1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-06-16 08:34:53 +02:00

Improve logging and verify purpose of signing keys

This commit is contained in:
Paul Schaub 2021-01-09 21:03:24 +01:00
parent c89558a01b
commit 7303c9b47d
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
2 changed files with 32 additions and 9 deletions

View file

@ -21,6 +21,7 @@ import javax.annotation.Nonnull;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.pgpainless.algorithm.KeyFlag;
import org.pgpainless.algorithm.PublicKeyAlgorithm;
import org.pgpainless.key.selection.key.PublicKeySelectionStrategy;
/**
@ -38,16 +39,16 @@ public class EncryptionKeySelectionStrategy extends PublicKeySelectionStrategy {
@Override
public boolean accept(@Nonnull PGPPublicKey key) {
boolean isEncryptionKey = key.isEncryptionKey();
boolean hasAppropriateKeyFlags = keyFlagSelector.accept(key);
if (!isEncryptionKey) {
LOGGER.log(Level.FINE, "Key algorithm is not suitable of encryption.");
if (!key.isEncryptionKey()) {
LOGGER.log(Level.FINE, "Rejecting key " + Long.toHexString(key.getKeyID()) + " as its algorithm (" +
PublicKeyAlgorithm.fromId(key.getAlgorithm()) + ") is not suitable of encryption.");
return false;
}
if (!hasAppropriateKeyFlags) {
LOGGER.log(Level.FINE, "Key " + Long.toHexString(key.getKeyID()) + " does not carry ");
if (!keyFlagSelector.accept(key)) {
LOGGER.log(Level.FINE, "Rejecting key " + Long.toHexString(key.getKeyID()) + " as it does not the appropriate encryption key flags.");
return false;
}
return isEncryptionKey && hasAppropriateKeyFlags;
return true;
}
}

View file

@ -15,9 +15,13 @@
*/
package org.pgpainless.key.selection.key.impl;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.annotation.Nonnull;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.pgpainless.algorithm.KeyFlag;
import org.pgpainless.algorithm.PublicKeyAlgorithm;
import org.pgpainless.key.selection.key.SecretKeySelectionStrategy;
/**
@ -25,9 +29,27 @@ import org.pgpainless.key.selection.key.SecretKeySelectionStrategy;
*/
public class SignatureKeySelectionStrategy extends SecretKeySelectionStrategy {
private static final Logger LOGGER = Logger.getLogger(SignatureKeySelectionStrategy.class.getName());
HasAnyKeyFlagSelectionStrategy.SecretKey flagSelector =
new HasAnyKeyFlagSelectionStrategy.SecretKey(KeyFlag.SIGN_DATA);
@Override
public boolean accept(@Nonnull PGPSecretKey key) {
return key.isSigningKey();
boolean hasSignDataKeyFlag = flagSelector.accept(key);
if (!key.isSigningKey()) {
LOGGER.log(Level.FINE, "Rejecting key " + Long.toHexString(key.getKeyID()) + " as its algorithm (" +
PublicKeyAlgorithm.fromId(key.getPublicKey().getAlgorithm()) + ") is not capable of signing.");
return false;
}
if (!hasSignDataKeyFlag) {
LOGGER.log(Level.FINE, "Rejecting key " + Long.toHexString(key.getKeyID()) +
" as it does not carry the key flag SIGN_DATA.");
return false;
}
return true;
}
}