PGPainless/pgpainless
PGPainless/pgpainless
1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-06-25 21:14:49 +02:00
Code Issues Releases Wiki Activity

Improve logging and verify purpose of signing keys

Browse source
This commit is contained in:
Paul Schaub 2021-01-09 21:03:24 +01:00
parent c89558a01b
commit 7303c9b47d
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
2 changed files with 32 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
pgpainless-core/src/main/java/org/pgpainless/key/selection/key/impl/EncryptionKeySelectionStrategy.java
View file

@ -21,6 +21,7 @@ import javax.annotation.Nonnull;
import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPPublicKey;
import org.pgpainless.algorithm.KeyFlag; import org.pgpainless.algorithm.KeyFlag;
import org.pgpainless.algorithm.PublicKeyAlgorithm;
import org.pgpainless.key.selection.key.PublicKeySelectionStrategy; import org.pgpainless.key.selection.key.PublicKeySelectionStrategy;
/** /**
@ -38,16 +39,16 @@ public class EncryptionKeySelectionStrategy extends PublicKeySelectionStrategy {
@Override @Override
public boolean accept(@Nonnull PGPPublicKey key) { public boolean accept(@Nonnull PGPPublicKey key) {
boolean isEncryptionKey = key.isEncryptionKey(); if (!key.isEncryptionKey()) {
boolean hasAppropriateKeyFlags = keyFlagSelector.accept(key); LOGGER.log(Level.FINE, "Rejecting key " + Long.toHexString(key.getKeyID()) + " as its algorithm (" +
PublicKeyAlgorithm.fromId(key.getAlgorithm()) + ") is not suitable of encryption.");
if (!isEncryptionKey) { return false;
LOGGER.log(Level.FINE, "Key algorithm is not suitable of encryption.");
} }
if (!hasAppropriateKeyFlags) { if (!keyFlagSelector.accept(key)) {
LOGGER.log(Level.FINE, "Key " + Long.toHexString(key.getKeyID()) + " does not carry "); LOGGER.log(Level.FINE, "Rejecting key " + Long.toHexString(key.getKeyID()) + " as it does not the appropriate encryption key flags.");
return false;
} }
return isEncryptionKey && hasAppropriateKeyFlags; return true;
} }
} }

24
pgpainless-core/src/main/java/org/pgpainless/key/selection/key/impl/SignatureKeySelectionStrategy.java
View file

@ -15,9 +15,13 @@
*/ */
package org.pgpainless.key.selection.key.impl; package org.pgpainless.key.selection.key.impl;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.annotation.Nonnull; import javax.annotation.Nonnull;
import org.bouncycastle.openpgp.PGPSecretKey; import org.bouncycastle.openpgp.PGPSecretKey;
import org.pgpainless.algorithm.KeyFlag;
import org.pgpainless.algorithm.PublicKeyAlgorithm;
import org.pgpainless.key.selection.key.SecretKeySelectionStrategy; import org.pgpainless.key.selection.key.SecretKeySelectionStrategy;
/** /**
@ -25,9 +29,27 @@ import org.pgpainless.key.selection.key.SecretKeySelectionStrategy;
*/ */
public class SignatureKeySelectionStrategy extends SecretKeySelectionStrategy { public class SignatureKeySelectionStrategy extends SecretKeySelectionStrategy {
private static final Logger LOGGER = Logger.getLogger(SignatureKeySelectionStrategy.class.getName());
HasAnyKeyFlagSelectionStrategy.SecretKey flagSelector =
new HasAnyKeyFlagSelectionStrategy.SecretKey(KeyFlag.SIGN_DATA);
@Override @Override
public boolean accept(@Nonnull PGPSecretKey key) { public boolean accept(@Nonnull PGPSecretKey key) {
return key.isSigningKey(); boolean hasSignDataKeyFlag = flagSelector.accept(key);
if (!key.isSigningKey()) {
LOGGER.log(Level.FINE, "Rejecting key " + Long.toHexString(key.getKeyID()) + " as its algorithm (" +
PublicKeyAlgorithm.fromId(key.getPublicKey().getAlgorithm()) + ") is not capable of signing.");
return false;
}
if (!hasSignDataKeyFlag) {
LOGGER.log(Level.FINE, "Rejecting key " + Long.toHexString(key.getKeyID()) +
" as it does not carry the key flag SIGN_DATA.");
return false;
}
return true;
} }
} }