PGPainless/pgpainless
PGPainless
/
pgpainless
mirror of https://github.com/pgpainless/pgpainless.git
1
0
Fork 0
Code Issues Releases Wiki Activity

please checkstyle

This commit is contained in:
Paul Schaub 2024-02-13 14:27:18 +01:00
parent 4e02996c08
commit 62a20b2742
Signed by: vanitasvitae
GPG Key ID: 62BEE9264BF17311
3 changed files with 71 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

131
pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/OpenPgpKeyGenerator.kt
View File

@ -1,7 +1,8 @@
package org.pgpainless.key.generation package org.pgpainless.key.generation
import org.bouncycastle.bcpg.attr.ImageAttribute import java.io.InputStream
import java.util.Date import java.util.Date
import org.bouncycastle.bcpg.attr.ImageAttribute
import org.bouncycastle.openpgp.PGPKeyPair import org.bouncycastle.openpgp.PGPKeyPair
import org.bouncycastle.openpgp.PGPPublicKey import org.bouncycastle.openpgp.PGPPublicKey
import org.bouncycastle.openpgp.PGPSecretKey import org.bouncycastle.openpgp.PGPSecretKey
@ -25,7 +26,6 @@ import org.pgpainless.signature.builder.DirectKeySelfSignatureBuilder
import org.pgpainless.signature.builder.SelfSignatureBuilder import org.pgpainless.signature.builder.SelfSignatureBuilder
import org.pgpainless.signature.builder.SubkeyBindingSignatureBuilder import org.pgpainless.signature.builder.SubkeyBindingSignatureBuilder
import org.pgpainless.signature.subpackets.SelfSignatureSubpackets import org.pgpainless.signature.subpackets.SelfSignatureSubpackets
import java.io.InputStream
/** /**
* Build a version 4 OpenPGP secret key. * Build a version 4 OpenPGP secret key.
@ -160,15 +160,18 @@ abstract class OpinionatedDefinePrimaryKey<
applyToPrimaryKey: (ApplyToPrimaryKey.() -> PGPKeyPair)? applyToPrimaryKey: (ApplyToPrimaryKey.() -> PGPKeyPair)?
): OpinionatedDefineSubkeys.V4 { ): OpinionatedDefineSubkeys.V4 {
require(policy.publicKeyAlgorithmPolicy.isAcceptable(type.algorithm, type.bitStrength)) { require(
"Public Key algorithm ${type.algorithm} with ${type.bitStrength} is too weak" + policy.publicKeyAlgorithmPolicy.isAcceptable(type.algorithm, type.bitStrength)) {
" for the current public key algorithm policy." "Public Key algorithm ${type.algorithm} with ${type.bitStrength} is too weak" +
} " for the current public key algorithm policy."
}
val applier = applyToPrimaryKey ?: { val applier =
// Add default direct-key signature containing preferences applyToPrimaryKey
addDirectKeySignature(preferencesSubpackets()) ?: {
} // Add default direct-key signature containing preferences
addDirectKeySignature(preferencesSubpackets())
}
val unopinionatedSubkeys = unopinionated().setPrimaryKey(type, creationTime, applier) val unopinionatedSubkeys = unopinionated().setPrimaryKey(type, creationTime, applier)
return OpinionatedDefineSubkeys.V4( return OpinionatedDefineSubkeys.V4(
@ -428,10 +431,10 @@ abstract class ApplyToPrimaryKey(var keyPair: PGPKeyPair, val builder: DefinePri
* *
* @param userId UserID to be bound to the primary key * @param userId UserID to be bound to the primary key
* @param subpacketsCallback callback to modify the binding signatures subpackets * @param subpacketsCallback callback to modify the binding signatures subpackets
* @param certificationType type of the certification signature. Defaults to [CertificationType.POSITIVE] * @param certificationType type of the certification signature. Defaults to
* [CertificationType.POSITIVE]
* @param hashAlgorithm hash algorithm to be used during signature calculation * @param hashAlgorithm hash algorithm to be used during signature calculation
* @param bindingTime creation time of the binding signature * @param bindingTime creation time of the binding signature
*
* @return modified key pair * @return modified key pair
*/ */
abstract fun addUserId( abstract fun addUserId(
@ -448,46 +451,49 @@ abstract class ApplyToPrimaryKey(var keyPair: PGPKeyPair, val builder: DefinePri
* *
* @param userAttribute UserAttribute to be bound to the primary key * @param userAttribute UserAttribute to be bound to the primary key
* @param subpacketsCallback callback to modify the binding signature subpackets * @param subpacketsCallback callback to modify the binding signature subpackets
* @param certificationType type of the binding signature. Default to [CertificationType.POSITIVE] * @param certificationType type of the binding signature. Default to
* [CertificationType.POSITIVE]
* @param hashAlgorithm hash algorithm to be used during signature calculation * @param hashAlgorithm hash algorithm to be used during signature calculation
* @param bindingTime creation time of the binding signature * @param bindingTime creation time of the binding signature
*
* @return modified key pair * @return modified key pair
*/ */
abstract fun addUserAttribute( abstract fun addUserAttribute(
userAttribute: PGPUserAttributeSubpacketVector, userAttribute: PGPUserAttributeSubpacketVector,
subpacketsCallback: SelfSignatureSubpackets.Callback = SelfSignatureSubpackets.nop(), subpacketsCallback: SelfSignatureSubpackets.Callback = SelfSignatureSubpackets.nop(),
certificationType: CertificationType = CertificationType.POSITIVE, certificationType: CertificationType = CertificationType.POSITIVE,
hashAlgorithm: HashAlgorithm = builder.policy.certificationSignatureHashAlgorithmPolicy.defaultHashAlgorithm, hashAlgorithm: HashAlgorithm =
builder.policy.certificationSignatureHashAlgorithmPolicy.defaultHashAlgorithm,
bindingTime: Date = builder.creationTime bindingTime: Date = builder.creationTime
): PGPKeyPair ): PGPKeyPair
/** /**
* Add a JPEG image as UserAttribute to the primary key. * Add a JPEG image as UserAttribute to the primary key. This may for example be a profile
* This may for example be a profile picture of the key owner. * picture of the key owner.
* *
* @param jpegInputStream input stream containing the JPEG encoded image * @param jpegInputStream input stream containing the JPEG encoded image
* @param subpacketsCallback callback to modify the subpackets of the binding signature * @param subpacketsCallback callback to modify the subpackets of the binding signature
* @param certificationType type of the binding signature. Defaults to [CertificationType.POSITIVE] * @param certificationType type of the binding signature. Defaults to
* [CertificationType.POSITIVE]
* @param hashAlgorithm hash algorithm to be used during signature calculation * @param hashAlgorithm hash algorithm to be used during signature calculation
* @param bindingTime creation time of the binding signature * @param bindingTime creation time of the binding signature
*
* @return modified key pair * @return modified key pair
*/ */
fun addImageAttribute( fun addImageAttribute(
jpegInputStream: InputStream, jpegInputStream: InputStream,
subpacketsCallback: SelfSignatureSubpackets.Callback = SelfSignatureSubpackets.nop(), subpacketsCallback: SelfSignatureSubpackets.Callback = SelfSignatureSubpackets.nop(),
certificationType: CertificationType = CertificationType.POSITIVE, certificationType: CertificationType = CertificationType.POSITIVE,
hashAlgorithm: HashAlgorithm = builder.policy.certificationSignatureHashAlgorithmPolicy.defaultHashAlgorithm, hashAlgorithm: HashAlgorithm =
builder.policy.certificationSignatureHashAlgorithmPolicy.defaultHashAlgorithm,
bindingTime: Date = builder.creationTime bindingTime: Date = builder.creationTime
): PGPKeyPair = addUserAttribute( ): PGPKeyPair =
PGPUserAttributeSubpacketVectorGenerator().apply { addUserAttribute(
setImageAttribute(ImageAttribute.JPEG, Streams.readAll(jpegInputStream)) PGPUserAttributeSubpacketVectorGenerator()
}.generate(), .apply { setImageAttribute(ImageAttribute.JPEG, Streams.readAll(jpegInputStream)) }
subpacketsCallback, .generate(),
certificationType, subpacketsCallback,
hashAlgorithm, certificationType,
bindingTime) hashAlgorithm,
bindingTime)
/** /**
* Add a DirectKeySignature to the primary key. Such a signature usually carries information * Add a DirectKeySignature to the primary key. Such a signature usually carries information
@ -501,8 +507,8 @@ abstract class ApplyToPrimaryKey(var keyPair: PGPKeyPair, val builder: DefinePri
): PGPKeyPair ): PGPKeyPair
/** /**
* Schedule the execution of another [ApplyToPrimaryKey] function instance right after * Schedule the execution of another [ApplyToPrimaryKey] function instance right after this one
* this one has been executed. * has been executed.
* *
* @param other second instance * @param other second instance
* @return modified key pair after this and [other] have been executed * @return modified key pair after this and [other] have been executed
@ -542,17 +548,19 @@ abstract class ApplyToPrimaryKey(var keyPair: PGPKeyPair, val builder: DefinePri
hashAlgorithm: HashAlgorithm, hashAlgorithm: HashAlgorithm,
bindingTime: Date bindingTime: Date
): PGPKeyPair { ): PGPKeyPair {
val sig = buildCertificationFor( val sig =
keyPair, buildCertificationFor(
userAttribute, keyPair,
certificationType, userAttribute,
bindingTime, certificationType,
hashAlgorithm, bindingTime,
subpacketsCallback) hashAlgorithm,
subpacketsCallback)
keyPair = PGPKeyPair( keyPair =
PGPPublicKey.addCertification(keyPair.publicKey, userAttribute, sig), PGPKeyPair(
keyPair.privateKey) PGPPublicKey.addCertification(keyPair.publicKey, userAttribute, sig),
keyPair.privateKey)
return keyPair return keyPair
} }
@ -584,8 +592,8 @@ abstract class ApplyToPrimaryKey(var keyPair: PGPKeyPair, val builder: DefinePri
} }
/** /**
* Build a certification signature that binds the given [userId] to the given * Build a certification signature that binds the given [userId] to the given primary key
* primary key [pair]. * [pair].
* *
* @param pair primary key pair * @param pair primary key pair
* @param userId UserID to be bound * @param userId UserID to be bound
@ -593,7 +601,6 @@ abstract class ApplyToPrimaryKey(var keyPair: PGPKeyPair, val builder: DefinePri
* @param bindingTime creation time of the binding signature * @param bindingTime creation time of the binding signature
* @param hashAlgorithm hash algorithm to be used during signature calculation * @param hashAlgorithm hash algorithm to be used during signature calculation
* @param subpacketsCallback callback to modify the binding signatures subpackets * @param subpacketsCallback callback to modify the binding signatures subpackets
*
* @return binding signature * @return binding signature
*/ */
fun buildCertificationFor( fun buildCertificationFor(
@ -612,10 +619,9 @@ abstract class ApplyToPrimaryKey(var keyPair: PGPKeyPair, val builder: DefinePri
return builder.build(userId) return builder.build(userId)
} }
/** /**
* Build a certification signature that binds the given [userAttribute] to the given * Build a certification signature that binds the given [userAttribute] to the given primary
* primary key [pair]. * key [pair].
* *
* @param pair primary key pair * @param pair primary key pair
* @param userAttribute UserAttribute to be bound * @param userAttribute UserAttribute to be bound
@ -623,7 +629,6 @@ abstract class ApplyToPrimaryKey(var keyPair: PGPKeyPair, val builder: DefinePri
* @param bindingTime creation time of the binding signature * @param bindingTime creation time of the binding signature
* @param hashAlgorithm hash algorithm to be used during signature calculation * @param hashAlgorithm hash algorithm to be used during signature calculation
* @param subpacketsCallback callback to modify the binding signatures subpackets * @param subpacketsCallback callback to modify the binding signatures subpackets
*
* @return binding signature * @return binding signature
*/ */
fun buildCertificationFor( fun buildCertificationFor(
@ -648,7 +653,6 @@ abstract class ApplyToPrimaryKey(var keyPair: PGPKeyPair, val builder: DefinePri
* @param pair primary key pair * @param pair primary key pair
* @param hashAlgorithm hash algorithm to be used during signature calculation * @param hashAlgorithm hash algorithm to be used during signature calculation
* @param subpacketsCallback callback to modify the subpackets of the direct-key signature * @param subpacketsCallback callback to modify the subpackets of the direct-key signature
*
* @return direct-key self signature * @return direct-key self signature
*/ */
fun buildDirectKeySignature( fun buildDirectKeySignature(
@ -685,7 +689,6 @@ abstract class ApplyToSubkey(
* @param subpacketsCallback callback to modify the binding signatures subpackets * @param subpacketsCallback callback to modify the binding signatures subpackets
* @param hashAlgorithm hash algorithm to be used during signature calculation * @param hashAlgorithm hash algorithm to be used during signature calculation
* @param bindingTime creation time of the binding signature * @param bindingTime creation time of the binding signature
*
* @return modified subkey pair * @return modified subkey pair
*/ */
abstract fun addBindingSignature( abstract fun addBindingSignature(
@ -726,7 +729,6 @@ abstract class ApplyToSubkey(
* @param hashAlgorithm hash algorithm to be used during signature calculation * @param hashAlgorithm hash algorithm to be used during signature calculation
* @param bindingTime creation time of the subkey * @param bindingTime creation time of the subkey
* @param subpacketsCallback callback to modify the subpackets of the binding signature * @param subpacketsCallback callback to modify the subpackets of the binding signature
*
* @return subkey binding signature * @return subkey binding signature
*/ */
fun buildBindingSignature( fun buildBindingSignature(
@ -737,7 +739,7 @@ abstract class ApplyToSubkey(
subpacketsCallback: SelfSignatureSubpackets.Callback subpacketsCallback: SelfSignatureSubpackets.Callback
): PGPSignature { ): PGPSignature {
return SubkeyBindingSignatureBuilder( return SubkeyBindingSignatureBuilder(
primaryKey.privateKey, primaryKey.publicKey, hashAlgorithm) primaryKey.privateKey, primaryKey.publicKey, hashAlgorithm)
.applyCallback( .applyCallback(
subpacketsCallback.then( subpacketsCallback.then(
SelfSignatureSubpackets.applyHashed { SelfSignatureSubpackets.applyHashed {
@ -748,9 +750,7 @@ abstract class ApplyToSubkey(
} }
} }
/** /** Templates for OpenPGP key generation. */
* Templates for OpenPGP key generation.
*/
class OpenPgpKeyTemplates { class OpenPgpKeyTemplates {
companion object { companion object {
@ -763,16 +763,13 @@ class OpenPgpKeyTemplates {
@JvmStatic fun v4() = V4() @JvmStatic fun v4() = V4()
} }
/** /** Templates for version 4 OpenPGP keys. Version 4 keys are compliant to RFC4880. */
* Templates for version 4 OpenPGP keys.
* Version 4 keys are compliant to RFC4880.
*/
class V4 { class V4 {
/** /**
* Generate an OpenPGP key that consists of an Ed25519 primary key used for certification * Generate an OpenPGP key that consists of an Ed25519 primary key used for certification of
* of third-party keys, a dedicated Ed25519 subkey for message signing, and an X25519 * third-party keys, a dedicated Ed25519 subkey for message signing, and an X25519 subkey
* subkey used for message encryption. * used for message encryption.
* *
* @param userId an arbitrary number of user-ids. The first UserID will be marked as primary * @param userId an arbitrary number of user-ids. The first UserID will be marked as primary
* @param creationTime creation time for the OpenPGP key * @param creationTime creation time for the OpenPGP key
@ -787,7 +784,8 @@ class OpenPgpKeyTemplates {
userId.forEachIndexed { index, uid -> userId.forEachIndexed { index, uid ->
if (index == 0) { if (index == 0) {
// Mark first UserID as primary // Mark first UserID as primary
addUserId(uid, SelfSignatureSubpackets.applyHashed { setPrimaryUserId() }) addUserId(
uid, SelfSignatureSubpackets.applyHashed { setPrimaryUserId() })
} else { } else {
addUserId(uid) addUserId(uid)
} }
@ -811,9 +809,9 @@ class OpenPgpKeyTemplates {
.build() .build()
/** /**
* Generate an OpenPGP key that consists of an RSA primary key used for certification * Generate an OpenPGP key that consists of an RSA primary key used for certification of
* of third-party keys, a dedicated RSA subkey for message signing, and an RSA * third-party keys, a dedicated RSA subkey for message signing, and an RSA subkey used for
* subkey used for message encryption. * message encryption.
* *
* @param userId an arbitrary number of user-ids. The first UserID will be marked as primary * @param userId an arbitrary number of user-ids. The first UserID will be marked as primary
* @param creationTime creation time for the OpenPGP key * @param creationTime creation time for the OpenPGP key
@ -830,7 +828,8 @@ class OpenPgpKeyTemplates {
userId.forEachIndexed { index, uid -> userId.forEachIndexed { index, uid ->
if (index == 0) { if (index == 0) {
// Mark first UserID as primary // Mark first UserID as primary
addUserId(uid, SelfSignatureSubpackets.applyHashed { setPrimaryUserId() }) addUserId(
uid, SelfSignatureSubpackets.applyHashed { setPrimaryUserId() })
} else { } else {
addUserId(uid) addUserId(uid)
} }

6
pgpainless-core/src/test/kotlin/org/pgpainless/key/generation/GenerateOpenPgpKeyTest.kt
View File

@ -67,8 +67,7 @@ class GenerateOpenPgpKeyTest {
@Test @Test
fun encryptionSubkeyMustBeEncryptionCapable() { fun encryptionSubkeyMustBeEncryptionCapable() {
val builder = val builder = GenerateOpenPgpKey(Policy()).buildV4Key(KeyType.EDDSA(EdDSACurve._Ed25519))
GenerateOpenPgpKey(Policy()).buildV4Key(KeyType.EDDSA(EdDSACurve._Ed25519))
assertThrows<IllegalArgumentException> { assertThrows<IllegalArgumentException> {
builder.addEncryptionSubkey(KeyType.EDDSA(EdDSACurve._Ed25519)) builder.addEncryptionSubkey(KeyType.EDDSA(EdDSACurve._Ed25519))
@ -77,8 +76,7 @@ class GenerateOpenPgpKeyTest {
@Test @Test
fun signingSubkeysMustBeSigningCapable() { fun signingSubkeysMustBeSigningCapable() {
val builder = val builder = GenerateOpenPgpKey(Policy()).buildV4Key(KeyType.EDDSA(EdDSACurve._Ed25519))
GenerateOpenPgpKey(Policy()).buildV4Key(KeyType.EDDSA(EdDSACurve._Ed25519))
assertThrows<IllegalArgumentException> { assertThrows<IllegalArgumentException> {
builder.addSigningSubkey(KeyType.XDH(XDHSpec._X25519)) builder.addSigningSubkey(KeyType.XDH(XDHSpec._X25519))

11
pgpainless-core/src/test/kotlin/org/pgpainless/key/generation/OpenPgpKeyGeneratorTest.kt
View File

@ -5,7 +5,6 @@ import org.junit.jupiter.api.Assertions.assertEquals
import org.junit.jupiter.api.Assertions.assertFalse import org.junit.jupiter.api.Assertions.assertFalse
import org.junit.jupiter.api.Test import org.junit.jupiter.api.Test
import org.junit.jupiter.api.assertThrows import org.junit.jupiter.api.assertThrows
import org.pgpainless.PGPainless
import org.pgpainless.algorithm.PublicKeyAlgorithm import org.pgpainless.algorithm.PublicKeyAlgorithm
import org.pgpainless.key.generation.type.KeyType import org.pgpainless.key.generation.type.KeyType
import org.pgpainless.key.generation.type.eddsa.EdDSACurve import org.pgpainless.key.generation.type.eddsa.EdDSACurve
@ -113,9 +112,8 @@ class OpenPgpKeyGeneratorTest {
@Test @Test
fun `key generation with too weak PK algorithms fails`() { fun `key generation with too weak PK algorithms fails`() {
val policy = Policy() val policy = Policy()
policy.publicKeyAlgorithmPolicy = Policy.PublicKeyAlgorithmPolicy( policy.publicKeyAlgorithmPolicy =
buildMap { put(PublicKeyAlgorithm.RSA_GENERAL, 3072) } Policy.PublicKeyAlgorithmPolicy(buildMap { put(PublicKeyAlgorithm.RSA_GENERAL, 3072) })
)
assertThrows<IllegalArgumentException> { assertThrows<IllegalArgumentException> {
buildV4(policy) buildV4(policy)
@ -127,9 +125,8 @@ class OpenPgpKeyGeneratorTest {
@Test @Test
fun `unopionionated key generation with too weak PK algorithm does not fail`() { fun `unopionionated key generation with too weak PK algorithm does not fail`() {
val policy = Policy() val policy = Policy()
policy.publicKeyAlgorithmPolicy = Policy.PublicKeyAlgorithmPolicy( policy.publicKeyAlgorithmPolicy =
buildMap { put(PublicKeyAlgorithm.RSA_GENERAL, 3072) } Policy.PublicKeyAlgorithmPolicy(buildMap { put(PublicKeyAlgorithm.RSA_GENERAL, 3072) })
)
buildV4(policy) buildV4(policy)
.unopinionated() // unopinionated builder allows for non-compliant configurations .unopinionated() // unopinionated builder allows for non-compliant configurations