Add feature-related utilities and tests

pgpainless-core/src/main/java/org/pgpainless/algorithm/Feature.java

@@ -15,6 +15,8 @@
  */
 package org.pgpainless.algorithm;
 
+import java.util.ArrayList;
+import java.util.List;
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 
@@ -34,6 +36,8 @@ public enum Feature {
      *     RFC-4880 §5.14: Modification Detection Code Packet</a>
      */
     MODIFICATION_DETECTION(Features.FEATURE_MODIFICATION_DETECTION),
+    AEAD_ENCRYPTED_DATA(Features.FEATURE_AEAD_ENCRYPTED_DATA),
+    VERSION_5_PUBLIC_KEY(Features.FEATURE_VERSION_5_PUBLIC_KEY)
     ;
 
     private static final Map<Byte, Feature> MAP = new ConcurrentHashMap<>();
@@ -57,4 +61,34 @@ public enum Feature {
     public byte getFeatureId() {
         return featureId;
     }
+
+    /**
+     * Convert a bitmask into a list of {@link KeyFlag KeyFlags}.
+     *
+     * @param bitmask bitmask
+     * @return list of key flags encoded by the bitmask
+     */
+    public static List<Feature> fromBitmask(int bitmask) {
+        List<Feature> features = new ArrayList<>();
+        for (Feature f : Feature.values()) {
+            if ((bitmask & f.featureId) != 0) {
+                features.add(f);
+            }
+        }
+        return features;
+    }
+
+    /**
+     * Encode a list of {@link KeyFlag KeyFlags} into a bitmask.
+     *
+     * @param features list of flags
+     * @return bitmask
+     */
+    public static byte toBitmask(Feature... features) {
+        byte mask = 0;
+        for (Feature f : features) {
+            mask |= f.featureId;
+        }
+        return mask;
+    }
 }

pgpainless-core/src/main/java/org/pgpainless/signature/subpackets/SignatureSubpacketsUtil.java

@@ -49,6 +49,7 @@ import org.bouncycastle.openpgp.PGPSignatureList;
 import org.bouncycastle.openpgp.PGPSignatureSubpacketVector;
 import org.bouncycastle.util.encoders.Hex;
 import org.pgpainless.algorithm.CompressionAlgorithm;
+import org.pgpainless.algorithm.Feature;
 import org.pgpainless.algorithm.HashAlgorithm;
 import org.pgpainless.algorithm.KeyFlag;
 import org.pgpainless.algorithm.SignatureSubpacket;
@@ -356,6 +357,22 @@ public final class SignatureSubpacketsUtil {
         return hashed(signature, SignatureSubpacket.features);
     }
 
+    /**
+     * Parse out the features subpacket of a signature.
+     * If the signature has no features subpacket, return null.
+     * Otherwise, return the features as a feature set.
+     *
+     * @param signature signature
+     * @return features as set
+     */
+    public static @Nullable Set<Feature> parseFeatures(PGPSignature signature) {
+        Features features = getFeatures(signature);
+        if (features == null) {
+            return null;
+        }
+        return new LinkedHashSet<>(Feature.fromBitmask(features.getData()[0]));
+    }
+
     /**
      * Return the signature target subpacket from the signature.
      * We search for this subpacket in the hashed and unhashed area (in this order).

pgpainless-core/src/test/java/org/pgpainless/signature/SignatureSubpacketsUtilTest.java

@@ -0,0 +1,165 @@
+/*
+ * Copyright 2021 Paul Schaub.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.pgpainless.signature;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.io.IOException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.NoSuchAlgorithmException;
+import java.time.temporal.ChronoUnit;
+import java.util.Arrays;
+import java.util.Date;
+import java.util.Iterator;
+import java.util.LinkedHashSet;
+import java.util.Set;
+
+import org.bouncycastle.openpgp.PGPException;
+import org.bouncycastle.openpgp.PGPPrivateKey;
+import org.bouncycastle.openpgp.PGPPublicKey;
+import org.bouncycastle.openpgp.PGPSecretKeyRing;
+import org.bouncycastle.openpgp.PGPSignature;
+import org.bouncycastle.openpgp.PGPSignatureGenerator;
+import org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator;
+import org.junit.jupiter.api.Test;
+import org.pgpainless.PGPainless;
+import org.pgpainless.algorithm.CompressionAlgorithm;
+import org.pgpainless.algorithm.Feature;
+import org.pgpainless.algorithm.HashAlgorithm;
+import org.pgpainless.algorithm.SignatureType;
+import org.pgpainless.implementation.ImplementationFactory;
+import org.pgpainless.key.TestKeys;
+import org.pgpainless.key.protection.SecretKeyRingProtector;
+import org.pgpainless.key.protection.UnlockSecretKey;
+import org.pgpainless.policy.Policy;
+import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil;
+
+public class SignatureSubpacketsUtilTest {
+
+    @Test
+    public void test() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
+        PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
+                .modernKeyRing("Expire", null);
+        Date expiration = Date.from(new Date().toInstant().plus(365, ChronoUnit.DAYS));
+        secretKeys = PGPainless.modifyKeyRing(secretKeys)
+                .setExpirationDate(expiration, SecretKeyRingProtector.unprotectedKeys())
+                .done();
+
+        PGPSignature expirationSig = SignaturePicker.pickCurrentUserIdCertificationSignature(secretKeys, "Expire", Policy.getInstance(), new Date());
+        PGPPublicKey notTheRightKey = PGPainless.inspectKeyRing(secretKeys).getSigningSubkeys().get(0);
+
+        assertThrows(IllegalArgumentException.class, () ->
+                SignatureSubpacketsUtil.getKeyExpirationTimeAsDate(expirationSig, notTheRightKey));
+    }
+
+    @Test
+    public void testGetRevocable() throws PGPException, IOException {
+        PGPSecretKeyRing secretKeys = TestKeys.getEmilSecretKeyRing();
+        PGPPrivateKey certKey = UnlockSecretKey.unlockSecretKey(secretKeys.getSecretKey(), SecretKeyRingProtector.unprotectedKeys());
+
+        PGPSignatureGenerator generator = getSignatureGenerator(certKey, SignatureType.CASUAL_CERTIFICATION);
+        PGPSignature withoutRevocable = generator.generateCertification(secretKeys.getPublicKey());
+        assertNull(SignatureSubpacketsUtil.getRevocable(withoutRevocable));
+
+        generator = getSignatureGenerator(certKey, SignatureType.CASUAL_CERTIFICATION);
+        PGPSignatureSubpacketGenerator hashed = new PGPSignatureSubpacketGenerator();
+        hashed.setRevocable(true, true);
+        generator.setHashedSubpackets(hashed.generate());
+        PGPSignature withRevocable = generator.generateCertification(secretKeys.getPublicKey());
+        assertNotNull(SignatureSubpacketsUtil.getRevocable(withRevocable));
+    }
+
+    @Test
+    public void testParsePreferredCompressionAlgorithms() throws PGPException, IOException {
+        PGPSecretKeyRing secretKeys = TestKeys.getEmilSecretKeyRing();
+        PGPPrivateKey certKey = UnlockSecretKey.unlockSecretKey(secretKeys.getSecretKey(), SecretKeyRingProtector.unprotectedKeys());
+
+        PGPSignatureGenerator generator = getSignatureGenerator(certKey, SignatureType.CASUAL_CERTIFICATION);
+
+        PGPSignatureSubpacketGenerator hashed = new PGPSignatureSubpacketGenerator();
+        Set<CompressionAlgorithm> compressionAlgorithmSet = new LinkedHashSet<>(Arrays.asList(CompressionAlgorithm.BZIP2, CompressionAlgorithm.ZIP));
+        int[] ids = new int[compressionAlgorithmSet.size()];
+        Iterator<CompressionAlgorithm> it = compressionAlgorithmSet.iterator();
+        for (int i = 0; i < ids.length; i++) {
+            ids[i] = it.next().getAlgorithmId();
+        }
+        hashed.setPreferredCompressionAlgorithms(true, ids);
+        generator.setHashedSubpackets(hashed.generate());
+
+        PGPSignature signature = generator.generateCertification(secretKeys.getPublicKey());
+
+        Set<CompressionAlgorithm> parsed = SignatureSubpacketsUtil.parsePreferredCompressionAlgorithms(signature);
+        assertEquals(compressionAlgorithmSet, parsed);
+    }
+
+    @Test
+    public void testParseKeyFlagsOfNullIsNull() {
+        assertNull(SignatureSubpacketsUtil.parseKeyFlags(null));
+    }
+
+    @Test
+    public void testParseKeyFlagsOfNullSubpacketIsNull() throws PGPException, IOException {
+        PGPSecretKeyRing secretKeys = TestKeys.getEmilSecretKeyRing();
+        PGPPrivateKey certKey = UnlockSecretKey.unlockSecretKey(secretKeys.getSecretKey(), SecretKeyRingProtector.unprotectedKeys());
+
+        PGPSignatureGenerator generator = getSignatureGenerator(certKey, SignatureType.CASUAL_CERTIFICATION);
+        PGPSignature withoutKeyFlags = generator.generateCertification(secretKeys.getPublicKey());
+        assertNull(SignatureSubpacketsUtil.parseKeyFlags(withoutKeyFlags));
+    }
+
+    @Test
+    public void testParseFeaturesIsNullForNullSubpacket() throws PGPException, IOException {
+        PGPSecretKeyRing secretKeys = TestKeys.getEmilSecretKeyRing();
+        PGPPrivateKey certKey = UnlockSecretKey.unlockSecretKey(secretKeys.getSecretKey(), SecretKeyRingProtector.unprotectedKeys());
+
+        PGPSignatureGenerator generator = getSignatureGenerator(certKey, SignatureType.CASUAL_CERTIFICATION);
+        PGPSignature withoutKeyFlags = generator.generateCertification(secretKeys.getPublicKey());
+        assertNull(SignatureSubpacketsUtil.parseFeatures(withoutKeyFlags));
+    }
+
+    @Test
+    public void testParseFeatures() throws PGPException, IOException {
+        PGPSecretKeyRing secretKeys = TestKeys.getEmilSecretKeyRing();
+        PGPPrivateKey certKey = UnlockSecretKey.unlockSecretKey(secretKeys.getSecretKey(), SecretKeyRingProtector.unprotectedKeys());
+
+        PGPSignatureGenerator generator = getSignatureGenerator(certKey, SignatureType.CASUAL_CERTIFICATION);
+        PGPSignatureSubpacketGenerator hashed = new PGPSignatureSubpacketGenerator();
+        hashed.setFeature(true, Feature.toBitmask(Feature.MODIFICATION_DETECTION, Feature.AEAD_ENCRYPTED_DATA));
+        generator.setHashedSubpackets(hashed.generate());
+
+        PGPSignature signature = generator.generateCertification(secretKeys.getPublicKey());
+        Set<Feature> featureSet = SignatureSubpacketsUtil.parseFeatures(signature);
+        assertEquals(2, featureSet.size());
+        assertTrue(featureSet.contains(Feature.MODIFICATION_DETECTION));
+        assertTrue(featureSet.contains(Feature.AEAD_ENCRYPTED_DATA));
+        assertFalse(featureSet.contains(Feature.VERSION_5_PUBLIC_KEY));
+    }
+
+    private PGPSignatureGenerator getSignatureGenerator(PGPPrivateKey signingKey,
+                                        SignatureType signatureType) throws PGPException {
+        PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator(
+                ImplementationFactory.getInstance().getPGPContentSignerBuilder(
+                        signingKey.getPublicKeyPacket().getAlgorithm(),
+                        HashAlgorithm.SHA512.getAlgorithmId()));
+        signatureGenerator.init(signatureType.getCode(), signingKey);
+        return signatureGenerator;
+    }
+}