mirror of
https://github.com/pgpainless/pgpainless.git
synced 2024-11-29 15:52:08 +01:00
OpenPgpMetadat: identify verified sigs by SubkeyIdentifier
This commit is contained in:
parent
48314fde40
commit
6a90c4303e
10 changed files with 55 additions and 53 deletions
|
@ -243,7 +243,7 @@ public final class DecryptionStreamFactory {
|
||||||
// Watch out! This assignment is possibly done multiple times.
|
// Watch out! This assignment is possibly done multiple times.
|
||||||
encryptedSessionKey = publicKeyEncryptedData;
|
encryptedSessionKey = publicKeyEncryptedData;
|
||||||
decryptionKey = UnlockSecretKey.unlockSecretKey(secretKey, options.getSecretKeyProtector(decryptionKeyRing));
|
decryptionKey = UnlockSecretKey.unlockSecretKey(secretKey, options.getSecretKeyProtector(decryptionKeyRing));
|
||||||
resultBuilder.setDecryptionFingerprint(new OpenPgpV4Fingerprint(secretKey));
|
resultBuilder.setDecryptionKey(new SubkeyIdentifier(decryptionKeyRing, decryptionKey.getKeyID()));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -265,7 +265,7 @@ public final class DecryptionStreamFactory {
|
||||||
publicKeyEncryptedData.getSymmetricAlgorithm(decryptorFactory); // will only succeed if we have the right secret key
|
publicKeyEncryptedData.getSymmetricAlgorithm(decryptorFactory); // will only succeed if we have the right secret key
|
||||||
LOGGER.log(LEVEL, "Found correct key " + Long.toHexString(key.getKeyID()) + " for hidden recipient decryption.");
|
LOGGER.log(LEVEL, "Found correct key " + Long.toHexString(key.getKeyID()) + " for hidden recipient decryption.");
|
||||||
decryptionKey = privateKey;
|
decryptionKey = privateKey;
|
||||||
resultBuilder.setDecryptionFingerprint(new OpenPgpV4Fingerprint(key));
|
resultBuilder.setDecryptionKey(new SubkeyIdentifier(ring, decryptionKey.getKeyID()));
|
||||||
encryptedSessionKey = publicKeyEncryptedData;
|
encryptedSessionKey = publicKeyEncryptedData;
|
||||||
break outerloop;
|
break outerloop;
|
||||||
} catch (PGPException | ClassCastException e) {
|
} catch (PGPException | ClassCastException e) {
|
||||||
|
|
|
@ -32,13 +32,14 @@ import org.pgpainless.algorithm.CompressionAlgorithm;
|
||||||
import org.pgpainless.algorithm.StreamEncoding;
|
import org.pgpainless.algorithm.StreamEncoding;
|
||||||
import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
|
import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
|
||||||
import org.pgpainless.key.OpenPgpV4Fingerprint;
|
import org.pgpainless.key.OpenPgpV4Fingerprint;
|
||||||
|
import org.pgpainless.key.SubkeyIdentifier;
|
||||||
import org.pgpainless.signature.DetachedSignature;
|
import org.pgpainless.signature.DetachedSignature;
|
||||||
import org.pgpainless.signature.OnePassSignature;
|
import org.pgpainless.signature.OnePassSignature;
|
||||||
|
|
||||||
public class OpenPgpMetadata {
|
public class OpenPgpMetadata {
|
||||||
|
|
||||||
private final Set<Long> recipientKeyIds;
|
private final Set<Long> recipientKeyIds;
|
||||||
private final OpenPgpV4Fingerprint decryptionFingerprint;
|
private final SubkeyIdentifier decryptionKey;
|
||||||
private final List<OnePassSignature> onePassSignatures;
|
private final List<OnePassSignature> onePassSignatures;
|
||||||
private final List<DetachedSignature> detachedSignatures;
|
private final List<DetachedSignature> detachedSignatures;
|
||||||
private final SymmetricKeyAlgorithm symmetricKeyAlgorithm;
|
private final SymmetricKeyAlgorithm symmetricKeyAlgorithm;
|
||||||
|
@ -46,7 +47,7 @@ public class OpenPgpMetadata {
|
||||||
private final FileInfo fileInfo;
|
private final FileInfo fileInfo;
|
||||||
|
|
||||||
public OpenPgpMetadata(Set<Long> recipientKeyIds,
|
public OpenPgpMetadata(Set<Long> recipientKeyIds,
|
||||||
OpenPgpV4Fingerprint decryptionFingerprint,
|
SubkeyIdentifier decryptionKey,
|
||||||
SymmetricKeyAlgorithm symmetricKeyAlgorithm,
|
SymmetricKeyAlgorithm symmetricKeyAlgorithm,
|
||||||
CompressionAlgorithm algorithm,
|
CompressionAlgorithm algorithm,
|
||||||
List<OnePassSignature> onePassSignatures,
|
List<OnePassSignature> onePassSignatures,
|
||||||
|
@ -54,7 +55,7 @@ public class OpenPgpMetadata {
|
||||||
FileInfo fileInfo) {
|
FileInfo fileInfo) {
|
||||||
|
|
||||||
this.recipientKeyIds = Collections.unmodifiableSet(recipientKeyIds);
|
this.recipientKeyIds = Collections.unmodifiableSet(recipientKeyIds);
|
||||||
this.decryptionFingerprint = decryptionFingerprint;
|
this.decryptionKey = decryptionKey;
|
||||||
this.symmetricKeyAlgorithm = symmetricKeyAlgorithm;
|
this.symmetricKeyAlgorithm = symmetricKeyAlgorithm;
|
||||||
this.compressionAlgorithm = algorithm;
|
this.compressionAlgorithm = algorithm;
|
||||||
this.detachedSignatures = Collections.unmodifiableList(detachedSignatures);
|
this.detachedSignatures = Collections.unmodifiableList(detachedSignatures);
|
||||||
|
@ -70,8 +71,8 @@ public class OpenPgpMetadata {
|
||||||
return symmetricKeyAlgorithm != SymmetricKeyAlgorithm.NULL && !getRecipientKeyIds().isEmpty();
|
return symmetricKeyAlgorithm != SymmetricKeyAlgorithm.NULL && !getRecipientKeyIds().isEmpty();
|
||||||
}
|
}
|
||||||
|
|
||||||
public OpenPgpV4Fingerprint getDecryptionFingerprint() {
|
public SubkeyIdentifier getDecryptionKey() {
|
||||||
return decryptionFingerprint;
|
return decryptionKey;
|
||||||
}
|
}
|
||||||
|
|
||||||
public SymmetricKeyAlgorithm getSymmetricKeyAlgorithm() {
|
public SymmetricKeyAlgorithm getSymmetricKeyAlgorithm() {
|
||||||
|
@ -97,26 +98,22 @@ public class OpenPgpMetadata {
|
||||||
return !getSignatures().isEmpty();
|
return !getSignatures().isEmpty();
|
||||||
}
|
}
|
||||||
|
|
||||||
public Map<OpenPgpV4Fingerprint, PGPSignature> getVerifiedSignatures() {
|
public Map<SubkeyIdentifier, PGPSignature> getVerifiedSignatures() {
|
||||||
Map<OpenPgpV4Fingerprint, PGPSignature> verifiedSignatures = new ConcurrentHashMap<>();
|
Map<SubkeyIdentifier, PGPSignature> verifiedSignatures = new ConcurrentHashMap<>();
|
||||||
for (DetachedSignature detachedSignature : detachedSignatures) {
|
for (DetachedSignature detachedSignature : detachedSignatures) {
|
||||||
if (detachedSignature.isVerified()) {
|
if (detachedSignature.isVerified()) {
|
||||||
verifiedSignatures.put(detachedSignature.getSigningKeyIdentifier().getSubkeyFingerprint(), detachedSignature.getSignature());
|
verifiedSignatures.put(detachedSignature.getSigningKeyIdentifier(), detachedSignature.getSignature());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
for (OnePassSignature onePassSignature : onePassSignatures) {
|
for (OnePassSignature onePassSignature : onePassSignatures) {
|
||||||
if (onePassSignature.isVerified()) {
|
if (onePassSignature.isVerified()) {
|
||||||
verifiedSignatures.put(onePassSignature.getFingerprint(), onePassSignature.getSignature());
|
verifiedSignatures.put(onePassSignature.getSigningKey(), onePassSignature.getSignature());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return verifiedSignatures;
|
return verifiedSignatures;
|
||||||
}
|
}
|
||||||
|
|
||||||
public Set<OpenPgpV4Fingerprint> getVerifiedSignatureKeyFingerprints() {
|
|
||||||
return getVerifiedSignatures().keySet();
|
|
||||||
}
|
|
||||||
|
|
||||||
public boolean isVerified() {
|
public boolean isVerified() {
|
||||||
return !getVerifiedSignatures().isEmpty();
|
return !getVerifiedSignatures().isEmpty();
|
||||||
}
|
}
|
||||||
|
@ -132,7 +129,13 @@ public class OpenPgpMetadata {
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean containsVerifiedSignatureFrom(OpenPgpV4Fingerprint fingerprint) {
|
public boolean containsVerifiedSignatureFrom(OpenPgpV4Fingerprint fingerprint) {
|
||||||
return getVerifiedSignatureKeyFingerprints().contains(fingerprint);
|
for (SubkeyIdentifier verifiedSigningKey : getVerifiedSignatures().keySet()) {
|
||||||
|
if (verifiedSigningKey.getPrimaryKeyFingerprint().equals(fingerprint) ||
|
||||||
|
verifiedSigningKey.getSubkeyFingerprint().equals(fingerprint)) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
public static class Signature {
|
public static class Signature {
|
||||||
|
@ -235,7 +238,7 @@ public class OpenPgpMetadata {
|
||||||
public static class Builder {
|
public static class Builder {
|
||||||
|
|
||||||
private final Set<Long> recipientFingerprints = new HashSet<>();
|
private final Set<Long> recipientFingerprints = new HashSet<>();
|
||||||
private OpenPgpV4Fingerprint decryptionFingerprint;
|
private SubkeyIdentifier decryptionKey;
|
||||||
private final List<DetachedSignature> detachedSignatures = new ArrayList<>();
|
private final List<DetachedSignature> detachedSignatures = new ArrayList<>();
|
||||||
private final List<OnePassSignature> onePassSignatures = new ArrayList<>();
|
private final List<OnePassSignature> onePassSignatures = new ArrayList<>();
|
||||||
private SymmetricKeyAlgorithm symmetricKeyAlgorithm = SymmetricKeyAlgorithm.NULL;
|
private SymmetricKeyAlgorithm symmetricKeyAlgorithm = SymmetricKeyAlgorithm.NULL;
|
||||||
|
@ -247,8 +250,8 @@ public class OpenPgpMetadata {
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
|
||||||
public Builder setDecryptionFingerprint(OpenPgpV4Fingerprint fingerprint) {
|
public Builder setDecryptionKey(SubkeyIdentifier decryptionKey) {
|
||||||
this.decryptionFingerprint = fingerprint;
|
this.decryptionKey = decryptionKey;
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -280,7 +283,7 @@ public class OpenPgpMetadata {
|
||||||
}
|
}
|
||||||
|
|
||||||
public OpenPgpMetadata build() {
|
public OpenPgpMetadata build() {
|
||||||
return new OpenPgpMetadata(recipientFingerprints, decryptionFingerprint,
|
return new OpenPgpMetadata(recipientFingerprints, decryptionKey,
|
||||||
symmetricKeyAlgorithm, compressionAlgorithm,
|
symmetricKeyAlgorithm, compressionAlgorithm,
|
||||||
onePassSignatures, detachedSignatures, fileInfo);
|
onePassSignatures, detachedSignatures, fileInfo);
|
||||||
}
|
}
|
||||||
|
|
|
@ -18,6 +18,7 @@ package org.pgpainless.key;
|
||||||
import javax.annotation.Nonnull;
|
import javax.annotation.Nonnull;
|
||||||
|
|
||||||
import org.bouncycastle.openpgp.PGPKeyRing;
|
import org.bouncycastle.openpgp.PGPKeyRing;
|
||||||
|
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Tuple class used to identify a subkey by fingerprints of the primary key of the subkeys key ring,
|
* Tuple class used to identify a subkey by fingerprints of the primary key of the subkeys key ring,
|
||||||
|
@ -62,6 +63,10 @@ public class SubkeyIdentifier {
|
||||||
this.subkeyFingerprint = subkeyFingerprint;
|
this.subkeyFingerprint = subkeyFingerprint;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public SubkeyIdentifier(PGPSecretKeyRing secretKeys) {
|
||||||
|
this(secretKeys, secretKeys.getPublicKey().getKeyID());
|
||||||
|
}
|
||||||
|
|
||||||
public @Nonnull OpenPgpV4Fingerprint getFingerprint() {
|
public @Nonnull OpenPgpV4Fingerprint getFingerprint() {
|
||||||
return getSubkeyFingerprint();
|
return getSubkeyFingerprint();
|
||||||
}
|
}
|
||||||
|
|
|
@ -20,6 +20,7 @@ import org.bouncycastle.openpgp.PGPOnePassSignature;
|
||||||
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
||||||
import org.bouncycastle.openpgp.PGPSignature;
|
import org.bouncycastle.openpgp.PGPSignature;
|
||||||
import org.pgpainless.key.OpenPgpV4Fingerprint;
|
import org.pgpainless.key.OpenPgpV4Fingerprint;
|
||||||
|
import org.pgpainless.key.SubkeyIdentifier;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Tuple-class that bundles together a {@link PGPOnePassSignature} object, a {@link PGPPublicKeyRing}
|
* Tuple-class that bundles together a {@link PGPOnePassSignature} object, a {@link PGPPublicKeyRing}
|
||||||
|
@ -66,8 +67,8 @@ public class OnePassSignature {
|
||||||
*
|
*
|
||||||
* @return signing key fingerprint
|
* @return signing key fingerprint
|
||||||
*/
|
*/
|
||||||
public OpenPgpV4Fingerprint getFingerprint() {
|
public SubkeyIdentifier getSigningKey() {
|
||||||
return new OpenPgpV4Fingerprint(verificationKeys.getPublicKey(onePassSignature.getKeyID()));
|
return new SubkeyIdentifier(verificationKeys, onePassSignature.getKeyID());
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -34,6 +34,7 @@ import org.pgpainless.PGPainless;
|
||||||
import org.pgpainless.algorithm.CompressionAlgorithm;
|
import org.pgpainless.algorithm.CompressionAlgorithm;
|
||||||
import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
|
import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
|
||||||
import org.pgpainless.implementation.ImplementationFactory;
|
import org.pgpainless.implementation.ImplementationFactory;
|
||||||
|
import org.pgpainless.key.SubkeyIdentifier;
|
||||||
import org.pgpainless.key.TestKeys;
|
import org.pgpainless.key.TestKeys;
|
||||||
import org.pgpainless.key.util.KeyRingUtils;
|
import org.pgpainless.key.util.KeyRingUtils;
|
||||||
|
|
||||||
|
@ -82,8 +83,8 @@ public class DecryptAndVerifyMessageTest {
|
||||||
assertEquals(CompressionAlgorithm.ZLIB, metadata.getCompressionAlgorithm());
|
assertEquals(CompressionAlgorithm.ZLIB, metadata.getCompressionAlgorithm());
|
||||||
assertEquals(SymmetricKeyAlgorithm.AES_256, metadata.getSymmetricKeyAlgorithm());
|
assertEquals(SymmetricKeyAlgorithm.AES_256, metadata.getSymmetricKeyAlgorithm());
|
||||||
assertEquals(1, metadata.getSignatures().size());
|
assertEquals(1, metadata.getSignatures().size());
|
||||||
assertEquals(1, metadata.getVerifiedSignatureKeyFingerprints().size());
|
assertEquals(1, metadata.getVerifiedSignatures().size());
|
||||||
assertTrue(metadata.containsVerifiedSignatureFrom(TestKeys.JULIET_FINGERPRINT));
|
assertTrue(metadata.containsVerifiedSignatureFrom(TestKeys.JULIET_FINGERPRINT));
|
||||||
assertEquals(TestKeys.JULIET_FINGERPRINT, metadata.getDecryptionFingerprint());
|
assertEquals(new SubkeyIdentifier(TestKeys.JULIET_FINGERPRINT), metadata.getDecryptionKey());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -32,7 +32,7 @@ import org.junit.jupiter.params.provider.MethodSource;
|
||||||
import org.pgpainless.PGPainless;
|
import org.pgpainless.PGPainless;
|
||||||
import org.pgpainless.algorithm.EncryptionPurpose;
|
import org.pgpainless.algorithm.EncryptionPurpose;
|
||||||
import org.pgpainless.implementation.ImplementationFactory;
|
import org.pgpainless.implementation.ImplementationFactory;
|
||||||
import org.pgpainless.key.OpenPgpV4Fingerprint;
|
import org.pgpainless.key.SubkeyIdentifier;
|
||||||
import org.pgpainless.key.info.KeyRingInfo;
|
import org.pgpainless.key.info.KeyRingInfo;
|
||||||
|
|
||||||
public class DecryptHiddenRecipientMessage {
|
public class DecryptHiddenRecipientMessage {
|
||||||
|
@ -158,7 +158,7 @@ public class DecryptHiddenRecipientMessage {
|
||||||
List<PGPPublicKey> encryptionKeys = info.getEncryptionSubkeys(EncryptionPurpose.STORAGE_AND_COMMUNICATIONS);
|
List<PGPPublicKey> encryptionKeys = info.getEncryptionSubkeys(EncryptionPurpose.STORAGE_AND_COMMUNICATIONS);
|
||||||
assertEquals(1, encryptionKeys.size());
|
assertEquals(1, encryptionKeys.size());
|
||||||
|
|
||||||
assertEquals(new OpenPgpV4Fingerprint(encryptionKeys.iterator().next()), metadata.getDecryptionFingerprint());
|
assertEquals(new SubkeyIdentifier(secretKeys, encryptionKeys.get(0).getKeyID()), metadata.getDecryptionKey());
|
||||||
assertEquals("Hello Recipient :)", out.toString());
|
assertEquals("Hello Recipient :)", out.toString());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -39,7 +39,6 @@ import org.pgpainless.algorithm.DocumentSignatureType;
|
||||||
import org.pgpainless.encryption_signing.EncryptionStream;
|
import org.pgpainless.encryption_signing.EncryptionStream;
|
||||||
import org.pgpainless.encryption_signing.ProducerOptions;
|
import org.pgpainless.encryption_signing.ProducerOptions;
|
||||||
import org.pgpainless.encryption_signing.SigningOptions;
|
import org.pgpainless.encryption_signing.SigningOptions;
|
||||||
import org.pgpainless.key.OpenPgpV4Fingerprint;
|
|
||||||
import org.pgpainless.key.TestKeys;
|
import org.pgpainless.key.TestKeys;
|
||||||
import org.pgpainless.key.info.KeyRingInfo;
|
import org.pgpainless.key.info.KeyRingInfo;
|
||||||
import org.pgpainless.key.protection.SecretKeyRingProtector;
|
import org.pgpainless.key.protection.SecretKeyRingProtector;
|
||||||
|
@ -89,6 +88,6 @@ public class VerifyWithMissingPublicKeyCallback {
|
||||||
|
|
||||||
assertArrayEquals(msg.getBytes(StandardCharsets.UTF_8), plainOut.toByteArray());
|
assertArrayEquals(msg.getBytes(StandardCharsets.UTF_8), plainOut.toByteArray());
|
||||||
OpenPgpMetadata metadata = verificationStream.getResult();
|
OpenPgpMetadata metadata = verificationStream.getResult();
|
||||||
assertTrue(metadata.getVerifiedSignatureKeyFingerprints().contains(new OpenPgpV4Fingerprint(signingKey)));
|
assertTrue(metadata.containsVerifiedSignatureFrom(signingPubKeys));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -166,7 +166,7 @@ public class IgnoreMarkerPackets {
|
||||||
|
|
||||||
decryptionStream.close();
|
decryptionStream.close();
|
||||||
OpenPgpMetadata metadata = decryptionStream.getResult();
|
OpenPgpMetadata metadata = decryptionStream.getResult();
|
||||||
assertTrue(metadata.getVerifiedSignatures().containsKey(new OpenPgpV4Fingerprint("D1A66E1A23B182C9980F788CFBFCC82A015E7330")));
|
assertTrue(metadata.containsVerifiedSignatureFrom(new OpenPgpV4Fingerprint("D1A66E1A23B182C9980F788CFBFCC82A015E7330")));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
@ -216,7 +216,7 @@ public class IgnoreMarkerPackets {
|
||||||
decryptionStream.close();
|
decryptionStream.close();
|
||||||
assertArrayEquals(data.getBytes(StandardCharsets.UTF_8), outputStream.toByteArray());
|
assertArrayEquals(data.getBytes(StandardCharsets.UTF_8), outputStream.toByteArray());
|
||||||
OpenPgpMetadata metadata = decryptionStream.getResult();
|
OpenPgpMetadata metadata = decryptionStream.getResult();
|
||||||
assertTrue(metadata.getVerifiedSignatures().containsKey(new OpenPgpV4Fingerprint("D1A66E1A23B182C9980F788CFBFCC82A015E7330")));
|
assertTrue(metadata.containsVerifiedSignatureFrom(new OpenPgpV4Fingerprint("D1A66E1A23B182C9980F788CFBFCC82A015E7330")));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|
|
@ -35,7 +35,7 @@ import org.pgpainless.PGPainless;
|
||||||
import org.pgpainless.decryption_verification.ConsumerOptions;
|
import org.pgpainless.decryption_verification.ConsumerOptions;
|
||||||
import org.pgpainless.decryption_verification.DecryptionStream;
|
import org.pgpainless.decryption_verification.DecryptionStream;
|
||||||
import org.pgpainless.decryption_verification.OpenPgpMetadata;
|
import org.pgpainless.decryption_verification.OpenPgpMetadata;
|
||||||
import org.pgpainless.key.OpenPgpV4Fingerprint;
|
import org.pgpainless.key.SubkeyIdentifier;
|
||||||
import org.pgpainless.sop.SopKeyUtil;
|
import org.pgpainless.sop.SopKeyUtil;
|
||||||
import picocli.CommandLine;
|
import picocli.CommandLine;
|
||||||
|
|
||||||
|
@ -156,18 +156,11 @@ public class Decrypt implements Runnable {
|
||||||
StringBuilder sb = new StringBuilder();
|
StringBuilder sb = new StringBuilder();
|
||||||
|
|
||||||
if (verifyWith != null) {
|
if (verifyWith != null) {
|
||||||
for (OpenPgpV4Fingerprint fingerprint : metadata.getVerifiedSignatures().keySet()) {
|
for (SubkeyIdentifier signingKey : metadata.getVerifiedSignatures().keySet()) {
|
||||||
PGPPublicKeyRing verifier = null;
|
PGPSignature signature = metadata.getVerifiedSignatures().get(signingKey);
|
||||||
for (PGPPublicKeyRing ring : verifyWith) {
|
|
||||||
if (ring.getPublicKey(fingerprint.getKeyId()) != null) {
|
|
||||||
verifier = ring;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
PGPSignature signature = metadata.getVerifiedSignatures().get(fingerprint);
|
|
||||||
sb.append(df.format(signature.getCreationTime())).append(' ')
|
sb.append(df.format(signature.getCreationTime())).append(' ')
|
||||||
.append(fingerprint).append(' ')
|
.append(signingKey.getSubkeyFingerprint()).append(' ')
|
||||||
.append(verifier != null ? new OpenPgpV4Fingerprint(verifier) : "null").append('\n');
|
.append(signingKey.getPrimaryKeyFingerprint()).append('\n');
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
|
|
@ -39,7 +39,7 @@ import org.pgpainless.PGPainless;
|
||||||
import org.pgpainless.decryption_verification.ConsumerOptions;
|
import org.pgpainless.decryption_verification.ConsumerOptions;
|
||||||
import org.pgpainless.decryption_verification.DecryptionStream;
|
import org.pgpainless.decryption_verification.DecryptionStream;
|
||||||
import org.pgpainless.decryption_verification.OpenPgpMetadata;
|
import org.pgpainless.decryption_verification.OpenPgpMetadata;
|
||||||
import org.pgpainless.key.OpenPgpV4Fingerprint;
|
import org.pgpainless.key.SubkeyIdentifier;
|
||||||
import picocli.CommandLine;
|
import picocli.CommandLine;
|
||||||
|
|
||||||
@CommandLine.Command(name = "verify",
|
@CommandLine.Command(name = "verify",
|
||||||
|
@ -124,12 +124,12 @@ public class Verify implements Runnable {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
Map<OpenPgpV4Fingerprint, PGPSignature> signaturesInTimeRange = new HashMap<>();
|
Map<SubkeyIdentifier, PGPSignature> signaturesInTimeRange = new HashMap<>();
|
||||||
for (OpenPgpV4Fingerprint fingerprint : metadata.getVerifiedSignatures().keySet()) {
|
for (SubkeyIdentifier signingKey : metadata.getVerifiedSignatures().keySet()) {
|
||||||
PGPSignature signature = metadata.getVerifiedSignatures().get(fingerprint);
|
PGPSignature signature = metadata.getVerifiedSignatures().get(signingKey);
|
||||||
Date creationTime = signature.getCreationTime();
|
Date creationTime = signature.getCreationTime();
|
||||||
if (!creationTime.before(notBeforeDate) && !creationTime.after(notAfterDate)) {
|
if (!creationTime.before(notBeforeDate) && !creationTime.after(notAfterDate)) {
|
||||||
signaturesInTimeRange.put(fingerprint, signature);
|
signaturesInTimeRange.put(signingKey, signature);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -141,19 +141,19 @@ public class Verify implements Runnable {
|
||||||
printValidSignatures(signaturesInTimeRange, publicKeys);
|
printValidSignatures(signaturesInTimeRange, publicKeys);
|
||||||
}
|
}
|
||||||
|
|
||||||
private void printValidSignatures(Map<OpenPgpV4Fingerprint, PGPSignature> validSignatures, Map<PGPPublicKeyRing, File> publicKeys) {
|
private void printValidSignatures(Map<SubkeyIdentifier, PGPSignature> validSignatures, Map<PGPPublicKeyRing, File> publicKeys) {
|
||||||
for (OpenPgpV4Fingerprint sigKeyFp : validSignatures.keySet()) {
|
for (SubkeyIdentifier signingKey : validSignatures.keySet()) {
|
||||||
PGPSignature signature = validSignatures.get(sigKeyFp);
|
PGPSignature signature = validSignatures.get(signingKey);
|
||||||
|
|
||||||
for (PGPPublicKeyRing ring : publicKeys.keySet()) {
|
for (PGPPublicKeyRing ring : publicKeys.keySet()) {
|
||||||
// Search signing key ring
|
// Search signing key ring
|
||||||
File file = publicKeys.get(ring);
|
File file = publicKeys.get(ring);
|
||||||
if (ring.getPublicKey(sigKeyFp.getKeyId()) == null) {
|
if (ring.getPublicKey(signingKey.getKeyId()) == null) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
String utcSigDate = df.format(signature.getCreationTime());
|
String utcSigDate = df.format(signature.getCreationTime());
|
||||||
OpenPgpV4Fingerprint primaryKeyFp = new OpenPgpV4Fingerprint(ring);
|
print_ln(utcSigDate + " " + signingKey.getSubkeyFingerprint() + " " + signingKey.getPrimaryKeyFingerprint() +
|
||||||
print_ln(utcSigDate + " " + sigKeyFp.toString() + " " + primaryKeyFp.toString() +
|
|
||||||
" signed by " + file.getName());
|
" signed by " + file.getName());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue