mirror of
https://github.com/pgpainless/pgpainless.git
synced 2024-09-28 18:49:56 +02:00
Improve logging and verify purpose of signing keys
This commit is contained in:
parent
c89558a01b
commit
7303c9b47d
|
@ -21,6 +21,7 @@ import javax.annotation.Nonnull;
|
||||||
|
|
||||||
import org.bouncycastle.openpgp.PGPPublicKey;
|
import org.bouncycastle.openpgp.PGPPublicKey;
|
||||||
import org.pgpainless.algorithm.KeyFlag;
|
import org.pgpainless.algorithm.KeyFlag;
|
||||||
|
import org.pgpainless.algorithm.PublicKeyAlgorithm;
|
||||||
import org.pgpainless.key.selection.key.PublicKeySelectionStrategy;
|
import org.pgpainless.key.selection.key.PublicKeySelectionStrategy;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -38,16 +39,16 @@ public class EncryptionKeySelectionStrategy extends PublicKeySelectionStrategy {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean accept(@Nonnull PGPPublicKey key) {
|
public boolean accept(@Nonnull PGPPublicKey key) {
|
||||||
boolean isEncryptionKey = key.isEncryptionKey();
|
if (!key.isEncryptionKey()) {
|
||||||
boolean hasAppropriateKeyFlags = keyFlagSelector.accept(key);
|
LOGGER.log(Level.FINE, "Rejecting key " + Long.toHexString(key.getKeyID()) + " as its algorithm (" +
|
||||||
|
PublicKeyAlgorithm.fromId(key.getAlgorithm()) + ") is not suitable of encryption.");
|
||||||
if (!isEncryptionKey) {
|
return false;
|
||||||
LOGGER.log(Level.FINE, "Key algorithm is not suitable of encryption.");
|
|
||||||
}
|
}
|
||||||
if (!hasAppropriateKeyFlags) {
|
if (!keyFlagSelector.accept(key)) {
|
||||||
LOGGER.log(Level.FINE, "Key " + Long.toHexString(key.getKeyID()) + " does not carry ");
|
LOGGER.log(Level.FINE, "Rejecting key " + Long.toHexString(key.getKeyID()) + " as it does not the appropriate encryption key flags.");
|
||||||
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
return isEncryptionKey && hasAppropriateKeyFlags;
|
return true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -15,9 +15,13 @@
|
||||||
*/
|
*/
|
||||||
package org.pgpainless.key.selection.key.impl;
|
package org.pgpainless.key.selection.key.impl;
|
||||||
|
|
||||||
|
import java.util.logging.Level;
|
||||||
|
import java.util.logging.Logger;
|
||||||
import javax.annotation.Nonnull;
|
import javax.annotation.Nonnull;
|
||||||
|
|
||||||
import org.bouncycastle.openpgp.PGPSecretKey;
|
import org.bouncycastle.openpgp.PGPSecretKey;
|
||||||
|
import org.pgpainless.algorithm.KeyFlag;
|
||||||
|
import org.pgpainless.algorithm.PublicKeyAlgorithm;
|
||||||
import org.pgpainless.key.selection.key.SecretKeySelectionStrategy;
|
import org.pgpainless.key.selection.key.SecretKeySelectionStrategy;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -25,9 +29,27 @@ import org.pgpainless.key.selection.key.SecretKeySelectionStrategy;
|
||||||
*/
|
*/
|
||||||
public class SignatureKeySelectionStrategy extends SecretKeySelectionStrategy {
|
public class SignatureKeySelectionStrategy extends SecretKeySelectionStrategy {
|
||||||
|
|
||||||
|
private static final Logger LOGGER = Logger.getLogger(SignatureKeySelectionStrategy.class.getName());
|
||||||
|
|
||||||
|
HasAnyKeyFlagSelectionStrategy.SecretKey flagSelector =
|
||||||
|
new HasAnyKeyFlagSelectionStrategy.SecretKey(KeyFlag.SIGN_DATA);
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean accept(@Nonnull PGPSecretKey key) {
|
public boolean accept(@Nonnull PGPSecretKey key) {
|
||||||
return key.isSigningKey();
|
boolean hasSignDataKeyFlag = flagSelector.accept(key);
|
||||||
|
|
||||||
|
if (!key.isSigningKey()) {
|
||||||
|
LOGGER.log(Level.FINE, "Rejecting key " + Long.toHexString(key.getKeyID()) + " as its algorithm (" +
|
||||||
|
PublicKeyAlgorithm.fromId(key.getPublicKey().getAlgorithm()) + ") is not capable of signing.");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!hasSignDataKeyFlag) {
|
||||||
|
LOGGER.log(Level.FINE, "Rejecting key " + Long.toHexString(key.getKeyID()) +
|
||||||
|
" as it does not carry the key flag SIGN_DATA.");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue