1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-06-16 16:44:50 +02:00

Add HasKeyFlagsSelectionStrategy

This commit is contained in:
Paul Schaub 2021-01-09 20:16:13 +01:00
parent 83bd157a78
commit 8df752e995
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
3 changed files with 181 additions and 1 deletions

View file

@ -18,6 +18,7 @@ package org.pgpainless.key.selection.key.impl;
import javax.annotation.Nonnull;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.pgpainless.algorithm.KeyFlag;
import org.pgpainless.key.selection.key.PublicKeySelectionStrategy;
/**
@ -25,8 +26,11 @@ import org.pgpainless.key.selection.key.PublicKeySelectionStrategy;
*/
public class EncryptionKeySelectionStrategy extends PublicKeySelectionStrategy {
private static final HasKeyFlagSelectionStrategy.PublicKey HAS_ENCRYPT_COMMS_FLAG =
new HasKeyFlagSelectionStrategy.PublicKey(KeyFlag.ENCRYPT_COMMS);
@Override
public boolean accept(@Nonnull PGPPublicKey key) {
return key.isEncryptionKey();
return key.isEncryptionKey() && HAS_ENCRYPT_COMMS_FLAG.accept(key);
}
}

View file

@ -0,0 +1,68 @@
/*
* Copyright 2021 Paul Schaub.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.pgpainless.key.selection.key.impl;
import java.util.Iterator;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSignature;
import org.pgpainless.algorithm.KeyFlag;
import org.pgpainless.key.selection.key.PublicKeySelectionStrategy;
import org.pgpainless.key.selection.key.SecretKeySelectionStrategy;
public class HasKeyFlagSelectionStrategy {
public static class PublicKey extends PublicKeySelectionStrategy {
private final int keyFlagMask;
public PublicKey(KeyFlag... flags) {
this(KeyFlag.toBitmask(flags));
}
public PublicKey(int mask) {
this.keyFlagMask = mask;
}
@Override
public boolean accept(PGPPublicKey key) {
Iterator<PGPSignature> signatures = key.getSignatures();
int flags = signatures.next().getHashedSubPackets().getKeyFlags();
return (keyFlagMask & flags) == keyFlagMask;
}
}
public static class SecretKey extends SecretKeySelectionStrategy {
private final int keyFlagMask;
public SecretKey(KeyFlag... flags) {
this(KeyFlag.toBitmask(flags));
}
public SecretKey(int mask) {
this.keyFlagMask = mask;
}
@Override
public boolean accept(PGPSecretKey key) {
Iterator<PGPSignature> signatures = key.getPublicKey().getSignatures();
int flags = signatures.next().getHashedSubPackets().getKeyFlags();
return (keyFlagMask & flags) == keyFlagMask;
}
}
}

View file

@ -0,0 +1,108 @@
/*
* Copyright 2021 Paul Schaub.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.pgpainless.key.selection.key;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertTrue;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.util.Iterator;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.junit.jupiter.api.Test;
import org.pgpainless.PGPainless;
import org.pgpainless.algorithm.KeyFlag;
import org.pgpainless.key.generation.KeySpec;
import org.pgpainless.key.generation.type.KeyType;
import org.pgpainless.key.generation.type.ecc.EllipticCurve;
import org.pgpainless.key.generation.type.eddsa.EdDSACurve;
import org.pgpainless.key.generation.type.xdh.XDHCurve;
import org.pgpainless.key.selection.key.impl.HasKeyFlagSelectionStrategy;
public class HasKeyFlagsSelectionStrategyTest {
@Test
public void testKeyFlagSelectors() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
.withSubKey(KeySpec.getBuilder(KeyType.ECDSA(EllipticCurve._P256))
.withKeyFlags(KeyFlag.SIGN_DATA)
.withDefaultAlgorithms())
.withSubKey(KeySpec.getBuilder(KeyType.XDH(XDHCurve._X25519))
.withKeyFlags(KeyFlag.ENCRYPT_COMMS)
.withDefaultAlgorithms())
.withMasterKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519))
.withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.AUTHENTICATION)
.withDefaultAlgorithms())
.withPrimaryUserId("test@test.test")
.withoutPassphrase().build();
Iterator<PGPSecretKey> iterator = secretKeys.iterator();
// CERTIFY_OTHER and AUTHENTICATION
PGPSecretKey s_primaryKey = iterator.next();
// SIGN_DATA
PGPSecretKey s_signingKey = iterator.next();
// ENCRYPT_COMMS
PGPSecretKey s_encryptionKey = iterator.next();
HasKeyFlagSelectionStrategy.SecretKey s_certifyOther =
new HasKeyFlagSelectionStrategy.SecretKey(KeyFlag.CERTIFY_OTHER);
HasKeyFlagSelectionStrategy.SecretKey s_encryptComms =
new HasKeyFlagSelectionStrategy.SecretKey(KeyFlag.ENCRYPT_COMMS);
HasKeyFlagSelectionStrategy.SecretKey s_encryptCommsEncryptStorage =
new HasKeyFlagSelectionStrategy.SecretKey(KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE);
assertTrue(s_certifyOther.accept(s_primaryKey));
assertFalse(s_certifyOther.accept(s_encryptionKey));
assertFalse(s_certifyOther.accept(s_signingKey));
assertTrue(s_encryptComms.accept(s_encryptionKey));
assertFalse(s_encryptComms.accept(s_primaryKey));
assertFalse(s_encryptComms.accept(s_signingKey));
assertFalse(s_encryptCommsEncryptStorage.accept(s_encryptionKey),
"Must not accept the key, as it only carries ENCRYPT_COMMS, but not ENCRYPT_STORAGE");
assertFalse(s_encryptCommsEncryptStorage.accept(s_primaryKey));
assertFalse(s_encryptCommsEncryptStorage.accept(s_signingKey));
PGPPublicKey p_primaryKey = s_primaryKey.getPublicKey();
PGPPublicKey p_encryptionKey = s_encryptionKey.getPublicKey();
PGPPublicKey p_signingKey = s_signingKey.getPublicKey();
HasKeyFlagSelectionStrategy.PublicKey p_certifyOther =
new HasKeyFlagSelectionStrategy.PublicKey(KeyFlag.CERTIFY_OTHER);
HasKeyFlagSelectionStrategy.PublicKey p_encryptComms =
new HasKeyFlagSelectionStrategy.PublicKey(KeyFlag.ENCRYPT_COMMS);
HasKeyFlagSelectionStrategy.PublicKey p_encryptCommsEncryptStorage =
new HasKeyFlagSelectionStrategy.PublicKey(KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE);
assertTrue(p_certifyOther.accept(p_primaryKey));
assertFalse(p_certifyOther.accept(p_encryptionKey));
assertFalse(p_certifyOther.accept(p_signingKey));
assertTrue(p_encryptComms.accept(p_encryptionKey));
assertFalse(p_encryptComms.accept(p_primaryKey));
assertFalse(p_encryptComms.accept(p_signingKey));
assertFalse(p_encryptCommsEncryptStorage.accept(p_encryptionKey),
"Must not accept the key, as it only carries ENCRYPT_COMMS, but not ENCRYPT_STORAGE");
assertFalse(p_encryptCommsEncryptStorage.accept(p_primaryKey));
assertFalse(p_encryptCommsEncryptStorage.accept(p_signingKey));
}
}