1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-12-23 03:17:58 +01:00

Allow for revocation attributes to be passed in when revoking subkey directly

This commit is contained in:
Paul Schaub 2020-11-20 12:19:45 +01:00
parent 0edd8b616f
commit 8305fcf0ee
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
2 changed files with 76 additions and 8 deletions

View file

@ -258,19 +258,24 @@ public class SecretKeyRingEditor implements SecretKeyRingEditorInterface {
}
@Override
public SecretKeyRingEditorInterface revokeSubKey(OpenPgpV4Fingerprint fingerprint, SecretKeyRingProtector protector)
public SecretKeyRingEditorInterface revokeSubKey(OpenPgpV4Fingerprint fingerprint,
SecretKeyRingProtector protector,
RevocationAttributes revocationAttributes)
throws PGPException {
return revokeSubKey(fingerprint.getKeyId(), protector);
return revokeSubKey(fingerprint.getKeyId(), protector, revocationAttributes);
}
@Override
public SecretKeyRingEditorInterface revokeSubKey(long subKeyId, SecretKeyRingProtector protector) throws PGPException {
public SecretKeyRingEditorInterface revokeSubKey(long subKeyId,
SecretKeyRingProtector protector,
RevocationAttributes revocationAttributes)
throws PGPException {
PGPPublicKey revokeeSubKey = secretKeyRing.getPublicKey(subKeyId);
if (revokeeSubKey == null) {
throw new NoSuchElementException("No subkey with id " + Long.toHexString(subKeyId) + " found.");
}
secretKeyRing = revokeSubKey(protector, revokeeSubKey);
secretKeyRing = revokeSubKey(protector, revokeeSubKey, revocationAttributes);
return this;
}
@ -302,9 +307,11 @@ public class SecretKeyRingEditor implements SecretKeyRingEditorInterface {
return revocationCertificate;
}
private PGPSecretKeyRing revokeSubKey(SecretKeyRingProtector protector, PGPPublicKey revokeeSubKey)
private PGPSecretKeyRing revokeSubKey(SecretKeyRingProtector protector,
PGPPublicKey revokeeSubKey,
RevocationAttributes revocationAttributes)
throws PGPException {
PGPSignature subKeyRevocation = generateRevocation(protector, revokeeSubKey, null);
PGPSignature subKeyRevocation = generateRevocation(protector, revokeeSubKey, revocationAttributes);
revokeeSubKey = PGPPublicKey.addCertification(revokeeSubKey, subKeyRevocation);
// Inject revoked public key into key ring

View file

@ -117,7 +117,26 @@ public interface SecretKeyRingEditorInterface {
* @param fingerprint fingerprint of the subkey to be revoked
* @return the builder
*/
SecretKeyRingEditorInterface revokeSubKey(OpenPgpV4Fingerprint fingerprint, SecretKeyRingProtector secretKeyRingProtector) throws PGPException;
default SecretKeyRingEditorInterface revokeSubKey(OpenPgpV4Fingerprint fingerprint,
SecretKeyRingProtector secretKeyRingProtector)
throws PGPException {
return revokeSubKey(fingerprint, secretKeyRingProtector, null);
}
/**
* Revoke the subkey binding signature of a subkey.
* The subkey with the provided fingerprint will be revoked.
* If no suitable subkey is found, a {@link java.util.NoSuchElementException} will be thrown.
*
* @param fingerprint fingerprint of the subkey to be revoked
* @param secretKeyRingProtector protector to unlock the primary key
* @param revocationAttributes reason for the revocation
* @return the builder
*/
SecretKeyRingEditorInterface revokeSubKey(OpenPgpV4Fingerprint fingerprint,
SecretKeyRingProtector secretKeyRingProtector,
RevocationAttributes revocationAttributes)
throws PGPException;
/**
* Revoke the subkey binding signature of a subkey.
@ -127,13 +146,48 @@ public interface SecretKeyRingEditorInterface {
* @param subKeyId id of the subkey
* @return the builder
*/
SecretKeyRingEditorInterface revokeSubKey(long subKeyId, SecretKeyRingProtector secretKeyRingProtector) throws PGPException;
default SecretKeyRingEditorInterface revokeSubKey(long subKeyId,
SecretKeyRingProtector secretKeyRingProtector)
throws PGPException {
return revokeSubKey(subKeyId, secretKeyRingProtector, null);
}
/**
* Revoke the subkey binding signature of a subkey.
* The subkey with the provided key-id will be revoked.
* If no suitable subkey is found, q {@link java.util.NoSuchElementException} will be thrown.
*
* @param subKeyId id of the subkey
* @param secretKeyRingProtector protector to unlock the primary key
* @param revocationAttributes reason for the revocation
* @return the builder
*/
SecretKeyRingEditorInterface revokeSubKey(long subKeyId,
SecretKeyRingProtector secretKeyRingProtector,
RevocationAttributes revocationAttributes)
throws PGPException;
/**
* Create a detached revocation certificate, which can be used to revoke the specified key.
*
* @param fingerprint fingerprint of the key to be revoked. Can be primary or sub key.
* @param secretKeyRingProtector protector to unlock the primary key.
* @param revocationAttributes reason for the revocation
* @return revocation certificate
*/
PGPSignature createRevocationCertificate(OpenPgpV4Fingerprint fingerprint,
SecretKeyRingProtector secretKeyRingProtector,
RevocationAttributes revocationAttributes)
throws PGPException;
/**
* Create a detached revocation certificate, which can be used to revoke the specified key.
*
* @param subKeyId id of the key to be revoked. Can be primary or sub key.
* @param secretKeyRingProtector protector to unlock the primary key.
* @param revocationAttributes reason for the revocation
* @return revocation certificate
*/
PGPSignature createRevocationCertificate(long subKeyId,
SecretKeyRingProtector secretKeyRingProtector,
RevocationAttributes revocationAttributes)
@ -149,6 +203,13 @@ public interface SecretKeyRingEditorInterface {
return changePassphraseFromOldPassphrase(oldPassphrase, KeyRingProtectionSettings.secureDefaultSettings());
}
/**
* Change the passphrase of the whole key ring.
*
* @param oldPassphrase old passphrase or null, if the key was unprotected
* @param oldProtectionSettings custom settings for the old passphrase
* @return next builder step
*/
WithKeyRingEncryptionSettings changePassphraseFromOldPassphrase(@Nullable Passphrase oldPassphrase,
@Nonnull KeyRingProtectionSettings oldProtectionSettings);