature.SignatureUtils.Companion.isSignatureExpired
|
|
||||||
import org.pgpainless.signature.consumer.SignaturePicker
|
import org.pgpainless.signature.consumer.SignaturePicker
|
||||||
import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil
|
import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil
|
||||||
import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil.Companion.getKeyExpirationTimeAsDate
|
import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil.Companion.getKeyExpirationTimeAsDate
|
||||||
import org.pgpainless.util.DateUtil
|
import org.pgpainless.util.DateUtil
|
||||||
import org.slf4j.LoggerFactory
|
import org.slf4j.LoggerFactory
|
||||||
import java.security.Key
|
|
||||||
import java.util.*
|
import java.util.*
|
||||||
import kotlin.NoSuchElementException
|
|
||||||
|
|
||||||
class KeyRingInfo(
|
class KeyRingInfo(
|
||||||
val keys: PGPKeyRing,
|
val keys: PGPKeyRing,
|
||||||
|
@ -237,7 +232,7 @@ class KeyRingInfo(
|
||||||
if (publicKey.keyID == keyId) return primaryKeyExpirationDate
|
if (publicKey.keyID == keyId) return primaryKeyExpirationDate
|
||||||
val subkey = getPublicKey(keyId) ?: throw NoSuchElementException("No subkey with key-ID ${keyId.openPgpKeyId()} found.")
|
val subkey = getPublicKey(keyId) ?: throw NoSuchElementException("No subkey with key-ID ${keyId.openPgpKeyId()} found.")
|
||||||
val bindingSig = getCurrentSubkeyBindingSignature(keyId) ?: throw AssertionError("Subkey has no valid binding signature.")
|
val bindingSig = getCurrentSubkeyBindingSignature(keyId) ?: throw AssertionError("Subkey has no valid binding signature.")
|
||||||
return SignatureUtils.getKeyExpirationDate(subkey.creationTime, bindingSig)
|
return bindingSig.getKeyExpirationDate(subkey.creationTime)
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -560,7 +555,7 @@ class KeyRingInfo(
|
||||||
|
|
||||||
// Primary key -> Check Primary Key Revocation
|
// Primary key -> Check Primary Key Revocation
|
||||||
if (publicKey.keyID == this.publicKey.keyID) {
|
if (publicKey.keyID == this.publicKey.keyID) {
|
||||||
return if (signatures.primaryKeyRevocation != null && isHardRevocation(signatures.primaryKeyRevocation)) {
|
return if (signatures.primaryKeyRevocation != null && signatures.primaryKeyRevocation.isHardRevocation) {
|
||||||
false
|
false
|
||||||
} else signatures.primaryKeyRevocation == null
|
} else signatures.primaryKeyRevocation == null
|
||||||
}
|
}
|
||||||
|
@ -570,18 +565,18 @@ class KeyRingInfo(
|
||||||
val revocation = signatures.subkeyRevocations[keyId]
|
val revocation = signatures.subkeyRevocations[keyId]
|
||||||
|
|
||||||
// No valid binding
|
// No valid binding
|
||||||
if (binding == null || isSignatureExpired(binding)) {
|
if (binding == null || binding.isExpired(referenceDate)) {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
// Revocation
|
// Revocation
|
||||||
return if (revocation != null) {
|
return if (revocation != null) {
|
||||||
if (isHardRevocation(revocation)) {
|
if (revocation.isHardRevocation) {
|
||||||
// Subkey is hard revoked
|
// Subkey is hard revoked
|
||||||
false
|
false
|
||||||
} else {
|
} else {
|
||||||
// Key is soft-revoked, not yet re-bound
|
// Key is soft-revoked, not yet re-bound
|
||||||
(isSignatureExpired(revocation) || !revocation.creationTime.after(binding.creationTime))
|
(revocation.isExpired(referenceDate) || !revocation.creationTime.after(binding.creationTime))
|
||||||
}
|
}
|
||||||
} else true
|
} else true
|
||||||
}
|
}
|
||||||
|
|
|
@ -10,16 +10,13 @@ import org.bouncycastle.extensions.*
|
||||||
import org.bouncycastle.openpgp.*
|
import org.bouncycastle.openpgp.*
|
||||||
import org.bouncycastle.util.encoders.Hex
|
import org.bouncycastle.util.encoders.Hex
|
||||||
import org.bouncycastle.util.io.Streams
|
import org.bouncycastle.util.io.Streams
|
||||||
import org.pgpainless.algorithm.SignatureType
|
|
||||||
import org.pgpainless.implementation.ImplementationFactory
|
import org.pgpainless.implementation.ImplementationFactory
|
||||||
import org.pgpainless.key.OpenPgpFingerprint
|
import org.pgpainless.key.OpenPgpFingerprint
|
||||||
import org.pgpainless.key.util.RevocationAttributes.Reason
|
import org.pgpainless.key.util.RevocationAttributes.Reason
|
||||||
import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil
|
|
||||||
import org.pgpainless.util.ArmorUtils
|
import org.pgpainless.util.ArmorUtils
|
||||||
import java.io.IOException
|
import java.io.IOException
|
||||||
import java.io.InputStream
|
import java.io.InputStream
|
||||||
import java.util.*
|
import java.util.*
|
||||||
import kotlin.math.sign
|
|
||||||
|
|
||||||
const val MAX_ITERATIONS = 10000
|
const val MAX_ITERATIONS = 10000
|
||||||
|
|
||||||
|
@ -36,21 +33,21 @@ class SignatureUtils {
|
||||||
*/
|
*/
|
||||||
@JvmStatic
|
@JvmStatic
|
||||||
@Deprecated("Deprecated in favor of PGPSignature extension method.",
|
@Deprecated("Deprecated in favor of PGPSignature extension method.",
|
||||||
ReplaceWith("signature.getKeyExpirationDate(keyCreationDate)"))
|
ReplaceWith("signature.getKeyExpirationDate(keyCreationDate)", "org.bouncycastle.extensions.getKeyExpirationDate"))
|
||||||
fun getKeyExpirationDate(keyCreationDate: Date, signature: PGPSignature): Date? {
|
fun getKeyExpirationDate(keyCreationDate: Date, signature: PGPSignature): Date? {
|
||||||
return signature.getKeyExpirationDate(keyCreationDate)
|
return signature.getKeyExpirationDate(keyCreationDate)
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Return the expiration date of the signature.
|
* Return the expiration date of the signature.
|
||||||
* If the signature has no expiration date, [datePlusSeconds] will return null.
|
* If the signature has no expiration date, this will return null.
|
||||||
*
|
*
|
||||||
* @param signature signature
|
* @param signature signature
|
||||||
* @return expiration date of the signature, or null if it does not expire.
|
* @return expiration date of the signature, or null if it does not expire.
|
||||||
*/
|
*/
|
||||||
@JvmStatic
|
@JvmStatic
|
||||||
@Deprecated("Deprecated in favor of PGPSignature extension method.",
|
@Deprecated("Deprecated in favor of PGPSignature extension method.",
|
||||||
ReplaceWith("signature.signatureExpirationDate"))
|
ReplaceWith("signature.signatureExpirationDate", "org.bouncycastle.extensions.signatureExpirationDate"))
|
||||||
fun getSignatureExpirationDate(signature: PGPSignature): Date? = signature.signatureExpirationDate
|
fun getSignatureExpirationDate(signature: PGPSignature): Date? = signature.signatureExpirationDate
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -65,7 +62,7 @@ class SignatureUtils {
|
||||||
*/
|
*/
|
||||||
@JvmStatic
|
@JvmStatic
|
||||||
@Deprecated("Deprecated in favor of Date extension method.",
|
@Deprecated("Deprecated in favor of Date extension method.",
|
||||||
ReplaceWith("date.plusSeconds(seconds)"))
|
ReplaceWith("date.plusSeconds(seconds)", "openpgp.plusSeconds"))
|
||||||
fun datePlusSeconds(date: Date, seconds: Long): Date? {
|
fun datePlusSeconds(date: Date, seconds: Long): Date? {
|
||||||
return date.plusSeconds(seconds)
|
return date.plusSeconds(seconds)
|
||||||
}
|
}
|
||||||
|
@ -79,7 +76,7 @@ class SignatureUtils {
|
||||||
*/
|
*/
|
||||||
@JvmStatic
|
@JvmStatic
|
||||||
@Deprecated("Deprecated in favor of PGPSignature extension method.",
|
@Deprecated("Deprecated in favor of PGPSignature extension method.",
|
||||||
ReplaceWith("signature.isExpired()"))
|
ReplaceWith("signature.isExpired()", "org.bouncycastle.extensions.isExpired"))
|
||||||
fun isSignatureExpired(signature: PGPSignature): Boolean {
|
fun isSignatureExpired(signature: PGPSignature): Boolean {
|
||||||
return signature.isExpired()
|
return signature.isExpired()
|
||||||
}
|
}
|
||||||
|
@ -94,7 +91,7 @@ class SignatureUtils {
|
||||||
*/
|
*/
|
||||||
@JvmStatic
|
@JvmStatic
|
||||||
@Deprecated("Deprecated in favor of PGPSignature extension method.",
|
@Deprecated("Deprecated in favor of PGPSignature extension method.",
|
||||||
ReplaceWith("signature.isExpired(referenceTime)"))
|
ReplaceWith("signature.isExpired(referenceTime)", "org.bouncycastle.extensions.isExpired"))
|
||||||
fun isSignatureExpired(signature: PGPSignature, referenceTime: Date): Boolean {
|
fun isSignatureExpired(signature: PGPSignature, referenceTime: Date): Boolean {
|
||||||
return signature.isExpired(referenceTime)
|
return signature.isExpired(referenceTime)
|
||||||
}
|
}
|
||||||
|
@ -109,7 +106,7 @@ class SignatureUtils {
|
||||||
*/
|
*/
|
||||||
@JvmStatic
|
@JvmStatic
|
||||||
@Deprecated("Deprecated in favor of PGPSignature extension function.",
|
@Deprecated("Deprecated in favor of PGPSignature extension function.",
|
||||||
ReplaceWith("signature.isHardRevocation()"))
|
ReplaceWith("signature.isHardRevocation", "org.bouncycastle.extensions.isHardRevocation"))
|
||||||
fun isHardRevocation(signature: PGPSignature): Boolean {
|
fun isHardRevocation(signature: PGPSignature): Boolean {
|
||||||
return signature.isHardRevocation
|
return signature.isHardRevocation
|
||||||
}
|
}
|
||||||
|
@ -179,7 +176,7 @@ class SignatureUtils {
|
||||||
*/
|
*/
|
||||||
@JvmStatic
|
@JvmStatic
|
||||||
@Deprecated("Deprecated in favor of PGPSignature extension method.",
|
@Deprecated("Deprecated in favor of PGPSignature extension method.",
|
||||||
ReplaceWith("signature.issuerKeyId"))
|
ReplaceWith("signature.issuerKeyId", "org.bouncycastle.extensions.issuerKeyId"))
|
||||||
fun determineIssuerKeyId(signature: PGPSignature): Long {
|
fun determineIssuerKeyId(signature: PGPSignature): Long {
|
||||||
return signature.issuerKeyId
|
return signature.issuerKeyId
|
||||||
}
|
}
|
||||||
|
@ -197,14 +194,14 @@ class SignatureUtils {
|
||||||
|
|
||||||
@JvmStatic
|
@JvmStatic
|
||||||
@Deprecated("Deprecated in favor of PGPSignature extension method",
|
@Deprecated("Deprecated in favor of PGPSignature extension method",
|
||||||
ReplaceWith("signature.wasIssuedBy(fingerprint)"))
|
ReplaceWith("signature.wasIssuedBy(fingerprint)", "org.bouncycastle.extensions.wasIssuedBy"))
|
||||||
fun wasIssuedBy(fingerprint: ByteArray, signature: PGPSignature): Boolean {
|
fun wasIssuedBy(fingerprint: ByteArray, signature: PGPSignature): Boolean {
|
||||||
return signature.wasIssuedBy(fingerprint)
|
return signature.wasIssuedBy(fingerprint)
|
||||||
}
|
}
|
||||||
|
|
||||||
@JvmStatic
|
@JvmStatic
|
||||||
@Deprecated("Deprecated in favor of PGPSignature extension method",
|
@Deprecated("Deprecated in favor of PGPSignature extension method",
|
||||||
ReplaceWith("signature.wasIssuedBy(fingerprint)"))
|
ReplaceWith("signature.wasIssuedBy(fingerprint)", "org.bouncycastle.extensions.wasIssuedBy"))
|
||||||
fun wasIssuedBy(fingerprint: OpenPgpFingerprint, signature: PGPSignature): Boolean {
|
fun wasIssuedBy(fingerprint: OpenPgpFingerprint, signature: PGPSignature): Boolean {
|
||||||
return signature.wasIssuedBy(fingerprint)
|
return signature.wasIssuedBy(fingerprint)
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,6 +5,7 @@
|
||||||
package org.pgpainless.signature.subpackets
|
package org.pgpainless.signature.subpackets
|
||||||
|
|
||||||
import openpgp.openPgpKeyId
|
import openpgp.openPgpKeyId
|
||||||
|
import openpgp.plusSeconds
|
||||||
import org.bouncycastle.bcpg.sig.*
|
import org.bouncycastle.bcpg.sig.*
|
||||||
import org.bouncycastle.openpgp.PGPPublicKey
|
import org.bouncycastle.openpgp.PGPPublicKey
|
||||||
import org.bouncycastle.openpgp.PGPSignature
|
import org.bouncycastle.openpgp.PGPSignature
|
||||||
|
@ -116,7 +117,7 @@ class SignatureSubpacketsUtil {
|
||||||
@JvmStatic
|
@JvmStatic
|
||||||
fun getSignatureExpirationTimeAsDate(signature: PGPSignature): Date? =
|
fun getSignatureExpirationTimeAsDate(signature: PGPSignature): Date? =
|
||||||
getSignatureExpirationTime(signature)?.let {
|
getSignatureExpirationTime(signature)?.let {
|
||||||
SignatureUtils.datePlusSeconds(signature.creationTime, it.time)
|
signature.creationTime.plusSeconds(it.time)
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -146,7 +147,7 @@ class SignatureSubpacketsUtil {
|
||||||
"Provided key (${signingKey.keyID.openPgpKeyId()}) did not create the signature (${signature.keyID.openPgpKeyId()})"
|
"Provided key (${signingKey.keyID.openPgpKeyId()}) did not create the signature (${signature.keyID.openPgpKeyId()})"
|
||||||
}.run {
|
}.run {
|
||||||
getKeyExpirationTime(signature)?.let {
|
getKeyExpirationTime(signature)?.let {
|
||||||
SignatureUtils.datePlusSeconds(signingKey.creationTime, it.time)
|
signingKey.creationTime.plusSeconds(it.time)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue