Add HasKeyFlagsSelectionStrategy

2024-06-16 16:44:50 +02:00 · 2021-01-09 20:16:13 +01:00 · 2021-01-09 20:16:13 +01:00 · 8df752e995
parent 83bd157a78
commit 8df752e995
3 changed files with 181 additions and 1 deletions
--- a/pgpainless-core/src/main/java/org/pgpainless/key/selection/key/impl/EncryptionKeySelectionStrategy.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/key/selection/key/impl/EncryptionKeySelectionStrategy.java
@ -18,6 +18,7 @@ package org.pgpainless.key.selection.key.impl;
 import javax.annotation.Nonnull;

 import org.bouncycastle.openpgp.PGPPublicKey;
+import org.pgpainless.algorithm.KeyFlag;
 import org.pgpainless.key.selection.key.PublicKeySelectionStrategy;

 /**
@ -25,8 +26,11 @@ import org.pgpainless.key.selection.key.PublicKeySelectionStrategy;
 */
 public class EncryptionKeySelectionStrategy extends PublicKeySelectionStrategy {

+    private static final HasKeyFlagSelectionStrategy.PublicKey HAS_ENCRYPT_COMMS_FLAG =
+            new HasKeyFlagSelectionStrategy.PublicKey(KeyFlag.ENCRYPT_COMMS);
+
    @Override
    public boolean accept(@Nonnull PGPPublicKey key) {
-        return key.isEncryptionKey();
+        return key.isEncryptionKey() && HAS_ENCRYPT_COMMS_FLAG.accept(key);
    }
 }
--- a/pgpainless-core/src/main/java/org/pgpainless/key/selection/key/impl/HasKeyFlagSelectionStrategy.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/key/selection/key/impl/HasKeyFlagSelectionStrategy.java
@ -0,0 +1,68 @@
+/*
+ * Copyright 2021 Paul Schaub.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.pgpainless.key.selection.key.impl;
+
+import java.util.Iterator;
+
+import org.bouncycastle.openpgp.PGPPublicKey;
+import org.bouncycastle.openpgp.PGPSecretKey;
+import org.bouncycastle.openpgp.PGPSignature;
+import org.pgpainless.algorithm.KeyFlag;
+import org.pgpainless.key.selection.key.PublicKeySelectionStrategy;
+import org.pgpainless.key.selection.key.SecretKeySelectionStrategy;
+
+public class HasKeyFlagSelectionStrategy {
+
+    public static class PublicKey extends PublicKeySelectionStrategy {
+
+        private final int keyFlagMask;
+
+        public PublicKey(KeyFlag... flags) {
+            this(KeyFlag.toBitmask(flags));
+        }
+
+        public PublicKey(int mask) {
+            this.keyFlagMask = mask;
+        }
+
+        @Override
+        public boolean accept(PGPPublicKey key) {
+            Iterator<PGPSignature> signatures = key.getSignatures();
+            int flags = signatures.next().getHashedSubPackets().getKeyFlags();
+            return (keyFlagMask & flags) == keyFlagMask;
+        }
+    }
+
+    public static class SecretKey extends SecretKeySelectionStrategy {
+
+        private final int keyFlagMask;
+
+        public SecretKey(KeyFlag... flags) {
+            this(KeyFlag.toBitmask(flags));
+        }
+
+        public SecretKey(int mask) {
+            this.keyFlagMask = mask;
+        }
+
+        @Override
+        public boolean accept(PGPSecretKey key) {
+            Iterator<PGPSignature> signatures = key.getPublicKey().getSignatures();
+            int flags = signatures.next().getHashedSubPackets().getKeyFlags();
+            return (keyFlagMask & flags) == keyFlagMask;
+        }
+    }
+}
--- a/pgpainless-core/src/test/java/org/pgpainless/key/selection/key/HasKeyFlagsSelectionStrategyTest.java
+++ b/pgpainless-core/src/test/java/org/pgpainless/key/selection/key/HasKeyFlagsSelectionStrategyTest.java
@ -0,0 +1,108 @@
+/*
+ * Copyright 2021 Paul Schaub.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.pgpainless.key.selection.key;
+
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.NoSuchAlgorithmException;
+import java.util.Iterator;
+
+import org.bouncycastle.openpgp.PGPException;
+import org.bouncycastle.openpgp.PGPPublicKey;
+import org.bouncycastle.openpgp.PGPSecretKey;
+import org.bouncycastle.openpgp.PGPSecretKeyRing;
+import org.junit.jupiter.api.Test;
+import org.pgpainless.PGPainless;
+import org.pgpainless.algorithm.KeyFlag;
+import org.pgpainless.key.generation.KeySpec;
+import org.pgpainless.key.generation.type.KeyType;
+import org.pgpainless.key.generation.type.ecc.EllipticCurve;
+import org.pgpainless.key.generation.type.eddsa.EdDSACurve;
+import org.pgpainless.key.generation.type.xdh.XDHCurve;
+import org.pgpainless.key.selection.key.impl.HasKeyFlagSelectionStrategy;
+
+public class HasKeyFlagsSelectionStrategyTest {
+
+    @Test
+    public void testKeyFlagSelectors() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {
+        PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
+                .withSubKey(KeySpec.getBuilder(KeyType.ECDSA(EllipticCurve._P256))
+                        .withKeyFlags(KeyFlag.SIGN_DATA)
+                        .withDefaultAlgorithms())
+                .withSubKey(KeySpec.getBuilder(KeyType.XDH(XDHCurve._X25519))
+                        .withKeyFlags(KeyFlag.ENCRYPT_COMMS)
+                        .withDefaultAlgorithms())
+                .withMasterKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519))
+                        .withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.AUTHENTICATION)
+                        .withDefaultAlgorithms())
+                .withPrimaryUserId("test@test.test")
+                .withoutPassphrase().build();
+
+        Iterator<PGPSecretKey> iterator = secretKeys.iterator();
+        // CERTIFY_OTHER and AUTHENTICATION
+        PGPSecretKey s_primaryKey = iterator.next();
+        // SIGN_DATA
+        PGPSecretKey s_signingKey = iterator.next();
+        // ENCRYPT_COMMS
+        PGPSecretKey s_encryptionKey = iterator.next();
+
+        HasKeyFlagSelectionStrategy.SecretKey s_certifyOther =
+                new HasKeyFlagSelectionStrategy.SecretKey(KeyFlag.CERTIFY_OTHER);
+        HasKeyFlagSelectionStrategy.SecretKey s_encryptComms =
+                new HasKeyFlagSelectionStrategy.SecretKey(KeyFlag.ENCRYPT_COMMS);
+        HasKeyFlagSelectionStrategy.SecretKey s_encryptCommsEncryptStorage =
+                new HasKeyFlagSelectionStrategy.SecretKey(KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE);
+
+        assertTrue(s_certifyOther.accept(s_primaryKey));
+        assertFalse(s_certifyOther.accept(s_encryptionKey));
+        assertFalse(s_certifyOther.accept(s_signingKey));
+
+        assertTrue(s_encryptComms.accept(s_encryptionKey));
+        assertFalse(s_encryptComms.accept(s_primaryKey));
+        assertFalse(s_encryptComms.accept(s_signingKey));
+
+        assertFalse(s_encryptCommsEncryptStorage.accept(s_encryptionKey),
+                "Must not accept the key, as it only carries ENCRYPT_COMMS, but not ENCRYPT_STORAGE");
+        assertFalse(s_encryptCommsEncryptStorage.accept(s_primaryKey));
+        assertFalse(s_encryptCommsEncryptStorage.accept(s_signingKey));
+
+        PGPPublicKey p_primaryKey = s_primaryKey.getPublicKey();
+        PGPPublicKey p_encryptionKey = s_encryptionKey.getPublicKey();
+        PGPPublicKey p_signingKey = s_signingKey.getPublicKey();
+
+        HasKeyFlagSelectionStrategy.PublicKey p_certifyOther =
+                new HasKeyFlagSelectionStrategy.PublicKey(KeyFlag.CERTIFY_OTHER);
+        HasKeyFlagSelectionStrategy.PublicKey p_encryptComms =
+                new HasKeyFlagSelectionStrategy.PublicKey(KeyFlag.ENCRYPT_COMMS);
+        HasKeyFlagSelectionStrategy.PublicKey p_encryptCommsEncryptStorage =
+                new HasKeyFlagSelectionStrategy.PublicKey(KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE);
+
+        assertTrue(p_certifyOther.accept(p_primaryKey));
+        assertFalse(p_certifyOther.accept(p_encryptionKey));
+        assertFalse(p_certifyOther.accept(p_signingKey));
+
+        assertTrue(p_encryptComms.accept(p_encryptionKey));
+        assertFalse(p_encryptComms.accept(p_primaryKey));
+        assertFalse(p_encryptComms.accept(p_signingKey));
+
+        assertFalse(p_encryptCommsEncryptStorage.accept(p_encryptionKey),
+                "Must not accept the key, as it only carries ENCRYPT_COMMS, but not ENCRYPT_STORAGE");
+        assertFalse(p_encryptCommsEncryptStorage.accept(p_primaryKey));
+        assertFalse(p_encryptCommsEncryptStorage.accept(p_signingKey));
+    }
+}