Remove pgpainless-core dependency from wot-dijkstra

pgpainless-wot/src/main/kotlin/org/pgpainless/wot/WebOfTrust.kt

@@ -8,7 +8,6 @@ import org.bouncycastle.openpgp.PGPPublicKey
 import org.bouncycastle.openpgp.PGPSignature
 import org.pgpainless.PGPainless
 import org.pgpainless.algorithm.KeyFlag
-import org.pgpainless.algorithm.RevocationState
 import org.pgpainless.exception.SignatureValidationException
 import org.pgpainless.key.OpenPgpFingerprint
 import org.pgpainless.key.info.KeyRingInfo
@@ -122,6 +121,11 @@ class WebOfTrust(private val certificateStore: PGPCertificateStore) {
                 RevocationState.softRevoked(revocation.creationTime)
         }
 
+        @JvmStatic
+        private fun OpenPgpFingerprint.map(): Fingerprint {
+            return Fingerprint(toString())
+        }
+
         /**
          * Class for building the [Flow network][Network] from the given set of OpenPGP keys.
          *
@@ -133,19 +137,19 @@ class WebOfTrust(private val certificateStore: PGPCertificateStore) {
             private val LOGGER = LoggerFactory.getLogger(NetworkBuilder::class.java)
 
             // certificates keyed by fingerprint
-            private val byFingerprint: MutableMap<OpenPgpFingerprint, KeyRingInfo> = HashMap()
+            private val byFingerprint: MutableMap<Fingerprint, KeyRingInfo> = HashMap()
 
             // certificates keyed by (sub-) key-id
             private val byKeyId: MutableMap<Long, MutableList<KeyRingInfo>> = HashMap()
 
             // certificate synopses keyed by fingerprint
-            private val certSynopsisMap: MutableMap<OpenPgpFingerprint, CertSynopsis> = HashMap()
+            private val certSynopsisMap: MutableMap<Fingerprint, CertSynopsis> = HashMap()
 
             // Issuer -> Targets, edges keyed by issuer
-            private val edges: MutableMap<OpenPgpFingerprint, MutableList<CertificationSet>> = HashMap()
+            private val edges: MutableMap<Fingerprint, MutableList<CertificationSet>> = HashMap()
 
             // Target -> Issuers, edges keyed by target
-            private val reverseEdges: MutableMap<OpenPgpFingerprint, MutableList<CertificationSet>> = HashMap()
+            private val reverseEdges: MutableMap<Fingerprint, MutableList<CertificationSet>> = HashMap()
 
             init {
                 synopsizeCertificates(validatedCertificates)
@@ -161,8 +165,9 @@ class WebOfTrust(private val certificateStore: PGPCertificateStore) {
             private fun synopsize(cert: KeyRingInfo) {
 
                 // index by fingerprint
-                if (!byFingerprint.containsKey(cert.fingerprint)) {
+                val certFingerprint = cert.fingerprint.map()
-                    byFingerprint[cert.fingerprint] = cert
+                if (!byFingerprint.containsKey(certFingerprint)) {
+                    byFingerprint[certFingerprint] = cert
                 }
 
                 // index by key-ID
@@ -189,7 +194,7 @@ class WebOfTrust(private val certificateStore: PGPCertificateStore) {
                     // Some keys are malformed and have no KeyFlags
                     return
                 }
-                certSynopsisMap[cert.fingerprint] = CertSynopsis(cert.fingerprint,
+                certSynopsisMap[certFingerprint] = CertSynopsis(certFingerprint,
                         expirationDate,
                         revocationStateFromSignature(cert.revocationSelfSignature),
                         userIds)
@@ -205,7 +210,7 @@ class WebOfTrust(private val certificateStore: PGPCertificateStore) {
 
             private fun findEdgesWithTarget(validatedTarget: KeyRingInfo) {
                 val validatedTargetKeyRing = KeyRingUtils.publicKeys(validatedTarget.keys)
-                val targetFingerprint = OpenPgpFingerprint.of(validatedTargetKeyRing)
+                val targetFingerprint = OpenPgpFingerprint.of(validatedTargetKeyRing).map()
                 val targetPrimaryKey = validatedTargetKeyRing.publicKey!!
                 val target = certSynopsisMap[targetFingerprint]!!
 
@@ -231,7 +236,7 @@ class WebOfTrust(private val certificateStore: PGPCertificateStore) {
                         ?: return
                 for (candidate in issuerCandidates) {
                     val issuerKeyRing = KeyRingUtils.publicKeys(candidate.keys)
-                    val issuerFingerprint = OpenPgpFingerprint.of(issuerKeyRing)
+                    val issuerFingerprint = OpenPgpFingerprint.of(issuerKeyRing).map()
                     val issuerSigningKey = issuerKeyRing.getPublicKey(delegation.keyID)
                     val issuer = certSynopsisMap[issuerFingerprint]
                             ?: continue
@@ -257,7 +262,7 @@ class WebOfTrust(private val certificateStore: PGPCertificateStore) {
                             ?: continue
                     for (candidate in issuerCandidates) {
                         val issuerKeyRing = KeyRingUtils.publicKeys(candidate.keys)
-                        val issuerFingerprint = OpenPgpFingerprint.of(issuerKeyRing)
+                        val issuerFingerprint = OpenPgpFingerprint.of(issuerKeyRing).map()
                         val issuerSigningKey = issuerKeyRing.getPublicKey(certification.keyID)
                                 ?: continue
                         val issuer = certSynopsisMap[issuerFingerprint]

pgpainless-wot/src/test/java/org/pgpainless/wot/WebOfTrustTest.java

@@ -12,9 +12,11 @@ import static org.junit.jupiter.api.Assertions.assertTrue;
 import java.io.IOException;
 import java.util.List;
 
+import org.bouncycastle.openpgp.PGPPublicKeyRing;
 import org.junit.jupiter.api.Test;
 import org.pgpainless.key.OpenPgpFingerprint;
 import org.pgpainless.wot.dijkstra.sq.CertificationSet;
+import org.pgpainless.wot.dijkstra.sq.Fingerprint;
 import org.pgpainless.wot.dijkstra.sq.Network;
 import org.pgpainless.wot.testfixtures.TestCertificateStores;
 import org.pgpainless.wot.testfixtures.WotTestVectors;
@@ -23,16 +25,20 @@ import pgp.certificate_store.exception.BadDataException;
 
 public class WebOfTrustTest {
 
-    OpenPgpFingerprint fooBankCa = OpenPgpFingerprint.of(WotTestVectors.getTestVectors().getFreshFooBankCaCert());
+    Fingerprint fooBankCa = fingerprintOf(WotTestVectors.getTestVectors().getFreshFooBankCaCert());
-    OpenPgpFingerprint fooBankEmployee = OpenPgpFingerprint.of(WotTestVectors.getTestVectors().getFreshFooBankEmployeeCert());
+    Fingerprint fooBankEmployee = fingerprintOf(WotTestVectors.getTestVectors().getFreshFooBankEmployeeCert());
-    OpenPgpFingerprint fooBankAdmin = OpenPgpFingerprint.of(WotTestVectors.getTestVectors().getFreshFooBankAdminCert());
+    Fingerprint fooBankAdmin = fingerprintOf(WotTestVectors.getTestVectors().getFreshFooBankAdminCert());
-    OpenPgpFingerprint barBankCa = OpenPgpFingerprint.of(WotTestVectors.getTestVectors().getFreshBarBankCaCert());
+    Fingerprint barBankCa = fingerprintOf(WotTestVectors.getTestVectors().getFreshBarBankCaCert());
-    OpenPgpFingerprint barBankEmployee = OpenPgpFingerprint.of(WotTestVectors.getTestVectors().getFreshBarBankEmployeeCert());
+    Fingerprint barBankEmployee = fingerprintOf(WotTestVectors.getTestVectors().getFreshBarBankEmployeeCert());
 
     public WebOfTrustTest() throws IOException {
 
     }
 
+    private static Fingerprint fingerprintOf(PGPPublicKeyRing cert) {
+        return new Fingerprint(OpenPgpFingerprint.of(cert).toString());
+    }
+
     @Test
     public void testWithTwoNodesAndOneDelegation() throws BadDataException, IOException, InterruptedException {
         PGPCertificateDirectory certD = TestCertificateStores.oneDelegationGraph();
@@ -87,30 +93,30 @@ public class WebOfTrustTest {
         // CHECKSTYLE:ON
     }
 
-    private void assertHasIssuerAndTarget(CertificationSet certifications, OpenPgpFingerprint issuer, OpenPgpFingerprint target) {
+    private void assertHasIssuerAndTarget(CertificationSet certifications, Fingerprint issuer, Fingerprint target) {
         assertEquals(issuer, certifications.getIssuer().getFingerprint());
         assertEquals(target, certifications.getTarget().getFingerprint());
     }
 
-    private void assertHasEdge(Network network, OpenPgpFingerprint issuer, OpenPgpFingerprint target) {
+    private void assertHasEdge(Network network, Fingerprint issuer, Fingerprint target) {
         assertNotNull(getEdgeFromTo(network, issuer, target), "Expected edge from " + issuer + " to " + target + " but got none.");
     }
 
-    private void assertHasReverseEdge(Network network, OpenPgpFingerprint issuer, OpenPgpFingerprint target) {
+    private void assertHasReverseEdge(Network network, Fingerprint issuer, Fingerprint target) {
         assertNotNull(getReverseEdgeFromTo(network, issuer, target), "Expected reverse edge to " + target + " from " + issuer + " but got none.");
     }
 
-    private void assertHasNoEdge(Network network, OpenPgpFingerprint issuer, OpenPgpFingerprint target) {
+    private void assertHasNoEdge(Network network, Fingerprint issuer, Fingerprint target) {
         CertificationSet edge = getEdgeFromTo(network, issuer, target);
         assertNull(edge, "Expected no edge from " + issuer + " to " + target + " but got " + edge);
     }
 
-    private void assertHasNoReverseEdge(Network network, OpenPgpFingerprint issuer, OpenPgpFingerprint target) {
+    private void assertHasNoReverseEdge(Network network, Fingerprint issuer, Fingerprint target) {
         CertificationSet reverseEdge = getReverseEdgeFromTo(network, issuer, target);
         assertNull(reverseEdge, "Expected no reverse edge on " + target + " from " + issuer + " but got " + reverseEdge);
     }
 
-    private CertificationSet getEdgeFromTo(Network network, OpenPgpFingerprint issuer, OpenPgpFingerprint target) {
+    private CertificationSet getEdgeFromTo(Network network, Fingerprint issuer, Fingerprint target) {
         List<CertificationSet> edges = network.getEdges().get(issuer);
         if (edges == null) {
             return null;
@@ -124,7 +130,7 @@ public class WebOfTrustTest {
         return null;
     }
 
-    private CertificationSet getReverseEdgeFromTo(Network network, OpenPgpFingerprint issuer, OpenPgpFingerprint target) {
+    private CertificationSet getReverseEdgeFromTo(Network network, Fingerprint issuer, Fingerprint target) {
         List<CertificationSet> revEdges = network.getReverseEdges().get(target);
         if (revEdges == null) {
             return null;

wot-dijkstra/build.gradle

@@ -34,9 +34,6 @@ dependencies {
 
     // @Nullable, @Nonnull annotations
     implementation "com.google.code.findbugs:jsr305:3.0.2"
-
-    // OpenPgpFingerprint, RevocationState
-    implementation(project(":pgpainless-core"))
 }
 
 test {

wot-dijkstra/src/main/kotlin/org/pgpainless/wot/dijkstra/sq/CertSynopsis.kt

@@ -4,20 +4,18 @@
 
 package org.pgpainless.wot.dijkstra.sq
 
-import org.pgpainless.algorithm.RevocationState
-import org.pgpainless.key.OpenPgpFingerprint
 import java.util.*
 
 /**
  * A [CertSynopsis] is a proxy object containing information about a certificate.
  *
- * @param fingerprint [OpenPgpFingerprint] of the certificate
+ * @param fingerprint [Fingerprint] of the certificate
  * @param expirationTime optional expiration time of the certificate
  * @param revocationState [RevocationState] denoting whether the certificate is revoked or not
  * @param userIds [Map] of user-ids on the certificate, along with their revocation states
  */
 data class CertSynopsis(
-        val fingerprint: OpenPgpFingerprint,
+        val fingerprint: Fingerprint,
         val expirationTime: Date?,
         val revocationState: RevocationState,
         val userIds : Map<String, RevocationState>) {

wot-dijkstra/src/main/kotlin/org/pgpainless/wot/dijkstra/sq/Fingerprint.kt

@@ -0,0 +1,33 @@
+// SPDX-FileCopyrightText: 2023 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package org.pgpainless.wot.dijkstra.sq
+
+class Fingerprint(fingerprint: String) {
+
+    val fingerprint: String
+
+    init {
+        this.fingerprint = fingerprint.uppercase()
+    }
+
+    override fun equals(other: Any?): Boolean {
+        if (other == null) {
+            return false
+        }
+        return if (other is Fingerprint) {
+            toString() == other.toString()
+        } else {
+            false
+        }
+    }
+
+    override fun hashCode(): Int {
+        return toString().hashCode()
+    }
+
+    override fun toString(): String {
+        return fingerprint.uppercase()
+    }
+}

wot-dijkstra/src/main/kotlin/org/pgpainless/wot/dijkstra/sq/Network.kt

@@ -4,23 +4,21 @@
 
 package org.pgpainless.wot.dijkstra.sq
 
-import org.pgpainless.key.OpenPgpFingerprint
-
 /**
  * A network consists of nodes, and edges between them.
  * For the Web of Trust, nodes consist of [CertSynopses][CertSynopsis], while the edges between the nodes are
  * [CertificationSets][CertificationSet].
  *
  * @constructor creates a new network
- * @param nodes contains a [Map] of [CertSynopsis] keyed by their [OpenPgpFingerprint]
+ * @param nodes contains a [Map] of [CertSynopsis] keyed by their [Fingerprint]
- * @param edges [Map] keyed by the [fingerprint][OpenPgpFingerprint] of an issuer, whose values are [Lists][List] containing all edges originating from the issuer.
+ * @param edges [Map] keyed by the [fingerprint][Fingerprint] of an issuer, whose values are [Lists][List] containing all edges originating from the issuer.
- * @param reverseEdges [Map] keyed by the [fingerprint][OpenPgpFingerprint] of a target, whose values are [Lists][List] containing all edges pointing to the target
+ * @param reverseEdges [Map] keyed by the [fingerprint][Fingerprint] of a target, whose values are [Lists][List] containing all edges pointing to the target
  * @param referenceTime reference time at which the [Network] was built
  */
 class Network(
-        val nodes: Map<OpenPgpFingerprint, CertSynopsis>,
+        val nodes: Map<Fingerprint, CertSynopsis>,
-        val edges: Map<OpenPgpFingerprint, List<CertificationSet>>,
+        val edges: Map<Fingerprint, List<CertificationSet>>,
-        val reverseEdges: Map<OpenPgpFingerprint, List<CertificationSet>>,
+        val reverseEdges: Map<Fingerprint, List<CertificationSet>>,
         val referenceTime: ReferenceTime) {
 
     companion object {

wot-dijkstra/src/main/kotlin/org/pgpainless/wot/dijkstra/sq/Path.kt

@@ -15,9 +15,9 @@ import kotlin.math.min
  * @param residualDepth residual depth that is decreased each time another edge is appended
  */
 class Path(
-        val root: CertSynopsis,
+        private val root: CertSynopsis,
-        val edges: MutableList<Certification>,
+        private val edges: MutableList<Certification>,
-        var residualDepth: Depth
+        private var residualDepth: Depth
 ) {
 
     /**

wot-dijkstra/src/main/kotlin/org/pgpainless/wot/dijkstra/sq/Paths.kt

@@ -9,7 +9,7 @@ package org.pgpainless.wot.dijkstra.sq
  *
  * @param paths list of paths
  */
-class Paths(val paths: MutableList<Item>) {
+class Paths(private val paths: MutableList<Item>) {
 
     /**
      * Empty collection of paths.

wot-dijkstra/src/main/kotlin/org/pgpainless/wot/dijkstra/sq/RevocationState.kt

@@ -0,0 +1,41 @@
+// SPDX-FileCopyrightText: 2023 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package org.pgpainless.wot.dijkstra.sq
+
+import java.util.*
+
+/**
+ * Revocation State of
+ */
+class RevocationState private constructor(val type: Type, val timestamp: Date?) {
+
+    enum class Type {
+        Soft,
+        Hard,
+        None
+    }
+
+    companion object {
+        @JvmStatic
+        fun notRevoked(): RevocationState = RevocationState(Type.None, null)
+
+        @JvmStatic
+        fun softRevoked(timestamp: Date): RevocationState = RevocationState(Type.Soft, timestamp)
+
+        @JvmStatic
+        fun hardRevoked(): RevocationState = RevocationState(Type.Hard, null)
+    }
+
+    fun isHardRevocation(): Boolean = type == Type.Hard
+
+    fun isSoftRevocation(): Boolean = type == Type.Soft
+
+    fun isNotRevoked(): Boolean = type == Type.None
+
+    fun isEffective(referenceTime: ReferenceTime): Boolean {
+        return isHardRevocation() ||
+                (isSoftRevocation() && referenceTime.timestamp.after(timestamp))
+    }
+}