Improve logging and verify purpose of signing keys

2025-01-10 12:17:59 +01:00 · 2021-01-09 21:03:24 +01:00 · 2021-01-09 21:03:24 +01:00 · 7303c9b47d
commit 7303c9b47d
parent c89558a01b
2 changed files with 32 additions and 9 deletions
--- a/pgpainless-core/src/main/java/org/pgpainless/key/selection/key/impl/EncryptionKeySelectionStrategy.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/key/selection/key/impl/EncryptionKeySelectionStrategy.java
@ -21,6 +21,7 @@ import javax.annotation.Nonnull;

 import org.bouncycastle.openpgp.PGPPublicKey;
 import org.pgpainless.algorithm.KeyFlag;
+import org.pgpainless.algorithm.PublicKeyAlgorithm;
 import org.pgpainless.key.selection.key.PublicKeySelectionStrategy;

 /**
@ -38,16 +39,16 @@ public class EncryptionKeySelectionStrategy extends PublicKeySelectionStrategy {

    @Override
    public boolean accept(@Nonnull PGPPublicKey key) {
-        boolean isEncryptionKey = key.isEncryptionKey();
-        boolean hasAppropriateKeyFlags = keyFlagSelector.accept(key);
-
-        if (!isEncryptionKey) {
-            LOGGER.log(Level.FINE, "Key algorithm is not suitable of encryption.");
+        if (!key.isEncryptionKey()) {
+            LOGGER.log(Level.FINE, "Rejecting key " + Long.toHexString(key.getKeyID()) + " as its algorithm (" +
+                    PublicKeyAlgorithm.fromId(key.getAlgorithm()) + ") is not suitable of encryption.");
+            return false;
        }
-        if (!hasAppropriateKeyFlags) {
-            LOGGER.log(Level.FINE, "Key " + Long.toHexString(key.getKeyID()) + " does not carry ");
+        if (!keyFlagSelector.accept(key)) {
+            LOGGER.log(Level.FINE, "Rejecting key " + Long.toHexString(key.getKeyID()) + " as it does not the appropriate encryption key flags.");
+            return false;
        }

-        return isEncryptionKey && hasAppropriateKeyFlags;
+        return true;
    }
 }
--- a/pgpainless-core/src/main/java/org/pgpainless/key/selection/key/impl/SignatureKeySelectionStrategy.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/key/selection/key/impl/SignatureKeySelectionStrategy.java
@ -15,9 +15,13 @@
 */
 package org.pgpainless.key.selection.key.impl;

+import java.util.logging.Level;
+import java.util.logging.Logger;
 import javax.annotation.Nonnull;

 import org.bouncycastle.openpgp.PGPSecretKey;
+import org.pgpainless.algorithm.KeyFlag;
+import org.pgpainless.algorithm.PublicKeyAlgorithm;
 import org.pgpainless.key.selection.key.SecretKeySelectionStrategy;

 /**
@ -25,9 +29,27 @@ import org.pgpainless.key.selection.key.SecretKeySelectionStrategy;
 */
 public class SignatureKeySelectionStrategy extends SecretKeySelectionStrategy {

+    private static final Logger LOGGER = Logger.getLogger(SignatureKeySelectionStrategy.class.getName());
+
+    HasAnyKeyFlagSelectionStrategy.SecretKey flagSelector =
+            new HasAnyKeyFlagSelectionStrategy.SecretKey(KeyFlag.SIGN_DATA);
+
    @Override
    public boolean accept(@Nonnull PGPSecretKey key) {
-        return key.isSigningKey();
+        boolean hasSignDataKeyFlag = flagSelector.accept(key);
+
+        if (!key.isSigningKey()) {
+            LOGGER.log(Level.FINE, "Rejecting key " + Long.toHexString(key.getKeyID()) + " as its algorithm (" +
+                    PublicKeyAlgorithm.fromId(key.getPublicKey().getAlgorithm()) + ") is not capable of signing.");
+            return false;
+        }
+
+        if (!hasSignDataKeyFlag) {
+            LOGGER.log(Level.FINE, "Rejecting key " + Long.toHexString(key.getKeyID()) +
+                    " as it does not carry the key flag SIGN_DATA.");
+            return false;
+        }
+        return true;
    }

 }