mirror of
https://github.com/pgpainless/pgpainless.git
synced 2025-01-09 19:57:57 +01:00
Introduce SignatureType enum
This commit is contained in:
parent
1b389f678a
commit
c06bedd656
2 changed files with 194 additions and 2 deletions
|
@ -0,0 +1,192 @@
|
||||||
|
/*
|
||||||
|
* Copyright 2020 Paul Schaub.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
package org.pgpainless.algorithm;
|
||||||
|
|
||||||
|
import java.util.Map;
|
||||||
|
import java.util.concurrent.ConcurrentHashMap;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Enum that enlists all the Signature Types defined in rfc4880 section 5.2.1
|
||||||
|
* See {@link org.bouncycastle.openpgp.PGPSignature} for comparison.
|
||||||
|
*
|
||||||
|
* @see <a href="https://tools.ietf.org/html/rfc4880#section-5.11>rfc4880 §5.2.1. Signature Types</a>
|
||||||
|
*/
|
||||||
|
public enum SignatureType {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Signature of a binary document.
|
||||||
|
* This means the signer owns it, created it, or certifies that it
|
||||||
|
* has not been modified.
|
||||||
|
*/
|
||||||
|
BINARY_DOCUMENT(0x00),
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Signature of a canonical text document.
|
||||||
|
* This means the signer owns it, created it, or certifies that it
|
||||||
|
* has not been modified. The signature is calculated over the text
|
||||||
|
* data with its line endings converted to <CR><LF>.
|
||||||
|
*/
|
||||||
|
CANONICAL_TEXT_DOCUMENT(0x01),
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Standalone signature.
|
||||||
|
* This signature is a signature of only its own subpacket contents.
|
||||||
|
* It is calculated identically to a signature over a zero-length
|
||||||
|
* binary document. Note that it doesn't make sense to have a V3
|
||||||
|
* standalone signature.
|
||||||
|
*/
|
||||||
|
STANDALONE(0x02),
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Generic certification of a User ID and Public-Key packet.
|
||||||
|
* The issuer of this certification does not make any particular
|
||||||
|
* assertion as to how well the certifier has checked that the owner
|
||||||
|
* of the key is in fact the person described by the User ID.
|
||||||
|
*/
|
||||||
|
GENERIC_CERTIFICATION(0x10),
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Persona certification of a User ID and Public-Key packet.
|
||||||
|
* The issuer of this certification has not done any verification of
|
||||||
|
* the claim that the owner of this key is the User ID specified.
|
||||||
|
*/
|
||||||
|
NO_CERTIFICATION(0x11),
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Casual certification of a User ID and Public-Key packet.
|
||||||
|
* The issuer of this certification has done some casual
|
||||||
|
* verification of the claim of identity.
|
||||||
|
*/
|
||||||
|
CASUAL_CERTIFICATION(0x12),
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Positive certification of a User ID and Public-Key packet.
|
||||||
|
* The issuer of this certification has done substantial
|
||||||
|
* verification of the claim of identity.
|
||||||
|
*/
|
||||||
|
POSITIVE_CERTIFICATION(0x13),
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Subkey Binding Signature.
|
||||||
|
* This signature is a statement by the top-level signing key that
|
||||||
|
* indicates that it owns the subkey. This signature is calculated
|
||||||
|
* directly on the primary key and subkey, and not on any User ID or
|
||||||
|
* other packets. A signature that binds a signing subkey MUST have
|
||||||
|
* an Embedded Signature subpacket in this binding signature that
|
||||||
|
* contains a {@link #PRIMARYKEY_BINDING} signature made by the
|
||||||
|
* signing subkey on the primary key and subkey.
|
||||||
|
*/
|
||||||
|
SUBKEY_BINDING(0x18),
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Primary Key Binding Signature
|
||||||
|
* This signature is a statement by a signing subkey, indicating
|
||||||
|
* that it is owned by the primary key and subkey. This signature
|
||||||
|
* is calculated the same way as a {@link #SUBKEY_BINDING} signature:
|
||||||
|
* directly on the primary key and subkey, and not on any User ID or
|
||||||
|
* other packets.
|
||||||
|
*/
|
||||||
|
PRIMARYKEY_BINDING(0x19),
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Signature directly on a key
|
||||||
|
* This signature is calculated directly on a key. It binds the
|
||||||
|
* information in the Signature subpackets to the key, and is
|
||||||
|
* appropriate to be used for subpackets that provide information
|
||||||
|
* about the key, such as the Revocation Key subpacket. It is also
|
||||||
|
* appropriate for statements that non-self certifiers want to make
|
||||||
|
* about the key itself, rather than the binding between a key and a
|
||||||
|
* name.
|
||||||
|
*/
|
||||||
|
DIRECT_KEY(0x1f),
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Key revocation signature
|
||||||
|
* The signature is calculated directly on the key being revoked. A
|
||||||
|
* revoked key is not to be used. Only revocation signatures by the
|
||||||
|
* key being revoked, or by an authorized revocation key, should be
|
||||||
|
* considered valid revocation signatures.
|
||||||
|
*/
|
||||||
|
KEY_REVOCATION(0x20),
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Subkey revocation signature
|
||||||
|
* The signature is calculated directly on the subkey being revoked.
|
||||||
|
* A revoked subkey is not to be used. Only revocation signatures
|
||||||
|
* by the top-level signature key that is bound to this subkey, or
|
||||||
|
* by an authorized revocation key, should be considered valid
|
||||||
|
* revocation signatures.
|
||||||
|
*/
|
||||||
|
SUBKEY_REVOCATION(0x28),
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Certification revocation signature
|
||||||
|
* This signature revokes an earlier User ID certification signature
|
||||||
|
* (signature class 0x10 through 0x13) or signature {@link #DIRECT_KEY}.
|
||||||
|
* It should be issued by the same key that issued the
|
||||||
|
* revoked signature or an authorized revocation key. The signature
|
||||||
|
* is computed over the same data as the certificate that it
|
||||||
|
* revokes, and should have a later creation date than that
|
||||||
|
* certificate.
|
||||||
|
*/
|
||||||
|
CERTIFICATION_REVOCATION(0x30),
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Timestamp signature.
|
||||||
|
* This signature is only meaningful for the timestamp contained in
|
||||||
|
* it.
|
||||||
|
*/
|
||||||
|
TIMESTAMP(0x40),
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Third-Party Confirmation signature.
|
||||||
|
* This signature is a signature over some other OpenPGP Signature
|
||||||
|
* packet(s). It is analogous to a notary seal on the signed data.
|
||||||
|
* A third-party signature SHOULD include Signature Target
|
||||||
|
* subpacket(s) to give easy identification. Note that we really do
|
||||||
|
* mean SHOULD. There are plausible uses for this (such as a blind
|
||||||
|
* party that only sees the signature, not the key or source
|
||||||
|
* document) that cannot include a target subpacket.
|
||||||
|
*/
|
||||||
|
THIRD_PARTY_CONFIRMATION(0x50)
|
||||||
|
;
|
||||||
|
|
||||||
|
private static final Map<Integer, SignatureType> map = new ConcurrentHashMap<>();
|
||||||
|
static {
|
||||||
|
for (SignatureType sigType : SignatureType.values()) {
|
||||||
|
map.put(sigType.getCode(), sigType);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public static SignatureType valueOf(int code) {
|
||||||
|
SignatureType type = map.get(code);
|
||||||
|
if (type != null) {
|
||||||
|
return type;
|
||||||
|
}
|
||||||
|
throw new IllegalArgumentException("Signature type 0x" + Integer.toHexString(code) + " appears to be invalid.");
|
||||||
|
}
|
||||||
|
|
||||||
|
private final int code;
|
||||||
|
|
||||||
|
SignatureType(int code) {
|
||||||
|
this.code = code;
|
||||||
|
}
|
||||||
|
|
||||||
|
public int getCode() {
|
||||||
|
return code;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -279,7 +279,7 @@ public class KeyRingBuilder implements KeyRingBuilderInterface {
|
||||||
PGPPublicKey primaryPubKey = secretKeys.next().getPublicKey();
|
PGPPublicKey primaryPubKey = secretKeys.next().getPublicKey();
|
||||||
PGPPrivateKey privateKey = secretKeyRing.getSecretKey().extractPrivateKey(secretKeyDecryptor);
|
PGPPrivateKey privateKey = secretKeyRing.getSecretKey().extractPrivateKey(secretKeyDecryptor);
|
||||||
for (String additionalUserId : additionalUserIds) {
|
for (String additionalUserId : additionalUserIds) {
|
||||||
signatureGenerator.init(0x13, privateKey);
|
signatureGenerator.init(SignatureType.POSITIVE_CERTIFICATION.getCode(), privateKey);
|
||||||
PGPSignature additionalUserIdSignature =
|
PGPSignature additionalUserIdSignature =
|
||||||
signatureGenerator.generateCertification(additionalUserId, primaryPubKey);
|
signatureGenerator.generateCertification(additionalUserId, primaryPubKey);
|
||||||
primaryPubKey = PGPPublicKey.addCertification(primaryPubKey,
|
primaryPubKey = PGPPublicKey.addCertification(primaryPubKey,
|
||||||
|
@ -313,7 +313,7 @@ public class KeyRingBuilder implements KeyRingBuilderInterface {
|
||||||
PGPSignatureSubpacketVector hashedSubPackets)
|
PGPSignatureSubpacketVector hashedSubPackets)
|
||||||
throws PGPException {
|
throws PGPException {
|
||||||
return new PGPKeyRingGenerator(
|
return new PGPKeyRingGenerator(
|
||||||
PGPSignature.POSITIVE_CERTIFICATION, certKey,
|
SignatureType.POSITIVE_CERTIFICATION.getCode(), certKey,
|
||||||
userId, digestCalculator,
|
userId, digestCalculator,
|
||||||
hashedSubPackets, null, signer, secretKeyEncryptor);
|
hashedSubPackets, null, signer, secretKeyEncryptor);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue