SignatureBuilders: Add constructors taking PGPKeyPairs

2024-02-13 15:07:07 +01:00 · 2024-02-13 15:07:07 +01:00 · b5f8864861
parent 62a20b2742
commit b5f8864861
7 changed files with 103 additions and 7 deletions
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/OpenPgpKeyGenerator.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/OpenPgpKeyGenerator.kt
@ -23,6 +23,7 @@ import org.pgpainless.key.generation.type.rsa.RsaLength
 import org.pgpainless.key.generation.type.xdh.XDHSpec
 import org.pgpainless.policy.Policy
 import org.pgpainless.signature.builder.DirectKeySelfSignatureBuilder
+import org.pgpainless.signature.builder.PrimaryKeyBindingSignatureBuilder
 import org.pgpainless.signature.builder.SelfSignatureBuilder
 import org.pgpainless.signature.builder.SubkeyBindingSignatureBuilder
 import org.pgpainless.signature.subpackets.SelfSignatureSubpackets
@ -738,14 +739,27 @@ abstract class ApplyToSubkey(
            bindingTime: Date,
            subpacketsCallback: SelfSignatureSubpackets.Callback
        ): PGPSignature {
-            return SubkeyBindingSignatureBuilder(
-                    primaryKey.privateKey, primaryKey.publicKey, hashAlgorithm)
+            return SubkeyBindingSignatureBuilder(primaryKey, hashAlgorithm)
                .applyCallback(
-                    subpacketsCallback.then(
-                        SelfSignatureSubpackets.applyHashed {
-                            setSignatureCreationTime(bindingTime)
-                        }))
-                .build(subkey.publicKey)
+                    subpacketsCallback
+                        .then(
+                            SelfSignatureSubpackets.applyHashed {
+                                setSignatureCreationTime(bindingTime)
+                            })
+                        .then(
+                            SelfSignatureSubpackets.applyHashed {
+                                if (isSigningCapable(getKeyFlags())) {
+                                    addEmbeddedSignature(
+                                        PrimaryKeyBindingSignatureBuilder(subkey, hashAlgorithm)
+                                            .build(primaryKey))
+                                }
+                            }))
+                .build(subkey)
+        }
+
+        private fun isSigningCapable(flags: List<KeyFlag>?): Boolean {
+            val signCapableFlags = listOf(KeyFlag.SIGN_DATA, KeyFlag.CERTIFY_OTHER)
+            return flags?.any { signCapableFlags.contains(it) } ?: false
        }
    }
 }
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/signature/builder/AbstractSignatureBuilder.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/signature/builder/AbstractSignatureBuilder.kt
@ -6,6 +6,7 @@ package org.pgpainless.signature.builder

 import java.util.function.Predicate
 import org.bouncycastle.openpgp.PGPException
+import org.bouncycastle.openpgp.PGPKeyPair
 import org.bouncycastle.openpgp.PGPPrivateKey
 import org.bouncycastle.openpgp.PGPPublicKey
 import org.bouncycastle.openpgp.PGPSecretKey
@ -53,6 +54,27 @@ abstract class AbstractSignatureBuilder<B : AbstractSignatureBuilder<B>>(
        hashedSubpackets,
        unhashedSubpackets)

+    @Throws(PGPException::class)
+    constructor(
+        signatureType: SignatureType,
+        signingKey: PGPKeyPair,
+        hashAlgorithm: HashAlgorithm,
+        hashedSubpackets: SignatureSubpackets,
+        unhashedSubpackets: SignatureSubpackets
+    ) : this(
+        signingKey.privateKey,
+        signingKey.publicKey,
+        hashAlgorithm,
+        signatureType,
+        hashedSubpackets,
+        unhashedSubpackets)
+
+    @Throws(PGPException::class)
+    constructor(
+        signingKey: PGPKeyPair,
+        archetypeSignature: PGPSignature
+    ) : this(signingKey.privateKey, signingKey.publicKey, archetypeSignature)
+
    @Throws(PGPException::class)
    constructor(
        privateSigningKey: PGPPrivateKey,
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/signature/builder/DirectKeySelfSignatureBuilder.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/signature/builder/DirectKeySelfSignatureBuilder.kt
@ -6,6 +6,7 @@ package org.pgpainless.signature.builder

 import java.util.function.Predicate
 import org.bouncycastle.openpgp.PGPException
+import org.bouncycastle.openpgp.PGPKeyPair
 import org.bouncycastle.openpgp.PGPPrivateKey
 import org.bouncycastle.openpgp.PGPPublicKey
 import org.bouncycastle.openpgp.PGPSecretKey
@ -32,6 +33,12 @@ class DirectKeySelfSignatureBuilder : AbstractSignatureBuilder<DirectKeySelfSign
        archetypeSignature: PGPSignature
    ) : super(signingKey, protector, archetypeSignature)

+    @Throws(PGPException::class)
+    constructor(
+        signingKey: PGPKeyPair,
+        hashAlgorithm: HashAlgorithm
+    ) : this(signingKey.privateKey, signingKey.publicKey, hashAlgorithm)
+
    @Throws(PGPException::class)
    constructor(
        privateSigningKey: PGPPrivateKey,
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/signature/builder/PrimaryKeyBindingSignatureBuilder.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/signature/builder/PrimaryKeyBindingSignatureBuilder.kt
@ -6,6 +6,7 @@ package org.pgpainless.signature.builder

 import java.util.function.Predicate
 import org.bouncycastle.openpgp.PGPException
+import org.bouncycastle.openpgp.PGPKeyPair
 import org.bouncycastle.openpgp.PGPPrivateKey
 import org.bouncycastle.openpgp.PGPPublicKey
 import org.bouncycastle.openpgp.PGPSecretKey
@ -33,6 +34,13 @@ class PrimaryKeyBindingSignatureBuilder :
        subkeyProtector: SecretKeyRingProtector
    ) : super(SignatureType.PRIMARYKEY_BINDING, signingSubkey, subkeyProtector)

+    @Throws(PGPException::class)
+    constructor(
+        subkey: PGPKeyPair,
+        hashAlgorithm: HashAlgorithm
+    ) : this(subkey.privateKey, subkey.publicKey, hashAlgorithm)
+
+    @Throws(PGPException::class)
    constructor(
        privateSubkey: PGPPrivateKey,
        publicSubkey: PGPPublicKey,
@ -71,4 +79,7 @@ class PrimaryKeyBindingSignatureBuilder :
    @Throws(PGPException::class)
    fun build(primaryKey: PGPPublicKey): PGPSignature =
        buildAndInitSignatureGenerator().generateCertification(primaryKey, publicSigningKey)
+
+    @Throws(PGPException::class)
+    fun build(primaryKey: PGPKeyPair): PGPSignature = build(primaryKey.publicKey)
 }
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/signature/builder/RevocationSignatureBuilder.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/signature/builder/RevocationSignatureBuilder.kt
@ -6,12 +6,15 @@ package org.pgpainless.signature.builder

 import java.util.function.Predicate
 import org.bouncycastle.openpgp.PGPException
+import org.bouncycastle.openpgp.PGPKeyPair
 import org.bouncycastle.openpgp.PGPPublicKey
 import org.bouncycastle.openpgp.PGPSecretKey
 import org.bouncycastle.openpgp.PGPSignature
+import org.pgpainless.algorithm.HashAlgorithm
 import org.pgpainless.algorithm.SignatureType
 import org.pgpainless.key.protection.SecretKeyRingProtector
 import org.pgpainless.signature.subpackets.RevocationSignatureSubpackets
+import org.pgpainless.signature.subpackets.SignatureSubpackets

 /** [AbstractSignatureBuilder] subclass devoted to revocation signatures. */
 class RevocationSignatureBuilder : AbstractSignatureBuilder<RevocationSignatureBuilder> {
@ -26,6 +29,18 @@ class RevocationSignatureBuilder : AbstractSignatureBuilder<RevocationSignatureB
                        SignatureType.CERTIFICATION_REVOCATION)
            }

+    @Throws(PGPException::class)
+    constructor(
+        signatureType: SignatureType,
+        signingKey: PGPKeyPair,
+        hashAlgorithm: HashAlgorithm
+    ) : super(
+        signatureType,
+        signingKey,
+        hashAlgorithm,
+        SignatureSubpackets.createHashedSubpackets(signingKey.publicKey),
+        SignatureSubpackets.createEmptySubpackets())
+
    @Throws(PGPException::class)
    constructor(
        signatureType: SignatureType,
@ -45,6 +60,9 @@ class RevocationSignatureBuilder : AbstractSignatureBuilder<RevocationSignatureB
        }
    }

+    @Throws(PGPException::class)
+    fun build(revokeeKey: PGPKeyPair): PGPSignature = build(revokeeKey.publicKey)
+
    @Throws(PGPException::class)
    fun build(revokeeKey: PGPPublicKey): PGPSignature =
        buildAndInitSignatureGenerator().let {
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/signature/builder/SelfSignatureBuilder.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/signature/builder/SelfSignatureBuilder.kt
@ -6,6 +6,7 @@ package org.pgpainless.signature.builder

 import java.util.function.Predicate
 import org.bouncycastle.openpgp.PGPException
+import org.bouncycastle.openpgp.PGPKeyPair
 import org.bouncycastle.openpgp.PGPPrivateKey
 import org.bouncycastle.openpgp.PGPPublicKey
 import org.bouncycastle.openpgp.PGPSecretKey
@ -53,6 +54,12 @@ class SelfSignatureBuilder : AbstractSignatureBuilder<SelfSignatureBuilder> {
        oldCertification: PGPSignature
    ) : super(primaryKey, primaryKeyProtector, oldCertification)

+    @Throws(PGPException::class)
+    constructor(
+        primaryKey: PGPKeyPair,
+        oldCertification: PGPSignature
+    ) : this(primaryKey.privateKey, primaryKey.publicKey, oldCertification)
+
    @Throws(PGPException::class)
    constructor(
        privatePrimaryKey: PGPPrivateKey,
@ -60,6 +67,13 @@ class SelfSignatureBuilder : AbstractSignatureBuilder<SelfSignatureBuilder> {
        oldCertification: PGPSignature
    ) : super(privatePrimaryKey, publicPrimaryKey, oldCertification)

+    @Throws(PGPException::class)
+    constructor(
+        primaryKey: PGPKeyPair,
+        signatureType: SignatureType = SignatureType.POSITIVE_CERTIFICATION,
+        hashAlgorithm: HashAlgorithm
+    ) : this(primaryKey.privateKey, primaryKey.publicKey, signatureType, hashAlgorithm)
+
    @Throws(PGPException::class)
    constructor(
        privatePrimaryKey: PGPPrivateKey,
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/signature/builder/SubkeyBindingSignatureBuilder.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/signature/builder/SubkeyBindingSignatureBuilder.kt
@ -6,6 +6,7 @@ package org.pgpainless.signature.builder

 import java.util.function.Predicate
 import org.bouncycastle.openpgp.PGPException
+import org.bouncycastle.openpgp.PGPKeyPair
 import org.bouncycastle.openpgp.PGPPrivateKey
 import org.bouncycastle.openpgp.PGPPublicKey
 import org.bouncycastle.openpgp.PGPSecretKey
@ -25,6 +26,12 @@ class SubkeyBindingSignatureBuilder : AbstractSignatureBuilder<SubkeyBindingSign
    override val signatureTypePredicate: Predicate<SignatureType>
        get() = Predicate<SignatureType> { it == SignatureType.SUBKEY_BINDING }

+    @Throws(PGPException::class)
+    constructor(
+        signingKey: PGPKeyPair,
+        hashAlgorithm: HashAlgorithm = negotiateHashAlgorithm(signingKey.publicKey)
+    ) : this(signingKey.privateKey, signingKey.publicKey, hashAlgorithm)
+
    @Throws(PGPException::class)
    constructor(
        signingKey: PGPPrivateKey,
@ -84,4 +91,7 @@ class SubkeyBindingSignatureBuilder : AbstractSignatureBuilder<SubkeyBindingSign
    @Throws(PGPException::class)
    fun build(subkey: PGPPublicKey): PGPSignature =
        buildAndInitSignatureGenerator().generateCertification(publicSigningKey, subkey)
+
+    @Throws(PGPException::class)
+    fun build(subkey: PGPKeyPair): PGPSignature = build(subkey.publicKey)
 }