From 88891e1337104796a5288de576cd4f124f04707f Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Wed, 16 Jun 2021 15:38:02 +0200 Subject: [PATCH] Remove usage of deprecated decryption/verification API in tests --- .../ConsumerOptions.java | 68 ++++++++++ .../pgpainless/signature/SignatureUtils.java | 52 +++++-- .../DecryptAndVerifyMessageTest.java | 14 +- .../DecryptHiddenRecipientMessage.java | 12 +- .../ModificationDetectionTests.java | 24 ++-- .../RecursionDepthTest.java | 8 +- ...eakSymmetricAlgorithmDuringDecryption.java | 38 +++--- .../VerifyWithMissingPublicKeyCallback.java | 11 +- .../EncryptDecryptTest.java | 53 ++++---- .../encryption_signing/FileInfoTest.java | 9 +- .../encryption_signing/LengthTest.java | 127 ------------------ ...ymmetricAlgorithmDuringEncryptionTest.java | 3 +- .../encryption_signing/SigningTest.java | 36 +++-- .../BindingSignatureSubpacketsTest.java | 67 ++++----- .../signature/IgnoreMarkerPackets.java | 28 ++-- .../signature/KeyRevocationTest.java | 5 +- .../SignatureChainValidatorTest.java | 15 ++- .../signature/SignatureStructureTest.java | 3 +- ...ultiPassphraseSymmetricEncryptionTest.java | 22 +-- .../SymmetricEncryptionTest.java | 32 ++--- ...ncryptCommsStorageFlagsDifferentiated.java | 13 +- .../weird_keys/TestTwoSubkeysEncryption.java | 2 +- .../org/pgpainless/sop/commands/Decrypt.java | 38 +++--- .../org/pgpainless/sop/commands/Verify.java | 52 +++---- 24 files changed, 342 insertions(+), 390 deletions(-) delete mode 100644 pgpainless-core/src/test/java/org/pgpainless/encryption_signing/LengthTest.java diff --git a/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/ConsumerOptions.java b/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/ConsumerOptions.java index f0ae17f1..86bc8176 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/ConsumerOptions.java +++ b/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/ConsumerOptions.java @@ -15,19 +15,31 @@ */ package org.pgpainless.decryption_verification; +import java.io.IOException; +import java.io.InputStream; +import java.util.ArrayList; import java.util.Collections; import java.util.Date; import java.util.HashMap; import java.util.HashSet; +import java.util.List; import java.util.Map; import java.util.Set; import javax.annotation.Nonnull; import javax.annotation.Nullable; +import org.bouncycastle.bcpg.MarkerPacket; +import org.bouncycastle.openpgp.PGPCompressedData; +import org.bouncycastle.openpgp.PGPException; +import org.bouncycastle.openpgp.PGPObjectFactory; import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPPublicKeyRingCollection; import org.bouncycastle.openpgp.PGPSecretKeyRing; +import org.bouncycastle.openpgp.PGPSecretKeyRingCollection; import org.bouncycastle.openpgp.PGPSignature; +import org.bouncycastle.openpgp.PGPSignatureList; +import org.bouncycastle.openpgp.PGPUtil; +import org.pgpainless.implementation.ImplementationFactory; import org.pgpainless.key.protection.SecretKeyRingProtector; import org.pgpainless.util.Passphrase; @@ -105,6 +117,48 @@ public class ConsumerOptions { return this; } + public ConsumerOptions addVerificationOfDetachedSignatures(InputStream signatureInputStream) throws IOException, PGPException { + List signatures = new ArrayList<>(); + InputStream pgpIn = PGPUtil.getDecoderStream(signatureInputStream); + PGPObjectFactory objectFactory = new PGPObjectFactory( + pgpIn, ImplementationFactory.getInstance().getKeyFingerprintCalculator()); + + Object nextObject = objectFactory.nextObject(); + while (nextObject != null) { + if (nextObject instanceof MarkerPacket) { + nextObject = objectFactory.nextObject(); + continue; + } + if (nextObject instanceof PGPCompressedData) { + PGPCompressedData compressedData = (PGPCompressedData) nextObject; + objectFactory = new PGPObjectFactory(compressedData.getDataStream(), + ImplementationFactory.getInstance().getKeyFingerprintCalculator()); + nextObject = objectFactory.nextObject(); + continue; + } + if (nextObject instanceof PGPSignatureList) { + PGPSignatureList signatureList = (PGPSignatureList) nextObject; + for (PGPSignature s : signatureList) { + signatures.add(s); + } + } + if (nextObject instanceof PGPSignature) { + signatures.add((PGPSignature) nextObject); + } + nextObject = objectFactory.nextObject(); + } + pgpIn.close(); + + return addVerificationOfDetachedSignatures(signatures); + } + + public ConsumerOptions addVerificationOfDetachedSignatures(List detachedSignatures) { + for (PGPSignature signature : detachedSignatures) { + addVerificationOfDetachedSignature(signature); + } + return this; + } + /** * Add a detached signature for the signature verification process. * @@ -183,6 +237,20 @@ public class ConsumerOptions { return this; } + /** + * Add the keys in the provided key collection for message decryption. + * + * @param keys key collection + * @param keyRingProtector protector for encrypted secret keys + * @return options + */ + public ConsumerOptions addDecryptionKeys(@Nonnull PGPSecretKeyRingCollection keys, @Nonnull SecretKeyRingProtector keyRingProtector) { + for (PGPSecretKeyRing key : keys) { + addDecryptionKey(key, keyRingProtector); + } + return this; + } + /** * Add a passphrase for message decryption. * diff --git a/pgpainless-core/src/main/java/org/pgpainless/signature/SignatureUtils.java b/pgpainless-core/src/main/java/org/pgpainless/signature/SignatureUtils.java index b8117fad..c1d418e1 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/signature/SignatureUtils.java +++ b/pgpainless-core/src/main/java/org/pgpainless/signature/SignatureUtils.java @@ -15,22 +15,27 @@ */ package org.pgpainless.signature; +import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; import java.nio.charset.Charset; +import java.util.ArrayList; import java.util.Date; import java.util.List; +import org.bouncycastle.bcpg.MarkerPacket; import org.bouncycastle.bcpg.sig.KeyExpirationTime; import org.bouncycastle.bcpg.sig.RevocationReason; import org.bouncycastle.bcpg.sig.SignatureExpirationTime; -import org.bouncycastle.openpgp.PGPMarker; +import org.bouncycastle.openpgp.PGPCompressedData; +import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPObjectFactory; import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPSecretKey; import org.bouncycastle.openpgp.PGPSignature; import org.bouncycastle.openpgp.PGPSignatureGenerator; import org.bouncycastle.openpgp.PGPSignatureList; +import org.bouncycastle.openpgp.PGPUtil; import org.bouncycastle.openpgp.operator.PGPContentSignerBuilder; import org.bouncycastle.util.encoders.Hex; import org.pgpainless.PGPainless; @@ -41,7 +46,6 @@ import org.pgpainless.key.util.OpenPgpKeyAttributeUtil; import org.pgpainless.key.util.RevocationAttributes; import org.pgpainless.policy.Policy; import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil; -import org.pgpainless.util.BCUtil; /** * Utility methods related to signatures. @@ -183,18 +187,44 @@ public class SignatureUtils { * @return signature list * @throws IOException if the signatures cannot be read */ - public static PGPSignatureList readSignatures(String encodedSignatures) throws IOException { - InputStream inputStream = BCUtil.getPgpDecoderInputStream(encodedSignatures.getBytes(Charset.forName("UTF8"))); - PGPObjectFactory objectFactory = new PGPObjectFactory(inputStream, ImplementationFactory.getInstance().getKeyFingerprintCalculator()); - Object next = objectFactory.nextObject(); - while (next != null) { - if (next instanceof PGPMarker) { - next = objectFactory.nextObject(); + public static List readSignatures(String encodedSignatures) throws IOException, PGPException { + InputStream inputStream = new ByteArrayInputStream(encodedSignatures.getBytes(Charset.forName("UTF8"))); + return readSignatures(inputStream); + } + + public static List readSignatures(InputStream inputStream) throws IOException, PGPException { + List signatures = new ArrayList<>(); + InputStream pgpIn = PGPUtil.getDecoderStream(inputStream); + PGPObjectFactory objectFactory = new PGPObjectFactory( + pgpIn, ImplementationFactory.getInstance().getKeyFingerprintCalculator()); + + Object nextObject = objectFactory.nextObject(); + while (nextObject != null) { + if (nextObject instanceof MarkerPacket) { + nextObject = objectFactory.nextObject(); continue; } - return (PGPSignatureList) next; + if (nextObject instanceof PGPCompressedData) { + PGPCompressedData compressedData = (PGPCompressedData) nextObject; + objectFactory = new PGPObjectFactory(compressedData.getDataStream(), + ImplementationFactory.getInstance().getKeyFingerprintCalculator()); + nextObject = objectFactory.nextObject(); + continue; + } + if (nextObject instanceof PGPSignatureList) { + PGPSignatureList signatureList = (PGPSignatureList) nextObject; + for (PGPSignature s : signatureList) { + signatures.add(s); + } + } + if (nextObject instanceof PGPSignature) { + signatures.add((PGPSignature) nextObject); + } + nextObject = objectFactory.nextObject(); } - return null; + pgpIn.close(); + + return signatures; } public static String getSignatureDigestPrefix(PGPSignature signature) { diff --git a/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/DecryptAndVerifyMessageTest.java b/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/DecryptAndVerifyMessageTest.java index aa33d45e..c47f095f 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/DecryptAndVerifyMessageTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/DecryptAndVerifyMessageTest.java @@ -23,12 +23,9 @@ import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.nio.charset.Charset; -import java.util.Collections; import org.bouncycastle.openpgp.PGPException; -import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPSecretKeyRing; -import org.bouncycastle.openpgp.PGPSecretKeyRingCollection; import org.bouncycastle.util.io.Streams; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.params.ParameterizedTest; @@ -38,7 +35,7 @@ import org.pgpainless.algorithm.CompressionAlgorithm; import org.pgpainless.algorithm.SymmetricKeyAlgorithm; import org.pgpainless.implementation.ImplementationFactory; import org.pgpainless.key.TestKeys; -import org.pgpainless.key.protection.UnprotectedKeysProtector; +import org.pgpainless.key.util.KeyRingUtils; public class DecryptAndVerifyMessageTest { @@ -60,12 +57,13 @@ public class DecryptAndVerifyMessageTest { ImplementationFactory.setFactoryImplementation(implementationFactory); String encryptedMessage = TestKeys.MSG_SIGN_CRYPT_JULIET_JULIET; + ConsumerOptions options = new ConsumerOptions() + .addDecryptionKey(juliet) + .addVerificationCert(KeyRingUtils.publicKeyRingFrom(juliet)); + DecryptionStream decryptor = PGPainless.decryptAndOrVerify() .onInputStream(new ByteArrayInputStream(encryptedMessage.getBytes())) - .decryptWith(new UnprotectedKeysProtector(), new PGPSecretKeyRingCollection(Collections.singleton(juliet))) - .verifyWith(Collections.singleton(new PGPPublicKeyRing(Collections.singletonList(juliet.getPublicKey())))) - .ignoreMissingPublicKeys() - .build(); + .withOptions(options); ByteArrayOutputStream toPlain = new ByteArrayOutputStream(); Streams.pipeAll(decryptor, toPlain); diff --git a/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/DecryptHiddenRecipientMessage.java b/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/DecryptHiddenRecipientMessage.java index 4b388cba..7cc76f33 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/DecryptHiddenRecipientMessage.java +++ b/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/DecryptHiddenRecipientMessage.java @@ -21,13 +21,11 @@ import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.nio.charset.StandardCharsets; -import java.util.Collections; import java.util.Set; import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPSecretKeyRing; -import org.bouncycastle.openpgp.PGPSecretKeyRingCollection; import org.bouncycastle.util.io.Streams; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.MethodSource; @@ -35,7 +33,6 @@ import org.pgpainless.PGPainless; import org.pgpainless.algorithm.KeyFlag; import org.pgpainless.implementation.ImplementationFactory; import org.pgpainless.key.OpenPgpV4Fingerprint; -import org.pgpainless.key.protection.SecretKeyRingProtector; import org.pgpainless.key.util.KeyRingUtils; import org.pgpainless.util.selection.key.impl.EncryptionKeySelectionStrategy; @@ -144,11 +141,12 @@ public class DecryptHiddenRecipientMessage { "=1knQ\n" + "-----END PGP MESSAGE-----\n"; ByteArrayInputStream messageIn = new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8)); + ConsumerOptions options = new ConsumerOptions() + .addDecryptionKey(secretKeys); - DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify().onInputStream(messageIn) - .decryptWith(SecretKeyRingProtector.unprotectedKeys(), new PGPSecretKeyRingCollection(Collections.singletonList(secretKeys))) - .doNotVerify() - .build(); + DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify() + .onInputStream(messageIn) + .withOptions(options); ByteArrayOutputStream out = new ByteArrayOutputStream(); Streams.pipeAll(decryptionStream, out); diff --git a/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/ModificationDetectionTests.java b/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/ModificationDetectionTests.java index a9b92750..0504aa23 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/ModificationDetectionTests.java +++ b/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/ModificationDetectionTests.java @@ -154,9 +154,9 @@ public class ModificationDetectionTests { InputStream in = new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8)); DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify() .onInputStream(in) - .decryptWith(SecretKeyRingProtector.unprotectedKeys(), secretKeyRings) - .doNotVerify() - .build(); + .withOptions(new ConsumerOptions() + .addDecryptionKeys(secretKeyRings, SecretKeyRingProtector.unprotectedKeys()) + ); ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); assertThrows(EOFException.class, () -> { @@ -187,9 +187,9 @@ public class ModificationDetectionTests { ByteArrayInputStream in = new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8)); DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify() .onInputStream(in) - .decryptWith(getDecryptionKey()) - .doNotVerify() - .build(); + .withOptions(new ConsumerOptions() + .addDecryptionKeys(getDecryptionKey(), SecretKeyRingProtector.unprotectedKeys()) + ); ByteArrayOutputStream out = new ByteArrayOutputStream(); Streams.pipeAll(decryptionStream, out); @@ -218,9 +218,9 @@ public class ModificationDetectionTests { ByteArrayInputStream in = new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8)); DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify() .onInputStream(in) - .decryptWith(getDecryptionKey()) - .doNotVerify() - .build(); + .withOptions(new ConsumerOptions() + .addDecryptionKeys(getDecryptionKey(), SecretKeyRingProtector.unprotectedKeys()) + ); ByteArrayOutputStream out = new ByteArrayOutputStream(); Streams.pipeAll(decryptionStream, out); @@ -387,9 +387,9 @@ public class ModificationDetectionTests { assertThrows(MessageNotIntegrityProtectedException.class, () -> PGPainless.decryptAndOrVerify() .onInputStream(new ByteArrayInputStream(ciphertext.getBytes(StandardCharsets.UTF_8))) - .decryptWith(SecretKeyRingProtector.unlockAllKeysWith(passphrase, secretKeyRing), new PGPSecretKeyRingCollection(Collections.singleton(secretKeyRing))) - .doNotVerify() - .build()); + .withOptions(new ConsumerOptions().addDecryptionKey(secretKeyRing, + SecretKeyRingProtector.unlockAllKeysWith(passphrase, secretKeyRing))) + ); } private PGPSecretKeyRingCollection getDecryptionKey() throws IOException, PGPException { diff --git a/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/RecursionDepthTest.java b/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/RecursionDepthTest.java index 74dfa22f..3ec55359 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/RecursionDepthTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/RecursionDepthTest.java @@ -21,17 +21,14 @@ import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.nio.charset.StandardCharsets; -import java.util.Collections; import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPSecretKeyRing; -import org.bouncycastle.openpgp.PGPSecretKeyRingCollection; import org.bouncycastle.util.io.Streams; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.MethodSource; import org.pgpainless.PGPainless; import org.pgpainless.implementation.ImplementationFactory; -import org.pgpainless.key.protection.SecretKeyRingProtector; public class RecursionDepthTest { @@ -127,7 +124,6 @@ public class RecursionDepthTest { "=miES\n" + "-----END PGP PRIVATE KEY BLOCK-----\n"; PGPSecretKeyRing secretKey = PGPainless.readKeyRing().secretKeyRing(key); - PGPSecretKeyRingCollection secretKeys = new PGPSecretKeyRingCollection(Collections.singletonList(secretKey)); // message contains compressed data that contains compressed data that contains... 64 times. String msg = "-----BEGIN PGP ARMORED FILE-----\n" + @@ -161,9 +157,7 @@ public class RecursionDepthTest { assertThrows(PGPException.class, () -> { DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify() .onInputStream(new ByteArrayInputStream(msg.getBytes(StandardCharsets.UTF_8))) - .decryptWith(SecretKeyRingProtector.unprotectedKeys(), secretKeys) - .doNotVerify() - .build(); + .withOptions(new ConsumerOptions().addDecryptionKey(secretKey)); ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); Streams.pipeAll(decryptionStream, outputStream); diff --git a/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/RejectWeakSymmetricAlgorithmDuringDecryption.java b/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/RejectWeakSymmetricAlgorithmDuringDecryption.java index 6db5eda0..46c43143 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/RejectWeakSymmetricAlgorithmDuringDecryption.java +++ b/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/RejectWeakSymmetricAlgorithmDuringDecryption.java @@ -20,6 +20,7 @@ import static org.junit.jupiter.api.Assertions.fail; import java.io.ByteArrayInputStream; import java.io.IOException; +import java.io.InputStream; import java.nio.charset.StandardCharsets; import org.bouncycastle.openpgp.PGPException; @@ -27,7 +28,6 @@ import org.bouncycastle.openpgp.PGPSecretKeyRing; import org.junit.jupiter.api.Test; import org.pgpainless.PGPainless; import org.pgpainless.exception.UnacceptableAlgorithmException; -import org.pgpainless.key.protection.SecretKeyRingProtector; /** * Test PGPainless' default symmetric key algorithm policy for decryption of messages. @@ -146,11 +146,13 @@ public class RejectWeakSymmetricAlgorithmDuringDecryption { "=w0KS\n" + "-----END PGP MESSAGE-----\n"; + InputStream messageIn = new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8)); + assertThrows(UnacceptableAlgorithmException.class, () -> - PGPainless.decryptAndOrVerify().onInputStream(new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8))) - .decryptWith(SecretKeyRingProtector.unprotectedKeys(), secretKeys) - .doNotVerify() - .build()); + PGPainless.decryptAndOrVerify() + .onInputStream(messageIn) + .withOptions(new ConsumerOptions().addDecryptionKey(secretKeys)) + ); } @Test @@ -171,11 +173,14 @@ public class RejectWeakSymmetricAlgorithmDuringDecryption { "WLlG7ee7fRqQPTSP+OLh4Cm8zDIaCNowj0Ua4KwcWZDYERzg\n" + "=j71X\n" + "-----END PGP ARMORED FILE-----\n"; + + InputStream messageIn = new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8)); + assertThrows(UnacceptableAlgorithmException.class, () -> - PGPainless.decryptAndOrVerify().onInputStream(new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8))) - .decryptWith(SecretKeyRingProtector.unprotectedKeys(), secretKeys) - .doNotVerify() - .build()); + PGPainless.decryptAndOrVerify() + .onInputStream(messageIn) + .withOptions(new ConsumerOptions().addDecryptionKey(secretKeys)) + ); } @Test @@ -197,11 +202,11 @@ public class RejectWeakSymmetricAlgorithmDuringDecryption { "=qNxx\n" + "-----END PGP ARMORED FILE-----\n"; + InputStream messageIn = new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8)); assertThrows(UnacceptableAlgorithmException.class, () -> - PGPainless.decryptAndOrVerify().onInputStream(new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8))) - .decryptWith(SecretKeyRingProtector.unprotectedKeys(), secretKeys) - .doNotVerify() - .build()); + PGPainless.decryptAndOrVerify().onInputStream(messageIn) + .withOptions(new ConsumerOptions().addDecryptionKey(secretKeys)) + ); } // Control: In contrast, AES256 is acceptable @@ -222,11 +227,10 @@ public class RejectWeakSymmetricAlgorithmDuringDecryption { "4yjtOxfmmp9Fac50SS5i9dzBdnVNllLs+ADQt+LksJnzTW1IINGnIw8=\n" + "=kLfl\n" + "-----END PGP ARMORED FILE-----\n"; + InputStream messageIn = new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8)); - PGPainless.decryptAndOrVerify().onInputStream(new ByteArrayInputStream(message.getBytes(StandardCharsets.UTF_8))) - .decryptWith(SecretKeyRingProtector.unprotectedKeys(), secretKeys) - .doNotVerify() - .build(); + PGPainless.decryptAndOrVerify().onInputStream(messageIn) + .withOptions(new ConsumerOptions().addDecryptionKey(secretKeys)); } } diff --git a/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/VerifyWithMissingPublicKeyCallback.java b/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/VerifyWithMissingPublicKeyCallback.java index 514ced4d..5efb51dc 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/VerifyWithMissingPublicKeyCallback.java +++ b/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/VerifyWithMissingPublicKeyCallback.java @@ -72,18 +72,17 @@ public class VerifyWithMissingPublicKeyCallback { DecryptionStream verificationStream = PGPainless.decryptAndOrVerify() .onInputStream(new ByteArrayInputStream(signOut.toByteArray())) - .doNotDecrypt() - .verifyWith(unrelatedKeys) - .handleMissingPublicKeysWith( - new MissingPublicKeyCallback() { + .withOptions(new ConsumerOptions() + .addVerificationCert(unrelatedKeys) + .setMissingCertificateCallback(new MissingPublicKeyCallback() { @Nullable @Override public PGPPublicKeyRing onMissingPublicKeyEncountered(@Nonnull Long keyId) { assertEquals(signingKey.getKeyID(), keyId, "Signing key-ID mismatch."); return signingPubKeys; } - } - ).build(); + })); + ByteArrayOutputStream plainOut = new ByteArrayOutputStream(); Streams.pipeAll(verificationStream, plainOut); verificationStream.close(); diff --git a/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/EncryptDecryptTest.java b/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/EncryptDecryptTest.java index a660778d..24151e57 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/EncryptDecryptTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/EncryptDecryptTest.java @@ -27,9 +27,7 @@ import java.io.IOException; import java.nio.charset.Charset; import java.security.InvalidAlgorithmParameterException; import java.security.NoSuchAlgorithmException; -import java.util.Collections; import java.util.Set; -import java.util.logging.Logger; import org.bouncycastle.bcpg.ArmoredOutputStream; import org.bouncycastle.openpgp.PGPException; @@ -44,6 +42,7 @@ import org.pgpainless.PGPainless; import org.pgpainless.algorithm.DocumentSignatureType; import org.pgpainless.algorithm.KeyFlag; import org.pgpainless.algorithm.SymmetricKeyAlgorithm; +import org.pgpainless.decryption_verification.ConsumerOptions; import org.pgpainless.decryption_verification.DecryptionStream; import org.pgpainless.decryption_verification.OpenPgpMetadata; import org.pgpainless.implementation.ImplementationFactory; @@ -61,17 +60,16 @@ import org.pgpainless.util.ArmoredOutputStreamFactory; public class EncryptDecryptTest { - private static final Logger LOGGER = Logger.getLogger(EncryptDecryptTest.class.getName()); // Don't use StandardCharsets.UTF_8 because of Android API level. private static final Charset UTF8 = Charset.forName("UTF-8"); private static final String testMessage = "Ah, Juliet, if the measure of thy joy\n" + - "Be heaped like mine, and that thy skill be more\n" + - "To blazon it, then sweeten with thy breath\n" + - "This neighbor air, and let rich music’s tongue\n" + - "Unfold the imagined happiness that both\n" + - "Receive in either by this dear encounter."; + "Be heaped like mine, and that thy skill be more\n" + + "To blazon it, then sweeten with thy breath\n" + + "This neighbor air, and let rich music’s tongue\n" + + "Unfold the imagined happiness that both\n" + + "Receive in either by this dear encounter."; @ParameterizedTest @MethodSource("org.pgpainless.util.TestUtil#provideImplementationFactories") @@ -178,10 +176,10 @@ public class EncryptDecryptTest { ByteArrayInputStream envelopeIn = new ByteArrayInputStream(encryptedSecretMessage); DecryptionStream decryptor = PGPainless.decryptAndOrVerify() .onInputStream(envelopeIn) - .decryptWith(keyDecryptor, KeyRingUtils.keyRingsToKeyRingCollection(recipientSec)) - .verifyWith(KeyRingUtils.keyRingsToKeyRingCollection(senderPub)) - .ignoreMissingPublicKeys() - .build(); + .withOptions(new ConsumerOptions() + .addDecryptionKey(recipientSec, keyDecryptor) + .addVerificationCert(senderPub) + ); ByteArrayOutputStream decryptedSecretMessage = new ByteArrayOutputStream(); @@ -227,12 +225,13 @@ public class EncryptDecryptTest { // CHECKSTYLE:ON inputStream = new ByteArrayInputStream(testMessage.getBytes()); - DecryptionStream verifier = PGPainless.decryptAndOrVerify().onInputStream(inputStream) - .doNotDecrypt() - .verifyDetachedSignature(new ByteArrayInputStream(armorSig.getBytes())) - .verifyWith(Collections.singleton(KeyRingUtils.publicKeyRingFrom(signingKeys))) - .ignoreMissingPublicKeys() - .build(); + DecryptionStream verifier = PGPainless.decryptAndOrVerify() + .onInputStream(inputStream) + .withOptions(new ConsumerOptions() + .addVerificationOfDetachedSignatures(new ByteArrayInputStream(armorSig.getBytes())) + .addVerificationCert(KeyRingUtils.publicKeyRingFrom(signingKeys)) + ); + dummyOut = new ByteArrayOutputStream(); Streams.pipeAll(verifier, dummyOut); verifier.close(); @@ -257,16 +256,12 @@ public class EncryptDecryptTest { Streams.pipeAll(inputStream, signer); signer.close(); - // CHECKSTYLE:OFF - System.out.println(signOut.toString()); - // CHECKSTYLE:ON - inputStream = new ByteArrayInputStream(signOut.toByteArray()); - DecryptionStream verifier = PGPainless.decryptAndOrVerify().onInputStream(inputStream) - .doNotDecrypt() - .verifyWith(Collections.singleton(KeyRingUtils.publicKeyRingFrom(signingKeys))) - .ignoreMissingPublicKeys() - .build(); + DecryptionStream verifier = PGPainless.decryptAndOrVerify() + .onInputStream(inputStream) + .withOptions(new ConsumerOptions() + .addVerificationCert(KeyRingUtils.publicKeyRingFrom(signingKeys)) + ); signOut = new ByteArrayOutputStream(); Streams.pipeAll(verifier, signOut); verifier.close(); @@ -335,7 +330,7 @@ public class EncryptDecryptTest { PGPPublicKeyRing publicKeys = PGPainless.readKeyRing().publicKeyRing(key); ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); assertThrows(IllegalArgumentException.class, () -> - PGPainless.encryptAndOrSign().onOutputStream(outputStream) - .toRecipient(publicKeys)); + PGPainless.encryptAndOrSign().onOutputStream(outputStream) + .toRecipient(publicKeys)); } } diff --git a/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/FileInfoTest.java b/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/FileInfoTest.java index 97fdac81..fbf2dc62 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/FileInfoTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/FileInfoTest.java @@ -23,20 +23,18 @@ import java.io.IOException; import java.nio.charset.StandardCharsets; import java.security.InvalidAlgorithmParameterException; import java.security.NoSuchAlgorithmException; -import java.util.Collections; import java.util.Date; import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPSecretKeyRing; -import org.bouncycastle.openpgp.PGPSecretKeyRingCollection; import org.bouncycastle.util.io.Streams; import org.junit.jupiter.api.Test; import org.pgpainless.PGPainless; import org.pgpainless.algorithm.StreamEncoding; +import org.pgpainless.decryption_verification.ConsumerOptions; import org.pgpainless.decryption_verification.DecryptionStream; import org.pgpainless.decryption_verification.OpenPgpMetadata; -import org.pgpainless.key.protection.SecretKeyRingProtector; import org.pgpainless.key.util.KeyRingUtils; public class FileInfoTest { @@ -85,9 +83,8 @@ public class FileInfoTest { DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify() .onInputStream(cryptIn) - .decryptWith(SecretKeyRingProtector.unprotectedKeys(), new PGPSecretKeyRingCollection(Collections.singleton(secretKeys))) - .doNotVerify() - .build(); + .withOptions(new ConsumerOptions() + .addDecryptionKey(secretKeys)); Streams.pipeAll(decryptionStream, plainOut); decryptionStream.close(); diff --git a/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/LengthTest.java b/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/LengthTest.java deleted file mode 100644 index 63862e61..00000000 --- a/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/LengthTest.java +++ /dev/null @@ -1,127 +0,0 @@ -/* - * Copyright 2018 Paul Schaub. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.pgpainless.encryption_signing; - -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.OutputStream; -import java.security.InvalidAlgorithmParameterException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.util.Random; -import java.util.logging.Level; -import java.util.logging.Logger; - -import org.bouncycastle.openpgp.PGPException; -import org.bouncycastle.openpgp.PGPPublicKeyRing; -import org.bouncycastle.openpgp.PGPSecretKeyRing; -import org.bouncycastle.util.io.Streams; -import org.pgpainless.PGPainless; -import org.pgpainless.algorithm.DocumentSignatureType; -import org.pgpainless.key.TestKeys; -import org.pgpainless.key.generation.type.rsa.RsaLength; -import org.pgpainless.key.protection.SecretKeyRingProtector; -import org.pgpainless.key.protection.UnprotectedKeysProtector; -import org.pgpainless.key.util.KeyRingUtils; - -/** - * Class used to determine the length of cipher-text depending on used algorithms. - */ -public class LengthTest { - - private static final Logger LOGGER = Logger.getLogger(LengthTest.class.getName()); - - // @Test - public void ecEc() - throws PGPException, NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException, - IOException { - LOGGER.log(Level.FINER, "\nEC -> EC"); - PGPSecretKeyRing sender = PGPainless.generateKeyRing().simpleEcKeyRing("simplejid@server.tld"); - PGPSecretKeyRing recipient = PGPainless.generateKeyRing().simpleEcKeyRing("otherjid@other.srv"); - encryptDecryptForSecretKeyRings(sender, recipient); - } - - - // @Test - public void RsaRsa() - throws PGPException, NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException, - IOException { - LOGGER.log(Level.FINER, "\nRSA-2048 -> RSA-2048"); - PGPSecretKeyRing sender = PGPainless.generateKeyRing().simpleRsaKeyRing("simplejid@server.tld", RsaLength._2048); - PGPSecretKeyRing recipient = PGPainless.generateKeyRing().simpleRsaKeyRing("otherjid@other.srv", RsaLength._2048); - encryptDecryptForSecretKeyRings(sender, recipient); - } - - // @Test - public void RsaRsa4096() - throws PGPException, - IOException { - LOGGER.log(Level.FINER, "\nRSA-4096 -> RSA-4096"); - PGPSecretKeyRing sender = PGPainless.readKeyRing().secretKeyRing(TestKeys.JULIET_SEC); - PGPSecretKeyRing recipient = PGPainless.readKeyRing().secretKeyRing(TestKeys.ROMEO_SEC); - encryptDecryptForSecretKeyRings(sender, recipient); - } - - // @Test - public void rsaEc() throws PGPException, IOException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, - NoSuchProviderException { - LOGGER.log(Level.FINER, "\nRSA-2048 -> EC"); - PGPSecretKeyRing sender = PGPainless.generateKeyRing().simpleRsaKeyRing("simplejid@server.tld", RsaLength._2048); - PGPSecretKeyRing recipient = PGPainless.generateKeyRing().simpleEcKeyRing("otherjid@other.srv"); - encryptDecryptForSecretKeyRings(sender, recipient); - } - - // @Test - public void ecRsa() - throws PGPException, NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException, - IOException { - LOGGER.log(Level.FINER, "\nEC -> RSA-2048"); - PGPSecretKeyRing sender = PGPainless.generateKeyRing().simpleEcKeyRing("simplejid@server.tld"); - @SuppressWarnings("deprecation") - PGPSecretKeyRing recipient = PGPainless.generateKeyRing().simpleRsaKeyRing("otherjid@other.srv", RsaLength._2048); - encryptDecryptForSecretKeyRings(sender, recipient); - } - - private void encryptDecryptForSecretKeyRings(PGPSecretKeyRing senderSec, PGPSecretKeyRing recipientSec) - throws PGPException, - IOException { - PGPPublicKeyRing recipientPub = KeyRingUtils.publicKeyRingFrom(recipientSec); - PGPPublicKeyRing senderPub = KeyRingUtils.publicKeyRingFrom(senderSec); - - SecretKeyRingProtector keyDecryptor = new UnprotectedKeysProtector(); - - for (int i = 1; i <= 100; i++) { - byte[] secretMessage = new byte[i * 20]; - new Random().nextBytes(secretMessage); - - ByteArrayOutputStream envelope = new ByteArrayOutputStream(); - - OutputStream encryptor = PGPainless.encryptAndOrSign() - .onOutputStream(envelope) - .toRecipient(recipientPub) - .and() - .signInlineWith(keyDecryptor, senderSec, "simplejid@server.tld", DocumentSignatureType.BINARY_DOCUMENT) - .noArmor(); - - Streams.pipeAll(new ByteArrayInputStream(secretMessage), encryptor); - encryptor.close(); - byte[] encryptedSecretMessage = envelope.toByteArray(); - - LOGGER.log(Level.FINER,"\n" + encryptedSecretMessage.length); - } - } -} diff --git a/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/RespectPreferredSymmetricAlgorithmDuringEncryptionTest.java b/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/RespectPreferredSymmetricAlgorithmDuringEncryptionTest.java index b63e8332..7b18b2be 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/RespectPreferredSymmetricAlgorithmDuringEncryptionTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/RespectPreferredSymmetricAlgorithmDuringEncryptionTest.java @@ -89,8 +89,7 @@ public class RespectPreferredSymmetricAlgorithmDuringEncryptionTest { ByteArrayOutputStream out = new ByteArrayOutputStream(); EncryptionStream encryptionStream = PGPainless.encryptAndOrSign().onOutputStream(out) .withOptions( - ProducerOptions.encrypt( - new EncryptionOptions() + ProducerOptions.encrypt(new EncryptionOptions() .addRecipient(publicKeys) )); diff --git a/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/SigningTest.java b/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/SigningTest.java index 49223c71..f04b2c11 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/SigningTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/SigningTest.java @@ -26,8 +26,6 @@ import java.nio.charset.StandardCharsets; import java.security.InvalidAlgorithmParameterException; import java.security.NoSuchAlgorithmException; import java.util.Arrays; -import java.util.HashSet; -import java.util.Set; import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPPublicKeyRing; @@ -41,12 +39,11 @@ import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.MethodSource; import org.pgpainless.PGPainless; import org.pgpainless.algorithm.DocumentSignatureType; -import org.pgpainless.algorithm.EncryptionPurpose; +import org.pgpainless.decryption_verification.ConsumerOptions; import org.pgpainless.decryption_verification.DecryptionStream; import org.pgpainless.decryption_verification.OpenPgpMetadata; import org.pgpainless.exception.KeyValidationException; import org.pgpainless.implementation.ImplementationFactory; -import org.pgpainless.key.OpenPgpV4Fingerprint; import org.pgpainless.key.TestKeys; import org.pgpainless.key.protection.SecretKeyRingProtector; import org.pgpainless.key.util.KeyRingUtils; @@ -71,15 +68,16 @@ public class SigningTest { PGPPublicKeyRingCollection keys = new PGPPublicKeyRingCollection(Arrays.asList(julietKeys, romeoKeys)); ByteArrayOutputStream out = new ByteArrayOutputStream(); - EncryptionStream encryptionStream = PGPainless.encryptAndOrSign(EncryptionPurpose.STORAGE) + EncryptionStream encryptionStream = PGPainless.encryptAndOrSign() .onOutputStream(out) - .toRecipients(keys) - .and() - .toRecipient(KeyRingUtils.publicKeyRingFrom(cryptieKeys)) - .and() - .signInlineWith(SecretKeyRingProtector.unlockSingleKeyWith(TestKeys.CRYPTIE_PASSPHRASE, cryptieSigningKey), - cryptieKeys, TestKeys.CRYPTIE_UID, DocumentSignatureType.CANONICAL_TEXT_DOCUMENT) - .asciiArmor(); + .withOptions(ProducerOptions.signAndEncrypt( + EncryptionOptions.encryptDataAtRest() + .addRecipients(keys) + .addRecipient(KeyRingUtils.publicKeyRingFrom(cryptieKeys)), + new SigningOptions() + .addInlineSignature(SecretKeyRingProtector.unlockSingleKeyWith(TestKeys.CRYPTIE_PASSPHRASE, cryptieSigningKey), + cryptieKeys, TestKeys.CRYPTIE_UID, DocumentSignatureType.CANONICAL_TEXT_DOCUMENT) + ).setAsciiArmor(true)); byte[] messageBytes = "This message is signed and encrypted to Romeo and Juliet.".getBytes(StandardCharsets.UTF_8); ByteArrayInputStream message = new ByteArrayInputStream(messageBytes); @@ -94,16 +92,14 @@ public class SigningTest { PGPSecretKeyRing julietSecret = TestKeys.getJulietSecretKeyRing(); PGPSecretKeyRingCollection secretKeys = new PGPSecretKeyRingCollection(Arrays.asList(romeoSecret, julietSecret)); - Set trustedFingerprints = new HashSet<>(); - trustedFingerprints.add(new OpenPgpV4Fingerprint(cryptieKeys)); - trustedFingerprints.add(new OpenPgpV4Fingerprint(julietKeys)); PGPPublicKeyRingCollection verificationKeys = new PGPPublicKeyRingCollection(Arrays.asList(KeyRingUtils.publicKeyRingFrom(cryptieKeys), romeoKeys)); - DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify().onInputStream(cryptIn) - .decryptWith(secretKeys) - .verifyWith(trustedFingerprints, verificationKeys) - .ignoreMissingPublicKeys() - .build(); + DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify() + .onInputStream(cryptIn) + .withOptions(new ConsumerOptions() + .addDecryptionKeys(secretKeys, SecretKeyRingProtector.unprotectedKeys()) + .addVerificationCerts(verificationKeys) + ); ByteArrayOutputStream plaintextOut = new ByteArrayOutputStream(); diff --git a/pgpainless-core/src/test/java/org/pgpainless/signature/BindingSignatureSubpacketsTest.java b/pgpainless-core/src/test/java/org/pgpainless/signature/BindingSignatureSubpacketsTest.java index 924b2c53..bb3db213 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/signature/BindingSignatureSubpacketsTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/signature/BindingSignatureSubpacketsTest.java @@ -24,6 +24,7 @@ import java.io.InputStream; import java.nio.charset.StandardCharsets; import java.util.Date; +import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPSignature; import org.junit.jupiter.api.Test; @@ -59,7 +60,7 @@ public class BindingSignatureSubpacketsTest { private Policy policy = PGPainless.getPolicy(); @Test - public void baseCase() throws IOException { + public void baseCase() throws IOException, PGPException { String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + "\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + @@ -118,7 +119,7 @@ public class BindingSignatureSubpacketsTest { } @Test - public void subkeyBindingIssuerFpOnly() throws IOException { + public void subkeyBindingIssuerFpOnly() throws IOException, PGPException { String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + "\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + @@ -177,7 +178,7 @@ public class BindingSignatureSubpacketsTest { } @Test - public void subkeyBindingIssuerV6IssuerFp() throws IOException { + public void subkeyBindingIssuerV6IssuerFp() throws IOException, PGPException { String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + "\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + @@ -236,7 +237,7 @@ public class BindingSignatureSubpacketsTest { } @Test - public void subkeyBindingIssuerFakeIssuer() throws IOException { + public void subkeyBindingIssuerFakeIssuer() throws IOException, PGPException { String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + "\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + @@ -295,7 +296,7 @@ public class BindingSignatureSubpacketsTest { } @Test - public void subkeyBindingFakeIssuerIssuer() throws IOException { + public void subkeyBindingFakeIssuerIssuer() throws IOException, PGPException { String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + "\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + @@ -354,7 +355,7 @@ public class BindingSignatureSubpacketsTest { } @Test - public void subkeyBindingFakeIssuer() throws IOException { + public void subkeyBindingFakeIssuer() throws IOException, PGPException { String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + "\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + @@ -413,7 +414,7 @@ public class BindingSignatureSubpacketsTest { } @Test - public void subkeyBindingNoIssuer() throws IOException { + public void subkeyBindingNoIssuer() throws IOException, PGPException { String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + "\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + @@ -471,7 +472,7 @@ public class BindingSignatureSubpacketsTest { } @Test - public void unknownSubpacketHashed() throws IOException { + public void unknownSubpacketHashed() throws IOException, PGPException { String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + "\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + @@ -530,7 +531,7 @@ public class BindingSignatureSubpacketsTest { } @Test - public void subkeyBindingUnknownCriticalSubpacket() throws IOException { + public void subkeyBindingUnknownCriticalSubpacket() throws IOException, PGPException { String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + "\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + @@ -589,7 +590,7 @@ public class BindingSignatureSubpacketsTest { } @Test - public void subkeyBindingUnknownSubpacketUnhashed() throws IOException { + public void subkeyBindingUnknownSubpacketUnhashed() throws IOException, PGPException { String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + "\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + @@ -648,7 +649,7 @@ public class BindingSignatureSubpacketsTest { } @Test - public void subkeyBindingUnknownCriticalSubpacketUnhashed() throws IOException { + public void subkeyBindingUnknownCriticalSubpacketUnhashed() throws IOException, PGPException { String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + "\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + @@ -707,7 +708,7 @@ public class BindingSignatureSubpacketsTest { } @Test - public void subkeyBindingUnknownNotationHashed() throws IOException { + public void subkeyBindingUnknownNotationHashed() throws IOException, PGPException { String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + "\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + @@ -767,7 +768,7 @@ public class BindingSignatureSubpacketsTest { } @Test - public void subkeyBindingCriticalUnknownNotationHashed() throws IOException { + public void subkeyBindingCriticalUnknownNotationHashed() throws IOException, PGPException { String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + "\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + @@ -827,7 +828,7 @@ public class BindingSignatureSubpacketsTest { } @Test - public void subkeyBindingUnknownNotationUnhashed() throws IOException { + public void subkeyBindingUnknownNotationUnhashed() throws IOException, PGPException { String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + "\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + @@ -887,7 +888,7 @@ public class BindingSignatureSubpacketsTest { } @Test - public void subkeyBindingCriticalUnknownNotationUnhashed() throws IOException { + public void subkeyBindingCriticalUnknownNotationUnhashed() throws IOException, PGPException { String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + "\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + @@ -947,7 +948,7 @@ public class BindingSignatureSubpacketsTest { } @Test - public void subkeyBindingBackSigFakeBackSig() throws IOException { + public void subkeyBindingBackSigFakeBackSig() throws IOException, PGPException { String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + "\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + @@ -1017,7 +1018,7 @@ public class BindingSignatureSubpacketsTest { } @Test - public void subkeyBindingFakeBackSigBackSig() throws IOException { + public void subkeyBindingFakeBackSigBackSig() throws IOException, PGPException { String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + "\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + @@ -1087,7 +1088,7 @@ public class BindingSignatureSubpacketsTest { } @Test - public void primaryBindingIssuerFpOnly() throws IOException { + public void primaryBindingIssuerFpOnly() throws IOException, PGPException { String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + "\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + @@ -1146,7 +1147,7 @@ public class BindingSignatureSubpacketsTest { } @Test - public void primaryBindingIssuerV6IssuerFp() throws IOException { + public void primaryBindingIssuerV6IssuerFp() throws IOException, PGPException { String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + "\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + @@ -1205,7 +1206,7 @@ public class BindingSignatureSubpacketsTest { } @Test - public void primaryBindingIssuerFakeIssuer() throws IOException { + public void primaryBindingIssuerFakeIssuer() throws IOException, PGPException { String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + "\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + @@ -1264,7 +1265,7 @@ public class BindingSignatureSubpacketsTest { } @Test - public void primaryBindingFakeIssuerIssuer() throws IOException { + public void primaryBindingFakeIssuerIssuer() throws IOException, PGPException { String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + "\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + @@ -1323,7 +1324,7 @@ public class BindingSignatureSubpacketsTest { } @Test - public void primaryBindingFakeIssuer() throws IOException { + public void primaryBindingFakeIssuer() throws IOException, PGPException { String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + "\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + @@ -1382,7 +1383,7 @@ public class BindingSignatureSubpacketsTest { } @Test - public void primaryBindingNoIssuer() throws IOException { + public void primaryBindingNoIssuer() throws IOException, PGPException { String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + "\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + @@ -1440,7 +1441,7 @@ public class BindingSignatureSubpacketsTest { } @Test - public void primaryBindingUnknownSubpacketHashed() throws IOException { + public void primaryBindingUnknownSubpacketHashed() throws IOException, PGPException { String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + "\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + @@ -1499,7 +1500,7 @@ public class BindingSignatureSubpacketsTest { } @Test - public void primaryBindingCriticalUnknownSubpacketHashed() throws IOException { + public void primaryBindingCriticalUnknownSubpacketHashed() throws IOException, PGPException { String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + "\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + @@ -1558,7 +1559,7 @@ public class BindingSignatureSubpacketsTest { } @Test - public void primaryBindingUnknownSubpacketUnhashed() throws IOException { + public void primaryBindingUnknownSubpacketUnhashed() throws IOException, PGPException { String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + "\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + @@ -1617,7 +1618,7 @@ public class BindingSignatureSubpacketsTest { } @Test - public void primaryBindingCriticalUnknownSubpacketUnhashed() throws IOException { + public void primaryBindingCriticalUnknownSubpacketUnhashed() throws IOException, PGPException { String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + "\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + @@ -1676,7 +1677,7 @@ public class BindingSignatureSubpacketsTest { } @Test - public void primaryBindingUnknownNotationHashed() throws IOException { + public void primaryBindingUnknownNotationHashed() throws IOException, PGPException { String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + "\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + @@ -1736,7 +1737,7 @@ public class BindingSignatureSubpacketsTest { } @Test - public void primaryBindingCriticalUnknownNotationHashed() throws IOException { + public void primaryBindingCriticalUnknownNotationHashed() throws IOException, PGPException { String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + "\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + @@ -1796,7 +1797,7 @@ public class BindingSignatureSubpacketsTest { } @Test - public void primaryBindingUnknownNotationUnhashed() throws IOException { + public void primaryBindingUnknownNotationUnhashed() throws IOException, PGPException { String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + "\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + @@ -1856,7 +1857,7 @@ public class BindingSignatureSubpacketsTest { } @Test - public void primaryBindingCriticalUnknownNotationUnhashed() throws IOException { + public void primaryBindingCriticalUnknownNotationUnhashed() throws IOException, PGPException { String key = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + "\n" + "xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv\n" + @@ -1915,7 +1916,7 @@ public class BindingSignatureSubpacketsTest { expectSignatureValidationSucceeds(key, "Critical unknown notation is acceptable in unhashed area of primary key binding sig."); } - private void expectSignatureValidationSucceeds(String key, String message) throws IOException { + private void expectSignatureValidationSucceeds(String key, String message) throws IOException, PGPException { PGPPublicKeyRing publicKeys = PGPainless.readKeyRing().publicKeyRing(key); PGPSignature signature = SignatureUtils.readSignatures(sig).get(0); @@ -1929,7 +1930,7 @@ public class BindingSignatureSubpacketsTest { } } - private void expectSignatureValidationFails(String key, String message) throws IOException { + private void expectSignatureValidationFails(String key, String message) throws IOException, PGPException { PGPPublicKeyRing publicKeys = PGPainless.readKeyRing().publicKeyRing(key); PGPSignature signature = SignatureUtils.readSignatures(sig).get(0); diff --git a/pgpainless-core/src/test/java/org/pgpainless/signature/IgnoreMarkerPackets.java b/pgpainless-core/src/test/java/org/pgpainless/signature/IgnoreMarkerPackets.java index 4806f1fe..5c6846e2 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/signature/IgnoreMarkerPackets.java +++ b/pgpainless-core/src/test/java/org/pgpainless/signature/IgnoreMarkerPackets.java @@ -23,6 +23,7 @@ import static org.junit.jupiter.api.Assertions.assertTrue; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; +import java.io.InputStream; import java.nio.charset.StandardCharsets; import org.bouncycastle.openpgp.PGPException; @@ -32,10 +33,10 @@ import org.bouncycastle.openpgp.PGPSignature; import org.bouncycastle.util.io.Streams; import org.junit.jupiter.api.Test; import org.pgpainless.PGPainless; +import org.pgpainless.decryption_verification.ConsumerOptions; import org.pgpainless.decryption_verification.DecryptionStream; import org.pgpainless.decryption_verification.OpenPgpMetadata; import org.pgpainless.key.OpenPgpV4Fingerprint; -import org.pgpainless.key.protection.SecretKeyRingProtector; import org.pgpainless.key.util.KeyRingUtils; /** @@ -151,12 +152,13 @@ public class IgnoreMarkerPackets { String data = "Marker + Detached signature"; PGPSignature signature = SignatureUtils.readSignatures(sig).get(0); - DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify().onInputStream(new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8))) - .doNotDecrypt() - .verifyDetachedSignature(signature) - .verifyWith(publicKeys) - .ignoreMissingPublicKeys() - .build(); + InputStream messageIn = new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8)); + DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify() + .onInputStream(messageIn) + .withOptions(new ConsumerOptions() + .addVerificationCert(publicKeys) + .addVerificationOfDetachedSignature(signature) + ); ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); @@ -199,11 +201,13 @@ public class IgnoreMarkerPackets { PGPPublicKeyRing publicKeys = KeyRingUtils.publicKeyRingFrom(secretKeys); String data = "Marker + Encrypted Message"; - DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify().onInputStream(new ByteArrayInputStream(msg.getBytes(StandardCharsets.UTF_8))) - .decryptWith(SecretKeyRingProtector.unprotectedKeys(), secretKeys) - .verifyWith(publicKeys) - .ignoreMissingPublicKeys() - .build(); + InputStream messageIn = new ByteArrayInputStream(msg.getBytes(StandardCharsets.UTF_8)); + DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify() + .onInputStream(messageIn) + .withOptions(new ConsumerOptions() + .addDecryptionKey(secretKeys) + .addVerificationCert(publicKeys) + ); ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); diff --git a/pgpainless-core/src/test/java/org/pgpainless/signature/KeyRevocationTest.java b/pgpainless-core/src/test/java/org/pgpainless/signature/KeyRevocationTest.java index a3bc1f1f..a70c5921 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/signature/KeyRevocationTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/signature/KeyRevocationTest.java @@ -22,6 +22,7 @@ import java.io.IOException; import java.nio.charset.StandardCharsets; import java.util.Date; +import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPSignature; import org.junit.jupiter.api.Test; @@ -33,7 +34,7 @@ public class KeyRevocationTest { private static final String data = "Hello, World"; @Test - public void subkeySignsPrimaryKeyRevokedNoReason() throws IOException, SignatureValidationException { + public void subkeySignsPrimaryKeyRevokedNoReason() throws IOException, PGPException { String key = "-----BEGIN PGP ARMORED FILE-----\n" + "Comment: ASCII Armor added by openpgp-interoperability-test-suite\n" + "\n" + @@ -178,7 +179,7 @@ public class KeyRevocationTest { * @see Sequoia Test-Suite */ @Test - public void subkeySignsPrimaryKeyNotRevoked() throws IOException, SignatureValidationException { + public void subkeySignsPrimaryKeyNotRevoked() throws IOException, PGPException { String key = "-----BEGIN PGP ARMORED FILE-----\n" + "Comment: ASCII Armor added by openpgp-interoperability-test-suite\n" + "\n" + diff --git a/pgpainless-core/src/test/java/org/pgpainless/signature/SignatureChainValidatorTest.java b/pgpainless-core/src/test/java/org/pgpainless/signature/SignatureChainValidatorTest.java index a527e154..849f202a 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/signature/SignatureChainValidatorTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/signature/SignatureChainValidatorTest.java @@ -24,6 +24,7 @@ import java.io.InputStream; import java.nio.charset.StandardCharsets; import java.util.Date; +import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPSignature; import org.junit.jupiter.api.Test; @@ -39,7 +40,7 @@ public class SignatureChainValidatorTest { * @see Sequoia Test Suite */ @Test - public void testPrimaryKeySignsAndIsHardRevokedUnknown() throws IOException { + public void testPrimaryKeySignsAndIsHardRevokedUnknown() throws IOException, PGPException { String key = "-----BEGIN PGP ARMORED FILE-----\n" + "Comment: ASCII Armor added by openpgp-interoperability-test-suite\n" + "\n" + @@ -188,7 +189,7 @@ public class SignatureChainValidatorTest { * @see Sequoia Test Suite */ @Test - public void testSubkeySignsPrimaryKeyIsHardRevokedUnknown() throws IOException { + public void testSubkeySignsPrimaryKeyIsHardRevokedUnknown() throws IOException, PGPException { String key = "-----BEGIN PGP ARMORED FILE-----\n" + "Comment: ASCII Armor added by openpgp-interoperability-test-suite\n" + "\n" + @@ -338,7 +339,7 @@ public class SignatureChainValidatorTest { * @see Sequoia Test Suite */ @Test - public void testSubkeySignsAndIsHardRevokedUnknown() throws IOException { + public void testSubkeySignsAndIsHardRevokedUnknown() throws IOException, PGPException { String keyWithHardRev = "-----BEGIN PGP ARMORED FILE-----\n" + "Comment: ASCII Armor added by openpgp-interoperability-test-suite\n" + "\n" + @@ -488,7 +489,7 @@ public class SignatureChainValidatorTest { * @see Sequoia Test Suite */ @Test - public void testPrimaryKeySignsAndIsSoftRevokedSuperseded() throws IOException { + public void testPrimaryKeySignsAndIsSoftRevokedSuperseded() throws IOException, PGPException { String keyWithSoftRev = "-----BEGIN PGP ARMORED FILE-----\n" + "Comment: ASCII Armor added by openpgp-interoperability-test-suite\n" + "\n" + @@ -643,7 +644,7 @@ public class SignatureChainValidatorTest { * @see Sequoia Test Suite */ @Test - public void testSubkeySignsPrimaryKeyIsSoftRevokedSuperseded() throws IOException { + public void testSubkeySignsPrimaryKeyIsSoftRevokedSuperseded() throws IOException, PGPException { String key = "-----BEGIN PGP ARMORED FILE-----\n" + "Comment: ASCII Armor added by openpgp-interoperability-test-suite\n" + "\n" + @@ -794,7 +795,7 @@ public class SignatureChainValidatorTest { * @see Sequoia Test Suite */ @Test - public void testPrimaryKeySignsAndIsSoftRevokedRetired() throws IOException { + public void testPrimaryKeySignsAndIsSoftRevokedRetired() throws IOException, PGPException { String key = "-----BEGIN PGP ARMORED FILE-----\n" + "Comment: ASCII Armor added by openpgp-interoperability-test-suite\n" + "\n" + @@ -945,7 +946,7 @@ public class SignatureChainValidatorTest { * @see Sequoia Test Suite */ @Test - public void testTemporaryValidity() throws IOException { + public void testTemporaryValidity() throws IOException, PGPException { String keyA = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + "Comment: D1A6 6E1A 23B1 82C9 980F 788C FBFC C82A 015E 7330\n" + "Comment: Bob Babbage \n" + diff --git a/pgpainless-core/src/test/java/org/pgpainless/signature/SignatureStructureTest.java b/pgpainless-core/src/test/java/org/pgpainless/signature/SignatureStructureTest.java index 610a3e72..e25cd682 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/signature/SignatureStructureTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/signature/SignatureStructureTest.java @@ -21,6 +21,7 @@ import java.io.IOException; import java.util.List; import org.bouncycastle.bcpg.sig.NotationData; +import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPSignature; import org.bouncycastle.util.encoders.Hex; import org.junit.jupiter.api.BeforeAll; @@ -38,7 +39,7 @@ public class SignatureStructureTest { private static PGPSignature signature; @BeforeAll - public static void parseSignature() throws IOException { + public static void parseSignature() throws IOException, PGPException { // see https://tests.sequoia-pgp.org/#Detached_signature_with_Subpackets (base case) signature = SignatureUtils.readSignatures("-----BEGIN PGP SIGNATURE-----\n" + "\n" + diff --git a/pgpainless-core/src/test/java/org/pgpainless/symmetric_encryption/MultiPassphraseSymmetricEncryptionTest.java b/pgpainless-core/src/test/java/org/pgpainless/symmetric_encryption/MultiPassphraseSymmetricEncryptionTest.java index 50c3662a..8eb19130 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/symmetric_encryption/MultiPassphraseSymmetricEncryptionTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/symmetric_encryption/MultiPassphraseSymmetricEncryptionTest.java @@ -26,8 +26,11 @@ import org.junit.jupiter.api.Disabled; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.MethodSource; import org.pgpainless.PGPainless; +import org.pgpainless.decryption_verification.ConsumerOptions; import org.pgpainless.decryption_verification.DecryptionStream; +import org.pgpainless.encryption_signing.EncryptionOptions; import org.pgpainless.encryption_signing.EncryptionStream; +import org.pgpainless.encryption_signing.ProducerOptions; import org.pgpainless.implementation.ImplementationFactory; import org.pgpainless.util.Passphrase; @@ -44,12 +47,11 @@ public class MultiPassphraseSymmetricEncryptionTest { ByteArrayOutputStream ciphertextOut = new ByteArrayOutputStream(); EncryptionStream encryptor = PGPainless.encryptAndOrSign() .onOutputStream(ciphertextOut) - .forPassphrase(Passphrase.fromPassword("p1")) - .and() - .forPassphrase(Passphrase.fromPassword("p2")) - .and() - .doNotSign() - .noArmor(); + .withOptions(ProducerOptions.encrypt( + EncryptionOptions.encryptCommunications() + .addPassphrase(Passphrase.fromPassword("p1")) + .addPassphrase(Passphrase.fromPassword("p2")) + ).setAsciiArmor(false)); Streams.pipeAll(plaintextIn, encryptor); encryptor.close(); @@ -58,10 +60,10 @@ public class MultiPassphraseSymmetricEncryptionTest { // decrypting the p1 package with p2 first will not work. Test if it is handled correctly. for (Passphrase passphrase : new Passphrase[] {Passphrase.fromPassword("p2"), Passphrase.fromPassword("p1")}) { - DecryptionStream decryptor = PGPainless.decryptAndOrVerify().onInputStream(new ByteArrayInputStream(ciphertext)) - .decryptWith(passphrase) - .doNotVerify() - .build(); + DecryptionStream decryptor = PGPainless.decryptAndOrVerify() + .onInputStream(new ByteArrayInputStream(ciphertext)) + .withOptions(new ConsumerOptions() + .addDecryptionPassphrase(passphrase)); ByteArrayOutputStream plaintextOut = new ByteArrayOutputStream(); diff --git a/pgpainless-core/src/test/java/org/pgpainless/symmetric_encryption/SymmetricEncryptionTest.java b/pgpainless-core/src/test/java/org/pgpainless/symmetric_encryption/SymmetricEncryptionTest.java index 9c7e6f8b..b4bc4e72 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/symmetric_encryption/SymmetricEncryptionTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/symmetric_encryption/SymmetricEncryptionTest.java @@ -31,8 +31,8 @@ import org.bouncycastle.util.io.Streams; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.MethodSource; import org.pgpainless.PGPainless; +import org.pgpainless.decryption_verification.ConsumerOptions; import org.pgpainless.decryption_verification.DecryptionStream; -import org.pgpainless.encryption_signing.EncryptionBuilderInterface; import org.pgpainless.encryption_signing.EncryptionOptions; import org.pgpainless.encryption_signing.EncryptionStream; import org.pgpainless.encryption_signing.ProducerOptions; @@ -60,14 +60,13 @@ public class SymmetricEncryptionTest { Passphrase encryptionPassphrase = Passphrase.fromPassword("greenBeans"); ByteArrayOutputStream ciphertextOut = new ByteArrayOutputStream(); - EncryptionBuilderInterface.Armor armor = PGPainless.encryptAndOrSign().onOutputStream(ciphertextOut) - .forPassphrase(encryptionPassphrase) - .and() - .toRecipient(encryptionKey) - .and() - .doNotSign(); - EncryptionStream encryptor = armor - .noArmor(); + EncryptionStream encryptor = PGPainless.encryptAndOrSign() + .onOutputStream(ciphertextOut) + .withOptions(ProducerOptions.encrypt( + EncryptionOptions.encryptCommunications() + .addPassphrase(encryptionPassphrase) + .addRecipient(encryptionKey) + )); Streams.pipeAll(plaintextIn, encryptor); encryptor.close(); @@ -77,9 +76,8 @@ public class SymmetricEncryptionTest { // Test symmetric decryption DecryptionStream decryptor = PGPainless.decryptAndOrVerify() .onInputStream(new ByteArrayInputStream(ciphertext)) - .decryptWith(encryptionPassphrase) - .doNotVerify() - .build(); + .withOptions(new ConsumerOptions() + .addDecryptionPassphrase(encryptionPassphrase)); ByteArrayOutputStream decrypted = new ByteArrayOutputStream(); @@ -95,9 +93,8 @@ public class SymmetricEncryptionTest { new SolitaryPassphraseProvider(Passphrase.fromPassword(TestKeys.CRYPTIE_PASSWORD))); decryptor = PGPainless.decryptAndOrVerify() .onInputStream(new ByteArrayInputStream(ciphertext)) - .decryptWith(protector, decryptionKeys) - .doNotVerify() - .build(); + .withOptions(new ConsumerOptions() + .addDecryptionKeys(decryptionKeys, protector)); decrypted = new ByteArrayOutputStream(); @@ -126,8 +123,7 @@ public class SymmetricEncryptionTest { assertThrows(MissingDecryptionMethodException.class, () -> PGPainless.decryptAndOrVerify() .onInputStream(new ByteArrayInputStream(ciphertextOut.toByteArray())) - .decryptWith(Passphrase.fromPassword("meldir")) - .doNotVerify() - .build()); + .withOptions(new ConsumerOptions() + .addDecryptionPassphrase(Passphrase.fromPassword("meldir")))); } } diff --git a/pgpainless-core/src/test/java/org/pgpainless/weird_keys/TestEncryptCommsStorageFlagsDifferentiated.java b/pgpainless-core/src/test/java/org/pgpainless/weird_keys/TestEncryptCommsStorageFlagsDifferentiated.java index 2728933e..772995cb 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/weird_keys/TestEncryptCommsStorageFlagsDifferentiated.java +++ b/pgpainless-core/src/test/java/org/pgpainless/weird_keys/TestEncryptCommsStorageFlagsDifferentiated.java @@ -17,7 +17,6 @@ package org.pgpainless.weird_keys; import static org.junit.jupiter.api.Assertions.assertThrows; -import java.io.ByteArrayOutputStream; import java.io.IOException; import java.security.InvalidAlgorithmParameterException; import java.security.NoSuchAlgorithmException; @@ -27,9 +26,8 @@ import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPSecretKeyRing; import org.junit.jupiter.api.Test; import org.pgpainless.PGPainless; -import org.pgpainless.algorithm.EncryptionPurpose; import org.pgpainless.algorithm.KeyFlag; -import org.pgpainless.encryption_signing.EncryptionBuilderInterface; +import org.pgpainless.encryption_signing.EncryptionOptions; import org.pgpainless.key.generation.KeySpec; import org.pgpainless.key.generation.type.KeyType; import org.pgpainless.key.generation.type.rsa.RsaLength; @@ -49,13 +47,10 @@ public class TestEncryptCommsStorageFlagsDifferentiated { .withPrimaryUserId("cannot@encrypt.comms") .withoutPassphrase() .build(); + PGPPublicKeyRing publicKeys = KeyRingUtils.publicKeyRingFrom(secretKeys); - ByteArrayOutputStream out = new ByteArrayOutputStream(); - EncryptionBuilderInterface.ToRecipients builder = PGPainless.encryptAndOrSign(EncryptionPurpose.COMMUNICATIONS) - .onOutputStream(out); - - // since the key does not carry the flag ENCRYPT_COMMS, it cannot be used by the stream. - assertThrows(IllegalArgumentException.class, () -> builder.toRecipient(publicKeys)); + assertThrows(IllegalArgumentException.class, () -> EncryptionOptions.encryptCommunications() + .addRecipient(publicKeys)); } } diff --git a/pgpainless-core/src/test/java/org/pgpainless/weird_keys/TestTwoSubkeysEncryption.java b/pgpainless-core/src/test/java/org/pgpainless/weird_keys/TestTwoSubkeysEncryption.java index 766afdee..d1f8f181 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/weird_keys/TestTwoSubkeysEncryption.java +++ b/pgpainless-core/src/test/java/org/pgpainless/weird_keys/TestTwoSubkeysEncryption.java @@ -59,7 +59,7 @@ public class TestTwoSubkeysEncryption { PGPSecretKeyRing twoSuitableSubkeysKeyRing = WeirdKeys.getTwoCryptSubkeysKey(); PGPPublicKeyRing publicKeys = KeyRingUtils.publicKeyRingFrom(twoSuitableSubkeysKeyRing); ByteArrayOutputStream out = new ByteArrayOutputStream(); - EncryptionStream encryptionStream = PGPainless.encryptAndOrSign(EncryptionPurpose.STORAGE) + EncryptionStream encryptionStream = PGPainless.encryptAndOrSign() .onOutputStream(out) .withOptions( ProducerOptions.encrypt(new EncryptionOptions(EncryptionPurpose.STORAGE_AND_COMMUNICATIONS) diff --git a/pgpainless-sop/src/main/java/org/pgpainless/sop/commands/Decrypt.java b/pgpainless-sop/src/main/java/org/pgpainless/sop/commands/Decrypt.java index 4d14e671..de3f57e9 100644 --- a/pgpainless-sop/src/main/java/org/pgpainless/sop/commands/Decrypt.java +++ b/pgpainless-sop/src/main/java/org/pgpainless/sop/commands/Decrypt.java @@ -24,17 +24,15 @@ import java.io.IOException; import java.io.PrintStream; import java.text.DateFormat; import java.text.SimpleDateFormat; -import java.util.HashSet; import java.util.List; import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPSecretKeyRing; -import org.bouncycastle.openpgp.PGPSecretKeyRingCollection; import org.bouncycastle.openpgp.PGPSignature; import org.bouncycastle.util.io.Streams; import org.pgpainless.PGPainless; -import org.pgpainless.decryption_verification.DecryptionBuilderInterface; +import org.pgpainless.decryption_verification.ConsumerOptions; import org.pgpainless.decryption_verification.DecryptionStream; import org.pgpainless.decryption_verification.OpenPgpMetadata; import org.pgpainless.key.OpenPgpV4Fingerprint; @@ -108,34 +106,34 @@ public class Decrypt implements Runnable { System.exit(1); } - PGPSecretKeyRingCollection secretKeys; - List verifyWith = null; + ConsumerOptions options = new ConsumerOptions(); + List verifyWith = null; try { + List secretKeyRings = loadKeysFromFiles(keys); - secretKeys = new PGPSecretKeyRingCollection(secretKeyRings); + for (PGPSecretKeyRing secretKey : secretKeyRings) { + options.addDecryptionKey(secretKey); + } + if (certs != null) { verifyWith = SopKeyUtil.loadCertificatesFromFile(certs); + for (PGPPublicKeyRing cert : verifyWith) { + options.addVerificationCert(cert); + } } + } catch (IOException | PGPException e) { err_ln(e.getMessage()); System.exit(1); return; } - - DecryptionBuilderInterface.Verify builder = PGPainless.decryptAndOrVerify() - .onInputStream(System.in) - .decryptWith(secretKeys); - DecryptionStream decryptionStream = null; + DecryptionStream decryptionStream; try { - if (verifyWith != null) { - decryptionStream = builder.verifyWith(new HashSet<>(verifyWith)) - .ignoreMissingPublicKeys().build(); - } else { - decryptionStream = builder.doNotVerify() - .build(); - } + decryptionStream = PGPainless.decryptAndOrVerify() + .onInputStream(System.in) + .withOptions(options); } catch (IOException | PGPException e) { err_ln("Error constructing decryption stream: " + e.getMessage()); System.exit(1); @@ -169,14 +167,14 @@ public class Decrypt implements Runnable { PGPSignature signature = metadata.getVerifiedSignatures().get(fingerprint); sb.append(df.format(signature.getCreationTime())).append(' ') .append(fingerprint).append(' ') - .append(new OpenPgpV4Fingerprint(verifier)).append('\n'); + .append(verifier != null ? new OpenPgpV4Fingerprint(verifier) : "null").append('\n'); } try { verifyOut.createNewFile(); PrintStream verifyPrinter = new PrintStream(new FileOutputStream(verifyOut)); // CHECKSTYLE:OFF - verifyPrinter.println(sb.toString()); + verifyPrinter.println(sb); // CHECKSTYLE:ON verifyPrinter.close(); } catch (IOException e) { diff --git a/pgpainless-sop/src/main/java/org/pgpainless/sop/commands/Verify.java b/pgpainless-sop/src/main/java/org/pgpainless/sop/commands/Verify.java index 0456fb47..52581709 100644 --- a/pgpainless-sop/src/main/java/org/pgpainless/sop/commands/Verify.java +++ b/pgpainless-sop/src/main/java/org/pgpainless/sop/commands/Verify.java @@ -15,20 +15,11 @@ */ package org.pgpainless.sop.commands; -import org.bouncycastle.openpgp.PGPException; -import org.bouncycastle.openpgp.PGPPublicKeyRing; -import org.bouncycastle.openpgp.PGPPublicKeyRingCollection; -import org.bouncycastle.openpgp.PGPSignature; -import org.bouncycastle.util.io.Streams; -import org.pgpainless.PGPainless; -import org.pgpainless.decryption_verification.DecryptionStream; -import org.pgpainless.decryption_verification.OpenPgpMetadata; -import org.pgpainless.key.OpenPgpV4Fingerprint; -import picocli.CommandLine; +import static org.pgpainless.sop.Print.err_ln; +import static org.pgpainless.sop.Print.print_ln; import java.io.File; import java.io.FileInputStream; -import java.io.FileNotFoundException; import java.io.IOException; import java.io.OutputStream; import java.text.DateFormat; @@ -36,12 +27,20 @@ import java.text.ParseException; import java.text.SimpleDateFormat; import java.util.Date; import java.util.HashMap; -import java.util.HashSet; import java.util.Map; import java.util.TimeZone; -import static org.pgpainless.sop.Print.err_ln; -import static org.pgpainless.sop.Print.print_ln; +import org.bouncycastle.openpgp.PGPException; +import org.bouncycastle.openpgp.PGPPublicKeyRing; +import org.bouncycastle.openpgp.PGPPublicKeyRingCollection; +import org.bouncycastle.openpgp.PGPSignature; +import org.bouncycastle.util.io.Streams; +import org.pgpainless.PGPainless; +import org.pgpainless.decryption_verification.ConsumerOptions; +import org.pgpainless.decryption_verification.DecryptionStream; +import org.pgpainless.decryption_verification.OpenPgpMetadata; +import org.pgpainless.key.OpenPgpV4Fingerprint; +import picocli.CommandLine; @CommandLine.Command(name = "verify", description = "Verify a detached signature over the data from standard input", @@ -89,32 +88,35 @@ public class Verify implements Runnable { Date notBeforeDate = parseNotBefore(); Date notAfterDate = parseNotAfter(); + ConsumerOptions options = new ConsumerOptions(); + try (FileInputStream sigIn = new FileInputStream(signature)) { + options.addVerificationOfDetachedSignatures(sigIn); + } catch (IOException | PGPException e) { + err_ln("Cannot read detached signature: " + e.getMessage()); + System.exit(1); + } + Map publicKeys = readCertificatesFromFiles(); if (publicKeys.isEmpty()) { err_ln("No certificates supplied."); System.exit(19); } + for (PGPPublicKeyRing cert : publicKeys.keySet()) { + options.addVerificationCert(cert); + } + OpenPgpMetadata metadata; - try (FileInputStream sigIn = new FileInputStream(signature)) { + try { DecryptionStream verifier = PGPainless.decryptAndOrVerify() .onInputStream(System.in) - .doNotDecrypt() - .verifyDetachedSignature(sigIn) - .verifyWith(new HashSet<>(publicKeys.keySet())) - .ignoreMissingPublicKeys() - .build(); + .withOptions(options); OutputStream out = new NullOutputStream(); Streams.pipeAll(verifier, out); verifier.close(); metadata = verifier.getResult(); - } catch (FileNotFoundException e) { - err_ln("Signature file not found:"); - err_ln(e.getMessage()); - System.exit(1); - return; } catch (IOException | PGPException e) { err_ln("Signature validation failed."); err_ln(e.getMessage());