From 7303c9b47d0a3204a84f07f98eddccfb2be698f2 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Sat, 9 Jan 2021 21:03:24 +0100 Subject: [PATCH] Improve logging and verify purpose of signing keys --- .../impl/EncryptionKeySelectionStrategy.java | 17 ++++++------- .../impl/SignatureKeySelectionStrategy.java | 24 ++++++++++++++++++- 2 files changed, 32 insertions(+), 9 deletions(-) diff --git a/pgpainless-core/src/main/java/org/pgpainless/key/selection/key/impl/EncryptionKeySelectionStrategy.java b/pgpainless-core/src/main/java/org/pgpainless/key/selection/key/impl/EncryptionKeySelectionStrategy.java index 924aa319..632b4ffd 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/key/selection/key/impl/EncryptionKeySelectionStrategy.java +++ b/pgpainless-core/src/main/java/org/pgpainless/key/selection/key/impl/EncryptionKeySelectionStrategy.java @@ -21,6 +21,7 @@ import javax.annotation.Nonnull; import org.bouncycastle.openpgp.PGPPublicKey; import org.pgpainless.algorithm.KeyFlag; +import org.pgpainless.algorithm.PublicKeyAlgorithm; import org.pgpainless.key.selection.key.PublicKeySelectionStrategy; /** @@ -38,16 +39,16 @@ public class EncryptionKeySelectionStrategy extends PublicKeySelectionStrategy { @Override public boolean accept(@Nonnull PGPPublicKey key) { - boolean isEncryptionKey = key.isEncryptionKey(); - boolean hasAppropriateKeyFlags = keyFlagSelector.accept(key); - - if (!isEncryptionKey) { - LOGGER.log(Level.FINE, "Key algorithm is not suitable of encryption."); + if (!key.isEncryptionKey()) { + LOGGER.log(Level.FINE, "Rejecting key " + Long.toHexString(key.getKeyID()) + " as its algorithm (" + + PublicKeyAlgorithm.fromId(key.getAlgorithm()) + ") is not suitable of encryption."); + return false; } - if (!hasAppropriateKeyFlags) { - LOGGER.log(Level.FINE, "Key " + Long.toHexString(key.getKeyID()) + " does not carry "); + if (!keyFlagSelector.accept(key)) { + LOGGER.log(Level.FINE, "Rejecting key " + Long.toHexString(key.getKeyID()) + " as it does not the appropriate encryption key flags."); + return false; } - return isEncryptionKey && hasAppropriateKeyFlags; + return true; } } diff --git a/pgpainless-core/src/main/java/org/pgpainless/key/selection/key/impl/SignatureKeySelectionStrategy.java b/pgpainless-core/src/main/java/org/pgpainless/key/selection/key/impl/SignatureKeySelectionStrategy.java index 41246327..f1e5aa6e 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/key/selection/key/impl/SignatureKeySelectionStrategy.java +++ b/pgpainless-core/src/main/java/org/pgpainless/key/selection/key/impl/SignatureKeySelectionStrategy.java @@ -15,9 +15,13 @@ */ package org.pgpainless.key.selection.key.impl; +import java.util.logging.Level; +import java.util.logging.Logger; import javax.annotation.Nonnull; import org.bouncycastle.openpgp.PGPSecretKey; +import org.pgpainless.algorithm.KeyFlag; +import org.pgpainless.algorithm.PublicKeyAlgorithm; import org.pgpainless.key.selection.key.SecretKeySelectionStrategy; /** @@ -25,9 +29,27 @@ import org.pgpainless.key.selection.key.SecretKeySelectionStrategy; */ public class SignatureKeySelectionStrategy extends SecretKeySelectionStrategy { + private static final Logger LOGGER = Logger.getLogger(SignatureKeySelectionStrategy.class.getName()); + + HasAnyKeyFlagSelectionStrategy.SecretKey flagSelector = + new HasAnyKeyFlagSelectionStrategy.SecretKey(KeyFlag.SIGN_DATA); + @Override public boolean accept(@Nonnull PGPSecretKey key) { - return key.isSigningKey(); + boolean hasSignDataKeyFlag = flagSelector.accept(key); + + if (!key.isSigningKey()) { + LOGGER.log(Level.FINE, "Rejecting key " + Long.toHexString(key.getKeyID()) + " as its algorithm (" + + PublicKeyAlgorithm.fromId(key.getPublicKey().getAlgorithm()) + ") is not capable of signing."); + return false; + } + + if (!hasSignDataKeyFlag) { + LOGGER.log(Level.FINE, "Rejecting key " + Long.toHexString(key.getKeyID()) + + " as it does not carry the key flag SIGN_DATA."); + return false; + } + return true; } }