mirror of
https://github.com/pgpainless/pgpainless.git
synced 2024-11-26 22:32:07 +01:00
Add HasKeyFlagsSelectionStrategy
This commit is contained in:
parent
83bd157a78
commit
8df752e995
3 changed files with 181 additions and 1 deletions
|
@ -18,6 +18,7 @@ package org.pgpainless.key.selection.key.impl;
|
||||||
import javax.annotation.Nonnull;
|
import javax.annotation.Nonnull;
|
||||||
|
|
||||||
import org.bouncycastle.openpgp.PGPPublicKey;
|
import org.bouncycastle.openpgp.PGPPublicKey;
|
||||||
|
import org.pgpainless.algorithm.KeyFlag;
|
||||||
import org.pgpainless.key.selection.key.PublicKeySelectionStrategy;
|
import org.pgpainless.key.selection.key.PublicKeySelectionStrategy;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -25,8 +26,11 @@ import org.pgpainless.key.selection.key.PublicKeySelectionStrategy;
|
||||||
*/
|
*/
|
||||||
public class EncryptionKeySelectionStrategy extends PublicKeySelectionStrategy {
|
public class EncryptionKeySelectionStrategy extends PublicKeySelectionStrategy {
|
||||||
|
|
||||||
|
private static final HasKeyFlagSelectionStrategy.PublicKey HAS_ENCRYPT_COMMS_FLAG =
|
||||||
|
new HasKeyFlagSelectionStrategy.PublicKey(KeyFlag.ENCRYPT_COMMS);
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean accept(@Nonnull PGPPublicKey key) {
|
public boolean accept(@Nonnull PGPPublicKey key) {
|
||||||
return key.isEncryptionKey();
|
return key.isEncryptionKey() && HAS_ENCRYPT_COMMS_FLAG.accept(key);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,68 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2021 Paul Schaub.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
package org.pgpainless.key.selection.key.impl;
|
||||||
|
|
||||||
|
import java.util.Iterator;
|
||||||
|
|
||||||
|
import org.bouncycastle.openpgp.PGPPublicKey;
|
||||||
|
import org.bouncycastle.openpgp.PGPSecretKey;
|
||||||
|
import org.bouncycastle.openpgp.PGPSignature;
|
||||||
|
import org.pgpainless.algorithm.KeyFlag;
|
||||||
|
import org.pgpainless.key.selection.key.PublicKeySelectionStrategy;
|
||||||
|
import org.pgpainless.key.selection.key.SecretKeySelectionStrategy;
|
||||||
|
|
||||||
|
public class HasKeyFlagSelectionStrategy {
|
||||||
|
|
||||||
|
public static class PublicKey extends PublicKeySelectionStrategy {
|
||||||
|
|
||||||
|
private final int keyFlagMask;
|
||||||
|
|
||||||
|
public PublicKey(KeyFlag... flags) {
|
||||||
|
this(KeyFlag.toBitmask(flags));
|
||||||
|
}
|
||||||
|
|
||||||
|
public PublicKey(int mask) {
|
||||||
|
this.keyFlagMask = mask;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean accept(PGPPublicKey key) {
|
||||||
|
Iterator<PGPSignature> signatures = key.getSignatures();
|
||||||
|
int flags = signatures.next().getHashedSubPackets().getKeyFlags();
|
||||||
|
return (keyFlagMask & flags) == keyFlagMask;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public static class SecretKey extends SecretKeySelectionStrategy {
|
||||||
|
|
||||||
|
private final int keyFlagMask;
|
||||||
|
|
||||||
|
public SecretKey(KeyFlag... flags) {
|
||||||
|
this(KeyFlag.toBitmask(flags));
|
||||||
|
}
|
||||||
|
|
||||||
|
public SecretKey(int mask) {
|
||||||
|
this.keyFlagMask = mask;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean accept(PGPSecretKey key) {
|
||||||
|
Iterator<PGPSignature> signatures = key.getPublicKey().getSignatures();
|
||||||
|
int flags = signatures.next().getHashedSubPackets().getKeyFlags();
|
||||||
|
return (keyFlagMask & flags) == keyFlagMask;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,108 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2021 Paul Schaub.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
package org.pgpainless.key.selection.key;
|
||||||
|
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertFalse;
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||||
|
|
||||||
|
import java.security.InvalidAlgorithmParameterException;
|
||||||
|
import java.security.NoSuchAlgorithmException;
|
||||||
|
import java.util.Iterator;
|
||||||
|
|
||||||
|
import org.bouncycastle.openpgp.PGPException;
|
||||||
|
import org.bouncycastle.openpgp.PGPPublicKey;
|
||||||
|
import org.bouncycastle.openpgp.PGPSecretKey;
|
||||||
|
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
||||||
|
import org.junit.jupiter.api.Test;
|
||||||
|
import org.pgpainless.PGPainless;
|
||||||
|
import org.pgpainless.algorithm.KeyFlag;
|
||||||
|
import org.pgpainless.key.generation.KeySpec;
|
||||||
|
import org.pgpainless.key.generation.type.KeyType;
|
||||||
|
import org.pgpainless.key.generation.type.ecc.EllipticCurve;
|
||||||
|
import org.pgpainless.key.generation.type.eddsa.EdDSACurve;
|
||||||
|
import org.pgpainless.key.generation.type.xdh.XDHCurve;
|
||||||
|
import org.pgpainless.key.selection.key.impl.HasKeyFlagSelectionStrategy;
|
||||||
|
|
||||||
|
public class HasKeyFlagsSelectionStrategyTest {
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testKeyFlagSelectors() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {
|
||||||
|
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
|
||||||
|
.withSubKey(KeySpec.getBuilder(KeyType.ECDSA(EllipticCurve._P256))
|
||||||
|
.withKeyFlags(KeyFlag.SIGN_DATA)
|
||||||
|
.withDefaultAlgorithms())
|
||||||
|
.withSubKey(KeySpec.getBuilder(KeyType.XDH(XDHCurve._X25519))
|
||||||
|
.withKeyFlags(KeyFlag.ENCRYPT_COMMS)
|
||||||
|
.withDefaultAlgorithms())
|
||||||
|
.withMasterKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519))
|
||||||
|
.withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.AUTHENTICATION)
|
||||||
|
.withDefaultAlgorithms())
|
||||||
|
.withPrimaryUserId("test@test.test")
|
||||||
|
.withoutPassphrase().build();
|
||||||
|
|
||||||
|
Iterator<PGPSecretKey> iterator = secretKeys.iterator();
|
||||||
|
// CERTIFY_OTHER and AUTHENTICATION
|
||||||
|
PGPSecretKey s_primaryKey = iterator.next();
|
||||||
|
// SIGN_DATA
|
||||||
|
PGPSecretKey s_signingKey = iterator.next();
|
||||||
|
// ENCRYPT_COMMS
|
||||||
|
PGPSecretKey s_encryptionKey = iterator.next();
|
||||||
|
|
||||||
|
HasKeyFlagSelectionStrategy.SecretKey s_certifyOther =
|
||||||
|
new HasKeyFlagSelectionStrategy.SecretKey(KeyFlag.CERTIFY_OTHER);
|
||||||
|
HasKeyFlagSelectionStrategy.SecretKey s_encryptComms =
|
||||||
|
new HasKeyFlagSelectionStrategy.SecretKey(KeyFlag.ENCRYPT_COMMS);
|
||||||
|
HasKeyFlagSelectionStrategy.SecretKey s_encryptCommsEncryptStorage =
|
||||||
|
new HasKeyFlagSelectionStrategy.SecretKey(KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE);
|
||||||
|
|
||||||
|
assertTrue(s_certifyOther.accept(s_primaryKey));
|
||||||
|
assertFalse(s_certifyOther.accept(s_encryptionKey));
|
||||||
|
assertFalse(s_certifyOther.accept(s_signingKey));
|
||||||
|
|
||||||
|
assertTrue(s_encryptComms.accept(s_encryptionKey));
|
||||||
|
assertFalse(s_encryptComms.accept(s_primaryKey));
|
||||||
|
assertFalse(s_encryptComms.accept(s_signingKey));
|
||||||
|
|
||||||
|
assertFalse(s_encryptCommsEncryptStorage.accept(s_encryptionKey),
|
||||||
|
"Must not accept the key, as it only carries ENCRYPT_COMMS, but not ENCRYPT_STORAGE");
|
||||||
|
assertFalse(s_encryptCommsEncryptStorage.accept(s_primaryKey));
|
||||||
|
assertFalse(s_encryptCommsEncryptStorage.accept(s_signingKey));
|
||||||
|
|
||||||
|
PGPPublicKey p_primaryKey = s_primaryKey.getPublicKey();
|
||||||
|
PGPPublicKey p_encryptionKey = s_encryptionKey.getPublicKey();
|
||||||
|
PGPPublicKey p_signingKey = s_signingKey.getPublicKey();
|
||||||
|
|
||||||
|
HasKeyFlagSelectionStrategy.PublicKey p_certifyOther =
|
||||||
|
new HasKeyFlagSelectionStrategy.PublicKey(KeyFlag.CERTIFY_OTHER);
|
||||||
|
HasKeyFlagSelectionStrategy.PublicKey p_encryptComms =
|
||||||
|
new HasKeyFlagSelectionStrategy.PublicKey(KeyFlag.ENCRYPT_COMMS);
|
||||||
|
HasKeyFlagSelectionStrategy.PublicKey p_encryptCommsEncryptStorage =
|
||||||
|
new HasKeyFlagSelectionStrategy.PublicKey(KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE);
|
||||||
|
|
||||||
|
assertTrue(p_certifyOther.accept(p_primaryKey));
|
||||||
|
assertFalse(p_certifyOther.accept(p_encryptionKey));
|
||||||
|
assertFalse(p_certifyOther.accept(p_signingKey));
|
||||||
|
|
||||||
|
assertTrue(p_encryptComms.accept(p_encryptionKey));
|
||||||
|
assertFalse(p_encryptComms.accept(p_primaryKey));
|
||||||
|
assertFalse(p_encryptComms.accept(p_signingKey));
|
||||||
|
|
||||||
|
assertFalse(p_encryptCommsEncryptStorage.accept(p_encryptionKey),
|
||||||
|
"Must not accept the key, as it only carries ENCRYPT_COMMS, but not ENCRYPT_STORAGE");
|
||||||
|
assertFalse(p_encryptCommsEncryptStorage.accept(p_primaryKey));
|
||||||
|
assertFalse(p_encryptCommsEncryptStorage.accept(p_signingKey));
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in a new issue