1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-11-26 22:32:07 +01:00

Start reusing new signature builder in SecretKeyRingEditor

This commit is contained in:
Paul Schaub 2021-11-08 15:57:35 +01:00
parent 44169ecf64
commit c31fda95f9
3 changed files with 20 additions and 25 deletions

View file

@ -52,6 +52,8 @@ import org.pgpainless.key.protection.passphrase_provider.SolitaryPassphraseProvi
import org.pgpainless.key.util.KeyRingUtils;
import org.pgpainless.key.util.RevocationAttributes;
import org.pgpainless.signature.SignatureUtils;
import org.pgpainless.signature.builder.SelfSignatureBuilder;
import org.pgpainless.signature.subpackets.SelfSignatureSubpackets;
import org.pgpainless.signature.subpackets.SignatureSubpacketGeneratorUtil;
import org.pgpainless.util.Passphrase;
@ -73,6 +75,13 @@ public class SecretKeyRingEditor implements SecretKeyRingEditorInterface {
@Override
public SecretKeyRingEditorInterface addUserId(String userId, SecretKeyRingProtector secretKeyRingProtector) throws PGPException {
return addUserId(userId, null, secretKeyRingProtector);
}
public SecretKeyRingEditorInterface addUserId(
String userId,
@Nullable SelfSignatureSubpackets.Callback signatureSubpacketCallback,
SecretKeyRingProtector protector) throws PGPException {
userId = sanitizeUserId(userId);
List<PGPSecretKey> secretKeyList = new ArrayList<>();
@ -81,10 +90,15 @@ public class SecretKeyRingEditor implements SecretKeyRingEditorInterface {
// add user-id certificate to primary key
PGPSecretKey primaryKey = secretKeyIterator.next();
PGPPublicKey publicKey = primaryKey.getPublicKey();
PGPPrivateKey privateKey = UnlockSecretKey.unlockSecretKey(primaryKey, secretKeyRingProtector);
publicKey = addUserIdToPubKey(userId, privateKey, publicKey);
primaryKey = PGPSecretKey.replacePublicKey(primaryKey, publicKey);
SelfSignatureBuilder builder = new SelfSignatureBuilder(primaryKey, protector);
builder.setSignatureType(SignatureType.POSITIVE_CERTIFICATION);
builder.applyCallback(signatureSubpacketCallback);
PGPSignature signature = builder.build(publicKey, userId);
publicKey = PGPPublicKey.addCertification(publicKey,
userId, signature);
primaryKey = PGPSecretKey.replacePublicKey(primaryKey, publicKey);
secretKeyList.add(primaryKey);
while (secretKeyIterator.hasNext()) {
@ -96,21 +110,6 @@ public class SecretKeyRingEditor implements SecretKeyRingEditorInterface {
return this;
}
private static PGPPublicKey addUserIdToPubKey(String userId, PGPPrivateKey privateKey, PGPPublicKey publicKey) throws PGPException {
if (privateKey.getKeyID() != publicKey.getKeyID()) {
throw new IllegalArgumentException("Key-ID mismatch!");
}
// Create signature with new user-id and add it to the public key
PGPSignatureGenerator signatureGenerator = SignatureUtils.getSignatureGeneratorFor(publicKey);
signatureGenerator.init(SignatureType.POSITIVE_CERTIFICATION.getCode(), privateKey);
PGPSignature userIdSignature = signatureGenerator.generateCertification(userId, publicKey);
publicKey = PGPPublicKey.addCertification(publicKey,
userId, userIdSignature);
return publicKey;
}
// TODO: Move to utility class?
private String sanitizeUserId(String userId) {
userId = userId.trim();
@ -149,11 +148,8 @@ public class SecretKeyRingEditor implements SecretKeyRingEditorInterface {
PGPDigestCalculator digestCalculator =
ImplementationFactory.getInstance().getPGPDigestCalculator(defaultDigestHashAlgorithm);
PGPContentSignerBuilder contentSignerBuilder = ImplementationFactory.getInstance()
.getPGPContentSignerBuilder(
primaryKey.getAlgorithm(),
HashAlgorithm.SHA256.getAlgorithmId() // TODO: Why SHA256?
);
PGPContentSignerBuilder contentSignerBuilder =
SignatureUtils.getPgpContentSignerBuilderForKey(primaryKey);
PGPPrivateKey privateSubKey = UnlockSecretKey.unlockSecretKey(secretSubKey, subKeyProtector);
PGPKeyPair subKeyPair = new PGPKeyPair(secretSubKey.getPublicKey(), privateSubKey);

View file

@ -82,7 +82,7 @@ public final class SignatureUtils {
* @param publicKey public key
* @return content signer builder
*/
private static PGPContentSignerBuilder getPgpContentSignerBuilderForKey(PGPPublicKey publicKey) {
public static PGPContentSignerBuilder getPgpContentSignerBuilderForKey(PGPPublicKey publicKey) {
Set<HashAlgorithm> hashAlgorithmSet = OpenPgpKeyAttributeUtil.getOrGuessPreferredHashAlgorithms(publicKey);
HashAlgorithm hashAlgorithm = HashAlgorithmNegotiator.negotiateSignatureHashAlgorithm(PGPainless.getPolicy())

View file

@ -22,7 +22,6 @@ import org.bouncycastle.openpgp.PGPSignatureSubpacketVector;
import org.pgpainless.PGPainless;
import org.pgpainless.key.info.KeyRingInfo;
import org.pgpainless.key.protection.SecretKeyRingProtector;
import org.pgpainless.signature.builder.CertificationSignatureBuilder;
import org.pgpainless.signature.builder.DirectKeySignatureBuilder;
import org.pgpainless.signature.builder.SelfSignatureBuilder;